Commit graph

20 commits

Author SHA1 Message Date
ryoon
a4ee1cbcc4 Update to 8.0.202
Linux/i386 and SunOS/amd64 are not tested.

Changelog:
By default, the JDK on Linux or Solaris uses GTK+ 2 if available;
if not, it uses GTK+ 3.

Security fixes:
CVE-2019-2540
CVE-2018-11212
CVE-2019-2426
CVE-2019-2449
CVE-2019-2422
2019-01-22 03:51:41 +00:00
ryoon
8622896f53 Update to 8.0.191
Changelog:
* New timezone
* Security bugfixes
2018-11-25 12:41:50 +00:00
abs
e0ca14e28e Add jhat to JAVA_WRAPPERS. Bump PKGREVISION 2018-09-19 18:18:30 +00:00
ryoon
88fd6ba1d3 Update to 8.0.172
Changelog:
core-libs	java.time	(tz) Upgrade time-zone data to tzdata2018d
xml	jax-ws	Newlines in JAXB string values of SOAP-requests are escaped to " "
hotspot	compiler	Crash with assert(handler_address == SharedRuntime::compute_compiled_exc_handler(..) failed: Must be the same
deploy	webstart	JRE bundled in App-V package will not start Java Web Start applications
deploy	webstart	javaws.exe failed to launch UTF-8 encoded JNLP file
javafx	web	Intermittent crash when using WebView from JFXPanel applicationS

hotspot	runtime	Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3
security-libs	org.ietf.jgss	Kerberos krb5 authentication: AuthList's put method leads to performance issue
hotspot	gc	Performance drop with Java JDK 1.8.0_162-b32
2018-05-26 22:24:01 +00:00
rillig
17e39f419d Fix indentation in buildlink3.mk files.
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.

