File java-1_6_0-openjdk.changes of Package java-1_6_0-openjdk

Wed Apr 15 09:07:59 UTC 2020 - Fridrich Strba <>

- The pack200 and unpack200 alternatives should be slaves of java
  and not of javac, since they are part of JRE.

Fri Jan 26 13:06:53 UTC 2018 -

- Modified patch:
  * icedtea6-1.13.13-b44.patch
    + Fix zero bootstrap build with ecj

Thu Nov 16 09:43:48 UTC 2017 -

- Updated to OpenJDK6 jdk6-b44
  * Security fixes:
    - S8138725: Add options for Javadoc generation
    - S8140353: Improve signature checking
    - S8151934, CVE-2017-3231: Resolve class resolution
    - S8158406: Limited Parameter Processing
    - S8158997: JNDI Protocols Switch
    - S8161218: Better bytecode loading
    - S8161743, CVE-2017-3252: Provide proper login context
    - S8162577: Standardize logging levels
    - S8162973: Better component components
    - S8163520, CVE-2017-3509: Reuse cache entries
    - S8163958, CVE-2017-10102, bsc#1049316: Improved garbage
    - S8164147, CVE-2017-3261: Improve streaming socket output
    - S8165071, CVE-2016-2183: Expand TLS support
    - S8165344, CVE-2017-3272: Update concurrency support
    - S8166988, CVE-2017-3253: Improve image processing performance
    - S8167104, CVE-2017-3289: Additional class construction
    - S8167110, CVE-2017-3514: Windows peering issue
    - S8167223, CVE-2016-5552: URL handling improvements
    - S8167228: Update to libpng 1.6.28
    - S8168714, CVE-2016-5546: Tighten ECDSA validation
    - S8168728, CVE-2016-5548: DSA signing improvments
    - S8169011, CVE-2017-3526: Resizing XML parse trees
    - S8169209, CVE-2017-10053, bsc#1049305: Improved image
      post-processing steps
    - S8169392, CVE-2017-10067, bsc#1049306: Additional jar
      validation steps
    - S8170222, CVE-2017-3533: Better transfers of files
    - S8170966, CVE-2017-10081, bsc#1049309: Right parenthesis
    - S8171121, CVE-2017-3539: Enhancing jar checking
    - S8171533, CVE-2017-3544: Better email transfer
    - S8172204, CVE-2017-10087, bsc#1049311: Better Thread Pool
    - S8172299: Improve class processing
    - S8172461, CVE-2017-10089, bsc#1049312: Service Registration
    - S8172469, CVE-2017-10096, bsc#1049314: Transform Transformer
    - S8173286, CVE-2017-10101, bsc#1049315: Better reading of text
    - S8173697, CVE-2017-10107, bsc#1049318: Less Active
    - S8173770, CVE-2017-10074, bsc#1049307: Image conversion
    - S8174098, CVE-2017-10110, bsc#1049321: Better image fetching
    - S8174105, CVE-2017-10108, bsc#1049319: Better naming
    - S8174113, CVE-2017-10109, bsc#1049320: Better sourcing of
    - S8174770: Check registry registration location
    - S8174873: Improved certificate processing
    - S8175106, CVE-2017-10115, bsc#1049324: Higher quality DSA
    - S8176055: JMX diagnostic improvements
    - S8176067, CVE-2017-10116, bsc#1049325: Proper directory
      lookup processing
    - S8176760, CVE-2017-10135, bsc#1049328: Better handling of
      PKCS8 material
  * Other
    - S4717864: setFont() does not update Fonts of Menus already on
    - S6474807: (smartcardio) CardTerminal.connect() throws
      CardException instead of CardNotPresentException
    - S6592751: EmbeddedFrame disposal is fragile and breaks clean
      AppContext termination
    - S6858484: If an invalid HMAC XML Signature is validated, all
      subsequent valid HMAC signatures are invalid
    - S6868865: Test: sun/security/tools/jarsigner/ fails
      under all platforms
    - S6885204: JSSE should not require Kerberos to be present
    - S6887710: Jar index should avoid putting META-INF in the
    - S6945961: SIGSEGV in memcpy() during class loading on
    - S7155957:
      hangs on win 64 bit with jdk8
    - S7170169: (props) System.getProperty("") should return
      "Windows 8" when run on Windows 8
    - S7173645: (props) System.getProperty("") should return
      "Windows Server 2012" for Windows Server 2012
    - S8010714: XML DSig API allows a RetrievalMethod to reference
      another RetrievalMethod
    - S8013434: Xalan and Xerces internal ObjectFactory need rework
    - S8020191: System.getProperty("") returns "Windows NT
      (unknown)" on Windows 8.1
    - S8030787: [Parfait] JNI-related warnings from b119 for
    - S8037287: Windows build failed after JDK-8030787
    - S8066504: GetVersionEx in
      java.base/windows/native/libjava/java_props_md.c might not get
      correct Windows version 0
    - S8075118: JVM stuck in infinite loop during verification
    - S8079595: Resizing dialog which is JWindow parent makes JVM
    - S8130769: The new menu can't be shown on the menubar after
      clicking the "Add" button.
    - S8139565: Restrict certificates with DSA keys less than 1024
    - S8140422: Add mechanism to allow non default root CAs to be
      not subject to algorithm restrictions
    - S8140483: Atomic*FieldUpdaters final fields should be trusted
    - S8140587: Atomic*FieldUpdaters should use Class.isInstance
      instead of direct class check
    - S8143377: Test fails
    - S8147842: IME Composition Window is displayed at incorrect
    - S8148516: Improve the default strength of EC in JDK
    - S8149450: LdapCtx.processReturnCode() throwing Null Pointer
    - S8150490: Update OS detection code to recognize Windows
      Server 2016
    - S8151893: Add security property to configure XML Signature
      secure validation mode
    - S8155690: Update libPNG library to the latest up-to-date
    - S8156802: Better constraint checking
    - S8160108: Implement Serialization Filtering
    - S8161195: Regression:
    - S8161571: Verifying ECDSA signatures permits trailing bytes
    - S8162461: Hang due to JNI up-call made whilst holding JNI
      critical lock
    - S8163304: jarsigner -verbose -verify should print the
      algorithms used to sign the jar
    - S8165230: RMIConnection addNotificationListeners failing with
      specific inputs
    - S8166393: disabledAlgorithms property should not be strictly
    - S8166739: Improve extensibility of ObjectInputFilter
      information passed to the filter
    - S8166875: (tz) Support tzdata2016g
    - S8166878: Connection reset during TLS handshake
    - S8167179: Make XSL generated namespace prefixes local to
      transformation process
    - S8167459: Add debug output for indicating if a chosen
      ciphersuite was legacy
    - S8167472: Chrome interop regression with JDK-8148516
    - S8167591: Add MD5 to signed JAR restrictions
    - S8168861: AnchorCertificates uses hardcoded password for
      cacerts keystore
    - S8168993: JDK8u121 L10n resource file update
    - S8169191: (tz) Support tzdata2016i
    - S8169688: Backout (remove) MD5 from
      jdk.jar.disabledAlgorithms for January CPU
    - S8170131: Certificates not being blocked by
      jdk.tls.disabledAlgorithms property
    - S8170268: 8u121 L10n resource file update - msgdrop 20
    - S8170307: Stack size option -Xss is ignored
    - S8170316: (tz) Support tzdata2016j
    - S8170814: Reuse cache entries (part II)
    - S8171388: Update JNDI Thread contexts
    - S8173783: IllegalArgumentException: jdk.tls.namedGroups
    - S8173931: 8u131 L10n resource file update
    - S8174844: Incorrect GPL header causes RE script to miss swap
      to commercial header for licensee source bundle
    - S8174985: NTLM authentication doesn't work with IIS if NTLM
      cache is disabled
    - S8175072: [openjdk6] Kerberos JCK tests fail on systems
      without krb5.conf file
    - S8175251: Failed to load RSA private key from pkcs12
    - S8176044: (tz) Support tzdata2017a
    - S8176731: JCK tests in api/javax_xml/transform/ spec
      conformance started failing after 8172469
    - S8176769: Remove accidental spec change in jdk8u
    - S8177449: (tz) Support tzdata2017b
    - S8180582: The bind to rmiregistry is rejected by
      registryFilter even though registryFilter is set
    - S8180769: [openjdk6] JVM crashes when running with
      -showversion option
    - S8181591: 8u141 L10n resource file update
    - S8182054: Improve wsdl support
- Added patch:
  * icedtea6-1.13.13-b44.patch
    - Modify icedtea patches to apply to the jdk6-b44 tree

Wed Jun 21 09:03:42 UTC 2017 -

- Add openjdk-libjvm-link.patch and openjdk-libjvm-link-ecj.patch
  to link libjvm and libmawt with g++ to support the mix of GCC 6
  java and GCC 7 C++ compiler.
- Get ecj.jar path from gcj, use the gcc variant that provides Java
  to build C code to make sure jni.h is available.

Tue Mar  7 15:06:23 UTC 2017 -

- Update the buildver to correspond to what java reports

Wed Jan 11 09:32:15 UTC 2017 -

- Updated to 1.13.13
  * Security fixes
    - S8151921: Improved page resolution
    - S8155968: Update command line options
    - S8155973, CVE-2016-5542: Tighten jar checks
    - S8157176: Improved classfile parsing
    - S8157739, CVE-2016-5554: Classloader Consistency Checking
    - S8157749: Improve handling of DNS error replies
    - S8157753: Audio replay enhancement
    - S8158302: Handle contextual glyph substitutions
    - S8158993, CVE-2016-5568: Service Menu services
    - S8159495, PR3276: Fix index offsets
    - S8159503: Amend Annotation Actions
    - S8159511: Stack map validation
    - S8159515: Improve indy validation
    - S8159519, CVE-2016-5573: Reformat JDWP messages
    - S8160090: Better signature handling in pack200
    - S8160094: Improve pack200 layout
    - S8160591, CVE-2016-5582: Improve internal array handling
    - S8160838, CVE-2016-5597: Better HTTP service
  * Import of OpenJDK6 b41
    - S4787377: VK_STOP key on Solaris generates wrong Key Code
    - S4947220: (process)Runtime.exec() cannot invoke applications
      with unicode parameters(win)
    - S5036807: Pressing action keys "STOP/AGAIN/COMPOSE" generates
      keycode of F11/F12 keys.
    - S5099725: AWT doesn't seem to handle MappingNotify events
      under X11.
    - S5100701: Toolkit.getLockingKeyState() does not work on
      XToolkit, but works on Motif
    - S6324292: keytool -help is unhelpful
    - S6464022: Memory leak in JOptionPane.createDialog
    - S6501385: ColorChooser demo - two elemets have same mnemonic
      in it locale, GTK L&F
    - S6535697: keytool can be more flexible on format of
      PEM-encoded X.509 certificates
    - S6561126: keytool should use larger default keysize for
    - S6566218: l10n of 6476932
    - S6606396: Notepad and Stylepad demos don't run in Japanese
    - S6608456: need API to define RepaintManager per components
    - S6624200: Regression test fails:
    - S6675400: "Details" in English has to be "Details" in German
    - S6680988: KeyEvent is still missing VK values for many
    - S6683775: Painting artifacts is seen when panel is made
      setOpaque(false) for a translucent window
    - S6693507: There are unnecessary compilation warnings in the package
    - S6709758: keytool default cert fingerprint algorithm should be
      SHA1, not MD5
    - S6711676: Numpad keys trigger more than one KeyEvent.
    - S6719382: Printing of AWT components on windows is not working
    - S6726866: Repainting artifacts when resizing or dragging
      JInternalFrames in non-opaque toplevel
    - S6727661: Code improvement and warnings removing from the
      swing/plaf packages
    - S6727662: Code improvement and warnings removing from swing
    - S6794764: Translucent windows are completely repainted on
      every paint event, on Windows
    - S6796710: Html content in JEditorPane is overlapping on swing
      components while resizing the application.
    - S6802846: jarsigner needs enhanced cert validation(options)
    - S6867657: Many JSN tests do not run under cygwin
    - S6870812: enhance security tools to use ECC algorithms
    - S6871299: Shift+Tab no longer generates a KEY_TYPED event;
      used to with JRE 1.5
    - S6871847: AlgorithmId.get("SHA256withECDSA") not available
    - S6882559: new JEditorPane("text/plain","") fails for null
      context class loader
    - S6894719: (launcher)The option -no-jre-restrict-search is
      expected when -jre-no-restrict-search is documented.
    - S6901170: HttpCookie parsing of version and max-age mis-handled
    - S6911129: These tests do not work with CYGWIN: java/lang
    - S6922482: keytool's help on -file always shows 'output file'
    - S6923681: Jarsigner crashes during timestamping
    - S6939248: Jarsigner can't extract Extended Key Usage from
      Timestamp Reply correctly
    - S6959252: convert the anonymous arrays to named arrays in Java
      List Resource files
    - S6969683: Generify ResolverConfiguration codes
    - S6980510: Fix for 6959252 broke JConsole mnemonic keys
    - S6982840: sun/security/tools/jarsigner/ fails
    - S6987827: security/util/ needs improvement
    - S6988163: dup and a keytool doc
    - S7004168: jarsigner -verify checks for KeyUsage codesigning
      ext on all certs instead of just signing cert
    - S7013850: Please change the mnemonic assignment system to
      avoid translation issue
    - S7017818: NLS: cannot be handled by
      translation team
    - S7019937: Translatability bug - Remove Unused String - String
      ID , read end of file
    - S7019938: Translatability bug - Remove Unused String - String
      ID can not specify Principal with a
    - S7019940: Translatability bug - Remove unused string - String
      ID: provided null name
    - S7019942: Translatability bug - String ID: trustedCertEntry,
    - S7019945: Translatability bug - Translatability issue - String
      ID: * has NOT been verified! In order to veri
    - S7019947: Translatability bug - Translatability issue - String
      ID: * The integrity of the information stored i
    - S7019949: Translatability bug - Translatability issue - String
      ID: * you must provide your keystore password.
    - S7020531: test:
      file not closed after run
    - S7021693: [ja, zh_CN] jconsole throws exception and fail to
      start in ja and zh_CN locales
    - S7022005: [ja,zh_CN] javadoc, part of navigation bar in
      generated html are not translated.
    - S7024118: possible hardcoded mnemonic for JFileChooser metal
      and motif l&f
    - S7025267: NLS: t13y fix for 7021689 [ja] Notepad demo throws
    - S7028447: security-related resources Chinese translation errors
    - S7028490: better suggestion for jarsigner when TSA is not
    - S7030174: Jarsigner should accept TSACert with an HTTPS
      id-ad-timeStamping SIA
    - S7032018: The file list in JFileChooser does not have an
      accessible name
    - S7032436: When running with the Nimbus look and feel, the
      JFileChooser does not display mnemonics
    - S7034259: [all] incorrect mnemonic keys in JCP automatic
      update advanced settings dialog.
    - S7034940: message drop 2 translation integration
    - S7035843: [zh_CN, ja] JConsole mnemonic keys don't work
    - S7038803: [CCJK] Incorrect mnemonic key (0) is displayed on
      cancel button on messagedialog of JOptionPane
    - S7038807: [CCJK] OK button on message dialog of JOptionpane is
      not translated
    - S7040228: [zh_TW] extra (C) on cancel button on File Chooser
    - S7040257: [pt_BR,fr] Print dialog has duplicate mnemonic key.
    - S7042323: [sv, de, es, it] Print dialog has duplicate mnemonic
    - S7042475: [ja,zh_CN] extra mnemonic key in jconsole
    - S7043548: message drop 3 translation integration
    - S7045132: translation
    - S7045184: GTK L&F doesn't have hotkeys in jdk7 b141, while
      b139 has.
    - S7062969: java -help still shows
    - S7090158: Networking Libraries don't build with javac -Werror
    - S7090832: Some locale info are not localized for some
    - S7093156: NLS Please change the mnemonic assignment system to
      avoid translation issue (Swing files)
    - S7102686: Restructure timestamp code so that jars and modules
      can more easily share the same code
    - S7109085: Test use hotkeys not intended for Mac
    - S7116786: RFE: Detailed information on VerifyErrors
    - S7124171: 7u4 l10n message update related to Mac OS X port
    - S7125055: ContentHandler.getContent API changed in error
    - S7132247: java/rmi/registry/readTest/ failing with
    - S7142339: is needlessly creating SHA1PRNG
      SecureRandom instances when timestamping is not done
    - S7145375: 7u4 l10n message update related to langtools
    - S7145960: sun/security/mscapi/ failing on
    - S7146099: NLS: [de,es,it,ko,pt_BR]launcher_**.properties,
      double backslash issue.
    - S7149012: jarsigner needs not warn about cert expiration if
      the jar has a TSA timestamp
    - S7158712: Synth Property "ComboBox.popupInsets" is ignored
    - S7169226: NLS: Please change the mnemonic assignment system
      for windows and motif properties
    - S7174970: NLS [ccjk] Extra mnemonic keys at standard
      filechooserdialog (open and save) in metal L&F
    - S7175367: NLS: 7u6 message drop10 integration
    - S7176894: back out files from 7u6
      message drop10
    - S7178145: Change constMethodOop::_exception_table to
      optionally inlined u2 table.
    - S7181632: nsk classLoad001_14 failure and CompileTheWorld
      crash after 7178145.
    - S7182226: NLS: jdk7u6 message drop20 integration
    - S7183203: tests intermittent failure
    - S7187051: tests should do cleanup before
      start test
    - S7194449: String resources for Key Tool and Policy Tool should
      be in their respective packages
    - S8000626: Implement dead key detection for KeyEvent on Linux
    - S8003890: corelibs test scripts should pass TESTVMOPTS
    - S8008764: 7uX l10n resource file translation update
    - S8009168: syntax issue
    - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID)
      as defined in RFC3161
    - S8010297: Missing isLoggable() checks in logging code
    - S8010782: clean up source files containing carriage return
    - S8014048: Online user guide of jconsole points incorrect link
    - S8014431: cleanup warnings indicated by the -Wunused-value
      compiler option on linux
    - S8015265: revise the fix for 8007037
    - S8016579: (process) IOException thrown by
      ProcessBuilder.start() method is incorrectly encoded
    - S8019541: 7u40 l10n resource file translation update
    - S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame
    - S8023338: Update jarsigner to encourage timestamping
    - S8024302: Clarify jar verifications
    - S8024756: method grouping tabs are not selectable
    - S8026741: jdk8 l10n resource file translation update 5
    - S8027787: 7u51 l10n resource file translation update 1
    - S8030698: Several GUI labels in jconsole need correction
    - S8030878: JConsole issues meaningless message if SSL
      connection fails
    - S8035988: 7u60 l10n resource file translation update 1
    - S8038837: Add support to jarsigner for specifying timestamp
      hash algorithm
    - S8048147: Privilege tests with JAAS Subject.doAs
    - S8048357: PKCS basic tests
    - S8049171: Additional tests for jarsigner's warnings
    - S8055176: 7u71 l10n resource file translation update
    - S8057530: (process) Runtime.exec throws garbled message in jp
    - S8059177: jdk8u40 l10n resource file translation update 1
    - S8065609: 7u76 l10n resource file translation update
    - S8076486: [TESTBUG]
      javax/security/auth/Subject/doAs/ fails if
      extra VM options are given
    - S8077953: [TEST_BUG]
      Compilation failed after JDK-8077387
    - S8078628, PR3152: Zero build fails with pre-compiled headers
    - S8080628: No mnemonics on Open and Save buttons in JFileChooser
    - S8083601: jdk8u60 l10n resource file translation update 2
    - S8140530, PR3276: Creating a VolatileImage with size 0,0
      results in no longer working g2d.drawString
    - S8142926: OutputAnalyzer's shouldXXX() calls return this
    - S8143134: L10n resource file translation update
    - S8147077: IllegalArgumentException thrown by
    - S8148127: IllegalArgumentException thrown by JCK test
      api/java_awt/Component/FlipBufferStrategy/indexTGF_General in
      opengl pipeline
    - S8150611: Security problem on sun.misc.resources.Messages*
    - S8157077: 8u101 L10n resource file updates
    - S8157653: [Parfait] Uninitialised variable in awt_Font.cpp
    - S8158734: JEditorPane.createEditorKitForContentType throws NPE
      after 6882559
    - S8159684: (tz) Support tzdata2016f
    - S8162411: Service Menu services 2
    - S8162419: closed/com/oracle/jfr/runtime/
      failing after JDK-8155968
    - S8162511: 8u111 L10n resource file updates
    - S8162792: Remove constraint DSA keySize < 1024 from
      jdk.jar.disabledAlgorithms in jdk8
    - S8164452: 8u111 L10n resource file update - msgdrop 20
    - S8165816: jarsigner -verify shows jar unsigned if it was
      signed with a weak algorithm
    - S8166381: Back out changes to the file to not
      disable MD5
    - S8169448, PR3205: OpenJDK 6 fails to build without
      pre-compiled headers
    - S8171415: Remove Java 7 features from testlibrary
    - S8171954: Add stubs for and
    - S8172159: Remove @Override annotation on interfaces added by
      b41 updates
    - S8172252: Remove over-zealous switch to for-each loop in
  * Backports
    - S6974985, PR3276: Java2Demo threw exceptions when xrender
      enabled in OEL5.5
    - S6985593, PR3276: Crash in
      Java_sun_java2d_loops_MaskBlit_MaskBlit on oel5.5-x64
  * Bug fixes
    - PR3174: systemtap: type definition 'symbolOopDesc' not found
    - PR3175: invalid zip timestamp handling leads to error updating
      JAR files
    - PR3213: Disable ARM32 JIT by default
    - PR3275: Update generated files after OpenJDK 6 b41 update
- Modified patch:
  * openjdk-6-src-b17-no-efect.patch
  * icedtea6-1.13.11-aarch64.patch -> icedtea6-1.13.13-aarch64.patch
    - rediff to change in context

