/hg/release/icedtea6-1.9: 5 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Oct 18 16:01:08 PDT 2011
changeset 941103576384 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=941103576384
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Oct 13 15:04:46 2011 +0100
Add first batch of security patches.
S7000600, CVE-2011-3547: InputStream skip() information leak
S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor S7023640,
CVE-2011-3551: Java2D TransformHelper integer overflow S7032417,
CVE-2011-3552: excessive default UDP socket limit under
SecurityManager S7046823, CVE-2011-3544: missing SecurityManager
checks in scripting engine S7055902, CVE-2011-3521: IIOP
deserialization code execution S7057857, CVE-2011-3554: insufficient
pack200 JAR files uncompress error checks S7064341, CVE-2011-3389:
JSSE S7070134, CVE-2011-3558: Hotspot unspecified issue S7077466,
CVE-2011-3556: RMI DGC server remote code execution S7083012,
CVE-2011-3557: RMI registry privileged code execution S7096936,
CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
2011-10-13 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add patches.
* NEWS: List security updates.
* patches/icedtea-rhino.patch: Change after 7046823 is
applied.
* patches/security/20111018/7000600.patch,
* patches/security/20111018/7019773.patch,
* patches/security/20111018/7023640.patch,
* patches/security/20111018/7032417.patch,
* patches/security/20111018/7046823.patch,
* patches/security/20111018/7055902.patch,
* patches/security/20111018/7057857.patch,
* patches/security/20111018/7064341.patch,
* patches/security/20111018/7070134.patch,
* patches/security/20111018/7083012.patch,
* patches/security/20111018/7096936.patch: First batch of
security patches.
changeset cee8f49929f9 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=cee8f49929f9
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Oct 13 15:06:00 2011 +0100
Prepare for 1.9.10 release.
2011-10-13 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Add 1.9.10 release date.
* configure.ac: Bump to 1.9.10 proper.
changeset 664021245703 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=664021245703
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Oct 13 15:31:14 2011 +0100
Add better descriptions for a couple of security issues.
2011-10-13 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Add better descriptions for a couple of
security issues.
changeset 17e57c1e0898 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=17e57c1e0898
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Oct 13 17:02:32 2011 +0100
Make 7070134 apply, regardless of HotSpot build.
2011-10-13 Andrew John Hughes <ahughes at redhat.com>
* patches/security/20111018/7070134.patch: Moved to
hs19 variant.
* Makefile.am: Apply different 7070134 patch depending on
HotSpot build.
* patches/security/20111018/7070134-hs19.patch,
* patches/security/20111018/7070134-original.patch: 7070134
for each HotSpot build.
changeset 28de6deb3971 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=28de6deb3971
author: Andrew John Hughes <ahughes at redhat.com>
date: Fri Oct 14 11:37:14 2011 +0100
Add remaining security patches.
2011-10-14 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add additional patches.
* NEWS: List JAXWS fix.
* patches/icedtea-xjc.patch: Update against 7046794.
* patches/security/20111018/7046794.patch,
* patches/security/20111018/7077466.patch: Additional security
patches.
diffstat:
ChangeLog | 48 +
Makefile.am | 15 +-
NEWS | 16 +-
configure.ac | 2 +-
patches/icedtea-rhino.patch | 134 +-
patches/icedtea-xjc.patch | 4 +-
patches/security/20111018/7000600.patch | 44 +
patches/security/20111018/7019773.patch | 116 +
patches/security/20111018/7023640.patch | 97 +
patches/security/20111018/7032417.patch | 29 +
patches/security/20111018/7046794.patch | 34 +
patches/security/20111018/7046823.patch | 140 +
patches/security/20111018/7055902.patch | 39 +
patches/security/20111018/7057857.patch | 73 +
patches/security/20111018/7064341.patch | 475 +
patches/security/20111018/7070134-hs19.patch | 97771 +++++++++++++++++++++
patches/security/20111018/7070134-original.patch | 97771 +++++++++++++++++++++
patches/security/20111018/7077466.patch | 30 +
patches/security/20111018/7083012.patch | 966 +
patches/security/20111018/7096936.patch | 50 +
20 files changed, 197788 insertions(+), 66 deletions(-)
diffs (truncated from 198085 to 500 lines):
diff -r 328afd896e3e -r 28de6deb3971 ChangeLog
--- a/ChangeLog Thu Sep 29 16:41:18 2011 -0400
+++ b/ChangeLog Fri Oct 14 11:37:14 2011 +0100
@@ -1,3 +1,51 @@
+2011-10-14 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add additional patches.
