# HG changeset patch # User Mark Wielaard # Date 1233142202 -3600 # Node ID 0527841d517016400e2745d8f3b5f85ad867acd9 # Parent 9101fe01989c6388465bfd926a1ed729e1e5f9f1 * NEWS: Updated for 1.4. diff -r 9101fe01989c -r 0527841d5170 ChangeLog --- a/ChangeLog Tue Jan 27 11:27:58 2009 +0000 +++ b/ChangeLog Wed Jan 28 12:30:02 2009 +0100 @@ -1,3 +1,7 @@ +2009-01-28 Mark Wielaard + + * NEWS: Updated for 1.4. + 2009-01-27 Andrew Haley * ports/hotspot/src/os_cpu/linux_zero/vm/orderAccess_linux_zero.inline.hpp: diff -r 9101fe01989c -r 0527841d5170 NEWS --- a/NEWS Tue Jan 27 11:27:58 2009 +0000 +++ b/NEWS Wed Jan 28 12:30:02 2009 +0100 @@ -1,10 +1,49 @@ New in release 1.4 (NOT_YET_RELEASED) -- Updated to b14 build. -- Upgraded to new Hotspot 14 from 12. +- Security fixes for: + CVE-2008-5360 - Temporary files have guessable file names. + CVE-2008-5350 - Allows to list files within the user home directory. + CVE-2008-5348 - Denial-Of-Service in kerberos authentication. + CVE-2008-5359 - Buffer overflow in image processing. + CVE-2008-5351 - UTF-8 decoder accepts non-shortest form sequences. + CVE-2008-5356 - Font processing vulnerability. + CVE-2008-5353 - Calendar object deserialization allows privilege escalation. + CVE-2008-5354 - Privilege escalation in command line applications. + CVE-2008-5357 - Truetype Font processing vulnerability. + CVE-2008-5352 - Jar200 Decompression buffer overflow. + CVE-2008-5358 - Buffer Overflow in GIF image processing. +- Updated to OpenJDK b14 build. +- Upgraded to new OpenJDK7 Hotspot 14. The old OpenJDK6 Hotspot 11 can + still be configured --with-hotspot-build=original but future versions + will drop support for the old version and only support HS14. Zero + and Shark have been forward ported to HS14 (from HS12). - XRender pipeline support: Java2D are noticably faster and running over a - remote X connection now feels like it is all local. -- Plugin now supports HTTPS sites. + remote X connection feels like it is all local. Build by default + (disable with --disable-xrender). Runtime enabled by running java + -Dsun.java2d.xrender=True (default is to use the old X renderer for now). +- IcedTeaPlugin now supports HTTPS sites and adds a user prompt for + untrusted https certificates. +- Use the ALSA 'default' device. Makes Java play nicer with PulseAudio. +- VisualVM integration has been removed. +- Gervill soft synthesizer integration updated to latest CVS version. +- Integrated jtreg upgraded to 4_0-src-b02-15_oct_2008. +- make check runs much faster now. jtreg -samevm support has been + integrated into the langtools and jdk subsystems. Please package the + test/jtreg-summary.log file with your distribution package so end users + can compare the test results. +- Shark (--enable-shark) should now work on 64 bit platforms, but is not + currently recommended for production use. +- Better support for bootstrapping with different jar programs + (supporting -J options). +- If --with-pkgversion isn't given the short mercurial rev node version + will be used. Package distributors are encouraged to build packages with + --with-pkgversion to uniquely identify their distribution version number + when java -version is run to help distribution specific bug reporting. +- Various freetype font, pisces renderer and awt X window size fixes + to fix visual anomalies. +- Build fixes for gcc 4.3 and 4.4-pre-release. +- Added support for building against a specific openjdk src dir + or hg revision (--with-openjdk-src-dir or --with-hg-revision). - Many other Plugin, Zero, Shark and PulseAudio bug fixes. - Build clean up.