CVS commit: pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang
From: OBATA Akio <obache%netbsd.org@localhost>
Date: Thu, 20 Aug 2009 08:46:40 +0000

Module Name:    pkgsrc
Committed By:   obache
Date:           Thu Aug 20 08:46:40 UTC 2009

Modified Files:
        pkgsrc/lang/sun-jdk15: Makefile distinfo
        pkgsrc/lang/sun-jre15: Makefile distinfo

Log Message:
Update sun-{jre,jdk}15 to 1.5.0.20.

Changes in 1.5.0_20

The full internal version number for this update release is 1.5.0_20-b02 (where
"b" means "build"). The external version number is 5.0u20.
OlsonData 2009i

This release contains Olson time zone data version 2009i. For more information,
refer to Timezone Data Versions in the JRE Software .

Security Baseline

This update release specifies the following security baseline:
JRE Family Version      Java SE
Security Baseline       Java SE for Business
Security Baseline 1.4.2         1.4.2_19        1.4.2_22

In December, 2008, Java SE 1.4.2 reached its end of service life with the
release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above)
include the Access Only option and are available to Java SE for Business
subscribers.

For more information about the security baseline, see Deploying Java Applets
With Family JRE Versions in Java Plug-in for Internet Explorer .

Root Certificates

Root Certificates are included in this release.

    * Added one new root certificate and removed 3 root certificates from 
Entrust. (Refer to 6805338.)
    * Added three new root certificates from Keynectis. (Refer to 6845457.)
    * Added three new root certificates from Quovadis. (Refer to 6846473.)

Bug Fixes

This release contains fixes for one or more security vulnerabilities. For more
information, please see Sun Alerts 263408 , 263409 , 263488 , 263489 , and 
264648.

Bug fixes for vulnerabilities are listed in the following table.
        BugId   Category        Subcategory     Description 6656610     java    
accessibility   AccessibleResourceBundle.getContents exposes mutable static 
(findbugs)
6656586         java    classes_awt     Cursor.predefined is protected static 
mutable (findbugs)
6660539         java    classes_beans   Introspector cache mutable static
6446522         java    classes_lang    3Y Race condition in reflection checks
6801071         java    classes_net     Remote sites can compromise user 
privacy and possibly hijack web session
6801497         java    classes_net     Proxy is assumed to be immutable but is 
non-final
6406003         java    classes_security        Security issues in the Provider 
class
6429594         java    classes_security        Fix for 6406003 can be 
circumvented
6444262         java    classes_security        Provider deserialization still 
has problems
6657695         java    classes_security        AbstractSaslImpl.logger is a 
static mutable (findbugs)
6657625         java    classes_sound   
RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs)
6738524         java    classes_sound   JDK13Services allows read access to 
system properties from untrusted code
6777448         java    classes_sound   JDK13Services.getProviders creates 
instances with full privileges
6588003         java    classes_swing   LayoutQueue mutable statics
6660049         java    classes_swing   Synth 
Region.uiToRegionMap/lowerCaseNameMap are mutable statics
6656625         java    imageio         
ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are 
mutable static (findbugs)
6657133         java    imageio         Mutable statics in imageio plugins 
(findbugs)
6830335         java    jar     Java JAR Pack200 Decompression Integer Overflow 
Vulnerability
6862844         javawebstart    other   java web start ActiveX control security 
problem caused by ATL PROP_ENTRY macro
6845701         jaxp    parse   Xerces2 Java XML library infinite loop with 
malformed XML input
6657619         jndi    dns     DnsContext.debug is public static mutable 
(findbugs)

Other bug fixes are listed in the following table.
        BugId   Category        Subcategory     Description 6851379     java    
classes_2d      font files not deleted upon exit
6805338         java    classes_security        Add 1 new Entrust root CA cert 
and remove 3 others with 1024 bit keys
6845457         java    classes_security        Add root certs for Keynectis CA
6846473         java    classes_security        Add QuoVadis root CA certs to 
the JRE
6848984         java    classes_util_i18n       (tz) Support tzdata2009i
6851214         java    classes_util_i18n       (tz) New Jordan rule creates a 
failure for SimpleTimeZone parsing post tzdata2009h


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/lang/sun-jdk15/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/sun-jdk15/distinfo
cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/sun-jre15/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/lang/sun-jre15/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/lang/sun-jre15
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/lang/sun-jre15
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index