File java-1_6_0-sun.changes of Package java-1_6_0-sun

Wed Jan  5 20:00:40 UTC 2011 -

- Update to 6u23 (bnc#662459)

Mon Oct 18 12:44:52 UTC 2010 -

- fix bnc#46073 - VUL-0: java-1_6_0-sun Security Update to u22 
  CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566
  CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563
  CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552
  CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555
  CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555
  CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541
  CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551

Tue Oct 12 08:19:01 UTC 2010 -

- fix bnc#355868: Could not initialize class javax.crypto.SunJCE_b
  * post install script no longer broke the $JREDIR/lib/security/*policy.jar

Thu Jul 22 07:09:29 UTC 2010 -

- Update to 6u21 (bnc#624569)

Tue Apr 20 09:08:54 UTC 2010 -

- fix bnc#596010 - VUL-0: Java webstart code exec
 - CVE-2010-0886
   codebase parameter in JNLP file is required starting this release - Java SE 6 update 20
- fix bnc#597827 - symlink /usr/bin/javaws to /etc/alternatives/javaws is missing

Wed Mar 31 12:56:18 UTC 2010 -

- fix bnc#592589 - VUL-0: Sun Java 6 Update 19
  CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
  CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,
  CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094,
  CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839,
  CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843,
  CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847,
  CVE-2010-0848, CVE-2010-0849, CVE-2010-0850
- fix [bnc#578877] - jvisualvm not present in PATH

Thu Jan 28 14:36:55 UTC 2010 -

- fixed [bnc#574502] - VUL-0: java-1_6_0-sun update u18

Thu Jan 14 13:40:25 UTC 2010 -

- fixed bnc#570306 - run javaws -viewer from GUI

Thu Nov  5 15:16:47 UTC 2009 -

- fixed [bnc#552586] - VUL-0: java-1_6_0-sun: u17 update

Wed Aug  5 11:01:08 UTC 2009 -

- fixed bnc#528268: VUL-0: sun jdk 5 u20 / jdk 6 u 15 update
  * Added one new root certificate and removed 3 root certificates from
    Entrust. (Refer to 6805338.) Added three new root certificates from
  * Keynectis. (Refer to 6845457.)
  * Added three new root certificates from Quovadis. (Refer to 6846473.)
  * JNLPAppletLauncher in blacklist (See Sun Alert 263490.)
  * + many bugfixes

Thu Jun 11 14:39:57 CEST 2009 -

- fixed bnc#510016: Chinese fonts display
  Merged with openjdk:
  * used logical font names ("DejaVu Sans") instead of X11 names
  * use Arphic PL fonts for Chinse, instead of non existent sazanami
  * use UnDotum and UnBatang fonts for Korean, instead of baekmukttf-batang
- fixed bnc#494536: Updating Java overwrites a custom certs
  Mark the following files as %config(noreplace):
  * jre/lib/security/cacerts
  * jre/lib/security/java.policy
  * jre/lib/security/
  * jre/lib/security/
  * /usr/lib/jvm-private/java-1_6_0-sun/jce/vanilla/local_policy.jar
  * /usr/lib/jvm-private/java-1_6_0-sun/jce/vanilla/US_export_policy.jar
  (don't remove the policy files in jre/lib/security - they're just symlinks)

Mon Jun  1 11:15:17 CEST 2009 -

- fixed bnc#507056: updated to 1.6.0.u14
- Support for blacklisting signed jar files.
- Java HotSpot VM 14.0 with more efficient SoftReference processing and
  improvements to Parallel Compacting garbage collection. Optionally available
  are two new features - escape analysis and compressed object pointers:
  * Optimization Using Escape Analysis: -XX:+DoEscapeAnalysis
  * Compressed Object Pointers: -XX:+UseCompressedOops (improve performance on 64bit JRE)
  * Garbage First (G1) Garbage Collector: -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC
    production use of G1 is only permitted where a Java support contract has
    been purchased, which is not provides by SUSE!
- Improvement TreeMap Iteration
- JAX WS 2.1.6 and JAXB 2.1.10
- JAX-WS 2.1.6 and JAXB 2.1.10 are integrated into JDK 6u14. You can find more details about the new features in the JAX-WS 2.1.6 changelog and in the JAXB 2.1.10 changelog.
- JavaDB
- Java VisualVM Updates:
  * CPU usage and GC activity graph in the Monitor tab
  * Table view in the Threads tab
  * Command line options: --openpid, --openjmx, --openfile
  * Compare Memory Snapshots action in the context menu
  * Copy To Clipboard / Save To File buttons in the About dialog
  * Monitoring IBM JVM via JMX connection
  * Based on NetBeans Platform 6.5 and NetBeans Profiler 6.5
  * Faster computation of references, and improved readability of path to GC root in HeapWalker
  * Improved integration of the Visual GC tool

