--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-6397
2015-04-18 05:44:42
--------------------------------------------------------------------------------

Name        : java-1.7.0-openjdk
Product     : Fedora 20
Version     : 1.7.0.79
Release     : 2.5.5.0.fc20
URL         : https://openjdk.org/
Summary     : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.

--------------------------------------------------------------------------------
Update Information:

Updated to security icedtea-forest7 2.5.5
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 10 2015 Jiri Vanek  - 1:1.7.0.75-2.5.5.0
- repacked sources
* Thu Apr  9 2015 Jiri Vanek  - 1:1.7.0.75-2.5.5.0
- Bump to 2.5.5 using OpenJDK 7u79 b14.
- Update OpenJDK tarball creation comments
- Drop AArch64 version of RH1191652 HotSpot patch as included upstream.
- added Patch406: fixPtraceInclude.patch, Patch404: rh1191652-hotspot.patch
  Patch405: rh1191652-jdk.patch
* Wed Jan 21 2015 Jiri Vanek  - 1:1.7.0.75-2.5.4.2
- Updated to security update of 20.1.2015
- Replace unmodified java.security file via headless post scriptlet.
- Fix macro expansion in changelog
- Fix elliptic curve list as part of fsg.sh
- Bump release so that the RHEL 7.1 version is built on AArch64.
- Bump to 2.5.4 using OpenJDK 7u75 b13.
- Bump AArch64 port to 2.6.0pre17.
- Fix abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs.
- Remove OpenJDK 8 / AArch64 version of PStack patch as this is no longer needed.
* Tue Dec 16 2014 Jiri Vanek  - 1:1.7.0.71-2.5.3.3
- aarch64 sources updated to most recent stable tag
- adapted patch4030 PStack-808293-aarch64.patch
* Tue Dec  9 2014 Jiri Vanek  - 1:1.7.0.71-2.5.3.2
- added and applied patch404 rh1155012-jdk-speedup.patch
* Mon Dec  1 2014 Jiri Vanek  - 1:1.7.0.71-2.5.3.1
- removed source14 remove-origin-from-rpaths (11690970)
- removed build requirement for chrpath
* Wed Oct 15 2014 Jiri Vanek   - 1.7.0.71-2.5.3.0
- updated to security icedtea-forest 2.5.3
* Thu Sep 11 2014 Jiri Vanek   - 1.7.0.65-2.5.2.5
- fixed headless to become headless again
 - jre/lib/archinstall/libjavagtk.so
 - jre/bin/policytool
 - jre-abrt/lib/archinstall/libjavagtk.so
 - all three added to not headless exclude list
* Tue Sep  2 2014 Jiri Vanek   - 1.7.0.65-2.5.2
- updated to icedtea7-forest 2.5.2
- removed patch404 gtk3ToBeReverted.patch
- removed patch405 pr1864_smartcardIO.patch
* Tue Jul 22 2014 Jiri Vanek   - 1.7.0.65-2.5.1.4
- excluded libmawt.so from autorequires/autoprovides
- see https://bugzilla.redhat.com/show_bug.cgi?id=1111349
* Thu Jul 17 2014 Rex Dieter  - 1.7.0.65-2.5.1.3
- rebuild (for pulseaudio, bug #1117683)
* Mon Jul 14 2014 Jiri Vanek   - 1.7.0.65-2.5.1.2
- added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch
