- update to 1.4.1 (bnc#840572)
* Improved and cleaned Temporary internet files panel
* NetX
  - PR1465 - java.io.FileNotFoundException while trying to download a JAR file
  - PR1473 - javaws should not depend on name of local file
* Plugin
  - PR854: Resizing an applet several times causes 100% CPU load
* Security Updates
  - CVE-2013-4349, RH869040: Heap-based buffer overflow after triggering event attached to applet
    CVE-2012-4540 nit fixed in icedtea-web 1.4
* Misc 
  - reproducers tests are enabled in dist-tarball
  - application context support for  OpenJDK build 25 and higher
  - small patches into rhino support and
  - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties
- need jpackage-utils on older distros
- run more tests in %check
- drop icedtea-web-AppContext.patch, already upstream

• Files Changed
• Browse Source

- update to 1.4 (bnc#818768) 
* Added cs, de, pl localization
* Splash screen for javaws and plugin
* Better error reporting for plugin via Error-splash-screen
* All IcedTea-Web dialogues are centered to middle of active screen
* Download indicator made compact for more then one jar
* User can select its own JVM via itw-settings and deploy.properties.
* Added extended applets security settings and dialogue
* Security updates
  - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
  - CVE-2013-1927, RH884705: fixed gifar vulnerabilit
  - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
  - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
* NetX
  - PR1027: DownloadService is not supported by IcedTea-Web
  - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run
  - PR1292: Javaws does not resolve versioned jar names with periods correctly
* Plugin
  - PR1106: Buffer overflow in plugin table-
  - PR1166: Embedded JNLP File is not supported in applet tag
  - PR1217: Add command line arguments for plugins
  - PR1189: Icedtea-plugin requires code attribute when using jnlp_href
  - PR1198: JSObject is not passed to javascript correctly
  - PR1260: IcedTea-Web should not rely on GTK
  - PR1157: Applets can hang browser after fatal exception
  - PR580: http://www.horaoficial.cl/ loads improperly
* Common
  - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered
  - PR955: regression: SweetHome3D fails to run
  - PR1145: IcedTea-Web can cause ClassCircularityError

• Files Changed
• Browse Source

- update to 1.3.2 (bnc#815596) 
- Security Updates
  * CVE-2013-1927, RH884705: fixed gifar vulnerability
  * CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
- Common
  * Added new option in itw-settings which allows users to set JVM arguments
    when plugin is initialized.
- NetX
  * PR580: http://www.horaoficial.cl/ loads improperly
- Plugin
  * PR1260: IcedTea-Web should not rely on GTK
   obsoletes icedtea-web-remove-gtk-dep.patch
  * PR1157: Applets can hang browser after fatal exception

• Files Changed
• Browse Source

- update to 1.3.1 (bnc#787846)
- Security Updates
  * CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
- Common
  - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
    fixes the self-signed issue (mentioned in bnc#784859, bnc#785333, bnc#786775)

• Files Changed
• Browse Source

- update to 1.3 (bnc#779001)
- New features:
  * Web Start launch errors are now printed to give proper indication as to the
    cause
  * Significant performance improvement when loading applets that refer to
    missing classes
  * Support for latest versions of Chromium
  * Security warning dialog improvements to better clarify security request
  * Support build with GTK2 and GTK3
  * Cookie write support (i.e set cookies in browser via Java/Applet)
- Common:
  * Applet window icon improved
- Plug-in:
  * PR975: Ignore classpaths specified in jar manifests when using jnlp_href
  * PR1011: Treat folders as such when specified in archive tags
  * PR855: AppletStub getDocumentBase() now returns full URL
  * PR722: Unsigned META-INF entries are ignored
  * PR861: Jars can now load from non codebase hosts
  * PR1106: Icedtea 1.2.1 crashes Firefox 14
- Web Start:
  * PR898: Large signed JNLP files now supported
  * PR811: URLs with spaces now handled correctly

• Files Changed
• Browse Source

- fix PR1106: Icedtea 1.2.1 crashes Firefox 14
  * http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1106

- update to 1.2.1 (bnc#773458)
- Security Updates
  * CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
  * CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
- NetX
  * PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen")
  * PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly
  * 816592: icedtea-web not loading GeoGebra java applets in Firefox or Chrome
- Plugin
  * PR863: Error passing strings to applet methods in Chromium
  * PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
  * PR518: NPString.utf8characters not guaranteed to be nul-terminated
- Common
  * RH838417: Disambiguate signed applet security prompt from certificate warning
  * RH838559: Disambiguate signed applet security prompt from certificate warning

• Files Changed
• Browse Source

- update to 1.2
- New features:
 * Signed JNLP support
 * Support for client authentication certificates
 * Cache size enforcement now supported via itweb-settings
 * Applet parameter passing through JNLP files now supported
 * Better icons for access warning dialog
 * Security Dialog UI revamped to make it look less threatening when appropriate
- Fixes (plugin, webstart, common)
 * PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null error
 * PR765: JNLP file with all resource jars marked as 'lazy' fails to validate signature and stops the launch of application
 * PR788: Elluminate Live! is not working
 * PR804: javaws launcher incorrectly handles file names with spaces
 * PR820, bnc#746895: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp
 * PR838: IcedTea plugin crashes with chrome browser when javascript is executed
 * PR852: Classloader not being flushed after last applet from a site is closed
 * RH586194: Unable to connect to connect with Juniper VPN client
 * PR771: IcedTea-Web certificate verification code does not use the right API
 * PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted.
 * PR789: typo in jrunscript.sh
 * PR808: javaws is unable to start, when missing jars are enumerated before main jar
 * RH738814: Access denied at ssl handshake
 * Support for authenticating using client certificates
- fix bnc#737105/FATE#313084: add Supplements: packageand(broswer(npapi):java-openjdk)
  ensures the web plugin is pulled in when openjdk and capable browser is installed

- enable make check in respective section

• Files Changed
• Browse Source

- update to 1.1.4 (fixes bnc#729870)
  - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and
    suffix domain SOP bypass
  - PR778: Jar download and server certificate verification deadlock

• Files Changed
• Browse Source

- fix bnc#704309 - VUL-0: icedtea/icedtea-web two issues 
  * CVE-2011-2513
  * CVE-2011-2514
- use --with-java instead of patching of launchers as
  suggested by upstream

- fix bnc#704419 - Use correct path in IcedteaPlugin.so
  * allow plugin usage without -devel package installed
  * fix lanchers location from JAVA to JRE
  * icedtea-1.1-use-jre-in-launchers.patch

• Files Changed
• Browse Source

fix bnx#702825 - IcedTeaPlugin.so gives undefined symbol

• Files Changed
• Browse Source

fix bnc#698739: icedtea6-1.10.2 released - the 1.10x don't have the plugin inside

• Browse Source