Commit graph

68 commits

Author SHA1 Message Date
tnn
aaff009ed7 openjdk: remove todo item 2018-08-20 16:59:34 +00:00
jperkin
c1dc7c53c0 openjdk8: Fix build on SunOS with newer GCC. 2018-07-24 12:58:45 +00:00
gdt
032d54affe openjdk[78]: Add a \todo comment about the cups dependency.
Having a language install a printing system violates the Principle of
Least Astonishment.  Add a comment to be replaced with an explanation
of why this is necessary or helpful.
2018-07-07 11:48:18 +00:00
ryoon
f28f743673 Upcate to 1.8.172
Changelog:
core-libs	java.time	(tz) Upgrade time-zone data to tzdata2018d
xml	jax-ws	Newlines in JAXB string values of SOAP-requests are escaped to " "
hotspot	compiler	Crash with assert(handler_address == SharedRuntime::compute_compiled_exc_handler(..) failed: Must be the same
deploy	webstart	JRE bundled in App-V package will not start Java Web Start applications
deploy	webstart	javaws.exe failed to launch UTF-8 encoded JNLP file
javafx	web	Intermittent crash when using WebView from JFXPanel applicationS

hotspot	runtime	Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3
security-libs	org.ietf.jgss	Kerberos krb5 authentication: AuthList's put method leads to performance issue
hotspot	gc	Performance drop with Java JDK 1.8.0_162-b32
2018-05-26 21:26:46 +00:00
wiz
e5209a786e Add p11-kit to gnutls/bl3.mk and bump dependencies. 2018-04-17 22:29:31 +00:00
wiz
8ee21bdcf0 Recursive bump for new fribidi dependency in pango. 2018-04-16 14:33:44 +00:00
wiz
c57215a7b2 Recursive bumps for fontconfig and libzip dependency changes. 2018-03-12 11:15:24 +00:00
fhajny
4b580df1e8 lang/openjdk8: The libinstrument, libnpt and libsplashscreen libs
require to be linked against libiconv on SunOS too. Fixes problems
with e.g. the JPDA debugger. Bump PKGREVISION.
2018-02-23 14:43:49 +00:00
wiz
b0df3c4789 openjdk8: remove -Werror from compiler flags. 2018-02-16 22:31:01 +00:00
ryoon
23ad862b7b Update to 1.8.162
* Pass -fno-lifetime-dse for GCC 6 to prevent segfault

Changelog:
Fix security bugs
CVE-2018-2638
CVE-2018-2639
CVE-2018-2633
CVE-2018-2627
CVE-2018-2637
CVE-2018-2634
CVE-2018-2582
CVE-2018-2641
CVE-2018-2618
CVE-2018-2629
CVE-2018-2603
CVE-2018-2657
CVE-2018-2599
CVE-2018-2581
CVE-2018-2602
CVE-2018-2677
CVE-2018-2678
CVE-2018-2588
CVE-2018-2663
CVE-2018-2675
CVE-2018-2579
2018-02-13 12:57:44 +00:00
wiz
bff4597ffc Bump PKGREVISION for gdbm shlib major bump 2018-01-28 20:10:34 +00:00
jperkin
d32239b0fe openjdk8: Unbreak after cups-base rename.
This happened to build only because the BUILDLINK_PREFIX was already passed
through, however the dependency will have been incorrectly registered as
full rather than build-only so bump PKGREVISION.
2017-12-19 13:26:29 +00:00
jperkin
11dcce5fcb openjdk8: Support user CFLAGS. 2017-12-15 14:27:52 +00:00
ryoon
24e631e5b3 Update to 1.8.152
Changelog:
Security bug fixes:
CVE-2017-10285
CVE-2017-10388
CVE-2017-10309
CVE-2017-10274
CVE-2017-10356
CVE-2017-10293
CVE-2017-10342
CVE-2017-10350
CVE-2017-10349
CVE-2017-10348
CVE-2017-10357
CVE-2016-9841
CVE-2016-10165
CVE-2017-10355
CVE-2017-10281
CVE-2017-10347
CVE-2017-10386
CVE-2017-10380
CVE-2017-10295
CVE-2017-10341
CVE-2017-10345
2017-11-28 05:07:25 +00:00
wiz
20f7c989fe recursive bump for libxkbcommon removal from at-spi2-core 2017-11-23 17:19:40 +00:00
khorben
dbcb57753c Bump PKGREVISION on packages depending on CUPS
This should be the last part of the renaming operation for print/cups to
print/cups-base.

Rationale: packages depending on CUPS but not relying on a functional
printing setup only need to depend on print/cups-base (equivalent to the
former print/cups). The new print/cups now depends on print/cups-base
and on print/cups-filters, thus directly providing a functional printing
setup. This bump reflects this change of dependency.

As discussed on tech-pkg@
2017-11-12 16:03:34 +00:00
khorben
08f3106d89 Update dependencies on print/cups to print/cups-base
This is with the notable exception of meta-pkgs/desktop-gnome, which I
believe implies a fully functional cups.

This is still missing revision bumps - I'll be right there (first time I
am doing this on so many packages at a time).

As discussed on tech-pkg@
2017-11-12 15:36:57 +00:00
ryoon
a3df8fe620 Update to 1.8.144
Changelog:
Fix the following security bugs.

CVE-2017-10110
CVE-2017-10089
CVE-2017-10086
CVE-2017-10096
CVE-2017-10101
CVE-2017-10087
CVE-2017-10090
CVE-2017-10111
CVE-2017-10107
CVE-2017-10102
CVE-2017-10114
CVE-2017-10074
CVE-2017-10116
CVE-2017-10078
CVE-2017-10067
CVE-2017-10115
CVE-2017-10118
CVE-2017-10176
CVE-2017-10104
CVE-2017-10145
CVE-2017-10125
CVE-2017-10198
CVE-2017-10243
CVE-2017-10121
CVE-2017-10135
CVE-2017-10117
CVE-2017-10053
CVE-2017-10108
CVE-2017-10109
CVE-2017-10105
CVE-2017-10081
CVE-2017-10193
2017-09-02 04:13:41 +00:00
wiz
d621b29e1c Pass ldflags to build, on BSDs.
Fixes RELRO build on NetBSD.
2017-07-24 12:27:33 +00:00
ryoon
f190bf09c9 Fix build with converters/libiconv and update distinfo for previous 2017-05-10 14:01:58 +00:00
ryoon
4594b71a59 Update to 1.8.131
Changelog:
Changes
* MD5 added to jdk.jar.disabledAlgorithms Security property
* New system property to control caching for HTTP SPNEGO connection.
* New system property to control caching for HTTP NTLM connection.
* New version of VisualVM

Bugfixes
* Introduced a new window ordering model
* Correction of IllegalArgumentException from TLS handshake
2017-04-27 14:44:05 +00:00
jperkin
665731b228 Add a wrapper for jstack. Bump PKGREVISION. 2017-03-30 12:42:24 +00:00
ryoon
72c3cb198b Recursive revbump from fonts/harfbuzz 2017-02-12 06:24:36 +00:00
wiz
7ac05101c6 Recursive bump for harfbuzz's new graphite2 dependency. 2017-02-06 13:54:36 +00:00
ryoon
07d9c25a20 Update to 1.8.121
Changelog:
http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html

core-libs/javax.naming
Improved protection for JNDI remote class loading
Remote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:

    com.sun.jndi.rmi.object.trustURLCodebase
    com.sun.jndi.cosnaming.object.trustURLCodebase

JDK-8158997 (not public)


security-libs/java.security
jarsigner -verbose -verify should print the algorithms used to sign the jar
The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.

Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property, jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".

For example:

- Signed by "CN=weak_signer"
   Digest algorithm: MD2 (weak)
   Signature algorithm: MD2withRSA (weak), 512-bit key (weak)
 Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016
   Timestamp digest algorithm: SHA-256
   Timestamp signature algorithm: SHA256withRSA, 2048-bit key

See JDK-8163304


New Features

core-libs/java.io:serialization
Serialization Filter Configuration
Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the "jdk.serialFilter" patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/java.security. Filter actions are logged to the 'java.io.serialization' logger, if enabled.
See JDK-8155760


core-libs/java.rmi
RMI Better constraint checking
RMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness.
RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service.
Additional filter patterns can be configured using either a system property or a security property. The "sun.rmi.registry.registryFilter" and "sun.rmi.transport.dgcFilter" property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security.
JDK-8156802 (not public)


security-libs
Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions

*New certpath constraint: jdkCA*
In the java.security file, an additional constraint named "jdkCA" is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.

Example: To apply this constraint to SHA-1 certificates, include the following: SHA1 jdkCA
See JDK-8140422


Changes

tools/javadoc(tool)
New --allow-script-in-comments option for javadoc
The javadoc tool will now reject any occurrences of JavaScript code in the javadoc documentation comments and command-line options, unless the command-line option, --allow-script-in-comments is specified.

With the --allow-script-in-comments option, the javadoc tool will preserve JavaScript code in documentation comments and command-line options. An error will be given by the javadoc tool if JavaScript code is found and the command-line option is not set.
JDK-8138725 (not public)


security-libs/javax.xml.crypto
Increase the minimum key length to 1024 for XML Signatures
The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy has been added to the java.security file and can be used to control the different restrictions enforced when the secure validation mode is enabled.

The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation to true with the javax.xml.crypto.XMLCryptoContext.setProperty method, or by running the code with a SecurityManager.

If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled."
JDK-8140353 (not public)


docs/release_notes
Restrict certificates with DSA keys less than 1024 bits.
DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the "jdk.certpath.disabledAlgorithms" security property. Applications can update this restriction in the security property ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if really needed (for example, "DSA keySize < 768").
JDK-8139565 (not public)


security-libs
More checks added to DER encoding parsing code
More checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed inparsing. Note that signatures generated using JDK default providers are not affected by this change.
JDK-8168714 (not public)


core-libs/java.net
Additional access restrictions for URLClassLoader.newInstance
Class loaders created by the java.net.URLClasslasses from a list of given URLs. If the calling code does not have access to one or more of the URLs and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a Sege can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions system property.
JDK-8151934 (not public)

core-libs/java.util.logging
A new configurable property in logging.properties java.util.logging.FileHandler.maxLocks
A new "java.util.logging.FileHandler.maxLocks" configurable property is added to java.util.logging.FileHandler.

This new logging property can be defined in the logging configuration file and makes it possible to configure the maximum number of concurrent log file locks a FileHandler can handle. The default value is 100.

In a highly concurrent environment where multiple (more than 101) standalone client applications are using the JDK Logging API with FileHandler simultaneously, it may happen that the default limit of 100 is reached, resulting in a failure to acquire FileHandler file locks and causing an IO Exception to be thrown. In such a case, the new logging property can be used to increase the maximum number of locks before deploying the application.

If not overridden, the default value of maxLocks (100) remains unchanged. See java.util.logging.LogManager and java.util.logging.FileHandler API documentation for more details.
See JDK-8153955

Bug Fixes

The following are some of the notable bug fixes included in this release:

client-libs/javax.swing
Trackpad scrolling of text on OS X 10.12 Sierra is very fast
The MouseWheelEvent.getWheelRotation() method returned rounded native NSEvent deltaX/Y events on Mac OS X. The latest macOS Sierra 10.12 produces very small NSEvent deltaX/Y values so rounding and summing them leads to the huge value returned from the MouseWheelEvent.getWheelRotation(). The JDK-8166591 fix accumulates NSEvent deltaX/Y and the MouseWheelEvent.getWheelRotation() method returns non-zero values only when the accumulated value exceeds a threshold and zero value. This is compliant with the MouseWheelEvent.getWheelRotation() specification (https://docs.oracle.com/javase/8/docs/api/java/awt/event/MouseWheelEvent.html#getWheelRotation):

"Returns the number of "clicks" the mouse wheel was rotated, as an integer. A partial rotation may occur if the mouse supports a high-resolution wheel. In this case, the method returns zero until a full "click" has been accumulated."

For the precise wheel rotation values, use the MouseWheelEvent.getPreciseWheelRotation() method instead.
See JDK-8166591

This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u121 Bug Fixes page.


Known Issues

deploy/packager
javapackager and fx:deploy bundle the whole JDK instead of JRE
There is a known bug in the Java Packager for Mac where the entire JDK may be bundled with the application bundle resulting in an unusually large bundle. The work around is to use the bundler option -Bruntime option. For example: -Bruntime=JavaAppletPlugin.plugin sets where the JavaAppletPlugin.plugin for the desired JRE to bundle is located in the current directory.
See JDK-8166835

install/install
Java Installation will fail for non-admin users with UAC off
The Java installation on Windows will fail without warning or prompting, for non-admin users with User Access Control (UAC) disabled. The installer will leave a directory, jds<number>.tmp, in the %TEMP% directory.
JDK-8161460 (not public)
2017-02-04 01:16:30 +00:00
joerg
d5dda6cf05 Fix portability issues. Bump revision, since the preprocessor definition
potentially changes the package.
2016-12-15 23:56:53 +00:00
ryoon
3a9178780f Update to 1.8.112
* Include a patch from PR pkg/51221

Changelog:
security-libs/java.security
SunPKCS11 Provider no longer offering SecureRandom by default
SecureRandom.PKCS11 from the SunPKCS11 Provider is disabled by default on Solaris because the native PKCS11 implementation has poor performance and is not recommended. If your application requires SecureRandom.PKCS11, you can re-enable it by removing "SecureRandom" from the disabledMechanisms list in conf/security/sunpkcs11-solaris.cfg

Performance improvements have also been made in the java.security.SecureRandom class. Improvements in the JDK implementation have allowed for synchronization to be removed from the java.security.SecureRandom.nextBytes(byte[] bytes) method.
See JDK-8098581

Fix following security bugs:
CVE-2016-5556
CVE-2016-5582
CVE-2016-5573
CVE-2016-5597
CVE-2016-5554
CVE-2016-5542
2016-10-27 13:06:42 +00:00
wiz
56661f0075 Recursive bump for cups openssl -> gnutls change. 2016-09-20 11:12:22 +00:00
ryoon
bf5dc979ee Update to 1.8.102
Changelog:
IANA Data 2016d
JDK 8u102 contains IANA time zone data version 2016d. For more
information, refer to Timezone Data Versions in the JRE Software.
See JDK-8151876