+ * NEWS: List JAXWS fix.
+ * patches/icedtea-xjc.patch: Update against 7046794.
+ * patches/security/20111018/7046794.patch,
+ * patches/security/20111018/7077466.patch:
+ Additional security patches.
+
+2011-10-13 Andrew John Hughes <ahughes at redhat.com>
+
+ * patches/security/20111018/7070134.patch:
+ Moved to hs19 variant.
+ * Makefile.am: Apply different 7070134 patch
+ depending on HotSpot build.
+ * patches/security/20111018/7070134-hs19.patch,
+ * patches/security/20111018/7070134-original.patch:
+ 7070134 for each HotSpot build.
+
+2011-10-13 Andrew John Hughes <ahughes at redhat.com>
+
+ * NEWS: Add better descriptions for
+ a couple of security issues.
+
+2011-10-13 Andrew John Hughes <ahughes at redhat.com>
+
+ * NEWS: Add 1.9.10 release date.
+ * configure.ac: Bump to 1.9.10 proper.
+
+2011-10-13 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add patches.
+ * NEWS: List security updates.
+ * patches/icedtea-rhino.patch: Change
+ after 7046823 is applied.
+ * patches/security/20111018/7000600.patch,
+ * patches/security/20111018/7019773.patch,
+ * patches/security/20111018/7023640.patch,
+ * patches/security/20111018/7032417.patch,
+ * patches/security/20111018/7046823.patch,
+ * patches/security/20111018/7055902.patch,
+ * patches/security/20111018/7057857.patch,
+ * patches/security/20111018/7064341.patch,
+ * patches/security/20111018/7070134.patch,
+ * patches/security/20111018/7083012.patch,
+ * patches/security/20111018/7096936.patch:
+ First batch of security patches.
+
2011-09-29 Deepak Bhole <dbhole at redhat.com>
PR794: javaws does not work if a Web Start app jar has a Class-Path
diff -r 328afd896e3e -r 28de6deb3971 Makefile.am
--- a/Makefile.am Thu Sep 29 16:41:18 2011 -0400
+++ b/Makefile.am Fri Oct 14 11:37:14 2011 +0100
@@ -235,7 +235,20 @@
patches/security/20110607/7013971.patch \
patches/security/20110607/7016495.patch \
patches/security/20110607/7020198.patch \
- patches/security/20110607/7020373.patch
+ patches/security/20110607/7020373.patch \
+ patches/security/20111018/7000600.patch \
+ patches/security/20111018/7019773.patch \
+ patches/security/20111018/7023640.patch \
+ patches/security/20111018/7032417.patch \
+ patches/security/20111018/7046823.patch \
+ patches/security/20111018/7055902.patch \
+ patches/security/20111018/7057857.patch \
+ patches/security/20111018/7064341.patch \
+ patches/security/20111018/7070134-${HSBUILD}.patch \
+ patches/security/20111018/7083012.patch \
+ patches/security/20111018/7096936.patch \
+ patches/security/20111018/7046794.patch \
+ patches/security/20111018/7077466.patch
ICEDTEA_PATCHES = \
$(SECURITY_PATCHES) \
diff -r 328afd896e3e -r 28de6deb3971 NEWS
--- a/NEWS Thu Sep 29 16:41:18 2011 -0400
+++ b/NEWS Fri Oct 14 11:37:14 2011 +0100
@@ -8,8 +8,22 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.9.10 (2011-XX-XX):
+New in release 1.9.10 (2011-10-18):
+* Security fixes
+ - S7000600, CVE-2011-3547: InputStream skip() information leak
+ - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
+ - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
+ - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
+ - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
+ - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
+ - S7055902, CVE-2011-3521: IIOP deserialization code execution
+ - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
+ - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
+ - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
+ - S7077466, CVE-2011-3556: RMI DGC server remote code execution
+ - S7083012, CVE-2011-3557: RMI registry privileged code execution
+ - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
* NetX
- PR794: javaws does not work if a Web Start app jar has a Class-Path element in the manifest
diff -r 328afd896e3e -r 28de6deb3971 configure.ac
--- a/configure.ac Thu Sep 29 16:41:18 2011 -0400
+++ b/configure.ac Fri Oct 14 11:37:14 2011 +0100
@@ -1,4 +1,4 @@
