/hg/release/icedtea6-1.11: 3 new changesets
aph at icedtea.classpath.org
aph at icedtea.classpath.org
Mon Feb 20 08:08:50 PST 2012
changeset 82c6fb23eed5 in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=82c6fb23eed5
author: aph
date: Mon Feb 20 12:02:21 2012 +0000
Don't use shared Eden in incremental mode. 2012-02-20 Andrew Haley
<aph at redhat.com>
* arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp
(Helper_new): Don't use shared Eden in incremental mode.
changeset a5e1b251a3bb in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=a5e1b251a3bb
author: aph
date: Mon Feb 20 15:56:14 2012 +0000
merge
changeset 9543acd2586e in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=9543acd2586e
author: aph
date: Mon Feb 20 16:05:07 2012 +0000
Add PR# to ChangeLog.
diffstat:
.hgtags | 1 +
ChangeLog | 43 +
Makefile.am | 13 +-
NEWS | 17 +-
arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp | 2 +-
configure.ac | 2 +-
patches/ecj/jaxws-getdtdtype.patch | 4 +-
patches/security/20120214/7082299.patch | 200 ++++++
patches/security/20120214/7088367.patch | 43 +
patches/security/20120214/7110683.patch | 169 +++++
patches/security/20120214/7110687.patch | 232 +++++++
patches/security/20120214/7110700.patch | 41 +
patches/security/20120214/7110704.patch | 60 +
patches/security/20120214/7112642.patch | 744 ++++++++++++++++++++++++
patches/security/20120214/7118283.patch | 26 +
patches/security/20120214/7126960.patch | 80 ++
16 files changed, 1671 insertions(+), 6 deletions(-)
diffs (truncated from 1803 to 500 lines):
diff -r a5c946d5f4bc -r 9543acd2586e .hgtags
--- a/.hgtags Tue Jan 31 12:36:36 2012 +0000
+++ b/.hgtags Mon Feb 20 16:05:07 2012 +0000
@@ -23,3 +23,4 @@
24c5bd2e7d574441813bfb8f9e4636e50c5d7c28 icedtea6-1.11-branch
933c143b22a0acb6e5c72ac1315fd90a135275a8 icedtea6-1.11pre
746c78997ad9baaac7601686031f507936cebb88 icedtea6-1.11
+24db244df0f369a66d922e2e01f089de9e44f06d icedtea6-1.11.1
diff -r a5c946d5f4bc -r 9543acd2586e ChangeLog
--- a/ChangeLog Tue Jan 31 12:36:36 2012 +0000
+++ b/ChangeLog Mon Feb 20 16:05:07 2012 +0000
@@ -1,3 +1,46 @@
+2012-02-20 Andrew Haley <aph at redhat.com>
+
+ PR584:
+ * arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp (Helper_new):
+ Don't use shared Eden in incremental mode.
+
+2012-02-14 Omair Majid <omajid at redhat.com>
+
+ * configure.ac: Bump to 1.11.2pre
+ * NEWS: Add entry for 1.11.2
+
+2012-02-10 Omair Majid <omajid at redhat.com>
+
+ * NEWS: Update with CVE numbers.
+
+2012-02-08 Omair Majid <omajid at redhat.com>
+
+ * configure.ac: Bump to 1.11.1.
+ * NEWS: Update with release date.
+
+2012-02-08 Omair Majid <omajid at redhat.com>
+
+ * NEWS: Update with security fixes.
+ * Makefile.am
+ (SECURITY_PATCHES): Add security patches.
+ (SPECIAL_SECURITY_PATCH): Add new variable.
+ (ICEDTEA_PATCHES): Add security patch that epends on backport.
+ * patches/security/20120214/7082299.patch,
+ * patches/security/20120214/7088367.patch,
+ * patches/security/20120214/7110683.patch,
+ * patches/security/20120214/7110687.patch,
+ * patches/security/20120214/7110700.patch,
+ * patches/security/20120214/7110704.patch,
+ * patches/security/20120214/7112642.patch,
+ * patches/security/20120214/7118283.patch,
+ * patches/security/20120214/7126960.patch: New security fixes.
+
+2012-02-02 Omair Majid <omajid at redhat.com>
+
+ PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch
+ * patches/ecj/jaxws-getdtdtype.patch: Update to apply correctly.