Enhancements

core-libs/java.lang.invoke
Internal package sun.invoke.anon has been removed
The internal package sun.invoke.anon has been removed. The
functionality it used to provide, namely anonymous class loading
with possible constant pool patches, is available via the
Unsafe.defineAnonymousClass() method.
See JDK-8081512


hotspot/runtime
New property jdk.lang.processReaperUseDefaultStackSize
When a large TLS (Thread local storage) size is set for Threads,
the JVM results in a stack overflow exception. The reason for this
behavior is that the reaper thread was created with a low stack
size of 32768k. When a large TLS size is set, it steals space from
the threads stack, which eventually results in a stack overflow.
This is a known glibc bug.  To overcome this issue, we have introduced
a workaround (jdk.lang.processReaperUseDefaultStackSize) in which
the user can set the reaper threads stack size to a default instead
of to 32768. This gives the reaper thread a bigger stack size, so
for a large TLS size, such as 32k, the process will not fail.
Users can set this flag in one of two ways:
1. -Djdk.lang.processReaperUseDefaultStackSize=true
2. System.setProperty("jdk.lang.processReaperUseDefaultStackSize",
"true")
The problem has been observed only when JVM is started from JNI
code in which TLS is declared using "__thread"
See JDK-8130425


hotspot/compiler
Implemented performance improvements for BigInteger.montgomeryMultiply
We have implemented improvements that will improve performance of
several security algorithms, especially when using ciphers with
key lengths of 2048-bit or greater. To turn on these improvements,
use the options -XX:+UseMontgomeryMultiplyIntrinsic and
-XX:+UseMontgomerySquareIntrinsic. This improvement is only for
Linux and Solaris on x86_64 architecture.
See JDK-8130150


Changes
security-libs/javax.crypto
MSCAPI KeyStore can handle same-named certificates
Java SE KeyStore does not allow certificates that have the same
aliases
(http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html).
However, on Windows, multiple certificates stored in one keystore
are allowed to have non-unique friendly names.The fix for JDK-6483657
makes it possible to operate on such non-uniquely named certificates
through the Java API by artificially making the visible aliases
unique.

Please note, this fix does not enable creating same-named certificates
with the Java API. It only allows you to deal with same-named
certificates that were added to the keystore by 3rd party tools.

It is still recommended that your design not use multiple certificates
with the same name. In particular, the following sentence will not
be removed from the Java documentation:  "In order to avoid problems,
it is recommended not to use aliases in a KeyStore that only differ
in case."
(http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html)
See JDK-6483657


security-libs/javax.net.ssl
Modify requirements on Authority Key Identifier extension field
during X509 certificate chain building
The requirement to have the Authority Key Identifier (AKID) and
Subject Key Identifier (SKID) fields matching when building X509
certificate chains has been modified for some cases.
See JDK-8072463


hotspot/gc
Providing more granular levels for GC verification
This enhancement provides a way to specify more granular levels
for the GC verification enabled using the VerifyBeforeGC, VerifyAfterGC,
and VerifyDuringGC diagnostic options. It introduces a new diagnostic
option VerifySubSet with which one can specify the subset of the
memory system that should be verified.

With this new option, one or more sub-systems can be specified in
a comma separated string. Valid memory sub-systems are: threads,
heap, symbol_table, string_table, codecache, dictionary,
classloader_data_graph, metaspace, jni_handles, c-heap, and
codecache_oops.

During the GC verification, only the sub-systems specified using
VerifySubSet get verified:

D:\\tests>java -XX:+UnlockDiagnosticVMOptions -XX:+VerifyBeforeGC
-XX:VerifySubSet="threads,c-heap" -Xlog:gc+verify=debug Test
[0.095s][debug ][gc,verify] Threads
[0.099s][debug ][gc,verify] C-heap
[0.105s][info ][gc,verify] Verifying Before GC (0.095s, 0.105s) 10.751ms
[0.120s][debug ][gc,verify] Threads
[0.124s][debug ][gc,verify] C-heap
[0.130s][info ][gc,verify] Verifying Before GC (0.120s, 0.130s) 9.951ms
[0.148s][debug ][gc,verify] Threads
[0.152s][debug ][gc,verify] C-heap

If any invalid memory sub-systems are specified with VerifySubSet,
the Java process exits with the following error message:

D:\\tests>java -XX:+UnlockDiagnosticVMOptions -XX:+VerifyBeforeGC
-XX:VerifySubSet="threads,c-heap,hello" -Xlog:gc+verify=debug oom
Error occurred during initialization of VM VerifySubSet: 'hello'
memory sub-system is unknown, please correct it
See JDK-8072725


hotspot/compiler
Removed PICL warning message
In 8u40 and 7u80, a new feature was introduced to use the PICL
library on Solaris to get some system information. If this library
was not found, we printed an error message:

Java HotSpot(TM) Server VM warning: PICL (libpicl.so.1) is missing.
Performance will not be optimal.

This warning was misleading. Not finding the PICL library is a very
minor issue, and the warnings mostly lead to confusion. In this
release, the warning was removed.
See JDK-8144957


core-libs/javax.naming
Improved exception handling for bad LDAP referral replies
The JDK was throwing a NullPointerException when a non-compliant
REFERRAL status result was sent but no referral values were included.
With this change, a NamingException with message value of "Illegal
encoding: referral is empty" will be thrown in such circumstances.
See JDK-8149450 and JDK-8154304


Bug Fixes

The following are some of the notable bug fixes included in this
release:

security-libs/javax.net.ssl
Fix to resolve "Unable to process PreMasterSecret, may be too big"
issue
Recent JDK updates introduced an issue for applications that depend
on having a delayed provider selection mechanism. The issue was
introduced in JDK 8u71, JDK 7u95 and JDK 6u111. The main error seen
corresponded to an exception like the following :

handling exception: javax.net.ssl.SSLProtocolException: Unable to
process PreMasterSecret, may be too big

See JDK-8149017

This release also contains fixes for security vulnerabilities
described in the Oracle Java SE Critical Patch Update Advisory.
For a more complete list of the bug fixes included in this release,
see the JDK 8u102 Bug Fixes page.
2016-08-15 19:09:38 +00:00
abs
42532db73f Add jcmd to JAVA_WRAPPERS, bump PKGREVISION 2016-08-11 15:34:29 +00:00
jperkin
3a128d6bea Fix zlib detection. Use correct strip flag on SunOS. 2016-07-19 12:32:15 +00:00
jperkin
6f53eaeb4e Allow passing LIBZ in the environment. Skip checking libinstrument.so
which is resolved at runtime.  Fixes build on SunOS at least.
2016-07-05 14:32:21 +00:00
tnn
b537f8912d paxctl needs to go before shell script switcheroos take place 2016-06-10 10:12:49 +00:00
pgoyette
cea1e156c3 Also mark with 'paxctl +m' the copies of binaries that are placed in
the java/openjdk8/jre/bin/ directory.  In particular, apache-ant will
execute java from this directory rather than the copy in the non-jre
directory!

Bump package revision.

