pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/sun-jre6 Updated lang/sun-jre6 to 6.0.16



details:   https://anonhg.NetBSD.org/pkgsrc/rev/1adbb185e385
branches:  trunk
changeset: 563902:1adbb185e385
user:      abs <abs%pkgsrc.org@localhost>
date:      Sat Aug 22 22:39:57 2009 +0000

description:
Updated lang/sun-jre6 to 6.0.16

Changes in 1.6.0_16 (6u16)

6u16 contains Olson time zone data version 2009i.

Bug Fixes

6862295         hotspot         jvmti   JDWP threadid changes during debugging session (leading to ignored breakpoints)


Changes in 1.6.0_15 (6u15)

Root Certificates

Root Certificates are included in this release.

* Added one new root certificate and removed 3 root certificates from Entrust. (Refer to 6805338.)
* Added three new root certificates from Keynectis. (Refer to 6845457.)
* Added three new root certificates from Quovadis. (Refer to 6846473.)

Blacklist Entries

This update release includes the following new entry to the Blacklist:

* JNLPAppletLauncher (See Sun Alert 263490 .)

Note: Users should install JDK and JRE 6 Update 15 or later on systems running JDK and JRE 5.0 and SDK and JRE 1.4.2 to take advantage of this blacklist feature. For more information see the 
Blacklist Jar Feature section in the 6u14 Release Notes.

Debug Issue

Java ™ Virtual Machine Tool Interface (JVM TI) breakpoints are reliable only when either the Parallel Scavenge garbage collector (-XX:+UseParallelGC) or the Parallel Compacting garbage collector 
(-XX:+UseParallelOldGC) is used.

When other collectors are used, breakpoints may stop functioning, and JVM TI object tags may become unusable after a full GC operation is performed. Java ™ Debug Interface (JDI) ThreadReferences have 
an embedded thread ID that depends on JVM TI object tags, thus the embedded thread ID may change unexpectedly. This may cause confusion in thread based JDI events.

Note that the Serial garbage collector (-XX:+UseSerialGC) is vulnerable to this problem and is selected by default on some platforms. The work around is to explicitly select the Parallel Scavenge 
collector using the command line option -XX:+UseParallelGC.

(Refer to 6862295.)
Bug Fixes

This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 263408 , 263409 , 263428 , 263429 , 263488 , 263489 , and 264648.

Bug fixes for vulnerabilities are listed in the following table.
BugId   Category        Subcategory     Description 6656610     java    accessibility   AccessibleResourceBundle.getContents exposes mutable static (findbugs)
6656586         java    classes_awt     Cursor.predefined is protected static mutable (findbugs)
6805231         java    classes_awt     Security Warning Icon is missing in Windows 2000 Prof from Jdk build 6u12
6818787         java    classes_awt     It is possible to reposition the security icon too far from the border of the window on X11
6823373         java    classes_awt     [ZDI-CAN-460] Java Web Start JPEG header parsing needs more scruity
6660539         java    classes_beans   Introspector cache mutable static
6777487         java    classes_beans   Encoder allows reading private variables with certain names
6801071         java    classes_net     Remote sites can compromise user privacy and possibly hijack web session
6801497         java    classes_net     Proxy is assumed to be immutable but is non-final
6657695         java    classes_security        AbstractSaslImpl.logger is a static mutable (findbugs)
6824440         java    classes_security        XML Signature HMAC issue
6657625         java    classes_sound   RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs)
6738524         java    classes_sound   JDK13Services allows read access to system properties from untrusted code
6777448         java    classes_sound   JDK13Services.getProviders creates instances with full privileges
6588003         java    classes_swing   LayoutQueue mutable statics
6660049         java    classes_swing   Synth Region.uiToRegionMap/lowerCaseNameMap are mutable statics
6849518         java    classes_swing   NPE is thrown in jemmy library since 6u15 b01 at javax.swing.plaf.synth.SynthContext.isSubregion()
6656625         java    imageio         ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are mutable static (findbugs)
6657133         java    imageio         Mutable statics in imageio plugins (findbugs)
6830335         java    jar     Java JAR Pack200 Decompression Integer Overflow Vulnerability
6755840         java_plugin     plugin  Version selection allows old zip and certificate handling to be exploited
6848964         javawebstart    general         TCK jnlp test jnlp_file/appletDesc/index.html#misc fails with NPE starting 6u15 b01
6862844         javawebstart    other   java web start ActiveX control security problem caused by ATL PROP_ENTRY macro
6845701         jaxp    parse   Xerces2 Java XML library infinite loop with malformed XML input
6813167         jax-ws  other   6u14 JAX-WS audit mutable static bugs
6736293         jmx     classes         OpenType checks can be bypassed through finalizer resurrection
6657619         jndi    dns     DnsContext.debug is public static mutable (findbugs)

