| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
- extract with bsdtar instead of gtar
- bump rev
|
|
ECL 9.12.3:
===========
* Visible changes:
- When converting rationals to floats, ECL now rounds instead of using the
routine in GMP, which truncates.
- LOAD open streams in buffered mode. It does not cause any significant
performance increase except in broken network filesystems that lack
buffering such as some implementations of NFS.
ECL 9.12.2:
===========
* Bugs fixed:
- RANDOM broken on 64-bits architectures.
- The debugger now shows the package names of inspected variables.
- The code in CLX that dealt with interrupts had become outdated.
* Other changes:
- Methods now show up in the debugger with their original name.
- Enlarged the string buffers used for reading and parsing lisp data.
ECL 9.12.1:
===========
* Platform support:
- Support for Itanium.
- Support for Solaris and SunStudio compiler.
- Support for Microsoft Visual Studio C++ 10 beta.
- Support for Cygwin.
* Visible changes:
- New function EXT:ARRAY-RAW-DATA returns a non-adjustable vector of type
(UNSIGNED-BYTE 8) with the content of an array. The returned array overlaps
with the original, so any change on one will affect the other.
- LOAD works on special files (/dev/null and the like).
- New command line option --version outputs the version number preceded
by the implementation name ("ECL 9.11.1" in this particular release).
- MULTIPLE-VALUE-BIND is optimally replaced with a LET form when the number
of variables is 1.
- ECL now accepts Windows' UNC pathnames.
(with-open-file (s #P"//JUANJO-IMAC/Public Folder/index.html"
:direction :input)
(loop for l = (read-line s nil nil)
while l
do (princ l)))
- The default memory limits are increased up to 512Mb for 32 bit images and
4Gb for 64-bits systems.
- The bignums generated by RANDOM did not contain enough random bits.
* Bugs fixed:
- In single-threaded builds, ECL did not properly restore the signal mask
before jumping out of a signal handler.
- Floating point exceptions were sometimes ignored, leading to infinite loops.
- A new configuration flag is added, --with-dffi. This flag allows
deactivating the foreign function interface when the compiler does not
support inline assembly with the GCC syntax and libffi is not available.
- In a multithreaded ECL, when handling a Ctr-C/SIGINT asynchronous interrupt,
the CONTINUE restart was not always available.
- In cygwin, LOAD was unable to load and execute binary files.
- In cygwin, FASL files can not lack a file extension, because dlopen()
then looks for a file ending in ".dll" and fails.
- In cygwin, files that are dlopen'ed must have executable permissions.
- ECL ignored the IGNORABLE declaration.
- The IGNORE/IGNORABLE declarations accept (but ignore) arguments of the
for (FUNCTION function-name).
- SUBTYPEP caused a SIGSEGV when the input was a not finalized class.
- Due to the SUBTYPEP bug, ECL could not compile DEFMETHOD forms whose
arguments referenced non-finalized classes
- When supplied an error value, (EXT:SAFE-EVAL form env &optional err-value)
never returned the output of the evaluated form.
- FIND-SYMBOL accepted string designators instead of just strings, as
mandated by the ANSI specification.
- APPEND copied also the last argument.
- (LOG #C(x x)) now produces a better result when x == 0
- (ATAN #C(0.0 1.0)) no longer produces an infinite recursion.
- Solved a hard to hit bug in DEFCLASS's routine for detecting collisions in
slot names
- LOG and LOG1P did not work properly with NaNs under linux.
- ECL had problems combining #. and #n=/#n# reader macros.
- FDEFINITION and SYMBOL-FUNCTION caused an incorrect error condition when
acting on NIL.
- The optimizer for TYPEP did not work when passed three arguments.
* Clos:
- CLOS:SET-FUNCALLABLE-INSTANCE-FUNCTION broke the value if SI:INSTANCE-SIG,
preventing any further access to the instance slots.
- The optimized slot accessors check that the instances are up to date.
- The use of MAKE-INSTANCES-OBSOLETE now forces UPDATE-INSTANCE-FOR-REDEFINED-CLASS
to be invoked even if the slots did not change.
- ENSURE-GENERIC-FUNCTION-USING-CLASS does not provide a default method class.
* Sockets:
- The socket option TCP_NODELAY option has been fixed: it was improperly using
the socket interface SOL_SOCKET instead of IPPROTO_TCP (Chun Tian)
- sockopt-linger and (setf sockopt-linger) now work as they should, using
the struct linger argument (M. Mondor)
* ASDF:
- ASDF:MAKE-BUILD now accepts also a :PROLOGUE-CODE argument with code to
be executed before all lisp files are run.
