Subject: CVS commit: pkgsrc/lang
From: OBATA Akio
Date: 2009-08-20 10:46:40
Message id: 20090820084640.89E4E175D0@cvs.netbsd.org

Log Message:
Update sun-{jre,jdk}15 to 1.5.0.20.

Changes in 1.5.0_20

The full internal version number for this update release is 1.5.0_20-b02 (where
"b" means "build"). The external version number is 5.0u20.
OlsonData 2009i

This release contains Olson time zone data version 2009i. For more information,
refer to Timezone Data Versions in the JRE Software .

Security Baseline

This update release specifies the following security baseline:
JRE Family Version 	Java SE
Security Baseline 	Java SE for Business
Security Baseline 1.4.2 	1.4.2_19 	1.4.2_22

In December, 2008, Java SE 1.4.2 reached its end of service life with the
release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above)
include the Access Only option and are available to Java SE for Business
subscribers.

For more information about the security baseline, see Deploying Java Applets
With Family JRE Versions in Java Plug-in for Internet Explorer .

Root Certificates

Root Certificates are included in this release.

    * Added one new root certificate and removed 3 root certificates from \ 
Entrust. (Refer to 6805338.)
    * Added three new root certificates from Keynectis. (Refer to 6845457.)
    * Added three new root certificates from Quovadis. (Refer to 6846473.)

Bug Fixes

This release contains fixes for one or more security vulnerabilities. For more
information, please see Sun Alerts 263408 , 263409 , 263488 , 263489 , and 264648.

Bug fixes for vulnerabilities are listed in the following table.
	BugId 	Category 	Subcategory 	Description 6656610 	java 	accessibility \ 
	AccessibleResourceBundle.getContents exposes mutable static (findbugs)
6656586 	java 	classes_awt 	Cursor.predefined is protected static mutable (findbugs)
6660539 	java 	classes_beans 	Introspector cache mutable static
6446522 	java 	classes_lang 	3Y Race condition in reflection checks
6801071 	java 	classes_net 	Remote sites can compromise user privacy and \ 
possibly hijack web session
6801497 	java 	classes_net 	Proxy is assumed to be immutable but is non-final
6406003 	java 	classes_security 	Security issues in the Provider class
6429594 	java 	classes_security 	Fix for 6406003 can be circumvented
6444262 	java 	classes_security 	Provider deserialization still has problems
6657695 	java 	classes_security 	AbstractSaslImpl.logger is a static mutable \ 
(findbugs)
6657625 	java 	classes_sound 	RmfFileReader/StandardMidiFileWriter.types are \ 
public mutable statics (findbugs)
6738524 	java 	classes_sound 	JDK13Services allows read access to system \ 
properties from untrusted code
6777448 	java 	classes_sound 	JDK13Services.getProviders creates instances with \ 
full privileges
6588003 	java 	classes_swing 	LayoutQueue mutable statics
6660049 	java 	classes_swing 	Synth Region.uiToRegionMap/lowerCaseNameMap are \ 
mutable statics
6656625 	java 	imageio \ 
	ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are \ 
mutable static (findbugs)
6657133 	java 	imageio 	Mutable statics in imageio plugins (findbugs)
6830335 	java 	jar 	Java JAR Pack200 Decompression Integer Overflow Vulnerability
6862844 	javawebstart 	other 	java web start ActiveX control security problem \ 
caused by ATL PROP_ENTRY macro
6845701 	jaxp 	parse 	Xerces2 Java XML library infinite loop with malformed XML input
6657619 	jndi 	dns 	DnsContext.debug is public static mutable (findbugs)

Other bug fixes are listed in the following table.
	BugId 	Category 	Subcategory 	Description 6851379 	java 	classes_2d 	font files \ 
not deleted upon exit
6805338 	java 	classes_security 	Add 1 new Entrust root CA cert and remove 3 \ 
others with 1024 bit keys
6845457 	java 	classes_security 	Add root certs for Keynectis CA
6846473 	java 	classes_security 	Add QuoVadis root CA certs to the JRE
6848984 	java 	classes_util_i18n 	(tz) Support tzdata2009i
6851214 	java 	classes_util_i18n 	(tz) New Jordan rule creates a failure for \ 
SimpleTimeZone parsing post tzdata2009h

Files:
RevisionActionfile
1.35modifypkgsrc/lang/sun-jdk15/Makefile
1.21modifypkgsrc/lang/sun-jdk15/distinfo
1.59modifypkgsrc/lang/sun-jre15/Makefile
1.22modifypkgsrc/lang/sun-jre15/distinfo