Thu Aug 25 08:47:33 UTC 2016 -

- Updated to 1.13.12
  * Security fixes
    - S8079718, CVE-2016-3458: IIOP Input Stream Hooking
    - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only)
    - S8147771: Construction of static protection domains under
      Javax custom policy
    - S8148872, CVE-2016-3500: Complete name checking
    - S8149962, CVE-2016-3508: Better delineation of XML processing
    - S8150752: Share Class Data
    - S8151925: Font reference improvements
    - S8152479, CVE-2016-3550: Coded byte streams
    - S8155981, CVE-2016-3606: Bolster bytecode verification
  * Import of OpenJDK6 b40
    - S6496269: Many warnings generated from
      com/sun/java/util/jar/pack/*.cpp when compiled on Linux
    - S6522789: [zh_CN] translation of "enclosing class" in doclet
      is incorrect
    - S6575373: Error verifying signatures of pack200 files in some
      cases [TEST ONLY]
    - S6579775: l10n update after 6212566
    - S6600143: Remove another 450 unnecessary casts
    - S6611629: Avoid hardcoded cygwin paths for memory detection
    - S6690018: RSAClientKeyExchange NullPointerException
    - S6712743: pack200: should default to 150.7 pack format for
      classfiles without any classes.
    - S6714842: CertPathBuilder returns incorrect CertPath for
      BasicConstraints in builderParams
    - S6726309: Compiler warnings in nio code
    - S6727683: Cleanup use of COMPILER_WARNINGS_FATAL in makefiles
    - S6755847: (launcher) will trigger assertions in debug build
    - S6852744: PIT b61: PKI test suite fails because self signed
      certificates are being rejected
    - S6858127: Missing -DNDEBUG on Linux and Windows native code
    - S6864028: Update the java launcher to use the new entry point
    - S6875904: Java 7 message synchronization 1
    - S6882437: CertPath/X509CertPathDiscovery/Test fails on
    - S6888127: java.util.jar.Pack200.Packer Memory Leak
    - S6888925: SunMSCAPI's Cipher can't use RSA public keys
      obtained from other sources.
    - S6889552: Sun provider should not require LDAP CertStore to be
    - S6941936: Broken pipe error of test case
      [Test only]
    - S6951599: Rename package of security tools for modularization
    - S6953295: Move few{util, x509, pkcs} classes
      used by keytool/jarsigner to another package
    - S6958026: Problem with PKCS12 keystore
    - S6966737: (pack200) the pack200 regression tests need to be
      more robust.
    - S6982312: (pack200) pack200 fails with the jdk7 class files
    - S6985763: Pack200.Packer.pack(...) and
      Pack200.Unpacker.unpack(...) throw unspecified exceptions
    - S6990106: FindBugs scan - Malicious code vulnerability
      Warnings in*
    - S6994413: JDK_GetVersionInfo0 only expects a two digit build
    - S7000752: Duplicate entry in
    - S7001094: Can't initialize SunPKCS11 more times than PKCS11
      driver maxSessionCount
    - S7003227: (pack200) intermittent failures compiling pack200
    - S7004706: l10n of 7000752 Duplicate entry in
    - S7006704: (pack200) add missing file for 6990106
    - S7011497: Improve trust anchor searching method during cert
      path validation
    - S7017734: jdk7 message drop 1 translation integration
    - S7023416: (pack200) fix parfait issues
    - S7029680: fix test/sun/misc/Version/ build parsing
    - S7038175: Expired PKITS certificates causing CertPathBuilder
      and CertPathValidator regression test failures
    - S7050826, PR2956, RH1334465: Hebrew characters are not
      rendered on OEL 5.6
    - S7055363: jdk_security3 test target cleanup
    - S7060849: Eliminate pack200 build warnings
    - S7064075: Security libraries don't build with
      javac -Xlint:all,-deprecation -Werror
    - S7081817: test/sun/security/provider/certpath/X509CertPath/
    - S7092825: javax.crypto.Cipher.Transform.patternCache is
      synchronizedMap and became scalability bottleneck.
    - S7105780: Add SSLSocket client/SSLEngine server to templates
    - S7107613: scalability blocker in javax.crypto.CryptoPermissions
    - S7107616: scalability blocker in javax.crypto.JceSecurityManager
    - S7109274: Restrict the use of certificates with RSA keys less
      than 1024 bits
    - S7129083: CookieManager does not store cookies if url is read
      before setting cookie manager
    - S7152582: PKCS11 tests should use the NSS libraries available
      in the OS
    - S7166955: (pack200) JNI_GetCreatedJavaVMs needs additional
    - S7196855: fails on ubuntu because
      not found
    - S7200682: TEST_BUG: keytool/ still has problems
    - S8002306: (se) fails if invoked with thread
      interrupt status set [win]
    - S8009634: TEST_BUG: sun/misc/Version/ handle 2
      digit minor in VM version
    - S8010166: TEST_BUG: fix for 8009634 overlooks possible version
      strings (sun/misc/Version/
    - S8013228: Create new system properties to control allowable
      OCSP clock skew and CRL connection timeout
    - S8019341: Update CookieHttpsClientTest to use the newer
    - S8022228: Intermittent test failures in
    - S8022594: Potential deadlock in <clinit> of
    - S8023546: sun/security/mscapi/ fails
    - S8026794: Test tools/pack200/ fails while
      opening golden.jar.native.IST on linux-ppc(v2)
    - S8027026: Change keytool -genkeypair to use -keyalg RSA
    - S8029177: [Parfait] warnings from b117 for JNI exception
    - S8029646: [pack200] should support the new zip64 format.
    - S8036612: [parfait] JNI exception pending in
    - S8037557: test timeout
    - S8074839: Resolve disabled warnings for libunpack and the
      unpack200 binary
    - S8079410: Hotspot version to share the same update and build
      version from JDK
    - S8130735: javax.swing.TimerQueue: timer fires late when
      another timer starts
    - S8139436: might load incomplete
    - S8140344: add support for 3 digit update release numbers
    - S8144313: Test SessionTimeOutTests can be timeout
    - S8145017: Add support for 3 digit hotspot minor version numbers
    - S8146387: Test SSLSession/SessionCacheSizeTests socket accept
      timed out
    - S8146669: Test SessionTimeOutTests fails intermittently
    - S8146993: Several javax/management/remote/mandatory regression
      tests fail after JDK-8138811
    - S8147857: [TEST] RMIConnector logs attribute names incorrectly
    - S8151841, PR3099: Build needs additional flags to compile with
      GCC 6
    - S8151876: (tz) Support tzdata2016d
    - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow
      not known.
    - S8162344: The API changes made by CR 7064075 need to be
    - S8162818: Sync src/share/native/com/sun/media code with
      OpenJDK 7
    - S8162828: Sync imageioJPEG.c with initial OpenJDK 7 version
    - S8163022, PR2954: Remove @Override annotation on interfaces
      added by 2016/04 security fixes
    - S8164181: Remove @Override annotation on interfaces added by
      2016/07 security fixes
    - S8164426: Normalise whitespace in
    - S8164554: test/sun/security/provider/certpath/X509CertPath/
      still failing
    - S8164555: pack200: Leave ZipFile open on exceptions
  * Backports
    - S2178143, PR2959: JVM crashes if the number of bound CPUs
      changed during runtime
    - S6260348, PR3068: GTK+ L&F JTextComponent not respecting
      desktop caret blink rate
    - S6961123, PR2975: setWMClass fails to null-terminate WM_CLASS
  * Bug fixes
    - PR2800: Files are missing from resources.jar
    - PR2954: ecj/override.patch is missing new @Overrides in
    - PR2961: Latest security update broke bundled LCMS2 build
    - PR2962: System default check doesn't match all GNU/Linux
    - PR2969: ENABLE_SYSTEM_LCMS is not defined if ENABLE_LCMS2
      is not set
    - PR3092: SystemTap is heavily confused by multiple JDKs
    - PR3117: Add tests for Java debug info and source files
    - PR3129: pax-mark-vm script calls "exit -1" which is invalid
      in dash
    - PR3130: Avoid giving PAX_COMMAND a value if no PaX utility is
    - PR3132: PaX marking fails on filesystems which don't support
      extended attributes
    - PR3137: GTKLookAndFeel does not honor
    - PR3140: Pass $(CC) and $(CXX) to OpenJDK build
    - PR3142: Don't assume system mime.types supports
    - PR3144: Test subdirectory of build tree not emptied

Tue 10 May 07:17:51 UTC 2016 -

- Updated to 1.13.11
  * Security fixes
    - S8129952, CVE-2016-0686: Ensure thread consistency
    - S8132051, CVE-2016-0687: Better byte behavior
    - S8138593, CVE-2016-0695: Make DSA more fair
    - S8139008: Better state table management
    - S8143167, CVE-2016-3425: Better buffering of XML strings
    - S8144430, CVE-2016-3427: Improve JMX connections
    - S8146494: Better ligature substitution
    - S8146498: Better device table adjustments
  * Import of OpenJDK6 b39
    - S4459600: java -jar fails to run Main-Class if classname
      followed by whitespace.
    - S6378099: RFE: Use libfontconfig to create/synthesise a
    - S6452854: Provide a flag to print the java configuration
    - S6742159: (launcher) improve the java launching mechanism
    - S6752622: java.awt.Font.getPeer throws
      "java.lang.InternalError: Not implemented" on Linux
    - S6758881: (launcher) needs to throw NoClassDefFoundError
      instead of JavaRuntimeException
    - S6856415: Enabling java security manager will make program
      thrown wrong exception ( main method not found )
    - S6892493: potential memory leaks in 2D font code indentified
      by parfait.
    - S6925851: Localize JRE into pt_BR (corba)
    - S6968053: (launcher) hide exceptions under certain launcher
    - S6977738: Deadlock between java.lang.ClassLoader and
    - S6981001: (launcher) EnsureJREInstallation is not being called
      in order
    - S7017734: jdk7 message drop 1 translation integration
    - S7026184: (launcher) Regression: class with unicode name can't
      be launched by java.
    - S7104161: test/sun/tools/jinfo/ fails on Ubuntu
    - S7125442: jar application located in two bytes character named
      folder cannot be run with JRE 7 u1/u2
    - S7127906: (launcher) convert the launcher regression tests to
    - S7141141: Add 3 new test scenarios for testing Main-Class
      attribute in jar manifest file
    - S7158988: jvm crashes while debugging on x86_32 and x86_64
    - S7189944: (launcher) test/tools/launcher/ needs a
      couple of minor fixes
    - S7193318: C2: remove number of inputs requirement from Node's
      new operator
    - S8002116: This gets an exit 1
    - S8004007: test/sun/tools/jinfo/ fails on when runSA is
      set to true
    - S8023990: Regression: postscript size increase from 6u18
    - S8027705: com/sun/jdi/ fails when a
      background thread is generating events.
    - S8028537: PPC64: Updated the JDK regression tests to run on AIX
    - S8036132: Tab characters in test/com/sun/jdi files
    - S8038963: com/sun/jdi tests fail because cygwin's ps sometimes
      misses processes
    - S8044419: TEST_BUG: com/sun/jdi/ fails when
      run under root
    - S8059661: Test SoftReference and OOM behavior
    - S8067364: Printing to Postscript doesn't support dieresis
    - S8072753: Nondeterministic wrong answer on arithmetic
    - S8073735: [TEST_BUG] compiler/loopopts/
      got OOME
    - S8074146: [TEST_BUG] jdb has succeded to read an unreadable
    - S8075584: test for 8067364 depends on hardwired text advance
    - S8134297: NPE in GSSNameElement nameType check
    - S8134650: Xsl transformation gives different results in 8u66
    - S8141229: [Parfait] Null pointer dereference in cmsstrcasecmp
      of cmserr.c
    - S8143002: [Parfait] JNI exception pending in fontpath.c:1300
    - S8146477: [TEST_BUG] failing again
    - S8146967: [TEST_BUG] javax/security/auth/SubjectDomainCombiner/
      should use 4-args ProtectionDomain constructor
    - S8147567: InterpreterRuntime::post_field_access not updated
      for boolean in JDK-8132051
    - S8148446: (tz) Support tzdata2016a
    - S8148475: Missing SA Bytecode updates.
    - S8149170: Better byte behavior for native arguments
    - S8149367: PolicyQualifierInfo/index_Ctor JCk test fails with
      IOE: Invalid encoding for PolicyQualifierInfo
    - S8150012: Better byte behavior for reflection
    - S8150790: 8u75 L10n resource file translation update
    - S8154210: Zero: Better byte behaviour
    - S8155261: Zero broken since HS23 update
    - S8155699: Resolve issues created by backports in OpenJDK 6 b39
    - S8155746: Sync Windows export list in make/java/jli/Makefile
      with make/java/jli/mapfile-vers
  * Backports
    - S6863746, PR2951: javap should not scan ct.sym by default
    - S8071705, PR2820, RH1182694: Java application menu misbehaves
      when running multiple screen stacked vertically
    - S8150954, PR2868, RH1176206: AWT Robot not compatible with
      GNOME Shell
  * Bug fixes
    - PR2887: Location of 'stap' executable is hard-coded
    - PR2890: OpenJDK should check for system cacerts database (e.g.
    - PR2952: test/tapset/ requires Perl
    - PR2953: make dist fails after PR2887 made
- Modified patch:
  * icedtea6-1.13.7-aarch64.patch -> icedtea6-1.13.11-aarch64.patch
    - Rediff to the new context

