This release of Java 2 Standard Edition contains:
J2SE 1.3.1 for SCO UNIX is a full implementation of the Sun MicrosystemsTM Java 2 Platform - the technology and environment described in the SunTM specifications of the Java 2 Platform, Standard Edition, v. 1.3.1. (The _22 suffix on the version number indicates the patch level of the Sun J2SE that J2SE 1.3.1 for SCO UNIX corresponds to.)
Note: This is a separate Java implementation from the Java 2 Standard Edition implementations available for the Linux Kernel Personality (LKP) on UnixWare.
J2SE 1.3.1_22
Automatic update of the/usr/javaand/usr/java2symbolic links to the installation of this J2SE release has changed. Please see the "Installations Location and Multiple Java Versions" subsection of the J2SE 1.3.1_22 Release Notes for complete details.J2SE 1.3.1_22 for SCO UNIX is the latest and cumulative update to J2SE 1.3.1. It contains the latest set of fixes from Sun including the following security issue announced by Sun:
Sun Alert ID Description 200040 (formerly 103112) A vulnerability in the Virtual Machine of the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. 201519 (formerly 103079) A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. 200041 (formerly 103078) A vulnerability in the Java Runtime Environment (JRE) may allow malicious Javascript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the Javascript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.
A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.200162 (formerly 103072) A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application or Java applet to move or copy arbitrary files on the system that the application or applet runs on, by requesting the user of the application or applet to drag a file from the application or applet window to a desktop application that has permissions to accept and write files on the system. To exploit this vulnerability, the application or applet has to successfully persuade the user to drag and drop the file. 200837 (formerly 103071) When an untrusted applet or application displays a window, the Java Runtime Environment includes a warning banner inside the window to indicate that the applet or application is untrusted. A defect in the Java Runtime Environment may allow an untrusted applet or application that is downloaded from a malicious website to display a window that exceeds the size of a user's screen so that the warning banner is not visible to the user. 200856 (formerly 102934) A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. 233324 A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. This release supercedes the previous J2SE 1.3.1_20 web-release for UnixWare 7.1.x and OpenServer 5.0.[67] and is available for download from the OS specific section of the SCO support web site at http://www.sco.com/support/download.html/.
J2SE 1.3.1_20
J2SE 1.3.1_20 for SCO UNIX is the latest and cumulative update to J2SE 1.3.1. It contains the latest set of fixes from Sun including:
- Additional updates to TimeZone.java that correspond to Olson's public zone information in tzdata2007a.
- The following security issue announced by Sun.
Sun Alert ID Description 102686 The Java Runtime Environemnt and the Java Secure Socket Extension may verify incorrect RSA PKCS #1 v1.5 signatures if the RSA public key exponent is 3. This may allow applets or applications that are signed by forged signing certificates and web sites with forged web server certificates to be verified as valid. For more information see:
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339This release supercedes the previous J2SE 1.3.1_19 web-release for UnixWare 7.1.x and OpenServer 5.0.[67] and is available for download from the OS specific section of the SCO support web site at http://www.sco.com/support/download.html/.
J2SE 1.3.1_19
J2SE 1.3.1_19 for SCO UNIX, previously available from the SCO Support download site, contained the then latest set of fixes from Sun including:
- Additions or corrections to the US DST timezone changes that go into effect in 2007.
- Western Australia (Perth) timezone changes for the recently enacted (Nov. 21, 2006) summer time phase shift that went into effect on Dec. 3, 2006.
- The CA Root Certificates file (cacerts) has additional root certificates that we have recieved permission to distribute; see section "Distributed CA Certificates" for details
- Fixes for the following previously unannounced security issues.
Sun Alert ID Description 102760 A buffer overflow vulnerability in processing GIF images in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. (Fix from J2SE 5.0, update 10 released in SCO's J2SE 5.0, update 09 release.) 102732 Two vulnerabilities in the Java Runtime Environment may allow an untrusted applet to access data in other applets. 102729 Two buffer overflow vulneribilities in the JRE may independently allow an untrusted applet to elevate its previleges. For example, an applet may grant itself permissions to read and write a local file or execute local applications that are accessible to the user running the untrusted applet.
