/hg/release/icedtea6-1.10: 3 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Oct 18 16:00:17 PDT 2011
changeset 8e837e7b6862 in /hg/release/icedtea6-1.10
details: http://icedtea.classpath.org/hg/release/icedtea6-1.10?cmd=changeset;node=8e837e7b6862
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Oct 13 18:38:23 2011 +0100
Add first batch of security patches.
2011-10-13 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add patches.
* NEWS: List security updates.
* patches/rhino.patch: Change after 7046823 is applied.
* patches/security/20111018/7000600.patch,
* patches/security/20111018/7019773.patch,
* patches/security/20111018/7023640.patch,
* patches/security/20111018/7032417.patch,
* patches/security/20111018/7046823.patch,
* patches/security/20111018/7055902.patch,
* patches/security/20111018/7057857.patch,
* patches/security/20111018/7064341.patch,
* patches/security/20111018/7070134.patch,
* patches/security/20111018/7083012.patch,
* patches/security/20111018/7096936.patch: First batch of
security patches.
changeset 493d13f9f31d in /hg/release/icedtea6-1.10
details: http://icedtea.classpath.org/hg/release/icedtea6-1.10?cmd=changeset;node=493d13f9f31d
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Oct 13 18:40:31 2011 +0100
Bump to 1.10.4 proper.
2011-10-13 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Add 1.10.4 release date.
* configure.ac: Bump to 1.10.4 proper.
changeset 0b6f66c472a1 in /hg/release/icedtea6-1.10
details: http://icedtea.classpath.org/hg/release/icedtea6-1.10?cmd=changeset;node=0b6f66c472a1
author: Andrew John Hughes <ahughes at redhat.com>
date: Fri Oct 14 12:03:00 2011 +0100
Add remaining security patches.
2011-10-14 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add additional patches.
* NEWS: List JAXWS fix.
* patches/xjc.patch: Update against 7046794.
* patches/security/20111018/7046794.patch,
* patches/security/20111018/7077466.patch: Additional security
patches.
diffstat:
ChangeLog | 32 +
Makefile.am | 15 +-
NEWS | 16 +-
configure.ac | 2 +-
patches/rhino.patch | 134 +-
patches/security/20111018/7000600.patch | 44 +
patches/security/20111018/7019773.patch | 116 +
patches/security/20111018/7023640.patch | 97 +
patches/security/20111018/7032417.patch | 29 +
patches/security/20111018/7046794.patch | 34 +
patches/security/20111018/7046823.patch | 140 +
patches/security/20111018/7055902.patch | 39 +
patches/security/20111018/7057857.patch | 73 +
patches/security/20111018/7064341.patch | 475 +
patches/security/20111018/7070134.patch | 97771 ++++++++++++++++++++++++++++++
patches/security/20111018/7077466.patch | 30 +
patches/security/20111018/7083012.patch | 966 +
patches/security/20111018/7096936.patch | 50 +
patches/xjc.patch | 4 +-
19 files changed, 100001 insertions(+), 66 deletions(-)
diffs (truncated from 100287 to 500 lines):
diff -r a24849078314 -r 0b6f66c472a1 ChangeLog
--- a/ChangeLog Wed Oct 05 10:32:19 2011 +0200
+++ b/ChangeLog Fri Oct 14 12:03:00 2011 +0100
@@ -1,3 +1,35 @@
+2011-10-14 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add additional patches.
+ * NEWS: List JAXWS fix.
+ * patches/xjc.patch: Update against 7046794.
+ * patches/security/20111018/7046794.patch,
+ * patches/security/20111018/7077466.patch:
+ Additional security patches.
+
+2011-10-13 Andrew John Hughes <ahughes at redhat.com>
+
+ * NEWS: Add 1.10.4 release date.
+ * configure.ac: Bump to 1.10.4 proper.
+
+2011-10-13 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add patches.
+ * NEWS: List security updates.
+ * patches/rhino.patch: Change after 7046823 is applied.