- C:BUILDER's argument :PROLOGUE-CODE can now be a lisp form. In the case of
standalone programs the prologue code is always executed after cl_boot() has
been invoked.
- QUIT did not work from standalone executables created with neither ASDF
nor with C:BUILDER.
|
|
|
|
discovered while updating documentation package.
|
|
While here, simplify PLIST generation.
|
|
|
|
Patch provided by Peter Bex.
Changes in 4.3.0:
- removed tracing facility and apply-hook (see the "trace" egg
for a replacement for tracing and breakpoints)
- chicken-install(1): renamed `-host-extension' option to `-host'
- added support for a make(1) configuration file ("config.make")
- `chicken-install' now allows specifiying a proxy for retrieving
extensions over HTTP (thanks to Nicolas Pelletier)
- fixed bug in `cond-expand' that incorrectly renamed feature-identifiers
if the form was the product of a syntax expansion (reported by Thomas
Bushnell)
- import-libraries are only generated by the compiler if they don't exist
yet and if the content has actually changed (this simplifies makefile-
rules in some cases)
- it is now possible to pass a config-file to `make(1)' instead of specifying
all build-options as variables on the command-line (see README)
- removed compiler options for "benchmark-mode" and replaced them with a
new optimization level (5) (note that `-O5' does not imply fixnum mode
anymore)
- `hen.el' and `scheme-complete.el' are not bundled with the core system
anymore - `hen.el' is currently not maintained, and `scheme-complete.el'
has its own release cycle; both files are available, see
http://chicken.wiki.br/emacs
- removed meaningless benchmark suite and cleaned up
- added optional argument to `grep' that allows applying a function
to each matched item (contributed by Tony Sidaway)
- added extension-property `import-only', which makes it possible to
create extensions that have no runtime part
- the argument to `seconds->string', `seconds->utc-time' and
`seconds->local-time' is now optional and defaults to the value
of `(current-seconds)' (suggested by Mario Goulart)
- removed read-syntax for `syntax' form
- fixed bug in `get-condition-property'
- fixed bug in windows version of `process-execute'
- TCP timeouts throw exception of kind `timeout' to allow
distinguishing between timeouts and other errors
- removed some internal functions that manipulate environments
- fixed bugs in `standard-extension' (`setup-api' module) and added keyword
arguments for building static extensions and adding custom properties
- when cross-compiling, `chicken-install(1)' doesn't pass `-setup-mode'
(the host tools should not attempt to load target binaries)
- `installation-prefix' in the `setup-api' module was not always correctly
set
- the `-force' option in `chicken-install(1)' overrides the CHICKEN version
check
- disabled e-mail feature in `chicken-bug(1)', since it doesn't work
anyway, in the moment
- fixed bug in `reexport' that made it impossible to reexport core library
definitions
- fix in optimizer that sometimes caused C functions for inlined
procedures to be emitted multiple times (Thanks to Joerg Wittenberger)
- documented `define-compiler-syntax' and `let-compiler-syntax'
- printer for hash-tables shows current number of stores items
- when upgrading during installation of a dependency `chicken-install'
shows the version to upgrade to (Thanks to Christian Kellermann)
- Updated scheme-complete (Thanks to Alex Shinn)
- fix for pathnames with whitespace in 'runtests.sh' on Windows
- fix for 'normalize-pathname' with absolute pathname argument
- added 'decompose-directory' to unit files
- fix for 'local-timezone-abbreviation' - wasn't using the current time
so tz-name constant
- deprecated 'make-pathname' separator argument
|
|
|
|
SunOS, Java and ODBC support by Filip Hajny
and some tests by Matthias Kretschmer.
Changes in R13B03
-----------------
There are mostly error corrections, but also some new functionality.
Some highlights in the R13B03 release are:
- Native Implemented Functions (NIFs) still experimental but very useful.
- The documentation is built in a new way using xsltproc and Apache FOP.
The layout is changed both in HTML and PDF versions. This is the first
step, more changes and improvements will come in the following releases.
Changes between R13A and R13B02 are unknown.
Changes in R13A
---------------
1.1 Erlang Language and Run-time System
Multi-core and SMP performance improvements
There SMP performance is significantly improved:
- multiple, scheduler specific run queues;
- further optimized message passing;
- CPU-bound scheduler threads.
Unicode support as described in EEP10
New BIF's: atom_to_binary/2, binary_to_atom/2, binary_to_existing_atom/2.
Independent Erlang clusters on the same host
1.2 New Applications
Reltool, release management tool.
