icedtea-web (1.4-3~deb7u2) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2013-4349.diff patch. CVE-2013-4349: Fix IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow after triggering event attached to applets. (Closes: #723118) -- Salvatore Bonaccorso Wed, 02 Oct 2013 17:11:22 +0200 icedtea-web (1.4-3~deb7u1) stable-security; urgency=low * Build for stable -- Moritz Mühlenhoff Sun, 07 Jul 2013 18:29:00 +0200 icedtea-web (1.4-3) unstable; urgency=low * Update from the 1.4 branch: - Fix PR1465, java.io.FileNotFoundException while trying to download a JAR file. - Fix PR1473, javaws should not depend on name of local file. - Fix PR854, resizing an applet several times causes 100% CPU load. Closes: #707729. -- Matthias Klose Thu, 04 Jul 2013 11:01:08 +0200 icedtea-web (1.4-2) unstable; urgency=low * Fix icedtea-web for use with OpenJDK 7u25. -- Matthias Klose Wed, 03 Jul 2013 17:34:23 +0200 icedtea-web (1.4-1) unstable; urgency=low * IcedTea-Web 1.4 release. * Stop building the icedtea6-plugin transitional package. -- Matthias Klose Thu, 09 May 2013 18:26:47 +0200 icedtea-web (1.3.2-1) unstable; urgency=high * IcedTea-Web 1.3.2 release. * Security Updates: - CVE-2013-1927: fixed gifar vulnerability. - CVE-2013-1926: Class-loader incorrectly shared for applets with same relative-path. * Common: - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. * NetX: - PR580: http://www.horaoficial.cl/ loads improperly. * Plugin: - PR1260: IcedTea-Web should not rely on GTK. - PR1157: Applets can hang browser after fatal exception. * Refresh patches. -- Matthias Klose Wed, 17 Apr 2013 00:45:29 +0200 icedtea-web (1.3.1-3) unstable; urgency=low * Team upload. * Remove mips and mipsel from architectures. (Closes: #701091) -- Niels Thykier Thu, 21 Feb 2013 21:30:08 +0100 icedtea-web (1.3.1-2.1) unstable; urgency=low * Non-maintainer upload. * Don't forget to remove the itweb-settings alternative. (Closes: #668444) -- Andreas Beckmann Sat, 02 Feb 2013 13:09:09 +0100 icedtea-web (1.3.1-2) unstable; urgency=low * Team upload. * Rebuild with Java7 as "default" to fix the Java7 variant of the Java plugin. Thanks to Bálint Réczey for the report. (Closes: #693623) -- Niels Thykier Thu, 20 Dec 2012 16:06:38 +0100 icedtea-web (1.3.1-1) unstable; urgency=high * IcedTea-Web 1.3.1 release. * Security Updates - CVE-2012-4540: Heap-based buffer overflow after triggering event attached to applet. * Common - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7. -- Matthias Klose Thu, 08 Nov 2012 12:39:11 +0100 icedtea-web (1.3-2) unstable; urgency=high * Configure with --disable-docs (the developer docs aren't shipped anyway). Works around the build failure on s390. -- Matthias Klose Thu, 06 Sep 2012 23:03:51 +0200 icedtea-web (1.3-1) unstable; urgency=high * IcedTea-Web 1.3 release. * Security updates: - CVE-2012-3422: Potential read from an uninitialized memory location. - CVE-2012-3423: Incorrect handling of not 0-terminated strings. * NetX fixes: - PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen"). - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly. * Plugin fixes: - PR820: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp. - PR863: Error passing strings to applet methods in Chromium. - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass. - PR861: Allow loading from non codebase hosts. Allow code to connect to hosting server. - PR518: NPString.utf8characters not guaranteed to be nul-terminated. - PR722: META-INF/ unsigned entries should be ignored in signing. - PR855: AppletStub getDocumentBase() doesn't return full URL. - PR1011: Folders treated as jar files in archive tag. - PR1106: Buffer