Mercurial > hg > release > icedtea7-2.5

changeset 2681:fb4939d4c208

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2.3.13 & 2.4.4 release notes. 2014-01-22 Andrew John Hughes <gnu.andrew@member.fsf.org> * NEWS: Add 2.3.13 & 2.4.4 release notes.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Wed, 22 Jan 2014 12:36:12 +0000
parents d41c1fc06514
children 8a3e31a0cd56
files ChangeLog NEWS
diffstat 2 files changed, 215 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Sat Jan 18 08:05:53 2014 +0000
+++ b/ChangeLog	Wed Jan 22 12:36:12 2014 +0000
@@ -1,3 +1,7 @@
+2014-01-22  Andrew John Hughes  <gnu.andrew@member.fsf.org>
+
+	* NEWS: Add 2.3.13 & 2.4.4 release notes.
+
 2014-01-17  Andrew John Hughes  <gnu.andrew@member.fsf.org>
 
 	* patches/boot/hotspot/default/jdk-dependency.patch:
--- a/NEWS	Sat Jan 18 08:05:53 2014 +0000
+++ b/NEWS	Wed Jan 22 12:36:12 2014 +0000
@@ -110,7 +110,6 @@
   - Fix implicit function declarations
   - PR1617: Include defs.make in vm.make so zeroshark.make is included
   - Add Shark definitions from 8003868
-  - D729448: 32-bit alignment on mips and mipsel
   - Drop compile_method argument removed in 7083786 from sharkCompiler.cpp
   - Remove binary files and unlicensed generated files
 * JamVM
@@ -125,6 +124,217 @@
   - Race condition in setting up imethod table
   - GC: Minor performance improvement
 
