Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1929
SUSE Security Updates: Security updates for
java-1_7_0-openjdk and java-1_8_0-openjdk
10 August 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: java-1_7_0-openjdk
java-1_8_0-openjdk
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Modify Arbitrary Files -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-3610 CVE-2016-3606 CVE-2016-3598
CVE-2016-3587 CVE-2016-3552 CVE-2016-3550
CVE-2016-3511 CVE-2016-3508 CVE-2016-3503
CVE-2016-3500 CVE-2016-3498 CVE-2016-3485
CVE-2016-3458
Reference: ASB-2016.0074
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1997-1
Rating: important
References: #982366 #984684 #988651 #989722 #989723 #989725
#989727 #989728 #989729 #989730 #989731 #989732
#989733 #989734
Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498
CVE-2016-3500 CVE-2016-3503 CVE-2016-3508
CVE-2016-3511 CVE-2016-3550 CVE-2016-3598
CVE-2016-3606 CVE-2016-3610
Affected Products:
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 11 vulnerabilities and has three
fixes is now available.
Description:
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.7 - OpenJDK 7u111
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)
- S8147771: Construction of static protection domains under Javax
custom policy
- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)
- S8149962, CVE-2016-3508: Better delineation of XML processing
(bsc#989731)
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
- S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
(bsc#989725)
- CVE-2016-3511 (bsc#989727)
- CVE-2016-3503 (bsc#989728)
- CVE-2016-3498 (bsc#989729)
* Import of OpenJDK 7 u111 build 0
- S6953295: Move few sun.security.{util, x509, pkcs} classes used by
keytool/jarsigner to another package
- S7060849: Eliminate pack200 build warnings
- S7064075: Security libraries don't build with javac
-Xlint:all,-deprecation -Werror
- S7069870: Parts of the JDK erroneously rely on generic array
initializers with diamond
- S7102686: Restructure timestamp code so that jars and modules can
more easily share the same code
- S7105780: Add SSLSocket client/SSLEngine server to templates
directory
- S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom
instances when timestamping is not done
- S7152582: PKCS11 tests should use the NSS libraries available in the
OS
- S7192202: Make sure keytool prints both unknown and unparseable
extensions
- S7194449: String resources for Key Tool and Policy Tool should be in
their respective packages
- S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found
- S7200682: TEST_BUG: keytool/autotest.sh still has problems with
libsoftokn.so
- S8002306: (se) Selector.open fails if invoked with thread interrupt
status set [win]
- S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as
defined in RFC3161
- S8019341: Update CookieHttpsClientTest to use the newer framework.
- S8022228: Intermittent test failures in
sun/security/ssl/javax/net/ssl/NewAPIs
- S8022439: Fix lint warnings in sun.security.ec
- S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil
- S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently
- S8036612: [parfait] JNI exception pending in
jdk/src/windows/native/sun/security/mscapi/security.cpp
- S8037557: test SessionCacheSizeTests.java timeout
- S8038837: Add support to jarsigner for specifying timestamp hash
algorithm
- S8079410: Hotspot version to share the same update and build version
from JDK
- S8130735: javax.swing.TimerQueue: timer fires late when another
timer starts
- S8139436: sun.security.mscapi.KeyStore might load incomplete data
- S8144313: Test SessionTimeOutTests can be timeout
- S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed
out
- S8146669: Test SessionTimeOutTests fails intermittently
- S8146993: Several javax/management/remote/mandatory regression tests
fail after JDK-8138811
- S8147857: [TEST] RMIConnector logs attribute names incorrectly
- S8151841, PR3098: Build needs additional flags to compile with GCC 6
- S8151876: (tz) Support tzdata2016d
- S8157077: 8u101 L10n resource file updates
- S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not
known.
* Import of OpenJDK 7 u111 build 1
- S7081817:
test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java f
ailing
- S8140344: add support for 3 digit update release numbers
- S8145017: Add support for 3 digit hotspot minor version numbers
- S8162344: The API changes made by CR 7064075 need to be reverted
* Backports
- S2178143, PR2958: JVM crashes if the number of bound CPUs changed
during runtime
- S4900206, PR3101: Include worst-case rounding tests for Math library
functions
- S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop
caret blink rate
- S6934604, PR3075: enable parts of EliminateAutoBox by default
- S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 &
b138-nightly
- S7051394, PR3020: NullPointerException when running regression tests
LoadProfileTest by using openjdk-7-b144
- S7086015, PR3013: fix
test/tools/javac/parser/netbeans/JavacParserTest.java
- S7119487, PR3013: JavacParserTest.java test fails on Windows
platforms
- S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY
apparently converts orange to 244,244,0
- S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced
for-loops
- S7175845, PR1437, RH1207129: 'jar uf' changes file permissions
unexpectedly
- S8005402, PR3020: Need to provide benchmarks for color management
- S8005530, PR3020: [lcms] Improve performance of ColorConverOp for
default destinations
- S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not
transferred from source to destination.