Fri Jan 22 21:57:10 UTC 2016 -

- Updated to 1.13.10
  * Security fixes
    - S8059054, CVE-2016-0402: Better URL processing
    - S8130710, CVE-2016-0448: Better attributes processing
    - S8133962, CVE-2016-0466: More general limits
    - S8137060: JMX memory management improvements
    - S8139012: Better font substitutions
    - S8139017, CVE-2016-0483: More stable image decoding
    - S8140543, CVE-2016-0494: Arrange font actions
    - S8143185: Cleanup for handling proxies
    - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen
  * Import of OpenJDK6 b38
    - OJ69: Windows build broken after b37 changes
    - OJ70: Allow versions of ALSA >= 1.1.0
    - S6720721: CRL check with circular depency support needed
    - S6852744: PIT b61: PKI test suite fails because self signed
      certificates are being rejected [Tests only]
    - S7166570: JSSE certificate validation has started to fail for
      certificate chains
    - S7167988: PKIX CertPathBuilder in reverse mode doesn't work if
      more than one trust anchor is specified
    - S7171223: Building ExtensionSubtables.cpp should use
    - S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/
      failed with SocketTimeoutException
    - S8074068: Cleanup in src/share/classes/sun/security/x509/
    - S8075773: jps running as root fails after the fix of
    - S8081297: SSL Problem with Tomcat
    - S8134605: Partial rework of the fix for 8081297
    - S8135307: CompletionFailure thrown when calling FieldDoc.type,
      if the field's type is missing
    - S8138716: (tz) Support tzdata2015g
    - S8141213: [Parfait]Potentially blocking function
      GetArrayLength called in JNI critical region at line 239 of
     jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in
     function GET_ARRAYS
    - S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2
    - S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/
      8u71 failure
    - S8144955: Wrong changes were pushed with 8143942
    - S8145551: Test failed with Crash for Improved font lookups
    - S8147466: Add -fno-strict-overflow to
  * Backports
    - S7169111, PR2757: Unreadable menu bar with Ambiance theme in
      GTK L&F
    - S8140620, PR2711: Find and load default.sf2 as the default
      soundbank on Linux

Mon Nov 16 20:11:59 UTC 2015 -

- Updated to 1.13.9
  * Security fixes
    - S8048030, CVE-2015-4734: Expectations should be consistent
    - S8068842, CVE-2015-4803: Better JAXP data handling
    - S8076339, CVE-2015-4903: Better handling of remote object
    - S8076383, CVE-2015-4835: Better CORBA exception handling
    - S8076387, CVE-2015-4882: Better CORBA value handling
    - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
    - S8076413, CVE-2015-4883: Better JRMP message handling
    - S8078427, CVE-2015-4842: More supportive home environment
    - S8078440: Safer managed types
    - S8080541: More direct property handling
    - S8080688, CVE-2015-4860: Service for DGC services
    - S8081760: Better group dynamics
    - S8086733, CVE-2015-4893: Improve namespace handling
    - S8087350: Improve array conversions
    - S8103671, CVE-2015-4805: More objective stream classes
    - S8103675: Better Binary searches
    - S8130078, CVE-2015-4911: Document better processing
    - S8130193, CVE-2015-4806: Improve HTTP connections
    - S8130864: Better server identity handling
    - S8130891, CVE-2015-4843: (bf) More direct buffering
    - S8131291, CVE-2015-4872: Perfect parameter patterning
    - S8132042, CVE-2015-4844: Preserve layout presentation
  * Import of OpenJDK6 b37
    - OJ64: Backport hashtable to map changes from jaxp
    - OJ65: Remove @Override annotation on interfaces added by
      2015/10/20 security fixes
    - OJ66: Revert 7110373 & 7149751 test removals now 6706974 is
      present (krb5 test infrastructure)
    - OJ67: Fix copyright headers on imported files
    - OJ68: Ensure SharedSecrets are initialised
    - S6570619: (bf) DirectByteBuffer.get/put(byte[]) does not
      scale well
    - S6590930: reed/write does not match for ccache
    - S6648972: KDCReq.init always read padata
    - S6676075: RegistryContext
      (com.sun.jndi.url.rmi.rmiURLContext) coding problem
    - S6682516: SPNEGO_HTTP_AUTH/WWW_KRB and
      SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
    - S6710360: export Kerberos session key to applications
    - S6733095: Failure when SPNEGO request non-Mutual
    - S6785456: Read Kerberos setting from Windows environment
    - S6821190: more InquireType values for ExtendedGSSContext
    - S6843127: krb5 should not try to access unavailable kdc too
    - S6844193: support max_retries in krb5.conf
    - S6844907: krb5 etype order should be from strong to weak
    - S6844909: support allow_weak_crypto in krb5.conf
    - S6849275: enhance krb5 reg tests
    - S6853328: Support OK-AS-DELEGATE flag
    - S6854308: more ktab options
    - S6856069: PrincipalName.clone() does not invoke super.clone()
    - S6857795: krb5.conf ignored if system properties on realm and
      kdc are provided
    - S6857802: GSS getRemainingInitLifetime method returns
      milliseconds not seconds
    - S6858589: more changes to Config on system properties
    - S6862679: ESC: AD Authentication with user with umlauts fails
    - S6877357: IPv6 address does not work
    - S6888701: Change all template java source files to a
      .java-template file suffix
    - S6893158: AP_REQ check should use key version number
    - S6907425: JCK Kerberos tests fail since b77
    - S6919610: KeyTabInputStream uses static field for per-instance
    - S6932525: Incorrect encryption types of KDC_REQ_BODY of AS-REQ
      with pre-authentication
    - S6946669: SSL/Krb5 should not call EncryptedData.reset(data,
    - S6950546: "ktab -d name etype" to "ktab -d name [-e etype]
      [kvno | all | old]"
    - S6951366: kerberos login failure on win2008 with AD set to
      win2000 compat mode
    - S6952519: kdc_timeout is not being honoured when using TCP
    - S6959292: regression: cannot login if session key and preauth
      does not use the same etype
    - S6960894: Better AS-REQ creation and processing
    - S6966259: Make PrincipalName and Realm immutable
    - S6975866: api/org_ietf/jgss/GSSContext/index.html#wrapUnwrapIOTest
      started to fail since jdk7 b102
    - S6984764: kerberos fails if service side keytab is generated
      using JDK ktab
    - S6997740: ktab entry related test compilation error
    - S7018928: test failure: sun/security/krb5/auto/
    - S7032354: no-addresses should not be used on acceptor side
    - S7061379: [Kerberos] Cross-realm authentication fails, due to
      nameType problem
    - S7142596: RMI JPRT tests are failing
    - S7157610: NullPointerException occurs when parsing XML doc
    - S7158329: NPE in
    - S7197159: accept different kvno if there no match
    - S8004317: TestLibrary.getUnusedRandomPort() fails intermittently,
      but exception not reported
    - S8005226: java/rmi/transport/pinClientSocketFactory/
      fails intermittently
    - S8006534: CLONE - TestLibrary.getUnusedRandomPort() fails
      intermittently-doesn't retry enough times
    - S8014097: add doPrivileged methods with limited privilege
    - S8021191: Add isAuthorized check to limited doPrivileged
    - S8022213: Intermittent test failures in java/net/URLClassLoader
    - S8028583: Add helper methods to test libraries
    - S8028780: JDK KRB5 module throws OutOfMemoryError when CCache
      is corrupt
    - S8058608: JVM crash during Kerberos logins using des3-cbc-md5
      on OSX
    - S8064331: JavaSecurityAccess.doIntersectionPrivilege() drops
      the information about the domain combiner of the stack ACC
    - S8072932: Test fails with
      access denied (""
    - S8078822: 8068842 fix missed one new file
    - S8079323: Serialization compatibility for Templates: need to
      exclude Hashtable from serialization
    - S8087118: Remove missing package from files
    - S8098547: (tz) Support tzdata2015e
    - S8130253: ObjectStreamClass.getFields too restrictive
    - S8133196, RH1251935: HTTPS hostname invalid issue with
    - S8133321: (tz) Support tzdata2015f
    - S8135043: ObjectStreamClass.getField(String) too restrictive
  * Backports
    - S6440786, PR363: Cannot create a ZIP file containing zero
    - S6599383, PR363: Unable to open zip files more than 2GB in
    - S6763122, PR363: ZipFile ctor does not throw exception when
      file is not a zip file
    - S6929479, PR363: Add a system property to disable mmap use in ZipFile
    - S7105461, PR2662: Large JTables are not rendered correctly
      with Xrender pipeline
    - S7150134, PR2662: JCK api/java_awt/Graphics/index.html#DrawLine fails
      with OOM for jdk8 with XRender pipeline
  * Bug fixes
    - PR2513: Reset success following calls in LayoutManager.cpp
- Renamed file:
  * ->
    - it is not a zip, but a tarball

Tue Aug 18 07:05:43 UTC 2015 -

- Updated to 1.13.8
  * Security fixes
    - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites
    - S8067694, CVE-2015-2625: Improved certification checking
    - S8071715, CVE-2015-4760: Tune font layout engine
    - S8071731: Better scaling for C1
    - S8072490: Better font morphing redux
    - S8072887: Better font handling improvements
    - S8073334: Improved font substitutions
    - S8073773: Presume path preparedness
    - S8073894: Getting to the root of certificate chains
    - S8074330: Set font anchors more solidly
    - S8074335: Substitute for substitution formats
    - S8074865, CVE-2015-2601: General crypto resilience changes
    - S8074871: Adjust device table handling
    - S8075374, CVE-2015-4748: Responding to OCSP responses
    - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling
    - S8075738: Better multi-JVM sharing
    - S8075838: Method for typing MethodTypes
    - S8075853, CVE-2015-2621: Proxy for MBean proxies
    - S8076328, CVE-2015-4000: Enforce key exchange constraints
    - S8076376, CVE-2015-2628: Enhance IIOP operations
    - S8076397, CVE-2015-4731: Better MBean connections
    - S8076401, CVE-2015-2590: Serialize OIS data
    - S8076405, CVE-2015-4732: Improve serial serialization
    - S8076409, CVE-2015-4733: Reinforce RMI framework
    - S8077520, CVE-2015-2632: Morph tables into improved form
    - PR2488, CVE-2015-4000: Make jdk8 mode the default for
  * Import of OpenJDK6 b36
    - OJ58: Allow OpenJDK to build on PaX-enabled kernels
    - OJ59: Only apply PaX-marking when needed by a running PaX
    - OJ60, PR2484: Disable export ciphers by default
    - OJ61: Remove translation strings for 
      ErrorMsg.JAXP_INVALID_ATTR_VALUE_ERR which doesn't exist in 
      OpenJDK 6
    - OJ62, PR2552: Restrict key size of RSA certificates to >= 1024
    - OJ63: Remove @Override annotation on interfaces added by
      2015/07/14 security fixes.
    - S6787645: CRL validation code should permit some clock skew
      when checking validity of CRLs
    - S6996365: Evaluate the priorities of cipher suites
    - S7185471: Avoid key expansion when AES cipher is re-init w/
      the same key
    - S8007142: Add utility classes for writing better multiprocess
      tests in jtreg
    - S8008089: Delete OS dependent check in JdkFinder.getExecutable()
    - S8024861: Incomplete token triggers GSS-API
    - S8027058: sun/management/jmxremote/bootstrap/
      Failed to initialize connector
    - S8036786: Update jdk7 testlibrary to match jdk8
    - S8042205: javax/management/monitor/*: some tests didn't  get
      all the notifications
    - S8042982: Unexpected RuntimeExceptions being thrown by SSLEngine
    - S8043200, PR2485: Decrease the preference mode of RC4 in the
      enabled cipher suite list
    - S8043201: Deprecate RC4 in SunJSSE provider
    - S8046817: JDK 8 schemagen tool does not generate xsd files for
      enum types
    - S8048194: GSSContext.acceptSecContext fails when a supported
      mech is not initiator preferred
    - S8050158: Introduce system property to maintain RC4 preference
    - S8062923: XSL: Run-time internal error in 'substring()'
    - S8062924: XSL: wrong answer from substring() function
    - S8064546: CipherInputStream throws BadPaddingException if
      stream is not fully read
    - S8065764: javax/management/monitor/
    - S8066952: [TEST-BUG] javax/management/monitor/
    - S8073357: schema1.xsd has wrong content. Sequence of the enum
      values has been changed
    - S8073385: Bad error message on parsing illegal character in
      XML attribute
    - S8074098: 2D_Font/Bug8067699 test fails with SIGBUS crash on
      Solaris Sparc
    - S8074297: substring in XSLT returns wrong character if string
      contains supplementary chars
    - S8075575: com/sun/security/auth/login/ConfigFile/
      failed in certain env.
    - S8075576: com/sun/security/auth/module/KeyStoreLoginModule/
      failed in certain env.
    - S8075667: (tz) Support tzdata2015b
    - S8076290: JCK test api/xsl/conf/string/string17 starts failing
      after JDK-8074297
    - S8077685: (tz) Support tzdata2015d
    - S8078348: sun/security/pkcs11/sslecc/
      fails with BindException
    - S8078439: SPNEGO auth fails if client proposes MS krb5 OID
    - S8078666, PR2327: JVM fastdebug build compiled with GCC 5
      asserts with "widen increases"
    - S8080318: jdk8u51 l10n resource file translation update
    - S8081386: Test sun/management/jmxremote/bootstrap/
      test has RC4 dependencies
    - S8081775: two lib/testlibrary tests are failing with "Error.
      failed to clean up files after test" with jtreg 4.1 b12
  * Backports
    - S4890063, PR2306, RH1214835: HPROF: default text truncated when
      using doe=n option
    - S6562614, PR2555: Compiler warnings for gettimeofday in
    - S6956398, PR2486: make ephemeral DH key match the length of
      the certificate key
    - S6989466, PR2555: Miscellaneous compiler warnings in
      java/lang, java/util, java/io, sun/misc native code
    - S6991580, PR2309: IPv6 Nameservers in resolv.conf throws
    - S6997561, PR2479: A request for better error handling in JNDI
    - S7007905, PR2298: javazic produces wrong line numbers
    - S7017176, PR2479: Several JNDI tests are mssing GPL header
    - S7058708, PR2298: Eliminate JDK build tools build warnings
    - S7069870, PR2298: Parts of the JDK erroneously rely on
      generic array initializers with diamond
    - S7090844, PR2298: Support a timezone whose offset is changed
      more than once in the future
    - S7094377, PR2479: doesn't work
      with ldaps.
    - S7133138, PR2298: Improve io performance around timezone lookups
    - S7170638, PR2495: Use DTRACE_PROBE[N] in JNI Set and SetStatic
    - S8000487, PR2479: Java JNDI connection library on ldap conn is
      not honoring configured timeout
    - S8011709, PR2510: [parfait] False positive: memory leak in
    - S8023052, PR2510: JVM crash in native layout
    - S8039921, PR2468: SHA1WithDSA with key > 1024 bits not working
    - S8041451, PR2480: com.sun.jndi.ldap.Connection:ReadTimeout
      should abandon ldap request
    - S8042855, PR2510: [parfait] Potential null pointer dereference
      in IndicLayoutEngine.cpp
    - S8042857, PR2479: 14 stuck threads waiting for notification on
    - S8065238, PR2479: javax.naming.NamingException after upgrade
      to JDK 8
    - S8074761, PR2469: Empty optional parameters of LDAP query are
      not interpreted as empty
    - S8078654, PR2334: CloseTTFontFileFunc callback should be removed
    - S8081315, PR2406: Avoid giflib interlacing workaround with
      giflib 5.0.0 on
    - S8081475, PR2495: SystemTap does not work when JDK is compiled
      with GCC 5
    - S8087120, RH1206656, PR2554: [GCC5] java.lang.StackOverflowError
      on Zero JVM initialization on non x86 platforms.
   * Bug fixes
    - PR2319: Checksum of policy JAR files changes on every build
    - PR2340: Fail early if there is no native HotSpot JIT & all
      other options are disabled
    - PR2342: Update README & INSTALL files
    - PR2360: Ensure all stamp targets have aliases
    - PR2391: Make elliptic curve removal optional
    - PR2460: Policy JAR files should be timestamped with the date
      of the policy file they hold
    - PR2481, RH489586, RH1236619: OpenJDK can't handle spaces in
      zone names in /etc/sysconfig/clock
    - PR2486: JSSE server is still limited to 768-bit DHE
    - PR2508, G541462: Only apply PaX markings by default on running
      PaX kernels
    - PR2556, G390663: Update Gentoo font configuration and allow
      font directory to be specified
    - PR2559: generated directory gets confused with generated alias
    - PR2565: Replace ipv4-mapped-ipv6-addresses.patch with upstream
      fix 6882910
    - PR829: Raise javadoc and JAVAC_FLAGS memory limits for CACAO
  * JamVM
    - PR2522: Add executable stack markings to callNative.S on JamVM
- Removed patches
  * signed-overflow.patch, signed-overflow-ecj.patch
  * zero-dummy.patch, zero-dummy-ecj.patch
  * implicit-fortify-decl.patch, implicit-fortify-decl-ecj.patch
    - Included within icedtea 1.13.8