+New in release 2.4.4 (2014-01-14):
+
+* Security fixes
+  - S6727821: Enhance JAAS Configuration
+  - S7068126, CVE-2014-0373: Enhance SNMP statuses
+  - S8010935: Better XML handling
+  - S8011786, CVE-2014-0368: Better applet networking
+  - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list
+  - S8021271, CVE-2014-0408: Better buffering in ObjC code
+  - S8022904: Enhance JDBC Parsers
+  - S8022927: Input validation for byte/endian conversions
+  - S8022935: Enhance Apache resolver classes
+  - S8022945: Enhance JNDI implementation classes
+  - S8023057: Enhance start up image display
+  - S8023069, CVE-2014-0411: Enhance TLS connections
+  - S8023245, CVE-2014-0423: Enhance Beans decoding
+  - S8023301: Enhance generic classes
+  - S8023338: Update jarsigner to encourage timestamping
+  - S8023672: Enhance jar file validation
+  - S8024302: Clarify jar verifications
+  - S8024306, CVE-2014-0416: Enhance Subject consistency
+  - S8024530: Enhance font process resilience
+  - S8024867: Enhance logging start up
+  - S8025014: Enhance Security Policy
+  - S8025018, CVE-2014-0376: Enhance JAX-P set up
+  - S8025026, CVE-2013-5878: Enhance canonicalization
+  - S8025034, CVE-2013-5907: Improve layout lookups
+  - S8025448: Enhance listening events
+  - S8025758, CVE-2014-0422: Enhance Naming management
+  - S8025767, CVE-2014-0428: Enhance IIOP Streams
+  - S8026172: Enhance UI Management
+  - S8026176: Enhance document printing
+  - S8026193, CVE-2013-5884: Enhance CORBA stub factories
+  - S8026204: Enhance auth login contexts
+  - S8026417, CVE-2013-5910: Enhance XML canonicalization
+  - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms
+  - S8027201, CVE-2014-0376: Enhance JAX-P set up
+  - S8029507, CVE-2013-5893: Enhance JVM method processing
+  - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains
+* Backports
+  - S8025255: (tz) Support tzdata2013g
+  - S8026826: JDK 7 fix for 8010935 broke the build
+* Bug fixes
+  - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds
+  - D729448: 32-bit alignment on mips and mipsel
+  - PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6
+  - Remove binary files and unlicensed generated files
+
+New in release 2.3.13 (2014-01-14):
+
+* Security fixes
+  - S6727821: Enhance JAAS Configuration
+  - S7068126, CVE-2014-0373: Enhance SNMP statuses
+  - S8006900, CVE-2013-3829: Add new date/time capability
+  - S8008589: Better MBean permission validation
+  - S8010935: Better XML handling
+  - S8011071, CVE-2013-5780: Better crypto provider handling
+  - S8011081, CVE-2013-5772: Improve jhat
+  - S8011157, CVE-2013-5814: Improve CORBA portablility
+  - S8011786, CVE-2014-0368: Better applet networking
+  - S8012071, CVE-2013-5790: Better Building of Beans
+  - S8012147: Improve tool support
+  - S8012277: CVE-2013-5849: Improve AWT DataFlavor
+  - S8012425, CVE-2013-5802: Transform TransformerFactory
+  - S8013503, CVE-2013-5851: Improve stream factories
+  - S8013506: Better Pack200 data handling
+  - S8013510, CVE-2013-5809: Augment image writing code
+  - S8013514: Improve stability of cmap class
+  - S8013739, CVE-2013-5817: Better LDAP resource management
+  - S8013744, CVE-2013-5783: Better tabling for AWT
+  - S8014085: Better serialization support in JMX classes
+  - S8014093, CVE-2013-5782: Improve parsing of images
+  - S8014098: Better profile validation
+  - S8014102, CVE-2013-5778: Improve image conversion
+  - S8014341, CVE-2013-5803: Better service from Kerberos servers
+  - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations
+  - S8014530, CVE-2013-5825: Better digital signature processing
+  - S8014534: Better profiling support
+  - S8014987, CVE-2013-5842: Augment serialization handling
+  - S8015614: Update build settings
+  - S8015731: Subject java.security.auth.subject to improvements
+  - S8015743, CVE-2013-5774: Address internet addresses
+  - S8016256: Make finalization final
+  - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names
+  - S8016675, CVE-2013-5797: Make Javadoc pages more robust
+  - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
+  - S8017287, CVE-2013-5829: Better resource disposal
+  - S8017291, CVE-2013-5830: Cast Proxies Aside
+  - S8017298, CVE-2013-4002: Better XML support
+  - S8017300, CVE-2013-5784: Improve Interface Implementation
+  - S8017505, CVE-2013-5820: Better Client Service
+  - S8019292: Better Attribute Value Exceptions
+  - S8019617: Better view of objects
+  - S8020293: JVM crash
+  - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list
+  - S8021271, CVE-2014-0408: Better buffering in ObjC code
+  - S8021275, CVE-2013-5805: Better screening for ScreenMenu
+  - S8021282, CVE-2013-5806: Better recycling of object instances
+  - S8021286: Improve MacOS resourcing
+  - S8021290, CVE-2013-5823: Better signature validation
+  - S8022904: Enhance JDBC Parsers
+  - S8022927: Input validation for byte/endian conversions
+  - S8022931, CVE-2013-5800: Enhance Kerberos exceptions
+  - S8022935: Enhance Apache resolver classes
+  - S8022940: Enhance CORBA translations
+  - S8022945: Enhance JNDI implementation classes
+  - S8023057: Enhance start up image display
+  - S8023069, CVE-2014-0411: Enhance TLS connections
+  - S8023245, CVE-2014-0423: Enhance Beans decoding
+  - S8023301: Enhance generic classes
+  - S8023338: Update jarsigner to encourage timestamping
+  - S8023672: Enhance jar file validation
+  - S8023683: Enhance class file parsing
+  - S8024302: Clarify jar verifications
+  - S8024306, CVE-2014-0416: Enhance Subject consistency
+  - S8024530: Enhance font process resilience
+  - S8024867: Enhance logging start up
+  - S8025014: Enhance Security Policy
+  - S8025018, CVE-2014-0376: Enhance JAX-P set up
+  - S8025026, CVE-2013-5878: Enhance canonicalization
+  - S8025034, CVE-2013-5907: Improve layout lookups
+  - S8025448: Enhance listening events
+  - S8025758, CVE-2014-0422: Enhance Naming management
+  - S8025767, CVE-2014-0428: Enhance IIOP Streams
