Getting Started

Java^TM 2, Standard Edition, v. 1.4.2_17
for SCO^Ž UNIX^Ž Operating Systems

This release of Java 2 Standard Edition contains:

the Java 2 Runtime Environment, which allows SCO UNIX end users to run Java applets and applications on SCO UNIX operating systems
the Java 2 Software Development Kit (J2SDK), which enables SCO UNIX OEMs, ISVs, and end users to develop Java applets and applications that conform to the Java 2 Core API
the Java 2 Plug-In for the Mozilla browsers released for UnixWare 7.1.4, OpenServer 5.0.7, and OpenServer 6.0.0.

J2SE 1.4.2 for SCO UNIX is a full implementation of the Sun Microsystems^TM Java 2 Platform - the technology and environment described in the Sun^TM specifications of the Java 2 Platform, Standard Edition, v. 1.4.2. (The _17 suffix on the version number indicates the patch level of the Sun J2SE that J2SE 1.4.2 for SCO UNIX corresponds to.)

Changes in This Release

J2SE 1.4.2_17

J2SE 1.4.2_17 for SCO UNIX is the latest and cumulative update to J2SE 1.4.2 and contains the latest fixes from Sun.
Automatic update of the /usr/java and /usr/java2 symbolic links to the installation of this J2SE release has changed. Please see the "Installations Location and Multiple Java Versions" subsection of these J2SE 1.4.2_17 Release Notes and the "Multiple Java 2 SE Releases" section of this Getting Started document for complete details.
J2SE 1.4.2_17 supercedes all previous releases of J2SE 1.4.2.

Sun Alert ID Description

233321 Two vulnerabilities in the Java Runtime Environment Virtual Machine may independently allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

233322 A security vulnerability in the Java Runtime Environment (JRE) with the processing of XSLT transformations may allow an untrusted applet or application that is downloaded from a website to elevate its privileges. For example, an applet may read certain unauthorized URL resources (such as some files and web pages) or potentially execute arbitrary code. This vulnerability may also be exploited to create a Denial-of-Service (DoS) condition by causing the JRE to crash.

233323 A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet

233324 A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet.

233326 A vulnerability in the Java Runtime Environment may allow JavaScript code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs. This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.

Sun Alert ID	Description
233321	Two vulnerabilities in the Java Runtime Environment Virtual Machine may independently allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
233322	A security vulnerability in the Java Runtime Environment (JRE) with the processing of XSLT transformations may allow an untrusted applet or application that is downloaded from a website to elevate its privileges. For example, an applet may read certain unauthorized URL resources (such as some files and web pages) or potentially execute arbitrary code. This vulnerability may also be exploited to create a Denial-of-Service (DoS) condition by causing the JRE to crash.
233323	A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet
233324	A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet.
233326	A vulnerability in the Java Runtime Environment may allow JavaScript code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs. This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.

J2SE 1.4.2_16

J2SE 1.4.2_16 for SCO UNIX is the latest and cumulative update to J2SE 1.4.2 and contains the latest fixes from Sun.
J2SE 1.4.2_16 supercedes all previous releases of J2SE 1.4.2.

J2SE 1.4.2_14e

The release of J2SE 1.4.2, update 14e, prepared for the OpenServer 6.0.0, Maintenance Pack 3, removes the javasoap package from the Java 1.4.2 component. Any pieces of the former javasoap package that are needed by Tomcat are now installed with Tomcat.

J2SE 1.4.2_14d

J2SE 1.4.2_14d for SCO UNIX is a re-release of the J2SE 1.4.2_14 for SCO UNIX containing several security fixes from Sun including the following announced alert.
J2SE 1.4.2_14d supercedes all previous releases of J2SE 1.4.2.

Sun Alert ID Description

102934 A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
A second vulnerability may allow an untrusted applet or application to causes the Java Virtual Machine to hang.

Sun Alert ID	Description
102934	A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet or application to causes the Java Virtual Machine to hang.

J2SE 1.4.2_14c

J2SE 1.4.2_14c for SCO UNIX is a re-release of the J2SE 1.4.2_14 for SCO UNIX containing a fix for numeric keypad data entry with the keyboard Num Lock active.
J2SE 1.4.2_14c supercedes all previous releases of J2SE 1.4.2.

J2SE 1.4.2_14b

J2SE 1.4.2_14b for SCO UNIX is a re-release of the J2SE 1.4.2_14 for SCO UNIX containing an urgent DST time zone fix from Sun.

The introduction of the Olson TZ data, version 2005r or greater, may break backward compatibility for the Eastern, Hawaiian, and Mountain time zones, under certain circumstances. The Hawaiian TZ is only affected for historical data. Other American TZs such as PST and CST are not affected.