Thu Jun 18 13:38:54 UTC 2015 -

- Use priority matching to ibm-java, always 5 bigger than it

Tue Jun 16 07:33:22 UTC 2015 -

- Added patches:
  * signed-overflow.patch, signed-overflow-ecj.patch
    - Fix OOM in hotspot when built with gcc5
  * zero-dummy.patch, zero-dummy-ecj.patch
    - Fix crash with gcc5 built ZERO JVM
  * implicit-fortify-decl.patch, implicit-fortify-decl-ecj.patch
    - Fix implicit-fortify-decl rpmlint error

Wed Apr 15 07:06:30 UTC 2015 -

- Update to 1.13.7
  * Security fixes
    - S8059064: Better G1 log caching
    - S8060461: Fix for JDK-8042609 uncovers additional issue
    - S8064601, CVE-2015-0480: Improve jar file handling
    - S8065286: Fewer subtable substitutions
    - S8065291: Improved font lookups
    - S8066479: Better certificate chain validation
    - S8067050: Better font consistency checking
    - S8067684: Better font substitutions
    - S8067699, CVE-2015-0469: Better glyph storage
    - S8068320, CVE-2015-0477: Limit applet requests
    - S8068720, CVE-2015-0488: Better certificate options checking
    - S8069198: Upgrade image library
    - S8071726, CVE-2015-0478: Better RSA optimizations
    - S8071818: Better vectorization on SPARC
    - S8071931, CVE-2015-0460: Return of the phantom menace
  * Import of OpenJDK6 b35
    - OJ55: Synchronise whitespace in TimeZoneNames files with
      OpenJDK 7 versions.
    - OJ56: Update 3rd party readme and license for LibPNG v 1.6.16
    - OJ57: Remove mistakenly added patching fragment
    - S6672144: HttpURLConnection.getInputStream sends POST request
      after failed chunked
    - S6989721: awt native code compiler warnings
    - S7088287: libpng need to be updated.
    - S7090424: TestGlyphVectorLayout failed automately with
    - S7170655: Frame size does not follow font size change with
    - S7176479: G1: JVM crashes on T5-8 system with 1.5 TB heap
    - S8019623: Lack of synchronization in
    - S8040790: [TEST_BUG] tools/javac/innerClassFile/
      fails to cleanup files after it
    - S8043123: Hard crash with access violation exception when
      blitting to very large image
    - S8051359: JPopupMenu creation in headless mode with JDK9b23
      causes NPE
    - S8064454: [TEST_BUG] Test tools/javac/innerClassFile/
      fails for Mac and Linux
    - S8065072: sun/net/www/http/HttpClient/
      failed intermittently
    - S8065709: Deadlock in awt/logging apparently introduced by
    - S8072042: (tz) Support tzdata2015a
    - S8074662: Update 3rd party readme and license for LibPNG v
    - S8075211: [TEST_BUG] Test
      sun/net/www/http/HttpClient/ fails with
      compilation error
  * Backports
    - S6584008, PR2195, RH1173326: jvmtiStringPrimitiveCallback
      should not be invoked when string value is null
    - S7199862, PR2198: Make sure that a connection is still alive
      when retrieved from KeepAliveCache in certain cases
    - S8074312, PR2255: Enable hotspot builds on Linux 4.x
  * Bug fixes
    - PR2197: jhat man page has broken URL
    - PR2201: Support giflib 5.1.0
    - PR2211: DGifCloseFile call should check the return value, not
      the error code, for failure
    - PR2226: giflib 5.1 conditional excludes 6.0, 7.0, etc.
    - PR2294: Auto-generated jconsole.desktop and
      policytool.desktop should not be included in release tarball
- Remove upstreamed patch:
  * system-giflib51.patch
- Remove patch:
  * icedtea6-1.13.6-aarch64.patch
- Replaced by added
  * icedtea6-1.13.7-aarch64.patch

Mon Jan 26 15:12:32 UTC 2015 -

- Added patch:
  * icedtea6-1.13.6-aarch64.patch
    - restore and rediff a patch that is not yet integrated upstream

Mon Jan 26 09:14:53 UTC 2015 -

- Update to 1.13.6
  * Security fixes
    - S8046656: Update protocol support
    - S8047125, CVE-2015-0395: (ref) More phantom object references
    - S8047130: Fewer escapes from escape analysis
    - S8048035, CVE-2015-0400: Ensure proper proxy protocols
    - S8049253: Better GC validation
    - S8050807, CVE-2015-0383: Better performing performance data
    - S8054367, CVE-2015-0412: More references for endpoints
    - S8055304, CVE-2015-0407: More boxing for
    - S8055309, CVE-2015-0408: RMI needs better transportation
    - S8055479: TLAB stability
    - S8055489, CVE-2014-6585: Better substitution formats
    - S8056264, CVE-2014-6587: Multicast support improvements
    - S8056276, CVE-2014-6591: Fontmanager feature improvements
    - S8057555, CVE-2014-6593: Less cryptic cipher suite management
    - S8058982, CVE-2014-6601: Better verification of an exceptional
    - S8059485, CVE-2015-0410: Resolve parsing ambiguity
    - S8061210, CVE-2014-3566: Issues in TLS
  * Import of OpenJDK6 b34
    - OJ43: Backport JAX_WS-945; Socket backlog may be limiting
      lwhs performance
    - OJ44: Add missing TimeZone test cases included in OpenJDK 7
      revision 0.
    - OJ45: Fix copyright headers on imported files
    - OJ46: Fix lost Classpath exception
    - OJ47: Remove @Override annotation on interfaces added by
      2015/01/20 security fixes.
    - OJ48: Fix substitution error.
    - OJ49: Fix placement of 8023956 fix.
    - OJ50: Fix reference to missing pd_attempt_reserve_memory_at
    - S4873188: Support TLS 1.1
    - S6364329: jstat displays "invalid argument count" with usage
    - S6461635: [TESTBUG] test fails intermittently
    - S6507067: TimeZone country/area message error
    - S6545422: [TESTBUG] uses wrong path name in exec
    - S6578647: Undefined requesting URL in
    - S6585666: Spanish language names not compliant with CLDR
    - S6587676: Krb5LoginModule failure if useTicketCache=true on
    - S6608572: Currency change for Malta and Cyprus
    - S6610748: Dateformat - AM-PM indicator in Finnish appears to
      be from English
    - S6627549: ISO 3166 code addition: Saint Barthelemy and Saint
    - S6631048: Problem when writing on output stream of
    - S6641309: Wrong Cookie separator used in HttpURLConnection
    - S6641312: Fix krb5 codes indentation problems
    - S6645271: Wrong date format for Croatian (hr) locale
    - S6646611: Incorrect spelling of month name in locale for
      Belarusian language ("be", "BY")
    - S6647452: Remove obfuscation, framework and provider
      self-verification checking
    - S6653795: C2 intrinsic for Unsafe.getAddress performs pointer
      sign extension on 32-bit systems
    - S6659779: HttpURLConnections logger should log tunnel requests
    - S6670362: HTTP/SPNEGO should work across realms
    - S6716626: Integrate contributed language and country names
      for NL
    - S6720866: Slow performance using HttpURLConnection for
    - S6726695: HttpURLConnection shoul support 'Expect:
      100-continue' headers for PUT
    - S6729881: Compiler warning in networking native code
    - S6765491: Krb5LoginModule a little too restrictive, and the
      doc is not clear.
    - S6776102: sun/util/resources/TimeZone/ test
      failed against 6u12b01 and passed against 6u11b03
    - S6786276: Locale.getISOCountries() still contains country
      code "CS"
    - S6792180: Enhance to reject weak algorithms or conform to
      crypto recommendations
    - S6811297: Add more logging to HTTP protocol handler
    - S6822460: support self-issued certificate
    - S6830658: Changeset 67e5d3e41b5b breaks the fastdebug build
      in NativeCreds.c
    - S6835668: Use of /usr/include/linux/ files creates a
      dependence on kernel-headers
    - S6855297: Windows build breaks after 6811297
    - S6856856: NPE in HTTP protocol handler logging
    - S6868106: Ukrainian currency has wrong format
    - S6870908: reopen bug 4244752: month names in Estonian should
      be lowercase
    - S6873931: New Turkish currency since 2009
    - S6882594: Remove static dependancy on NTLM authentication
    - S6899503: Security code issue using Verisign root certificate
    - S6910489: Slovenia Locale, wrong firstDayOfWeek number
    - S6911104: Tests do not work with CYGWIN: tools, sun/tools,
      and com/sun/tools
    - S6914413: abbreviation name for November is not correct in
    - S6916787: Ukrainian currency name needs to be fixed
    - S6919624: minimalDaysInFirstWeek ressource for hungarian is
    - S6931564: Incorrect display name of Locale for south africa
    - S6931566: NetworkInterface is not working when interface name
      is more than 15 characters long
    - S6938454: 2 new testcases for  bug: Unable to determine
      generic type in program that compiles under Java 6
    - S6938454: Unable to determine generic type in program that
      compiles under Java 6
    - S6945604: wrong error message in
    - S6962617: Testcase changes, cleanup of problem list for
      jdk_tools targets
    - S6964714: NetworkInterface getInetAddresses enumerates IPv6
      addresses if property set
    - S6967937: Scope id no longer being set after 6931566
    - S6972374: NetworkInterface.getNetworkInterfaces throws
      "" on Solaris zone
    - S6976117: SSLContext.getInstance("TLSv1.1") returns
      SSLEngines/SSLSockets without TLSv1.1 enabled
    - S7001720: copyright templates not rebranded
    - S7019267: Currency Display Names are not localized into pt_BR
    - S7020583: Some currency names are missing in some locales
    - S7020960: is missing
    - S7022269: clean up fscanf usage in Linux networking native
    - S7025837: fix plural currency display names in
    - S7028073: The currency symbol for Peru is wrong
    - S7035555: 4/4 attach/ needs another tweak for
    - S7036025: when creating
      JFileChooser in signed applet
    - S7036905: [de] dem - the german mark display name is incorrect
    - S7047033: (smartcardio) Card.disconnect(boolean reset) does
      not reset when reset is true
    - S7066203: Update currency data to the latest ISO 4217 standard
    - S7077119: remove past transition dates from file
    - S7085757: Currency Data: ISO 4217 Amendment 152
    - S7122142, RH1151372: (ann) Race condition between
      isAnnotationPresent and getAnnotations
    - S7153184: NullPointerException when calling
    - S7161796, RH1151372: PhaseStringOpts::fetch_static_field
      tries to fetch field from the Klass instead of the mirror
    - S7171028: dots are missed in the datetime for Slovanian
    - S7174244: NPE in Krb5ProxyImpl.getServerKeys()
    - S7185456: (ann) Optimize Annotation handling in
      java/sun.reflect.* code for small number of annotations
    - S7189611: Venezuela current Currency should be Bs.F.
    - S7195759: ISO 4217 Amendment 154
    - S7199066: Typo in method name
    - S7201205: Add Makefile configuration option to build with
      unlimited crypto in OpenJDK.
    - S8005232: (JEP-149) Class Instance size reduction
    - S8006748: getISO3Country() returns wrong value
    - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
    - S8015421: NegativeArraySizeException occurs in
      ChunkedOutputStream() with Integer.MAX_VALUE
    - S8015570: Use long comparison in Rule.getRules()
    - S8021121: ISO 4217 Amendment Number 156
    - S8021372: NetworkInterface.getNetworkInterfaces() returns
      duplicate hardware address
    - S8022721: TEST_BUG: throws
      java.lang.IllegalStateException: unexpected condition
    - S8023956: Provide a work-around to broken Linux 32 bit "Exec
      Shield" using CS for NX emulation (crashing with SI_KERNEL)
    - S8025051: Update resource files for TimeZone display names
    - S8026772: test/sun/util/resources/TimeZone/
    - S8027359: XML parser returns incorrect parsing results
    - S8027370: Support tzdata2013h
    - S8027695: There should be a space before % sign in Swedish
    - S8028627: Unsynchronized code path from javax.crypto.Cipher
      to the WeakHashMap used by JceSecurity to store codebase
    - S8028726: (prefs) Check src/solaris/native/java/util/FileSystemPreferences.c
      for JNI pending exceptions
    - S8029153: [TESTBUG] test/compiler/7141637/
      fails because it expects NullPointerException
    - S8029318: Native Windows ccache still reads DES tickets
    - S8030822: (tz) Support tzdata2013i
    - S8031046: Native Windows ccache might still get unsupported
    - S8032788: ImageIcon constructor throws an NPE and hangs when
      passed a null String parameter
    - S8032909: XSLT string-length returns incorrect length when
      string includes complementary chars
    - S8035613: With active Securitymanager JAXBContext.newInstance
    - S8037012: (tz) Support tzdata2014a
    - S8038306: (tz) Support tzdata2014b
    - S8040617: [macosx] Large JTable cell results in a
    - S8041990: [macosx] Language specific keys does not work in
      applets when opened outside the browser
    - S8043012: (tz) Support tzdata2014c
    - S8046343: (smartcardio) CardTerminal.connect('direct') does
      not work on MacOSX
    - S8049250: Need a flag to invert the Card.disconnect(reset)
    - S8049343: (tz) Support tzdata2014g
    - S8050485: super() in a try block in a ctor causes VerifyError
    - S8051012: Regression in verifier for <init> method call from
      inside of a branch
    - S8051614: smartcardio TCK tests fail due to lack of 'reset'
    - S8054367: More references for endpoints
    - S8055222: Currency update needed for ISO 4217 Amendment #159
    - S8056211: api/java_awt/Event/InputMethodEvent/serial/index.html#Input[serial2002]
    - S8058715: stability issues when being launched as an embedded
      JVM via JNI
    - S8059206: (tz) Support tzdata2014i
    - S8060474: Resolve more parsing ambiguity
    - S8061826: Part of JDK-8060474 should be reverted
    - S8062561: Test bug8055304 fails if file system default
      directory has read access
    - S8062807: Exporting RMI objects fails when run under
      restrictive SecurityManager
    - S8064560: (tz) Support tzdata2014j
  * Backports
    - OJ51, PR2187: Sync patch for 4873188 with 7 version
    - OJ52, PR2185: Application of 6786276 introduces compatibility
    - OJ53, PR2181: strict-aliasing warnings issued on PPC32
    - OJ54, PR2182: 6911104 reintroduces test fragment removed in
      existing 6964018 backport
    - S6730740, PR2186: Fix for 6729881 has apparently broken
      several 64 bit tests:  "Bad address"
    - S7031830, PR2183: bad_record_mac failure on TLSv1.2 enabled
      connection with SSLEngine
    - S8000897, PR2173, RH1155012: VM crash in CompileBroker
    - S8020190, PR2174, RH1176718: Fatal: Bug in native code:
      jfieldID must match object
    - S8028623, PR2177, RH1168693: SA: hash codes in SymbolTable
      mismatching java_lang_String::hash_code for extended characters
    - S8061785, PR2177: [TEST_BUG] serviceability/sa/jmap-hashcode/
      has utf8 character corrupted by earlier merge
  * Bug fixes
    - PR1831: Drop version requirement for LCMS 2
    - PR1832, RH1022017: Report elliptic curves supported by NSS,
      not the SunEC library
    - PR2033: patches/ecj/jaxws-getdtdtype.patch no longer applies
      since removal of JAXWS drop
    - PR2062: Unset OS before running OpenJDK build
    - PR2070: Type-punning warnings still evident on RHEL 5
    - PR2082: Cast should use same type as GCDrainStackTargetSize
    - PR2096, RH1163501: 2048-bit DH upper bound too small for
      Fedora infrastructure
    - PR2125: Synchronise elliptic curves in
      with those listed by NSS
    - PR2179: Avoid x86 workaround when running Zero rather than a JIT
    - PR2180: Old autotools dislike $(builddir)/
    - PR2184: CACAO lacks JVM_FindClassFromCaller introduced by
      security patch in 1.13.6
  * JamVM
    - PR2190: JamVM lacks JVM_FindClassFromCaller introduced by
      security patch in 1.13.6
- Remove upstreamed patches:
  * icedtea6-1.13.5-aarch64.patch
  * icedtea6-1.13.5-bootstrap.patch
  * icedtea6-1.13.5-s390.patch

Tue Nov 18 08:46:17 UTC 2014 -

- Do not package the timezone data, since we are using the one from
  timezone-info package
- Clean-up some dependencies
- Use the jredir macro instead of %sdkdir/jre

Sun Nov 16 11:29:17 UTC 2014 -

- Build the javadoc package as noarch, since it installed in
  architecture independent place

Fri Nov 14 18:41:22 UTC 2014 -

- Disable building of documentation for aarch64
  * It takes more then 8 hours without output and OBS kills
    the build as stuck

Tue Nov 11 20:48:12 UTC 2014 -

- Add one more cast for s390's MIN2 template.