WxErlang
1.3 New features in Existing Applications
Common_test
- SSH and SFTP support
- test case groups
Dialyzer
- opaque type declarations;
- UTF segments handling
SSL
- pure Erlang implementation (except crypto routines)
STDLIB
- scanner has been augmented to return white-space, comments
and exact location of tokens.
|
|
|
|
Fix PLIST. Bump revision.
|
|
|
|
Pkgsrc changes:
- Adjust some patches
- Remove patches integrated upstream
Upstream changes:
"5.10.1 is a maintenance release for perl 5.10, incorporating various
minor bugfixes and optimisations."
Nonetheless some incompatibles changes are noteworthy and are related
to:
- flip-flop and defined-or operators behavior in switch statement
- type-based dispatch and overloading of the smart match operator
- 'use feature :5.10*' semantics
- Perl development switched to git
- internal structure of the ext/ perl source directory changed
- removal of the modules Test::Harness::Straps, ExtUtils::MakeMaker::bytes
and ExtUtils::MakeMaker::vmsish
- the Module::CoreList module no longer contains the %:patchlevel hash
- a bugfix related to the handling of the /m modifier and qr resulted
in a change of behaviour between 5.8.x and 5.10.0 (this was missing from
perl 5.10.0 perldelta).
For a complete list of changes see included perl5101delta(1) or
http://perldoc.perl.org/perl5101delta.html
|
|
Major New Features
- Addition of IDE interface support.
- Changes to pretty-printing and equality. These are now inherited
across module boundaries. Addition of PolyML.addPrettyPrinter
to install a new-style pretty printer.
- Reworked implementation of signatures reducing the memory
requirements when a named signature is used in multiple places.
- Improvements to printing of types and error messages.
Minor Additions and Changes
- Support for out-of-tree builds
- Added finalisation for foreign-function interface (CInterface)
- Removed remaining support for ML90
- Added PolyML.sourceLocation pseudo-function that returns the current
source location, PolyML.raiseWithLocation that raises an exception
with an explicit location and PolyML.exceptionLocation that returns
the location where an exception was raised.
- Added PolyML.Compiler.reportUnreferencedIds switch to enable reporting
of unreferenced identifiers.
- Added breakEx and clearEx to debugger functions.
These enter the debugger when the code raises a given exception.
- Improvement to resonsiveness to pipes especially in Windows.
- Added X86-64 version of Word32 structure. 64-bit machines
do not require 32-bit values to be "boxed".
Bug Fixes
- Now builds on Mac OS X 10.6 (Snow Leopard)
- Fix multi-threading on Sparc but now only supports v9 processors.
- Fix timing-related crash when Poly/ML exits
- Fix string argument to OS.SysErr exception
- Fix to OS.FileSys.mkDir in Windows
- Fix to pow(~1, n) where n is even
- Various fixes to conform more closely to the standard.
|
|
|
|
|
|
|
|
|
|
Pkgsrc changes:
o Adapt the patch to t/op/io.t to a change done upstream slightly
after 1.7.0 was released.
o Add a patch which fixes a problem exposed by one of the tests,
related to library cloning, which caused dlclose() to be called
twice with the same handle value, ref. Parrot ticket 1340.
Upstream changes:
New in 1.7.0
- Functionality
+ Parrot_capture_lex has been added to the PARROT_EXPORT API
+ PARROT_MAX_ARGS has been increased from 8 to 16 to allow for
ops that take mo re than 8 args
- Performance
+ The profiling runcore now caches metadata for improved performance
- Maintenance and cleanup
+ Expanded the Parrot debugger documentation
+ Parrot debugger now uses the new Parrot STRING API
+ Continue to port rest of internals to use the STRING API
- Deprecations
+ The JIT subsystem has been removed and is being written from
the ground up. More information can be found at
https://trac.parrot.org/parrot/wiki/JITRewrite
+ Implicit optional named parameters (eligible in 2.1)
+ Continuation-based ExceptionHandlers (eligible in 2.1)
+ Use of undocumented variables in class_init (eligible in 2.1)
+ Parrot_oo_get_namespace (eligible in 2.1)
- Bugfix
+ Improved line number tracking in IMCC
- Tests
+ Converted many more Perl 5 tests to PIR
+ Expanded test coverage of the CallSignature, Namespace, FixedPMCArray,
ResizeableIntegerArray and ExceptionHandler PMCs
|
|
|
|
|
|
|
|
Requested by <joerg>.
|
|
ncurses there
noticed by joerg
|
|
|
|
1. CVE-2009-3292 is already fixed in 5.2.11.
2. CVE-2009-3558
http://svn.php.net/viewvc?view=revision&revision=288934
3. CVE-2009-3557
http://svn.php.net/viewvc?view=revision&revision=288945
http://svn.php.net/viewvc?view=revision&revision=288971
4. CVE-2009-4017
http://svn.php.net/viewvc?view=revision&revision=289990
http://svn.php.net/viewvc?view=revision&revision=290820
http://svn.php.net/viewvc?view=revision&revision=290885
Other pkgsrc changes:
* Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended.