See the "Changes in This Release" section of the Release Notes for details on
the contents of earlier updates to J2SE 1.3.1.
System Requirements and Supported Platforms
Supported SCO UNIX platforms:
urwfonts [*]
urwfonts [*]
urwfonts [*]
libc, libC, and libm versions 8.0.0 or higher from the Open UNIX Development Kit or UnixWare and OpenServer Development Kit 7.1.3, udkrtfs [**]
uw711pk1) or higher [***]
libthread version 8.0.0 or higher from the Open UNIX Development Kit or UnixWare and OpenServer Development Kit 7.1.3, ptf7410i or higher)[***]
urwfonts [*]
OSRcompat version 8.0.1 or higher[**]
OSS643A for socket driver supplement [***]
OSS646B - Execution Environment Supplement (ver 1.1.0j) or later is required if installing the Java 2 Plug-In.
J2SE 1.3.1 for SCO UNIX is not supported on older versions of the supported SCO operating systems, such as SCO OpenServer Release 5.0.5 or UnixWare 7 Release 7.1.0, nor is it available for older operating systems, such as the SCO UnixWare 2 operating system.
J2SE 1.3.1 for SCO UNIX cannot be used with the older OSRcompat packages that were released together with UnixWare 7 Release 7.0, UnixWare 7 Release 7.1.0, or UnixWare 7 Release 7.1.1.
[*] Package urwfonts is available
as part of the UnixWare 7 Release 7.1.3, the Open UNIX 8.0.0 and the
OpenServer 5.0.7 media kits and is automatically installed as part of
Initial System Load if Java is installed. It is also available on the
UnixWare and OpenServer Development Kit 7.1.3, the Open UNIX
Development Kit Release 8.0.0 or may be downloaded from this download
page.
[**] The recommended runtime for UnixWare and Open UNIX
is the various library packages version 8.0.1 that are part of the UnixWare 7 Release 7.1.3
media kit, on the UnixWare and Open Server Development Kit version 7.1.3 CD-ROM, or the
UnixWare 7.1.3 (UDK) Runtime Libraries available at
the SCO download site,
http://www.sco.com/download/.
The required
runtime on OpenServer 5 are the libraries contained in the package set OSRcompat
version 8.0.1 available on the UnixWare and Open Server Development Kit 7.1.3 CD-ROM,
the SCO OpenServer Release 5.0.7 media, or in the Binary Compatibility 7.1.3 for
OpenServer on
the SCO download site,
http://www.sco.com/download/.
Package set udkrtfs, is available for free download
from
http://www.sco.com/download/. Click on "UNIX", then
choose "UnixWare and OpenServer Development Kit Feature Supplement 7.1.1b",
then look for the downloadable file udkrtfs.image.Z.
[***] Maintenance packs, maintenance supplements, release supplements, and support level supplements (SLS) that are provided to SCO UNIX customers to fix problems reported in our products, are available for free download via anonymous ftp from ftp://ftp.sco.com/pub/unixware7/713, ftp://ftp.sco.com/pub/openunix8, ftp://ftp.sco.com/pub/unixware7, and ftp://ftp.sco.com/pub/openserver5.
See the current J2SE 1.3.1_22 Release Notes (ReleaseNotes.html) available on this down load page for issues associated with UnixWare 7 NonStop® Clusters Release 7.1.1+IP (NSC 7.1.1+IP).
| Approx. Size | |||
urwfonts |
3 MB | (URW)++ Free X11 Fonts | |
j2jre131 |
urwfonts
runtime (above) |
26 MB |
Runtime Support:
java, the Java virtual machine (JVM);
the JIT compiler;
Java Foundation Classes (JFC) & Swing Package; and
basic API libraries:
language support,
I/O,
AWT,
networking,
utilities,
images,
media,
math,
compression,
and
security.