J2SE 1.4.2_14b supercedes the J2SE 1.4.2_14 release previously made available on the SCO Support web site.

J2SE 1.4.2_14

J2SE 1.4.2_14 for SCO UNIX is the latest and cumulative update to J2SE 1.4.2 and contains the latest fixes from Sun and the following SCO specific fix:

A JVM abort when the mouse wheel is used on a scrolled List widget has been resolved. Proper scrolling of the List widget requires an updated [/udk]/usr/lib/libXm.so.1.3 scheduled for release in OSR 6.0.0 MP3, UW 7.1.4 MP4, and OSR 5.0.7 MP6.

J2SE 1.4.2_14 supercedes the J2SE 1.4.2_13 release previously made available on the SCO Support web site.

J2SE 1.4.2_13

J2SE 1.4.2_13 for SCO UNIX, previously available from the SCO Support download site, contained the then latest fixes from Sun including DST timezone changes and security issue resolutions for the following announced issue as well as some yet to be announced issues. In addition, the CA Root Certificates file (cacerts) is now populated with the root certificates that we have recieved permission to distribute; see section "Distributed CA Certificates" for details
J2SE 1.4.2_13 superceded the J2SE 1.4.2_12 release previously made available on the SCO Support web site.

A problem with embedded Java JVM initialization within a thread application has been corrected.

Sun Alert ID Description

102686 The JRE and Java Secure Socket Extension (JSSE) may verify incorrect RSA PKCS #1 v1.5 signatures if the RSA public key exponent is 3. This may allow applets or applications that are signed by forged signing certificates and websites with forged web server certificates to be verified as valid.
For more information see:

http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Sun Alert ID	Description
102686	The JRE and Java Secure Socket Extension (JSSE) may verify incorrect RSA PKCS #1 v1.5 signatures if the RSA public key exponent is 3. This may allow applets or applications that are signed by forged signing certificates and websites with forged web server certificates to be verified as valid. For more information see: http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

See the "Changes in This Release" section of the Release Notes for details on the contents of earlier updates to J2SE 1.4.2

System Requirements and Supported Platforms

Supported SCO UNIX platforms:

SCO OpenServer^TM Release 6.0.0 operating system
- requires package urwfonts [*]
UnixWare^Ž 7.1.4 operating system
- requires package urwfonts [*]
SCO OpenServer^TM Release 5.0.7 operating system
- requires SCO OpenServer Release 5.0.7 Maintenance Pack 3
- requires package urwfonts [*]
- requires package set OSRcompat version 8.0.2 or higher[**]

J2SE 1.4.2 for SCO UNIX is not supported on older versions of the supported operating systems, such as SCO OpenServer Release 5.0.6 or UnixWare 7 Release 7.1.1, nor is it available for older operating systems, such as the SCO UnixWare 2 operating system.

J2SE 1.4.2 for SCO UNIX cannot be used with the older OSRcompat packages that were released together with older versions of UnixWare 7 and OpenServer.

For the most part the J2SE 1.4.2 is identical for all supported platforms, and everything in these release notes applies to all supported platforms unless otherwise noted.

[*] Package urwfonts is available as part of the UnixWare 7.1.3 and 7.1.4 and OpenServer 5.0.7 media kits and is automatically installed as part of Initial System Load if Java is installed. It is also available in the UnixWare 7.1.3 Update Pack 4 media or in the UnixWare and OpenServer Development Kit 7.1.3 or 7.1.4 and is downloadable from this web page.

[**] The required runtime on OpenServer 5.0.7 are the libraries contained in the package set OSRcompat version 8.0.2 provided in the SCO OpenServer Release 5.0.7 Maintenance Pack 3 as the "UDK Compatibility Libraries".

Package Name	Required Software	Approx. Size	Contains
`urwfonts`		3 MB	(URW)++ Free X11 Fonts
`j2jre142`	urwfonts runtime (above)	52 MB	Runtime Support: `java`, the Java virtual machine interpreter (JVM); the "client" and "server" dynamic compilers; Java Foundation Classes (JFC) & Swing Package; and basic API libraries: language support, I/O, AWT, networking, utilities, images, media, math, compression, and security. Distributed applications and database access: Remote Method Invocation (RMI); JavaBeans^TM (component object model); JDBC^TM (database access); Internationalization tools; Security tools; Java IDL tools.
`j2sdk142`	j2jre142	24 MB	Development Tools: `appletviewer`, the Java Applet Viewer; `javac`, the Java Compiler; `jdb`, the command-line Java debugger; `javah`, the C Header and Stub File Generator for native methods; `javap`, the Java Class File Disassembler; `javadoc`, the JAVA API Documentation Generator; `jar`, the Java Archive (JAR) tool; and assorted other commands used in Java development; class libraries used in Java development; header files used in native code development. Also Java demo applets and applications; demos of Swing functionality; Java Plug-in demos; native method demos.
`j2plg142`	j2jre142	2.3 MB	Java 2 Plug-in for Mozilla browser, 1.2.1 through 1.7.x on UnixWare 7.1.4, OpenServer 5.0.7 and OpenServer 6.0.0.

