File java-1_6_0-sun.changes of Package java-1_6_0-sun
-------------------------------------------------------------------
Wed Jun 8 13:06:36 UTC 2011 - mvyskocil@suse.cz
- fix bnc#698754 - VUL-0: Oracle Java 6 Update 26
CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0817
CVE-2011-0863 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814
CVE-2011-0871 CVE-2011-0786 CVE-2011-0788 CVE-2011-0866
CVE-2011-0868 CVE-2011-0872 CVE-2011-0867 CVE-2011-0869
CVE-2011-0865
-------------------------------------------------------------------
Thu May 5 08:10:16 UTC 2011 - mvyskocil@suse.cz
- fix bnc#691672 - Oracle Java 6 update 25
http://www.oracle.com/technetwork/java/javase/6u25releasenotes-356444.html
-------------------------------------------------------------------
Wed Feb 16 17:21:43 UTC 2011 - bitshuffler@opensuse.org
- Update to 6u24 (bnc#672449)
CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463
CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473
CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470
CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475
CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472
CVE-2010-4474
-------------------------------------------------------------------
Wed Jan 5 15:23:26 UTC 2011 - bitshuffler@opensuse.org
- Update to 6u23 (bnc#662459)
http://www.oracle.com/technetwork/java/javase/6u23releasenotes-191058.html
-------------------------------------------------------------------
Mon Nov 10 13:15:32 CET 2008 - mvyskocil@suse.cz
- timezone update to 1_3_9-2008g (bnc#427616)
- defined tzversion macro for better maintenance in future.
-------------------------------------------------------------------
Fri Sep 19 11:30:06 CEST 2008 - mvyskocil@suse.cz
- Fixed [bnc#394974]: Missing .systemPrefs
-------------------------------------------------------------------
Mon Jul 14 11:54:57 CEST 2008 - anosek@suse.cz
- updated to 1.6.0u7 (bnc#407935)
- updated timezone data
-------------------------------------------------------------------
Mon Apr 28 17:14:39 CEST 2008 - mvyskocil@suse.cz
- update to 1.6.0u6: VUL-0: java 1.6.0 update 6 security update available
[bnc#383674]
- xcb_xlib.c:50: xcb_xlib_unlock: Assertion 'c->xlib.lock' failed.
- HttpClient and HttpsClient should not try to reverse lookup IP address of a
proxy server
- REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC
- (tz) Support tzdata2008a
- Incorrect locale specified in the URL embedded in the
register[_<locale>].html
- FontConfiguration exception preventing applets from loading
- Java 6 JavaWebstart increases footprint by factor 2
- JWS can't find cache file after network crash
- javax.xml.ws.wsaddressing not included in make/docs/CORE_PKGS.gmk
- com.sun.crypto.provider.SunJCE instance leak using KRB5 and LoginContext
- fix the java 1.6.0_01-b06 getPackage isCompatibleWith Empty version string
AMD86 [bnc#331680]
-------------------------------------------------------------------
Wed Apr 9 16:49:56 CEST 2008 - anosek@suse.cz
- fixed names of java-1.6.0-sun and java-1.6.0-sun-devel
provides, fixed directory names (removed update number)
-------------------------------------------------------------------
Wed Mar 26 16:54:41 CET 2008 - mvyskocil@suse.cz
- update to 1.6.0u5: VUL-0: java: multiple vulnerabilities [bnc#368134]
- CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for
Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0
Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote
attackers should gain privileges via an untrusted application or applet, a
different issue than CVE-2008-1186.
- CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime
Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and
earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to
cause a denial of service (JRE crash) and possibly execute arbitrary
code via unknown vectors related to XSLT transforms.
- CVE-2008-1188: Multiple buffer overflows in Java Web Start in Sun
JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier,
allow remote attackers to execute arbitrary code via unknown vectors,
a different issue than CVE-2008-1189.
- CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE
6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE
1.4.2_16 and earlier allows remote attackers to execute arbitrary code
via unknown vectors, a different issue than CVE-2008-1188.
- CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun
JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and
SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain
privileges via an untrusted application, a different issue than
CVE-2008-1191.