+ * patches/security/20111018/7000600.patch,
+ * patches/security/20111018/7019773.patch,
+ * patches/security/20111018/7023640.patch,
+ * patches/security/20111018/7032417.patch,
+ * patches/security/20111018/7046823.patch,
+ * patches/security/20111018/7055902.patch,
+ * patches/security/20111018/7057857.patch,
+ * patches/security/20111018/7064341.patch,
+ * patches/security/20111018/7070134.patch,
+ * patches/security/20111018/7083012.patch,
+ * patches/security/20111018/7096936.patch:
+ First batch of security patches.
+
2011-10-05 Jiri Vanek <jvanek at redhat.com>
fixes rhbz#727195, based on martin.wilck at ts.fujitsu.com patch
diff -r a24849078314 -r 0b6f66c472a1 Makefile.am
--- a/Makefile.am Wed Oct 05 10:32:19 2011 +0200
+++ b/Makefile.am Fri Oct 14 12:03:00 2011 +0100
@@ -194,7 +194,20 @@
patches/security/20110607/7013971.patch \
patches/security/20110607/7016495.patch \
patches/security/20110607/7020198.patch \
- patches/security/20110607/7020373.patch
+ patches/security/20110607/7020373.patch \
+ patches/security/20111018/7000600.patch \
+ patches/security/20111018/7019773.patch \
+ patches/security/20111018/7023640.patch \
+ patches/security/20111018/7032417.patch \
+ patches/security/20111018/7046823.patch \
+ patches/security/20111018/7055902.patch \
+ patches/security/20111018/7057857.patch \
+ patches/security/20111018/7064341.patch \
+ patches/security/20111018/7070134.patch \
+ patches/security/20111018/7083012.patch \
+ patches/security/20111018/7096936.patch \
+ patches/security/20111018/7046794.patch \
+ patches/security/20111018/7077466.patch
if WITH_ALT_HSBUILD
SECURITY_PATCHES += \
diff -r a24849078314 -r 0b6f66c472a1 NEWS
--- a/NEWS Wed Oct 05 10:32:19 2011 +0200
+++ b/NEWS Fri Oct 14 12:03:00 2011 +0100
@@ -9,8 +9,22 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.10.4 (2011-XX-XX):
+New in release 1.10.4 (2011-10-18):
+* Security fixes
+ - S7000600, CVE-2011-3547: InputStream skip() information leak
+ - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
+ - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
+ - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
+ - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
+ - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
+ - S7055902, CVE-2011-3521: IIOP deserialization code execution
+ - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
+ - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
+ - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
+ - S7077466, CVE-2011-3556: RMI DGC server remote code execution
+ - S7083012, CVE-2011-3557: RMI registry privileged code execution
+ - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
* Bug fixes
- RH727195 : Japanese font mappings are broken
* Backports
diff -r a24849078314 -r 0b6f66c472a1 configure.ac
--- a/configure.ac Wed Oct 05 10:32:19 2011 +0200
+++ b/configure.ac Fri Oct 14 12:03:00 2011 +0100
@@ -1,4 +1,4 @@
-AC_INIT([icedtea6],[1.10.4pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.10.4],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r a24849078314 -r 0b6f66c472a1 patches/rhino.patch
--- a/patches/rhino.patch Wed Oct 05 10:32:19 2011 +0200
+++ b/patches/rhino.patch Fri Oct 14 12:03:00 2011 +0100
@@ -1,16 +1,6 @@
---- openjdk/jdk/make/com/sun/script/Makefile.orig 2008-11-25 09:01:10.000000000 +0000
-+++ openjdk/jdk/make/com/sun/script/Makefile 2008-12-03 21:13:14.000000000 +0000
-@@ -31,6 +31,8 @@
-
- AUTO_FILES_JAVA_DIRS = com/sun/script
-
-+OTHER_JAVACFLAGS = -classpath $(RHINO_JAR)
-+
- #
- # Files that need to be copied
- #
---- openjdk/jdk/make/com/sun/Makefile.orig 2008-11-25 09:01:09.000000000 +0000
-+++ openjdk/jdk/make/com/sun/Makefile 2008-12-03 21:14:36.000000000 +0000
+diff -Nru openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile
+--- openjdk.orig/jdk/make/com/sun/Makefile 2011-02-28 16:06:10.000000000 +0000
++++ openjdk/jdk/make/com/sun/Makefile 2011-10-13 17:46:30.119082413 +0100