* Mon Jul  7 2014 Jiri Vanek   - 1.7.0.65-2.5.1.1
- updated to security patched icedtea7-forest-2.5.1
* Wed Jul  2 2014 Jiri Vanek   - 1.7.0.60-2.5.0.3
- Added arrch64 support
* Tue Jul  1 2014 Andrew Hughes  - 1.7.0.60-2.5.0.2
- Add nss-softokn dependency for SunEC provider
- Add support for ppc64le
- Enable SunEC provider with system NSS support.
- Ensure java-1.7.0-openjdk is used to build, not 8
- Set INSTALL_LOCATION so it can be used in the rpath.
* Thu Jun 19 2014 Jiri Vanek   - 1.7.0.60-2.5.0.1.f20
- added and applied as reverted patch404 gtk3ToBeReverted.patch
 - reverting controversial fix of * Wed Jun 18 2014 Jiri Vanek   - 1.7.0.60-2.5.0.f20
- updated to icedtea7-forest 2.5.0
- removed icedtea_version_presuffix
- removed hardcoded 60
- removed upstreamed patch412 add-final-location-rpaths.patch
- removed upstreamed patch413 rh1064383-prelink_fix.patch
* Thu May 22 2014 Andrew Hughes  - 1.7.0.51-2.4.7.3.fc20
- debug turned off (0)
- python added to line %{SOURCE14} $files to preven access denied
- added build requires for python
* Thu May 22 2014 Jiri Vanek  - 1.7.0.51-2.4.7.2.fc20
- bumped release
- changed  buildoutputdir to contains "-debug" in case of debug on
- rewritten (long unmaintained) java-1.7.0-openjdk-debugdocs.patch and 
  java-1.7.0-openjdk-debuginfo.patch
- debug turned on (1)
* Tue Apr 22 2014 Jiri Vanek  - 1.7.0.55-2.4.7.1.fc20
- Added Omair's fix for RH1059925
 - added and used Source14, remove-origin-from-rpaths
 - added and applied patch412 add-final-location-rpaths.patch
 - added build requires chrpath
 - adde INSTALL_LOCATION=_jvmdir/sdkdir to make swithces
- added missing OrderWithRequires (sync with master)
- removed rhino requires (sync with master)
- added libattr-devel build requires (sync with master)
- added conditional chmod on sa-jdi.jar (sync with master)
- added comment to fiels about lua (sync with master)
- added few more owned dirs (sync with master)
* Mon Apr  7 2014 Jiri Vanek  - 1.7.0.55-2.4.7.0.fc20
- Added check to lua according to already exisitng same jvm
- bumped to future icedtea-forest 2.4.7
- updatever set to 55, buildver se to 13, release reset to 0
- removed upstreamed patch402 gstackbounds.patch
- included config(norepalce) lua script
* Wed Mar 26 2014 Omair Majid  - 1.7.0.60-2.4.5.2.fc20
- Switch to a new tapset tarball without trailing space in file name
* Thu Jan 30 2014 Jiri Vanek  - 1.7.0.51-2.4.5.1.f20
- removed or cleaning alternatives remove in posts
* Thu Jan 30 2014 Jiri Vanek  - 1.7.0.51-2.4.5.0.f20
- removed buildRequires: pulseaudio >= 0.9.11, as not neccessary
 -  but kept libs-devel
- updated to icedtea 2.4.5
 - - removed upstreamed or unwonted patches (thanx to gnu_andrew to pointing them out)
