Mercurial > hg > release > icedtea7-2.3

changeset 2660:2ab5030e8099

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
List security fixes and other changes in u21 & u25. 2013-06-25 Andrew John Hughes <gnu.andrew@member.fsf.org> * NEWS: Add latest security fixes and other changes brought in when syncing with 7u25.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Tue, 25 Jun 2013 22:46:10 -0500
parents 7e0d2c785516
children fa6d934a26a4
files ChangeLog NEWS
diffstat 2 files changed, 202 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Jun 26 03:45:13 2013 +0100
+++ b/ChangeLog	Tue Jun 25 22:46:10 2013 -0500
@@ -1,3 +1,8 @@
+2013-06-25  Andrew John Hughes  <gnu.andrew@member.fsf.org>
+
+	* NEWS: Add latest security fixes and other
+	changes brought in when syncing with 7u25.
+
 2013-06-25  Andrew John Hughes  <gnu.andrew@member.fsf.org>
 
 	* Makefile.am:
--- a/NEWS	Wed Jun 26 03:45:13 2013 +0100
+++ b/NEWS	Tue Jun 25 22:46:10 2013 -0500
@@ -12,11 +12,208 @@
 
 New in release 2.3.10 (2013-06-XX):
 
+* Security fixes
+  - S6741606, CVE-2013-2407: Integrate Apache Santuario
+  - S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls
+  - S7170730, CVE-2013-2451: Improve Windows network stack support.
+  - S8000638, CVE-2013-2450: Improve deserialization
+  - S8000642, CVE-2013-2446: Better handling of objects for transportation
+  - S8001032: Restrict object access
+  - S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers
+  - S8001034, CVE-2013-1500: Memory management improvements
+  - S8001038, CVE-2013-2444: Resourcefully handle resources
+  - S8001043: Clarify definition restrictions
+  - S8001308: Update display of applet windows
+  - S8001309: Better handling of annotation interfaces
+  - S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
+  - S8001330, CVE-2013-2443: Improve on checking order
+  - S8003703, CVE-2013-2412: Update RMI connection dialog box
+  - S8004288, CVE-2013-2449: (fs) Files.probeContentType problems
+  - S8004584: Augment applet contextualization
+  - S8005007: Better glyph processing
+  - S8006328, CVE-2013-2448: Improve robustness of sound classes
+  - S8006611: Improve scripting
+  - S8007467: Improve robustness of JMX internal APIs
+  - S8007471: Improve MBean notifications
+  - S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes
+  - S8007925: Improve cmsStageAllocLabV2ToV4curves
+  - S8007926: Improve cmsPipelineDup
+  - S8007927: Improve cmsAllocProfileSequenceDescription
+  - S8007929: Improve CurvesAlloc
+  - S8008120, CVE-2013-2457: Improve JMX class checking
+  - S8008124, CVE-2013-2453: Better compliance testing
+  - S8008128: Better API coherence for JMX
+  - S8008132, CVE-2013-2456: Better serialization support
+  - S8008585: Better JMX data handling
+  - S8008593: Better URLClassLoader resource management
+  - S8008603: Improve provision of JMX providers
+  - S8008607: Better input checking in JMX
+  - S8008611: Better handling of annotations in JMX
+  - S8008615: Improve robustness of JMX internal APIs
+  - S8008623: Better handling of MBeanServers
+  - S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606
+  - S8008982: Adjust JMX for underlying interface changes
+  - S8009004: Better implementation of RMI connections
+  - S8009008: Better manage management-api
+  - S8009013: Better handling of T2K glyphs
+  - S8009034: Improve resulting notifications in JMX
+  - S8009038: Improve JMX notification support
+  - S8009057, CVE-2013-2448: Improve MIDI event handling
+  - S8009067: Improve storing keys in KeyStore
+  - S8009071, CVE-2013-2459: Improve shape handling
+  - S8009235: Improve handling of TSA data
+  - S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change
+  - S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields
+  - S8009654: Improve stability of cmsnamed
+  - S8010209, CVE-2013-2460: Better provision of factories
+  - S8011243, CVE-2013-2470: Improve ImagingLib
+  - S8011248, CVE-2013-2471: Better Component Rasters
+  - S8011253, CVE-2013-2472: Better Short Component Rasters
+  - S8011257, CVE-2013-2473: Better Byte Component Rasters
+  - S8012375, CVE-2013-1571: Improve Javadoc framing
+  - S8012421: Better positioning of PairPositioning
+  - S8012438, CVE-2013-2463: Better image validation
+  - S8012597, CVE-2013-2465: Better image channel verification
+  - S8012601, CVE-2013-2469: Better validation of image layouts
+  - S8014281, CVE-2013-2461: Better checking of XML signature
+  - S8015997: Additional improvement in Javadoc framing
 * New features
   - PR1378: Add AArch64 support to Zero
 * Bug fixes
   - PR1409: IcedTea 2.3.9 fails to build Zero due to -Werror
   - PR1410: Icedtea 2.3.9 fails to build using icedtea 1.12.4
+* Backports
+  - S6720349: (ch) Channels tests depending on hosts inside Sun
+  - S6736316: Timeout value in java/util/concurrent/locks/Lock/FlakyMutex.java is insufficient