There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
2018-01-07 13:03:53 +00:00
jperkin
3d33d44d0d oracle-j{re,dk}8: Fix SunOS, print-PLIST, and SSP. 2017-12-13 09:34:48 +00:00
ryoon
7ad164f3c7 Update to 8.0.152
Changelog:
Security bug fixes:
CVE-2017-10285
CVE-2017-10388
CVE-2017-10309
CVE-2017-10274
CVE-2017-10356
CVE-2017-10293
CVE-2017-10342
CVE-2017-10350
CVE-2017-10349
CVE-2017-10348
CVE-2017-10357
CVE-2016-9841
CVE-2016-10165
CVE-2017-10355
CVE-2017-10281
CVE-2017-10347
CVE-2017-10386
CVE-2017-10380
CVE-2017-10295
CVE-2017-10341
CVE-2017-10345
2017-11-28 05:15:27 +00:00
ryoon
34e51169f4 Update oracle-jre8 and oracle-jdk8 to 8.0.144
Changelog:
Security fixes and bug fixes.
2017-08-18 13:54:17 +00:00
ryoon
3699a58cc7 Update to 8.0.131
Changelog:
Bugfixes:
1	JDK-7155957	client‑libs	java.awt	closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8
2	JDK-8035568	client‑libs	java.awt	[macosx] Cursor management unification
3	JDK-8079595	client‑libs	java.awt	Resizing dialog which is JWindow parent makes JVM crash
4	JDK-8169589	client‑libs	java.awt	[macosx] Activating a JDialog puts to back another dialog
5	JDK-8147842	client‑libs	javax.swing	IME Composition Window is displayed at incorrect location
6	JDK-7167293	core‑libs	java.net	FtpURLConnection connection leak on FileNotFoundException
7	JDK-8169465	core‑libs	javax.naming	Deadlock in com.sun.jndi.ldap.pool.Connections
8	JDK-8133045	deploy	deployment_toolkit	java.lang.SecurityException: Failed to extract baseline.versions error
9	JDK-8028538	deploy	webstart	Fedora Linux issue with jnlp‑servlet.jar demo source code license
10	JDK-8170646	deploy	webstart	JNLP fails to get loaded with old javaws when multiple jres (jre9 and jre8u111) installed
11	JDK-8075196	docs	guides	CosNaming's implementation doesn't comply with the specification
12	JDK-8161147	hotspot	compiler	jvm crashes when ‑XX:+UseCountedLoopSafepoints is enabled
13	JDK-8161993	hotspot	gc	G1 crashes if active_processor_count changes during startup
14	JDK-8147910	hotspot	runtime	Cache initial active_processor_count
15	JDK-8150490	hotspot	runtime	Update OS detection code to recognize Windows Server 2016
16	JDK-8170888	hotspot	runtime	[linux] Experimental support for cgroup memory limits in container (ie Docker) environments
17	JDK-8166208	hotspot	svc	FlightRecorderOptions settings for defaultrecording ignored.
18	JDK-8161945	install	install	REGRESSION: 8u91 update of 32 bit JRE removes preferences of the 64 bit JRE
19	JDK-8172932	install	install	JRE installation fails with 1603 on Windows 10 with enabled Deviceguard
20	JDK-8089915	javafx	web	Input of type file doesn't honor "accept" attribute.
21	JDK-8090216	javafx	web	HTMLEditor: font bold doesn't work when an indent is set
22	JDK-8144263	javafx	web	[WebView, OS X] Webkit rendering artifacts with inertia scrolling
23	JDK-8150982	javafx	web	Crash when calling WebEngine.print on background thread
24	JDK-8164314	javafx	web	[WebView] Debug build is no longer working after JDK‑8089681
25	JDK-8165098	javafx	web	WebEngine.print will attempt to print even if the printer job is complete or has an error
26	JDK-8165173	javafx	web	canvas/philip/tests/2d.path.clip.empty.html fails with 8u112
27	JDK-8165508	javafx	web	Incorrect Bug ID in comment for JDK-8164076
28	JDK-8166231	javafx	web	use @Native annotation in web classes
29	JDK-8166677	javafx	web	HTMLEditor freezes after restoring previously maximized window
30	JDK-8166775	javafx	web	Audio slider works incorrectly for short files
31	JDK-8166999	javafx	web	Update to newer version of WebKit
32	JDK-8167098	javafx	web	Backport of JDK‑8158926 to JDK 8u mistakenly used preliminary patch
33	JDK-8167100	javafx	web	Minor source diffs introduced in backports of JDK-8160837 and JDK-8163582
34	JDK-8167675	javafx	web	Animated gifs are not working
35	JDK-8169204	javafx	web	Need to document JSObject Call and setSlot APIs to use weak references
36	JDK-8170585	javafx	web	Fix PlatformContextJava type leaking to GraphicsContext
37	JDK-8170938	javafx	web	Memory leak in JavaFX WebView
38	JDK-8173783	security‑libs	javax.net.ssl	IllegalArgumentException: jdk.tls.namedGroups
39	JDK-6474807	security‑libs	javax.smartcardio	(smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException
40	JDK-8168774	tools	javac	Polymorhic signature method check crashes javac
41	JDK-8167485	tools	visualvm	Integrate new version of Java VisualVM based on VisualVM 1.3.9 into JDK
42	JDK-8167179	xml	jaxp	Make XSL generated namespace prefixes local to transformation process
2017-05-16 11:55:30 +00:00
dsainty
ebf3a2de4c The PLIST for linux-i386 doesn't appear to quite match the distfile
contents for the linux-i586 JDK, leading to package install failure.

Fix that up.
2017-04-30 11:39:48 +00:00
ryoon
6826b64a52 Update to 8.0.121
Changelog:
## New features
security-libs/javax.xml.crypto
Added security property to configure XML Signature secure validation mode

core-libs/java.io:serialization
Serialization Filter Configuration

core-libs/java.rmi
RMI Better constraint checking

security-libs
Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions

## Changes
security-libs/javax.net.ssl
Make 3DES as a legacy algorithm in the JSSE provider

security-libs/javax.net.ssl
Improve the default strength of EC in JDK

tools/javadoc(tool)
New --allow-script-in-comments option for javadoc

security-libs/javax.xml.crypto
Increase the minimum key length to 1024 for XML Signatures

docs/release_notes
Restrict certificates with DSA keys less than 1024 bits.

security-libs
More checks added to DER encoding parsing code

core-libs/java.net
Additional access restrictions for URLClassLoader.newInstance

core-libs/java.util.logging
A new configurable property in logging.properties java.util.logging.FileHandler.maxLocks