Note: Where one J2SE 1.4.2 package requires another J2SE 1.4.2 package, the version numbers of the packages must be the same. The Java 2 SDK package, version 1.4.2.1.17 requires the Java 2 Runtime, version 1.4.2.17.

Multiple Java 2 SE Releases

Multiple major versions of J2SE can co-exist on your SCO UNIX platform. The installation is to a version specific directory in /opt.

J2SE 1.3.1 ==> /opt/java2-1.3.1
J2SE 1.4.2 ==> /opt/java2-1.4.2
J2SE 5.0 ==> /opt/java2-1.5.0

Updates to each major version of J2SE install in the same base directory.

Prior to the synchronized release of J2SE 1.3.1_22, 1.4.2_17 and 5.0 update 15, the installation of the JRE piece for each of these major point releases would automatically symbolicly link /usr/java and /usr/java2 to point to the "newly" installed JRE directory. Starting with these synchronized J2SE releases, the symbolic links will only be updated if the JRE being installed is a later J2SE version than the current symbolic links.

For example, if prior to installation of J2SE 1.4.2_17, the symbolic links were:

/usr/java ==> /opt/java2-1.3.1
/usr/java2 ==> /opt/java2-1.5.0

Following the installation of J2SE 1.4.2_17, the links would be:

/usr/java ==> /opt/java2-1.4.2
/usr/java2 ==> /opt/java2-1.5.0

Removal of the J2SE 1.4.7_17, will attempt to restore the pre-installation links, if and only if an executable /opt/java2-1.3.1/bin/java still exists on the system.

System administrators can and should readjust these symbolic links as needed by their specific system and software requirements.

Other software released by SCO for your SCO UNIX platform as well as third party applications that use Java, may require a specifc J2SE major version. That software may either reference the J2SE of interest through:

an environement variable such as JAVA_HOME that points to /usr/java or directly to the installation directory /opt/java2-1.x.x.
an absolute command path, either /usr/java/bin/command or /opt/java2-1.x.x/bin/command.

Caution: Before removing earlier/other major versions of J2SE on your system, be certain that other installed software does not require that version. For example, the Apache-Tomcat product released on UnixWare 7.1.4 and OpenServer 6.0.0 have been configured, tested and certified with J2SE 1.4.2. Removal of that JRE will result in Tomcat failing to start.

Download and Installation

The J2SE 1.4.2 product is distributed as two separate installable Java packages plus a urwfonts package, if needed.

Installation with the UnixWare package tools on UnixWare, Open UNIX or OpenServer

Print or save a copy of this "Getting Started" page for later reference.
Download a copy of the current J2SE 1.4.2_17 Release Notes (ReleaseNotes.html)and save, also for later reference.

Select and download the packages you wish to install. Note that the packages are available in two formats:

For UnixWare 7.1.4: compressed/uncompressed pkgadd datastream format.

File Package Version

urwfonts.ds.Z urwfonts 2.0

j2jre142.ds.Z j2jre142 1.4.2.17

j2sdk142.ds j2sdk142 1.4.2.17

j2plg142.ds j2plg142 1.4.2.17

File	Package	Version
urwfonts.ds.Z	`urwfonts`	2.0
j2jre142.ds.Z	`j2jre142`	1.4.2.17
j2sdk142.ds	`j2sdk142`	1.4.2.17
j2plg142.ds	`j2plg142`	1.4.2.17

For OpenServer 5.0.7: custom format packages

File Custom Package Custom Version UW Package UW Pkg. Version

OSR5_Java2_JRE_142.VOLS.tar Java2_JRE_142 1.4.2Qa j2jre142 1.4.2.17

urwfonts 2.0

OSR5_Java2_SDK_142.VOLS.tar Java2_SDK_142 1.4.2Qa j2sdk142 1.4.2.17

OSR5_Java2_PLUGIN_142.VOLS.tar Java2_PLUGIN_142 1.4.2Qa j2plg142 1.4.2.17

File	Custom Package	Custom Version	UW Package	UW Pkg. Version
OSR5_Java2_JRE_142.VOLS.tar	Java2_JRE_142	1.4.2Qa	`j2jre142`	1.4.2.17
`urwfonts`	2.0
OSR5_Java2_SDK_142.VOLS.tar	Java2_SDK_142	1.4.2Qa	`j2sdk142`	1.4.2.17
OSR5_Java2_PLUGIN_142.VOLS.tar	Java2_PLUGIN_142	1.4.2Qa	`j2plg142`	1.4.2.17

For OpenServer 6.0.0: custom format package

File Custom Package Custom Version UW Package UW Pkg. Version

OSR6_Java2_142.VOLS.tar j2se142 1.4.2Qa j2jre142 1.4.2.17

urwfonts 2.0Bo
j2sdk142 1.4.2.17
j2plg142 1.4.2.17

javaxcomm 2.0

Download an install any prerequisite packages, runtime, maintenance packs, maintenance supplements, support level supplements as required in the System Requirements and Supported Platforms of this document.
As root, installed the J2SE packages that you have downloaded.
Change directory into the directory containing the downloaded package datastreams
cd <download-dir>

On UnixWare 7.1.4:
Install the J2SE 1.4.2 packages in the following order.
If the package datastreams have been downloaded in compressed format:
zcat urwfonts.ds.Z | pkgadd -d -
zcat j2jre142.ds.Z | pkgadd -d -

pkgadd -d `pwd`/j2sdk142.ds
pkgadd -d `pwd`/j2plg142.ds

If the package datastreams have been uncompressed when downloaded with your browser:
pkgadd -d `pwd`/urwfonts.ds
pkgadd -d `pwd`/j2jre142.ds
pkgadd -d `pwd`/j2sdk142.ds
pkgadd -d `pwd`/j2plg142.ds

On OpenServer 5.0.7, having downloaded the custom format files:
Make a subdirectory for each custom tar file that you downloaded.
mkdir JRE SDK PLUGIN
Unwind each tar file into the corresponding subdirectory.
cd JRE; tar -xf ../OSR5_Java2_JRE_142.VOLS.tar
cd ../SDK; tar -xf ../OSR5_Java2_SDK_142.VOLS.tar
cd ../PLUGIN; tar -xf ../OSR5_Java2_PLUGIN_142.VOLS.tar

To avoid possible compilications or problems installing a new release of J2SE 1.4.2 on your OpenServer 5.0.7 system, any previously installed J2SE 1.4.2 releases should be removed prior to installing this release. Because of packaging dependencies, the components should be removed in the following order:
- Java 2 1.4.2 Plug-in
- Java 2 1.4.2 Software Development Kit
- Java 2 1.4.2 Runtime Environment
Software should be installed in the following order:
- Java 2 1.4.2 Runtime Environment
- Java 2 1.4.2 Software Development Kit
- Java 2 1.4.2 Plug-in
Run the Software Manager with the command:
scoadmin software
or
custom

or double-click on the Software Manager icon in the desktop.
1. Remove any previously installed Java 2 1.4.2 components, one at a time, in the removal order indicated above.
  1. Select the single Java 2 1.4.2 component to be removed.
  2. Pull down the "Software" menu and select "Remove Software"
  3. Click the "Remove" button.
2. Repeat step 1 for each remaining Java 2 1.4.2 component to be removed.
3. Install each of the new Java 2 1.4.2 components, one at a time , in the installation order indicted above.
4. Repeat step 3 for each remaining software download file to be installed.
On OpenServer 6.0.0, having downloaded the single custom format file:
Make a subdirectory and unwind the tar file into that subdirectory.
mkdir JAVA142
cd JAVA142; tar -xf ../OSR6_Java2_142.VOLS.tar

Run the Software Manager with the command:
scoadmin software
or
custom

or double-click on the Software Manager icon in the desktop.
1. Pull down the "Software" menu and select "Install New".
2. When prompted for the host from which to install, choose the local machine and then "Continue".
3. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue".
4. When prompted for the "Image Directory", enter the directory where you unwound the tar file of the package to be installed and choose "OK".
5. When prompted to select the software to install, the single software package in the directory will by highlighted. You can deselect any of the optional packages that you do not wish to install at this time. Click on "Install".

File	Custom Package	Custom Version	UW Package	UW Pkg. Version
OSR6_Java2_142.VOLS.tar	j2se142	1.4.2Qa	`j2jre142`	1.4.2.17
`urwfonts`	2.0Bo
`j2sdk142`	1.4.2.17
`j2plg142`	1.4.2.17
`javaxcomm`	2.0

Important Notes

Documentation

Essential information about this product is contained in the Java 2 Standard Edition,v. 1.4.2_14c, for SCO UNIX Operating Systems Release Notes which are distributed with the j2jre142 package and installed in /usr/java2. A copy of the Release Notes is available on this download page.

Be sure to read these notes thoroughly before attempting to use the J2SE 1.4.2. We recommend that you print out or bookmark these notes for later reference.

Licensing

The J2SE 1.4.2 for SCO UNIX is licensed under the same terms as the host SCO operating system upon which it is installed.