- S8013430, PR3020: REGRESSION:
closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fail
s with java.io.StreamCorruptedException: invalid type code: EE since
8b87
- S8014286, PR3075: failed java/lang/Math/DivModTests.java after
6934604 changes
- S8014959, PR3075: assert(Compile::current()->live_nodes() <
(uint)MaxNodeLimit) failed: Live Node limit exceeded limit
- S8019247, PR3075: SIGSEGV in compiled method
c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object
- S8024511, PR3020: Crash during color profile destruction
- S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm:
JNI exception pending
- S8026702, PR3020: Fix for 8025429 breaks jdk build on windows
- S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt
test suit
- S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with
ClassCastException
- S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling
JDK 1.4 code in JDK 8
- S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead
to the generation of illegal instructions (bsc#988651)
- S8159244, PR3075: Partially initialized string object created by
C2's string concat optimization may escape
* Bug fixes
- PR2799, RH1195203: Files are missing from resources.jar
- PR2900: Don't use WithSeed versions of NSS functions as they don't
fully process the seed
- PR3091: SystemTap is heavily confused by multiple JDKs
- PR3102: Extend 8022594 to AixPollPort
- PR3103: Handle case in clean-fonts where
linux.fontconfig.Gentoo.properties.old has not been created
- PR3111: Provide option to disable SystemTap tests
- PR3114: Don't assume system mime.types supports text/x-java-source
- PR3115: Add check for elliptic curve cryptography implementation
- PR3116: Add tests for Java debug info and source files
- PR3118: Path to agpl-3.0.txt not updated
- PR3119: Makefile handles cacerts as a symlink, but the configure
check doesn't
* AArch64 port
- S8148328, PR3100: aarch64: redundant lsr instructions in stub code.
- S8148783, PR3100: aarch64: SEGV running SpecJBB2013
- S8148948, PR3100: aarch64: generate_copy_longs calls align()
incorrectly
- S8150045, PR3100: arraycopy causes segfaults in SATB during garbage
collection
- S8154537, PR3100: AArch64: some integer rotate instructions are
never emitted
- S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in
wrong mode
- S8157906, PR3100: aarch64: some more integer rotate instructions are
never emitted
- Enable SunEC for SLE12 and Leap (bsc#982366)
- Fix aarch64 running with 48 bits va space (bsc#984684)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1186=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1186=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
java-1_7_0-openjdk-1.7.0.111-33.1
java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1
java-1_7_0-openjdk-debugsource-1.7.0.111-33.1
java-1_7_0-openjdk-demo-1.7.0.111-33.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-33.1
java-1_7_0-openjdk-devel-1.7.0.111-33.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-33.1
java-1_7_0-openjdk-headless-1.7.0.111-33.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
java-1_7_0-openjdk-1.7.0.111-33.1
java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1
java-1_7_0-openjdk-debugsource-1.7.0.111-33.1
java-1_7_0-openjdk-headless-1.7.0.111-33.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1
References:
https://www.suse.com/security/cve/CVE-2016-3458.html
https://www.suse.com/security/cve/CVE-2016-3485.html
https://www.suse.com/security/cve/CVE-2016-3498.html
https://www.suse.com/security/cve/CVE-2016-3500.html
https://www.suse.com/security/cve/CVE-2016-3503.html
https://www.suse.com/security/cve/CVE-2016-3508.html
https://www.suse.com/security/cve/CVE-2016-3511.html
https://www.suse.com/security/cve/CVE-2016-3550.html
https://www.suse.com/security/cve/CVE-2016-3598.html
https://www.suse.com/security/cve/CVE-2016-3606.html
https://www.suse.com/security/cve/CVE-2016-3610.html
https://bugzilla.suse.com/982366
https://bugzilla.suse.com/984684
https://bugzilla.suse.com/988651
https://bugzilla.suse.com/989722
https://bugzilla.suse.com/989723
https://bugzilla.suse.com/989725
https://bugzilla.suse.com/989727
https://bugzilla.suse.com/989728
https://bugzilla.suse.com/989729
https://bugzilla.suse.com/989730
https://bugzilla.suse.com/989731
https://bugzilla.suse.com/989732
https://bugzilla.suse.com/989733
https://bugzilla.suse.com/989734
- ---
SUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2012-1
Rating: important
References: #984684 #987895 #988651 #989721 #989722 #989723
#989725 #989726 #989727 #989728 #989729 #989730
#989731 #989732 #989733 #989734
Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498
CVE-2016-3500 CVE-2016-3503 CVE-2016-3508
CVE-2016-3511 CVE-2016-3550 CVE-2016-3552
CVE-2016-3587 CVE-2016-3598 CVE-2016-3606
CVE-2016-3610
Affected Products:
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 13 vulnerabilities and has three
fixes is now available.