## Bug Fixes
client-libs/javax.swing
Trackpad scrolling of text on OS X 10.12 Sierra is very fast
2017-03-11 07:36:10 +00:00
ryoon
f04cf5ed1c Update to 8.0.102 based on a update from prlw1@
Chagnelog:
Fix the following vulnerabilities
CVE-2016-3587
CVE-2016-3606
CVE-2016-3552
CVE-2016-3511
CVE-2016-3503
CVE-2016-3498
CVE-2016-3500
CVE-2016-3508
CVE-2016-3458
CVE-2016-3550
CVE-2016-3485
2016-09-19 06:57:49 +00:00
abs
542a3bf90b Add jcmd to JAVA_WRAPPERS, bump PKGREVISION 2016-08-16 09:06:33 +00:00
dsainty
a18c7a0868 Add new jdk-8u92-linux-i586.tar.gz distinfo.
Verified via https://www.oracle.com/webfolder/s/digest/8u92checksum.html
2016-05-20 22:26:21 +00:00
christos
3089f2283c update from 72 -> 92 2016-05-08 18:06:08 +00:00
ryoon
afb8a8836a Update to 8.0.72
* OS X PLIST is not verified.

Changelog:
The following vulnerabilities are fixed.
CVE-2016-0494
CVE-2015-8126
CVE-2016-0483
CVE-2016-0475
CVE-2016-0402
CVE-2016-0466
CVE-2016-0448
CVE-2015-7575

And some bugfixes:
See http://www.oracle.com/technetwork/java/javase/8u72-bugfixes-2775805.html
2016-01-22 14:18:42 +00:00
dsainty
be86c2823b The details for jdk-8u66-linux-i586.tar.gz are clearly for a truncated file, being 10% of the x64 distribution. Update them from a fresh download. 2015-12-16 03:47:13 +00:00
jperkin
561086621f Update Oracle JRE/JDK to 8.0u66.
pkgsrc changes:

  - Add support for Darwin (JRE only, Oracle only provide .dmg downloads for
    the JDK).

  - Add better 'distinfo' handling so that all distfiles are included.

Upstream changes in 8.0u66:

 New Features and Changes
 The following are some of the notable new features and changes in this release:

  Support ISO 4217 "Current funds codes" table (A.2)

  This enhancement adds support for ISO 4217 table A.2 fund codes. Previously
  the JDK only supported those currencies listed in table A.1.

  See JDK-8074350.

 Bug Fixes
 This release contains fixes for security vulnerabilities. For more
 information, see Oracle Critical Patch Update Advisory. For a list of bug fixes
 included in this release, see JDK 8u66 Bug Fixes page.

 The following are some of the notable bug fixes included in this release:

  Hotspot should use PICL interface to get cacheline size on SPARC The libpicl
  library is now required on Solaris/SPARC to determine the size of the cache
  lines. In case the library is not present or the PICL service is not available
  the JVM will display a warning and compiler optimizations that utilize the BIS
  (Block Initializing Store) instruction will be turned off.

  See JDK-8056124.

  Preloading libjsig.dylib causes deadlock when signal() is called

  Applications need to preload the libjsig library to enable signal chaining.
  Previously, on OS X, after libjsig.dylib was preloaded, any call from native
  code to signal() caused a deadlock. This has been corrected.

  See JDK-8072147.

  VM crash when class is redefined with Instrumentation.redefineClasses

  The JVM could crash when a class was redefined with
  Instrumentation.redefineClasses(). The crash could either be a segmentation
  fault at SystemDictionary::resolve_or_null, or an internal error with the
  message "tag mismatch with resolution error table". This has now been fixed .

  See JDK-8076110.

Upstream changes in 8.0u65:

 Bug Fixes
 This release contains fixes for security vulnerabilities. For more information,
 see Oracle Java SE Critical Patch Update Advisory. For a list of bug fixes
 included in this release, see JDK 8u65 Bug Fixes page.

 The following are some of the notable bug fixes included in this release:

  Use Safe Prime Diffie-Hellman Groups

  In the JDK SSL/TLS implementation (SunJSSE provider), safe prime
  Diffie-Hellman groups are used by default. Users can customize Diffie-Hellman
  groups with the security property, "jdk.tls.server.defaultDHEParameters".

  [macosx] JRE AU client installed fails update to NEXTVER on Mac 10.11

  A new installer is introduced in the 8u65 release to update OS X users to the
  latest version. The installer will apply to both scheduled and manual updates,
  and bundles made available on java.com and OTN. Users who experience
  compatibility issues with the new installer can manually download and install
  the ".pkg" installer available on My Oracle Support.

