Mailinglist Archive: opensuse-updates (127 mails)

< Previous Next >
openSUSE-SU-2016:1979-1: moderate: Security update for java-1_8_0-openjdk
openSUSE Security Update: Security update for java-1_8_0-openjdk

Announcement ID: openSUSE-SU-2016:1979-1
Rating: moderate
References: #984684 #987895 #989721 #989722 #989723 #989725
#989726 #989727 #989728 #989729 #989730 #989731
#989732 #989733 #989734
Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498
CVE-2016-3500 CVE-2016-3503 CVE-2016-3508
CVE-2016-3511 CVE-2016-3550 CVE-2016-3552
CVE-2016-3587 CVE-2016-3598 CVE-2016-3606
Affected Products:
openSUSE 13.2

An update that solves 13 vulnerabilities and has two fixes
is now available.


This update for java-1_8_0-openjdk fixes the following issues:

- Upgrade to version jdk8u101 (icedtea 3.1.0)

- New in release 3.1.0 (2016-07-25):
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking (boo#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (boo#989734)
- S8146514: Enforce GCM limits
- S8147771: Construction of static protection domains under Javax
custom policy
- S8148872, CVE-2016-3500: Complete name checking (boo#989730)
- S8149070: Enforce update ordering
- S8149962, CVE-2016-3508: Better delineation of XML processing
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (boo#989733)
- S8153312: Constrain AppCDS behavior
- S8154475, CVE-2016-3587: Clean up lookup visibility (boo#989721)
- S8155981, CVE-2016-3606: Bolster bytecode verification (boo#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing (boo#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
- CVE-2016-3552 (boo#989726)
- CVE-2016-3511 (boo#989727)
- CVE-2016-3503 (boo#989728)
- CVE-2016-3498 (boo#989729)
* New features
- S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3
on Linux
- PR2821: Support building OpenJDK with --disable-headful
- PR2931, G478960: Provide Infinality Support via fontconfig
- PR3079: Provide option to build Shenandoah on x86_64
* Import of OpenJDK 8 u92 build 14
- S6869327: Add new C2 flag to keep safepoints in counted loops.
- S8022865: [TESTBUG] Compressed Oops testing needs to be revised
- S8029630: Thread id should be displayed as a hex number in error
- S8029726: On OS X some dtrace probe names are mismatched with Solaris
- S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV
are not fired.
- S8029728: On OS X dtrace probes SetStaticBooleanField are not fired
- S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID
attribute value is empty String
- S8038349: Signing XML with DSA throws Exception when key is larger
than 1024 bits
- S8041501: ImageIO reader is not capable of reading JPEGs without
JFIF header
- S8041900: [macosx] Java forces the use of discrete GPU
- S8044363: Remove special build options for unpack200 executable
- S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for
hotspot ARCH
- S8046611: Build errors with gcc on sparc/fastdebug
- S8047763: Recognize sparc64 as a sparc platform
- S8048232: Fix for 8046471 breaks PPC64 build
- S8052396: Catch exceptions resulting from missing font cmap
- S8058563: InstanceKlass::_dependencies list isn't cleared from empty
nmethodBucket entries
- S8061624: [TESTBUG] Some tests cannot be ran under compact profiles
and therefore shall be excluded
- S8062901: Iterators is spelled incorrectly in the Javadoc for
- S8064330: Remove SHA224 from the default support list if SunMSCAPI
- S8065579: WB method to start G1 concurrent mark cycle should be
- S8065986: Compiler fails to NullPointerException when calling super
with Object<>()
- S8066974: Compiler doesn't infer method's generic type information
in lambda body
- S8067800: Clarify java.time.chrono.Chronology.isLeapYear for
out of range years
- S8068033: JNI exception pending in jdk/src/share/bin/java.c
- S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI
- S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD
and/or OBSOLETE method(s) found
- S8068254: Method reference uses wrong qualifying type
- S8074696: Remote debugging session hangs for several minutes when
calling findBootType
- S8074935: jdk8 keytool doesn't validate pem files for RFC 1421
correctness, as jdk7 did
- S8078423: [TESTBUG] javax/print/PrintSEUmlauts/
relies on system locale
- S8080492: [Parfait] Uninitialised variable in
- S8080650: Enable stubs to use frame pointers correctly
- S8122944: perfdata used is seen as too high on sparc zone with
jdk1.9 and causes a test failure
- S8129348: Debugger hangs in trace mode with TRACE_SENDS
- S8129847: Compiling methods generated by Nashorn triggers high
memory usage in C2
- S8130506: javac AssertionError when invoking MethodHandle.invoke
with lambda parameter
- S8130910: hsperfdata file is created in wrong directory and not
cleaned up if /tmp/hsperfdata_<username> has wrong permissions
- S8131129: Attempt to define a duplicate BMH$Species class
- S8131665: Bad exception message in HandshakeHash.getFinishedHash
- S8131782: C1 Class.cast optimization breaks when Class is loaded
from static final
- S8132503: [macosx] Chinese full stop symbol cannot be entered with
Pinyin IM on OS X
- S8133207: test fails after changes for
- S8133924: NPE may be thrown when xsltc select a non-existing node
after JDK-8062518
- S8134007: Improve string folding
- S8134759: jdb: Incorrect stepping inside finally block
- S8134963: [Newtest] New stress test for changing the coarseness
level of G1 remembered set
- S8136442: Don't tie Certificate signature algorithms to ciphersuites
- S8137106: EUDC (End User Defined Characters) are not displayed