Mon May 25 10:52:28 CEST 2009 -

- fixed bnc#506730: Sun Java uses own fonts instead of platform fonts 

Mon Apr 20 16:09:04 CEST 2009 -

- fixed bnc#496489: added sample to demo package

Thu Mar 26 15:47:30 CET 2009 -

- update to 1.6.0u13 (bnc#488926)
- moved new plugin file to -plugin package

Wed Feb 18 10:22:50 CET 2009 -

- fixed bnc#476397:
  - added a compatibility symlink for Seamonkey on %ix86

Tue Feb 10 09:42:49 CET 2009 -

- fixed bnc#473952: update-test java update crashes firefox
  - removed a wrappers scripts as upstream fixed the xorg.conf issue
- supress some other rpmlint warnings

Fri Feb  6 10:22:21 CET 2009 -

- update to 1.6.0 u12: bnc#472412
  - enabled a -plugin package
- do not install alternatives for kinit, klist and ktab manual pages
- be carefull with %%fdupes
- minor fixes in .desktop files
- supress some rpmlint warnings

Tue Jan 27 09:09:41 CET 2009 -

- enable of -src build in build service (bnc#465790#c8) 

Thu Jan 15 15:21:03 CET 2009 -

- used a new Java plugin for Firefox3 (bnc#465790)
- use a %%{javamajver} in JVM toplevel dir (bnc#466078)
- use a %{{origin} instead of sun

Tue Dec  9 11:10:01 CET 2008 -

- update to 1.6.0u11 (bnc#456770) 

Mon Dec  1 11:44:32 CET 2008 -

- fixed of bnc#450316: Cannot install java-1_6_0-sun package after changing
  /bin/sh to point to zsh and not bash 
- added a Conflicts: MozillaFirefox <= 2, the new Java plugin included in u10
  is not compatible with Firefox 2

Fri Nov 21 14:43:43 CET 2008 -

- update to u10 FATE#305407
- supress some rpmlint warnings, which cannot be fixed in binary release

Mon Nov 10 13:15:32 CET 2008 -

- timezone update to 1_3_9-2008g (bnc#427616)
  - defined tzversion macro for better maintenance in future.

Fri Sep 19 11:30:06 CEST 2008 -

- Fixed [bnc#394974]: Missing .systemPrefs

Mon Jul 14 11:54:57 CEST 2008 -

- updated to 1.6.0u7 (bnc#407935)
- updated timezone data 

Mon Apr 28 17:14:39 CEST 2008 -

- update to 1.6.0u6: VUL-0: java 1.6.0 update 6 security update available
  - xcb_xlib.c:50: xcb_xlib_unlock: Assertion 'c->xlib.lock' failed.
  - HttpClient and HttpsClient should not try to reverse lookup IP address of a
    proxy server
  - REGRESSION: setting result in NPE in ACC
  - (tz) Support tzdata2008a
  - Incorrect locale specified in the URL embedded in the
  - FontConfiguration exception preventing applets from loading
  - Java 6 JavaWebstart increases footprint by factor 2
  - JWS can't find cache file after network crash
  - not included in make/docs/CORE_PKGS.gmk
  - com.sun.crypto.provider.SunJCE instance leak using KRB5 and LoginContext 
- fix the java 1.6.0_01-b06 getPackage isCompatibleWith Empty version string
  AMD86 [bnc#331680]

