← Back to team overview

openjdk team mailing list archive

[Bug 1646927] Re: PPC64: Poor StrictMath performance due to non-optimized compilation

 

This bug was fixed in the package openjdk-8 - 8u121-b13-0ubuntu1.16.10.2

---------------
openjdk-8 (8u121-b13-0ubuntu1.16.10.2) yakkety-security; urgency=medium

  * debian/buildwatch.sh: updated to stop it if no 'make' process is running,
    as it probably means that the build failed - otherwise buildwatch keeps
    the builder alive until it exits after the timer (3 hours by default)
    expires.
  * debian/rules: updated jtreg tests to use agentvm and auto concurrency.

openjdk-8 (8u121-b13-0ubuntu1.16.10.1) yakkety-security; urgency=medium

  * Update to 8u121-b13, including security fixes:
    - S8165344, CVE-2017-3272: A protected field can be leveraged into type
      confusion.
    - S8167104, CVE-2017-3289: Custom class constructor code can bypass the
      required call to super.init allowing for uninitialized objects to be
      created.
    - S8156802, CVE-2017-3241: RMI deserialization should limit the types
      deserialized to prevent attacks that could escape the sandbox.
    - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
      dispose() on a CMenuComponentmultiple times.
    - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
      extraneous bytes added to them whereas the signature is supposed to be
      unique.
    - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
      sections to be 2^32-1 bytes long so these should not be uncompressed
      unless the user explicitly requests it.
    - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
      leak information about k.
    - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
      leak information about k.
    - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
      deserialize responses from an LDAP server when an LDAP context is
      expected.
    - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
      users or external applications would interpret them leading to possible
      security issues.
    - S8168705, CVE-2016-5547: A value from an InputStream is read directly
      into the size argument of a new byte[] without validation.
    - S8164147, CVE-2017-3261: An integer overflow exists in
      SocketOutputStream which can lead to memorydisclosure.
    - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
      dispatch HTTP GET requests where the invoker does not have permission.
    - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
      long running sessions are allowed.
  * debian/patches/8132051-zero.diff: superseeded by upstream fix S8154210;
    deleted.
  * debian/patches/hotspot-JDK-8158260-ppc64el.patch: applied upstream;
    deleted.
  * debian/patches/6926048.diff: already applied upstream; deleted.
  * debian/patches/jdk-ppc64el-S8170153.patch: improve StrictMath performance
    on ppc64el. LP: #1646927.
  * debian/patches/openjdk-ppc64el-S8170153.patch: same.
  * debian/patches/jdk-841269-filechooser.patch: fix FileChooser behavior when
    displaying links to non-existant files. Closes: #841269.
  * Refreshed various patches.

openjdk-8 (8u111-b14-3) unstable; urgency=high

  [ Tiago Stürmer Daitx ]
  * Remove cacao references, updated jtreg tests to use agentvm and auto
    concurrency.
  * Run the jtreg tests on autopkg testing.

 -- Tiago Stürmer Daitx <tiago.daitx@xxxxxxxxxxxxx>  Mon, 23 Jan 2017
11:22:24 +0000

** Changed in: openjdk-8 (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2183

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5546

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5547

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5548

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5549

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5552

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3231

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3241

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3252

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3253

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3260

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3261

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3272

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-3289

** Changed in: openjdk-8 (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-8 in Ubuntu.
https://bugs.launchpad.net/bugs/1646927

Title:
  PPC64: Poor StrictMath performance due to non-optimized compilation

Status in openjdk-8 package in Ubuntu:
  Fix Released

Bug description:
  ---Problem Description---
  Currently fdlibm optimization is disabled for PPC64, as a consequence StrictMath methods like, but not limited to, sin(), cos(), and tan() perform poorly. 
   
  ---uname output---
  Linux vm 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:38:24 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux
   
  Machine Type = pKVM 
    
  ---Steps to Reproduce---
  Please refer to:
  https://bugs.openjdk.java.net/browse/JDK-8170153
   
  Userspace package: openjdk-8-jre:ppc64el                 8u111-b14-2ubuntu2.16.04.2 

  Dear maintainer, please consider applying the fix already present
  upstream. Backport is trivial. Thank you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1646927/+subscriptions


References