on Windows with Java 8u60+
- S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in
- S8138764: In some cases the usage of TreeLock can be replaced by
other synchronization
- S8139373: [TEST_BUG] java/net/MulticastSocket/ failed
with timeout
- S8139424: SIGSEGV, Problematic frame: # V [] void
- S8139436: might load incomplete data
- S8139751: Javac crash with -XDallowStringFolding=false
- S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev
- S8139985: JNI exception pending in
- S8140031: SA: Searching for a value in Threads does not work
- S8140249: JVM Crashing During startUp If Flight Recording is enabled
- S8140344: add support for 3 digit update release numbers
- S8140587: Atomic*FieldUpdaters should use Class.isInstance instead
of direct class check
- S8141260: isReachable crash in windows xp
- S8143297: Nashorn compilation time reported in nanoseconds
- S8143397: It looks like InetAddress.isReachable(timeout) works
- S8143855: Bad printf formatting in frame_zero.cpp
- S8143896: java.lang.Long is implicitly converted to double
- S8143963: improve ClassLoader::trace_class_path to accept an
additional outputStream* arg
- S8144020: Remove long as an internal numeric type
- S8144131: ArrayData.getInt implementations do not convert to int32
- S8144483: One long Safepoint pause directly after each GC log
- S8144487: PhaseIdealLoop::build_and_optimize() must restore
major_progress flag if skip_loop_opts is true
- S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC
- S8144935: C2: safepoint is pruned from a non-counted loop
- S8144937: [TEST_BUG] testlibrary_tests should be excluded for
compact1 and compact2 execution
- S8145017: Add support for 3 digit hotspot minor version numbers
- S8145099: Better error message when SA can't attach to a process
- S8145442: Add the facility to verify remembered sets for G1
- S8145466: javac: No line numbers in compilation error
- S8145539: (coll) AbstractMap.keySet and .values should not be
- S8145550: Megamorphic invoke should use CompiledFunction variants
without any LinkLogic
- S8145669: apply2call optimized callsite fails after becoming
- S8145722: NullPointerException in javadoc
- S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match
- S8146147: Java linker indexed property getter does not work for
computed nashorn string
- S8146566: OpenJDK build can't handle commas in LDFLAGS
- S8146725: Issues with
- S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because
8072383 was badly backported before
- S8147087: Race when reusing PerRegionTable bitmaps may result in
dropped remembered set entries
- S8147630: Wrong test result pushed to 8u-dev
- S8147845: Varargs Array functions still leaking longs
- S8147857: RMIConnector logs attribute names incorrectly
- S8148353: [linux-sparc] Crash in on Linux SPARC
- S8150791: 8u76 L10n resource file translation update
* Import of OpenJDK 8 u101 build 13
- S6483657: MSCAPI provider does not create unique alias names
- S6675699: need comprehensive fix for unconstrained ConvI2L with
narrowed type
- S8037557: test timeout
- S8038837: Add support to jarsigner for specifying timestamp hash
- S8081778: Use Intel x64 CPU instructions for RSA acceleration
- S8130150: Implement BigInteger.montgomeryMultiply intrinsic
- S8130735: javax.swing.TimerQueue: timer fires late when another
timer starts
- S8143913: MSCAPI keystore should accept Certificate[] in setEntry()
- S8144313: Test SessionTimeOutTests can be timeout
- S8146240: Three nashorn files contain "GNU General Public License"
- S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed
- S8146669: Test SessionTimeOutTests fails intermittently
- S8146993: Several javax/management/remote/mandatory regression tests
fail after JDK-8138811
- S8147994: [macosx] JScrollPane jitters up/down during trackpad
scrolling on MacOS/Aqua
- S8151522: Disable 8130150 and 8081778 intrinsics by default
- S8151876: (tz) Support tzdata2016d
- S8152098: Fix 8151522 caused test
compiler/intrinsics/squaretolen/ to fail
- S8157077: 8u101 L10n resource file updates
* Backports
- S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop
caret blink rate
- S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for
mouse wheel events
- S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string
- S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on
text orientation
- S8014212, PR2866: Robot captures black screen
- S8029339, PR1061: Custom MultiResolution image support on HiDPI
- S8031145, PR3077: Re-examine closed i18n tests to see it they can be
moved to the jdk repository.
- S8034856, PR3095: gcc warnings compiling
- S8034857, PR3095: gcc warnings compiling
- S8035054, PR3095: JarFacade.c should not include ctype.h
- S8035287, PR3095: gcc warnings compiling various libraries files
- S8038631, PR3077: Create wrapper for awt.Robot with additional
- S8039279, PR3077: Move awt tests to openjdk repository
- S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox
and JRadioButton
- S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
- S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree
- S8043126, PR3077: move awt automated functional tests from
AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
- S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional
AWT tests to regression tree
- S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing
- S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and
AltPlusNumberKeyCombinationsTest to jdk
- S8044429, PR3077: move awt automated tests for AWT_Modality to