+  - S6776144: java/lang/ThreadGroup/NullThreadName.java fails with Thread group is not destroyed ,fastdebug LINUX
+  - S6818464: TEST_BUG: java/util/Timer/KillThread.java failing intermittently
+  - S6860309: TEST_BUG: Insufficient sleep time in java/lang/Runtime/exec/StreamsSurviveDestroy.java
+  - S6948101: java/rmi/transport/pinLastArguments/PinLastArguments.java failing intermittently
+  - S6957683: test/java/util/concurrent/ThreadPoolExecutor/Custom.java failing
+  - S6963102: Testcase failures sun/tools/jstatd/jstatdExternalRegistry.sh and sun/tools/jstatd/jstatdDefaults.sh
+  - S6963841: java/util/concurrent/Phaser/Basic.java fails intermittently
+  - S6965150: TEST_BUG: java/nio/channels/AsynchronousSocketChannel/Basic.java takes too long
+  - S7030573: test/java/io/FileInputStream/LargeFileAvailable.java fails when there is insufficient disk space
+  - S7032247: java/net/InetAddress/GetLocalHostWithSM.java fails if hostname resolves to loopback address
+  - S7044870: java/nio/channels/DatagramChannel/SelectWhenRefused.java failed on SUSE Linux 10
+  - S7053526: Upgrade JDK 8 to use Little CMS 2.4
+  - S7054918: jdk_security1 test target cleanup
+  - S7055362: jdk_security2 test target cleanup
+  - S7055363: jdk_security3 test target cleanup
+  - S7072120: No mac os x support in several regression tests
+  - S7073295: TEST_BUG: test/java/lang/instrument/ManifestTest.sh causing havoc (win)
+  - S7076756: TEST_BUG: com/sun/jdi/BreakpointWithFullGC.sh fails to cleanup in Cygwin
+  - S7076791: closed/javax/swing/JColorChooser/Test6827032.java failed on windows
+  - S7077259: [TEST_BUG] [macosx] Test work correctly only when default L&F is Metal
+  - S7084033: TEST_BUG: test/java/lang/ThreadGroup/Stop.java fails intermittently
+  - S7089131: test/java/lang/invoke/InvokeGenericTest.java does not compile
+  - S7102106: TEST_BUG: sun/security/util/Oid/S11N.sh should be modified
+  - S7104161: test/sun/tools/jinfo/Basic.sh fails on Ubuntu
+  - S7104594: [macosx] Test closed/javax/swing/JFrame/4962534/bug4962534 expects Metal L&F by default
+  - S7105929: java/util/concurrent/FutureTask/BlockingTaskExecutor.java fails on solaris sparc
+  - S7124347: [macosx] "java.lang.InternalError: not implemented yet" on call Graphics2D.drawRenderedImage
+  - S7129800: [macosx] Regression test OverrideRedirectWindowActivationTest fails due to timing issue
+  - S7132247: java/rmi/registry/readTest/readTest.sh failing with Cygwin
+  - S7140868: TEST_BUG: jcmd tests need to use -XX:+UsePerfData
+  - S7142596: RMI JPRT tests are failing
+  - S7144833: sun/tools/jcmd/jcmd-Defaults.sh failing intermittently
+  - S7144861: speed up RMI activation tests
+  - S7147408: [macosx] Add autodelay to fix a regression test
+  - S7151434: java -jar -XX crashes java launcher
+  - S7152183: TEST_BUG: java/lang/ProcessBuilder/Basic.java failing intermittently [sol]
+  - S7152796: TEST_BUG: java/net/Socks/SocksV4Test.java does not terminate
+  - S7152856: TEST_BUG: sun/net/www/protocol/jar/B4957695.java failing on Windows
+  - S7154113: jcmd, jps and jstat tests failing when there are unknown Java processes on the system
+  - S7154114: jstat tests failing on non-english locales
+  - S7161759: TEST_BUG: java/awt/Frame/WindowDragTest/WindowDragTest.java fails to compile, should be modified
+  - S7162111: TEST_BUG: change tests run in headless mode [macosx]
+  - S7162385: TEST_BUG: sun/net/www/protocol/jar/B4957695.java failing again
+  - S7175775: Disable SA options in jinfo/Basic.java test until SA updated for new hash and String count/offset
+  - S7178649: TEST BUG: BadKdc3.java needs improvement to ignore the unlikely but possible timeout
+  - S7183203: ShortRSAKeynnn.sh tests intermittent failure
+  - S7183753: [TEST] Some colon in the diff for this test
+  - S7184943: fix failing test com/sun/jndi/rmi/registry/RegistryContext/UnbindIdempotent.java
+  - S7184946: fix failing test com/sun/jndi/rmi/registry/RegistryContext/ContextWithNullProperties.java
+  - S7185340: TEST_BUG: java/nio/channels/AsynchronousSocketChannel/Leaky.java failing intermittently [win]
+  - S7186111: fix bugs in java/rmi/activation/ActivationSystem/unregisterGroup/UnregisterGroup
+  - S7187882: TEST_BUG: java/rmi/activation/checkusage/CheckUsage.java fails intermittently
+  - S7193219: JComboBox serialization fails in JDK 1.7
+  - S7194032: update tests for upcoming changes for jtreg
+  - S7194035: update tests for upcoming changes for jtreg
+  - S7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout
+  - S7199637: TEST_BUG: add serialization tests to jdk7u problem list for macosx
+  - S8000817: Reinstate accidentally removed sleep() from ProcessBuilder/Basic.java
+  - S8001161: mac: EmbeddedFrame doesn't become active window
+  - S8001621: Update awk scripts that check output from jps/jcmd
+  - S8002070: Remove the stack search for a resource bundle for Logger to use
+  - S8002297: sun/net/www/protocol/http/StackTraceTest.java fails intermittently