* Add comments to some of patch files.
Bump PKGREVISION.
|
|
- Don't define DOUBLE_ARMENDIAN if netbsd.
- Backport alignment problem fix from trunk.
|
|
|
|
- patch-ae is removed since the change is included in upstream.
- patch-a[h-k] is removed since the way to handle rpath leak
is changed; now gauche-config is also `relink'ed before installed.
Here is breif list of changes from 0.8.13:
2009/11/22
Gauche 0.9: Major Feature Enhancements
* C API incompatible changes: Several incompatible C API
changes are introduced, which may cause some extension to
fail to compile. See API Changes in 0.9 for the details.
* New features
o New module: rfc.zlib: Zlib compression/decompression.
o New module: rfc.sha: SHA2 support. rfc.sha1 is
superseded by this module.
o New module: util.sparse: Sparse vectors backed up by
space-efficient trie, and hash-tables implemented on
top of sparse vectors. They are memory efficient than
the builtin hash tables when you want to keep tens of
millions of entries.
o Autoprovide: You no longer need 'provide' form for
most of times. If (require "X") successfully loads
X.scm and it doesn't have a provide form, the feature
"X" is automatically provided. See the "Require and
provide" section of the reference for more details.
o Module gauche.test: Improved testing for
exceptions. You can now test whether a specific type
of condition is thrown by giving (test-error
condition-type) as the expected result. See the manual
entry for more details.
o Module rfc.http: Now handles proxy by :proxy keyword
argument. You can also easily compose
application/x-www-form-urlencoded and
multipart/form-data message to send form
parameters. New procedures: http-put and http-delete.
o Module rfc.mime: Added support of composing a MIME
message.
o Module gauche.threads: New procedures: thread-stop!,
thread-cont!, thread-state.
o Module gauche.termios: On Windows native support, this
module provides Windows Console API instead of POSIX
termios API, since emulationg POSIX termios on Windows
is too much. A set of common high-level API that can
be used on both POSIX and Windows are also added.
o Module gauche.dictionary provides a bidirectional map,
<bimap>.
o run-process in module gauche.process, and builtin
sys-exec and sys-fork-and-exec support :directory
keyword argument to specify the working directory of
the executed process.
o Module file.util provides create-directory-tree and
check-directory-tree.
o Module gauche.net provides low-level socket
operations: socket-sendmsg, socket-buildmsg, and
socket-ioctl. Call-with-client-socket takes new
keyword args to specify buffering mode for the socket.
o Module www.cgi: cgi-main switches the buffering mode
of stderr to line, so that the httpd log can record
error messages line-by-line (much less clutter than
before).
* Major fixes and improvements
o Fixed build problem on OSX 10.6 (Snow Leopard).
o Performance is greatly improved on floating point
number arithmetics, optional argument handling of
builtin procedures, and case-lambda.
o Now all whitespace characters defined in R6RS works as
intertoken spaces in the source code.
o A warning message is printed when a thread exits with
an error and no other thread retrieve its status by
thread-join! before the thread is GC-ed. This helps
troubleshooting. Since thread-join! is the only way to
know if the thread exitted by an error, you have
either to call thread-join! to make sure to check the
status, or to write the thread thunk to catch all
errors and handle them properly.
o Anonymous module name is #f now, instead of (somewhat
arbitrarily chosen) |#|.
o Some enhancements on symbols: 'uninterned' symbos are
officially supported (symbols generated by gensym have
been uninterned, but never been documented
officially.) Uninterned symbols are written as
#:symbol a la CommonLisp. Uninterned symbols are not
registered to the internal symbol table, so there's no
worry about name crash. The only way to refer to the
same uninterned symbol from more than one place in the
source code is to use srfi-38 notation (#n= and
#n#). You can create uninterned symbol by
string->uninterned-symbol and check whether a symbol
is interned or not by symbol-intened?. There is also a
new procedure, symbol-sans-prefix.
* Windows support
o Precompiled binary installer for Windows is now
available. Get Gauche-mingw-0.9.exe. It is supported
on Windows NT 3.5 and later (sorry, no support for
Win9x.)
o Precompiled binary does not include thread and gdbm
support (yet). It is compiled to use utf-8 internal
encoding.
o Some Unix-specific system functions are not available,
or have slightly different semantics because they are
emulated via Windows API. If a function is not
available on Windows, the reference manual says
so. Windows version hasn't be used heavily, so expect
bugs.
o Large character set support on Windows Console is
pretty limited. It is recommended to run gosh under
Emacs for interactive use. See WindowsConsole for the
details.