OpenJDK repository
- S8044762, PR2960: com/sun/jdi/ test time out
- S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to
openjdk repository
- S8047180, PR3077: Move functional tests AWT_Headless/Automated to
OpenJDK repository
- S8047367, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 2
- S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests
to OpenJDK
- S8049226, PR2960: com/sun/jdi/ test times out again
- S8049617, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 3
- S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated
tests to OpenJDK
- S8050885, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 4
- S8051440, PR3077: move tests about maximizing undecorated to OpenJDK
- S8052012, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 5
- S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3
of 3)
- S8053657, PR3077: [TEST_BUG] move some 5 tests related to
undecorated Frame/JFrame to JDK
- S8054143, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 6
- S8054358, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 7
- S8054359, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 8
- S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent
tests to OpenJDK
- S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk
- S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK
repository - part 9
- S8056911, PR3077: Remove internal API usage from ExtendedRobot class
- S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK
repository - part 10
- S8058959, PR1061:
closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwic failed automatically
- S8062606, PR3077: Fix a typo in java.awt.Robot class
- S8063102, PR3077: Change open awt regression tests to avoid
sun.awt.SunToolkit.realSync, part 1
- S8063104, PR3077: Change open awt regression tests to avoid
sun.awt.SunToolkit.realSync, part 2
- S8063106, PR3077: Change open swing regression tests to avoid
sun.awt.SunToolkit.realSync, part 1
- S8063107, PR3077: Change open swing regression tests to avoid
sun.awt.SunToolkit.realSync, part 2
- S8064573, PR3077: [TEST_BUG]
javax/swing/text/AbstractDocument/6968363/ is
asocial pressing VK_LEFT and not releasing
- S8064575, PR3077: [TEST_BUG]
javax/swing/JEditorPane/6917744/ 100 times press keys
and never releases
- S8064809, PR3077: [TEST_BUG]
javax/swing/JComboBox/4199622/ contains a lot of
keyPress and not a single keyRelease
- S8067441, PR3077: Some tests fails with error: cannot find symbol
- S8068228, PR3077: Test
closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails
with GTKLookAndFeel
- S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not
include scale factor
- S8073320, PR1061: Windows HiDPI Graphics support
- S8074807, PR3077: Fix some tests unnecessary using internal API
- S8076315, PR3077: move 4 manual functional swing tests to regression
- S8078504, PR3094: Zero lacks declaration of VM_Version::initialize()
- S8129822, PR3077: Define "headful" jtreg keyword
- S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates
base image to get its size
- S8133539, PR1061: [TEST_BUG] Split
java/awt/image/ in two to allow
restricted access
- S8137571, PR1061: Linux HiDPI Graphics support
- S8142406, PR1061: [TEST] MultiResolution image: need test to cover
the case when @2x image is corrupted
- S8145188, PR2945: No LocalVariableTable generated for the entire JDK
- S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution
menu items icons
- S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution
- S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be
taken into account for OS X
- S8151841, PR2882: Build needs additional flags to compile with GCC 6
[plus parts of 8149647 & 8032045]
- S8155613, PR1061: [PIT] crash in
- S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD
- S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK
3 on Linux
- S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead
to the generation of illegal instructions
- S8159244, PR3074: Partially initialized string object created by
C2's string concat optimization may escape
- S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful.
- S8160294, PR2882, PR3095: Some client libraries cannot be built with
* Bug fixes
- PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order
- PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid
re-discovery by OpenJDK configure
- PR2932: Support ccache in a non-automagic manner
- PR2933: Support ccache 3.2 and later
- PR2964: Set system defaults based on OS
- PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line
endings rather than system line endings
- PR3078: Remove duplicated line dating back to 6788347 and 6894807
- PR3083, RH1346460: Regression in SSL debug output without an ECC
- PR3089: Remove old memory limits patch
- PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs
- PR3095: Fix warnings in URLClassPath.c
- PR3096: Remove dead --disable-optimizations option
- PR3105: Use version from to create tarball filename
- PR3106: Handle both correctly-spelt property
"enableCustomValueHandler" introduced by S8079718 and typo version
- PR3108: Shenandoah patches not included in release tarball
- PR3110: Update documentation in INSTALL

- Fix script linking /usr/share/javazi/tzdb.dat for platform where it
applies (boo#987895)

- Fix aarch64 running with 48 bits va space (boo#984684)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-944=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.2 (i586 x86_64):


- openSUSE 13.2 (noarch):



< Previous Next >
This Thread
  • No further messages