@@ -31,15 +31,8 @@
PRODUCT = sun
include $(BUILDDIR)/common/Defs.gmk
@@ -28,8 +18,21 @@
java inputmethods org rowset net/httpserver net/ssl demo \
tools jarsigner
---- openjdk/jdk/make/common/Release.gmk.orig 2008-12-03 21:12:23.000000000 +0000
-+++ openjdk/jdk/make/common/Release.gmk 2008-12-03 21:13:14.000000000 +0000
+diff -Nru openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile
+--- openjdk.orig/jdk/make/com/sun/script/Makefile 2011-02-28 16:06:10.000000000 +0000
++++ openjdk/jdk/make/com/sun/script/Makefile 2011-10-13 17:46:30.103082160 +0100
+@@ -31,6 +31,8 @@
+
+ AUTO_FILES_JAVA_DIRS = com/sun/script
+
++OTHER_JAVACFLAGS = -classpath $(RHINO_JAR)
++
+ #
+ # Files that need to be copied
+ #
+diff -Nru openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk
+--- openjdk.orig/jdk/make/common/Release.gmk 2011-10-13 17:44:00.000000000 +0100
++++ openjdk/jdk/make/common/Release.gmk 2011-10-13 17:46:30.123082475 +0100
@@ -772,6 +772,7 @@
$(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar
$(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar
@@ -38,19 +41,69 @@
@# Generate meta-index to make boot and extension class loaders lazier
$(CD) $(JRE_IMAGE_DIR)/lib && \
$(BOOT_JAVA_CMD) -jar $(BUILDMETAINDEX_JARFILE) \
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2008-12-03 21:13:13.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-10-13 17:46:30.123082475 +0100
+@@ -24,7 +24,7 @@
+ */
+
+ package com.sun.script.javascript;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ import javax.script.*;
+ import java.util.*;
+
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-10-13 17:46:30.123082475 +0100
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+
+ import javax.script.Invocable;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * This class implements Rhino-like JavaAdapter to help implement a Java
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-10-13 17:46:30.123082475 +0100
@@ -25,7 +25,7 @@
package com.sun.script.javascript;
-import sun.org.mozilla.javascript.internal.*;
+import sun.org.mozilla.javascript.*;
- import javax.script.*;
+ import java.util.*;
/**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2008-12-03 21:13:05.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-10-13 17:46:30.123082475 +0100
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+
+ import java.util.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * This class prevents script access to certain sensitive classes.
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-10-13 17:46:30.123082475 +0100
+@@ -25,7 +25,7 @@
+
+ package com.sun.script.javascript;
+ import javax.script.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * Represents compiled JavaScript code.
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-10-13 17:46:30.123082475 +0100
@@ -26,7 +26,7 @@
package com.sun.script.javascript;
import javax.script.*;
@@ -60,19 +113,9 @@
import com.sun.script.util.*;
/**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2008-12-03 21:13:14.000000000 +0000
-@@ -24,7 +24,7 @@
- */
-
- package com.sun.script.javascript;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- import javax.script.*;
- import java.util.*;
-
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2008-12-03 21:13:05.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 17:43:47.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 17:46:30.123082475 +0100
@@ -26,7 +26,7 @@
package com.sun.script.javascript;
import com.sun.script.util.*;
@@ -81,42 +124,22 @@
+import sun.org.mozilla.javascript.*;
import java.lang.reflect.Method;
import java.io.*;
- import java.util.*;
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2008-12-03 21:13:05.000000000 +0000
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
-
- import java.util.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * This class prevents script access to certain sensitive classes.
