Subject: CVS commit: pkgsrc/lang/sun-jdk15
From: David Brownlee
Date: 2009-11-22 20:48:06
Message id: 20091122194806.D2F37175DD@cvs.netbsd.org

Log Message:
Updated lang/sun-jdk15 to 5.0.22

Changes in 1.5.0_22

The full internal version number for this update release is 1.5.0_22-b03 (where \ 
"b" means "build"). The external version number is 5.0u22.
OlsonData 2009m

This release contains Olson time zone data version 2009m. For more information, \ 
refer to Timezone Data Versions in the JRE Software .

Security Baseline

This update release specifies the following security baseline:
JRE Family Version 	Java SE
Security Baseline 	Java SE for Business
Security Baseline 1.4.2 	1.4.2_19 	1.4.2_24

In December, 2008, Java SE 1.4.2 reached its end of service life with the \ 
release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) \ 
include the Access Only option and are available to Java SE for Business \ 
subscribers.

For more information about the security baseline, see Deploying Java Applets \ 
With Family JRE Versions in Java Plug-in for Internet Explorer .

Root Certificates

Root Certificates are included in this release.

    * Added one new root certificate for SECOM. (Refer to 6872579.)
    * Added one new root certificate for GlobalSign. (Refer to 6860447.)

Bug Fixes

This release contains fixes for one or more security vulnerabilities. For more \ 
information, please see Sun Alerts 269868, 270474, 270475, and 270476.

Bug fixes for vulnerabilities are listed in the following table.
	BugId 	Category 	Subcategory 	Description 6631533 	java 	classes_2d \ 
	ICC_Profile allows detecting if some files exist
6815780 	java 	classes_2d 	TrueType font parsing crash when stressing Sun Bug \ 
6751322 test case
6822057 	java 	classes_2d 	X11 and Win32GraphicsDevice don't clone arrays \ 
returned from getConfigurations()
6862969 	java 	classes_2d 	JPEG JFIF Decoder issue
6862970 	java 	classes_2d 	Image Color Profile parsing issue
6872357 	java 	classes_2d 	JRE AWT setDifflCM vulnerable to Stack Overflow
6872358 	java 	classes_2d 	JRE AWT setBytePixels vulnerable to Heap Overflow
6664512 	java 	classes_awt 	Component and [Default]KeyboardFocusManager pass \ 
security sensitive objects to loggers
6636650 	java 	classes_lang 	(cl) Resurrected ClassLoaders can still have children
6861062 	java 	classes_security 	Disable MD2 in certificate chain validation
6863503 	java 	classes_security 	SECURITY: MessageDigest.isEqual introduces \ 
timing attack vulnerabilities
6864911 	java 	classes_security 	ASN.1/DER input stream parser needs more work
6854303 	java 	classes_sound 	Sun Java HsbParser.getSoundBank Stack Buffer \ 
Overflow Vulnerability
6657026 	java 	classes_swing 	Numerous static security flaws in Swing (findbugs)
6657138 	java 	classes_swing 	Mutable statics in Windows PL&F (findbugs)
6824265 	java 	classes_util_i18n 	(tz) TimeZone.getTimeZone allows probing local \ 
filesystem
6632445 	java 	imageio 	DoS from parsing BMPs with UNC ICC links
6862968 	java 	imageio 	JPEG Image Writer quantization problem
6874643 	java 	imageio 	ImageI/O JPEG is vulnerable to Heap Overflow
6869694 	java 	install 	java update malfunctioning

Other bug fixes are listed in the following table.
	BugId 	Category 	Subcategory 	Description 6876061 	java 	classes_awt 	Following \ 
JCK5 test not working as exp-d on linux: awt-interactive-ComponentTests
6860447 	java 	classes_security 	Add GlobalSign R3 Root certificate to the JDK
6872579 	java 	classes_security 	Add SECOM Root CA 2 to JDK
6880110 	java 	classes_util_i18n 	(tz) Support tzdata2009m

Changes in 1.5.0_21

The full internal version number for this update release is 1.5.0_21-b01 (where \ 
"b" means "build"). The external version number is 5.0u21.
OlsonData 2009l

This release contains Olson time zone data version 2009l. For more information, \ 
refer to Timezone Data Versions in the JRE Software .

Security Baseline

This update release specifies the following security baseline:
	JRE Family Version 	Java SE
Security Baseline 	Java SE for Business
Security Baseline 1.4.2 	1.4.2_19 	1.4.2_22

On October 30, 2008, Java SE 1.4.2 reached its end of service life with the \ 
release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) \ 
include the Access Only option and are available to Java SE for Business \ 
subscribers.

For more information about the security baseline, see Deploying Java Applets \ 
With Family JRE Versions in Java Plug-in for Internet Explorer .

Additional Supported System Configurations

As of this update, support has been added for the following system configurations:

    * Windows Vista SP2
    * Windows Server 2008 SP2

Refer to the Supported System Configurations page.
Bug Fixes

Bug fixes are listed in the following table.
	BugId 	Category 	Subcategory 	Description 6422099 	hotspot 	compiler2 	C2 \ 
assert("live value must not be garbage")
6445745 	hotspot 	compiler2 	TransformerManagementThreadAddTests.java fails an \ 
assertion
6772683 	hotspot 	compiler2 	Thread.isInterrupted() fails to return true on \ 
multiprocessor PC
6842999 	hotspot 	runtime_system 	Update hotspot windows os_win32 for windows 2008 R2
6845161 	jaas 	login 	Bottleneck in Configuration.getConfiguration synchronized call
6860491 	java 	classes_awt 	WRAP_TIME_MILLIS incorrectly set
6843003 	java 	classes_lang 	Windows Server 2008 R2 system recognition
6808046 	java 	classes_swing 	Having image problems on Asian Languages display
6645292 	java 	classes_text 	[Fmt-Da] Timezone Western Summer Time (Australia) \ 
is parsed incorrectly
6665028 	java 	classes_text 	native code of method j*.text.Bidi.nativeBidiChars \ 
is using the contents of a primitive array direct
6872467 	java 	classes_util_i18n 	(tz) Support tzdata2009l
6814140 	java 	classes_util_logging 	deadlock due to synchronized demandLogger() \ 
code that locks ServerLogManager
6817482 	java_plugin 	iexplorer 	On IE, modal JDialog from an Applet in html \ 
frame is not modal
6432317 	java_plugin 	misc 	Vista: Java Plugin won't be able to launch extension \ 
installers.
6818278 	javawebstart 	jnlp_file 	sunmc console when started with javaws does \ 
not communicate with the firewall port range
6748156 	jndi 	ldap 	add an new JNDI property to control the boolean flag \ 
WaitForReply (JDK5)
6750362 	jndi 	ldap 	Very large LDAP requests throw a OOM on LDAP servers which \ 
aren't aware of Paged Results Controls

Files:
RevisionActionfile
1.36modifypkgsrc/lang/sun-jdk15/Makefile
1.22modifypkgsrc/lang/sun-jdk15/distinfo