Up to [cvs.NetBSD.org] / pkgsrc / lang / oracle-jre8
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Update to 8.0.202 Linux/i386 and SunOS/amd64 are not tested. Changelog: By default, the JDK on Linux or Solaris uses GTK+ 2 if available; if not, it uses GTK+ 3. Security fixes: CVE-2019-2540 CVE-2018-11212 CVE-2019-2426 CVE-2019-2449 CVE-2019-2422
Update to 8.0.191 Changelog: * New timezone * Security bugfixes
Update to 8.0.172 Changelog: core-libs java.time (tz) Upgrade time-zone data to tzdata2018d xml jax-ws Newlines in JAXB string values of SOAP-requests are escaped to " " hotspot compiler Crash with assert(handler_address == SharedRuntime::compute_compiled_exc_handler(..) failed: Must be the same deploy webstart JRE bundled in App-V package will not start Java Web Start applications deploy webstart javaws.exe failed to launch UTF-8 encoded JNLP file javafx web Intermittent crash when using WebView from JFXPanel applicationS hotspot runtime Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 security-libs org.ietf.jgss Kerberos krb5 authentication: AuthList's put method leads to performance issue hotspot gc Performance drop with Java JDK 1.8.0_162-b32
Sort PLIST files. Unsorted entries in PLIST files have generated a pkglint warning for at least 12 years. Somewhat more recently, pkglint has learned to sort PLIST files automatically. Since pkglint 5.4.23, the sorting is only done in obvious, simple cases. These have been applied by running: pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
Update to 8.0.152 Changelog: Security bug fixes: CVE-2017-10285 CVE-2017-10388 CVE-2017-10309 CVE-2017-10274 CVE-2017-10356 CVE-2017-10293 CVE-2017-10342 CVE-2017-10350 CVE-2017-10349 CVE-2017-10348 CVE-2017-10357 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10281 CVE-2017-10347 CVE-2017-10386 CVE-2017-10380 CVE-2017-10295 CVE-2017-10341 CVE-2017-10345
Update to 8.0.121 Changelog: ## New features security-libs/javax.xml.crypto Added security property to configure XML Signature secure validation mode core-libs/java.io:serialization Serialization Filter Configuration core-libs/java.rmi RMI Better constraint checking security-libs Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions ## Changes security-libs/javax.net.ssl Make 3DES as a legacy algorithm in the JSSE provider security-libs/javax.net.ssl Improve the default strength of EC in JDK tools/javadoc(tool) New --allow-script-in-comments option for javadoc security-libs/javax.xml.crypto Increase the minimum key length to 1024 for XML Signatures docs/release_notes Restrict certificates with DSA keys less than 1024 bits. security-libs More checks added to DER encoding parsing code core-libs/java.net Additional access restrictions for URLClassLoader.newInstance core-libs/java.util.logging A new configurable property in logging.properties java.util.logging.FileHandler.maxLocks ## Bug Fixes client-libs/javax.swing Trackpad scrolling of text on OS X 10.12 Sierra is very fast
Update to 8.0.102 based on a update from prlw1@ Chagnelog: Fix the following vulnerabilities CVE-2016-3587 CVE-2016-3606 CVE-2016-3552 CVE-2016-3511 CVE-2016-3503 CVE-2016-3498 CVE-2016-3500 CVE-2016-3508 CVE-2016-3458 CVE-2016-3550 CVE-2016-3485
Update to 8.0.72 * OS X PLIST is not verified. Changelog: The following vulnerabilities are fixed. CVE-2016-0494 CVE-2015-8126 CVE-2016-0483 CVE-2016-0475 CVE-2016-0402 CVE-2016-0466 CVE-2016-0448 CVE-2015-7575 And some bugfixes: See http://www.oracle.com/technetwork/java/javase/8u72-bugfixes-2775805.html
Fix native Linux/x86_64 packaging.