Fixes my problem building misc/libreoffice.
2016-06-01 00:40:40 +00:00
wiz
02bddc8c89 Add some paxctls to fix build on NetBSD-current.
Bump PKGREVISION.
2016-05-27 04:57:16 +00:00
ryoon
5f4cdebfec Update to 1.8.92
Changelog:
Bug Fixes

The following table lists the bug fixes included in JDK 8u92 release:

Bug Id 	Category 	Subcategory 	Description
JDK-8041900 	client-libs 	2d 	[macosx] Java forces the use of discrete GPU
JDK-8132890 	client-libs 	2d 	Text Overlapping on Dot Matrix Printers
JDK-8132503 	client-libs 	java.awt 	[macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X
JDK-8138764 	client-libs 	java.awt 	In some cases the usage of TreeLock can be replaced by other synchronization
JDK-8041501 	client-libs 	javax.imageio 	ImageIO reader is not capable of reading JPEGs without JFIF header
JDK-8134828 	client-libs 	javax.swing 	Scrollbar thumb disappears with Nimbus L&F
JDK-8131129 	core-libs 	java.lang.invoke 	Attempt to define a duplicate BMH$Species class
JDK-8067800 	core-libs 	java.time 	Clarify java.time.chrono.Chronology.isLeapYear for out of range years
JDK-8062901 	core-libs 	java.util 	Iterators is spelled incorrectly in the Javadoc for Spliterator
JDK-8140587 	core-libs 	java.util.concurrent 	Atomic*FieldUpdaters should use Class.isInstance instead of direct class check
JDK-8145539 	core-libs 	java.util:collections 	(coll) AbstractMap.keySet and .values should not be volatile
JDK-8143297 	core-libs 	jdk.nashorn 	Nashorn compilation time reported in nanoseconds
JDK-8143896 	core-libs 	jdk.nashorn 	java.lang.Long is implicitly converted to double
JDK-8144020 	core-libs 	jdk.nashorn 	Remove long as an internal numeric type
JDK-8144131 	core-libs 	jdk.nashorn 	ArrayData.getInt implementations do not convert to int32
JDK-8146147 	core-libs 	jdk.nashorn 	Java linker indexed property getter does not work for computed nashorn string
JDK-8147845 	core-libs 	jdk.nashorn 	Varargs Array functions still leaking longs
JDK-8147857 	core-svc 	javax.management 	RMIConnector logs attribute names incorrectly
JDK-8140244 	core-svc 	tools 	Port fix of JDK-8075773 to AIX and possibly MacOSX
JDK-8139773 	deploy 	  	Add more debug traces to deployment registration process (RegFx.cpp)
JDK-8142982 	deploy 	  	Race Condition can cause CacheEntry.getJarSigningData() to return null.
JDK-8143294 	deploy 	  	cookie handler can't get JSESSIONID on linux
JDK-8145217 	deploy 	  	Fix GenericCookieHandlerTest
JDK-8143314 	deploy 	packager 	Runtime not respected with INI-configuration while creating native bundle
JDK-8139389 	deploy 	webstart 	Register a protocol handler for Java Webstart
JDK-6869327 	hotspot 	compiler 	Add new C2 flag to keep safepoints in counted loops.
JDK-8058563 	hotspot 	compiler 	InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries
JDK-8080650 	hotspot 	compiler 	Enable stubs to use frame pointers correctly
JDK-8129847 	hotspot 	compiler 	Compiling methods generated by Nashorn triggers high memory usage in C2
JDK-8131782 	hotspot 	compiler 	C1 Class.cast optimization breaks when Class is loaded from static final
JDK-8139421 	hotspot 	compiler 	PPC64LE: MacroAssembler::bxx64_patchable kills register R12
JDK-8140483 	hotspot 	compiler 	Atomic*FieldUpdaters final fields should be trusted
JDK-8144487 	hotspot 	compiler 	PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true
JDK-8144935 	hotspot 	compiler 	C2: safepoint is pruned from a non-counted loop
JDK-8145754 	hotspot 	compiler 	PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI
JDK-8065579 	hotspot 	gc 	WB method to start G1 concurrent mark cycle should be introduced
JDK-8138966 	hotspot 	gc 	Intermittent SEGV running ParallelGC
JDK-8145442 	hotspot 	gc 	Add the facility to verify remembered sets for G1
JDK-8029630 	hotspot 	runtime 	Thread id should be displayed as hex number in error report
JDK-8046611 	hotspot 	runtime 	Build errors with gcc on sparc/fastdebug
JDK-8087120 	hotspot 	runtime 	[GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms
JDK-8138745 	hotspot 	runtime 	Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot
JDK-8139258 	hotspot 	runtime 	PPC64LE: argument passing problem when passing 15 floats in native call
JDK-8143963 	hotspot 	runtime 	improve ClassLoader::trace_class_path to accept an additional outputStream* arg
JDK-8029726 	hotspot 	svc 	On OS X some dtrace probe names are mismatched with Solaris
JDK-8029727 	hotspot 	svc 	On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired.
JDK-8029728 	hotspot 	svc 	On OS X dtrace probes SetStaticBooleanField are not fired
JDK-8130910 	hotspot 	svc 	hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions
JDK-8140031 	hotspot 	svc 	SA: Searching for a value in Threads does not work
JDK-8144885 	hotspot 	svc 	agent/src/os/linux/libproc.h needs to support Linux/SPARC builds
JDK-8145099 	hotspot 	svc 	Better error message when SA can't attach to a process
JDK-8074935 	security-libs 	java.security 	jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
JDK-8139436 	security-libs 	java.security 	sun.security.mscapi.KeyStore might load incomplete data
JDK-8064330 	security-libs 	javax.net.ssl 	Remove SHA224 from the default support list if SunMSCAPI enabled
JDK-8131665 	security-libs 	javax.net.ssl 	Bad exception message in HandshakeHash.getFinishedHash
JDK-8136442 	security-libs 	javax.net.ssl 	Don't tie Certificate signature algorithms to ciphuites
JDK-8038184 	security-libs 	javax.xml.crypto 	XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
JDK-8038349 	security-libs 	javax.xml.crypto 	Signing XML with DSA throws Exception when key is larger than 1024 Exception when calling super with Object<>()
JDK-8066974 	tools 	javac 	Compiler doesn't infer method's generic type information in lambda body
JDK-8068254 	tools 	javac 	Method reference uses wrong qualifying type
JDK-8130506 	tools 	javac 	javac Assertien invoking MethodHandle.invoke with lambda parameter
JDK-8134007 	tools 	javac 	Improve string folding
JDK-8134759 	tools 	javac 	jdb: Incorrect stepping inside finally block
JDK-8139751 	tools 	javac 	Javac crash with -XDallowStringFolding=false
JDK-8145466 	tools 	javac 	javac: No line numbers in compilation error
JDK-8145722 	tools 	javadoc(tool) 	NullPointerException in javadoc
JDK-8133924 	xml 	jaxp 	NPE may be thrown when xsltc select a non-existing node after JDK-8062518
2016-05-06 13:37:01 +00:00
ryoon
a238f3c33d Bump PKGREVISION from /dev/urandom use on *BSD
Originally reported from abs@ on tech-pkg@.