Thu Nov  6 18:08:50 UTC 2014 -

- Don't build pulseaudio integration during bootstrap build.

Fri Oct 17 10:17:21 UTC 2014 -

- Remove java-access-bridge sources
  * Split accessibility package and use java-atk-wrapper instead of
    java-access-bridge (like the other java packages in this
- Removed patches: java-1.6.0-openjdk-java-access-bridge-idlj.patch
  and java-1.6.0-openjdk-java-access-bridge-tck.patch
  * Unneeded, since they were patching the java-access-bridge

Thu Oct 16 15:26:16 UTC 2014 -

- Build in bootstrap mode with --enable-bootstrap-tools

Thu Oct 16 09:46:49 UTC 2014 -

- Add patch: missing-includes-ecj.patch
  * fix implicit-fortify-decl for ecj boostrap build

Wed Oct 15 19:37:20 UTC 2014 -

- Update to 1.13.5
  * Security fixes
    - S8015256: Better class accessibility
    - S8022783, CVE-2014-6504: Optimize C2 optimizations
    - S8035162: Service printing service
    - S8035781: Improve equality for annotations
    - S8036805: Correct linker method lookup.
    - S8036810: Correct linker field lookup
    - S8037066, CVE-2014-6457: Secure transport layer
    - S8037846, CVE-2014-6558: Ensure streaming of input cipher streams
    - S8038899: Safer safepoints
    - S8038903: More native monitor monitoring
    - S8038908: Make Signature more robust
    - S8038913: Bolster XML support
    - S8039509, CVE-2014-6512: Wrap sockets more thoroughly
    - S8039533, CVE-2014-6517: Higher resolution resolvers  
    - S8041540, CVE-2014-6511: Better use of pages in font processing
    - S8041545: Better validation of generated rasters
    - S8041564, CVE-2014-6506: Improved management of logger resources
    - S8041717, CVE-2014-6519: Issue with class file parser
    - S8042609, CVE-2014-6513: Limit splashiness of splash images
    - S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
    - S8044274, CVE-2014-6531: Proper property processing
  * Import of OpenJDK6 b33
    - OJ37: OpenJDK6-b32 cannot be built on Windows
    - OJ39: Handle fonts with the non-canonical processing flag set
    - OJ41: OpenJDK6 should be compatible with Windows SDK 7.1
    - OJ42: Remove @Override annotation on interfaces added by 2014/10/14 security fixes.
    - S6967684: httpserver using a non thread-safe SimpleDateFormat
    - S7033534: Two tests fail just against jdk7 b136
    - S7160837: DigestOutputStream does not turn off digest calculation when "close()" is called
    - S7172149: ArrayIndexOutOfBoundsException from Signature.verify
    - S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build
    - S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
    - S8028192: Use of PKCS11-NSS provider in FIPS mode broken
    - S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride
    - S8039396: NPE when writing a class descriptor object to a custom ObjectOutputStream
    - S8042603: 'SafepointPollOffset' was not declared in static member function 'static bool Arguments::check_vm_args_consistency()'
    - S8042850: Extra unused entries in ICU ScriptCodes enum
    - S8052162: REGRESSION: sun/java2d/cmm/ColorConvertOp tests fail since 7u71 b01
    - S8053963: (dc) Use DatagramChannel.receive() instead of read() in connect()
  * Backports
    - S4963723: Implement SHA-224
    - S6578658: Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI
    - S6753664: Support SHA256 (and higher) in SunMSCAPI
    - S7033170: Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException
    - S7044060: Need to support NSA Suite B Cryptography algorithms
    - S7106773: 512 bits RSA key cannot work with SHA384 and SHA512
    - S7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
    - S8006935: Need to take care of long secret keys in HMAC/PRF compuation
    - S8017173, PR1688: XMLCipher with RSA_OAEP Key Transport algorithm can't be instantiated
    - S8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
  * Bug fixes
    - PR1904: [REGRESSION] Bug reports now lack IcedTea version & distribution packaging information
    - PR1967: Move to new OpenJDK bug URL format
- Do not use "fedora" suffix for the cleaned tarball, use "cleaned"
  * rename the cleaner script accordingly
  * use extreme compression in the cleaner script
- Added patch: icedtea6-1.13.5-bootstrap.patch
  * fix bootstrap build

Mon Jul 28 07:24:15 UTC 2014 -

- Rename the fontconfig file to SUSE not SuSE. bnc#889006.

Fri Jul 25 15:35:25 UTC 2014 -

- Removed openjdk-6-src-b17-no-return-in-nonvoid-function-ppc.patch
- Added openjdk-6-src-b32-no-return-in-nonvoid-function-ppc.patch
  * need to rediff
- Run spec-cleaner on the package and remove spec file parts that
  are not relevant to SUSE distributions

Wed Jul 16 06:13:38 UTC 2014 -

- Update to 1.13.4
* Security fixes
  - S8029755, CVE-2014-4209: Enhance subject class
  - S8030763: Validate global memory allocation
  - S8031346, CVE-2014-4244: Enhance RSA key handling
  - S8031540: Introduce document horizon
  - S8032536: JVM resolves wrong method in some unusual cases
  - S8033055: Issues in 2d
  - S8033301, CVE-2014-4266: Build more informative InfoBuilder
  - S8034267: Probabilistic native crash
  - S8034272: Do not cram data into CRAM arrays
  - S8035004, CVE-2014-4252: Provider provides less service
  - S8035009, CVE-2014-4218: Make Proxy representations consistent
  - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification
  - S8035699, CVE-2014-4268: File choosers should be choosier
  - S8036571: (process) Process process arguments carefully
  - S8036800: Attribute OOM to correct part of code
  - S8037046: Validate libraries to be loaded
  - S8037157: Verify <init> call
  - S8037076, CVE-2014-2490: Check constant pool constants
  - S8037162, CVE-2014-4263: More robust DH exchanges
  - S8037167, CVE-2014-4216: Better method signature resolution
  - S8039520, CVE-2014-4262: More atomicity of atomic updates
* Import of OpenJDK6 b32
  - OP32: OpenJDK6-b31 isn't compatible with Windows platform
  - OJ33: Update copyright headers introduced by the fix for OPENJDK6-32
  - OJ34: OpenJDK6-b31 backport of JDK-6638712 to openjdk6
  - OJ35: backport of JDK-6650759 to openjdk6
  - OJ36: Fix a mistake in backport of 8035119
  - S8013611: Modal dialog fails to obtain keyboard focus
  - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
  - S8028111: XML readers share the same entity expansion counter
  - S8028285: RMI Thread can no longer call out to AWT
  - S8029038: Revise fix for XML readers share the same entity expansion counter
  - S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64
  - S8042590: Running form URL throws NPE
  - S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader
* Backports
 - S7027300, RH1098399: Unsynchronized HashMap access causes endless loop
 - S7183251: Netbeans editor renders text wrong on JDK 7u6 build

Fri Jul 11 01:40:41 UTC 2014 -

- update to 1.13.3
  * Many security fixes
- bootstrap build for suse_version >= 1310  

Wed Nov 27 12:58:34 UTC 2013 -

- update to 1.12.7 (bnc#852367) 
* Security fixes
  - S8006900, CVE-2013-3829: Add new date/time capability
  - S8008589: Better MBean permission validation
  - S8011071, CVE-2013-5780: Better crypto provider handling
  - S8011081, CVE-2013-5772: Improve jhat
  - S8011157, CVE-2013-5814: Improve CORBA portablility
  - S8012071, CVE-2013-5790: Better Building of Beans
  - S8012147: Improve tool support
  - S8012277: CVE-2013-5849: Improve AWT DataFlavor
  - S8012425, CVE-2013-5802: Transform TransformerFactory
  - S8013503, CVE-2013-5851: Improve stream factories
  - S8013506: Better Pack200 data handling
  - S8013510, CVE-2013-5809: Augment image writing code
  - S8013514: Improve stability of cmap class
  - S8013739, CVE-2013-5817: Better LDAP resource management
  - S8013744, CVE-2013-5783: Better tabling for AWT
  - S8014085: Better serialization support in JMX classes
  - S8014093, CVE-2013-5782: Improve parsing of images
  - S8014102, CVE-2013-5778: Improve image conversion
  - S8014341, CVE-2013-5803: Better service from Kerberos servers
  - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations
  - S8014530, CVE-2013-5825: Better digital signature processing
  - S8014534: Better profiling support
  - S8014987, CVE-2013-5842: Augment serialization handling
  - S8015614: Update build settings
  - S8015731: Subject to improvements
  - S8015743, CVE-2013-5774: Address internet addresses
  - S8016256: Make finalization final
  - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names
  - S8016675, CVE-2013-5797: Make Javadoc pages more robust
  - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
  - S8017287, CVE-2013-5829: Better resource disposal
  - S8017291, CVE-2013-5830: Cast Proxies Aside
  - S8017298, CVE-2013-4002: Better XML support
  - S8017300, CVE-2013-5784: Improve Interface Implementation
  - S8017505, CVE-2013-5820: Better Client Service
  - S8019292: Better Attribute Value Exceptions
  - S8019617: Better view of objects
  - S8020293: JVM crash
  - S8021290, CVE-2013-5823: Better signature validation
  - S8022940: Enhance CORBA translations
  - S8023683: Enhance class file parsing
* Backports
  - S4075303: Use javap to enquire about a specific inner class
  - S4111861: static final field contents are not displayed
  - S4348375: Javap is not internationalized
  - S4459541: "javap -l" shows line numbers as signed short; they should be unsigned
  - S4501660: change diagnostic of -help as 'print this help message and exit'
  - S4501661: disallow mixing -public, -private, and -protected options at the same time
  - S4776241: unused source file in javap...
  - S4870651: javap should recognize generics, varargs, enum
  - S4876942: javap invoked without args does not print help screen
  - S4880663: javap could output whitespace between class name and opening brace
  - S4884240: additional option required for javap
  - S4893408: JPEGReader throws IllegalArgException when setting the destination to BYTE_GRAY
  - S4975569: javap doesn't print new flag bits
  - S6271787: javap dumps LocalVariableTypeTable attribute in hex, needs to print a table
  - S6305779: javap: support annotations
  - S6439940: Clean up javap implementation
  - S6469569: wrong check of searchpath in JavapEnvironment
  - S6474890: javap does not open .zip files in -classpath
  - S6563752: Build and test JDK7 with Sun Studio 12 Express compilers (prep makefiles)
  - S6587786: Javap throws error : "ERROR:Could not find <classname>" for JRE classes
  - S6622215: javap ignores certain relevant access flags
  - S6622216: javap names some attributes incorrectly
  - S6622232: javap gets whitespace confused
  - S6622260: javap prints negative bytes incorrectly in hex
  - S6631559: Registration of ImageIO plugins should not cause loading of jpeg.dlli and cmm.dll
  - S6636331: ConcurrentModificationException in AppContext code
  - S6636370: minor corrections and simplification of code in AppContext
  - S6708729: update jdk Makefiles for new javap
  - S6715767: javap on java.lang.ClassLoader crashes
  - S6729772: 64-bit build with SS12 compiler: SIGSEGV (0xb) at pc=0x0000000000000048, pid=14826, tid=2
  - S6791502: IIOException "Invalid icc profile" on jpeg after update from JDK5 to JDK6
  - S6793818: JpegImageReader is too greedy creating color profiles
  - S6799141: Build with --hash-style=both so that binaries can work on SuSE 10
  - S6816311: Changes to allow builds with latest Windows SDK 6.1 on 64bit Windows 2003
  - S6819246: improve support for decoding instructions in classfile library
  - S6824493: experimental support for additional info for instructions
  - S6840152: JVM crashes when heavyweight monitors are used
  - S6841419: classfile: add constant pool iterator
  - S6841420: classfile: add new methods to ConstantClassInfo
  - S6843013: missing files in fix for 6824493
  - S6852856: javap changes to facilitate subclassing javap for variants
  - S6867671: javap whitespace formatting issues
  - S6868539: javap should use current names for constant pool tags
  - S6888215: memory leak in jpeg plugin
  - S6902264: fix indentation of tableswitch and lookupswitch
  - S6925851: Localize JRE into pt_BR
  - S6954275: XML signatures with reference data larger 16KB and cacheRef on fails to validate
  - S6974017: Upgrade required Solaris Studio compilers to 5.10 (12 update 1 + patches)
  - S6980281: SWAT: SwingSet2 got core dumped in Solaris-AMD64 using b107 swat build
  - S6989760: cmm native compiler warnings
  - S6989774: imageio compiler warnings in native code
  - S7000225: Sanity check on sane-alsa-headers is broken
  - S7013519: [parfait] Integer overflows in 2D code
  - S7018912: [parfait] potential buffer overruns in imageio jpeg
  - S7022999: Can't build with FORCE_TIERED=0
  - S7035073: Add missing timezones to
  - S7038711: Fix CC_VER checks for compiler options, fix use of -Wno-clobber
  - S7146431: files out-of-sync
  - S7196533: TimeZone.getDefault() slow due to synchronization bottleneck
  - S8000450: Restrict access to com/sun/corba/se/impl package
  - S8002070: Remove the stack search for a resource bundle for Logger to use
  - S8003992: File and other classes in do not handle embedded nulls properly
  - S8004188: Rename src/share/lib/security/ to
  - S8005194: [parfait] #353 sun/awt/image/jpeg/imageioJPEG.c Memory leak of pointer 'scale' allocated with calloc()
  - S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  - S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive
  - S8010727: WLS fails to add a logger with "" in its own LogManager subclass instance
  - S8010939: Deadlock in LogManager
  - S8011139: (reflect) Revise checking in getEnclosingClass
  - S8011950: enters infinite loop when passed invalid data
  - S8011990: TEST_BUG: java/util/logging/bundlesearch/ fails on Windows
  - S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21
  - S8012453: (process) Runtime.exec(String) fails if command contains spaces [win]
  - S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer
  - S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup
  - S8013827: File.createTempFile hangs with temp file starting with 'com1.4'
  - S8014469: (tz) Support tzdata2013c
  - S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10
  - S8014745: Provide a switch to allow stack walk search of resource bundle
  - S8015144: Performance regression in ICU OpenType Layout library
  - S8015965: (process) Typo in name of property to allow ambiguous commands
  - S8015978: Incorrect transformation of XPath expression "string(-0)"
  - S8016357: Update hotspot diagnostic class
  - S8017566: Backout 8000450 - Cannot access to
  - S8019584: javax/management/remote/mandatory/loading/ failed in nightly against jdk7u45: Invalid notification: null
  - S8019969: nioNetworkChannelInet6/SetOptionGetOptionTestInet6 test case crashes
  - S8019979: Replace CheckPackageAccess test with better one from closed repo
  - S8020054: (tz) Support tzdata2013d
  - S8020983, RH976897: OutOfMemoryError caused by non garbage collected JPEGImageWriter Instances
  - S8021355: REGRESSION: Five closed/java/awt/SplashScreen tests fail since 7u45 b01 on Linux, Solaris
  - S8021366: java_util/Properties/PropertiesWithOtherEncodings fails during 7u45 nightly testing
  - S8021577: JCK test api/javax_management/jmx_serial/modelmbean/ModelMBeanNotificationInfo/serial/index.html#Input has failed since jdk 7u45 b01
  - S8021933: Add extra check for fix # JDK-8014530
  - S8021969: The index_AccessAllowed jnlp can not load successfully with exception thrown in the log.
  - S8022661: InetAddress.writeObject() performs flush() on object output stream
  - S8022682: Supporting XOM
  - S8023964: java/io/IOException/ should be @ignore-d
  - S8024914: Swapped usage of idx_t and bm_word_t types in bitMap.inline.hpp
  - S8025128: File.createTempFile fails if prefix is absolute path
  - S8025255: (tz) Support tzdata2013g
  - OJ19: Fix test cases from 8010118 to work with OpenJDK 6
  - OJ20: Resolve merge issues with JAXP security fixes
  - OJ21: Remove @Override annotation added on interface by 2013/10/15 security fixes
* Bug fixes
  - PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel.
  - RH995488: Java thinks that the default timezone is Busingen instead of Zurich
  - D729448: 32-bit alignment on mips and mipsel
* refreshed: java-1.6.0-openjdk-java-access-bridge-security.patch