-AC_INIT([icedtea6],[1.9.10pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.9.10],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r 328afd896e3e -r 28de6deb3971 patches/icedtea-rhino.patch
--- a/patches/icedtea-rhino.patch Thu Sep 29 16:41:18 2011 -0400
+++ b/patches/icedtea-rhino.patch Fri Oct 14 11:37:14 2011 +0100
@@ -1,16 +1,6 @@
---- openjdk/jdk/make/com/sun/script/Makefile.orig 2008-11-25 09:01:10.000000000 +0000
-+++ openjdk/jdk/make/com/sun/script/Makefile 2008-12-03 21:13:14.000000000 +0000
-@@ -31,6 +31,8 @@
-
- AUTO_FILES_JAVA_DIRS = com/sun/script
-
-+OTHER_JAVACFLAGS = -classpath $(RHINO_JAR)
-+
- #
- # Files that need to be copied
- #
---- openjdk/jdk/make/com/sun/Makefile.orig 2008-11-25 09:01:09.000000000 +0000
-+++ openjdk/jdk/make/com/sun/Makefile 2008-12-03 21:14:36.000000000 +0000
+diff -Nru openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile
+--- openjdk.orig/jdk/make/com/sun/Makefile 2010-06-21 22:15:07.000000000 +0100
++++ openjdk/jdk/make/com/sun/Makefile 2011-10-13 00:33:19.852945178 +0100
@@ -31,15 +31,8 @@
PRODUCT = sun
include $(BUILDDIR)/common/Defs.gmk
@@ -28,8 +18,21 @@
java inputmethods org rowset net/httpserver net/ssl demo \
tools jarsigner
---- openjdk/jdk/make/common/Release.gmk.orig 2008-12-03 21:12:23.000000000 +0000
-+++ openjdk/jdk/make/common/Release.gmk 2008-12-03 21:13:14.000000000 +0000
+diff -Nru openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile
+--- openjdk.orig/jdk/make/com/sun/script/Makefile 2010-06-21 22:15:07.000000000 +0100
++++ openjdk/jdk/make/com/sun/script/Makefile 2011-10-13 00:33:19.840944989 +0100
+@@ -31,6 +31,8 @@
+
+ AUTO_FILES_JAVA_DIRS = com/sun/script
+
++OTHER_JAVACFLAGS = -classpath $(RHINO_JAR)
++
+ #
+ # Files that need to be copied
+ #
+diff -Nru openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk
+--- openjdk.orig/jdk/make/common/Release.gmk 2011-10-13 00:21:13.000000000 +0100
++++ openjdk/jdk/make/common/Release.gmk 2011-10-13 00:33:19.852945178 +0100
@@ -772,6 +772,7 @@
$(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar
$(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar
@@ -38,19 +41,69 @@
@# Generate meta-index to make boot and extension class loaders lazier
$(CD) $(JRE_IMAGE_DIR)/lib && \
$(BOOT_JAVA_CMD) -jar $(BUILDMETAINDEX_JARFILE) \
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2008-12-03 21:13:13.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2010-06-21 22:15:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-10-13 00:33:19.852945178 +0100
+@@ -24,7 +24,7 @@
+ */
+
+ package com.sun.script.javascript;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ import javax.script.*;
+ import java.util.*;
+
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2010-06-21 22:15:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-10-13 00:33:19.852945178 +0100
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+
+ import javax.script.Invocable;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * This class implements Rhino-like JavaAdapter to help implement a Java
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2010-06-21 22:15:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-10-13 00:33:19.852945178 +0100
@@ -25,7 +25,7 @@
package com.sun.script.javascript;
-import sun.org.mozilla.javascript.internal.*;
+import sun.org.mozilla.javascript.*;
- import javax.script.*;
+ import java.util.*;
/**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2008-12-03 21:13:05.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2010-06-21 22:15:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-10-13 00:33:19.852945178 +0100
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+
+ import java.util.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * This class prevents script access to certain sensitive classes.
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2010-06-21 22:15:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-10-13 00:33:19.852945178 +0100
+@@ -25,7 +25,7 @@
+
+ package com.sun.script.javascript;
+ import javax.script.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * Represents compiled JavaScript code.