From random(4) man page:
     Applications should read from /dev/urandom when they need randomly
     generated data, e.g. key material for cryptography or seeds for
     simulations.
2016-04-29 09:38:19 +00:00
ryoon
fe0e63b472 Update to 1.8.77
Changelog:
Fix CVE-2016-0636
2016-03-28 10:43:25 +00:00
tnn
b71586484d try harder to find system's zlib 2016-03-11 07:02:59 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
ryoon
1d0e3cbc46 Update to 1.8.74
Changelog:
Bug Fixes
BugId 	Category 	Subcategory 	Description
8144963 	deploy 	webstart 	Javaws checks jar files twice if JVM needs to be restarted
8140291
(Confidential) 	deploy 	webstart 	(JWS)LazyRootStore leak when calling getResourceAsStream on non-class resource
8142982 	deploy 	webstart 	Race Condition can cause CacheEntry.getJarSigningData() to return null.

Fixed security bugs:
CVE-2016-0603
2016-02-19 22:59:27 +00:00
ryoon
07e9c57d28 Update to 1.8.72
Changelog:
Fix following security vulnerabilities:
CVE-2016-0499
CVE-2015-4925
CVE-2016-0472
CVE-2015-4921
CVE-2016-0467
CVE-2016-0461
CVE-2015-4923