2008/10/6
Gauche 0.8.14: Maintenance release.
* Bug fixes
o In some cases, an argument list passed to apply wasn't
copied.
o On some platforms, signal mask of threads could be
altered inadvertently by exception handling due to the
different behavior of sigsetjmp.
o format now raises an error if there's an incomplete
tilde sequence in the given format string.
o Internal parameter (gauche.parameter) code had a bug
that allocates not enough storage.
o There was a couple of bugs in dynamic-load that could
cause dead lock or leaving internal state
inconsistent.
o Module rfc.http: The 'host' field became inconsistent
when redirection happened.
* R6RS-ish extensions
o R6RS reader directive #!r6rs, #!fold-case and
#!no-fold-case are recognized now. The latter two can
be used to change case-folding mode of the reader in
the middle of the source code. See the manual for the
details.
o New core procedures: finite?, infinite?, nan?, eof-object.
o Two argument version of log: (log z b) is for base-b
logarithm of z.
* Extension-building improvements
o gauche-config script provides --rpath-flag option to
retrieve platform-specific rpath link option
(e.g. "-Wl,--rpath -Wl,").
o gauche-package script accepts --local option to the
'compile' and 'install' command to add local include
paths and local library search paths
conveniently. Basically, gauche-package compile
--local=DIR package.tgz causes -IDIR/include and
-LDIR/lib to be added to the actual compile and link
command lines. To give more than one directory, say
--local=DIR1:DIR2:....
o A stub generator and ahead-of-time compiler (the
facility to pre-compile Scheme code into VM
instruction array as static C data) is integrated,
allowing C and Scheme code to be mixed in the same
source; this feature is not yet documented and the
details are subject to change, but the curious mind
can take a look at ext/dbm/*, which were much simpler
than the previous version.
* Additional improvements, new procedures & macros
o GC is now Boehm GC 7.1.
o Large part of VM code is rewritten for better
performance and maintainability.
o New procedure: hash-table-copy.
o New convenience macros: rlet1 and if-let1.
o You can now hook exit operation by the exit-handler
parameter. See the "Program termination" section of
the manual for the detailed description of this
feature.
o Made sys-lstat work like sys-stat on Windows platform;
one less headache to write cross-platform code.
o Module gauche.net: Constants SHUT_RD, SHUT_WR and
SHUT_RDWR are defined to pass to socket-shutdown.
o Module file.util: New convenience procedures:
copy-directory*, touch-files, remove-files,
delete-files.
o Module dbm.*: Renamed dbm-rename to dbm-move for the
consistency. (The old name is kept as alias for the
backward compatibility). Added dbm-copy and dbm-move
missing from dbm.fsdbm. Also properly detects
variations of suffixes of ndbm-compatible database at
configuration time.
o Module www.cgi: :mode option is added to the MIME part
handler passed to get-mime-parts to specify the
permissions of the saved file.
o Module rfc.ip: New procedure: ipv4-global-address?.
|
|
|
|
|
|
upstream svn trunk. Bump PKGREVISION.
|
|
|
|
under NetBSD and conflicts with a "pkgsrc" setting.
The "f2c" package now builds and installs under Mac OS X (Snow Leopard).
|
|
|
|
|
|
pkgsrc doesn't provide it.
This fixes build problems on platforms other than NetBSD.
|
|
|
|
Changes in 1.5.0_22
The full internal version number for this update release is 1.5.0_22-b03 (where "b" means "build"). The external version number is 5.0u22.
OlsonData 2009m
This release contains Olson time zone data version 2009m. For more information, refer to Timezone Data Versions in the JRE Software .
Security Baseline
This update release specifies the following security baseline:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 1.4.2 1.4.2_19 1.4.2_24
In December, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers.
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate for SECOM. (Refer to 6872579.)
