Sophie: icedtea-web-1.8-2.mga7 i586

icedtea-web-1.8-2.mga7.i586.rpm

Key:

SX  - http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X
PRX - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X
RHX - https://bugzilla.redhat.com/show_bug.cgi?id=X
DX  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X
GX  - http://bugs.gentoo.org/show_bug.cgi?id=X

CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

New in release 1.8 (2019-03-12):
* added support for javafx-desc and so allwong run of pure-javafx only applications
* --nosecurity enhanced for possibility to skip invalid signatures
* enhanced to allow resources to be read also from j2se/java element (OmegaT)
* PR3644 - java.lang.NoClassDefFoundError: Could not initialize class net.sourceforge.jnlp.runtime.JNLPRuntime$DeploymentConfigurationHolder
* deployment.config now support generic url instead just file
* Added support for windows desktop shortcuts via https://github.com/DmitriiShamrikov/mslinks
* cache can now be operated by groups, list by -Xcacheids (details via -verbose, can filter by regex), Xclearcache now can clear only selected id. There is also gui to operate cache via id in itweb-settings now.
* desktop shortcut name get shortened to title or file if title is missing.
* shared native launchers
* scripted launchers rework: Windows bat launchers rewritten to be feature complete, Linux shell launchers made portable, build enhanced to produce platform independent image

New in release 1.7 (2017-07-19):
* PR3366 - bash completion file was split to three, and is setup-able by bashcompdir environment variable
* added experimental support for windows
* added experimental support for java 9 (linux only)
* added experimental support for jnlp protocol (see https://bugs.openjdk.java.net/browse/JDK-8055464)
* restricted to JDK8 and higher
* all connection restrictions now consider also port
* Enabled Entry-Point attribute check
* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
* fixed DownloadService
* PR2779: html-gen.sh: Don't try to call hg if .hg directory isn't present
* PR2591 - IcedTea-Web request resources twice for meta informations and causes ClientAbortException on tomcat in conjunction with JnlpDownloadServlet
* PR2690 - Can't run BOM into JNLP file
* PR2669 - remove bash-specific syntax from top level Makefile.am
* PR2489 - various NPEs when codebase is null
* PR2855 - configure.ac: Remove unnecessary checks for libX11 and zlib
* PR878 - (http-511) Handle HTTP error 511 Network Authentication Required (standard secure proxy authentification/captive portal detection) 
* PR1190 - unuseable javaws cache handling 
* PR3227 - can not save file with query longer then (together with name) then 255 chars 
* comments in deployment.properties now should persists load/save
* fixed bug in caching of files with query
* fixed issues with recreating of existing shortcut
* trustAll/trustNone now processed correctly
* headless no longer shows dialogues
* RH1231441 Unable to read the text of the buttons of the security dialogue
* Fixed RH1233697 icedtea-web: applet origin spoofing
* Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets
* FIXED PR3263 - Cannot retrieve JavaScript Engine using ScriptEngineManager.getEngineByName 
* fixed fatal impact of initialization error of FileLog
* MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed
* more dialogs got remember me possibility
  - MissingALACAttributePanel
  - AccessWarning
  - MissingPermissionsAttributePanel
  - MatchingALACAttributePanel
  - UnsignedAppletTrustWarningPanel
  - PartiallySignedAppTrustWarningPanel
* Itw-settings
  - All rememberable dialogues can have saved value modified
* NetX
  - fixed issues with -html shortcuts
  - fixed issue with -html receiving garbage in width and height
  - main-class attribute trimmed by default
  - in strict mode, main-class attribute checked for invalid characters
  - added -browser switch as workaround around most uttermost http authentications cornercases
* PolicyEditor
  - Entry list is sorted, entries will appear with consistent ordering
  - file flag made to work when used standalone
  - file flag cannot be used in combination with main argument
  - defaultfile flag added
  - support for SignedBy and Principals along with existing Codebase
* Plugin
  - RH1273691 - Escaped equals signs in deployment.properties not un-escaped when used
  - PR2746 - IcedTea-Web Plugin 1.6.1: net.sourceforge.jnlp.LaunchException 
  - PR2714 - IcedTea-Web plugin sends uninitialized memory garbage across a pipe when NPN_GetValueForURL call fails
  - PR3198 - Error in webmin
  - PR2968 - IcedTea-Web crashes on Dell EqualLogic SAN