Description:
This update for java-1_8_0-openjdk fixes the following issues:
- Upgrade to version jdk8u101 (icedtea 3.1.0)
- New in release 3.1.0 (2016-07-25):
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)
- S8146514: Enforce GCM limits
- S8147771: Construction of static protection domains under Javax
custom policy
- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)
- S8149070: Enforce update ordering
- S8149962, CVE-2016-3508: Better delineation of XML processing
(bsc#989731)
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
- S8153312: Constrain AppCDS behavior
- S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721)
- S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
(bsc#989725)
- CVE-2016-3552 (bsc#989726)
- CVE-2016-3511 (bsc#989727)
- CVE-2016-3503 (bsc#989728)
- CVE-2016-3498 (bsc#989729)
* New features
- S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3
on Linux
- PR2821: Support building OpenJDK with --disable-headful
- PR2931, G478960: Provide Infinality Support via fontconfig
- PR3079: Provide option to build Shenandoah on x86_64
* Import of OpenJDK 8 u92 build 14
- S6869327: Add new C2 flag to keep safepoints in counted loops.
- S8022865: [TESTBUG] Compressed Oops testing needs to be revised
- S8029630: Thread id should be displayed as a hex number in error
report
- S8029726: On OS X some dtrace probe names are mismatched with Solaris
- S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV
are not fired.
- S8029728: On OS X dtrace probes SetStaticBooleanField are not fired
- S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID
attribute value is empty String
- S8038349: Signing XML with DSA throws Exception when key is larger
than 1024 bits
- S8041501: ImageIO reader is not capable of reading JPEGs without
JFIF header
- S8041900: [macosx] Java forces the use of discrete GPU
- S8044363: Remove special build options for unpack200 executable
- S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for
hotspot ARCH
- S8046611: Build errors with gcc on sparc/fastdebug
- S8047763: Recognize sparc64 as a sparc platform
- S8048232: Fix for 8046471 breaks PPC64 build
- S8052396: Catch exceptions resulting from missing font cmap
- S8058563: InstanceKlass::_dependencies list isn't cleared from empty
nmethodBucket entries
- S8061624: [TESTBUG] Some tests cannot be ran under compact profiles
and therefore shall be excluded
- S8062901: Iterators is spelled incorrectly in the Javadoc for
Spliterator
- S8064330: Remove SHA224 from the default support list if SunMSCAPI
enabled
- S8065579: WB method to start G1 concurrent mark cycle should be
introduced
- S8065986: Compiler fails to NullPointerException when calling super
with Object<>()
- S8066974: Compiler doesn't infer method's generic type information
in lambda body
- S8067800: Clarify java.time.chrono.Chronology.isLeapYear for
out of range years
- S8068033: JNI exception pending in jdk/src/share/bin/java.c
- S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI
pending
- S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD
and/or OBSOLETE method(s) found
- S8068254: Method reference uses wrong qualifying type
- S8074696: Remote debugging session hangs for several minutes when
calling findBootType
- S8074935: jdk8 keytool doesn't validate pem files for RFC 1421
correctness, as jdk7 did
- S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java
relies on system locale
- S8080492: [Parfait] Uninitialised variable in
jdk/src/java/desktop/windows/native/libawt/
- S8080650: Enable stubs to use frame pointers correctly
- S8122944: perfdata used is seen as too high on sparc zone with
jdk1.9 and causes a test failure
- S8129348: Debugger hangs in trace mode with TRACE_SENDS
- S8129847: Compiling methods generated by Nashorn triggers high
memory usage in C2
- S8130506: javac AssertionError when invoking MethodHandle.invoke
with lambda parameter
- S8130910: hsperfdata file is created in wrong directory and not
cleaned up if /tmp/hsperfdata_<username> has wrong permissions
- S8131129: Attempt to define a duplicate BMH$Species class
- S8131665: Bad exception message in HandshakeHash.getFinishedHash
- S8131782: C1 Class.cast optimization breaks when Class is loaded
from static final
- S8132503: [macosx] Chinese full stop symbol cannot be entered with
Pinyin IM on OS X
- S8133207: ParallelProbes.java test fails after changes for
JDK-8080115
- S8133924: NPE may be thrown when xsltc select a non-existing node
after JDK-8062518
- S8134007: Improve string folding
- S8134759: jdb: Incorrect stepping inside finally block
- S8134963: [Newtest] New stress test for changing the coarseness
level of G1 remembered set
- S8136442: Don't tie Certificate signature algorithms to ciphersuites
- S8137106: EUDC (End User Defined Characters) are not displayed
on Windows with Java 8u60+
- S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in
HotSpot
- S8138764: In some cases the usage of TreeLock can be replaced by
other synchronization
- S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed
with timeout
- S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void
InstanceKlass::oop_oop_iterate_oop_maps_specialized<true,oopDesc*,MarkAndPu
shClosure>
- S8139436: sun.security.mscapi.KeyStore might load incomplete data
- S8139751: Javac crash with -XDallowStringFolding=false
- S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev
- S8139985: JNI exception pending in
jdk/src/jdk/hprof/agent/share/native/libhprof
- S8140031: SA: Searching for a value in Threads does not work
- S8140249: JVM Crashing During startUp If Flight Recording is enabled
- S8140344: add support for 3 digit update release numbers
- S8140587: Atomic*FieldUpdaters should use Class.isInstance instead
of direct class check
- S8141260: isReachable crash in windows xp
- S8143297: Nashorn compilation time reported in nanoseconds
- S8143397: It looks like InetAddress.isReachable(timeout) works
incorrectly
- S8143855: Bad printf formatting in frame_zero.cpp
- S8143896: java.lang.Long is implicitly converted to double
- S8143963: improve ClassLoader::trace_class_path to accept an
additional outputStream* arg
- S8144020: Remove long as an internal numeric type
- S8144131: ArrayData.getInt implementations do not convert to int32
- S8144483: One long Safepoint pause directly after each GC log
rotation
- S8144487: PhaseIdealLoop::build_and_optimize() must restore
major_progress flag if skip_loop_opts is true
- S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC
builds
- S8144935: C2: safepoint is pruned from a non-counted loop
- S8144937: [TEST_BUG] testlibrary_tests should be excluded for
compact1 and compact2 execution
- S8145017: Add support for 3 digit hotspot minor version numbers
- S8145099: Better error message when SA can't attach to a process
- S8145442: Add the facility to verify remembered sets for G1
- S8145466: javac: No line numbers in compilation error
- S8145539: (coll) AbstractMap.keySet and .values should not be
volatile
- S8145550: Megamorphic invoke should use CompiledFunction variants
without any LinkLogic
- S8145669: apply2call optimized callsite fails after becoming
megamorphic
- S8145722: NullPointerException in javadoc
- S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match
AddI
- S8146147: Java linker indexed property getter does not work for
computed nashorn string
- S8146566: OpenJDK build can't handle commas in LDFLAGS
- S8146725: Issues with
SignatureAndHashAlgorithm.getSupportedAlgorithms
- S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because
8072383 was badly backported before
- S8147087: Race when reusing PerRegionTable bitmaps may result in
dropped remembered set entries
- S8147630: Wrong test result pushed to 8u-dev
- S8147845: Varargs Array functions still leaking longs
- S8147857: RMIConnector logs attribute names incorrectly
- S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC
- S8150791: 8u76 L10n resource file translation update
* Import of OpenJDK 8 u101 build 13
- S6483657: MSCAPI provider does not create unique alias names
- S6675699: need comprehensive fix for unconstrained ConvI2L with
narrowed type
- S8037557: test SessionCacheSizeTests.java timeout
- S8038837: Add support to jarsigner for specifying timestamp hash
algorithm
- S8081778: Use Intel x64 CPU instructions for RSA acceleration
- S8130150: Implement BigInteger.montgomeryMultiply intrinsic
- S8130735: javax.swing.TimerQueue: timer fires late when another
timer starts
- S8143913: MSCAPI keystore should accept Certificate[] in setEntry()
- S8144313: Test SessionTimeOutTests can be timeout
- S8146240: Three nashorn files contain "GNU General Public License"
header
- S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed
out
- S8146669: Test SessionTimeOutTests fails intermittently
- S8146993: Several javax/management/remote/mandatory regression tests
fail after JDK-8138811
- S8147994: [macosx] JScrollPane jitters up/down during trackpad
scrolling on MacOS/Aqua
- S8151522: Disable 8130150 and 8081778 intrinsics by default
- S8151876: (tz) Support tzdata2016d
- S8152098: Fix 8151522 caused test
compiler/intrinsics/squaretolen/TestSquareToLen.java to fail
- S8157077: 8u101 L10n resource file updates
* Backports
- S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop
caret blink rate
- S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for
mouse wheel events
- S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string
- S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on
text orientation
- S8014212, PR2866: Robot captures black screen
- S8029339, PR1061: Custom MultiResolution image support on HiDPI
displays
- S8031145, PR3077: Re-examine closed i18n tests to see it they can be
moved to the jdk repository.
- S8034856, PR3095: gcc warnings compiling
src/solaris/native/sun/security/pkcs11
- S8034857, PR3095: gcc warnings compiling
src/solaris/native/sun/management
- S8035054, PR3095: JarFacade.c should not include ctype.h
- S8035287, PR3095: gcc warnings compiling various libraries files
- S8038631, PR3077: Create wrapper for awt.Robot with additional