* Added one new root certificate for GlobalSign. (Refer to 6860447.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 269868, 270474, 270475, and 270476.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6631533 java classes_2d ICC_Profile allows detecting if some files exist
6815780 java classes_2d TrueType font parsing crash when stressing Sun Bug 6751322 test case
6822057 java classes_2d X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations()
6862969 java classes_2d JPEG JFIF Decoder issue
6862970 java classes_2d Image Color Profile parsing issue
6872357 java classes_2d JRE AWT setDifflCM vulnerable to Stack Overflow
6872358 java classes_2d JRE AWT setBytePixels vulnerable to Heap Overflow
6664512 java classes_awt Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers
6636650 java classes_lang (cl) Resurrected ClassLoaders can still have children
6861062 java classes_security Disable MD2 in certificate chain validation
6863503 java classes_security SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities
6864911 java classes_security ASN.1/DER input stream parser needs more work
6854303 java classes_sound Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
6657026 java classes_swing Numerous static security flaws in Swing (findbugs)
6657138 java classes_swing Mutable statics in Windows PL&F (findbugs)
6824265 java classes_util_i18n (tz) TimeZone.getTimeZone allows probing local filesystem
6632445 java imageio DoS from parsing BMPs with UNC ICC links
6862968 java imageio JPEG Image Writer quantization problem
6874643 java imageio ImageI/O JPEG is vulnerable to Heap Overflow
6869694 java install java update malfunctioning
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6876061 java classes_awt Following JCK5 test not working as exp-d on linux: awt-interactive-ComponentTests
6860447 java classes_security Add GlobalSign R3 Root certificate to the JDK
6872579 java classes_security Add SECOM Root CA 2 to JDK
6880110 java classes_util_i18n (tz) Support tzdata2009m
Changes in 1.5.0_21
The full internal version number for this update release is 1.5.0_21-b01 (where "b" means "build"). The external version number is 5.0u21.
OlsonData 2009l
This release contains Olson time zone data version 2009l. For more information, refer to Timezone Data Versions in the JRE Software .
Security Baseline
This update release specifies the following security baseline:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 1.4.2 1.4.2_19 1.4.2_22
On October 30, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers.
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .
Additional Supported System Configurations
As of this update, support has been added for the following system configurations:
* Windows Vista SP2
* Windows Server 2008 SP2
Refer to the Supported System Configurations page.
Bug Fixes
Bug fixes are listed in the following table.
BugId Category Subcategory Description 6422099 hotspot compiler2 C2 assert("live value must not be garbage")
6445745 hotspot compiler2 TransformerManagementThreadAddTests.java fails an assertion
6772683 hotspot compiler2 Thread.isInterrupted() fails to return true on multiprocessor PC
6842999 hotspot runtime_system Update hotspot windows os_win32 for windows 2008 R2
6845161 jaas login Bottleneck in Configuration.getConfiguration synchronized call
6860491 java classes_awt WRAP_TIME_MILLIS incorrectly set
6843003 java classes_lang Windows Server 2008 R2 system recognition
6808046 java classes_swing Having image problems on Asian Languages display
6645292 java classes_text [Fmt-Da] Timezone Western Summer Time (Australia) is parsed incorrectly
6665028 java classes_text native code of method j*.text.Bidi.nativeBidiChars is using the contents of a primitive array direct
6872467 java classes_util_i18n (tz) Support tzdata2009l
6814140 java classes_util_logging deadlock due to synchronized demandLogger() code that locks ServerLogManager
6817482 java_plugin iexplorer On IE, modal JDialog from an Applet in html frame is not modal
6432317 java_plugin misc Vista: Java Plugin won't be able to launch extension installers.
6818278 javawebstart jnlp_file sunmc console when started with javaws does not communicate with the firewall port range
6748156 jndi ldap add an new JNDI property to control the boolean flag WaitForReply (JDK5)
6750362 jndi ldap Very large LDAP requests throw a OOM on LDAP servers which aren't aware of Paged Results Controls
|
|
Changes in 1.5.0_22
The full internal version number for this update release is 1.5.0_22-b03 (where "b" means "build"). The external version number is 5.0u22.
OlsonData 2009m
This release contains Olson time zone data version 2009m. For more information, refer to Timezone Data Versions in the JRE Software .
Security Baseline
This update release specifies the following security baseline:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 1.4.2 1.4.2_19 1.4.2_24
In December, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers.
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate for SECOM. (Refer to 6872579.)