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2008-12-03 21:13:14.000000000 +0000
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
-
- import javax.script.Invocable;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * This class implements Rhino-like JavaAdapter to help implement a Java
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2008-12-03 21:13:05.000000000 +0000
+ import java.security.*;
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 17:43:47.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 17:46:45.947332953 +0100
@@ -25,7 +25,7 @@
package com.sun.script.javascript;
-import sun.org.mozilla.javascript.internal.*;
+import sun.org.mozilla.javascript.*;
- import java.util.*;
+ import java.security.AccessControlContext;
+ import javax.script.*;
- /**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2008-12-03 21:13:14.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-10-13 17:46:30.123082475 +0100
@@ -27,7 +27,7 @@
import java.lang.reflect.*;
@@ -126,14 +149,3 @@
/**
* This wrap factory is used for security reasons. JSR 223 script
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2008-12-03 21:13:05.000000000 +0000
-@@ -25,7 +25,7 @@
-
- package com.sun.script.javascript;
- import javax.script.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * Represents compiled JavaScript code.
diff -r a24849078314 -r 0b6f66c472a1 patches/security/20111018/7000600.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20111018/7000600.patch Fri Oct 14 12:03:00 2011 +0100
@@ -0,0 +1,45 @@
+--- openjdk/jdk/src/share/classes/java/io/InputStream.java Wed Jul 13 15:37:05 2011
++++ openjdk/jdk/src/share/classes/java/io/InputStream.java Wed Jul 13 15:37:02 2011
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1994, 2006, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1994, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -44,10 +44,9 @@
+ */
+ public abstract class InputStream implements Closeable {
+
+- // SKIP_BUFFER_SIZE is used to determine the size of skipBuffer
+- private static final int SKIP_BUFFER_SIZE = 2048;
+- // skipBuffer is initialized in skip(long), if needed.
+- private static byte[] skipBuffer;
++ // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer skip to
++ // use when skipping.
++ private static final int MAX_SKIP_BUFFER_SIZE = 2048;
+
+ /**
+ * Reads the next byte of data from the input stream. The value byte is
+@@ -212,18 +211,15 @@
+
+ long remaining = n;
+ int nr;
+- if (skipBuffer == null)
+- skipBuffer = new byte[SKIP_BUFFER_SIZE];
+-
+- byte[] localSkipBuffer = skipBuffer;
+
+ if (n <= 0) {
+ return 0;
+ }
+
++ int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
++ byte[] skipBuffer = new byte[size];
+ while (remaining > 0) {
+- nr = read(localSkipBuffer, 0,
+- (int) Math.min(SKIP_BUFFER_SIZE, remaining));
++ nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
+ if (nr < 0) {
+ break;
+ }
diff -r a24849078314 -r 0b6f66c472a1 patches/security/20111018/7019773.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20111018/7019773.patch Fri Oct 14 12:03:00 2011 +0100
@@ -0,0 +1,117 @@
+--- openjdk/jdk/src/share/classes/java/awt/AWTKeyStroke.java 2011-07-21 16:52:23.399614830 +0400
++++ openjdk/jdk/src/share/classes/java/awt/AWTKeyStroke.java 2011-07-21 16:52:23.075617350 +0400
+@@ -25,6 +25,7 @@
+ package java.awt;
+
+ import java.awt.event.KeyEvent;
++import sun.awt.AppContext;
+ import java.awt.event.InputEvent;
+ import java.util.Collections;
+ import java.util.HashMap;
+@@ -66,9 +67,6 @@
+ public class AWTKeyStroke implements Serializable {
+ static final long serialVersionUID = -6430539691155161871L;
+
+- private static Map cache;
+- private static AWTKeyStroke cacheKey;
+- private static Constructor ctor = getCtor(AWTKeyStroke.class);
+ private static Map modifierKeywords;
+ /**
+ * Associates VK_XXX (as a String) with code (as Integer). This is
+@@ -77,6 +75,25 @@
+ */
+ private static VKCollection vks;
+
++ //A key for the collection of AWTKeyStrokes within AppContext.
++ private static Object APP_CONTEXT_CACHE_KEY = new Object();
++ //A key withing the cache
++ private static AWTKeyStroke APP_CONTEXT_KEYSTROKE_KEY = new AWTKeyStroke();
++
++ /*
++ * Reads keystroke class from AppContext and if null, puts there the
++ * AWTKeyStroke class.