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2010-06-21 22:15:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-10-13 00:33:19.852945178 +0100
@@ -26,7 +26,7 @@
package com.sun.script.javascript;
import javax.script.*;
@@ -60,19 +113,9 @@
import com.sun.script.util.*;
/**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2008-12-03 21:13:14.000000000 +0000
-@@ -24,7 +24,7 @@
- */
-
- package com.sun.script.javascript;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- import javax.script.*;
- import java.util.*;
-
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2008-12-03 21:13:05.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 00:21:08.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 00:33:19.852945178 +0100
@@ -26,7 +26,7 @@
package com.sun.script.javascript;
import com.sun.script.util.*;
@@ -81,42 +124,22 @@
+import sun.org.mozilla.javascript.*;
import java.lang.reflect.Method;
import java.io.*;
- import java.util.*;
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2008-12-03 21:13:05.000000000 +0000
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
-
- import java.util.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * This class prevents script access to certain sensitive classes.
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2008-12-03 21:13:14.000000000 +0000
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
-
- import javax.script.Invocable;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * This class implements Rhino-like JavaAdapter to help implement a Java
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2008-12-03 21:13:05.000000000 +0000
+ import java.security.*;
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 00:21:08.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 00:33:36.289203779 +0100
@@ -25,7 +25,7 @@
package com.sun.script.javascript;
-import sun.org.mozilla.javascript.internal.*;
+import sun.org.mozilla.javascript.*;
- import java.util.*;
+ import java.security.AccessControlContext;
+ import javax.script.*;
- /**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2008-12-03 21:13:14.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2010-06-21 22:15:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-10-13 00:33:19.852945178 +0100
@@ -27,7 +27,7 @@
import java.lang.reflect.*;
@@ -126,14 +149,3 @@
/**
* This wrap factory is used for security reasons. JSR 223 script
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2008-12-03 21:13:05.000000000 +0000
-@@ -25,7 +25,7 @@
-
- package com.sun.script.javascript;
- import javax.script.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * Represents compiled JavaScript code.
diff -r 328afd896e3e -r 28de6deb3971 patches/icedtea-xjc.patch
--- a/patches/icedtea-xjc.patch Thu Sep 29 16:41:18 2011 -0400
+++ b/patches/icedtea-xjc.patch Fri Oct 14 11:37:14 2011 +0100
@@ -5,8 +5,8 @@
patches.dir=patches
# Patches to apply
--jaxws_src.patch.list=7013971.patch
-+jaxws_src.patch.list=7013971.patch xjc.patch
+-jaxws_src.patch.list=7013971.patch 7046794.patch
++jaxws_src.patch.list=7013971.patch 7046794.patch xjc.patch
# Sanity information
sanity.info= Sanity Settings:${line.separator}\
diff -r 328afd896e3e -r 28de6deb3971 patches/security/20111018/7000600.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20111018/7000600.patch Fri Oct 14 11:37:14 2011 +0100
@@ -0,0 +1,45 @@
+--- openjdk/jdk/src/share/classes/java/io/InputStream.java Wed Jul 13 15:37:05 2011
++++ openjdk/jdk/src/share/classes/java/io/InputStream.java Wed Jul 13 15:37:02 2011
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1994, 2006, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1994, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -44,10 +44,9 @@
+ */
+ public abstract class InputStream implements Closeable {
+
+- // SKIP_BUFFER_SIZE is used to determine the size of skipBuffer
+- private static final int SKIP_BUFFER_SIZE = 2048;
+- // skipBuffer is initialized in skip(long), if needed.
+- private static byte[] skipBuffer;
++ // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer skip to
++ // use when skipping.
++ private static final int MAX_SKIP_BUFFER_SIZE = 2048;
+
+ /**
+ * Reads the next byte of data from the input stream. The value byte is
+@@ -212,18 +211,15 @@
+
+ long remaining = n;
+ int nr;
+- if (skipBuffer == null)
+- skipBuffer = new byte[SKIP_BUFFER_SIZE];
+-
+- byte[] localSkipBuffer = skipBuffer;
+
+ if (n <= 0) {
+ return 0;
+ }
+
++ int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
++ byte[] skipBuffer = new byte[size];
+ while (remaining > 0) {
+- nr = read(localSkipBuffer, 0,
+- (int) Math.min(SKIP_BUFFER_SIZE, remaining));
++ nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
+ if (nr < 0) {
+ break;
+ }
diff -r 328afd896e3e -r 28de6deb3971 patches/security/20111018/7019773.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20111018/7019773.patch Fri Oct 14 11:37:14 2011 +0100
@@ -0,0 +1,117 @@
+--- openjdk/jdk/src/share/classes/java/awt/AWTKeyStroke.java 2011-07-21 16:52:23.399614830 +0400
++++ openjdk/jdk/src/share/classes/java/awt/AWTKeyStroke.java 2011-07-21 16:52:23.075617350 +0400
+@@ -25,6 +25,7 @@
+ package java.awt;
+
+ import java.awt.event.KeyEvent;
++import sun.awt.AppContext;
+ import java.awt.event.InputEvent;
+ import java.util.Collections;
+ import java.util.HashMap;
+@@ -66,9 +67,6 @@
+ public class AWTKeyStroke implements Serializable {
+ static final long serialVersionUID = -6430539691155161871L;
+
+- private static Map cache;
+- private static AWTKeyStroke cacheKey;
+- private static Constructor ctor = getCtor(AWTKeyStroke.class);
+ private static Map modifierKeywords;
+ /**
+ * Associates VK_XXX (as a String) with code (as Integer). This is
+@@ -77,6 +75,25 @@
+ */
+ private static VKCollection vks;
+
++ //A key for the collection of AWTKeyStrokes within AppContext.
