pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/sun-jre6
Module Name: pkgsrc
Committed By: abs
Date: Sat Aug 22 22:39:57 UTC 2009
Modified Files:
pkgsrc/lang/sun-jre6: Makefile PLIST.linux-i386 distinfo
Log Message:
Updated lang/sun-jre6 to 6.0.16
Changes in 1.6.0_16 (6u16)
6u16 contains Olson time zone data version 2009i.
Bug Fixes
6862295 hotspot jvmti JDWP threadid changes during debugging
session (leading to ignored breakpoints)
Changes in 1.6.0_15 (6u15)
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate and removed 3 root certificates from Entrust.
(Refer to 6805338.)
* Added three new root certificates from Keynectis. (Refer to 6845457.)
* Added three new root certificates from Quovadis. (Refer to 6846473.)
Blacklist Entries
This update release includes the following new entry to the Blacklist:
* JNLPAppletLauncher (See Sun Alert 263490 .)
Note: Users should install JDK and JRE 6 Update 15 or later on systems running
JDK and JRE 5.0 and SDK and JRE 1.4.2 to take advantage of this blacklist
feature. For more information see the Blacklist Jar Feature section in the 6u14
Release Notes.
Debug Issue
Java â?¢ Virtual Machine Tool Interface (JVM TI) breakpoints are reliable only
when either the Parallel Scavenge garbage collector (-XX:+UseParallelGC) or the
Parallel Compacting garbage collector (-XX:+UseParallelOldGC) is used.
When other collectors are used, breakpoints may stop functioning, and JVM TI
object tags may become unusable after a full GC operation is performed. Java
â?¢ Debug Interface (JDI) ThreadReferences have an embedded thread ID that
depends on JVM TI object tags, thus the embedded thread ID may change
unexpectedly. This may cause confusion in thread based JDI events.
Note that the Serial garbage collector (-XX:+UseSerialGC) is vulnerable to this
problem and is selected by default on some platforms. The work around is to
explicitly select the Parallel Scavenge collector using the command line option
-XX:+UseParallelGC.
(Refer to 6862295.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more
information, please see Sun Alerts 263408 , 263409 , 263428 , 263429 , 263488 ,
263489 , and 264648.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6656610 java
accessibility AccessibleResourceBundle.getContents exposes mutable static
(findbugs)
6656586 java classes_awt Cursor.predefined is protected static
mutable (findbugs)
6805231 java classes_awt Security Warning Icon is missing in
Windows 2000 Prof from Jdk build 6u12
6818787 java classes_awt It is possible to reposition the
security icon too far from the border of the window on X11
6823373 java classes_awt [ZDI-CAN-460] Java Web Start JPEG
header parsing needs more scruity
6660539 java classes_beans Introspector cache mutable static
6777487 java classes_beans Encoder allows reading private
variables with certain names
6801071 java classes_net Remote sites can compromise user
privacy and possibly hijack web session
6801497 java classes_net Proxy is assumed to be immutable but is
non-final
6657695 java classes_security AbstractSaslImpl.logger is a
static mutable (findbugs)
6824440 java classes_security XML Signature HMAC issue
6657625 java classes_sound
RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs)
6738524 java classes_sound JDK13Services allows read access to
system properties from untrusted code
6777448 java classes_sound JDK13Services.getProviders creates
instances with full privileges
6588003 java classes_swing LayoutQueue mutable statics
6660049 java classes_swing Synth
Region.uiToRegionMap/lowerCaseNameMap are mutable statics
6849518 java classes_swing NPE is thrown in jemmy library since
6u15 b01 at javax.swing.plaf.synth.SynthContext.isSubregion()
6656625 java imageio
ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are
mutable static (findbugs)
6657133 java imageio Mutable statics in imageio plugins
(findbugs)
6830335 java jar Java JAR Pack200 Decompression Integer Overflow
Vulnerability
6755840 java_plugin plugin Version selection allows old zip and
certificate handling to be exploited
6848964 javawebstart general TCK jnlp test
jnlp_file/appletDesc/index.html#misc fails with NPE starting 6u15 b01
6862844 javawebstart other java web start ActiveX control security
problem caused by ATL PROP_ENTRY macro
6845701 jaxp parse Xerces2 Java XML library infinite loop with
malformed XML input
6813167 jax-ws other 6u14 JAX-WS audit mutable static bugs
6736293 jmx classes OpenType checks can be bypassed through
finalizer resurrection
6657619 jndi dns DnsContext.debug is public static mutable
(findbugs)
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6786503 hotspot
garbage_collector Overflow list performance can be improved
6787254 hotspot garbage_collector Work queue capacity can
be increased substantially on some platforms
6805338 java classes_security Add 1 new Entrust root CA cert
and remove 3 others with 1024 bit keys
6845457 java classes_security Add root certs for Keynectis CA
6846473 java classes_security Add QuoVadis root CA certs to
the JRE
6848984 java classes_util_i18n (tz) Support tzdata2009i
6851214 java classes_util_i18n (tz) New Jordan rule creates a
failure for SimpleTimeZone parsing post tzdata2009h
6845077 java install silent JDK should install JRE/Java DB
silently
6846531 javawebstart other REGRESSION application from ocie.net
does not work with 6.0_14
6461727 jce pkcs11_csp TripleDES KeyGenerators in SunPKCS11
and SunJCE do not agree on key length
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 pkgsrc/lang/sun-jre6/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/sun-jre6/PLIST.linux-i386
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/sun-jre6/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index