Wed Aug 21 08:07:55 UTC 2013 -

- remove jpackage-utils from Requires to BuildRequires
  * they were obsoleted by javapackages-tools, which require python,
    lua et all

Tue Jul 16 13:14:24 UTC 2013 -

- update to 1.12.6 (bnc#829708)
* Security fixes
  - S6741606, CVE-2013-2407: Integrate Apache Santuario
  - S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls
  - S7170730, CVE-2013-2451: Improve Windows network stack support.
  - S8000638, CVE-2013-2450: Improve deserialization
  - S8000642, CVE-2013-2446: Better handling of objects for transportation
  - S8001032: Restrict object access
  - S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers
  - S8001034, CVE-2013-1500: Memory management improvements
  - S8001038, CVE-2013-2444: Resourcefully handle resources
  - S8001043: Clarify definition restrictions
  - S8001309: Better handling of annotation interfaces
  - S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
  - S8001330, CVE-2013-2443: Improve on checking order
  - S8003703, CVE-2013-2412: Update RMI connection dialog box
  - S8004584: Augment applet contextualization
  - S8005007: Better glyph processing
  - S8006328, CVE-2013-2448: Improve robustness of sound classes
  - S8006611: Improve scripting
  - S8007467: Improve robustness of JMX internal APIs
  - S8007471: Improve MBean notifications
  - S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes
  - S8008120, CVE-2013-2457: Improve JMX class checking
  - S8008124, CVE-2013-2453: Better compliance testing
  - S8008128: Better API coherence for JMX
  - S8008132, CVE-2013-2456: Better serialization support
  - S8008585: Better JMX data handling
  - S8008593: Better URLClassLoader resource management
  - S8008603: Improve provision of JMX providers
  - S8008611: Better handling of annotations in JMX
  - S8008615: Improve robustness of JMX internal APIs
  - S8008623: Better handling of MBeanServers
  - S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606
  - S8008982: Adjust JMX for underlying interface changes
  - S8009004: Better implementation of RMI connections
  - S8009013: Better handling of T2K glyphs
  - S8009034: Improve resulting notifications in JMX
  - S8009038: Improve JMX notification support
  - S8009067: Improve storing keys in KeyStore
  - S8009071, CVE-2013-2459: Improve shape handling
  - S8009235: Improve handling of TSA data
  - S8011243, CVE-2013-2470: Improve ImagingLib
  - S8011248, CVE-2013-2471: Better Component Rasters
  - S8011253, CVE-2013-2472: Better Short Component Rasters
  - S8011257, CVE-2013-2473: Better Byte Component Rasters
  - S8012375, CVE-2013-1571: Improve Javadoc framing
  - S8012421: Better positioning of PairPositioning
  - S8012438, CVE-2013-2463: Better image validation
  - S8012597, CVE-2013-2465: Better image channel verification
  - S8012601, CVE-2013-2469: Better validation of image layouts
  - S8014281, CVE-2013-2461: Better checking of XML signature
  - S8015997: Additional improvement in Javadoc framing
* Backports
  - S6469266: Integrate Apache XMLSec 1.4.2 into JDK 7
  - S6541350: TimeZone display names localization
  - S6656651: Windows Look and Feel LCD glyph images have some differences from native applications.
  - S6786028: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - Bold tags should be strong
  - S6786682: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - HTML tag should have lang attribute
  - S6786688: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - Table must have captions and headers
  - S6786690: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet - DL tag and nesting issue
  - S6802694: Javadoc doclet does not display deprecated information with -nocomment option for serialized form
  - S6821191: Timezone display name localization
  - S6851834: Javadoc doclet needs a structured approach to generate the output HTML.
  - S6888167: memory leaks in the medialib glue code
  - S6961178: Allow doclet.xml to contain XML attributes
  - S6977550: (tz) Support tzdata2010l
  - S6996686: (tz) Support tzdata2010o
  - S7006270: Several javadoc regression tests are failing on windows
  - S7017800: (tz) Support tzdata2011b
  - S7027387: (tz) Support tzdata2011d
  - S7033174: (tz) Support tzdata2011e
  - S7039469: (tz) Support tzdata2011g
  - S7090843: (tz) Support tzdata2011j
  - S7103108: (tz) Support tzdata2011l
  - S7103405: Correct display names for Pacific/Apia timezone
  - S7104126: Insert openjdk copyright header back into TZdata files
  - S7158483: (tz) Support tzdata2012c
  - S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing
  - S7198570: (tz) Support tzdata2012f
  - S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node
  - S8002225: (tz) Support tzdata2012i
  - S8009165: Fix for 8006435 needs revision
  - S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ fails to compile since 7u21b03
  - S8009530: ICU Kern table support broken
  - S8009610: Blacklist certificate used with malware.
  - S8009987: (tz) Support tzdata2013b
  - S8009996: tests javax/management/mxbean/ and javax/management/mxbean/ fail
  - S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
  - S8010727: WLS fails to add a logger with "" in its own LogManager subclass instance
  - S8010939: Deadlock in LogManager
  - S8011154: java/awt/Frame/ShapeNotSetSometimes/ failed since 7u25b03 on windows
  - S8011557: Improve reflection utility classes
  - S8011992: java/awt/image/mlib/ failed since jdk7u25b05
  - S8012112: java/awt/image/mlib/ fails on sparc solaris
  - S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer
  - S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/ fails since jdk 7u25 b07
  - S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext()
  - S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/ fails since 7u25 b09
  - S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10

Thu Apr 25 13:46:03 UTC 2013 -

- update to 1.12.5 (bnc#817157)
* Security fixes
  - S6657673, CVE-2013-1518: Issues with JAXP
  - S7200507: Refactor Introspector internals
  - S8000724, CVE-2013-2417: Improve networking serialization
  - S8001031, CVE-2013-2419: Better font processing
  - S8001040, CVE-2013-1537: Rework RMI model
  - S8001322: Refactor deserialization
  - S8001329, CVE-2013-1557: Augment RMI logging
  - S8003335: Better handling of Finalizer thread
  - S8003445: Adjust JAX-WS to focus on API
  - S8003543, CVE-2013-2415: Improve processing of MTOM attachments
  - S8004261: Improve input validation
  - S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames
  - S8004986, CVE-2013-2383: Better handling of glyph table
  - S8004987, CVE-2013-2384: Improve font layout
  - S8004994, CVE-2013-1569: Improve checking of glyph table
  - S8005432: Update access to JAX-WS
  - S8005943: (process) Improved Runtime.exec
  - S8006309: More reliable control panel operation
  - S8006435, CVE-2013-2424: Improvements in JMX
  - S8006790: Improve checking for windows
  - S8006795: Improve font warning messages
  - S8007406: Improve accessibility of AccessBridge
  - S8007617, CVE-2013-2420: Better validation of images
  - S8007667, CVE-2013-2430: Better image reading
  - S8007918, CVE-2013-2429: Better image writing
  - S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap
  - S8009305, CVE-2013-0401: Improve AWT data transfer
  - S8009699, CVE-2013-2421: Methodhandle lookup
  - S8009814, CVE-2013-1488: Better driver management
  - S8009857, CVE-2013-2422: Problem with plugin
  - RH952389: Temporary files created with insecure permissions
* Backports
  - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts
  - S7036559: ConcurrentHashMap footprint and contention improvements
  - S5102804: Memory leak in Introspector.getBeanInfo(Class) for custom BeanInfo: Class param (with WeakCache from S6397609)
  - S6501644: sync LayoutEngine *code* structure to match ICU
  - S6886358: layout code update
  - S6963811: Deadlock-prone locking changes in Introspector
  - S7017324: Kerning crash in JDK 7 since ICU layout update
  - S7064279: Introspector.getBeanInfo() should release some resources in timely manner
  - S8004302: javax/xml/soap/ fails since jdk6u39b01
  - S7133220: Additional patches to JAXP 1.4.5 update 1 for 7u4 (partial for S6657673)
  - S8009530: ICU Kern table support broken
* Bug fixes
  - OJ3: Fix get_stack_bounds memory leak (alternate fix for S7197906)
  - PR1362: Fedora 19 / rawhide FTBFS SIGILL
  - PR1338: Remove dependence on libXp
  - PR1339: Simplify the rhino class rewriter to avoid use of concurrency
  - PR1336: Bootstrap failure on Fedora 17/18
  - PR1319: Correct #ifdef to #if
  - PR1402: Support glibc < 2.17 with AArch64 patch
  - Give xalan/xerces access to their own internal packages.
* New features
  - JAXP, JAXWS & JAF supplied as patches rather than drops to aid subsequent patching.
  - PR1380: Add AArch64 support to Zero

Tue Mar  5 13:34:50 UTC 2013 -

- update to 1.12.4 (bnc#807487)
  - S8007014, CVE-2013-0809: Improve image handling
  - S8007675, CVE-2013-1493: Improve color conversion

Wed Feb 20 13:48:40 UTC 2013 -

- update to 1.12.3 (bnc#804654) 
* Security fixes
  - S8006446: Restrict MBeanServer access (CVE-2013-1486)
  - S8006777: Improve TLS handling of invalid messages
    Lucky 13 (CVE-2013-0169)
  - S8007688: Blacklist known bad certificate (issued by DigiCert)
* Backports
  - S8007393: Possible race condition after JDK-6664509
  - S8007611: logging behavior in applet changed
* Bug fixes
  - PR1319: Support GIF lib v5.

Tue Feb 12 10:16:01 UTC 2013 -

- update to 1.12.2 (bnc#801972) 
* Backports
  - S8004341: Two JCK tests fails with 7u11 b06
  - S8005615: Java Logger fails to load tomcat logger implementation (JULI)
* Bug fixes
  - PR1297: cacao and jamvm parallel unpack failures
  - PR1301: PR1171 causes builds of Zero to fail
- openjdk-7-src-b147-awt-crasher.patch (bnc#792951)

Tue Feb  5 12:50:46 UTC 2013 -

- update to 1.12.1 (bnc#801972) 
* Security fixes (on top of 1.12.0)
  - S6563318, CVE-2013-0424: RMI data sanitization
  - S6664509, CVE-2013-0425: Add logging context
  - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
  - S6776941: CVE-2013-0427: Improve thread pool shutdown
  - S7141694, CVE-2013-0429: Improving CORBA internals
  - S7173145: Improve in-memory representation of splashscreens
  - S7186945: Unpack200 improvement
  - S7186946: Refine unpacker resource usage
  - S7186948: Improve Swing data validation
  - S7186952, CVE-2013-0432: Improve clipboard access
  - S7186954: Improve connection performance
  - S7186957: Improve Pack200 data validation
  - S7192392, CVE-2013-0443: Better validation of client keys
  - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
  - S7192977, CVE-2013-0442: Issue in toolkit thread
  - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
  - S7200491: Tighten up JTable layout code
  - S7200500: Launcher better input validation
  - S7201064: Better dialogue checking
  - S7201066, CVE-2013-0441: Change modifiers on unused fields
  - S7201068, CVE-2013-0435: Better handling of UI elements
  - S7201070: Serialization to conform to protocol
  - S7201071, CVE-2013-0433: InetSocketAddress serialization issue
  - S8000210: Improve JarFile code quality
  - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
  - S8000540, CVE-2013-1475: Improve IIOP type reuse management
  - S8000631, CVE-2013-1476: Restrict access to class constructor
  - S8001235, CVE-2013-0434: Improve JAXP HTTP handling
  - S8001242: Improve RMI HTTP conformance
  - S8001307: Modify ACC_SUPER behavior
  - S8001972, CVE-2013-1478: Improve image processing
  - S8002325, CVE-2013-1480: Improve management of images

Mon Feb  4 15:15:33 UTC 2013 -

- update to 1.12.0
* Import of OpenJDK6 b27 (all changes already in security updates)
* Import of OpenJDK6 b26
  - S7071826: Avoid benign race condition in initialization of UUID
  - S7123896: Unexpected behavior due to Solaris using separate IPv4 and IPv6 port spaces
  - S7142509: Cipher.doFinal(ByteBuffer,ByteBuffer) fails to process when in.remaining() == 0
  - S7157903: JSSE client sockets are very slow
  - S7174440: JDK6-open build breakage
  - S7175845: JSSE client sockets are very slow
  - S7176477: TEST: Remove testcase test/java/lang/SecurityManager/ from jdk6-open
  - S7184700: Backout changes with wrong id for 7157903
  - S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo
* Import of OpenJDK6 b25
  - S6790292: BOOTDIR of jdk6 u12 will not work with jdk7 builds
  - S6967036: Need to fix links with // in Javadoc comments
  - S7007299: FileFontStrike appears not to be threadsafe
  - S7022473: JDK7 still runs /etc/prtconf to find memory size
  - S7058133: Javah should use the freshly built classes instead of those from the BOOTDIR jdk
  - S7107919: Remove hotspot assertion due to Solaris 8 kstat "unimplemented".
  - S7123519: problems with certification path
  - S7126889: Incorrect SSLEngine debug output
  - S7127104: Build issue with prtconf and zones, also using := to avoid extra execs
  - S7128474: Update source copyright years
  - S7128505: Building on em64t system does not work
  - S7149751: another krb5 test in openjdk6 without test infrastructure
* Backports
  - S6706974: Add krb5 test infrastructure
  - S6764553: is not thread safe
  - S6761072: new krb5 tests fail on multiple platforms
  - S6883983: JarVerifier dependency on should be removed
  - S4465490: Suspicious about double-check locking idiom being used in the code
  - S6763340: memory leak in* classes
  - S6873605: Missing finishedDispatch() call in ORBImpl causes test failures after 5u20 b04
  - S6980681: CORBA deadlock in Java SE believed to be related to CR 6238477
  - S7162902: Umbrella port of a number of corba bug fixes from JDK 6 to jdk7u/8
  - S6414899: P11Digest should support cloning
  - S4898461: Support for ECB and CBC/PKCS5Padding
  - S6604496: Support for CKM_AES_CTR (counter mode)
  - S6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
  - S6682417: JCK test failed w/ ProviderException when decrypted data is not multiple of blocks
  - S6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException
  - S6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
  - S6867345: Turkish regional options cause NPE in
  - S7088989: Improve the performance for T4 by utilizing the newly provided crypto APIs
* Bug fixes
  - PR902: PulseAudioClip getMicrosecondsLength() returns length in milliseconds, not microseconds
  - PR1050: Stream objects not garbage collected
  - PR1113: Add tapset tests to distribution.
  - PR1117: IcedTea6 prebuilds far too many classes on bootstrap
  - PR1121: Old installs still suffer from GCC PR41686
  - PR1119: Only add classes to rt-source-files.txt if the class (or one or more of its methods/fields)
    are actually missing from the boot JDK
  - PR1114: Provide option to turn off downloading of tarballs (--disable-downloading)
  - PR1176: Synchronise CACAO rules between IcedTea6/7/8 where possible
  - RH513605: Updating/Installing OpenJDK should recreate the shared class-data archive
  - G422525: Apply pax markings before using a freshly built JVM.
  - PR986: IcedTea fails to build with IcedTea6 CACAO due to low max heap size
  - PR1120: Unified version for icedtea6/7
  - CA166, CA167: check-langtools fixes for icedtea6
  - Implemented sun.misc.Perf.highResCounter
  - CACAO now identifies by its own Mercurial revision
  - Some memory barrier maintenance
  - Ability to run when compiled as Thumb on armv5 (no Thumb JIT though) 
  - Stop creating pseudo files for OpenJDK (, Xusage.txt)
  - Clang fix for the i386 backend
  - CONTRIBUTE: Reference code submission process wiki instructions.
  - INSTALL.CACAO: Update, so following the instruction actually works.
  - Make doxygen work
  - CA172, PR1266, G453612: ARM hardfloat support
  - src/scripts/ Look for cacao executable in install path, not in PATH.
  - src/vm/jit/alpha/asmpart.S: Fix copyright header.
  - src/vm/jit/alpha/asmpart.S: Properly set up GP in asm_abstractmethoderror
  - Use @abs_top_builddir@ for support scripts
* JamVM
  - ARMv6 armhf: Changes for Raspbian (Raspberry Pi)
  - PPC: Don't use lwsync if it isn't supported
  - X86: Generate machine-dependent stubs for i386
  - When suspending, ignore detached threads that have died, this prevents
    a user caused deadlock when an external thread has been attached to the VM
    via JNI and it has exited without detaching
  - Add missing REF_TO_OBJs for references passed from JNI, this enable JamVM
    to run Qt-Jambi
  - PR1155: Do not put version number in SONAME
* SystemTap
  - Addition of garbage collection probes
* drop bouncycastle patch and add a shell hackery in %install