 Known Issues

  [macosx] Sponsor offer screen accessibility (a11y) issues

  Users who operate the keyboard to access user interfaces in the Java installer
  will be unable to access hyperlinks and checkboxes in software add-on offer
  screens. As a workaround to setting preferences related to add-on software in
  the user interface, users can disable such offers either by disabling them in
  the Java Control Panel, or by passing 'SPONSORS=0' via the command line. For
  more information, refer to:
  https://www.java.com/en/download/faq/disable_offers.xml

  See JDK-8061886.
2015-11-10 11:35:30 +00:00
ryoon
c84dde3a78 Update to 8.0.60
Changelog:
From: https://www.java.com/en/download/faq/release_changes.xml
Java 8 Update 60 (8u60)
Release Highlights

    IANA Data 2015e
    JDK 8u60 contains IANA time zone data version 2015e. For more information, refer to Timezone Data Versions in the JRE Software.
    Bug Fix: dns_lookup_realm should be false by default
    The dns_lookup_realm setting in Kerberos' krb5.conf file is by default false. See 8080637.
    Bug Fix: Disable RC4 cipher suites
    RC4-based TLS ciphersuites (e.g. TLS_RSA_WITH_RC4_128_SHA) are now considered compromised and should no longer be used (see RFC 7465). Accordingly, RC4-based TLS ciphersuites have been deactivated by default in the Oracle JSSE implementation by adding "RC4" to "jdk.tls.disabledAlgorithms" security property, and by removing them from the default enabled ciphersuites list. These cipher suites can be reactivated by removing "RC4" form "jdk.tls.disabledAlgorithms" security property in the java.security file or by dynamically calling Security.setProperty(), and also readding them to the enabled ciphersuite list using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods. You can also use the -Djava.security.properties command line option to override the jdk.tls.disabledAlgorithms security property. For example:
    java -Djava.security.properties=my.java.security ...
    where my.java.security is a file containing the property without RC4:
    jdk.tls.disabledAlgorithms=SSLv3
    Even with this option set from commandline, the RC4 based ciphersuites need to be re-added to the enabled ciphersuite list by using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods. See 8076221.
    Bug Fix: Support keystore type detection for JKS and PKCS12 keystores
    Keystore Compatibility Mode: To aid interoperability, the Java keystore type JKS now supports keystore compatibility mode by default. This mode enables JKS keystores to access both JKS and PKCS12 file formats. To disable keystore compatibility mode set the Security property keystore.type.compat to the string value false. See 8062552.
    Bug Fix: Deprecate Unsafe monitor methods in JDK 8u release
    The methods monitorEnter, monitorExit and tryMonitorEnter on sun.misc.Unsafe are marked as deprecated in JDK 8u60 and will be removed in a future release. These methods are not used within the JDK itself and are very rarely used outside of the JDK. See 8069302.
    Bug Fix: Extract JFR recording from the core file using SA
    DumpJFR is a Serviceability Agent based tool that can be used to extract Java Flight Recorder(JFR) data from the core files and live Hotspot processes. DumpJFR can be used in one of the following methods:
        Attach DumpJFR to a live process:

        java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <pid>

        Attach DumpJFR to a core file:

        java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <java> <core>

    DumpJFR tool dumps the JFR data to a file called recording.jfr in the current working folder. See 8065301 (not public).
    Bug Fix: Local variables named 'enum' lead to spurious compiler crashes
    The javac parser is incorrectly parsing local variables with name 'enum'; this results in spurious failures when a program containing such local variables is compiled with a 'source' flag corresponding to a release in which the enum construct is not available (such as '-source 1.4'). See 8069181.

Java Development Kit for ARM Release 8u60

This release includes Java Development Kit for ARM Release 8u60 (JDK 8u60 for ARM). For ARM device support information, see JDK for ARM Downloads page. For system requirements, installation instructions and troubleshooting tips, see Installation Instructions page.