Wed Apr  9 16:49:56 CEST 2008 -

- fixed names of java-1.6.0-sun and java-1.6.0-sun-devel
  provides, fixed directory names (removed update number)

Wed Mar 26 16:54:41 CET 2008 -

- update to 1.6.0u5: VUL-0: java: multiple vulnerabilities [bnc#368134]
- CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for
  Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0
  Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote
  attackers should gain privileges via an untrusted application or applet, a
  different issue than CVE-2008-1186.
- CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime
  Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and
  earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to
  cause a denial of service (JRE crash) and possibly execute arbitrary
  code via unknown vectors related to XSLT transforms.
- CVE-2008-1188: Multiple buffer overflows in Java Web Start in Sun
  JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier,
  allow remote attackers to execute arbitrary code via unknown vectors,
  a different issue than CVE-2008-1189.
- CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE
  6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE
  1.4.2_16 and earlier allows remote attackers to execute arbitrary code
  via unknown vectors, a different issue than CVE-2008-1188.
- CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun
  JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and
  SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain
  privileges via an untrusted application, a different issue than
- CVE-2008-1191: Unspecified vulnerability in Java Web Start in Sun
  JDK and JRE 6 Update 4 and earlier allows remote attackers to create
  arbitrary files via an untrusted application, a different issue than
- CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun
  JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and
  SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows
  remote attackers to bypass the same origin policy and "execute local
  applications" via unknown vectors.
- CVE-2008-1193: Unspecified vulnerability in Java Runtime Environment
  Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and
  5.0 Update 14 and earlier, allows remote attackers to gain privileges
  via an untrusted application.
- CVE-2008-1194: Multiple unspecified vulnerabilities in the color
  management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0
  Update 14 and earlier, allows remote attackers to cause a denial of
  service (crash) via unknown vectors.
- CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime
  Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and
  earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers
  to access arbitrary network services on the local host via unspecified
  vectors related to JavaScript and Java APIs.
- CVE-2008-1196: Stack-based buffer overflow in Java Web Start
  (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update
  14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote
  attackers to execute arbitrary code via a crafted JNLP file.

Thu Mar  6 10:14:49 CET 2008 -

- removed Provides and Obsoletes of java-1.5.0-plugin in plugin
  subpackage: [bnc#365768]

Thu Feb 28 11:47:35 CET 2008 -

- changed Requires: %{_libdir}/, %{_libdir}/
  to Requires: unixODBC [#326751] 

Wed Jan 23 09:41:55 CET 2008 -

- New update - 1.6.0u4
- The better alternatives script
- Updated the timezone info to 2007k
- avoid the building of a src subpackage in BuildService (licencing problems)
- added %{bits} to requires of subpackage [#354123]

Thu Dec 20 08:30:05 CET 2007 -

- added 32-bit and 64-bit specific provides (jre-32, jre-64)

Tue Nov  6 14:22:05 CET 2007 -

- Fixed a manual state in /etc/alternatives after update [#334783] 

Mon Oct 22 14:52:30 CEST 2007 -

- Fixed bug [#334783] bad symlinks in /etc/alternatives after update 

Wed Oct 10 09:44:19 CEST 2007 -
- update to 1.6.0_update3 [#332137]
  - Fixed vulnerabilities: CVE-2007-5232, CVE-2007-5236, CVE-2007-523, CVE-2007-523, CVE-2007-5240

Thu Jul 19 20:33:34 CEST 2007 -

- fix suse_update_desktop_file call

Fri Jul  6 17:31:33 CEST 2007 -

- wrapper script got applied twice 

Fri Jul  6 15:09:29 CEST 2007 -

- corrected jpackage dependency 

Tue Jul  3 20:49:01 CEST 2007 -

- include Olson data 2007f (Bug #271324) 

Mon Jul  2 17:32:06 CEST 2007 -

- added wrapper script for SDK java exe as well (Bug #252510 Comment #91)

Mon Jun  4 10:36:03 CEST 2007 -

- update to 1.6.0 update 1:
US Daylight Savings Time Sun Alert 102836

Bug 6530336 that was part of Sun Alert 102836, has been fixed in this release. As a result, it is no longer necessary to run the tzupdater tool with the -bc flag to work around this bug. Bug 6466476, that was also part of Sun Alert 102836 has not yet been fixed. If your application uses the deprecated java.util.Timezone IDs and is sensitive to the behavior outlined in 6466476, you will still need to run the tzupdater tool with the -bc flag as a work-around. Note that running tzupdater with the -bc flag does not hinder the fix for 6530336 in any way.