Other bug fixes are listed in the following table.
BugId   Category        Subcategory     Description 6786503     hotspot         garbage_collector       Overflow list performance can be improved
6787254         hotspot         garbage_collector       Work queue capacity can be increased substantially on some platforms
6805338         java    classes_security        Add 1 new Entrust root CA cert and remove 3 others with 1024 bit keys
6845457         java    classes_security        Add root certs for Keynectis CA
6846473         java    classes_security        Add QuoVadis root CA certs to the JRE
6848984         java    classes_util_i18n       (tz) Support tzdata2009i
6851214         java    classes_util_i18n       (tz) New Jordan rule creates a failure for SimpleTimeZone parsing post tzdata2009h
6845077         java    install         silent JDK should install JRE/Java DB silently
6846531         javawebstart    other   REGRESSION application from ocie.net does not work with 6.0_14
6461727         jce     pkcs11_csp      TripleDES KeyGenerators in SunPKCS11 and SunJCE do not agree on key length

diffstat:

 lang/sun-jre6/Makefile         |  10 +++++-----
 lang/sun-jre6/PLIST.linux-i386 |   4 +++-
 lang/sun-jre6/distinfo         |   8 ++++----
 3 files changed, 12 insertions(+), 10 deletions(-)

diffs (70 lines):

diff -r 32b6e75c2770 -r 1adbb185e385 lang/sun-jre6/Makefile
--- a/lang/sun-jre6/Makefile    Sat Aug 22 22:05:23 2009 +0000
+++ b/lang/sun-jre6/Makefile    Sat Aug 22 22:39:57 2009 +0000
@@ -1,20 +1,20 @@
-# $NetBSD: Makefile,v 1.22 2009/06/02 16:31:26 christos Exp $
+# $NetBSD: Makefile,v 1.23 2009/08/22 22:39:57 abs Exp $
 
 # Note: Regen distinfo with PKG_DEFAULT_OPTIONS+=sun-jre-jce
 # Note: Update DOWNLOAD_NAME when you update the JRE version
 
-DISTNAME=      jre-6u14-linux-${DIST_ARCH}
+DISTNAME=      jre-6u16-linux-${DIST_ARCH}
 #PKGREVISION=    1
-PKGNAME=       sun-jre6-6.0.14
+PKGNAME=       sun-jre6-6.0.16
 MASTER_SITES=  # empty
 
 LICENSE=       sun-jre6-license
 
-DOWNLOAD_NAME= Java Runtime Environment (JRE) 6u14
+DOWNLOAD_NAME= Java Runtime Environment (JRE) 6u16
 
 USE_TOOLS+=    pax
 
-WRKSRC=                ${WRKDIR}/jre1.6.0_14
+WRKSRC=                ${WRKDIR}/jre1.6.0_16
 JAVA_WRAPPERS= java javaws keytool orbd policytool rmid rmiregistry \
                servertool tnameserv
 REQD_DIRS=     ${JAVA_HOME}
diff -r 32b6e75c2770 -r 1adbb185e385 lang/sun-jre6/PLIST.linux-i386
--- a/lang/sun-jre6/PLIST.linux-i386    Sat Aug 22 22:05:23 2009 +0000
+++ b/lang/sun-jre6/PLIST.linux-i386    Sat Aug 22 22:39:57 2009 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST.linux-i386,v 1.16 2009/06/14 20:34:15 joerg Exp $
+@comment $NetBSD: PLIST.linux-i386,v 1.17 2009/08/22 22:39:57 abs Exp $
 bin/sun6-java
 bin/sun6-javaws
 bin/sun6-keytool
@@ -30,6 +30,7 @@
 java/sun-6/bin/tnameserv
 java/sun-6/bin/unpack200
 java/sun-6/javaws/javaws
+java/sun-6/lib/alt-rt.jar
 java/sun-6/lib/audio/soundbank.gm
 java/sun-6/lib/calendars.properties.default
 java/sun-6/lib/charsets.jar
@@ -243,6 +244,7 @@
 ${PLIST.jce}java/sun-6/lib/security/COPYRIGHT.html
 ${PLIST.jce}java/sun-6/lib/security/README.txt
 java/sun-6/lib/security/US_export_policy.jar
+java/sun-6/lib/security/blacklist
 java/sun-6/lib/security/cacerts
 java/sun-6/lib/security/java.policy
 java/sun-6/lib/security/java.security.default
diff -r 32b6e75c2770 -r 1adbb185e385 lang/sun-jre6/distinfo
--- a/lang/sun-jre6/distinfo    Sat Aug 22 22:05:23 2009 +0000
+++ b/lang/sun-jre6/distinfo    Sat Aug 22 22:39:57 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.10 2009/06/09 00:24:01 obache Exp $
+$NetBSD: distinfo,v 1.11 2009/08/22 22:39:57 abs Exp $
 
 SHA1 (jce_policy-6.zip) = 7b1b021bd63152b93a16c96bb3a64f0e685fc425
 RMD160 (jce_policy-6.zip) = 6f45ce5f3c067e186554f79b3f1a61e4d7d22aae
 Size (jce_policy-6.zip) = 9101 bytes
-SHA1 (jre-6u14-linux-i586.bin) = 70275f262bd59106ded33126aa43fb3e41731c0d
-RMD160 (jre-6u14-linux-i586.bin) = 773d226c5602790c8cad4eba4a1c288bd067a519
-Size (jre-6u14-linux-i586.bin) = 20851822 bytes
+SHA1 (jre-6u16-linux-i586.bin) = b7bbf4f1112798e3aef380b4e1cf7541827b42e2
+RMD160 (jre-6u16-linux-i586.bin) = 673c39c7004f79c3cc003cbdaa09d1b8cafff7f0
+Size (jre-6u16-linux-i586.bin) = 20857710 bytes


Home | Main Index | Thread Index | Old Index