functionality
- S8039279, PR3077: Move awt tests to openjdk repository
- S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox
and JRadioButton
- S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
- S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree
- S8043126, PR3077: move awt automated functional tests from
AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
- S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional
AWT tests to regression tree
- S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing
tests
- S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and
AltPlusNumberKeyCombinationsTest to jdk
- S8044429, PR3077: move awt automated tests for AWT_Modality to
OpenJDK repository
- S8044762, PR2960: com/sun/jdi/OptionTest.java test time out
- S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to
openjdk repository
- S8047180, PR3077: Move functional tests AWT_Headless/Automated to
OpenJDK repository
- S8047367, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 2
- S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests
to OpenJDK
- S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again
- S8049617, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 3
- S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated
tests to OpenJDK
- S8050885, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 4
- S8051440, PR3077: move tests about maximizing undecorated to OpenJDK
- S8052012, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 5
- S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3
of 3)
- S8053657, PR3077: [TEST_BUG] move some 5 tests related to
undecorated Frame/JFrame to JDK
- S8054143, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 6
- S8054358, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 7
- S8054359, PR3077: move awt automated tests from AWT_Modality to
OpenJDK repository - part 8
- S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent
tests to OpenJDK
- S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk
- S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK
repository - part 9
- S8056911, PR3077: Remove internal API usage from ExtendedRobot class
- S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK
repository - part 10
- S8058959, PR1061:
closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwic
eTest.java failed automatically
- S8062606, PR3077: Fix a typo in java.awt.Robot class
- S8063102, PR3077: Change open awt regression tests to avoid
sun.awt.SunToolkit.realSync, part 1
- S8063104, PR3077: Change open awt regression tests to avoid
sun.awt.SunToolkit.realSync, part 2
- S8063106, PR3077: Change open swing regression tests to avoid
sun.awt.SunToolkit.realSync, part 1
- S8063107, PR3077: Change open swing regression tests to avoid
sun.awt.SunToolkit.realSync, part 2
- S8064573, PR3077: [TEST_BUG]
javax/swing/text/AbstractDocument/6968363/Test6968363.java is
asocial pressing VK_LEFT and not releasing
- S8064575, PR3077: [TEST_BUG]
javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys
and never releases
- S8064809, PR3077: [TEST_BUG]
javax/swing/JComboBox/4199622/bug4199622.java contains a lot of
keyPress and not a single keyRelease
- S8067441, PR3077: Some tests fails with error: cannot find symbol
getSystemMnemonicKeyCodes()
- S8068228, PR3077: Test
closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails
with GTKLookAndFeel
- S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not
include scale factor
- S8073320, PR1061: Windows HiDPI Graphics support
- S8074807, PR3077: Fix some tests unnecessary using internal API
- S8076315, PR3077: move 4 manual functional swing tests to regression
suite
- S8078504, PR3094: Zero lacks declaration of VM_Version::initialize()
- S8129822, PR3077: Define "headful" jtreg keyword
- S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates
base image to get its size
- S8133539, PR1061: [TEST_BUG] Split
java/awt/image/MultiResolutionImageTest.java in two to allow
restricted access
- S8137571, PR1061: Linux HiDPI Graphics support
- S8142406, PR1061: [TEST] MultiResolution image: need test to cover
the case when @2x image is corrupted
- S8145188, PR2945: No LocalVariableTable generated for the entire JDK
- S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution
menu items icons
- S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution
icons
- S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be
taken into account for OS X
- S8151841, PR2882: Build needs additional flags to compile with GCC 6
[plus parts of 8149647 & 8032045]
- S8155613, PR1061: [PIT] crash in
AWT_Desktop/Automated/Exceptions/BasicTest
- S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD
incorrectly
- S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK
3 on Linux
- S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead
to the generation of illegal instructions (bsc#988651)
- S8159244, PR3074: Partially initialized string object created by
C2's string concat optimization may escape
- S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful.