Limitation: Native Memory Tracking support is limited in JDK for ARM. The java command line option XX:NativeMemoryTracking=detail is not supported for ARM targets (an error message is displayed to user). Instead, use the following option:
XX:NativeMemoryTracking=summary
Documentation Updates due to Nashorn Enhancements
JDK 8u60 includes new enhancements to Nashorn. As a result the following documentation changes should be read in conjunction with the current Nashorn documentation:

    Addition: In the previous section, we mentioned that every JavaScript object when exposed to Java APIs implements the java.util.Map interface. This is true even for JavaScript arrays. However, this behavior is often not desired or expected when the Java code expects JSON-parsed objects. Java libraries that manipulate JSON-parsed objects usually expect arrays to expose the java.util.List interface instead. If you need to expose your JavaScript objects so that arrays are exposed as lists and not maps, you can use the Java.asJSONCompatible(obj) function, where obj is the root of your JSON object tree.
    Correction: The caution mentioned at the end of Mapping Data Types section, is no longer applicable. Nashorn ensures that internal JavaScript strings are converted to java.lang.String when exposed externally.
    Correction: The statement in the section Mapping Data Types, that mentions "For example, arrays must be explicitly converted,..." is not correct. Arrays are automatically converted to Java array types, such as java.util.List, java.util.Collection, java.util.Queue and java.util.Deque and so on.

Changes in Deployment Rule Set v1.2
JDK 8u60 implements Deployment Rule Set (DRS) 1.2, which includes the following changes:

    Add "checksum" element as sub element of "id" which can allow unsigned jars to be identified by the SHA-256 checksum of the uncompressed form of a jar:
        The "checksum" element will match only unsigned jars, and the given hash will be compared only against the uncompressed form of the jar.
        The "checksum" element (similar to "certificate" element) has two arguments "hash" and "algorithm", however, unlike "certificate" element, the only supported value for "algorithm" is "SHA-256". Any other value provided will be ignored.
    Allow "message" element to apply to all rule types, where previously it only applied to a block rule:
        In a run rule, a message sub element will cause a message dialog to be displayed where without a run rule, the default behavior would be to show certificate or unsigned dialog. The message will be displayed in the message dialog.
        In a default rule, the message will only be displayed if the default action is to block. In such a case the message will be included in the block dialog.
    Echo "customer" blocks in the Java Console, trace files, and Java Usage Tracker records.
        Previous to DRS 1.2, "customer" elements could be included (with any sub-elements) in the ruleset.xml file. This element and all its sub elements are ignored. In DRS 1.2, the elements are still functionally ignored. However:
            When parsing the ruleset.xml file, all "customer" blocks will be echoed to the Java Console and deployment trace file (if Console and Tracing are enabled).
            When using a rule, all "customer" records included within that rule will be added to the Java Usage Tracker (JUT) record (if JUT is enabled).

As a result of the above changes, the DTD for DRS 1.2 is as follows:

<!ELEMENT ruleset (rule*)>
<!ATTRIBUTE ruleset href CDATA #IMPLIED>
<!ATTRIBUTE ruleset version CDATA #REQUIRED>

<!ELEMENT rule (id, action)>

<!ELEMENT id (certificate?) (checksum?) >
<!ATTRIBUTE id title CDATA #IMPLIED>
<!ATTRIBUTE id location CDATA #IMPLIED>

<!ELEMENT certificate EMPTY>
<!ATTLIST certificate algorithm CDATA #IMPLIED>
<!ATTLIST certificate hash CDATA #REQUIRED>

<!ELEMENT checksum EMPTY>
<!ATTLIST checksum algorithm CDATA #IMPLIED>
<!ATTLIST checksum hash CDATA #REQUIRED>

<!ELEMENT action (message?)>
<!ATTRIBUTE permission (run | block | default) #REQUIRED>
<!ATTRIBUTE version CDATA #IMPLIED>
<!ATTRIBUTE force (true|false) "false">

<!ELEMENT message (#PCDATA)>
<!ATTLIST message locale CDATA #IMPLIED>

Java Expiration Date

The expiration date for 8u60 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u60) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.
Bug Fixes

For a list of bug fixes included in this release, see JDK 8u60 Bug Fixes page.