- CVE-2008-1191: Unspecified vulnerability in Java Web Start in Sun
JDK and JRE 6 Update 4 and earlier allows remote attackers to create
arbitrary files via an untrusted application, a different issue than
CVE-2008-1190.
- CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun
JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and
SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows
remote attackers to bypass the same origin policy and "execute local
applications" via unknown vectors.
- CVE-2008-1193: Unspecified vulnerability in Java Runtime Environment
Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and
5.0 Update 14 and earlier, allows remote attackers to gain privileges
via an untrusted application.
- CVE-2008-1194: Multiple unspecified vulnerabilities in the color
management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0
Update 14 and earlier, allows remote attackers to cause a denial of
service (crash) via unknown vectors.
- CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime
Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and
earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers
to access arbitrary network services on the local host via unspecified
vectors related to JavaScript and Java APIs.
- CVE-2008-1196: Stack-based buffer overflow in Java Web Start
(javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update
14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote
attackers to execute arbitrary code via a crafted JNLP file.
-------------------------------------------------------------------
Thu Mar 6 10:14:49 CET 2008 - mvyskocil@suse.cz
- removed Provides and Obsoletes of java-1.5.0-plugin in plugin
subpackage: [bnc#365768]
-------------------------------------------------------------------
Thu Feb 28 11:47:35 CET 2008 - anosek@suse.cz
- changed Requires: %{_libdir}/libodbc.so, %{_libdir}/libodbcinst.so
to Requires: unixODBC [#326751]
-------------------------------------------------------------------
Wed Jan 23 09:41:55 CET 2008 - mvyskocil@suse.cz
- New update - 1.6.0u4
- The better alternatives script
- Updated the timezone info to 2007k
- avoid the building of a src subpackage in BuildService (licencing problems)
- added %{bits} to requires of subpackage [#354123]
-------------------------------------------------------------------
Thu Dec 20 08:30:05 CET 2007 - anosek@suse.cz
- added 32-bit and 64-bit specific provides (jre-32, jre-64)
-------------------------------------------------------------------
Tue Nov 6 14:22:05 CET 2007 - mvyskocil@suse.cz
- Fixed a manual state in /etc/alternatives after update [#334783]
-------------------------------------------------------------------
Mon Oct 22 14:52:30 CEST 2007 - mvyskocil@suse.cz
- Fixed bug [#334783] bad symlinks in /etc/alternatives after update
-------------------------------------------------------------------
Wed Oct 10 09:44:19 CEST 2007 - mvyskocil@suse.cz
- update to 1.6.0_update3 [#332137]
- Fixed vulnerabilities: CVE-2007-5232, CVE-2007-5236, CVE-2007-523, CVE-2007-523, CVE-2007-5240
-------------------------------------------------------------------
Thu Jul 19 20:33:34 CEST 2007 - stbinner@suse.de
- fix suse_update_desktop_file call
-------------------------------------------------------------------
Fri Jul 6 17:31:33 CEST 2007 - dbornkessel@suse.de
- wrapper script got applied twice
-------------------------------------------------------------------
Fri Jul 6 15:09:29 CEST 2007 - dbornkessel@suse.de
- corrected jpackage dependency
-------------------------------------------------------------------
Tue Jul 3 20:49:01 CEST 2007 - dbornkessel@suse.de
- include Olson data 2007f (Bug #271324)
-------------------------------------------------------------------
Mon Jul 2 17:32:06 CEST 2007 - dbornkessel@suse.de
- added wrapper script for SDK java exe as well (Bug #252510 Comment #91)
-------------------------------------------------------------------
Mon Jun 4 10:36:03 CEST 2007 - dbornkessel@suse.de
- update to 1.6.0 update 1:
US Daylight Savings Time Sun Alert 102836
Bug 6530336 that was part of Sun Alert 102836, has been fixed in this release. As a result, it is no longer necessary to run the tzupdater tool with the -bc flag to work around this bug. Bug 6466476, that was also part of Sun Alert 102836 has not yet been fixed. If your application uses the deprecated java.util.Timezone IDs and is sensitive to the behavior outlined in 6466476, you will still need to run the tzupdater tool with the -bc flag as a work-around. Note that running tzupdater with the -bc flag does not hinder the fix for 6530336 in any way.