+ * NEWS: Update with fix.
+
2012-01-31 Andrew Haley <aph at redhat.com>
* arm_port/hotspot/src/cpu/zero/vm/cppInterpreter_arm.S
diff -r a5c946d5f4bc -r 9543acd2586e Makefile.am
--- a/Makefile.am Tue Jan 31 12:36:36 2012 +0000
+++ b/Makefile.am Mon Feb 20 16:05:07 2012 +0000
@@ -201,7 +201,17 @@
ICEDTEA_FSG_PATCHES =
-SECURITY_PATCHES =
+SECURITY_PATCHES = \
+ patches/security/20120214/7082299.patch \
+ patches/security/20120214/7088367.patch \
+ patches/security/20120214/7110683.patch \
+ patches/security/20120214/7110687.patch \
+ patches/security/20120214/7110700.patch \
+ patches/security/20120214/7110704.patch \
+ patches/security/20120214/7118283.patch \
+ patches/security/20120214/7126960.patch
+
+SPECIAL_SECURITY_PATCH = patches/security/20120214/7112642.patch
ICEDTEA_PATCHES = \
$(SECURITY_PATCHES) \
@@ -218,6 +228,7 @@
patches/openjdk/6725214-direct3d-01.patch \
patches/openjdk/6748082-isDisplayLocal.patch \
patches/openjdk/6633275-shaped_translucent_windows.patch \
+ $(SPECIAL_SECURITY_PATCH) \
patches/openjdk/6769607-modal-hangs.patch \
patches/openjdk/6791612-opengl-jni-fix.patch \
patches/openjdk/6755274-glgetstring-crash.patch \
diff -r a5c946d5f4bc -r 9543acd2586e NEWS
--- a/NEWS Tue Jan 31 12:36:36 2012 +0000
+++ b/NEWS Mon Feb 20 16:05:07 2012 +0000
@@ -10,7 +10,22 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.11.1 (2012-XX-XX):
+New in release 1.11.2 (2012-XX-XX):
+
+New in release 1.11.1 (2012-02-14):
+
+* Security fixes
+ - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
+ - S7088367, CVE-2011-3563: Fix issues in java sound
+ - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
+ - S7110687, CVE-2012-0503: Issues with TimeZone class
+ - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
+ - S7110704, CVE-2012-0506: Issues with some method in corba
+ - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
+ - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
+ - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server
+* Bug fixes
+ - PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch
New in release 1.11 (2012-01-30):
diff -r a5c946d5f4bc -r 9543acd2586e arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp
--- a/arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp Tue Jan 31 12:36:36 2012 +0000
+++ b/arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp Mon Feb 20 16:05:07 2012 +0000
@@ -141,7 +141,7 @@
if (UseTLAB) {
result = (oop) thread->tlab().allocate(obj_size);
}
- if (result == NULL) {
+ if (result == NULL && !CMSIncrementalMode) {
need_zero = true;
// Try allocate in shared eden
retry:
diff -r a5c946d5f4bc -r 9543acd2586e configure.ac
--- a/configure.ac Tue Jan 31 12:36:36 2012 +0000
+++ b/configure.ac Mon Feb 20 16:05:07 2012 +0000
@@ -1,4 +1,4 @@
-AC_INIT([icedtea6],[1.11.1pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.11.2pre],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r a5c946d5f4bc -r 9543acd2586e patches/ecj/jaxws-getdtdtype.patch
--- a/patches/ecj/jaxws-getdtdtype.patch Tue Jan 31 12:36:36 2012 +0000
+++ b/patches/ecj/jaxws-getdtdtype.patch Mon Feb 20 16:05:07 2012 +0000
@@ -5,8 +5,8 @@
patches.dir=patches
# Patches to apply
--jaxws_src.patch.list=7013971.patch xjc.patch
-+jaxws_src.patch.list=7013971.patch xjc.patch getdtdtype.patch
+-jaxws_src.patch.list=xjc.patch
++jaxws_src.patch.list=xjc.patch getdtdtype.patch
# Sanity information
sanity.info= Sanity Settings:${line.separator}\
diff -r a5c946d5f4bc -r 9543acd2586e patches/security/20120214/7082299.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20120214/7082299.patch Mon Feb 20 16:05:07 2012 +0000
@@ -0,0 +1,201 @@
+# HG changeset patch
+# User robm
+# Date 1322691030 0
+# Node ID ee0f12b18cb8d20c3fb61e96817bde6318a29221
+# Parent dd8956e41b892ed7102e1d5668781f2c68ea9ac5
+7082299: AtomicReferenceArray should ensure that array is Object[]
+Summary: java.util.concurrent.AtomicReferenceArray needs to ensure that internal array is always Object[].