overflow in plugin table. - PR975: Plugin should not include classpaths specified in jar manifests when using jnlp_href. - PR588: Cookies not written from cookie jar to browser cookies. * Common fixes: - PR918: java applet windows uses a low resulution black/white icon. - Disambiguate signed applet security prompt from certificate warning. - PR955: regression: SweetHome3D fails to run. * For Ubuntu quantal, set priorities for alternatives higher than for OpenJDK 6. * Call update-alternatives when the existing priority for the alternative is lower than the current one. * icedtea-netx: Don't set the alternatives to a OpenJDK which is not installed. Closes: #681269. * Allow building the plugin for OpenJDK 6 using OpenJDK 7. * Build with hardening defaults. -- Matthias Klose Thu, 06 Sep 2012 15:15:52 +0200 icedtea-web (1.2-2) unstable; urgency=low * Fix interpreter path and classpath for OpenJDK7. Closes: #663895. * Update to the 1.2 release branch 20120409. - Fix PR895 (IcedTea-Web searches for missing classes on each loadClass or findClass). -- Matthias Klose Mon, 09 Apr 2012 16:15:17 +0200 icedtea-web (1.2-1ubuntu1) precise; urgency=low * Regenerate the control file. -- Matthias Klose Fri, 09 Mar 2012 02:09:38 +0100 icedtea-web (1.2-1) unstable; urgency=low * IcedTea-Web 1.2 release. * Security updates: - CVE-2011-2513: Home directory path disclosure to untrusted applications. - CVE-2011-2514: Java Web Start security warning dialog manipulation. - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass. * Make icedtea-netx-common multi-arch installable. -- Matthias Klose Fri, 09 Mar 2012 01:13:55 +0100 icedtea-web (1.2~pre3-3) unstable; urgency=low * Really use OpenJDK 7 for the icedtea-7 plugin. Closes: #662239. -- Matthias Klose Sun, 04 Mar 2012 23:47:57 +0100 icedtea-web (1.2~pre3-2) unstable; urgency=low * Fix another quoting issue. Closes: #662039. -- Matthias Klose Sun, 04 Mar 2012 13:18:02 +0100 icedtea-web (1.2~pre3-1ubuntu1) precise; urgency=low * Regenerate the control file. -- Matthias Klose Sat, 03 Mar 2012 12:35:35 +0100 icedtea-web (1.2~pre3-1) unstable; urgency=low * Update to hg 20120303, taken from the icedtea-web-1.2 release branch. -- Matthias Klose Sat, 03 Mar 2012 12:30:45 +0100 icedtea-web (1.2~pre2-1ubuntu2) precise; urgency=low * debian/rules: Fix quoting issue. -- Matthias Klose Mon, 27 Feb 2012 14:38:24 +0100 icedtea-web (1.2~pre2-1ubuntu1) precise; urgency=low * icedtea-netx-common: Drop dependency on OpenJDK. Closes: #661428. * Robustify maintainer scripts. Closes: #661424. -- Matthias Klose Mon, 27 Feb 2012 10:53:13 +0100 icedtea-web (1.2~pre2-1) unstable; urgency=low * Regenerate the control file. -- Matthias Klose Sun, 26 Feb 2012 17:48:03 +0100 icedtea-web (1.2~pre2-0ubuntu1) precise; urgency=low * Update to hg 20120226, taken from the icedtea-web-1.2 release branch. * Fix icedtea-7-plugin update. * Apply proposed patch for PR820, crashes with Firefox 10. -- Matthias Klose Sun, 26 Feb 2012 17:26:04 +0100 icedtea-web (1.2~pre1-0ubuntu1) precise; urgency=low * Update to hg 20120203, taken from the icedtea-web-1.2 release branch. * Build separate plugin packages for OpenJDK 6 and OpenJDK 7, needed to provide the path to the runtime and the mime description in the plugin. Closes: #646843. * Use icedtea--plugin as the name for both plugin packages. * Remove icedtea-web-1.1.4-npapi-fix.patch, fixed upstream. * Pass -n to gzip when compressing manpages to be Multi-Arch: same safe. * Build multiarch packages. -- Matthias Klose Sat, 04 Feb 2012 18:19:46 +0100 icedtea-web (1.1.4-1) unstable; urgency=medium * New upstream release with security fix : - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass [ Sylvestre Ledru ] * Fix a typo in the description. (Closes: #644538) [ Damien Raude-Morvan ] * Compress manpages. (Closes: #642975) -- Damien Raude-Morvan Fri, 11 Nov 2011 12:21:32 +0100 icedtea-web (1.1.3-2) unstable; urgency=low * Team upload * Sync from ubuntu * Explicit the dependency on the OpenJDK (Closes: #644045, #644094) * itweb-settings manpage added -- Sylvestre Ledru Tue, 04 Oct 2011 13:17:52 +0200 icedtea-web (1.1.3-1ubuntu1) oneiric; urgency=low * Fix non multiarch installation. -- Matthias Klose Thu, 29 Sep 2011 15:46:00 +0200 icedtea-web (1.1.3-1) unstable; urgency=low * New upstream release: - Plug-in: PR782: Support building against npapi-sdk as well. - Common: PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path element in the manifest (e.g. Elluminate) * d/javaws.policy: Use AllPermission for netx.jar (as in Oracle JDK). * Add myself as Uploader. -- Damien Raude-Morvan Thu, 29 Sep 2011 00:18:39 +0200 icedtea-web (1.1.2-1) unstable; urgency=low * Team upload * New upstream release: - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7. - Javaws cannot use proxy settings from Firefox. (Closes: #640748, #640736, #641038) * Drop the dependency on xulrunner (Closes: #636514, #606234, #601779) * Fix FTBFS due to the switch to multiarch (Closes: #641798) [ Damien Raude-Morvan ] * Switch to 3.0 (quilt) format. * d/javaws.policy: Allow RuntimePermission for javaws to access sun.security.util package. * d/patches/javaws_change_java_policy.diff: Loading of javaws.policy. * d/rules: Install javaws.policy into /etc/icedtea-web/. -- Sylvestre Ledru Thu, 22 Sep 2011 10:48:22 +0200 icedtea-web (1.1.1-1ubuntu2) oneiric; urgency=low * Updates from the 1.1 branch: - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow. - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up. -- Matthias Klose Tue, 16 Aug 2011 22:00:46 +0200 icedtea-web (1.1.1-1ubuntu1) oneiric; urgency=low * Rebuild the control file. -- Matthias Klose Sat, 16 Jul 2011 13:43:28 +0200 icedtea-web (1.1.1-1) unstable; urgency=high * Upload to unstable. -- Matthias Klose Sat, 16 Jul 2011 13:19:00 +0200 icedtea-web (1.1.1-0ubuntu1) natty-security; urgency=high * IcedTea-Web 1.1.1 release. - CVE-2011-2513: Home directory path disclosure to untrusted applications. - CVE-2011-2514: Java Web Start security warning dialog manipulation. -- Matthias Klose Sat, 16 Jul 2011 12:51:46 +0200 icedtea-web (1.1-1ubuntu1) oneiric; urgency=low * Rebuild the control file. -- Matthias Klose Thu, 09 Jun 2011 12:03:52 +0200 icedtea-web (1.1-1) unstable; urgency=low * IcedTea-Web 1.1 release. -- Matthias Klose Thu, 09 Jun 2011 11:58:59 +0200 icedtea-web (1.1~20110608-1ubuntu1) oneiric; urgency=low * Rebuild the control file. -- Matthias Klose Thu, 09 Jun 2011 10:39:20 +0200 icedtea-web (1.1~20110608-1) unstable; urgency=low * Update to hg 20110608, taken from the icedtea-web-1.1 release branch. -- Matthias Klose Wed, 08 Jun 2011 22:11:08 +0200 icedtea-web (1.1~20110530-1ubuntu1) oneiric; urgency=low * Regenerate the control file. * Add other browsers as an alternative to firefox depends. LP: #766559. -- Matthias Klose Mon, 30 May 2011 22:25:14 +0200 icedtea-web (1.1~20110530-1) unstable; urgency=low * Update to hg 20110530, taken from the icedtea-web-1.1 release branch. -- Matthias Klose Mon, 30 May 2011 22:08:47 +0200 icedtea-web (1.1~20110510-1) unstable; urgency=low * Update to hg 20110510, taken from the icedtea-web-1.1 release branch. * Adjust conflicts to the OpenJDK version in unstable. Closes: #627779, #626605. * Make transitional package architecture independent. Closes: #627745. -- Matthias