This release contains Olson time zone data version 2007a. If you need the latest Olson data (currently 2007c) in order to accommodate the America/Indiana/Winamac changes (see US Daylight Savings Time Changes and the Java SE Platform: FAQ (Appendix)), then you will need to run the tzupdater (with -bc flag as appropriate) after installing this release. Please see Sun Java SE JDK tzupdater Tool for more information on how to do this.
Bug Fixes
Bug fixes are listed in the following table.
- final long stack variable gets corrupted when FileChannel read is interrupted
- Strange behavior of Client VM (Unexpected value change on the specific situation)
- ParNewGC times spiking, eventually taking up 20 out of every 30 seconds
- CMS+ParNew: wildly different ParNew pause times depending on heap shape caused by allocation spread
- icache invalidation code can segv
- REGRESSION: JNI ExceptionClear does not clear JVMTI's view of the exception
- org.omg.CORBA.ORB.init() thread safety issue
- Adjustment jprt rules
- jTextPane/jEditorPane text space higher than before
- Font.equals() incorrectly returns false if getAttributes() is called on just one of the fonts
- Unable to retrieve printer list on system with unconnected printers
- Combining negative scale and negative shear in Font Transform produced incorrect results in JDK 6
- PIT:Regression test FontAttributeTest.java and two others failed with PIT build 2006-12-04-int.6u1
- PrintServices are incorrectly listed as "not accepting jobs"
- Xgl/Compiz/Java 1.5/Swing problem
- Focus issue with JFrame and JButton
- SplashScreen.getSplashScreen() fails in Web Start context
- COMPATIBILITY: Can't use the keypad to simulate game actions
- Vista: Modality is broken on vista 5840 for all native Dialogs.
- Win32: JVM fastdebug build crashes when Frame uses custom icon.
- AWT needs to use the NO_WM case when running inside of Looking Glass
- Uncanonicalized absolute filepath with length 248-260 no longer works (win)
- (process) Process.destroy() can kill wrong process (Unix)
- TEST_BUG: several tests fail because TESTVMOPTS are passed to javac directly
- native memory leak when use Thread.getAllStackTraces()
- Socket creation on Windows takes a long time if web proxy does not have a DNS entry
- (se) epoll based Selector throws java.io.IOException: Operation not permitted during load
- (smartcardio) RI's implementation of Card.transmitControlCommand(int, byte[]) may cause JVM failure
- CR 4964288 (sound, Unexpected IAE raised while getting TargetData) is not fixed in windows-amd64 JDK
- api/javax_sound/sampled/TargetDataLine/index.html#TargetDataLine fails
- Text cursor is too short.
- First element of JDesktopPane.getAllFrames is an iconified internal frame
- OceanTheme causes swing components to serialize with sun.* classes
- ArrayOutOfBoundsException raised when SHIFT-selecting items in a JList
- Regression: JToolBar's separator is wrongly rendered using GTK L&F on Linux and Solaris
- GTK L&F: JToolBar handle rendered incorrectly under Nimbus theme
- GTKLAF: Menu item selection bar hieght is not consistant in the menu and popupmenu across the items.
- JFileChooser ignores FILES_AND_DIRECTORIES on GTK and Motif
- GTK Theme change and JTextField can/will crash Java
- SwingWorker notifications might be out of order.
- Vista:In disabled JComboBox the drop down button background shows black color and looks enabled.
- XPStyle.getSkin returning null is dangerous
- Memory leak in XPStyle
- Vista: Menu dropdown differs while compare with naitve in vista laf.