 - patch410 1015432.patch (upstreamed)
 - patch411 1029588.patch
 - patch412 zero-x32.diff
 - patch104 java-1.7.0-ppc-zero-jdk.patch
 - patch105 java-1.7.0-ppc-zero-hotspot.patch
- patch402 gstackbounds.patch and patch403 PStack-808293.patch applied always
 (again thanx to gnu_andrew)
- merged other gnu_andrew's changes
 - FT2_CFLAGS and FT2_LIBS hardoced values replaced by correct pkg-config calls 
 - buildver bumbed to 31
- added build requires  nss-devel
- removed build requires mercurial
- added JRE_RELEASE_VERSION and ALT_PARALLEL_COMPILE_JOBS into make call
* Fri Jan 17 2014 Jiri Vanek  - 1.7.0.51-2.4.4.1.f20
- removed 2.3 tarball due to security issues
 - this causes zero arm32 jit to not exists eny more (aprox 30% slowdown)
 - removed declarations:
  - global icedtea_version_arm32 2.3.13
  - source100  openjdk-icedtea-%{icedtea_version_arm32}.tar.xz
 - removed:
  - patch30   java-1.7.0-openjdk-java-access-bridge-security-2.3.patch
  - patch1000 rhino-2.3.patch
  - patch4020 gstackbounds-2.3.patch
  - patch4110 1029588-2.3.patch
  - patch302 systemtap.patch
  - patch401 657854-openjdk7.patch
 - with all follwing  ifarch arm calls
 - patch410 and TestCryptoLevel are now used always
 - US_export_policy.jar and  local_policy.jar are now listed always
 - make: 
  - always used DISABLE_INTREE_EC,  UNLIMITED_CRYPTO
  - removed arm32 specific DISTRO_PACKAGE_VERSION JDK_UPDATE_VERSION  JDK_BUILD_NUMBER
- added patch412 zero-x32.diff to try to fix zero builds build
* Fri Jan 10 2014 Jiri Vanek  - 1.7.0.51-2.4.4.0.f20
- updated to security icedtea 2.4.4
- and arm tarball updated to security icedtea 2.3.13
 - icedtea_version set to 2.4.4
 - updatever bumped to       51
 - release reset to 0
* Mon Jan  6 2014 Jiri Vanek  - 1.7.0.40-2.4.3.4.f19
- added and applied patch411 1029588.patch (for 2.4)
- added and applied patch4110 1029588-2.3.patch (for 2.3)
- resolves rhbz#1029588
* Mon Jan  6 2014 Jiri Vanek  - 1.7.0.40-2.4.3.3.f19
- added and applied for icedtea 2.4 patch410, 1015432.patch
- resolves rhbz#1015432
* Mon Jan  6 2014 Jiri Vanek  - 1.7.0.40-2.4.3.2.f20
- changed Provides: jre-headless = 1.7.0
  to      Provides: jre-headless = 1:1.7.0
- resolves rhbz#1046050
* Fri Oct 18 2013 Jiri Vanek  - 1.7.0.40-2.4.3.1.f20
- arm tarball updated to new  CPU sources 2.3.13
- removed upstreamed  patch 501 callerclass-01.patch
- removed upstreamed  patch 502 callerclass-02.patch
- removed upstreamed  patch 503 callerclass-02.patch
- removed upstreamed  patch 504 callerclass-02.patch
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update java-1.7.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 20: java-1.7.0-openjdk Security Update