This release contains Olson time zone data version 2007a. If you need the latest Olson data (currently 2007c) in order to accommodate the America/Indiana/Winamac changes (see US Daylight Savings Time Changes and the Java SE Platform: FAQ (Appendix)), then you will need to run the tzupdater (with -bc flag as appropriate) after installing this release. Please see Sun Java SE JDK tzupdater Tool for more information on how to do this.
Bug Fixes

Bug fixes are listed in the following table.
- final long stack variable gets corrupted when FileChannel read is interrupted
- Strange behavior of Client VM (Unexpected value change on the specific situation)
- ParNewGC times spiking, eventually taking up 20 out of every 30 seconds
- CMS+ParNew: wildly different ParNew pause times depending on heap shape caused by allocation spread
- icache invalidation code can segv
- REGRESSION: JNI ExceptionClear does not clear JVMTI's view of the exception
- org.omg.CORBA.ORB.init() thread safety issue
- Adjustment jprt rules
- jTextPane/jEditorPane text space higher than before
- Font.equals() incorrectly returns false if getAttributes() is called on just one of the fonts
- Unable to retrieve printer list on system with unconnected printers
- Combining negative scale and negative shear in Font Transform produced incorrect results in JDK 6
- PIT:Regression test and two others failed with PIT build 2006-12-04-int.6u1
- PrintServices are incorrectly listed as "not accepting jobs"
- Xgl/Compiz/Java 1.5/Swing problem
- Focus issue with JFrame and JButton
- SplashScreen.getSplashScreen() fails in Web Start context
- COMPATIBILITY: Can't use the keypad to simulate game actions
- Vista: Modality is broken on vista 5840 for all native Dialogs.
- Win32: JVM fastdebug build crashes when Frame uses custom icon.
- AWT needs to use the NO_WM case when running inside of Looking Glass
- Uncanonicalized absolute filepath with length 248-260 no longer works (win)
- (process) Process.destroy() can kill wrong process (Unix)
- TEST_BUG: several tests fail because TESTVMOPTS are passed to javac directly
- native memory leak when use Thread.getAllStackTraces()
- Socket creation on Windows takes a long time if web proxy does not have a DNS entry
- (se) epoll based Selector throws Operation not permitted during load
- (smartcardio) RI's implementation of Card.transmitControlCommand(int, byte[]) may cause JVM failure
- CR 4964288 (sound, Unexpected IAE raised while getting TargetData) is not fixed in windows-amd64 JDK
- api/javax_sound/sampled/TargetDataLine/index.html#TargetDataLine fails
- Text cursor is too short.
- First element of JDesktopPane.getAllFrames is an iconified internal frame
- OceanTheme causes swing components to serialize with sun.* classes
- ArrayOutOfBoundsException raised when SHIFT-selecting items in a JList
- Regression: JToolBar's separator is wrongly rendered using GTK L&F on Linux and Solaris
- GTK L&F: JToolBar handle rendered incorrectly under Nimbus theme
- GTKLAF: Menu item selection bar hieght is not consistant in the menu and popupmenu across the items.
- JFileChooser ignores FILES_AND_DIRECTORIES on GTK and Motif
- GTK Theme change and JTextField can/will crash Java
- SwingWorker notifications might be out of order.
- Vista:In disabled JComboBox the drop down button background shows black color and looks enabled.
- XPStyle.getSkin returning null is dangerous
- Memory leak in XPStyle
- Vista: Menu dropdown differs while compare with naitve in vista laf.
- REGRESSION: JCheckBox doesn't show on JToolBar under Windows L&F
- Jeditorpane does not start up the html file
- GTK L&F: JMenuBar is taller than native under Clearlooks
- GTK L&F: buttons, checkboxes, and radiobuttons are sized incorrectly
- GTK L&F: more toolbar issues
- Unbounded memory leak in Windows XP JRE for Applets and applications that open JFrame's