Fri Oct 19 09:21:09 UTC 2012 -

- update to 1.11.5 (bnc#785433)
* Security fixes
  - S6631398, CVE-2012-3216: FilePermission improved path checking
  - S7093490: adjust package access in rmiregistry
  - S7143535, CVE-2012-5068: ScriptEngine corrected permissions
  - S7167656, CVE-2012-5077: Multiple Seeders are being created
  - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
  - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
  - S7172522, CVE-2012-5072: Improve DomainCombiner checking
  - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
  - S7189103, CVE-2012-5069: Executors needs to maintain state
  - S7189490: More improvements to DomainCombiner checking
  - S7189567, CVE-2012-5085: java net obselete protocol
  - S7192975, CVE-2012-5071: Conditional usage check is wrong
  - S7195194, CVE-2012-5084: Better data validation for Swing
  - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
  - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance
  - S7198296, CVE-2012-5089: Refactor classloader usage
  - S7158800: Improve storage of symbol tables
  - S7158801: Improve VM CompileOnly option
  - S7158804: Improve config file parsing
  - S7176337: Additional changes needed for 7158801 fix
  - S7198606, CVE-2012-4416: Improve VM optimization
* Backports
  - S7175845: "jar uf" changes file permissions unexpectedly
  - S7177216: native2ascii changes file permissions of input file
  - S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo
* Bug fixes
  - PR1194: IcedTea tries to build with /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default

Mon Sep  3 11:59:29 UTC 2012 -

- update to 1.11.4 (bnc#777499) 
* Security fixes
  - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
  - S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
  - S7182135: Impossible to use some editors directly
  - S7185678: java/awt/Menu/NullMenuLabelTest/ failed with NPE

Mon Aug 20 08:55:16 UTC 2012 -
- fixed gnome-java-bridge.jar file permissions. bnc#770040

Wed Jun 14 22:16:56 UTC 2012 -

- fix build for non-jit packages

Thu Jun 14 09:22:23 UTC 2012 -

- update to 1.11.3 (bnc#766802)
* Security fixes
  - S7079902, CVE-2012-1711: Refine CORBA data models
  - S7110720: Issue with vm config file loadingIssue with vm config file loading
  - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform.
  - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
  - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations
  - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC
  - S7143872, CVE-2012-1718: Improve certificate extension processing
  - S7145239: Finetune package definition restriction
  - S7152811, CVE-2012-1723: Issues in client compiler
  - S7157609, CVE-2012-1724: Issues with loop
  - S7160677: missing else in fix for 7152811
  - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
* Bug fixes
  - PR1018: JVM fails due to SEGV during rendering some Unicode characters (part of 6886358)

Tue Jun 12 08:28:25 UTC 2012 -

- license update: GPL-2.0-with-classpath-exception
  Use a license from (or from the spreadsheet
  linked at if does not have a suitable

Mon May 14 12:39:44 UTC 2012 -

- update to 1.11.2
* Bug fixes
  - RH789154: javac error messages no longer contain the full path to the offending file:
  - PR797: Compiler error message does not display entire file name and path
  - PR881: Sign tests (wsse.policy.basic) failures with OpenJDK6
  - PR886: 6-1.11.1 fails to build CACAO on ppc
  - Specify both source and target in IT_GET_DTDTYPE_CHECK.
  - Install nss.cfg into j2re-image too.
  - PR584: Don't use shared Eden in incremental mode.
* Backports
  - S6792400: Avoid loading of Normalizer resources for simple uses
- fix fileconflict with java-1_7_0-openjdk
- add openjdk-6-src-b24-zero-increase-stack-size.patch by Dinar Valeev

Wed Apr  4 17:32:11 UTC 2012 -

- Add xorg-x11 BuildRequires to have xprop

Mon Feb 27 01:25:27 CET 2012 -

- fix build on ARM 

Thu Feb 16 12:42:24 UTC 2012 -

- update to 1.11.1 (bnc#747208)
* Security fixes
  - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
  - S7088367, CVE-2011-3563: Fix issues in java sound
  - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
  - S7110687, CVE-2012-0503: Issues with TimeZone class
  - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
  - S7110704, CVE-2012-0506: Issues with some method in corba
  - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
  - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
  - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server
* Bug fixes
  - PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch 

Fri Feb  3 14:06:13 UTC 2012 -

- apply ppc patch also on s390/s390x
- add a 3 more void-return fixes to ppc patch 

Fri Feb  3 11:01:40 UTC 2012 -

- update to icedtea6-1.11, openjdk b24
- ARM assembly language port reinstated and updated
- Allow selection of test suites using the jtreg_checks argument e.g. jtreg_checks="langtools"
- Drop the outdated NIO2 backport.  Users who want NIO2 should use IcedTea 2.x.
- Shark has been disabled
- Fixed build with GCC 4.7

Tue Jan 17 12:34:06 UTC 2012 -

- update to 1.10.5 (bugfix release)
* Backports
  - S7034464: Support transparent large pages on Linux
  - S7037939: NUMA: Disable adaptive resizing if SHM large pages are used
  - S7102369: remove java.rmi.server.codebase property parsing from registyimpl
  - S7094468: rmiregistry clean up
  - S7103725, RH767129: REGRESSION - 6u29 breaks ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA
  - S6851973, PR830: ignore incoming channel binding if acceptor does not set one
  - S7091528: javadoc attempts to parse .class files

Sat Dec 10 09:39:51 CET 2011 -

- adjusted patch110 to fix ppc build.

Fri Dec  9 08:20:01 UTC 2011 -

- there is no architecture called arm, so use macro instead 

Thu Dec  8 10:18:51 UTC 2011 -

- fix a stuff needed for gjc-based build 
  * change compiler flags in configure to gjc compatible
  * added no-werror patch for openjdk-ecj
  * avoid all aditional checking packages in this mode
  * temporary remove memory size increase
  * exclude patch110 in this case - TBD later
- definitelly drop noarch feature as it never worked well
- add arm to 32bit architectures
- remove rhino as a runtime dependency, as it's repackaged and
  installed in the jvm's tree
- enable build --with-parallel-jobs

Wed Nov 30 09:39:51 UTC 2011 -

- add automake as buildrequire to avoid implicit dependency

Fri Oct 21 12:51:28 UTC 2011 -

- update to 1.10.4 (bnc#725167)
- Security fixes
  * S7000600, CVE-2011-3547: InputStream skip() information leak
  * S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
  * S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
  * S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
  * S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
  * S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
  * S7055902, CVE-2011-3521: IIOP deserialization code execution
  * S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
  * S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
  * S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
  * S7077466, CVE-2011-3556: RMI DGC server remote code execution
  * S7083012, CVE-2011-3557: RMI registry privileged code execution
  * S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
- Bug fixes
  - RH727195: Japanese font mappings are broken
- Backports
  - S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog

Thu Aug  4 08:46:55 UTC 2011 -

- update to 1.10.3
- Bug fixes
  * PR748: Icedtea6 fails to build with Linux 3.0.
  * PR744: icedtea6-1.10.2 : patching error
- Backports:
  * S7037283, RH712211: Null Pointer Exception in SwingUtilities2.
  * S6769607, PR677: Modal frame hangs for a while.
  * S6578583: Modality is broken in windows vista home premium from jdk1.7 b02 onwards.
  * S6610244: modal dialog closes with fatal error if -Xcheck:jni is set
- don't touch java and javac alternatives anymore

Tue Jun 14 09:23:00 UTC 2011 -

- fix build on 11.1/i586 distros
  * add icedtea6-replace-gcc-stack-marking.patch

Wed Jun  8 12:45:01 UTC 2011 -

- fix bnc#698739: icedtea6-1.10.2 released
- Security fixes
  * S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)
  * S6618658, CVE-2011-0865: Vulnerability in deserialization
  * S7012520, CVE-2011-0815: Heap overflow vulnerability in
  * S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
  * S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings
  * S7013971, CVE-2011-0869: Vulnerability in SAAJ
  * S7016340, CVE-2011-0870: Vulnerability in SAAJ
  * S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero
  * S7020198, CVE-2011-0871: ImageIcon creates Component with null acc
  * S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables
- Backports
  * S7043054: REGRESSION - wrong userBounds in Paint.createContext()
  * S7043963, RH698295: Window manager workaround in AWT was not applied to mutter. Now it is.
- add commented bouncycastle provider into allowing easy enable it from rpm
  requested by rgarrigue

Thu Jun  2 09:45:19 UTC 2011 -

- fix bnc#695858 - call update-ca-certificates in posttrans 

Thu Apr 14 12:37:43 UTC 2011 -

 - Fix the keystore handling
   * remove the default (32 bytes long) keystore, if installed
   * install symlinks in %posttrans, because older file not dissapear in post

Tue Apr  5 09:16:27 UTC 2011 -

- Update to icedtea6-1.10.1, openjdk b22, hotdpot 20b11
  see following links for more details
- Backports:
  * S7023591, S7027667: Clipped antialiased rectangles are filled, not drawn.
    Add missing privileged block around access to the sun.awt.nativedebug
  * S7032388, PR682: Make HotSpot work on machines without cmov instruction again
  * S7031385, PR680: Incorrect register allocation in orderAccess_linux_x86.inline.hpp
Bug fixes:
  * G356743: Support libpng 1.5.
  * RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors
  * PR600: HS19 upgrade broke CACAO build on ARM
  * PR616, PR99: Don’t statically link libstdc++ or libgcc
  * PR632: patches/security/20110215/6878713.patch breaks shark zero build
  * PR103: Usage of native2ascii during bootstrap
  * PR633: IcedTea installs javaws manpages on x86 even with –disable-webstart
  * PR635: zero fails to build on icedtea6 trunk 20110217 with hs20
  * PR586: Sources missing from
  * PR639: Add missing include line, paths and LLVM flags for Shark.
  * PR640: JamVM fails to build - Unrecognised option: -XX:ThreadStackSize.
  * PR641: Increase stack size for PPC
  * PR497: Mercurial revision detection not very reliable
  * PR585: Freenet throws java.lang.UnsatisfiedLinkError with OpenJDK/CACAO
- remove webstart and plugin, as they are now in separate icedtwa-web project
- fix bnc#596177 - generate java cacerts at runtime (enabled for openSUSE 11.3+)

Tue Mar 15 08:59:35 UTC 2011 -

- remove policytool from javac alternative

Thu Feb 24 13:01:52 UTC 2011 -

- fix bnc#671714 - VUL-0: java-1_6_0-openjdk: permissions assigned to applets
  with multiple JARs (icedtea6-1.9.7) 
- Security updates
  * S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
  * S6907662, CVE-2010-4465: Swing timer-based security manager bypass
  * S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation
  * S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
  * S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries
  * S6985453, CVE-2010-4471: Java2D font-related system property leak
  * S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
  * RH677332, CVE-2011-0706: Multiple signers privilege escalation
-  Bug fixes
  * RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken
  * G344659: Fix issue when building on SPARC
  * Fix latent JAXP bug caused by missing import
- fix bnc#670304 - VUL-1: java-1_6_0-openjdk: denial of service using floats
- Security updates
  * S4421494, CVE-2010-4476: infinite loop while parsing double literal
- patches changes:
  * obsoletes stack-protector patches (already upstreamed)
  * modified openjdk-6-src-b20-initialized-after.patch
  * modified openjdk-6-src-b20-no-werror.patch
  * openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch
  * add openjdk-6-src-b20-stringcompare.patch
  * add openjdk-ecj-6-src-b20-no-return-in-nonvoid-function.patch
  * add openjdk-6-src-b20-gcj-workaround.patch (11.2/x86_64 workaround)

Tue Feb  1 08:14:18 UTC 2011 -

- fix bnc#667313 - VUL-0: embargoed java icedtea issues
- Security updates
  * RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
- Backports
  * S6687968: PNGImageReader leaks native memory through an Inflater
  * S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk
  * S6782079: PNG: reading metadata may cause OOM on truncated images
- Fixes
  * PR619: Improper finalization by the plugin can crash the browser

Mon Jan 31 09:22:53 UTC 2011 -

- fix bmo#582130 - symbol clash between moonlight and icedtea plugin
  * icedtea6-1.9.4-moonlight-symbol-clash.patch
- mark a config

Mon Jan 17 15:25:21 UTC 2011 -

- fix bnc#664298 - VUL-0: java-1_6_0-openjdk: JNLPSecurityManager in some cases silently returns when a permission is denied
- Security updates:
  * RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
- Backports
      * S4356282: RFE: JDK should support OpenType/CFF fonts
      * S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
      * S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc
      * S6967436, RH597227: lines longer than 2^15 can fill window.
      * S6967433: dashed lines broken when using scaling transforms.
      * S6976265: No STROKE_CONTROL
      * S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
      * S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
- Fixes
  - S7003777, RH647674: JTextPane produces incorrect content after parsing the html text
- fix bnc#635365 - icedtea update broke java from firefox - bogus java path
  * icedtea6-1.9.4-realpath.patch use realpath to resolve the double symlinks

Tue Jan 11 14:58:17 UTC 2011 -

- Update to icedtea6-1.9.3
  * Re-enable compressed oops by default now 7002666 is fixed.
  * bakckport S7002666: Eclipse CDT projects crash with compressed oops
  * fix reapply ia64 fix from S6896043 which was reverted by S6953477
- fix bnc#635365 - icedtea update broke java from firefox - bogus java path
  * wrote a proposal readlink-recursive.patch
  * sent upstream -

Wed Dec  1 14:23:09 UTC 2010 -

- update to icedtea6-1.9.2 (bnc#656742)
- Latest security updates and hardening patches:
  * RH645843, CVE-2010-3860: IcedTea System property information leak via public static
- Upgrade to latest revision of hs19 (b09).
- Allow the building of NetX to be disabled.
- Backports
  * S6622432: RFE: Performance improvements to java.math.BigDecimal
  * S6850606: Regression from JDK 1.6.0_12
  * S6876282: BigDecimal’s divide(BigDecimal bd, RoundingFormat r) produces incorrect result
  * S6991430, PR579: Zero PowerPC fix.
  * S6703377: freetype: glyph vector outline is not translated correctly
  * S6853592: VM test nsk.regression.b4261880 fails with “X Error of failed request: BadWindow” inconsistently.
- Bug fixes
  * RH647737: Disable compressed oops in hs19 to avoid Eclipse failures.
  * RH643674: Update fontconfig files for Fedora 11, 12, 13 and 14.
- NetX
  * Do not prompt user multiple times for the same certificate.
  * PR592: NetX can create invalid desktop entry files

Fri Oct 22 11:03:01 UTC 2010 -

- update to icedtea6-1.9.1 (bnc#642531)
- update to openjdk-6-b20
  * fixes listed on
- Latest security updates and hardening patches:
  * S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation
  * S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition
  * S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities
  * S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free
  * S6938813, CVE-2010-3557: OpenJDK Swing mutable static
  * S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak
  * S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability
  * S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution
  * S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution
  * S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies
  * S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage
  * S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host
  * S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting)
  * S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code
  * S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection
  * S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts
  * S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection
  * S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
  * (See:
 - IcedTeaPlugin:
  * PR519: 100% CPU usage when displaying applets in Webkit based browsers
  * Classes are no longer added to rt.jar, but to plugin.jar
 - NetX:
  * New man page for javaws
  * Classes are no longer added to rt.jar, but to netx.jar
 - bug fixes and backports
   * S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes
   * S6638712: Inference with wildcard types causes selection of inapplicable method
   * S6650759: Inference of formal type parameter (unused in formal parameters) is not performed
   * S6623943: javax.swing.TimerQueue’s thread occasionally fails to start
   * RH633510: OpenJDK should use NUMA even if glibc doesn’t provide it
 - misc:
   * VisualVM support removed; now available in its own package at
   * A separate build directory is now used for the OpenJDK build: (stage 1) and (stage 2)
 - fix bnc#637224 - delta RPM for java-1_6_0-openjdk patch does not match installed data
   * mark fontconfig and much more files as config noreplace
 - fix bnc#648260 - update-alternatives: error: alternative pack200 can't be slave of java: it is a slave of javac
   * move *pack200* from JRE to SDK
   * add workaround into post removing the *pack* slaves from java alternative
 - few more filters of rpmlint warnings
 - Patches changes:
   * openjdk-6-src-b16-lcms.patch - already included in b20
   * openjdk-6-src-b17-enumeration-value.patch - already included in b20
   * openjdk-6-src-b17-no-multiline-comments.patch - refresh for b20
   * openjdk-6-src-b17-suggest-parentheses.patch - refresh for b20
   * openjdk-6-src-b17-initialized-after.patch - refresh for b20
   * openjdk-6-src-b20-defined-but-not-used.patch - new warn fix
   * openjdk-6-src-b20-may-be-used-uninitialized.patch - new fix 2
   * openjdk-6-src-b20-array-subscript-has-type-char.patch - new fix 3
   * openjdk-6-src-b20-no-werror.patch - remove -Werror from more locations than before
   * use quilt for applying of SUSE patches -> 2 new BR quilt and vim