+Reviewed-by: chegar, coffeys
+
+diff --git a/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java b/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
+--- openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
++++ openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
+@@ -34,8 +34,9 @@
+ */
+
+ package java.util.concurrent.atomic;
++import java.lang.reflect.Array;
++import java.util.Arrays;
+ import sun.misc.Unsafe;
+-import java.util.*;
+
+ /**
+ * An array of object references in which elements may be updated
+@@ -49,15 +50,37 @@ public class AtomicReferenceArray<E> imp
+ public class AtomicReferenceArray<E> implements java.io.Serializable {
+ private static final long serialVersionUID = -6209656149925076980L;
+
+- private static final Unsafe unsafe = Unsafe.getUnsafe();
+- private static final int base = unsafe.arrayBaseOffset(Object[].class);
+- private static final int scale = unsafe.arrayIndexScale(Object[].class);
+- private final Object[] array;
++ private static final Unsafe unsafe;
++ private static final int base;
++ private static final int shift;
++ private static final long arrayFieldOffset;
++ private final Object[] array; // must have exact type Object[]
+
+- private long rawIndex(int i) {
++ static {
++ int scale;
++ try {
++ unsafe = Unsafe.getUnsafe();
++ arrayFieldOffset = unsafe.objectFieldOffset
++ (AtomicReferenceArray.class.getDeclaredField("array"));
++ base = unsafe.arrayBaseOffset(Object[].class);
++ scale = unsafe.arrayIndexScale(Object[].class);
++ } catch (Exception e) {
++ throw new Error(e);
++ }
++ if ((scale & (scale - 1)) != 0)
++ throw new Error("data type scale not a power of two");
++ shift = 31 - Integer.numberOfLeadingZeros(scale);
++ }
++
++ private long checkedByteOffset(int i) {
+ if (i < 0 || i >= array.length)
+ throw new IndexOutOfBoundsException("index " + i);
+- return base + (long) i * scale;
++
++ return byteOffset(i);
++ }
++
++ private static long byteOffset(int i) {
++ return ((long) i << shift) + base;
+ }
+
+ /**
+@@ -66,9 +89,6 @@ public class AtomicReferenceArray<E> imp
+ */
+ public AtomicReferenceArray(int length) {
+ array = new Object[length];
+- // must perform at least one volatile write to conform to JMM
+- if (length > 0)
+- unsafe.putObjectVolatile(array, rawIndex(0), null);
+ }
+
+ /**
+@@ -79,18 +99,8 @@ public class AtomicReferenceArray<E> imp
+ * @throws NullPointerException if array is null
+ */
+ public AtomicReferenceArray(E[] array) {
+- if (array == null)
+- throw new NullPointerException();
+- int length = array.length;
+- this.array = new Object[length];
+- if (length > 0) {
+- int last = length-1;
+- for (int i = 0; i < last; ++i)
+- this.array[i] = array[i];
+- // Do the last write as volatile
+- E e = array[last];
+- unsafe.putObjectVolatile(this.array, rawIndex(last), e);
+- }
++ // Visibility guaranteed by final field guarantees
++ this.array = Arrays.copyOf(array, array.length, Object[].class);
+ }
+
+ /**
+@@ -109,7 +119,11 @@ public class AtomicReferenceArray<E> imp
+ * @return the current value
+ */
+ public final E get(int i) {
+- return (E) unsafe.getObjectVolatile(array, rawIndex(i));
++ return getRaw(checkedByteOffset(i));
++ }
++
++ private E getRaw(long offset) {
++ return (E) unsafe.getObjectVolatile(array, offset);
+ }
+
+ /**
+@@ -119,7 +133,7 @@ public class AtomicReferenceArray<E> imp
+ * @param newValue the new value
+ */
+ public final void set(int i, E newValue) {
+- unsafe.putObjectVolatile(array, rawIndex(i), newValue);