Update to 8.0.60 Changelog: From: https://www.java.com/en/download/faq/release_changes.xml Java 8 Update 60 (8u60) Release Highlights IANA Data 2015e JDK 8u60 contains IANA time zone data version 2015e. For more information, refer to Timezone Data Versions in the JRE Software. Bug Fix: dns_lookup_realm should be false by default The dns_lookup_realm setting in Kerberos' krb5.conf file is by default false. See 8080637. Bug Fix: Disable RC4 cipher suites RC4-based TLS ciphersuites (e.g. TLS_RSA_WITH_RC4_128_SHA) are now considered compromised and should no longer be used (see RFC 7465). Accordingly, RC4-based TLS ciphersuites have been deactivated by default in the Oracle JSSE implementation by adding "RC4" to "jdk.tls.disabledAlgorithms" security property, and by removing them from the default enabled ciphersuites list. These cipher suites can be reactivated by removing "RC4" form "jdk.tls.disabledAlgorithms" security property in the java.security file or by dynamically calling Security.setProperty(), and also readding them to the enabled ciphersuite list using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods. You can also use the -Djava.security.properties command line option to override the jdk.tls.disabledAlgorithms security property. For example: java -Djava.security.properties=my.java.security ... where my.java.security is a file containing the property without RC4: jdk.tls.disabledAlgorithms=SSLv3 Even with this option set from commandline, the RC4 based ciphersuites need to be re-added to the enabled ciphersuite list by using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods. See 8076221. Bug Fix: Support keystore type detection for JKS and PKCS12 keystores Keystore Compatibility Mode: To aid interoperability, the Java keystore type JKS now supports keystore compatibility mode by default. This mode enables JKS keystores to access both JKS and PKCS12 file formats. To disable keystore compatibility mode set the Security property keystore.type.compat to the string value false. See 8062552. Bug Fix: Deprecate Unsafe monitor methods in JDK 8u release The methods monitorEnter, monitorExit and tryMonitorEnter on sun.misc.Unsafe are marked as deprecated in JDK 8u60 and will be removed in a future release. These methods are not used within the JDK itself and are very rarely used outside of the JDK. See 8069302. Bug Fix: Extract JFR recording from the core file using SA DumpJFR is a Serviceability Agent based tool that can be used to extract Java Flight Recorder(JFR) data from the core files and live Hotspot processes. DumpJFR can be used in one of the following methods: Attach DumpJFR to a live process: java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <pid> Attach DumpJFR to a core file: java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <java> <core> DumpJFR tool dumps the JFR data to a file called recording.jfr in the current working folder. See 8065301 (not public). Bug Fix: Local variables named 'enum' lead to spurious compiler crashes The javac parser is incorrectly parsing local variables with name 'enum'; this results in spurious failures when a program containing such local variables is compiled with a 'source' flag corresponding to a release in which the enum construct is not available (such as '-source 1.4'). See 8069181. Java Development Kit for ARM Release 8u60 This release includes Java Development Kit for ARM Release 8u60 (JDK 8u60 for ARM). For ARM device support information, see JDK for ARM Downloads page. For system requirements, installation instructions and troubleshooting tips, see Installation Instructions page. Limitation: Native Memory Tracking support is limited in JDK for ARM. The java command line option XX:NativeMemoryTracking=detail is not supported for ARM targets (an error message is displayed to user). Instead, use the following option: XX:NativeMemoryTracking=summary Documentation Updates due to Nashorn Enhancements JDK 8u60 includes new enhancements to Nashorn. As a result the following documentation changes should be read in conjunction with the current Nashorn documentation: Addition: In the previous section, we mentioned that every JavaScript object when exposed to Java APIs implements the java.util.Map interface. This is true even for JavaScript arrays. However, this behavior is often not desired or expected when the Java code expects JSON-parsed objects. Java libraries that manipulate JSON-parsed objects usually expect arrays to expose the java.util.List interface instead. If you need to expose your JavaScript objects so that arrays are exposed as lists and not maps, you can use the Java.asJSONCompatible(obj) function, where obj is the root of your JSON object tree. Correction: The caution mentioned at the end of Mapping Data Types section, is no longer applicable. Nashorn ensures that internal JavaScript strings are converted to java.lang.String when exposed externally. Correction: The statement in the section Mapping Data Types, that mentions "For example, arrays must be explicitly converted,..." is not correct. Arrays are automatically converted to Java array types, such as java.util.List, java.util.Collection, java.util.Queue and java.util.Deque and so on. Changes in Deployment Rule Set v1.2 JDK 8u60 implements Deployment Rule Set (DRS) 1.2, which includes the following changes: Add "checksum" element as sub element of "id" which can allow unsigned jars to be identified by the SHA-256 checksum of the uncompressed form of a jar: The "checksum" element will match only unsigned jars, and the given hash will be compared only against the uncompressed form of the jar. The "checksum" element (similar to "certificate" element) has two arguments "hash" and "algorithm", however, unlike "certificate" element, the only supported value for "algorithm" is "SHA-256". Any other value provided will be ignored. Allow "message" element to apply to all rule types, where previously it only applied to a block rule: In a run rule, a message sub element will cause a message dialog to be displayed where without a run rule, the default behavior would be to show certificate or unsigned dialog. The message will be displayed in the message dialog. In a default rule, the message will only be displayed if the default action is to block. In such a case the message will be included in the block dialog. Echo "customer" blocks in the Java Console, trace files, and Java Usage Tracker records. Previous to DRS 1.2, "customer" elements could be included (with any sub-elements) in the ruleset.xml