* Added one new root certificate for GlobalSign. (Refer to 6860447.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 269868, 270474, 270475, and 270476.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6631533 java classes_2d ICC_Profile allows detecting if some files exist
6815780 java classes_2d TrueType font parsing crash when stressing Sun Bug 6751322 test case
6822057 java classes_2d X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations()
6862969 java classes_2d JPEG JFIF Decoder issue
6862970 java classes_2d Image Color Profile parsing issue
6872357 java classes_2d JRE AWT setDifflCM vulnerable to Stack Overflow
6872358 java classes_2d JRE AWT setBytePixels vulnerable to Heap Overflow
6664512 java classes_awt Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers
6636650 java classes_lang (cl) Resurrected ClassLoaders can still have children
6861062 java classes_security Disable MD2 in certificate chain validation
6863503 java classes_security SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities
6864911 java classes_security ASN.1/DER input stream parser needs more work
6854303 java classes_sound Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
6657026 java classes_swing Numerous static security flaws in Swing (findbugs)
6657138 java classes_swing Mutable statics in Windows PL&F (findbugs)
6824265 java classes_util_i18n (tz) TimeZone.getTimeZone allows probing local filesystem
6632445 java imageio DoS from parsing BMPs with UNC ICC links
6862968 java imageio JPEG Image Writer quantization problem
6874643 java imageio ImageI/O JPEG is vulnerable to Heap Overflow
6869694 java install java update malfunctioning
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6876061 java classes_awt Following JCK5 test not working as exp-d on linux: awt-interactive-ComponentTests
6860447 java classes_security Add GlobalSign R3 Root certificate to the JDK
6872579 java classes_security Add SECOM Root CA 2 to JDK
6880110 java classes_util_i18n (tz) Support tzdata2009m
Changes in 1.5.0_21
The full internal version number for this update release is 1.5.0_21-b01 (where "b" means "build"). The external version number is 5.0u21.
OlsonData 2009l
This release contains Olson time zone data version 2009l. For more information, refer to Timezone Data Versions in the JRE Software .
Security Baseline
This update release specifies the following security baseline:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 1.4.2 1.4.2_19 1.4.2_22
On October 30, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers.
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .
Additional Supported System Configurations
As of this update, support has been added for the following system configurations:
* Windows Vista SP2
* Windows Server 2008 SP2
Refer to the Supported System Configurations page.
Bug Fixes
Bug fixes are listed in the following table.
BugId Category Subcategory Description 6422099 hotspot compiler2 C2 assert("live value must not be garbage")
6445745 hotspot compiler2 TransformerManagementThreadAddTests.java fails an assertion
6772683 hotspot compiler2 Thread.isInterrupted() fails to return true on multiprocessor PC
6842999 hotspot runtime_system Update hotspot windows os_win32 for windows 2008 R2
6845161 jaas login Bottleneck in Configuration.getConfiguration synchronized call
6860491 java classes_awt WRAP_TIME_MILLIS incorrectly set
6843003 java classes_lang Windows Server 2008 R2 system recognition
6808046 java classes_swing Having image problems on Asian Languages display
6645292 java classes_text [Fmt-Da] Timezone Western Summer Time (Australia) is parsed incorrectly
6665028 java classes_text native code of method j*.text.Bidi.nativeBidiChars is using the contents of a primitive array direct
6872467 java classes_util_i18n (tz) Support tzdata2009l
6814140 java classes_util_logging deadlock due to synchronized demandLogger() code that locks ServerLogManager
6817482 java_plugin iexplorer On IE, modal JDialog from an Applet in html frame is not modal
6432317 java_plugin misc Vista: Java Plugin won't be able to launch extension installers.
6818278 javawebstart jnlp_file sunmc console when started with javaws does not communicate with the firewall port range
6748156 jndi ldap add an new JNDI property to control the boolean flag WaitForReply (JDK5)
6750362 jndi ldap Very large LDAP requests throw a OOM on LDAP servers which aren't aware of Paged Results Controls
|
|
6u17 contains Olson time zone data version 2009m. For more information, refer to Timezone Data Versions in the JRE Software .
Security Baseline
6u17 specifies the following security baselines for use with Java Plug-in technology:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 6 1.6.0_17 1.6.0_17
5.0 1.5.0_22 1.5.0_22
1.4.2 1.4.2_19 1.4.2_24
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate for SECOM. (Refer to 6872579.)
* Added one new root certificate for GlobalSign. (Refer to 6860447.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities.