+  - S8002313: TEST_BUG : jdk/test/java/security/Security/ClassLoaderDeadlock/ClassLoaderDeadlock.java should run in headless mode
+  - S8003597: TEST_BUG: Eliminate dependency on javaweb from closed net tests
+  - S8003982: new test javax/swing/AncestorNotifier/7193219/bug7193219.java failed on macosx
+  - S8004317: TestLibrary.getUnusedRandomPort() fails intermittently, but exception not reported
+  - S8004748: clean up @build tags in RMI tests
+  - S8004925: java/net/Socks/SocksV4Test.java failing on all platforms
+  - S8005290: remove -showversion from RMI test library subprocess mechanism
+  - S8005556: java/net/Socks/SocksV4Test.java is missing @run tag
+  - S8005646: TEST_BUG: java/rmi/activation/ActivationSystem/unregisterGroup/UnregisterGroup leaves process running
+  - S8005920: After pressing combination Windows Key and M key, the frame, the instruction and the dialog can't be minimized.
+  - S8005932: Java 7 on mac os x only provides text clipboard formats
+  - S8006120: Provide "Server JRE" for 7u train
+  - S8006417: JComboBox.showPopup(), hidePopup() fails in JRE 1.7 on OS X
+  - S8006534: CLONE - TestLibrary.getUnusedRandomPort() fails intermittently-doesn't retry enough times
+  - S8006536: [launcher]  removes trailing slashes on arguments
+  - S8006560: java/net/ipv6tests/B6521014.java fails intermittently
+  - S8006564: Test sun/security/util/Oid/S11N.sh fails with timeout on Linux 32-bit
+  - S8006669: sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh fails on mac
+  - S8007515: TEST_BUG: update ProblemList.txt and TEST.ROOT in jdk7u-dev to match jdk8
+  - S8007699: Move some tests from test/sun/security/provider/certpath/X509CertPath to closed repo
+  - S8008223: java/net/BindException/Test.java fails rarely
+  - S8008249: Sync ICU into JDK :
+  - S8008379: TEST_BUG: Fail automatically with java.lang.NullPointerException.
+  - S8008815: [TEST_BUG] Add back tests to the Problemlist files post the jdk7u -> 7u-cpu test sync up
+  - S8009165: Fix for 8008817 needs revision
+  - S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03
+  - S8009463: Regression test test\java\lang\Runtime\exec\ArgWithSpaceAndFinalBackslash.java failing.
+  - S8009530: ICU Kern table support broken
+  - S8009610: Blacklist certificate used with malware.
+  - S8009634: TEST_BUG: sun/misc/Version/Version.java handle 2 digit minor in VM version
+  - S8009750: javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java should run in other vm mode
+  - S8009987: (tz) Support tzdata2013b
+  - S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail
+  - S8009999: Test sun/tools/jcmd/jcmd-f.sh failing after JDK-8008820
+  - S8010009: [macosx] Unable type into online word games on MacOSX
+  - S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive
+  - S8010166: TEST_BUG: fix for 8009634 overlooks possible version strings (sun/misc/Version/Version.java)
+  - S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build
+  - S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
+  - S8010727: WLS fails to add a logger with "" in its own LogManager subclass instance
+  - S8010939: Deadlock in LogManager
+  - S8011139: (reflect) Revise checking in getEnclosingClass
+  - S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows
+  - S8011313: OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined
+  - S8011557: Improve reflection utility classes
+  - S8011695: [tck-red] Application can not be run, the Security Warning dialog is gray.
+  - S8011806: 7u25-b05 hotspot fastdebug build failure
+  - S8011896: Add check for invalid offset for new AccessControlContext isAuthorized field
+  - S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows
+  - S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05
+  - S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris
+  - S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21
+  - S8012330: [macosx] Sometimes the applet showing the modal dialog itself loses the ability to gain focus
+  - S8012453: (process) Runtime.exec(String) fails if command contains spaces [win]
+  - S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer
+  - S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07
+  - S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext()
+  - S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout
+  - S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup
+  - S8014205: Most of the Swing dialogs are blank on one win7 MUI
+  - S8014423: [macosx] The scrollbar's block increment performs incorrectly
+  - S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09
+  - S8014618: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
+  - S8014676: Java debugger may fail to run
+  - S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10
+  - S8014745: Provide a switch to allow stack walk search of resource bundle
+  - S8014968: OCSP and CRL connection timeout is set to four hours by default
 