Bug fixes:
Bug Id		Category	Subcategory	Description
JDK-8133917	client-libs	 	Please backport X11FontManager refactor to Java 8!
JDK-8130136	client-libs	2d	Swing window sometimes fails to repaint partially when it becomes exposed
JDK-8132850	client-libs	2d	java.lang.ArrayIndexOutOfBoundsException during text rendering with many fonts installed
JDK-8137106	client-libs	2d	EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+
JDK-8065081	client-libs	demo	Intermittent NPE in Java2Demo applet on Stop/Restart in appletviewer
JDK-8081485	client-libs	java.awt	EDT auto shutdown is broken in case of new event queue usage
JDK-8081787	client-libs	java.awt	[macosx] MalformedURLException is thrown during reading data for application/x-java-url;class=java.net.URL flavor
JDK-8086038	client-libs	java.awt	[macosx] No available data flavors when copying from Microsoft Word for Mac
JDK-8130776	client-libs	java.awt	Remove EmbeddedFrame.requestFocusToEmbedder() method
JDK-8132382	client-libs	java.awt	[macosx] Crash during JMC or JavaFX execution when NSApplication is controlled by SWT or JavaFX libraries
JDK-8136763	client-libs	java.awt	[macosx] java always returns only one value for "text/uri-list" dataflavor even if several files were copied
JDK-8134828	client-libs	javax.swing	Scrollbar thumb disappears with Nimbus L&F
JDK-8134917	client-libs	javax.swing	[macosx] JOptionPane doesn't receive mouse events when opened from a drop event
JDK-8134356	core-libs	 	{@code} tag contains &lt; and &gt; sequences
JDK-8134569	core-libs	 	Add tests for prototype callsites
JDK-8134939	core-libs	 	Improve toString method of Dynalink DynamicMethod objects
JDK-8133249	core-libs	java.io	Occasional SIGSEGV: non thread-safe use of strerr in getLastErrorString
JDK-8073644	core-libs	java.lang.invoke	Assertion in LambdaFormEditor.bindArgumentType is too strict
JDK-8030785	core-libs	java.lang:reflect	Missing "since 1.8" javadoc for java.lang.reflect.Method:getParameterCount
JDK-8072466	core-libs	java.net	Deadlock when initializing MulticastSocket and DatagramSocket
JDK-8087190	core-libs	java.net	Regression in sun.net.util.IPAddressUtil.isIPv4LiteralAddress(String)
JDK-8133015	core-libs	java.net	InetAddress.isReachable(tmout) returning wrong value on Windows for IPv6
JDK-8143397	core-libs	java.net	It looks like InetAddress.isReachable(timeout) works incorrectly
JDK-6857566	core-libs	java.nio	(bf) DirectByteBuffer garbage creation can outpace reclamation
JDK-8029516	core-libs	java.nio	(fs) WatchKey cancel unreliable on Windows
JDK-8034057	core-libs	java.nio	Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win)
JDK-8080115	core-libs	java.nio	(fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads
JDK-8130274	core-libs	java.nio	java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal
JDK-8133232	core-libs	java.nio	[fs] Regex has redundant | in the char class
JDK-8133647	core-libs	java.nio	(ch) Test java/nio/channels/AsynchronousSocketChannel/StressLoopback.java fails for Windows XP
JDK-8137121	core-libs	java.nio	(fc) Infinite loop FileChannel.truncate
JDK-8138819	core-libs	java.nio	(se) File descriptor leak when Selector.open fails
JDK-8081794	core-libs	java.text	ParsePosition getErrorIndex returns 0 for TimeZone parsing problem
JDK-8074032	core-libs	java.time	Instant.ofEpochMilli(millis).toEpochMilli() can throw arithmetic overflow in toEpochMilli()
JDK-8133022	core-libs	java.time	Instant.toEpochMilli() silently overflows
JDK-8139107	core-libs	java.time	DateTimeFormatter with Locale.UK throw a NullPointerException when parsing zone
JDK-6907252	core-libs	java.util.jar	ZipFileInputStream Not Thread-Safe
JDK-8038502	core-libs	java.util.jar	Deflater.needsInput() should use synchronization
JDK-8134505	core-libs	java.util:i18n	Cleanup of "TimeZone_md.c"
JDK-8129957	core-libs	javax.naming	Deadlock in JNDI LDAP implementation when closing the LDAP context
JDK-8027137	core-libs	jdk.nashorn	Merge ScriptFunction and ScriptFunctionImpl
JDK-8055917	core-libs	jdk.nashorn	jdk.nashorn.internal.codegen.CompilationPhase$N should be renamed to proper classes
JDK-8068901	core-libs	jdk.nashorn	Surprising behavior with more than one functional interface on a class
JDK-8068903	core-libs	jdk.nashorn	Can't invoke vararg @FunctionalInterface methods
JDK-8073613	core-libs	jdk.nashorn	Here documents: how to avoid string interpolation?
JDK-8073733	core-libs	jdk.nashorn	TypeError messages with "call" and "new" could be improved
JDK-8087292	core-libs	jdk.nashorn	nashorn should have a "fail-fast" option for scripting, analog to bash "set -e"
JDK-8087312	core-libs	jdk.nashorn	PropertyMapWrapper.equals should compare className
JDK-8114838	core-libs	jdk.nashorn	Anonymous functions escape to surrounding scope when defined under "with" statement
JDK-8129950	core-libs	jdk.nashorn	Wrong condition for checking absence of logger in MethodHandleFactory
JDK-8129959	core-libs	jdk.nashorn	DebugLogger has unnecessary API methods
JDK-8130234	core-libs	jdk.nashorn	Get rid of JSType.isNegativeZero
JDK-8130307	core-libs	jdk.nashorn	improve Nashorn Javadoc target
JDK-8130424	core-libs	jdk.nashorn	if directory specified with --dest-dir does not exist, only .class files are dumped and .js files are not
JDK-8130476	core-libs	jdk.nashorn	Remove unused methods in Global.java
JDK-8130663	core-libs	jdk.nashorn	6 fields can be static fields in Global class
JDK-8130853	core-libs	jdk.nashorn	Non-extensible global is not handled property
JDK-8131039	core-libs	jdk.nashorn	after adding a function property to Object.prototype, JSON.parse with reviver function goes into infinite loop
JDK-8131340	core-libs	jdk.nashorn	Varargs function is recompiled each time it is linked
JDK-8131683	core-libs	jdk.nashorn	Delete fails over multiple scopes
JDK-8133119	core-libs	jdk.nashorn	Error message associated with TypeError for call and new should include stringified Node
JDK-8133300	core-libs	jdk.nashorn	Ensure symbol table immutability in Nashorn AST
JDK-8133785	core-libs	jdk.nashorn	SharedScopeCall should be enabled for non-optim call sites even with optimistic compilation
JDK-8134150	core-libs	jdk.nashorn	Make Nashorn Timing class both threadsafe and efficient
JDK-8134484	core-libs	jdk.nashorn	disallow backquotes as heredoc end marker delimiters
JDK-8134488	core-libs	jdk.nashorn0	core-libs	jdk.nashorn	Dead var statement evacuation incorrectly descends into nested functions
JDK-8134502	core-libs	jdk.nashorn	introduce abstraction for basic NodeVisitor usage
JDK-8134609	core-libs	jdk.nashorn	Allow constructors with same prototoype e-libs	jdk.nashorn	Defer stack trace walking of NashornException for extracting line number and file name
JDK-8134931	core-libs	jdk.nashorn	jdk.nashorn.internal.codegen.TypeMap should not use Map
JDK-8134973	core-libs	jdk.nashorn	Control flow exceptions s
JDK-8135075	core-libs	jdk.nashorn	Reorder short-circuit tests in ApplySpecialization to run cheapest first
JDK-8135190	core-libs	jdk.nashorn	Method code too large in Babel browser.js script
JDK-8135262	core-libs	jdk.nashorn	Sanitize CodeInstaller and ComJDK-8135337	core-libs	jdk.nashorn	NativeDebug.dumpCounters with incorrect scope count
JDK-8136349	core-libs	jdk.nashorn	Typos patch for nashorn sources submitted on Sep 10, 2015
JDK-8136544	core-libs	jdk.nashorn	Call site switching to megamorphic causes incorrect property read
JDK-8136694	core-libs	jdk.nashorn	Megemorphic scope access does not throw ReferenceError when property is missing
JDK-8137258	core-libs	jdk.nashorn	JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects
JDK-8137281	core-libs	jdk.nashorn	OutOfMemoryError with large numeric keys in JSON.parse
JDK-8137333	core-libs	jdk.nashorn	Boundless soft caching of property map histories causes high memory pressure
JDK-8138616	core-libs	jdk.nashorn	invokeFunction fails if function calls a function defined in GLOBAL_SCOPE
JDK-8138632	core-libs	jdk.nashorn	Sparse array does not handle growth of underlying dense array
JDK-8074696	core-svc	debugger	Remote debugging session hangs for several minutes when calling findBootType
JDK-8074368	core-svc	java.lang.management	ThreadMXBean.getThreadInfo() corrupts memory when called with empty array for thread ids
JDK-8133666	core-svc	java.lang.management	OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux
JDK-8075773	core-svc	tools	jps running as root fails after the fix of JDK-8050807
JDK-8139613	deploy	 	push of backport of JDK-8081846 broke build
JDK-8138650	deploy	packager	Packager cannot bundle Mac App Store Apps because JavaFX WebKit uses apple private APIs
JDK-8133985	deploy	plugin	"Apply" button is permanently disabled in JCP, after roaming profile option is changed
JDK-8134109	deploy	plugin	Applet2Manager.getMainDeploymentRuleSet ignores jar version.
JDK-8134495	deploy	plugin	Cannot enable debugging on JNLP applet with java-vm-args params
JDK-7156268	deploy	webstart	app is stuck when launching with javaagent if there is no jre info in deployment.properties
JDK-8055464	deploy	webstart	Add a URL scheme handler to reliably launch .jnlp files - java part
JDK-8056013	deploy	webstart	Web Start looks in currently directory for all classes prior to jars - slow
JDK-8077380	deploy	webstart	JNLPSigning exception when signed jnlp is launched from local tomcat server
JDK-8081846	deploy	webstart	Add a URL scheme handler to reliably launch .jnlp files - Windows registration part
JDK-8135115	deploy	webstart	DRS1.3: App is not blocked when there is a invalid attribute in jnlp-checksum
JDK-8135227	deploy	webstart	DRS 1.3 enhancements doesn't work as expected when load no href jnlp by "javaws <local_path_of_jnlp_file>"
JDK-8136906	deploy	webstart	Extreme Application Startup Time due to frequent requests for the jnlp-6.0.dtd
JDK-8139323	deploy	webstart	JNLPSignedResourcesHelperTest shows regression caused by JDK-8129600
JDK-8140264	deploy	webstart	create junit test for JDK-8136906
JDK-8140740	deploy	webstart	Test jnlp_file/applicationDesc/index.html\#args is failing
JDK-8011858	hotspot	compiler	Use Compile::live_nodes() instead of Compile::unique() in appropriate places
JDK-8058737	hotspot	compiler	CodeCache::find_blob fails with 'unsafe access to zombie method'
JDK-8075805	hotspot	compiler	Crash while trying to release CompiledICHolder
JDK-8134031	hotspot	compiler	Incorrect JIT compilation of complex code with inlining and escape analysis
JDK-8134493	hotspot	compiler	Cleaning inline caches of unloaded nmethods should be done in sweeper
JDK-8133193	hotspot	gc	Memory leak in G1 because G1RootProcessor doesn't have desctructor
JDK-8029453	hotspot	runtime	java/util/concurrent/locks/ReentrantLock/TimeoutLockLoops.java failed by timeout
JDK-8135002	hotspot	runtime	Fix or remove broken links in objectMonitor.cpp comments
JDK-8139150	hotspot	runtime	ClassVerifier frees exception message while it's still in use
JDK-8140249	hotspot	runtime	JVM Crashing During startUp If Flight Recording is enabled
JDK-7194452	security-libs	java.security	Remove "Reverse" PKIX CertPathBuilder implementation
JDK-8130875	security-libs	java.security	Ucrypto library leaks memory when null output buffer is specified
JDK-8136534	security-libs	java.security	Loading JKS keystore using non-null InputStream results in closed stream
JDK-8132551	security-libs	javax.crypto:pkcs11	Initialize local variables before returning them in p11_convert.c
JDK-8067422	tools	javac	Lambda method names are unnecessarily unstable
JDK-8071291	tools	javac	Compiler crashes trying to cast UnionType to IntersectionClassType
JDK-8073519	xml	jaxb	schemagen does not report errors while generating xsd files
2016-02-08 14:45:39 +00:00
asau
4bea9fab73 Bring build dependency on "mozilla-rootcerts" back.
(It is easily confused with "mozilla-rootcerts-openssl" though...)
2015-12-14 23:05:11 +00:00
asau
0f4ac94313 Don't depend on mozilla-rootcerts. 2015-12-13 16:08:26 +00:00
tnn
979a3a50cf adjust update version like openjdk7/Makefile v1.103 2015-11-03 17:57:47 +00:00
ryoon
c3a28cc982 Update to 1.8.66
Changelog:
http://www.oracle.com/technetwork/java/javase/8u66-relnotes-2692847.html
New Features and Changes

The following are some of the notable new features and changes in this release:


Support ISO 4217 "Current funds codes" table (A.2)

This enhancement adds support for ISO 4217 table A.2 fund codes. Previously the JDK only supported those currencies listed in table A.1.

