Univention Bugzilla – Bug 40483
openjdk-7: Multiple issues (4.1)
Last modified: 2016-10-05 12:46:51 CEST
+++ This bug was initially created as a clone of Bug #40482 +++ New issues fixed in Debian package version 7u95-2.6.4-1: - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962, CVE-2016-0466: More general limits - S8137060: JMX memory management improvements - S8139012: Better font substitutions - S8139017, CVE-2016-0483: More stable image decoding - S8140543, CVE-2016-0494: Arrange font actions - S8143185: Cleanup for handling proxies - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays - S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
Package version in wheezy: 7u95-2.6.4-1~deb7u1
dtroeder@dimma:~$ repo_admin.py --cherrypick --release 4.0-0-0 -s errata4.0-4 --releasedest 4.1-0-0 --dest errata4.1-0 --package openjdk-7 dtroeder@dimma:~$ repo_stat.py openjdk-7 7u95-2.6.4-1~deb7u1 imported on 2016-02-05 12:34:15.794837 Included in scope errata4.0-4 for release tag 4.0-0-0 (77864) Included in scope errata4.1-0 for release tag 4.1-0-0 (77864) dtroeder@dimma:~$ b41-scope errata4.1-0 openjdk-7 The following patches will be applied: 00_hardcode-debian-settings-in-lsb-detection.patch Advisory: 67256
java7-jdk is missing in openjdk-7-jdk Provides! Package: openjdk-7-jdk Version: 7u95-2.6.4-1.22.201602051241 Provides: java-compiler, java-sdk, java2-sdk, java5-sdk, java6-sdk, java7-sdk Package: openjdk-7-jdk Version: 7u91-2.6.3-1.19.201512041548 Provides: java-compiler, java-sdk, java2-sdk, java5-sdk, java6-sdk, java7-jdk This breaks the heliumvserver App: -> apt-get install heliumv-base Paketlisten werden gelesen... Fertig Abhängigkeitsbaum wird aufgebaut. Statusinformationen werden eingelesen.... Fertig Einige Pakete konnten nicht installiert werden. Das kann bedeuten, dass Sie eine unmögliche Situation angefordert haben oder, wenn Sie die Unstable-Distribution verwenden, dass einige erforderliche Pakete noch nicht erstellt wurden oder Incoming noch nicht verlassen haben. Die folgenden Informationen helfen Ihnen vielleicht, die Situation zu lösen: Die folgenden Pakete haben unerfüllte Abhängigkeiten: heliumv-base : Hängt ab von: java7-jdk E: Probleme können nicht korrigiert werden, Sie haben zurückgehaltene defekte Pakete. -> apt-cache show heliumv-base Package: heliumv-base Section: net Installed-Size: 66585 Maintainer: it25 GmbH <packages@it25.de> Architecture: all Source: heliumv Version: 0.1-3 Depends: java-common, java7-jdk, perl, ttf-mscorefonts-installer See, http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-0/job/Autotest%20MultiEnv/SambaVersion=s4,Systemrolle=member/lastCompletedBuild/testReport/20_appcenter/20_can_apps_be_installed/test/ We may need to add java7-jdk to openjdk-7-jdk Provides, but debian deliberately replaced java7-jdk with java7-sdk, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803150. So, not sure what to do here.
'java7-jdk' has been added to the 'Provides' field of openjdk-7-jdk (r15871). i386 ha built, amd64 is in the making.
New issues fixed in Debian package version 7u101-2.6.6-2~deb7u1: * S8129952, CVE-2016-0686: Ensure thread consistency (Serialization) S8132051, CVE-2016-0687: Better byte behavior (Hotspot) S8138593, CVE-2016-0695: Make DSA more fair (Security Sub-component) S8139008: Better state table management S8143167, CVE-2016-3425: Better buffering of XML strings (JAXP) S8144430, CVE-2016-3427: Improve JMX connections (JMX) S8152335, CVE-2016-0636: Improve MethodHandle consistency (Hotspot) For details see http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Additionally the openjdk-7.yaml needs to be merged and updated for ucs4.0-5
openjdk-7 package version 7u101-2.6.6-2~deb7u1 was built in scope ucs_4.1-0-errata4.1-1 and the advisory moved and updated in r69181.
Advisory adjusted for 7u101 and moved to ucs4.1-2. Note: Package is built in errata4.1-1, advisory correctly says so. The binary packages are updatable and basic Java tests worked.
<http://errata.software-univention.de/ucs/4.1/186.html>