April 22, 2015
Updated to security icedtea-forest7 2.5.5

Summary

The OpenJDK runtime environment.

Update Information:

Updated to security icedtea-forest7 2.5.5

Change Log

* Fri Apr 10 2015 Jiri Vanek - 1:1.7.0.75-2.5.5.0 - repacked sources * Thu Apr 9 2015 Jiri Vanek - 1:1.7.0.75-2.5.5.0 - Bump to 2.5.5 using OpenJDK 7u79 b14. - Update OpenJDK tarball creation comments - Drop AArch64 version of RH1191652 HotSpot patch as included upstream. - added Patch406: fixPtraceInclude.patch, Patch404: rh1191652-hotspot.patch Patch405: rh1191652-jdk.patch * Wed Jan 21 2015 Jiri Vanek - 1:1.7.0.75-2.5.4.2 - Updated to security update of 20.1.2015 - Replace unmodified java.security file via headless post scriptlet. - Fix macro expansion in changelog - Fix elliptic curve list as part of fsg.sh - Bump release so that the RHEL 7.1 version is built on AArch64. - Bump to 2.5.4 using OpenJDK 7u75 b13. - Bump AArch64 port to 2.6.0pre17. - Fix abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs. - Remove OpenJDK 8 / AArch64 version of PStack patch as this is no longer needed. * Tue Dec 16 2014 Jiri Vanek - 1:1.7.0.71-2.5.3.3 - aarch64 sources updated to most recent stable tag - adapted patch4030 PStack-808293-aarch64.patch * Tue Dec 9 2014 Jiri Vanek - 1:1.7.0.71-2.5.3.2 - added and applied patch404 rh1155012-jdk-speedup.patch * Mon Dec 1 2014 Jiri Vanek - 1:1.7.0.71-2.5.3.1 - removed source14 remove-origin-from-rpaths (11690970) - removed build requirement for chrpath * Wed Oct 15 2014 Jiri Vanek - 1.7.0.71-2.5.3.0 - updated to security icedtea-forest 2.5.3 * Thu Sep 11 2014 Jiri Vanek - 1.7.0.65-2.5.2.5 - fixed headless to become headless again - jre/lib/archinstall/libjavagtk.so - jre/bin/policytool - jre-abrt/lib/archinstall/libjavagtk.so - all three added to not headless exclude list * Tue Sep 2 2014 Jiri Vanek - 1.7.0.65-2.5.2 - updated to icedtea7-forest 2.5.2 - removed patch404 gtk3ToBeReverted.patch - removed patch405 pr1864_smartcardIO.patch * Tue Jul 22 2014 Jiri Vanek - 1.7.0.65-2.5.1.4 - excluded libmawt.so from autorequires/autoprovides - see https://bugzilla.redhat.com/show_bug.cgi?id=1111349 * Thu Jul 17 2014 Rex Dieter - 1.7.0.65-2.5.1.3 - rebuild (for pulseaudio, bug #1117683) * Mon Jul 14 2014 Jiri Vanek - 1.7.0.65-2.5.1.2 - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch * Mon Jul 7 2014 Jiri Vanek - 1.7.0.65-2.5.1.1 - updated to security patched icedtea7-forest-2.5.1 * Wed Jul 2 2014 Jiri Vanek - 1.7.0.60-2.5.0.3 - Added arrch64 support * Tue Jul 1 2014 Andrew Hughes - 1.7.0.60-2.5.0.2 - Add nss-softokn dependency for SunEC provider - Add support for ppc64le - Enable SunEC provider with system NSS support. - Ensure java-1.7.0-openjdk is used to build, not 8 - Set INSTALL_LOCATION so it can be used in the rpath. * Thu Jun 19 2014 Jiri Vanek - 1.7.0.60-2.5.0.1.f20 - added and applied as reverted patch404 gtk3ToBeReverted.patch - reverting controversial fix of * Wed Jun 18 2014 Jiri Vanek - 1.7.0.60-2.5.0.f20 - updated to icedtea7-forest 2.5.0 - removed icedtea_version_presuffix - removed hardcoded 60 - removed upstreamed patch412 add-final-location-rpaths.patch - removed upstreamed patch413 rh1064383-prelink_fix.patch * Thu May 22 2014 Andrew Hughes - 1.7.0.51-2.4.7.3.fc20 - debug turned off (0) - python added to line %{SOURCE14} $files to preven access denied - added build requires for python * Thu May 22 2014 Jiri Vanek - 1.7.0.51-2.4.7.2.fc20 - bumped release - changed buildoutputdir to contains "-debug" in case of debug on - rewritten (long unmaintained) java-1.7.0-openjdk-debugdocs.patch and java-1.7.0-openjdk-debuginfo.patch - debug turned on (1) * Tue Apr 22 2014 Jiri Vanek - 1.7.0.55-2.4.7.1.fc20 - Added Omair's fix for RH1059925 - added and used Source14, remove-origin-from-rpaths - added and applied patch412 add-final-location-rpaths.patch - added build requires chrpath - adde INSTALL_LOCATION=_jvmdir/sdkdir to make swithces - added missing OrderWithRequires (sync with master) - removed rhino requires (sync with master) - added libattr-devel build requires (sync with master) - added conditional chmod on sa-jdi.jar (sync with master) - added comment to fiels about lua (sync with master) - added few more owned dirs (sync with master) * Mon Apr 7 2014 Jiri Vanek - 1.7.0.55-2.4.7.0.fc20 - Added check to lua according to already exisitng same jvm - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402 gstackbounds.patch - included config(norepalce) lua script * Wed Mar 26 2014 Omair Majid - 1.7.0.60-2.4.5.2.fc20 - Switch to a new tapset tarball without trailing space in file name * Thu Jan 30 2014 Jiri Vanek - 1.7.0.51-2.4.5.1.f20 - removed or cleaning alternatives remove in posts * Thu Jan 30 2014 Jiri Vanek - 1.7.0.51-2.4.5.0.f20 - removed buildRequires: pulseaudio >= 0.9.11, as not neccessary - but kept libs-devel - updated to icedtea 2.4.5 - - removed upstreamed or unwonted patches (thanx to gnu_andrew to pointing them out) - patch410 1015432.patch (upstreamed) - patch411 1029588.patch - patch412 zero-x32.diff - patch104 java-1.7.0-ppc-zero-jdk.patch - patch105 java-1.7.0-ppc-zero-hotspot.patch - patch402 gstackbounds.patch and patch403 PStack-808293.patch applied always (again thanx to gnu_andrew) - merged other gnu_andrew's changes - FT2_CFLAGS and FT2_LIBS hardoced values replaced by correct pkg-config calls - buildver bumbed to 31 - added build requires nss-devel - removed build requires mercurial - added JRE_RELEASE_VERSION and ALT_PARALLEL_COMPILE_JOBS into make call * Fri Jan 17 2014 Jiri Vanek - 1.7.0.51-2.4.4.1.f20 - removed 2.3 tarball due to security issues - this causes zero arm32 jit to not exists eny more (aprox 30% slowdown) - removed declarations: - global icedtea_version_arm32 2.3.13 - source100 openjdk-icedtea-%{icedtea_version_arm32}.tar.xz - removed: - patch30 java-1.7.0-openjdk-java-access-bridge-security-2.3.patch - patch1000 rhino-2.3.patch - patch4020 gstackbounds-2.3.patch - patch4110 1029588-2.3.patch - patch302 systemtap.patch - patch401 657854-openjdk7.patch - with all follwing ifarch arm calls - patch410 and TestCryptoLevel are now used always - US_export_policy.jar and local_policy.jar are now listed always - make: - always used DISABLE_INTREE_EC, UNLIMITED_CRYPTO - removed arm32 specific DISTRO_PACKAGE_VERSION JDK_UPDATE_VERSION JDK_BUILD_NUMBER - added patch412 zero-x32.diff to try to fix zero builds build * Fri Jan 10 2014 Jiri Vanek - 1.7.0.51-2.4.4.0.f20 - updated to security icedtea 2.4.4 - and arm tarball updated to security icedtea 2.3.13 - icedtea_version set to 2.4.4 - updatever bumped to 51 - release reset to 0 * Mon Jan 6 2014 Jiri Vanek - 1.7.0.40-2.4.3.4.f19 - added and applied patch411 1029588.patch (for 2.4) - added and applied patch4110 1029588-2.3.patch (for 2.3) - resolves rhbz#1029588 * Mon Jan 6 2014 Jiri Vanek - 1.7.0.40-2.4.3.3.f19 - added and applied for icedtea 2.4 patch410, 1015432.patch - resolves rhbz#1015432 * Mon Jan 6 2014 Jiri Vanek - 1.7.0.40-2.4.3.2.f20 - changed Provides: jre-headless = 1.7.0 to Provides: jre-headless = 1:1.7.0 - resolves rhbz#1046050 * Fri Oct 18 2013 Jiri Vanek - 1.7.0.40-2.4.3.1.f20 - arm tarball updated to new CPU sources 2.3.13 - removed upstreamed patch 501 callerclass-01.patch - removed upstreamed patch 502 callerclass-02.patch - removed upstreamed patch 503 callerclass-02.patch - removed upstreamed patch 504 callerclass-02.patch

References

Fedora Update Notification FEDORA-2015-6397 2015-04-18 05:44:42 Name : java-1.7.0-openjdk Product : Fedora 20 Version : 1.7.0.79 Release : 2.5.5.0.fc20 URL : https://openjdk.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update java-1.7.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : java-1.7.0-openjdk
Product : Fedora 20
Version : 1.7.0.79
Release : 2.5.5.0.fc20
URL : https://openjdk.org/
Summary : OpenJDK Runtime Environment

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved