/hg/release/icedtea7-2.0: 2 new changesets

andrew at icedtea.classpath.org andrew at icedtea.classpath.org
Tue Oct 18 19:38:29 PDT 2011 

changeset 9efe0319ef13 in /hg/release/icedtea7-2.0
details: http://icedtea.classpath.org/hg/release/icedtea7-2.0?cmd=changeset;node=9efe0319ef13
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Oct 19 03:24:31 2011 +0100

	Import security updates.

	2011-10-19 Andrew John Hughes <ahughes at redhat.com>

	 * Makefile.am: Bring in security updates.
	(CORBA_CHANGESET): Updated. (JAXWS_CHANGESET): Likewise.
	(JDK_CHANGESET): Likewise. (CORBA_SHA256SUM): Likewise.
	(JAXWS_SHA256SUM): Likewise. (JDK_SHA256SUM): Likewise.
		* patches/rhino.patch: Updated to work after 7046823 is
	applied.
		* NEWS: Updated.


changeset 143310ff66a3 in /hg/release/icedtea7-2.0
details: http://icedtea.classpath.org/hg/release/icedtea7-2.0?cmd=changeset;node=143310ff66a3
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Oct 19 03:31:42 2011 +0100

	Disable CACAO due to http://server.complang.tuwien.ac.at/cgi-
	bin/bugzilla/show_bug.cgi?id=154

	2011-10-19 Andrew John Hughes <ahughes at redhat.com>

	 Disable CACAO due to
	http://server.complang.tuwien.ac.at/cgi-
	bin/bugzilla/show_bug.cgi?id=154
		* README: Mention that CACAO is disabled and correct option
	name.
		* acinclude.m4: (IT_ENABLE_CACAO): Exit with an error if CACAO
	is enabled.


diffstat:

 ChangeLog           |  23 +++++++++++++++++++++++
 Makefile.am         |  12 ++++++------
 NEWS                |  14 ++++++++++++++
 README              |   5 ++++-
 acinclude.m4        |   3 +++
 patches/rhino.patch |  30 +++++++++++++++---------------
 6 files changed, 65 insertions(+), 22 deletions(-)

diffs (259 lines):

diff -r 6f5766492517 -r 143310ff66a3 ChangeLog
--- a/ChangeLog	Mon Oct 10 23:02:34 2011 +0100
+++ b/ChangeLog	Wed Oct 19 03:31:42 2011 +0100
@@ -1,3 +1,26 @@
+2011-10-19  Andrew John Hughes  <ahughes at redhat.com>
+
+	Disable CACAO due to
+	http://server.complang.tuwien.ac.at/cgi-bin/bugzilla/show_bug.cgi?id=154
+	* README: Mention that CACAO is disabled
+	and correct option name.
+	* acinclude.m4:
+	(IT_ENABLE_CACAO): Exit with an error if CACAO
+	is enabled.
+
+2011-10-19  Andrew John Hughes  <ahughes at redhat.com>
+
+	* Makefile.am: Bring in security updates.
+	(CORBA_CHANGESET): Updated.
+	(JAXWS_CHANGESET): Likewise.
+	(JDK_CHANGESET): Likewise.
+	(CORBA_SHA256SUM): Likewise.
+	(JAXWS_SHA256SUM): Likewise.
+	(JDK_SHA256SUM): Likewise.
+	* patches/rhino.patch: Updated to work
+	after 7046823 is applied.
+	* NEWS: Updated.
+
 2011-10-10  Andrew John Hughes  <ahughes at redhat.com>
 
 	* Makefile.am:
diff -r 6f5766492517 -r 143310ff66a3 Makefile.am
--- a/Makefile.am	Mon Oct 10 23:02:34 2011 +0100
+++ b/Makefile.am	Wed Oct 19 03:31:42 2011 +0100
@@ -2,19 +2,19 @@
 
 OPENJDK_VERSION = b147
 
-CORBA_CHANGESET = 953de8c7bccb
+CORBA_CHANGESET = 4d9e4fb8af09
 HOTSPOT_CHANGESET = b28ae681bae0
 JAXP_CHANGESET = 948e734135ea
-JAXWS_CHANGESET = 5d3734549424
-JDK_CHANGESET = d9fca71ba183
+JAXWS_CHANGESET = a2ebfdc9db7e
+JDK_CHANGESET = 2054526dd141
 LANGTOOLS_CHANGESET = 9b85f1265346
 OPENJDK_CHANGESET = 0a76e5390e68
 