Java 8 Update 51 (8u51)
Release Highlights

    IANA Data 2015d
    JDK 8u51 contains IANA time zone data version 2015d. For more information, refer to Timezone Data Versions in the JRE Software.
    Bug Fix: Add new Comodo roots to root CAs
    Four new root certificates have been added for Commodo:
        COMODO ECC Certification Authority
        alias: comodoeccca
        DN: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
        COMODO RSA Certification Authority
        alias: comodorsaca
        DN: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
        USERTrust ECC Certification Authority
        alias: usertrusteccca
        DN: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
        USERTrust RSA Certification Authority
        alias: usertrustrsaca
        DN: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
    See JDK-8077997 (not public).
    Bug Fix: Add new GlobalSign roots to root CAs
    Two root certificates have been added for GlobalSign:
        GlobalSign ECC Root CA - R4
        alias: globalsigneccrootcar4
        DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
        GlobalSign ECC Root CA - R5
        alias: globalsigneccrootcar5
        DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
    See JDK-8077995 (not public).
    Bug Fix: Add Actalis to root CAs
    Added one new root certificate:
    Actalis Authentication Root CA
    alias: actalisauthenticationrootca
    DN: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
    See JDK-8077903 (not public).
    Bug Fix: Add new Entrust ECC root
    Added one new root certificate:
    Entrust Root Certification Authority - EC1
    alias: entrustrootcaec1
    DN: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
    See JDK-8073286 (not public).
    Bug Fix: Remove old Valicert Class 1 and 2 Policy roots
    Removed two root certificates with 1024-bit keys:
        ValiCert Class 1 Policy Validation Authority
        alias: secomvalicertclass1ca
        DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
        ValiCert Class 2 Policy Validation Authority
        alias: valicertclass2ca
        DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    See JDK-8077886 (not public).
    Bug Fix: Remove old Thawte roots
    Removed two root certificates with 1024-bit keys:
        Thawte Server CA
        alias: thawteserverca
        DN: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
        Thawte Personal Freemail CA
        alias: thawtepersonalfreemailca
        DN: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
    See JDK-8074423 (not public).
    Bug Fix: Remove more old Verisign, Equifax, and Thawte roots
    Removed five root certificates with 1024-bit keys:
        Verisign Class 3 Public Primary Certification Authority - G2
        alias: verisignclass3g2ca
        DN: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
        Thawte Premium Server CA
        alias: thawtepremiumserverca
        DN: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
        Equifax Secure Certificate Authority
        alias: equifaxsecureca
        DN: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
        Equifax Secure eBusiness CA-1
        alias: equifaxsecureebusinessca1
        DN: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
        Equifax Secure Global eBusiness CA-1,
        alias: equifaxsecureglobalebusinessca1
        DN: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
    See JDK-8076202 (not public).
    Bug Fix: Remove TrustCenter CA roots from cacerts
    Removed three root certificates:
        TC TrustCenter Universal CA I
        alias: trustcenteruniversalcai
        DN: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
        TC TrustCenter Class 2 CA II
        alias: trustcenterclass2caii
        DN: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
        TC TrustCenter Class 4 CA II
        alias: trustcenterclass4caii
        DN: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
    See JDK-8072958 (not public).
    Bug Fix: Deprecate RC4 in SunJSSE provider
    RC4 is now considered as a weak cipher. Servers should not select RC4 unless there is no other stronger candidate in the client requested cipher suites. A new security property, jdk.tls.legacyAlgorithms, is added to define the legacy algorithms in Oracle JSSE implementation. RC4 related algorithms are added to the legacy algorithms list. See JDK-8074006 (not public).
    Bug Fix: Prohibit RC4 cipher suites
    RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods. See JDK-8077109 (not public).
    Bug Fix: Improved certification checking
    With this fix, JSSE endpoint identification does not perform reverse name lookup for IP addresses by default in JDK. If an application does need to perform reverse name lookup for raw IP addresses in SSL/TLS connections, and encounter endpoint identification compatibility issue, System property "jdk.tls.trustNameService" can be used to switch on reverse name lookup. Note that if the name service is not trustworthy, enabling reverse name lookup may be susceptible to MITM attacks. See JDK-8067695 (not public).

Java Expiration Date

The expiration date for 8u51 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u51) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.
Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u51 Bug Fixes page.
2015-08-30 10:52:15 +00:00
ryoon
3582285f21 Import oracle-jdk8-8.0.45 as lang/oracle-jdk8.
This is the official port of the Oracle Java(tm) Development Kit (Java SE 8).
2015-05-30 09:51:11 +00:00