Distributed applications and database access:
|
j2sdk131 |
j2jre131 | 11 MB |
Development Tools:
appletviewer, the Java Applet Viewer;
javac, the Java Compiler;
jdb, the command-line Java debugger;
javah, the C Header and Stub File Generator
for native methods;
javap, the Java Class File Disassembler;
javadoc, the JAVA API Documentation Generator;
jar, the Java Archive (JAR) tool;
and assorted other commands used in Java development;
class libraries used in Java development;
header files used in native code development.
|
j2pls131 |
j2sdk131 | 41 MB |
Java 2 demo applets and applications;
Demos of Swing set functionality;
native method demos;
Java Plug-in demos;
Debuggable versions (_g-suffixed)
of many of the commands and libraries.
|
j2plg131 |
j2jre131 | 1.4 MB | Java 2 Plug-in for Netscape 4.x Navigator or Communicator browsers and Mozilla browsers on UnixWare 7.1.x and OpenServer. |
Note: Where one J2SE 1.3.1 package requires another J2SE 1.3.1 package, the version numbers of the packages must be the same. The Java 2 Plug-in package, version 1.3.1.19 requires the Java 2 Runtime, version 1.3.1.19.
The J2SE 1.3.1 product is distributed as four separate installable Java packages plus a urwfonts package, if needed.
pkgadd datastream format.
File Package Version urwfonts.ds.Z urwfonts2.0 j2jre131.ds.Z j2jre1311.3.1.22 j2sdk131.ds.Z j2sdk1311.3.1.22 j2pls131.ds.Z j2pls1311.3.1.22 j2plg131.ds.Z j2plg1311.3.1.22
File Custom Package Custom Version UW Package UW Pkg. Version JRE.VOLS.tar Java 2 Runtime Environment 1.3.1Va j2jre1311.3.1.22 urwfonts2.0 Java2.VOLS.tar Java 2 Software Development Kit 1.3.1Va j2sdk1311.3.1.22 j2pls1311.3.1.22 javaplug.VOLS.tar Java 2 Plug-in 1.3.1Va j2plg1311.3.1.22
Change directory into the directory containing the downloaded package datastreams
cd <download-dir>
On UnixWare or Open UNIX 8:
Install the J2SE 1.3.1 packages in the following order.
If the package datastreams have been downloaded in compressed format:zcat urwfonts.ds.Z | pkgadd -d -If the package datastreams have been uncompressed when downloaded with your browser:
zcat j2jre131.ds.Z | pkgadd -d -
zcat j2sdk131.ds.Z | pkgadd -d -
zcat j2pls131.ds.Z | pkgadd -d -
zcat j2plg131.ds.Z | pkgadd -d -
pkgadd -d `pwd`/urwfonts.ds
pkgadd -d `pwd`/j2jre131.ds
pkgadd -d `pwd`/j2sdk131.ds
pkgadd -d `pwd`/j2pls131.ds
pkgadd -d `pwd`/j2plg131.ds
On OpenServer, having downloaded the custom format files:
Make a subdirectory for each custom tar file that you downloaded.mkdir JRE Java2 javaplugUnwind each tar file into the corresponding subdirectory.cd JRE; tar -xf ../JRE.VOLS.tar
cd ../Java2; tar -xf ../Java2.VOLS.tar
cd ../javaplug; tar -xf ../javaplug.VOLS.tar
If you have an earlier version of J2SE 1.3.1 on your system, it is recommended that it be removed prior to installing the latest update. Because of dependencies in the underlying UnixWare packages, remove the J2SE 1.3.1 components in the following order - one component at a time.
- Java 2 Plug-in - (javaplug)
- Java 2 Software Development Kit - (JRE)
- Java 2 Runtime Environment - (Java2)
Software should be installed in the following order:
Run the Software Manager with the command:
- Java 2 Runtime Environment
- Java 2 Software Development Kit
- Java 2 Plug-in
scoadmin softwareor double-click on the Software Manager icon in the desktop.
or
custom
- Pull down the "Software" menu and select "Install New".
- When prompted for the host from which to install, choose the local machine and then "Continue".
- In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue".
- When prompted for the "Image Directory", enter the directory where you unwound the tar file of the package to be installed and choose "OK".
- When prompted to select the software to install, the single software package in the directory will by highlighted. Choose "Install".
- Repeat steps 1 through 5 for each remaining software download file to be installed.
Document version 405-000-043-v
27 Feb 2008
Copyright © 2003-2008 The SCO Group, Inc. All rights reserved.