 New in release 2.3.9 (2013-04-21):
 
@@ -174,7 +371,6 @@
   - S8000307: Jre7cert: focusgained does not get called for all focus req when do alt + tab
   - S8000822: Fork hs23.7 hsx from hs23.6 for jdk7u11 and reinitialize build number
   - S8001124: jdk7u ProblemList.txt updates (10/2012)
-  - S8001242: Improve RMI HTTP conformance
   - S8001808: Create a test for 8000327
   - S8001876: Create regtest for 8000283
   - S8002068: Build broken: corba code changes unable to use new JDK 7 classes
@@ -751,7 +947,6 @@
   - S6330863: vm/gc/InfiniteList.java fails intermittently due to timeout
   - S6351654: (tz) java.util.TimeZone.setDefault() should be controlled by a security manager
   - S6484965: G1: piggy-back liveness accounting phase on marking
-  - S6484982: G1: process references during evacuation pauses
   - S6505523: NullPointerException in BasicTreeUI when a node is removed by expansion listener
   - S6593758: RFE: Enhance GC ergonomics to dynamically choose ParallelGCThreads
   - S6636110: unaligned stackpointer leads to crash during deoptimization
@@ -770,7 +965,6 @@
   - S7005808: G1: re-enable ReduceInitialCardMarks for G1
   - S7009098: SA cannot open core files larger than 2GB on Linux 32-bit
   - S7010561: Tab text position with Synth based LaF is different to Java 5/6
-  - S7012206: ~20 tools tests failing due to -XX:-UsePerfData default in Java SE Embedded
   - S7013347: allow crypto functions to be called inline to enhance performance
   - S7017458: (cal) Multithreaded deserialization of Calendar leads to ClassCastException
   - S7021322: assert(object_end <= top()) failed: Object crosses promotion LAB boundary
@@ -1451,7 +1645,6 @@
   - S7043847: NTML impl of SaslServer throws UnsupportedOperationException from (un)wrap method
   - S7043987: 3/3 JVMTI FollowReferences is slow
   - S7044486: open jdk repos have files with incorrect copyright headers, which can end up in src bundles
-  - S7044738: Loop unroll optimization causes incorrect result
   - S7045232: G1: pool names are inconsistent with other collectors (don't have 'Space')
   - S7045330: G1: Simplify/fix the HeapRegionSeq class
   - S7045514: SPARC assembly code for JSR 292 ricochet frames