Klose Wed, 25 May 2011 14:29:42 +0200 icedtea-web (1.1~20110421-1) unstable; urgency=low * Update to hg 20110421, taken from the icedtea-web-1.1 release branch. -- Matthias Klose Thu, 21 Apr 2011 19:20:32 +0200 icedtea-web (1.1~20110420-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Wed, 20 Apr 2011 14:33:31 +0200 icedtea-web (1.1~20110420-0ubuntu1) natty; urgency=low * Update to hg 20110420. - Removes non-distributable pdf documents. * Update debian/copyright. -- Matthias Klose Wed, 20 Apr 2011 14:05:16 +0200 icedtea-web (1.1~20110406-0ubuntu2) natty; urgency=low * Reapply xulrunner → firefox-dev change from 1.1~20110320-0ubuntu2, which were overwritten in the previous upload. -- Martin Pitt Tue, 19 Apr 2011 08:47:28 +0200 icedtea-web (1.1~20110406-0ubuntu1) natty; urgency=low * Fix typo in icedtea-netx postinst to install the javaws alternative. -- Matthias Klose Wed, 06 Apr 2011 13:10:44 +0200 icedtea-web (1.1~20110320-0ubuntu2) natty; urgency=low * Switch build-depends to firefox-dev for natty. xulrunner is being demoted from main (LP: #740815) - update debian/rules - update debian/control -- Chris Coulson Mon, 04 Apr 2011 11:07:15 +0100 icedtea-web (1.1~20110320-0ubuntu1) natty; urgency=low * Update to hg 20110320. -- Matthias Klose Thu, 24 Feb 2011 12:57:25 +0100 icedtea-web (1.0~20110122-1) experimental; urgency=low * Upload to experimental. -- Matthias Klose Sun, 23 Jan 2011 13:53:14 +0100 icedtea-web (1.0~20110122-0lucid1) lucid; urgency=low * Update to hg 20110122. -- Matthias Klose Sat, 22 Jan 2011 21:21:29 +0100 icedtea-web (1.0~20101223-0ubuntu3) natty; urgency=low * Fix the armel build. -- Matthias Klose Fri, 24 Dec 2010 12:31:32 +0100 icedtea-web (1.0~20101223-0ubuntu2) natty; urgency=low * Build the plugin on armel. -- Matthias Klose Fri, 24 Dec 2010 11:51:37 +0100 icedtea-web (1.0~20101223-0ubuntu1) natty; urgency=low * Update to hg 20101223. -- Matthias Klose Thu, 23 Dec 2010 14:20:21 +0100 icedtea-web (1.0~20101127-0ubuntu1) natty; urgency=low * Update to hg 20101127. * icedtea-plugin: Add versioned conflict/replaces with icedtea6-plugin (<< 6b21.0~20101127~). LP: #673524. -- Matthias Klose Sat, 27 Nov 2010 11:51:06 +0100 icedtea-web (1.0~20101124-0ubuntu1) natty; urgency=low * Update to hg 20101124. * Fix xulrunner dependencies for natty. * Build-depend on pkg-config and libgtk2.0-dev. -- Matthias Klose Wed, 24 Nov 2010 13:23:28 +0100 icedtea-web (1.0~20101021-0ubuntu6) natty; urgency=low * Fix link flag ordering issues - add debian/patches/001_fix_pluginappletviewer_linkage.patch - add debian/patches/series - update debian/rules - update debian/control{.in} * Change xulrunner build-dep to xulrunner-2.0-dev for Natty and rebuild against the latest version. Change binary dependency to xulrunner-2.0 | firefox (>= 4.0~b7), because eventually, xulrunner will not be installed by default and we don't want to force Firefox users to install it - update debian/rules - update debian/control -- Chris Coulson Tue, 23 Nov 2010 21:19:01 +0000 icedtea-web (1.0~20101021-0ubuntu4) natty; urgency=low * Add a versioned build dependency on openjdk-6-jdk (>= 6b20-1.10~pre2). -- Matthias Klose Fri, 22 Oct 2010 00:23:34 +0200 icedtea-web (1.0~20101021-0ubuntu3) natty; urgency=low * Build icedtea6-plugin on amd64, i386 and powerpc only. -- Matthias Klose Thu, 21 Oct 2010 23:54:17 +0200 icedtea-web (1.0~20101021-0ubuntu2) natty; urgency=low * Fix version of the transitional icedtea6-plugin package. -- Matthias Klose Thu, 21 Oct 2010 23:48:49 +0200 icedtea-web (1.0~20101021-0ubuntu1) natty; urgency=low * Initial release, split out from openjdk-6. -- Matthias Klose Thu, 21 Oct 2010 08:07:41 +0200