++ * Must be called under locked AWTKeyStroke.class
++ */
++ private static Class getAWTKeyStrokeClass() {
++ Class clazz = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
++ if (clazz == null) {
++ clazz = AWTKeyStroke.class;
++ AppContext.getAppContext().put(AWTKeyStroke.class, AWTKeyStroke.class);
++ }
++ return clazz;
++ }
++
+ private char keyChar = KeyEvent.CHAR_UNDEFINED;
+ private int keyCode = KeyEvent.VK_UNDEFINED;
+ private int modifiers;
+@@ -164,9 +181,12 @@
+ if (subclass == null) {
+ throw new IllegalArgumentException("subclass cannot be null");
+ }
+- if (AWTKeyStroke.ctor.getDeclaringClass().equals(subclass)) {
+- // Already registered
+- return;
++ synchronized (AWTKeyStroke.class) {
++ Class keyStrokeClass = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
++ if (keyStrokeClass != null && keyStrokeClass.equals(subclass)){
++ // Already registered
++ return;
++ }
+ }
+ if (!AWTKeyStroke.class.isAssignableFrom(subclass)) {
+ throw new ClassCastException("subclass is not derived from AWTKeyStroke");
+@@ -197,9 +217,9 @@
+ }
+
+ synchronized (AWTKeyStroke.class) {
+- AWTKeyStroke.ctor = ctor;
+- cache = null;
+- cacheKey = null;
++ AppContext.getAppContext().put(AWTKeyStroke.class, subclass);
++ AppContext.getAppContext().remove(APP_CONTEXT_CACHE_KEY);
++ AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
+ }
+ }
+
+@@ -229,13 +249,19 @@
+ private static synchronized AWTKeyStroke getCachedStroke
+ (char keyChar, int keyCode, int modifiers, boolean onKeyRelease)
+ {
++ Map cache = (Map)AppContext.getAppContext().get(APP_CONTEXT_CACHE_KEY);
++ AWTKeyStroke cacheKey = (AWTKeyStroke)AppContext.getAppContext().get(APP_CONTEXT_KEYSTROKE_KEY);
++
+ if (cache == null) {
+ cache = new HashMap();
++ AppContext.getAppContext().put(APP_CONTEXT_CACHE_KEY, cache);
+ }
+
+ if (cacheKey == null) {
+ try {
+- cacheKey = (AWTKeyStroke)ctor.newInstance((Object[]) null);
++ Class clazz = getAWTKeyStrokeClass();
++ cacheKey = (AWTKeyStroke)getCtor(clazz).newInstance((Object[]) null);
++ AppContext.getAppContext().put(APP_CONTEXT_KEYSTROKE_KEY, cacheKey);
+ } catch (InstantiationException e) {
+ assert(false);
+ } catch (IllegalAccessException e) {
+@@ -253,9 +279,8 @@
+ if (stroke == null) {
+ stroke = cacheKey;
+ cache.put(stroke, stroke);
+- cacheKey = null;
++ AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
+ }
+-
+ return stroke;
+ }
+
+@@ -775,7 +800,8 @@
+ protected Object readResolve() throws java.io.ObjectStreamException {
+ synchronized (AWTKeyStroke.class) {
+ Class newClass = getClass();
+- if (!newClass.equals(ctor.getDeclaringClass())) {
++ Class awtKeyStrokeClass = getAWTKeyStrokeClass();
++ if (!newClass.equals(awtKeyStrokeClass)) {
+ registerSubclass(newClass);
+ }
+ return getCachedStroke(keyChar, keyCode, modifiers, onKeyRelease);
diff -r a24849078314 -r 0b6f66c472a1 patches/security/20111018/7023640.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20111018/7023640.patch Fri Oct 14 12:03:00 2011 +0100
@@ -0,0 +1,98 @@
+# HG changeset patch
+# User asaha
+# Date 1311020591 25200
+# Node ID 08848920eb33efabb049bc4cb2f40d37ab4f18f6
+# Parent 1a1bf4ee2c24c3fc1f6e4071e23b4b562a654d0d
+7023640: calculation for malloc size in TransformHelper.c could overflow an integer
+Reviewed-by: flar
+
+diff --git a/src/share/native/sun/java2d/loops/TransformHelper.c b/src/share/native/sun/java2d/loops/TransformHelper.c
+--- openjdk/jdk/src/share/native/sun/java2d/loops/TransformHelper.c
++++ openjdk/jdk/src/share/native/sun/java2d/loops/TransformHelper.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
More information about the distro-pkg-dev
mailing list