For more information, please see Sun Alerts 269868, 269869, 269870,
270474, 270475, and 270476.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6631533 java classes_2d ICC_Profile allows detecting if some files exist
6815780 java classes_2d TrueType font parsing crash when stressing Sun Bug 6751322 test case
6822057 java classes_2d X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations()
6862969 java classes_2d JPEG JFIF Decoder issue
6862970 java classes_2d Image Color Profile parsing issue
6872357 java classes_2d JRE AWT setDifflCM vulnerable to Stack Overflow
6872358 java classes_2d JRE AWT setBytePixels vulnerable to Heap Overflow
6664512 java classes_awt Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers
6636650 java classes_lang (cl) Resurrected ClassLoaders can still have children
6861062 java classes_security Disable MD2 in certificate chain validation
6863503 java classes_security SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities
6864911 java classes_security ASN.1/DER input stream parser needs more work
6854303 java classes_sound Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
6657026 java classes_swing Numerous static security flaws in Swing (findbugs)
6657138 java classes_swing Mutable statics in Windows PL&F (findbugs)
6824265 java classes_util_i18n (tz) TimeZone.getTimeZone allows probing local filesystem
6632445 java imageio DoS from parsing BMPs with UNC ICC links
6862968 java imageio JPEG Image Writer quantization problem
6874643 java imageio ImageI/O JPEG is vulnerable to Heap Overflow
6869694 java install java update malfunctioning
6869752 java_deployment deployment_toolkit Deployment Toolkit plugin "launch" method vulnerable to exploits
6872824 javawebstart general arbitary code execution using java web start
6870531 javawebstart other REGRESSION:have problem to run JNLP app and applets with signed Jar files
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6842999 hotspot runtime_system Update hotspot windows os_win32 for windows 2008 R2
6804454 java classes_2d RFE: Provide a way to control the printing dpi resolution from MSIE browser print. See also 6801859
6813208 java classes_awt pageDialog throws NPE from applet
6825342 java classes_awt Security warning may change Z-order of top-level
6843003 java classes_lang Windows Server 2008 R2 system recognition
6860447 java classes_security Add GlobalSign R3 Root certificate to the JDK
6872579 java classes_security Add SECOM Root CA 2 to JDK
6880110 java classes_util_i18n (tz) Support tzdata2009m
6814140 java classes_util_logging deadlock due to synchronized demandLogger() code that locks ServerLogManager
6879614 jaxp parse com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl failing to parse xml document
|
|
6u17 contains Olson time zone data version 2009m. For more information, refer to Timezone Data Versions in the JRE Software .
Security Baseline
6u17 specifies the following security baselines for use with Java Plug-in technology:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 6 1.6.0_17 1.6.0_17
5.0 1.5.0_22 1.5.0_22
1.4.2 1.4.2_19 1.4.2_24
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate for SECOM. (Refer to 6872579.)
* Added one new root certificate for GlobalSign. (Refer to 6860447.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities.
For more information, please see Sun Alerts 269868, 269869, 269870,
270474, 270475, and 270476.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6631533 java classes_2d ICC_Profile allows detecting if some files exist
6815780 java classes_2d TrueType font parsing crash when stressing Sun Bug 6751322 test case
6822057 java classes_2d X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations()
6862969 java classes_2d JPEG JFIF Decoder issue
6862970 java classes_2d Image Color Profile parsing issue
6872357 java classes_2d JRE AWT setDifflCM vulnerable to Stack Overflow
6872358 java classes_2d JRE AWT setBytePixels vulnerable to Heap Overflow
6664512 java classes_awt Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers
6636650 java classes_lang (cl) Resurrected ClassLoaders can still have children
6861062 java classes_security Disable MD2 in certificate chain validation
6863503 java classes_security SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities
6864911 java classes_security ASN.1/DER input stream parser needs more work
6854303 java classes_sound Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
6657026 java classes_swing Numerous static security flaws in Swing (findbugs)
6657138 java classes_swing Mutable statics in Windows PL&F (findbugs)
6824265 java classes_util_i18n (tz) TimeZone.getTimeZone allows probing local filesystem
6632445 java imageio DoS from parsing BMPs with UNC ICC links
6862968 java imageio JPEG Image Writer quantization problem
6874643 java imageio ImageI/O JPEG is vulnerable to Heap Overflow
6869694 java install java update malfunctioning
6869752 java_deployment deployment_toolkit Deployment Toolkit plugin "launch" method vulnerable to exploits
6872824 javawebstart general arbitary code execution using java web start
6870531 javawebstart other REGRESSION:have problem to run JNLP app and applets with signed Jar files
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6842999 hotspot runtime_system Update hotspot windows os_win32 for windows 2008 R2
6804454 java classes_2d RFE: Provide a way to control the printing dpi resolution from MSIE browser print. See also 6801859
6813208 java classes_awt pageDialog throws NPE from applet
6825342 java classes_awt Security warning may change Z-order of top-level
6843003 java classes_lang Windows Server 2008 R2 system recognition
6860447 java classes_security Add GlobalSign R3 Root certificate to the JDK
6872579 java classes_security Add SECOM Root CA 2 to JDK
6880110 java classes_util_i18n (tz) Support tzdata2009m
6814140 java classes_util_logging deadlock due to synchronized demandLogger() code that locks ServerLogManager
6879614 jaxp parse com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl failing to parse xml document
|
|
|
|
Changes are mostly bug fixes.
Perform conservative update: recreate libF77 and libI77 providing
binary compatibility.
Prefer files to patches creating respective files.
Override build system completely, we effectively did that anyway.
|
|
|
|
|
|
|
|
|
|
|