New in release 1.6 (2015-XX-XX):
* Massively improved offline abilities. Added Xoffline switch to force work without inet connection.
* Improved to be able to run with any JDK
* JDK 6 and older no longer supported
* JDK 8 support added (URLPermission granted if applicable)
* JDK 9 supported
* Added support for Entry-Point manifest attribute
* Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property to control scan of Manifest file
* starting arguments now accept also -- abbreviations
* Added new documentation
* Added support for menu shortcuts - both javaws applications/applets and html applets are supported
* added support for -html switch for javaws. Now you can run most of the applets without browser at all
* Control Panel
  - PR1856: ControlPanel UI improvement for lower resolutions (800*600)
* NetX
  - PR1858: Java Console accepts multi-byte encodings
  - PR1859: Java Console UI improvement for lower resolutions (800*600)
  - RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception java.lang.ClassCastException in method sun.applet.PluginAppletViewer$8.run()
  - Dropped support for long unmaintained -basedir argument
  - Returned support for -jnlp argument
  - RH1095311, PR574 -  References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9
* Plugin
  - PR1743 - Intermittant deadlock in PluginRequestProcessor
  - PR1298 - LiveConnect - problem setting array elements (applet variables) from JS
  - RH1121549: coverity defects
  - Resolves method overloading correctly with superclass heirarchy distance
* PolicyEditor
  - codebases can be renamed in-place, copied, and pasted
  - codebase URLs can be copied to system clipboard
  - displays a progress dialog while opening or saving files
  - codebases without permissions assigned save to file anyway (and re-appear on next open)
  - PR1776: NullPointer on save-and-exit
  - PR1850: duplicate codebases when launching from security dialogs
  - Fixed bug where clicking "Cancel" on the "Save before Exiting" dialog could result in the editor
    exiting without saving changes
  - Keyboard accelerators and mnemonics greatly improved
  - "File - New" allows editing a new policy without first selecting the file to save to
* Common
  - PR1769: support signed applets which specify Sandbox permissions in their manifests
* Temporary Permissions in security dialog now multi-selectable and based on PolicyEditor permissions

New in release 1.5 (2014-XX-XX):
* IcedTea-Web now using tagsoup as default (tagsoup dependence) sanitizer for input
* JDK older then 1.5 no longer supported
* IcedTea-Web is now following XDG .config and .cache specification(RH947647)
* A console for debugging plugin and javaws
* Dialogs center on screen before becoming visible
* Support for u45 and u51 new manifest attributes (Application-Name, Codebase, Permissions, Trusted-only)
* Custom applet permission policies panel in itweb-settings control panel
* javaws -version flag
* New PolicyEditor for easily adding/removing permissions to individual applets
* Cache Viewer
  - Can be closed by ESC key
  - Enabling and disabling of operational buttons is handled properly
  - Time consuming operations are indicated by a mouse busy cursor
  - "Size" and "Last Modified" columns display localized data
* NetX
  - PR1465 - java.io.FileNotFoundException while trying to download a JAR file
  - Netx can now parse malformed jnlp files using tagsoup
  - PR1026 - Apps fail to run because of the nanoxml parser's strict XML validation
  - PR1473 - javaws should not depend on name of local file
  - Redesigned About dialogue layout and contents
  - Console made aware of plugin messages
  - PR1856: ControlPanel UI improvement for lower resolutions (800*600)
  - PR1858: Java Console accepts multi-byte encodings
  - PR1859: Java Console UI improvement for lower resolutions (800*600)
* Plugin
  - PR854: Resizing an applet several times causes 100% CPU load
  - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs
  - RH976833: Multiple applets on one page cause deadlock
  - Pipes moved into XDG_RUNTIME_DIR
  - Added debug to file
  - RH1010958: insecure temporary file use flaw in LiveConnect implementation
  - Resolves method overloading correctly with superclass heirarchy distance
* Common
  - PR1474: Can't get javaws to use SOCKS proxy
  - Man page for itweb-settings
* Security Updates
  - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet

New in release 1.4 (2013-XX-XX):
* Added cs localization
* Added de localization
* Added pl localization
* Splash screen for javaws and plugin
* Better error reporting for plugin via Error-splash-screen
* All IcedTea-Web dialogues are centered to middle of active screen
* Download indicator made compact for more then one jar
* User can select its own JVM via itw-settings and deploy.properties.
* Added extended applets security settings and dialogue
* Security updates
  - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
  - CVE-2013-1927, RH884705: fixed gifar vulnerabilit
  - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
  - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
* NetX
  - PR1027: DownloadService is not supported by IcedTea-Web
  - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run
  - PR1292: Javaws does not resolve versioned jar names with periods correctly
* Plugin
  - PR1106: Buffer overflow in plugin table-
  - PR1166: Embedded JNLP File is not supported in applet tag
  - PR1217: Add command line arguments for plugins
  - PR1189: Icedtea-plugin requires code attribute when using jnlp_href
  - PR1198: JSObject is not passed to javascript correctly
  - PR1260: IcedTea-Web should not rely on GTK
  - PR1157: Applets can hang browser after fatal exception
  - PR580: http://www.horaoficial.cl/ loads improperly
* Common
  - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered
  - PR955: regression: SweetHome3D fails to run
  - PR1145: IcedTea-Web can cause ClassCircularityError
  - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
  - PR822: Applets fail to load if jars have different signers
  - PR1186: System.getProperty("deployment.user.security.trusted.cacerts") is null
  - PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails
  - PR1299: WebStart doesn't read socket proxy settings from firefox correctly