++ private static Object APP_CONTEXT_CACHE_KEY = new Object();
++ //A key withing the cache
++ private static AWTKeyStroke APP_CONTEXT_KEYSTROKE_KEY = new AWTKeyStroke();
++
++ /*
++ * Reads keystroke class from AppContext and if null, puts there the
++ * AWTKeyStroke class.
++ * Must be called under locked AWTKeyStroke.class
++ */
++ private static Class getAWTKeyStrokeClass() {
++ Class clazz = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
++ if (clazz == null) {
++ clazz = AWTKeyStroke.class;
++ AppContext.getAppContext().put(AWTKeyStroke.class, AWTKeyStroke.class);
++ }
++ return clazz;
++ }
++
+ private char keyChar = KeyEvent.CHAR_UNDEFINED;
+ private int keyCode = KeyEvent.VK_UNDEFINED;
+ private int modifiers;
+@@ -164,9 +181,12 @@
+ if (subclass == null) {
+ throw new IllegalArgumentException("subclass cannot be null");
+ }
+- if (AWTKeyStroke.ctor.getDeclaringClass().equals(subclass)) {
+- // Already registered
+- return;
++ synchronized (AWTKeyStroke.class) {
++ Class keyStrokeClass = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
++ if (keyStrokeClass != null && keyStrokeClass.equals(subclass)){
++ // Already registered
++ return;
++ }
+ }
+ if (!AWTKeyStroke.class.isAssignableFrom(subclass)) {
+ throw new ClassCastException("subclass is not derived from AWTKeyStroke");
+@@ -197,9 +217,9 @@
+ }
+
+ synchronized (AWTKeyStroke.class) {
+- AWTKeyStroke.ctor = ctor;
+- cache = null;
+- cacheKey = null;
++ AppContext.getAppContext().put(AWTKeyStroke.class, subclass);
++ AppContext.getAppContext().remove(APP_CONTEXT_CACHE_KEY);
++ AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
+ }
+ }
+
+@@ -229,13 +249,19 @@
+ private static synchronized AWTKeyStroke getCachedStroke
+ (char keyChar, int keyCode, int modifiers, boolean onKeyRelease)
+ {
++ Map cache = (Map)AppContext.getAppContext().get(APP_CONTEXT_CACHE_KEY);
++ AWTKeyStroke cacheKey = (AWTKeyStroke)AppContext.getAppContext().get(APP_CONTEXT_KEYSTROKE_KEY);
++
+ if (cache == null) {
+ cache = new HashMap();
++ AppContext.getAppContext().put(APP_CONTEXT_CACHE_KEY, cache);
+ }
+
+ if (cacheKey == null) {
+ try {
+- cacheKey = (AWTKeyStroke)ctor.newInstance((Object[]) null);
++ Class clazz = getAWTKeyStrokeClass();
++ cacheKey = (AWTKeyStroke)getCtor(clazz).newInstance((Object[]) null);
++ AppContext.getAppContext().put(APP_CONTEXT_KEYSTROKE_KEY, cacheKey);
+ } catch (InstantiationException e) {
+ assert(false);
+ } catch (IllegalAccessException e) {
+@@ -253,9 +279,8 @@
+ if (stroke == null) {
+ stroke = cacheKey;
+ cache.put(stroke, stroke);
+- cacheKey = null;
++ AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
+ }
+-
+ return stroke;
More information about the distro-pkg-dev
mailing list