-CORBA_SHA256SUM = 303d862f722d34ede330e9afdb0f2c9d61e02134beb4d562957e9574a91f8cca
+CORBA_SHA256SUM = 9579b9f47c45d4e6f4eb080a7a27886163691a77c193d83423389cb87656aec5
 HOTSPOT_SHA256SUM = dcb5a8d4a0a466e3673f891cea40ce163c02f26b0054dfc41c30e0f87c5c2f64
 JAXP_SHA256SUM = 66948dee25e0224b12587ba150b21dab2e21b260a853bd1272e07c8d08d2e586
-JAXWS_SHA256SUM = 6aace2cc9f1a98a3822733ad568cc070ec178ff3618c05229c68072af3ed4765
-JDK_SHA256SUM = d8e9bb264f2a31424764466273f10c05d4247328ab4c08a0f4b8123993d78e65
+JAXWS_SHA256SUM = 6edd17ac49c33a32538262486c0b8147954100cab43a6ee7023789f3840f22a8
+JDK_SHA256SUM = 4cd94391909ca86d2a5e25e3378c8fde1b1368076577fc58fed57097932750e1
 LANGTOOLS_SHA256SUM = 03a256afc7371b3b0fbbbfd80a318e22984f6cbff26082948e8d5845ba193aee
 OPENJDK_SHA256SUM = bb47d452a61ed154fad98fda35f93e6e0f3328632ef2cf0afa1d95cd6264071e
 
diff -r 6f5766492517 -r 143310ff66a3 NEWS
--- a/NEWS	Mon Oct 10 23:02:34 2011 +0100
+++ b/NEWS	Wed Oct 19 03:31:42 2011 +0100
@@ -12,6 +12,20 @@
 
 New in release 2.0 (2011-XX-XX):
 
+* Security fixes
+  - S7000600, CVE-2011-3547: InputStream skip() information leak
+  - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
+  - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
+  - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
+  - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
+  - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
+  - S7055902, CVE-2011-3521: IIOP deserialization code execution
+  - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
+  - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
+  - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
+  - S7077466, CVE-2011-3556: RMI DGC server remote code execution
+  - S7083012, CVE-2011-3557: RMI registry privileged code execution
+  - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
 * Bug fixes
   - Allow the compiler used to be overridden by setting BUILD_GCC/BUILD_CPP.
   - Fixed regression test runtime/7020373.
diff -r 6f5766492517 -r 143310ff66a3 README
--- a/README	Mon Oct 10 23:02:34 2011 +0100
+++ b/README	Wed Oct 19 03:31:42 2011 +0100
@@ -75,13 +75,16 @@
 alternative to the HotSpot virtual machine. One advantage of this is
 that it already provides a JIT for many platforms to which HotSpot has
 not yet been ported, including ppc, ppc64, arm and mips.  To use CACAO
-as the VM, use the --with-cacao option.  This will download a snapshot
+as the VM, use the --enable-cacao option.  This will download a snapshot
 of CACAO during the build, which has been tested with this version of
 IcedTea7.
 
 The environment variable CACAO_CONFIGURE_ARGS can be used to pass
 additional arguments to the cacao configure.
 
+Note that CACAO support is currently disabled as it does not yet support
+OpenJDK7; see http://server.complang.tuwien.ac.at/cgi-bin/bugzilla/show_bug.cgi?id=154.
+
 PulseAudio Mixer
 ================
 
diff -r 6f5766492517 -r 143310ff66a3 acinclude.m4
--- a/acinclude.m4	Mon Oct 10 23:02:34 2011 +0100
+++ b/acinclude.m4	Wed Oct 19 03:31:42 2011 +0100
@@ -772,6 +772,9 @@
   AC_MSG_RESULT(${ENABLE_CACAO})
   AM_CONDITIONAL(ENABLE_CACAO, test x"${ENABLE_CACAO}" = "xyes")
   AC_SUBST(ENABLE_CACAO)
+  if test "x${ENABLE_CACAO}" = "xyes" ; then
+    AC_MSG_ERROR([CACAO does not currently work with OpenJDK7; see http://server.complang.tuwien.ac.at/cgi-bin/bugzilla/show_bug.cgi?id=154])
+  fi
 ])
 
 AC_DEFUN([IT_WITH_CACAO_HOME],
diff -r 6f5766492517 -r 143310ff66a3 patches/rhino.patch
--- a/patches/rhino.patch	Mon Oct 10 23:02:34 2011 +0100
+++ b/patches/rhino.patch	Wed Oct 19 03:31:42 2011 +0100
@@ -1,6 +1,6 @@
 diff -Nru openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile
---- openjdk.orig/jdk/make/com/sun/Makefile	2011-04-20 04:40:20.000000000 +0100
-+++ openjdk/jdk/make/com/sun/Makefile	2011-04-21 22:36:31.443422475 +0100
+--- openjdk.orig/jdk/make/com/sun/Makefile	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/make/com/sun/Makefile	2011-10-19 01:57:22.982499164 +0100
 @@ -31,13 +31,6 @@
  PRODUCT = sun
  include $(BUILDDIR)/common/Defs.gmk
@@ -16,8 +16,8 @@
  SUBDIRS = java security net/ssl jarsigner
  
 diff -Nru openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile
---- openjdk.orig/jdk/make/com/sun/script/Makefile	2011-04-20 04:40:20.000000000 +0100
-+++ openjdk/jdk/make/com/sun/script/Makefile	2011-04-21 22:36:31.443422475 +0100
+--- openjdk.orig/jdk/make/com/sun/script/Makefile	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/make/com/sun/script/Makefile	2011-10-19 01:57:22.994499353 +0100
 @@ -31,6 +31,8 @@
  