New in release 1.3 (2012-XX-XX):
* NetX
  - PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen")
  - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly
* Plugin
  - PR820: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp
  - PR863: Error passing strings to applet methods in Chromium
  - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
  - PR861: Allow loading from non codebase hosts. Allow code to connect to hosting server
  - PR518: NPString.utf8characters not guaranteed to be nul-terminated
  - PR722: META-INF/ unsigned entries should be ignored in signing
  - PR855: AppletStub getDocumentBase() doesn't return full URL
  - PR1011: Folders treated as jar files in archive tag
  - PR588: Cookies not written from cookie jar to browser cookies
  - PR920: Classes attempted to load twice when class extends from outside jar
* Common
  - PR918: java applet windows uses a low resulution black/white icon
  - RH838417: Disambiguate signed applet security prompt from certificate warning
  - RH838559: Disambiguate signed applet security prompt from certificate warning
  - RH720836: project can be compiled against GTK+ 2 or 3 librarie

New in release 1.2 (2011-XX-XX):
* Security updates:
	- RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications
	- RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation
	- RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass
* NetX
  - PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null error
  - PR765: JNLP file with all resource jars marked as 'lazy' fails to validate signature and stops the launch of application
  - PR788: Elluminate Live! is not working
  - PR804: javaws launcher incorrectly handles file names with spaces
* Plugin
  - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow
  - PR782: Support building against npapi-sdk as well
  - PR838: IcedTea plugin crashes with chrome browser when javascript is executed
  - PR852: Classloader not being flushed after last applet from a site is closed
  - RH586194: Unable to connect to connect with Juniper VPN client
  - RH718693: MindTerm SSH Applet doesn't work
Common
  - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up
  - PR771: IcedTea-Web certificate verification code does not use the right API
  - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted.
  - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7
  - PR778: Jar download and server certificate verification deadlock
  - PR789: typo in jrunscript.sh
  - PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path element in the manifest
  - PR808: javaws is unable to start, when missing jars are enumerated before main jar
  - RH734081: Javaws cannot use proxy settings from Firefox
  - RH738814: Access denied at ssl handshake
  - Support for authenticating using client certificates

New in release 1.1 (2011-XX-XX):
* Security updates
  - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries
  - RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation
* New Features
  - IcedTea-Web now installs to a FHS-compliant location
  - IcedTea-Web can now handle Proxy Auto Config files
  - Binary launchers replaced with simple shell scripts
  - Can now use codebase_lookup=false with applets.
* Common Fixes and Improvements
  - PR497: Mercurial revision detection not very reliable
  - PR638: JNLPClassLoader.loadClass(String name) can return null
  - RH677772: NoSuchAlgorithmException using SSL/TLS in javaws
  - PR724: Possible NullPointerException in JNLPClassLoader.getClassPathsFromManifest
* NetX
  - Use Firefox's proxy settings if possible
  - The user's default browser (determined from xdg-open or $BROWSER) is used
  - RH669942: javaws fails to download version/packed files (missing support for jnlp.packEnabled and jnlp.versionEnabled)
  - PR464: plugin can now load parameters from jnlp files.
  - PR658: now jnlp.packEnabled works with applets.
  - PR726: closing javaws -about no longer throws exceptions.
  - PR727: cache now properly removes files.
* Plugin
  - PR475, RH604061: Allow applets from the same page to use the same classloader
  - PR612: NetDania application ends on java.security.AccessControlException: access denied (java.util.PropertyPermission browser read)
  - PR664: Sound doesn't play on runescape.com.
  - PR721: IcedTeaPlugin.so cannot run g_main_context_iteration on a different thread unless a different GMainContext *context is used
  - PR735: Firefox 4 sometimes freezes if the applet calls showDocument()

New in release 1.0 (2010-XX-XX):

* Initial release of IcedTea-Web
* Security updates
  - RH645843, CVE-2010-3860: IcedTea System property information leak via public static
  - RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
* Plugin
  - PR542: Plugin fails with NPE on http://www.openprocessing.org/visuals/iframe.php?visualID=2615
  - PR552: Support for FreeBSD's pthread implementation
  - PR554: System.err writes content two times
  - PR556: Applet initialization code is prone to race conditions
  - PR557: Applet opens in a separate window if tab is closed when the applet loads
  - PR565: UIDefaults.getUI fails with jgoodies:looks 2.3.1
  - PR593: Increment of invalidated iterator in IcedTeaPluginUtils (patch from barbara.xxx1975@libero.it)
  - PR597: Entities are parsed incorrectly in PARAM tag in applet plugin
  - PR619: Improper finalization by the plugin can crash the browser
  - Applets are now double-buffered to eliminate flicker in ones that do heavy drawing
  - RH665104: OpenJDK Firefox Java plugin loses a cookie
* NetX
  - Add a new option -Xclearcache
  - Interfaces javax.jnlp.IntegrationService and javax.jnlp.DownloadService2 are now available
  - PR592: NetX can create invalid desktop entry files
  - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
* Control Panel
  - Modifications to deployments.properties file can now be done through a GUI