- REGRESSION: JCheckBox doesn't show on JToolBar under Windows L&F
- Jeditorpane does not start up the html file
- GTK L&F: JMenuBar is taller than native under Clearlooks
- GTK L&F: buttons, checkboxes, and radiobuttons are sized incorrectly
- GTK L&F: more toolbar issues
- Unbounded memory leak in Windows XP JRE for Applets and applications that open JFrame's
- JTree is not visible with GTK and Right-to-Left component orientation
- JRadioButton in JTree is not painted in correct state on Vista
- (tz) DST bug in latest jdk releases when using EST MST and HST abbreviations
- (date) calling java.util.Date.toString() slows down subsequent calls to the class
- (tz) Support tzdata2007a
- (tz) Support tzdata2006o
- (tz) Support tzdata2006p
- ExecutableElement.getParameters() uses raw type for class loaded from -g bytecode
- Copyright year need to modify with 2007 in J2SE UR releases
- "com.sun.jdi.InternalException: Inconsistent suspend policy" in internal event handler
- 1.5.0_u7 has "shielded" exe in Windows Vista
- regression: re installing the same jre version does not pop up the reinstall dialog
- remove "Installshield" text from offline installers
- Installation of Solaris Packages fails with jdk1.6.0_01-b05
- Privacy Policy is referring wrong URL
- remove "no longer used splash screen" from installer will reduce jre size/speed
- Close browser during JRE installation. Open a new window to java.com at the end of the installation.
- [zh_CN] README_zh_CN in jdk is out of sync with the english README
- [zh_CN, ja] Message sync for two bug fixes in 6.0
- PIT: additional sentence needs to be translated for 6267625
- rmic does not use manifest classpath
- SA: Throws UnmappedAddressException while reading address from core file in shared area.
- jhat OQL Support direct value of java.lang.String type fields
- jhat: oql submit form should put last query into textform for resubmit
- JHAT - Missing class mishandled
- jhat fails with java.lang.ClassCastException on file created by jmap from core file
- jhat should be able to help in finding classloader leaks
- InstallStats2 not sending full version for offline installers with 'failure' status
- IS2 : InstallComplete ping 'ic' with status 'success' is not posted in silent mode
- filename incorrect in jre readme
- Need to implement webstart/plugin part of the bug fix 6439864
- jusched crash: buffer overrun
- Signed applet hangs browser if a remote policy server is being used
- offline support does not work for plugin applets
- regression: Desktop.browse does not work properly for java plug-in applets
- deployment.javaws.secure.properties cannot be used in 1.4.2, 1.5.0, and Java Se 6
- The Wrong proxy is derived from Mozilla browsers when there is no entry in prefs.js
- Regression: Cannot run application using jnlp extensions when offline.
- In JNLP file href must end with .jar extension
- Web Start application installed from CD will not run under Java 6u1
- cannot launch application offline if https is used
- JoinRowSetImpl does not notify listeners
- api/javax_sql/rowset/impl/FilteredRowSet/index.html#FilteredRowSet[notifyCursorMovedTest3] fails b98
- api/javax_sql/rowset/impl/JoinRowSet/index.html#JoinRowSet[createCopySchemaTest] fails on b98
- Using JdbcRowSetImpl(strUrl,strUserId, strPassword) without executing a stmt throws NPE in getType()
- api/javax_sql/rowset/impl/FilteredRowSet/index.html#FilteredRowSet[absoluteTest] fails
- There is no way to plug SyncProvider for CachedRowSet implementation
- RMIConnectorServer.stop: deadlock
- Using MXBeans can lead to memory leaks
-------------------------------------------------------------------
Fri May 25 17:08:53 CEST 2007 - dbornkessel@suse.de
- moved demo files to %{_jvmdir}/%{sdkdir}/demo (which is in %{_libdir}) in order to avoid having *.so file in /usr/share
- switched on stripping again
- removed versionless provide of j2sdk
- hardlink duplicates
- index jar files
-------------------------------------------------------------------
Mon May 14 14:19:37 CEST 2007 - dbornkessel@suse.de
- enable wrapper script for x86_64
-------------------------------------------------------------------
Wed Apr 25 14:20:27 CEST 2007 - dbornkessel@suse.de
- handle plugin with update-alternative mechanism (fixes collect-desktop-files problem and gives users control over which plugin is used)
- wrapper script in order to enable graphical apps (Bug #252510)
-------------------------------------------------------------------
Thu Mar 1 16:27:32 CET 2007 - dbornkessel@suse.de
- first version