See JDK-8074350.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory. For a list of bug fixes included in this release, see JDK 8u66 Bug Fixes page.

The following are some of the notable bug fixes included in this release:

Hotspot should use PICL interface to get cacheline size on SPARC The libpicl library is now required on Solaris/SPARC to determine the size of the cache lines. In case the library is not present or the PICL service is not available the JVM will display a warning and compiler optimizations that utilize the BIS (Block Initializing Store) instruction will be turned off.

See JDK-8056124.



Preloading libjsig.dylib causes deadlock when signal() is called

Applications need to preload the libjsig library to enable signal chaining. Previously, on OS X, after libjsig.dylib was preloaded, any call from native code to signal() caused a deadlock. This has been corrected.

See JDK-8072147.


VM crash when class is redefined with Instrumentation.redefineClasses

The JVM could crash when a class was redefined with Instrumentation.redefineClasses(). The crash could either be a segmentation fault at SystemDictionary::resolve_or_null, or an internal error with the message "tag mismatch with resolution error table". This has now been fixed .

See JDK-8076110.


JDK-8087201 	client-libs 	2D
OGL: rendering of lcd text is slow
JDK-8130938 	client-libs 	2D 	[solaris] Incomplete 8ux fix for 8071710: libfontmanager & t2k should link against headless awt on solaris
JDK-8037371 	client-libs 	java.awt 	[macosx] Test closed/java/awt/dnd/ImageTransferTest/ImageTransferTest.html fails
JDK-8131752 	client-libs 	java.awt 	[Regression] Test java/awt/GraphicsDevice/CheckDisplayModes.java fails
JDK-8134453 	client-libs 	javax.accessibility 	JAWS crashes in WindowsAccessBridge.DLL on 32 bit 8u60 running on 32 bit Win 7
JDK-8134403 	core-libs 	jdk.nashorn 	Nashorn react.js benchmark performance regression
JDK-8079618 	deploy 	plugin 	AccessControlException with deployment cache and RMI
JDK-8135116 	globalization 	translation 	[de] Missing the link of license agreement
JDK-6904403 	hotspot 	jvmti 	assert(f == k->has_finalizer(),"inconsistent has_finalizer") with debug VM
JDK-8048353 	hotspot 	runtime 	jstack -l crashes VM when a Java mirror for a primitive type is locked
JDK-8072147 	hotspot 	runtime 	Preloading libjsig.dylib causes deadlock when signal() is called
JDK-8076110 	hotspot 	runtime 	VM crash when class is redefined with Instrumentation.redefineClasses
JDK-8133191 	install 	  	NVDA screen reader and JAWS can't read the "Look and Feel" Selections.
JDK-8078495 	security-libs 	org.ietf.jgss:krb5 	End time checking for native TGT is wrong
JDK-8131907 	xml 	jaxp 	Numerous threads lock during XML processing while running Weblogic 12.1.3

Fixed securty bugs:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4835
CVE-2015-4881
CVE-2015-4843
CVE-2015-4883
CVE-2015-4860
CVE-2015-4805
CVE-2015-4844
CVE-2015-4901
CVE-2015-4868
CVE-2015-4810
CVE-2015-4806
CVE-2015-4871
CVE-2015-4902
CVE-2015-4840
CVE-2015-4882
CVE-2015-4842
CVE-2015-4734
CVE-2015-4903
CVE-2015-4803
CVE-2015-4893
CVE-2015-4911
CVE-2015-4872
CVE-2015-4906
CVE-2015-4916
CVE-2015-4908
2015-11-03 07:27:21 +00:00
tnn
c83ce72ecf Fix Makefile 1.18 Differently. We do need to use GNU_CONFIGURE=yes,
because this is a GNU configure script and without it we do not get
config.{sub,guess} overrides.

Instead, pass --disable-option-checking to the configure script so that
unrecognized options that appear when using pkgsrc iconv are discarded.
2015-10-22 23:01:52 +00:00
ryoon
e1f27d1fc7 Update to 1.8.60
Changelog:
From: https://www.java.com/en/download/faq/release_changes.xml
Java 8 Update 60 (8u60)
Release Highlights

    IANA Data 2015e
    JDK 8u60 contains IANA time zone data version 2015e. For more information, refer to Timezone Data Versions in the JRE Software.
    Bug Fix: dns_lookup_realm should be false by default
    The dns_lookup_realm setting in Kerberos' krb5.conf file is by default false. See 8080637.
    Bug Fix: Disable RC4 cipher suites
    RC4-based TLS ciphersuites (e.g. TLS_RSA_WITH_RC4_128_SHA) are now considered compromised and should no longer be used (see RFC 7465). Accordingly, RC4-based TLS ciphersuites have been deactivated by default in the Oracle JSSE implementation by adding "RC4" to "jdk.tls.disabledAlgorithms" security property, and by removing them from the default enabled ciphersuites list. These cipher suites can be reactivated by removing "RC4" form "jdk.tls.disabledAlgorithms" security property in the java.security file or by dynamically calling Security.setProperty(), and also readding them to the enabled ciphersuite list using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods. You can also use the -Djava.security.properties command line option to override the jdk.tls.disabledAlgorithms security property. For example:
    java -Djava.security.properties=my.java.security ...
    where my.java.security is a file containing the property without RC4:
    jdk.tls.disabledAlgorithms=SSLv3
    Even with this option set from commandline, the RC4 based ciphersuites need to be re-added to the enabled ciphersuite list by using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods. See 8076221.
    Bug Fix: Support keystore type detection for JKS and PKCS12 keystores
    Keystore Compatibility Mode: To aid interoperability, the Java keystore type JKS now supports keystore compatibility mode by default. This mode enables JKS keystores to access both JKS and PKCS12 file formats. To disable keystore compatibility mode set the Security property keystore.type.compat to the string value false. See 8062552.
    Bug Fix: Deprecate Unsafe monitor methods in JDK 8u release
    The methods monitorEnter, monitorExit and tryMonitorEnter on sun.misc.Unsafe are marked as deprecated in JDK 8u60 and will be removed in a future release. These methods are not used within the JDK itself and are very rarely used outside of the JDK. See 8069302.
    Bug Fix: Extract JFR recording from the core file using SA
    DumpJFR is a Serviceability Agent based tool that can be used to extract Java Flight Recorder(JFR) data from the core files and live Hotspot processes. DumpJFR can be used in one of the following methods:
        Attach DumpJFR to a live process:

        java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <pid>

        Attach DumpJFR to a core file:

        java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <java> <core>

    DumpJFR tool dumps the JFR data to a file called recording.jfr in the current working folder. See 8065301 (not public).
    Bug Fix: Local variables named 'enum' lead to spurious compiler crashes
    The javac parser is incorrectly parsing local variables with name 'enum'; this results in spurious failures when a program containing such local variables is compiled with a 'source' flag corresponding to a release in which the enum construct is not available (such as '-source 1.4'). See 8069181.

