------------------------------------------------------------------- Tue May 15 14:37:00 UTC 2018 - pmonrealgonzalez@suse.com - Version update to 7.1.4.25 [bsc#1093311, bsc#1085449] * Security fixes: CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 ------------------------------------------------------------------- Tue Mar 20 10:23:01 UTC 2018 - pmonrealgonzalez@suse.com - Renamed the update-alternatives link names for the different policy options to avoid collisions [bsc#1085018] * Available options: - jce_1.7.1_ibm_unlimited_local_policy [default] - jce_1.7.1_ibm_unlimited_us_export_policy - jce_1.7.1_ibm_limited_local_policy - jce_1.7.1_ibm_limited_us_export_policy ------------------------------------------------------------------- Fri Mar 16 15:53:33 UTC 2018 - pmonrealgonzalez@suse.com - Fixed priorities of alternatives [bsc#1085018] ------------------------------------------------------------------- Tue Mar 13 14:43:45 UTC 2018 - pmonrealgonzalez@suse.com - Fixed symlinks to policy files on update [bsc#1085018] ------------------------------------------------------------------- Tue Feb 27 10:18:38 UTC 2018 - pmonrealgonzalez@suse.com - Removed java-1_7_1-ibm-alsa and java-1_7_1-ibm-plugin entries in baselibs.conf due to errors in osc source_validator ------------------------------------------------------------------- Mon Feb 26 15:12:34 UTC 2018 - pmonrealgonzalez@suse.com - Version update to 7.1.4.20 [bsc#1082810] * Security fixes: CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl – SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE - IJ02284 JIT Compiler: Division by zero in JIT compiler ------------------------------------------------------------------- Fri Dec 8 11:10:01 UTC 2017 - pmonrealgonzalez@suse.com - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390] ------------------------------------------------------------------- Thu Nov 30 10:49:06 UTC 2017 - pmonrealgonzalez@suse.com - Security update to version 7.1.4.15 [bsc#1070162] * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 ------------------------------------------------------------------- Mon Aug 14 13:06:01 UTC 2017 - pmonrealgonzalez@suse.com - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081 ------------------------------------------------------------------- Mon May 15 13:36:27 UTC 2017 - tchvatal@suse.com - Version update to 7.1-4.5 bsc#1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 ------------------------------------------------------------------- Mon Mar 6 11:53:51 UTC 2017 - tchvatal@suse.com - Version update to 7.1-4.1 bnc#1027038 CVE-2016-2183 ------------------------------------------------------------------- Wed Nov 16 13:25:55 UTC 2016 - tchvatal@suse.com - Version update to 7.1-3.60 bnc#1009280 CVE-2016-5568 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 CVE-2016-5554 CVE-2016-5542 ------------------------------------------------------------------- Fri Aug 12 12:03:34 UTC 2016 - pjanouch@suse.de - Version update to 7.1-3.50 (bsc#992537): CVE-2016-3485 CVE-2016-3511 CVE-2016-3511 CVE-2016-3598 ------------------------------------------------------------------- Tue May 10 16:41:22 UTC 2016 - abergmann@suse.com - The following CVEs got also fix with the IBM Java 1.7.1 SR3 FP40 release (bsc#979252): CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 ------------------------------------------------------------------- Fri Apr 29 13:04:56 UTC 2016 - pjanouch@suse.de - IBM Java 1.7.1 SR3 FP40 released (bnc#977646 bnc#977648 bnc#977650) CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 ------------------------------------------------------------------- Fri Jan 29 09:52:21 UTC 2016 - tchvatal@suse.com - Version update to 7.1-3.30 bnc#963937, bsc#966304: CVE-2015-8540 CVE-2015-7981 CVE-2015-5041 CVE-2016-0494 CVE-2016-0483 CVE-2015-8126 CVE-2015-8472 CVE-2016-0466 CVE-2016-0402 CVE-2015-7575 CVE-2016-0448 ------------------------------------------------------------------- Thu Jan 7 13:23:17 UTC 2016 - tchvatal@suse.com - Move %_jvmdir/%sdklnk from main to develpkg for sle10 to avoid hickups - Move %_jvmjardir/%sdkcompatdir from develprj to main for the same ------------------------------------------------------------------- Fri Jan 1 13:15:09 UTC 2016 - tchvatal@suse.com - Move the pre phase to the baselibs.conf too bnc#960402 ------------------------------------------------------------------- Mon Nov 23 10:55:03 UTC 2015 - tchvatal@suse.com - Version update to 7.1-3.20 bnc#955131, bsc#929900: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 ------------------------------------------------------------------- Wed Aug 5 12:03:22 UTC 2015 - tchvatal@suse.com - Add backcompat symlinks for sdkdir - Fix bnc#941939 to provide %{name} instead of %{sdklnk} only in _jvmprivdir ------------------------------------------------------------------- Wed Jul 22 09:06:49 UTC 2015 - tchvatal@suse.com - Version update to 7.1-3.10 bnc#938895 CVE-2015-1931 CVE-2015-2638 CVE-2015-4733 CVE-2015-4732 CVE-2015-2590 CVE-2015-4731 CVE-2015-4760 CVE-2015-4748 CVE-2015-2664 CVE-2015-2632 CVE-2015-2637 CVE-2015-2619 CVE-2015-2621 CVE-2015-2613 CVE-2015-2601 CVE-2015-4749 CVE-2015-4000 CVE-2015-4729 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 ------------------------------------------------------------------- Thu Jul 2 12:24:33 UTC 2015 - tchvatal@suse.com - Version update to 7.1-3.1 bnc#935540 for the logjam attack ------------------------------------------------------------------- Mon Jun 15 13:02:08 UTC 2015 - tchvatal@suse.com - Sync spec and baselibs.conf - Remove obsolete parts of update-alternatives from baselibs.conf - Do not bother with non-etc-marked-as-conf - Move plugin desktop/icon to proper subpackage - Fix fdupes usage and javapackages-tools vs jpackage-utils dependencies - Drop creation of 0 size xlfd support files as they are never regenerated anyway - Cleanup with spec-cleaner ------------------------------------------------------------------- Wed Jun 3 10:00:31 UTC 2015 - tchvatal@suse.com - Filter out cuda requires/provides as it ain't provided in SUSE bnc#931693 ------------------------------------------------------------------- Tue Jun 2 14:48:59 UTC 2015 - tchvatal@suse.com - Version bump to 7.1-3.0 release bnc#930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 ------------------------------------------------------------------- Tue Jun 2 14:33:59 UTC 2015 - tchvatal@suse.com - Fix removeing links before update-alternatives run. bnc#931702 ------------------------------------------------------------------- Tue Jun 2 12:50:10 UTC 2015 - tchvatal@suse.com - Fix bnc#912434, javaws/plugin stuff should slave plugin update-alternatives ------------------------------------------------------------------- Tue Jun 2 11:50:07 UTC 2015 - tchvatal@suse.com - Fix bnc#912447, use system cacerts ------------------------------------------------------------------- Mon Jun 1 11:14:51 UTC 2015 - tchvatal@suse.com - Add condition for fdupes to build on SLE10 ------------------------------------------------------------------- Tue Feb 10 10:06:25 UTC 2015 - tchvatal@suse.com - Update to 7.1.2.10 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891 - javad binary seems to be no more, so remove ------------------------------------------------------------------- Fri Nov 28 13:47:52 UTC 2014 - tchvatal@suse.com - Enable ppc and ppc64 ------------------------------------------------------------------- Tue Nov 18 13:11:32 UTC 2014 - tchvatal@suse.com - bring to sle11sp4 fate#317600 - bnc#904889 java 1.7.1_sr1.2 released - CVE-2014-3065: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (bnc#) - CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. (bnc#901223 901254 901277 901748 901757 901759 901889 901968 902229 902476 902912 903684 903690 903692) - CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. (bnc#901239 901242 901246) - CVE-2014-6456: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (bnc#901239 901242 901246) - CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. (bnc#901239 901242 901246) - CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6476: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. (bnc#901239 901242 901246) - CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. (bnc#901239 901242 901246) - CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. (bnc#901239 901242 901246) - CVE-2014-6527: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. (bnc#901239 901242 901246) - CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. (bnc#901239 901242 901246) ------------------------------------------------------------------- Fri Aug 8 07:11:56 UTC 2014 - tchvatal@suse.com - Version bump to 7.1-1.0 bnc#890434: * Maintenance update for the 7.1 series matching oracle jaca 7u65 ------------------------------------------------------------------- Thu Aug 7 08:04:18 UTC 2014 - tchvatal@suse.com - Replace SuSE with SUSE. bnc#889006 ------------------------------------------------------------------- Wed May 14 08:47:10 UTC 2014 - tchvatal@suse.com - Version bump to 7.1-1.0 (bnc#877465): * support for ppc64le * zEC12 and System z hardware compression acceleration support * Improved workload management facilities on z/OS * Native record processing with Data Access Accelerator * see http://www-01.ibm.com/support/docview.wss?uid=swg21657707 ------------------------------------------------------------------- Wed Mar 5 16:28:17 CET 2014 - ro@suse.de - Fix build on i586 and s390 * Remove bogus dependency on libstdc++33 ------------------------------------------------------------------- Mon Feb 17 09:57:18 UTC 2014 - mvyskocil@suse.com - Limit package to sle12 compatible architectures - Use SUSE-NonFree License as suggested by legal team - Adapt filelist to much stricter rpm in SLE12 ------------------------------------------------------------------- Tue Dec 10 12:06:55 UTC 2013 - mvyskocil@suse.com - package IBM Java Version 7 Release 1 (FATE#316606) IBM(R) SDK, Java Technology Edition, Version 7 Release 1 is the latest release of the Java SE 7 application programming interfaces (APIs). This release contains the latest virtual machine technology from IBM and is for users who wish to use Java SE 7 APIs to: * utilize enhanced native record processing * exploit the new zEC12 capabilities * improve monitoring and diagnostics * evaluate IBM's latest cloud enablement technology * see http://www-01.ibm.com/support/docview.wss?uid=swg21657707