file. This element and all its sub elements are ignored. In DRS 1.2, the elements are still functionally ignored. However: When parsing the ruleset.xml file, all "customer" blocks will be echoed to the Java Console and deployment trace file (if Console and Tracing are enabled). When using a rule, all "customer" records included within that rule will be added to the Java Usage Tracker (JUT) record (if JUT is enabled). As a result of the above changes, the DTD for DRS 1.2 is as follows: <!ELEMENT ruleset (rule*)> <!ATTRIBUTE ruleset href CDATA #IMPLIED> <!ATTRIBUTE ruleset version CDATA #REQUIRED> <!ELEMENT rule (id, action)> <!ELEMENT id (certificate?) (checksum?) > <!ATTRIBUTE id title CDATA #IMPLIED> <!ATTRIBUTE id location CDATA #IMPLIED> <!ELEMENT certificate EMPTY> <!ATTLIST certificate algorithm CDATA #IMPLIED> <!ATTLIST certificate hash CDATA #REQUIRED> <!ELEMENT checksum EMPTY> <!ATTLIST checksum algorithm CDATA #IMPLIED> <!ATTLIST checksum hash CDATA #REQUIRED> <!ELEMENT action (message?)> <!ATTRIBUTE permission (run | block | default) #REQUIRED> <!ATTRIBUTE version CDATA #IMPLIED> <!ATTRIBUTE force (true|false) "false"> <!ELEMENT message (#PCDATA)> <!ATTLIST message locale CDATA #IMPLIED> Java Expiration Date The expiration date for 8u60 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u60) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version. Bug Fixes For a list of bug fixes included in this release, see JDK 8u60 Bug Fixes page. Java 8 Update 51 (8u51) Release Highlights IANA Data 2015d JDK 8u51 contains IANA time zone data version 2015d. For more information, refer to Timezone Data Versions in the JRE Software. Bug Fix: Add new Comodo roots to root CAs Four new root certificates have been added for Commodo: COMODO ECC Certification Authority alias: comodoeccca DN: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB COMODO RSA Certification Authority alias: comodorsaca DN: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB USERTrust ECC Certification Authority alias: usertrusteccca DN: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US USERTrust RSA Certification Authority alias: usertrustrsaca DN: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US See JDK-8077997 (not public). Bug Fix: Add new GlobalSign roots to root CAs Two root certificates have been added for GlobalSign: GlobalSign ECC Root CA - R4 alias: globalsigneccrootcar4 DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 GlobalSign ECC Root CA - R5 alias: globalsigneccrootcar5 DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 See JDK-8077995 (not public). Bug Fix: Add Actalis to root CAs Added one new root certificate: Actalis Authentication Root CA alias: actalisauthenticationrootca DN: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT See JDK-8077903 (not public). Bug Fix: Add new Entrust ECC root Added one new root certificate: Entrust Root Certification Authority - EC1 alias: entrustrootcaec1 DN: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US See JDK-8073286 (not public). Bug Fix: Remove old Valicert Class 1 and 2 Policy roots Removed two root certificates with 1024-bit keys: ValiCert Class 1 Policy Validation Authority alias: secomvalicertclass1ca DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network ValiCert Class 2 Policy Validation Authority alias: valicertclass2ca DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network See JDK-8077886 (not public). Bug Fix: Remove old Thawte roots Removed two root certificates with 1024-bit keys: Thawte Server CA alias: thawteserverca DN: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Thawte Personal Freemail CA alias: thawtepersonalfreemailca DN: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA See JDK-8074423 (not public). Bug Fix: Remove more old Verisign, Equifax, and Thawte roots Removed five root certificates with 1024-bit keys: Verisign Class 3 Public Primary Certification Authority - G2 alias: verisignclass3g2ca DN: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Thawte Premium Server CA alias: thawtepremiumserverca DN: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Equifax Secure Certificate Authority alias: equifaxsecureca DN: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Equifax Secure eBusiness CA-1 alias: equifaxsecureebusinessca1 DN: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Equifax Secure Global eBusiness CA-1, alias: equifaxsecureglobalebusinessca1 DN: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US See JDK-8076202 (not public). Bug Fix: Remove TrustCenter CA roots from cacerts Removed three root certificates: TC TrustCenter Universal CA I alias: trustcenteruniversalcai DN: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE TC TrustCenter Class 2 CA II alias: trustcenterclass2caii DN: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE TC TrustCenter Class 4 CA II alias: trustcenterclass4caii DN: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE See JDK-8072958 (not public). Bug Fix: Deprecate RC4 in SunJSSE provider RC4 is now considered as a weak cipher. Servers should not select RC4 unless there is no other stronger candidate in the client requested cipher suites. A new security property, jdk.tls.legacyAlgorithms, is added to define the legacy algorithms in Oracle JSSE implementation. RC4 related algorithms are added to the legacy algorithms list. See JDK-8074006 (not public). Bug Fix: Prohibit RC4 cipher suites RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods. See JDK-8077109 (not public). Bug Fix: Improved certification checking With this fix, JSSE endpoint identification does not perform reverse name lookup for IP addresses by default in JDK. If an application does need to perform reverse name lookup for raw IP addresses in SSL/TLS connections, and encounter endpoint identification compatibility issue, System property "jdk.tls.trustNameService" can be used to switch on reverse name lookup. Note that if the name service is not trustworthy, enabling reverse name lookup may be susceptible to MITM attacks. See JDK-8067695 (not public). Java Expiration Date The expiration date for 8u51 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u51) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version. Bug Fixes This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory. For a list of bug fixes included in this release, see JDK 8u51 Bug Fixes page.
Import oracle-jre8-8.0.45 as lang/oracle-jre8. This is the official port of the Oracle Java(tm) Runtime Environment (Java SE 8).