Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Updated lang/sun-jre15 to 5.0.22
Changes in 1.5.0_22
The full internal version number for this update release is 1.5.0_22-b03 (where \
"b" means "build"). The external version number is 5.0u22.
OlsonData 2009m
This release contains Olson time zone data version 2009m. For more information, \
refer to Timezone Data Versions in the JRE Software .
Security Baseline
This update release specifies the following security baseline:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 1.4.2 1.4.2_19 1.4.2_24
In December, 2008, Java SE 1.4.2 reached its end of service life with the \
release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) \
include the Access Only option and are available to Java SE for Business \
subscribers.
For more information about the security baseline, see Deploying Java Applets \
With Family JRE Versions in Java Plug-in for Internet Explorer .
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate for SECOM. (Refer to 6872579.)
* Added one new root certificate for GlobalSign. (Refer to 6860447.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more \
information, please see Sun Alerts 269868, 270474, 270475, and 270476.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6631533 java classes_2d \
ICC_Profile allows detecting if some files exist
6815780 java classes_2d TrueType font parsing crash when stressing Sun Bug \
6751322 test case
6822057 java classes_2d X11 and Win32GraphicsDevice don't clone arrays \
returned from getConfigurations()
6862969 java classes_2d JPEG JFIF Decoder issue
6862970 java classes_2d Image Color Profile parsing issue
6872357 java classes_2d JRE AWT setDifflCM vulnerable to Stack Overflow
6872358 java classes_2d JRE AWT setBytePixels vulnerable to Heap Overflow
6664512 java classes_awt Component and [Default]KeyboardFocusManager pass \
security sensitive objects to loggers
6636650 java classes_lang (cl) Resurrected ClassLoaders can still have children
6861062 java classes_security Disable MD2 in certificate chain validation
6863503 java classes_security SECURITY: MessageDigest.isEqual introduces \
timing attack vulnerabilities
6864911 java classes_security ASN.1/DER input stream parser needs more work
6854303 java classes_sound Sun Java HsbParser.getSoundBank Stack Buffer \
Overflow Vulnerability
6657026 java classes_swing Numerous static security flaws in Swing (findbugs)
6657138 java classes_swing Mutable statics in Windows PL&F (findbugs)
6824265 java classes_util_i18n (tz) TimeZone.getTimeZone allows probing local \
filesystem
6632445 java imageio DoS from parsing BMPs with UNC ICC links
6862968 java imageio JPEG Image Writer quantization problem
6874643 java imageio ImageI/O JPEG is vulnerable to Heap Overflow
6869694 java install java update malfunctioning
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6876061 java classes_awt Following \
JCK5 test not working as exp-d on linux: awt-interactive-ComponentTests
6860447 java classes_security Add GlobalSign R3 Root certificate to the JDK
6872579 java classes_security Add SECOM Root CA 2 to JDK
6880110 java classes_util_i18n (tz) Support tzdata2009m
Changes in 1.5.0_21
The full internal version number for this update release is 1.5.0_21-b01 (where \
"b" means "build"). The external version number is 5.0u21.
OlsonData 2009l
This release contains Olson time zone data version 2009l. For more information, \
refer to Timezone Data Versions in the JRE Software .
Security Baseline
This update release specifies the following security baseline:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 1.4.2 1.4.2_19 1.4.2_22
On October 30, 2008, Java SE 1.4.2 reached its end of service life with the \
release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) \
include the Access Only option and are available to Java SE for Business \
subscribers.
For more information about the security baseline, see Deploying Java Applets \
With Family JRE Versions in Java Plug-in for Internet Explorer .
Additional Supported System Configurations
As of this update, support has been added for the following system configurations:
* Windows Vista SP2
* Windows Server 2008 SP2
Refer to the Supported System Configurations page.
Bug Fixes
Bug fixes are listed in the following table.
BugId Category Subcategory Description 6422099 hotspot compiler2 C2 \
assert("live value must not be garbage")
6445745 hotspot compiler2 TransformerManagementThreadAddTests.java fails an \
assertion
6772683 hotspot compiler2 Thread.isInterrupted() fails to return true on \
multiprocessor PC
6842999 hotspot runtime_system Update hotspot windows os_win32 for windows 2008 R2
6845161 jaas login Bottleneck in Configuration.getConfiguration synchronized call
6860491 java classes_awt WRAP_TIME_MILLIS incorrectly set
6843003 java classes_lang Windows Server 2008 R2 system recognition
6808046 java classes_swing Having image problems on Asian Languages display
6645292 java classes_text [Fmt-Da] Timezone Western Summer Time (Australia) \
is parsed incorrectly
6665028 java classes_text native code of method j*.text.Bidi.nativeBidiChars \
is using the contents of a primitive array direct
6872467 java classes_util_i18n (tz) Support tzdata2009l
6814140 java classes_util_logging deadlock due to synchronized demandLogger() \
code that locks ServerLogManager
6817482 java_plugin iexplorer On IE, modal JDialog from an Applet in html \
frame is not modal
6432317 java_plugin misc Vista: Java Plugin won't be able to launch extension \
installers.
6818278 javawebstart jnlp_file sunmc console when started with javaws does \
not communicate with the firewall port range
6748156 jndi ldap add an new JNDI property to control the boolean flag \
WaitForReply (JDK5)
6750362 jndi ldap Very large LDAP requests throw a OOM on LDAP servers which \
aren't aware of Paged Results Controls
| Revision | Action | file |
| 1.60 | modify | pkgsrc/lang/sun-jre15/Makefile |
| 1.23 | modify | pkgsrc/lang/sun-jre15/distinfo |