- S8160294, PR2882, PR3095: Some client libraries cannot be built with
GCC 6
* Bug fixes
- PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order
- PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid
re-discovery by OpenJDK configure
- PR2932: Support ccache in a non-automagic manner
- PR2933: Support ccache 3.2 and later
- PR2964: Set system defaults based on OS
- PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line
endings rather than system line endings
- PR3078: Remove duplicated line dating back to 6788347 and 6894807
- PR3083, RH1346460: Regression in SSL debug output without an ECC
provider
- PR3089: Remove old memory limits patch
- PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs
- PR3095: Fix warnings in URLClassPath.c
- PR3096: Remove dead --disable-optimizations option
- PR3105: Use version from hotspot.map to create tarball filename
- PR3106: Handle both correctly-spelt property
"enableCustomValueHandler" introduced by S8079718 and typo version
- PR3108: Shenandoah patches not included in release tarball
- PR3110: Update hotspot.map documentation in INSTALL
* AArch64 port
- S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for
AArch64
- S8148328, PR3078: aarch64: redundant lsr instructions in stub code.
- S8148783, PR3078: aarch64: SEGV running SpecJBB2013
- S8148948, PR3078: aarch64: generate_copy_longs calls align()
incorrectly
- S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code
- S8149365, PR3078: aarch64: memory copy does not prefetch on
backwards copy
- S8149907, PR3078: aarch64: use load/store pair instructions in
call_stub
- S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing
narrow pointer with zero
- S8150045, PR3078: arraycopy causes segfaults in SATB during garbage
collection
- S8150082, PR3078: aarch64: optimise small array copy
- S8150229, PR3078: aarch64: pipeline class for several instructions
is not set correctly
- S8150313, PR3078: aarch64: optimise array copy using SIMD
instructions
- S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions
- S8151340, PR3078: aarch64: prefetch the destination word for write
prior to ldxr/stxr loops.
- S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words
- S8151775, PR3078: aarch64: add support for 8.1 LSE atomic
operations
- S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing
unsigned values with zero.