- JTree is not visible with GTK and Right-to-Left component orientation
- JRadioButton in JTree is not painted in correct state on Vista
- (tz) DST bug in latest jdk releases when using EST MST and HST abbreviations
- (date) calling java.util.Date.toString() slows down subsequent calls to the class
- (tz) Support tzdata2007a
- (tz) Support tzdata2006o
- (tz) Support tzdata2006p
- ExecutableElement.getParameters() uses raw type for class loaded from -g bytecode
- Copyright year need to modify with 2007 in J2SE UR releases
- "com.sun.jdi.InternalException: Inconsistent suspend policy" in internal event handler
- 1.5.0_u7 has "shielded" exe in Windows Vista
- regression: re installing the same jre version does not pop up the reinstall dialog
- remove "Installshield" text from offline installers
- Installation of Solaris Packages fails with jdk1.6.0_01-b05
- Privacy Policy is referring wrong URL
- remove "no longer used splash screen" from installer will reduce jre size/speed
- Close browser during JRE installation. Open a new window to at the end of the installation.
- [zh_CN] README_zh_CN in jdk is out of sync with the english README
- [zh_CN, ja] Message sync for two bug fixes in 6.0
- PIT: additional sentence needs to be translated for 6267625
- rmic does not use manifest classpath
- SA: Throws UnmappedAddressException while reading address from core file in shared area.
- jhat OQL Support direct value of java.lang.String type fields
- jhat: oql submit form should put last query into textform for resubmit
- JHAT - Missing class mishandled
- jhat fails with java.lang.ClassCastException on file created by jmap from core file
- jhat should be able to help in finding classloader leaks
- InstallStats2 not sending full version for offline installers with 'failure' status
- IS2 : InstallComplete ping 'ic' with status 'success' is not posted in silent mode
- filename incorrect in jre readme
- Need to implement webstart/plugin part of the bug fix 6439864
- jusched crash: buffer overrun
- Signed applet hangs browser if a remote policy server is being used
- offline support does not work for plugin applets
- regression: Desktop.browse does not work properly for java plug-in applets
- cannot be used in 1.4.2, 1.5.0, and Java Se 6
- The Wrong proxy is derived from Mozilla browsers when there is no entry in prefs.js
- Regression: Cannot run application using jnlp extensions when offline.
- In JNLP file href must end with .jar extension
- Web Start application installed from CD will not run under Java 6u1
- cannot launch application offline if https is used
- JoinRowSetImpl does not notify listeners
- api/javax_sql/rowset/impl/FilteredRowSet/index.html#FilteredRowSet[notifyCursorMovedTest3] fails b98
- api/javax_sql/rowset/impl/JoinRowSet/index.html#JoinRowSet[createCopySchemaTest] fails on b98
- Using JdbcRowSetImpl(strUrl,strUserId, strPassword) without executing a stmt throws NPE in getType()
- api/javax_sql/rowset/impl/FilteredRowSet/index.html#FilteredRowSet[absoluteTest] fails
- There is no way to plug SyncProvider for CachedRowSet implementation
- RMIConnectorServer.stop: deadlock
- Using MXBeans can lead to memory leaks 

Fri May 25 17:08:53 CEST 2007 -

- moved demo files to %{_jvmdir}/%{sdkdir}/demo (which is in %{_libdir}) in order to avoid having *.so file in /usr/share
- switched on stripping again
- removed versionless provide of j2sdk
- hardlink duplicates
- index jar files 

Mon May 14 14:19:37 CEST 2007 -

- enable wrapper script for x86_64  

Wed Apr 25 14:20:27 CEST 2007 -

- handle plugin with update-alternative mechanism (fixes collect-desktop-files problem and gives users control over which plugin is used)
- wrapper script in order to enable graphical apps (Bug #252510)

Thu Mar  1 16:27:32 CET 2007 -

- first version