Java Development Kit for ARM Release 8u60

This release includes Java Development Kit for ARM Release 8u60 (JDK 8u60 for ARM). For ARM device support information, see JDK for ARM Downloads page. For system requirements, installation instructions and troubleshooting tips, see Installation Instructions page.

Limitation: Native Memory Tracking support is limited in JDK for ARM. The java command line option XX:NativeMemoryTracking=detail is not supported for ARM targets (an error message is displayed to user). Instead, use the following option:
XX:NativeMemoryTracking=summary
Documentation Updates due to Nashorn Enhancements
JDK 8u60 includes new enhancements to Nashorn. As a result the following documentation changes should be read in conjunction with the current Nashorn documentation:

    Addition: In the previous section, we mentioned that every JavaScript object when exposed to Java APIs implements the java.util.Map interface. This is true even for JavaScript arrays. However, this behavior is often not desired or expected when the Java code expects JSON-parsed objects. Java libraries that manipulate JSON-parsed objects usually expect arrays to expose the java.util.List interface instead. If you need to expose your JavaScript objects so that arrays are exposed as lists and not maps, you can use the Java.asJSONCompatible(obj) function, where obj is the root of your JSON object tree.
    Correction: The caution mentioned at the end of Mapping Data Types section, is no longer applicable. Nashorn ensures that internal JavaScript strings are converted to java.lang.String when exposed externally.
    Correction: The statement in the section Mapping Data Types, that mentions "For example, arrays must be explicitly converted,..." is not correct. Arrays are automatically converted to Java array types, such as java.util.List, java.util.Collection, java.util.Queue and java.util.Deque and so on.

Changes in Deployment Rule Set v1.2
JDK 8u60 implements Deployment Rule Set (DRS) 1.2, which includes the following changes:

    Add "checksum" element as sub element of "id" which can allow unsigned jars to be identified by the SHA-256 checksum of the uncompressed form of a jar:
        The "checksum" element will match only unsigned jars, and the given hash will be compared only against the uncompressed form of the jar.
        The "checksum" element (similar to "certificate" element) has two arguments "hash" and "algorithm", however, unlike "certificate" element, the only supported value for "algorithm" is "SHA-256". Any other value provided will be ignored.
    Allow "message" element to apply to all rule types, where previously it only applied to a block rule:
        In a run rule, a message sub element will cause a message dialog to be displayed where without a run rule, the default behavior would be to show certificate or unsigned dialog. The message will be displayed in the message dialog.
        In a default rule, the message will only be displayed if the default action is to block. In such a case the message will be included in the block dialog.
    Echo "customer" blocks in the Java Console, trace files, and Java Usage Tracker records.
        Previous to DRS 1.2, "customer" elements could be included (with any sub-elements) in the ruleset.xml file. This element and all its sub elements are ignored. In DRS 1.2, the elements are still functionally ignored. However:
            When parsing the ruleset.xml file, all "customer" blocks will be echoed to the Java Console and deployment trace file (if Console and Tracing are enabled).
            When using a rule, all "customer" records included within that rule will be added to the Java Usage Tracker (JUT) record (if JUT is enabled).

As a result of the above changes, the DTD for DRS 1.2 is as follows:

<!ELEMENT ruleset (rule*)>
<!ATTRIBUTE ruleset href CDATA #IMPLIED>
<!ATTRIBUTE ruleset version CDATA #REQUIRED>

<!ELEMENT rule (id, action)>

<!ELEMENT id (certificate?) (checksum?) >
<!ATTRIBUTE id title CDATA #IMPLIED>
<!ATTRIBUTE id location CDATA #IMPLIED>

<!ELEMENT certificate EMPTY>
<!ATTLIST certificate algorithm CDATA #IMPLIED>
<!ATTLIST certificate hash CDATA #REQUIRED>

<!ELEMENT checksum EMPTY>
<!ATTLIST checksum algorithm CDATA #IMPLIED>
<!ATTLIST checksum hash CDATA #REQUIRED>

<!ELEMENT action (message?)>
<!ATTRIBUTE permission (run | block | default) #REQUIRED>
<!ATTRIBUTE version CDATA #IMPLIED>
<!ATTRIBUTE force (true|false) "false">

<!ELEMENT message (#PCDATA)>
<!ATTLIST message locale CDATA #IMPLIED>

Java Expiration Date

The expiration date for 8u60 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u60) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.
Bug Fixes

For a list of bug fixes included in this release, see JDK 8u60 Bug Fixes page.
2015-09-29 14:55:45 +00:00
joerg
b73b4920f2 Scale down the metaspace reservation for compressed class pointers.
This allows the JVM to work properly in a 2GB VA limit. Bump revision.
2015-08-27 19:03:59 +00:00
ryoon
7a4c120600 Update to 1.8.51 (8u51)
Changelog:

Bugfixes
http://www.oracle.com/technetwork/java/javase/2col/8u51-bugfixes-2587594.html
Bug Id	Category	Subcategory	Description
JDK-8071668	client-libs	java.awt	[macosx] Clipboard does not work with 3rd parties Clipboard Managers
JDK-8077685	core-libs	java.util:i18n	(tz) Support tzdata2015d
JDK-8075602	deploy	 	Applet throws java.security AccessControlException in java console when playing it
JDK-8079223	deploy	 	unnecessary performance degradation caused by fix to JDK-8052111
JDK-8069161	deploy	plugin	Slow cache performance since JRE 7u06
JDK-8076343	deploy	plugin	JNLP property apple.laf.useScreenMenuBar no longer treated as secure for Mac OS
JDK-8071897	deploy	webstart	JRE 8U25 and 8u31 b32 cannot launch Java Web Start with proxy pac but works fine for 7u67
JDK-8078815	deploy	webstart	Launching of jnlp app fails with JNLPException
JDK-8035938	hotspot	jvmti	Memory leak in JvmtiEnv::GetConstantPool
JDK-8064546	security-libs	javax.crypto	CipherInputStream throws BadPaddingException if stream is not fully read
JDK-8078439	security-libs	org.ietf.jgss	SPNEGO auth fails if client proposes MS krb5 OID
JDK-8073357	xml	jaxb	schema1.xsd has wrong content. Sequence of the enum values has been changed
JDK-8073385	xml	jaxp	Bad error message on parsing illegal character in XML attribute
JDK-8074297	xml	jaxp	substring in XSLT returns wrong character if string contains supplementary chars

Fix following security bugs.
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
CVE-2015-4760
CVE-2015-2628
CVE-2015-4731
CVE-2015-2590
CVE-2015-4732
CVE-2015-4733
CVE-2015-2638
CVE-2015-4736
CVE-2015-4748
CVE-2015-2597
CVE-2015-2664
CVE-2015-2632
CVE-2015-2601
CVE-2015-2613
CVE-2015-2621
CVE-2015-2659
CVE-2015-2619
CVE-2015-2637
CVE-2015-2596
CVE-2015-4749
CVE-2015-4729
CVE-2015-4000
CVE-2015-2808
CVE-2015-2627
CVE-2015-2625
2015-08-09 17:29:52 +00:00