Wed Jul 28 12:08:30 UTC 2010 -

- update to icedtea6-1.8.1 (bnc#623905)
- update to openjdk-6-b18
- Latest security updates and hardening patches:
   * (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299)
   * (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
   * (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
   * (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)
   * (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
   * (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)
   * (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)
   * (CVE-2010-0088): Inflater/Deflater clone issues (6745393)
   * (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
   * (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
   * (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
   * (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
   * (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
   * (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
   * (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)
   * (CVE-2009-3555): TLS: MITM attacks via session renegotiation
- IcedTeaNPPlugin.
  * RH524387: RSA premaster secret error
  * Set context classloader for all threads in an applet's threadgroup
  * PR436: Close all applet threads on exit
  * PR480: NPPlugin with NoScript extension.
  * PR488: Question mark changing into underscore in URL.
  * RH592553: Fix bug causing 100% CPU usage.
  * Don't generate a random pointer from a pthread_t in the debug output.
  * Add ForbiddenTargetException for legacy support.
  * Use variadic macro for plugin debug message printing.
  * Don't link the plugin with libxul libraries.
  * Fix race conditions in plugin initialization code that were causing hangs.
  * RH506730: BankID (Norwegian common online banking authentication system) applet fails to load.
  * Fix policy evaluation to match the proprietary JDK.
  * PR491: pass java_{code,codebase,archive} parameters to Java.
  * Adds javawebstart.version property and give user permission to read that property.
  * Old plugin removed; NPPlugin is now the default and is controlled by
    --enable/disable-plugin.  As with the old plugin, it produces a library rather than
   * Dependence on the binary plugs mechanism removed.  The plugin and NetX
     code is now imported into the JDK build in the same manner as langtools,
   * Fix for plugin buffer overflow:
- NetX:
  * Fix security flaw in NetX that allows arbitrary unsigned apps to set
    any java property.
  * Fix a flaw that allows unsigned code to access any file on the
    machine (accessible to the user) and write to it.
  * Make path sanitization consistent; use a blacklisting approach.
  * Make the SingleInstanceServer thread a daemon thread.
  * Handle JNLP files which use native libraries but do not indicate it
  * Allow JNLP classloaders to share native libraries
  * Added encoding support
- bug fixes
   * Nimbus Look 'n' Feel backported from OpenJDK7.
   * JAXP and JAXWS now external dependencies rather than being in-tree.
   * 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
   * 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
   * 6910590: Application can modify command array in ProcessBuilder
   * 6909597: JPEGImageReader stepX Integer Overflow Vulnerability
   * 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
   * 6678385: Fixes jvm crashes when window is resized.
   * Produces the "expected" behavior for full screen applications, when
     running the Metacity window manager.
   * Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code
   * Zero/Shark
   * Shark is now able to build itself.
   * For ARM, add Thumb2 JIT.
   * Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7.
   * others
   * Eliminate spurious exception throwing when using PulseAudio
   * PR shark/483: Fix miscompilation of sun.misc.Unsafe::getByte.
   * PR PR icedtea/324, icedtea/481: Fix Shark VM crash.
   * Fix Zero build on Hitachi SH.
   * PR476: Enable building SystemTap support on GCC 4.5.
- disabled systemtap support on openSUSE 11.2, as it requires more recent version
- require xulrunner191 on 11.1 too

Thu May 20 07:06:08 UTC 2010 -

- Change the policytool.desktop category to Utilities 

Wed May 19 16:36:01 CEST 2010 -

- set locale to utf-8 variant to fix build
  (broke when going over certificates with utf-8 filenames) 

Thu May 13 08:56:07 UTC 2010 -

- fix bnc#603316: openjdk run out of file descriptors
  * add openjdk-6-src-b17-stack-protector-fclose.patch
  add the missing fclose to the stack-protector patch

Wed Apr 28 07:39:19 UTC 2010 -

- fixes ppc build
  * enable nio2 only for ix86 and x86_64
  * refresh openjdk-6-src-b17-no-return-in-nonvoid-function-ppc.patch
- ignore old libopenssl on 11.3+
- use patch -i, instead of shell redirection

Mon Apr 12 10:21:04 UTC 2010 -

- update to icedtea6-1.7.3 (bnc#594415)
- security and hardending  
    * (CVE-2010-0837): JAR “unpack200″ must verify input parameters (6902299)
    * (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807
    * (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
    * (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)
    * (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
    * (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)
    * (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)
    * (CVE-2010-0088): Inflater/Deflater clone issues (6745393)
    * (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
    * (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
    * (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
    * (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
    * (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
    * (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
    * (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)
    * (CVE-2009-3555): TLS: MITM attacks via session renegotiation
    * 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
    * 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
    * 6910590: Application can modify command array in ProcessBuilder
    * 6909597: JPEGImageReader stepX Integer Overflow Vulnerability
    * 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
- Bug fixes: 
    * Backport of 6822370: ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock
    * Increase ThreadStackSize by 512kb on 32-bit Zero platforms
    * Check cacerts database is valid
    * Fix for plugin buffer overflow: Mozilla bug 555342
    * Fix issue with ant -diagnostics on ant 1.8.0 due to changed exit code

Thu Mar 18 07:21:43 UTC 2010 -

- fix bnc#589021 - Better protect java stack 
  * openjdk-6-src-b17-stack-protector.patch

Thu Mar  4 08:50:07 UTC 2010 -

- Updates:
  * icedtea6-1.7 
  * openjdk6 b17 14_oct_2009
- Enabled NPPlugin - fix [bnc#582206]
- patches changes:
  * obsolete java-1.6.0-openjdk-sparc-fixes.patch
  * obsolete java-1.6.0-openjdk-sparc-hotspot.patch
  * obsolete icedtea6-1.6-npplugin-xulrunner191.patch
  * obsolete icedtea6-1.6-no-return-in-nonvoid-function.patch
  * obsolete icedtea6-ecc-support-b387a64caa08.patch
  * add a lot of patches fixes a build of openjdk6 with gcc4.5 using
    -Werror -Wall
  * openjdk-6-src-b17-no-werror.patch (suppress the errors in autogenerated
  * icedtea6-1.7-no-return-in-non-void.patch
- move the noarch content to %%{_datadir}/ and create symlinks in usual
- move demo/jvmti to the -devel package as it contains so files
- enable the --short-circuit in %%install section
- new alternatives - policytool and policytool.1.gz

Tue Feb  9 14:09:35 UTC 2010 -

- enable noarch subpackages

Mon Nov 23 11:16:34 UTC 2009 -

- Removed openjdk-6-src-b14-confluence-crash.patch from source dir

Tue Nov 10 13:38:20 UTC 2009 -

- Fixed bnc#554069 - VUL-0: Icedtea6 1.6.2 released
  * a lot of security patches in icedtea6-1.6.2
  * Improved jar performance,
- Obsoleted java-1.6.0-openjdk-makefile.patch

Wed Oct 14 11:29:03 UTC 2009 -

- Fixed bnc#546468: openjdk fails on certificate creation
  applied upstream patch icedtea6-ecc-support-b387a64caa08.patch
- Moved back from npplugin, as its not mature

Thu Oct  8 14:26:40 UTC 2009 -

- Use 1.6.0 instead of javamajver macro to supress percent in provides error. 

Tue Sep 29 07:22:16 UTC 2009 -

- fixed bnc#542545: added 32/64bit specific provides to be compatible with
  other JVM and

Thu Sep 10 13:23:08 UTC 2009 -

- Updates:
  * icedtea6-1.6 - fixes bnc#537969
  * hospot 09f7962b8b44
- patches changes:
  * added icedtea6-1.6-npplugin-xulrunner191.patch
  * added java-1.6.0-openjdk-sparc-fixes.patch (from Fedora)
  * added java-1.6.0-openjdk-sparc-hotspot.patch (from Fedora)
  * added icedtea6-1.6-no-return-in-nonvoid-function.patch
    (allows build on 11.1)
  * regenerated java-1.6.0-openjdk-java-access-bridge-security.patch
  * regenerated java-1.6.0-openjdk-makefile.patch
  * removed icedtead6-1.5-npplugin-xulrunner191.patch
  * removed java-1.6.0-openjdk-execvpe.patch
  * removed java-1.6.0-openjdk-netx.patch

Wed Aug 19 09:51:22 UTC 2009 -

- Fixed bnc#530046 - jmap fails: NoSuchSymbolException: Could not find symbol
  keep non debug symbols in

Tue Aug 11 13:46:29 UTC 2009 -

- Updates:
  * icedtea6-1.5.1 contains a lot of security fixes from Sun JDK6u15
  This includes fixes for:
  * bnc#524505: Vulnerability in OpenJDK/NetX
  * bnc#514421: XML Signature weakness (HMAC truncation)
- Fixed bnc#521512: lcms pointer dereference
- Dropped some s390 patches, because they was obsoleted and not used
- Fixed bnc#525097 - openjdk installs dead .desktop files
  * now removed *.desktop from %%files of openjdk

Wed Jul 29 13:28:38 CEST 2009 -

- Updates:
  * icedtea-1.5
  * visualvm-111
  * hotspot 25a020f13592
- Fixed bnc#525097 - openjdk installs dead .desktop files
- Remove archsuffix usage
- patches changes:
  * added java-1.6.0-openjdk-accessible-toolkit.patch
  * added java-1.6.0-openjdk-netx.patch
  * added java-1.6.0-openjdk-execvpe.patch
  * added icedtead6-1.5-nppplugin-xulrunner191.patch
  * removed openjdk-6-src-b14-confluence-crash.patch
  * refreshed java-1.6.0-openjdk-makefile.patch
- new features and fixes:
  * Fixed security handling to prevent access denials when there is a site
    specific exception in the policy file
  * Allow extentions (chrome) to run Java code with full permissions
  * Added non-trusted SSL support to WebStart (javaws)
  * Added proxy support
  * Other improvements that were breaking specific sites (tag parser fix,
   nested jar support, etc.)
  * Added JVM Console (used by
  * Many gervill, java2d, nio2, pulse java, zero/shark, jtreg fixes.
  * New IcedTeaNPPlugin

Thu Jun 11 11:12:19 CEST 2009 -

- Merged fontfonfig for openjdk and Sun:
    * Use Sazanami Mincho for monospaced fonts
    * Added AWT X11 font paths

Mon May 25 15:33:03 CEST 2009 -

- Enabled systemtap only for jit architectures only
- Refreshed non-return-in-non-void ppc patch

Fri May 15 14:37:13 CEST 2009 -

- 'used systemtap-sdt-devel (see bnc#503088)'

Thu May 14 09:21:59 CEST 2009 -

- Change version system for openjdk, now it uses a 
- Enabled systemtap support
- Moved jpackage macro definitions upper in spec

Wed May 13 14:23:59 CEST 2009 -

- updates:
  * openjdk b16 
  * icedtea snapshot cc658d9f4a64
  * hotspot snapshot fc6a5ae3fef5
- new features:
  * systemtap support (not yet enabled in SUSE)
  * removed gcjwebplugin
  * fixed lcms breakage
  * fixes in JNLP runtime
  * various improvements in support of third party VMs (shark, cacao, zero)
- patches changes:
  * removed obsoleted pulseaudio patch
  * added openjdk-6-src-b16-no-return-in-nonvoid-function.patch
- enabled tests
- build using xulrunner 1.9.1 on 11.2

Tue Apr 21 14:09:55 CEST 2009 -

- fixed bnc#496378: openjdk has an empty keystore 

Tue Apr 14 14:05:29 CEST 2009 -

- fixed bnc#493146: pulse-java integer overflow

Tue Apr  7 16:54:34 CEST 2009 -

- fixed bnc#492555: tomcat6 and confluence causes a JVM crash

Fri Apr  3 13:29:09 CEST 2009 -

- icedtea 1.4.1:
  - Fixed version string: Set PRODUCT_NAME to OpenJDK, unless doing a CACAO
    build (set to IcedTea).
  - Plugin fixes: icedtead bug#264. 
  - Re-implemented visualvm.

Mon Mar  2 09:55:53 CET 2009 -

- fixed ppc/ppc64 build bnc#471829 comment#28
  - added openjdk-6-src-b14-no-return-in-nonvoid-function-ppc.patch

Mon Feb  9 11:28:24 CET 2009 -

- updates:
  * openjdk b14 (25_nov_2008)
  * icedtea 1.4 (-e34ba0ba2281)
- new features:
  * IcedTeaPlugin is now default
  * PulseAudio integration
  * hotspot from jdk7
- new files included:
  * visualvm
  * jdk7 hotspot (-f9d938ede196)
  * mauve tests (but not used it)
- patches changes:
  * added two new java access bridge patches (Fedora)
  * fix a no-return-in-nonvoid-function.patch (sened to icedtea)
  * obsoleted icedtea-jhat patch
  * obsoleted openjdk execstack
- moved back to bz2 archives
- removed a policy archives
- used a %%{javaver} in top level dir (bnc#465624)
- moved to the plugin alternative naming as a sun JVM has
  ( --> javaplugin)
- added a documentation howto get a current source
- moved the cacert generation to %%build section
- clean up a %%prep (thanks to bz2 and cacerts move)
- clean up the build process
- add a blank line to %%install for better readability
- install icons
- carefull usage of fdupes
- Added a which uses a Dejavu (bnc#438674)
- Fixed a desktop files installation
- Fixed build on %%ix86:
  - added a undefined-operation patch
  - added a no-return-in-nonvoid-function-ix86 patch
- Suppress some rpmlint warnings
- Fixed a duplicates in javadocs

Fri Nov 21 16:38:23 CET 2008 -

- update

Mon Nov  3 09:16:27 CET 2008 -

- Removed the explicit ulimit setup

Thu Oct 23 11:43:42 CEST 2008 -

- Fix of some signed applets related bugs:
  bnc#430401, bnc#436915, bnc#396451
  convert the certificates from openssl-certs package to standard
  Java Key store jre/lib/cacerts
- Added a missing rhino requires (provides a Java/Javascript support)
- Added a missing alternative symlink to javaws (Java Webstart)

Fri Sep  5 08:33:01 CEST 2008 -

- merged spec file upstream one (from for simpler
  maintenance in future
  - movement of some macro definitions on the begining of the spec file
  - added some missing macros (eg. icedteasnapshot and openjdkdate)
  - the sources are defined by these macros
  - changed the Group to Development/Languages/Java (from Libraries)
  - changed the URL to
  - removal of icedtea7 bootstrapping and leave the gcj and openjdk6 options
  - improved BuildRequires and Requires - one value per line (better diff
  - a new --with-openjdk-src-zip option to configure
- updates
  - openjdk - version from 10_jul_2008
  - icedtea - from b09 to b11
  - java access bridge - from 1.22 to 1.23
  - a new BuildRequire - rhino
- changes in patches
  - the java-1.6.0-openjdk-optflags.patch was improved (thanks to Mandriva)
  - regenerated java-1.6.0-openjdk-makefile.patch and
    java-1.6.0-openjdk-jhat.patch with movement into %prep
  - new java-1.6.0-openjdk-java-access-bridge-tck.patch (from upstream)
  - increase a numbers of SUSE specific patches
  - removed java-enum_cell.patch, because it was obsoleted by new version of
    source codes

Wed Jul 30 15:40:12 CEST 2008 -

- extend provides list jre1.4.x jre1.5.x jre1.6.x

Tue Jul 29 00:07:05 CEST 2008 -

- fix build on i386 again (from gcc bug#36917) 

Tue Jul 22 13:55:59 CEST 2008 -

- build with xml-commons-api-bootstrap (ant complains, still works)

Tue Jul 22 11:01:05 CEST 2008 -

- build with xerces-j2-bootstrap (misses jaxp_parser_impl, but
  ant still works)

Mon Jul 21 14:26:25 CEST 2008 -

- avoid buildcycle between xulrunner and openjdk

Thu Jul 17 19:11:11 CEST 2008 -

- use openjdk for bootstrap on ppc64 just as on ppc 
- added provides for jre1.3.x needed by fop

Tue May 20 18:45:03 CEST 2008 -

- Complete migration of %{_jvmjardir}/%{sdklnk} to symlink (#bnc 392494)
- un-lzma tarballs using lzma directly to support older rpmbuild's
- add checks for the amount of virtual memory available for build

Sat May 17 17:08:43 CEST 2008 -

- Do not package %{_jvmjardir}/%{sdklnk}.

Wed May 14 16:59:02 CEST 2008 -

- fix of [bnc#388578] - tomcat6 cannot get installed
  changed the definition of a %jvmjardir macro to %{_jvmjardir}/%{sdkdir}
- increased an update-alternatives priority
- added a new Requires to jpackage-utils

Fri May  9 09:42:33 CEST 2008 -

- Silence gcc warning about missing return value.

Fri May  9 07:17:42 CEST 2008 -

- remove not needed mercurial from BuildRequires to reduce 
  bootstrap loop

Wed Apr 30 09:25:30 CEST 2008 -

- switch to openjdk-bootstrap for all %ix86

Tue Apr 29 00:21:46 CEST 2008 -

- switch to openjdk-bootstrap for i386,ppc,x86_64 

Fri Apr 25 18:33:25 CEST 2008 -

- Fix build and add macros to make it easyer to build on SUSE 10.3

Tue Apr 22 18:21:38 CEST 2008 -

- Initial version based on java-1_7_0-icedtea, but it's a lot smaller
openSUSE Build Service is sponsored by