  AUTO_FILES_JAVA_DIRS = com/sun/script
@@ -28,9 +28,9 @@
  # Files that need to be copied
  #
 diff -Nru openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk
---- openjdk.orig/jdk/make/common/Release.gmk	2011-04-21 20:56:37.000000000 +0100
-+++ openjdk/jdk/make/common/Release.gmk	2011-04-21 22:36:31.443422475 +0100
-@@ -735,6 +735,7 @@
+--- openjdk.orig/jdk/make/common/Release.gmk	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/make/common/Release.gmk	2011-10-19 01:57:22.994499353 +0100
+@@ -756,6 +756,7 @@
  	$(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar
  	$(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar
  	$(CP) $(JSSE_JAR) $(JRE_IMAGE_DIR)/lib/jsse.jar
@@ -39,8 +39,8 @@
  	$(CD) $(JRE_IMAGE_DIR)/lib && \
  	    $(BOOT_JAVA_CMD) -jar $(BUILDMETAINDEX_JARFILE) \
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java	2010-07-29 21:55:35.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java	2011-04-21 22:36:31.443422475 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java	2011-10-19 01:57:22.994499353 +0100
 @@ -24,7 +24,7 @@
   */
  
@@ -51,8 +51,8 @@
  import java.util.*;
  
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java	2010-07-29 21:55:35.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java	2011-04-21 22:36:31.455422660 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java	2011-10-19 01:57:22.994499353 +0100
 @@ -26,7 +26,7 @@
  package com.sun.script.javascript;
  
@@ -63,8 +63,8 @@
  /**
   * This class implements Rhino-like JavaAdapter to help implement a Java
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java	2010-07-29 21:55:35.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java	2011-04-21 22:36:31.455422660 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java	2011-10-19 01:57:22.994499353 +0100
 @@ -25,7 +25,7 @@
  
  package com.sun.script.javascript;
@@ -75,8 +75,8 @@
  
  /**
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java	2010-07-29 21:55:35.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java	2011-04-21 22:36:31.455422660 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java	2011-10-19 01:57:22.994499353 +0100
 @@ -26,7 +26,7 @@
  package com.sun.script.javascript;
  
@@ -87,8 +87,8 @@
  /**
   * This class prevents script access to certain sensitive classes.
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java	2010-07-29 21:55:35.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java	2011-04-21 22:36:31.455422660 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java	2011-10-19 01:57:22.994499353 +0100
 @@ -25,7 +25,7 @@
  
  package com.sun.script.javascript;
@@ -99,8 +99,8 @@
  /**
   * Represents compiled JavaScript code.
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java	2011-04-18 18:04:37.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java	2011-04-21 22:36:31.455422660 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java	2011-10-19 01:57:22.994499353 +0100
 @@ -26,7 +26,7 @@
  package com.sun.script.javascript;
  import javax.script.*;
@@ -111,8 +111,8 @@
  
  /**
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	2011-04-20 04:40:21.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	2011-04-21 22:36:31.455422660 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java	2011-10-19 01:57:22.994499353 +0100
 @@ -26,7 +26,7 @@
  package com.sun.script.javascript;
  import com.sun.script.util.*;
@@ -121,22 +121,22 @@
 +import sun.org.mozilla.javascript.*;
  import java.lang.reflect.Method;
  import java.io.*;
- import java.util.*;
+ import java.security.*;
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java	2011-04-11 12:34:30.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java	2011-04-21 22:36:31.455422660 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java	2011-10-19 01:57:37.454729539 +0100
 @@ -25,7 +25,7 @@
  
  package com.sun.script.javascript;
  
 -import sun.org.mozilla.javascript.internal.*;
 +import sun.org.mozilla.javascript.*;
+ import java.security.AccessControlContext;
  import javax.script.*;
  
- /**
 diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java
---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java	2010-07-29 21:55:35.000000000 +0100
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java	2011-04-21 22:36:31.455422660 +0100
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java	2011-10-14 03:02:15.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java	2011-10-19 01:57:22.994499353 +0100
 @@ -27,7 +27,7 @@
  
  import java.lang.reflect.*;

More information about the distro-pkg-dev mailing list