- S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine
- S8153713, PR3078: aarch64: improve short array clearing using store
pair
- S8153797, PR3078: aarch64: Add Arrays.fill stub code
- S8154537, PR3078: AArch64: some integer rotate instructions are
never emitted
- S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in
wrong mode
- S8155015, PR3078: Aarch64: bad assert in spill generation code
- S8155100, PR3078: AArch64: Relax alignment requirement for
byte_map_base
- S8155612, PR3078: Aarch64: vector nodes need to support misaligned
offset
- S8155617, PR3078: aarch64: ClearArray does not use DC ZVA
- S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with
8155612
- S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due
to _generic_arraycopy stub routine
- S8157841, PR3078: aarch64: prefetch ignores cache line size
- S8157906, PR3078: aarch64: some more integer rotate instructions are
never emitted
- S8158913, PR3078: aarch64: SEGV running Spark terasort
- S8159052, PR3078: aarch64: optimise unaligned copies in
pd_disjoint_words and pd_conjoint_words
- S8159063, PR3078: aarch64: optimise unaligned array copy long
- PR3078: Cleanup remaining differences from aarch64/jdk8u tree
- Fix script linking /usr/share/javazi/tzdb.dat for platform where it
applies (bsc#987895)
- Fix aarch64 running with 48 bits va space (bsc#984684)
avoid some crashes
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1187=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1187=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
java-1_8_0-openjdk-1.8.0.101-14.3
java-1_8_0-openjdk-debuginfo-1.8.0.101-14.3
java-1_8_0-openjdk-debugsource-1.8.0.101-14.3
java-1_8_0-openjdk-demo-1.8.0.101-14.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.101-14.3
java-1_8_0-openjdk-devel-1.8.0.101-14.3
java-1_8_0-openjdk-headless-1.8.0.101-14.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-14.3
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
java-1_8_0-openjdk-1.8.0.101-14.3
java-1_8_0-openjdk-debuginfo-1.8.0.101-14.3
java-1_8_0-openjdk-debugsource-1.8.0.101-14.3
java-1_8_0-openjdk-headless-1.8.0.101-14.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-14.3
References:
https://www.suse.com/security/cve/CVE-2016-3458.html
https://www.suse.com/security/cve/CVE-2016-3485.html
https://www.suse.com/security/cve/CVE-2016-3498.html
https://www.suse.com/security/cve/CVE-2016-3500.html
https://www.suse.com/security/cve/CVE-2016-3503.html
https://www.suse.com/security/cve/CVE-2016-3508.html
https://www.suse.com/security/cve/CVE-2016-3511.html
https://www.suse.com/security/cve/CVE-2016-3550.html
https://www.suse.com/security/cve/CVE-2016-3552.html
https://www.suse.com/security/cve/CVE-2016-3587.html
https://www.suse.com/security/cve/CVE-2016-3598.html
https://www.suse.com/security/cve/CVE-2016-3606.html
https://www.suse.com/security/cve/CVE-2016-3610.html
https://bugzilla.suse.com/984684
https://bugzilla.suse.com/987895
https://bugzilla.suse.com/988651
https://bugzilla.suse.com/989721
https://bugzilla.suse.com/989722
https://bugzilla.suse.com/989723
https://bugzilla.suse.com/989725
https://bugzilla.suse.com/989726
https://bugzilla.suse.com/989727
https://bugzilla.suse.com/989728
https://bugzilla.suse.com/989729
https://bugzilla.suse.com/989730
https://bugzilla.suse.com/989731
https://bugzilla.suse.com/989732
https://bugzilla.suse.com/989733
https://bugzilla.suse.com/989734
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV6p1HYx+lLeg9Ub1AQgi+hAAi/7BiNC+SGldT1UrgM6Gql/TWD91Giyd
SYfPxvHjX+4ayYoxWzDHiAkN79OD4lnCt4pPSEMY4MSDgRmisu3OIT2tqQ4Jq/oX
m6k7+raZrNI5vBI+lQAJ3xUvPKiRfDvJW023Z0iY9onmoy0WhpbTyNAqyyAU1GAM
V/qM1xKLknM3zRS4HHvn0u2264hUvGKpIozp0KU77xWYwi/SrbgvnaWaMouMt9cD
ygkFbrH3CrTJVjBT8a3xix8SQOwwIQYDRvfs+8o7yJxjI3NmEAtrIG9Q1R8fvIs8
bMewsY1DQOKYkCSHErEgu7heugc1zss8thcscsgEpt0DMpLyvTI4/mV9xJK7FJFn
gPhlZ0yIHfzwSCpy56GxP/q9HyIk0vzyP3Suu4SlalkZUPma/YD47zYekjMTz0A6
DI1crYoXXEZa3bh2cblRrFyjOPUDD2iFDwDRs/W2ZAdLlO/aBg/txdxH4Tgl2/Nh
zwSwsoQXdidj+jGjcz9tMO9vG1E2gp210TKOgX99Fe+Q0yIoRO6OMFtbebBeBPIn
e1xF8aEC2ojX5ViDJP8d1fa0VVYTN9IEWkhMi7vciApAnxvpkZhFjYuYypro1W1b
aR5JusTZIgofnJkbnxhcTM5Hp20oaLyX3u09LgbopP2nBQ6dypXgzgS0U4NsbYo+
kx2L9m3LDSQ=
=gnHq
-----END PGP SIGNATURE-----