+  - S8026172: Enhance UI Management
+  - S8026176: Enhance document printing
+  - S8026193, CVE-2013-5884: Enhance CORBA stub factories
+  - S8026204: Enhance auth login contexts
+  - S8026417, CVE-2013-5910: Enhance XML canonicalization
+  - S8027201, CVE-2014-0376: Enhance JAX-P set up
+* Backports
+  - S6614237: missing codepage Cp290 at java runtime
+  - S7149012: jarsigner needs not warn about cert expiration if the jar has a TSA timestamp
+  - S7167593: Changed get_source.sh to allow for getting full oracle jdk repo forest
+  - S7167976: Fix broken get_source.sh script
+  - S7170091: Fix missing wait between repo cloning in hgforest.sh
+  - S7173959: Jvm crashed during coherence exabus (tmb) testing
+  - S7182152: Instrumentation hot swap test incorrect monitor count
+  - S7184406: Adjust get_source/hgforest script to allow for trailing // characters
+  - S7192449: fix up tests to accommodate jtreg spec change
+  - S7192744: fix up tests to accommodate jtreg spec change
+  - S7196533: TimeZone.getDefault() slow due to synchronization bottleneck
+  - S8000450: Restrict access to com/sun/corba/se/impl package
+  - S8003992: File and other classes in java.io do not handle embedded nulls properly
+  - S8004391: Bug fix in jtreg causes test failures in pre jdk 8 langtools tests
+  - S8005194: [parfait] #353 sun/awt/image/jpeg/imageioJPEG.c Memory leak of pointer 'scale' allocated with calloc()
+  - S8009399: Bump the hsx build number for APRIL CPU
+  - S8011806: 7u25-b05 hotspot fastdebug build failure
+  - S8013827: File.createTempFile hangs with temp file starting with 'com1.4'
+  - S8014312: Fork hs23.25 hsx from hs23.21 for jdk7u25 and reinitialize build number
+  - S8014469: (tz) Support tzdata2013c
+  - S8014925: Disable sun.reflect.Reflection.getCallerClass(int) with a temporary switch to re-enable it
+  - S8015144: Performance regression in ICU OpenType Layout library
+  - S8015614: Update build settings
+  - S8015965: (process) Typo in name of property to allow ambiguous commands
+  - S8015978: Incorrect transformation of XPath expression "string(-0)"
+  - S8015998: Additional improvement in Javadoc framing
+  - S8016256: Make finalization final
+  - S8016357: Update hotspot diagnostic class
+  - S8016814: sun.reflect.Reflection.getCallerClass returns the frame off by 1
+  - S8017566: Backout 8000450 - Cannot access to com.sun.corba.se.impl.orb.ORBImpl
+  - S8019584: javax/management/remote/mandatory/loading/MissingClassTest.java failed in nightly against jdk7u45: java.io.InvalidObjectException: Invalid notification: null
+  - S8019969: nioNetworkChannelInet6/SetOptionGetOptionTestInet6 test case crashes
+  - S8019979: Replace CheckPackageAccess test with better one from closed repo
+  - S8020054: (tz) Support tzdata2013d
+  - S8020085: Linux ARM build failure for 7u45
+  - S8020943: Memory leak when GCNotifier uses create_from_platform_dependent_str()
+  - S8020983: OutOfMemoryError caused by non garbage collected JPEGImageWriter Instances
+  - S8021355: REGRESSION: Five closed/java/awt/SplashScreen tests fail since 7u45 b01 on Linux, Solaris
+  - S8021360: object not exported" on start of JMXConnectorServer for RMI-IIOP protocol with security manager
+  - S8021366: java_util/Properties/PropertiesWithOtherEncodings fails during 7u45 nightly testing
+  - S8021577: JCK test api/javax_management/jmx_serial/modelmbean/ModelMBeanNotificationInfo/serial/index.html#Input has failed since jdk 7u45 b01
+  - S8021933: Add extra check for fix # JDK-8014530
+  - S8021946: Disabling sun.reflect.Reflection.getCallerCaller(int) by default breaks several frameworks and libraries
+  - S8021969: The index_AccessAllowed jnlp can not load successfully with exception thrown in the log.
+  - S8022086: Fixing licence of newly added files
+  - S8022661: InetAddress.writeObject() performs flush() on object output stream
+  - S8022682: Supporting XOM
+  - S8022856: 7u45 l10n resource file translation update
+  - S8023457: Event based tracing framework needs a mutex for thread groups
+  - S8023478: Test fails with HS crash in GCNotifier.
+  - S8023771: when USER_RELEASE_SUFFIX is set in order to add a string to java -version, build number in the bundles names should not be changed to b00
+  - S8023964: java/io/IOException/LastErrorString.java should be @ignore-d
+  - S8024668: api/java_nio/charset/Charset/index.html#Methods JCK-runtime test fails with 7u45 b11
+  - S8024697: Fix for 8020983 causes Xcheck:jni warnings
+  - S8024863: X11: Support GNOME Shell as mutter
+  - S8023683: Enhance class file parsing
+  - S8024914: Swapped usage of idx_t and bm_word_t types in bitMap.inline.hpp
+  - S8025128: File.createTempFile fails if prefix is absolute path
+  - S8025170: jdk7u51 7u-1-prebuild is failing since 9/19
+  - S8026826: JDK 7 fix for 8010935 broke the build
+* Bug fixes
+  - Enable Zero when there is no HotSpot JIT and an alternate VM has not been explictly enabled.
+  - Add casts to fix build on S390
+  - Add -D_LITTLE_ENDIAN for AArch64.
+  - Add tests missing from 8014618 backport
+  - Cast should use same type as GCDrainStackTargetSize (uintx).
+  - Cleanup file resources properly in TimeZone_md.
+  - RH991170: Handle alternative Kerberos credential cache locations
+  - Fix Kerberos cache support to check for null, fallback on old path support and not hardcode the krb5 library.
+  - Only define _GNU_SOURCE if not already defined.
+  - Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds
+  - Fix merge issues caused by faulty AOT 8010118 patch.
+  - PR1400: Menu of maximized AWT window not working in Mate
+  - PR1551: Add build support for Zero AArch64
+  - PR1553: Add Debian AArch64 support
+  - PR1554: Fix build on Mac OS X
+  - RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors
+  - RH995488: Java thinks that the default timezone is Busingen instead of Zurich
+  - Set ZERO_BUILD in flags.make so it is set on rebuilds
+
 New in release 2.4.3 (2013-10-21):
 
 * Security fixes