++ unsafe.putObjectVolatile(array, checkedByteOffset(i), newValue);
+ }
+
+ /**
+@@ -130,7 +144,7 @@ public class AtomicReferenceArray<E> imp
+ * @since 1.6
+ */
+ public final void lazySet(int i, E newValue) {
+- unsafe.putOrderedObject(array, rawIndex(i), newValue);
++ unsafe.putOrderedObject(array, checkedByteOffset(i), newValue);
+ }
+
+
+@@ -143,9 +157,10 @@ public class AtomicReferenceArray<E> imp
+ * @return the previous value
+ */
+ public final E getAndSet(int i, E newValue) {
++ long offset = checkedByteOffset(i);
+ while (true) {
+- E current = get(i);
+- if (compareAndSet(i, current, newValue))
++ E current = getRaw(offset);
++ if (compareAndSetRaw(offset, current, newValue))
+ return current;
+ }
+ }
+@@ -153,6 +168,7 @@ public class AtomicReferenceArray<E> imp
+ /**
+ * Atomically sets the element at position {@code i} to the given
+ * updated value if the current value {@code ==} the expected value.
++ *
+ * @param i the index
+ * @param expect the expected value
+ * @param update the new value
+@@ -160,8 +176,11 @@ public class AtomicReferenceArray<E> imp
+ * the actual value was not equal to the expected value.
+ */
+ public final boolean compareAndSet(int i, E expect, E update) {
+- return unsafe.compareAndSwapObject(array, rawIndex(i),
+- expect, update);
++ return compareAndSetRaw(checkedByteOffset(i), expect, update);
++ }
++
++ private boolean compareAndSetRaw(long offset, E expect, E update) {
++ return unsafe.compareAndSwapObject(array, offset, expect, update);
+ }
+
+ /**
+@@ -186,9 +205,33 @@ public class AtomicReferenceArray<E> imp
+ * @return the String representation of the current values of array.
+ */
+ public String toString() {
+- if (array.length > 0) // force volatile read
+- get(0);
+- return Arrays.toString(array);
++ int iMax = array.length - 1;
++ if (iMax == -1)
++ return "[]";
++
++ StringBuilder b = new StringBuilder();
++ b.append('[');
++ for (int i = 0; ; i++) {
++ b.append(getRaw(byteOffset(i)));
++ if (i == iMax)
++ return b.append(']').toString();
++ b.append(',').append(' ');
++ }
++ }
++
++ /**
++ * Reconstitutes the instance from a stream (that is, deserializes it).
++ * @param s the stream
++ */
++ private void readObject(java.io.ObjectInputStream s)
++ throws java.io.IOException, ClassNotFoundException {
++ // Note: This must be changed if any additional fields are defined
++ Object a = s.readFields().get("array", null);
++ if (a == null || !a.getClass().isArray())
++ throw new java.io.InvalidObjectException("Not array type");
++ if (a.getClass() != Object[].class)
++ a = Arrays.copyOf((Object[])a, Array.getLength(a), Object[].class);
++ unsafe.putObjectVolatile(this, arrayFieldOffset, a);
+ }
+
+ }
diff -r a5c946d5f4bc -r 9543acd2586e patches/security/20120214/7088367.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20120214/7088367.patch Mon Feb 20 16:05:07 2012 +0000
@@ -0,0 +1,45 @@
+# HG changeset patch
+# User amenkov
+# Date 1319622989 -14400
+# Node ID b34a3ed0c8f2f6b9121d38ed330430d913f8a385
+# Parent cdc68d7a17dd412402b100dc427abbe0a90cf2ab
+7088367: JavaSound security issue (12865443)
+Reviewed-by: denis
+
+diff --git a/src/share/classes/com/sun/media/sound/DirectAudioDevice.java b/src/share/classes/com/sun/media/sound/DirectAudioDevice.java
+--- openjdk/jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java
++++ openjdk/jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java
+@@ -771,7 +771,7 @@ class DirectAudioDevice extends Abstract
+ if (off < 0) {
+ throw new ArrayIndexOutOfBoundsException(off);
+ }
+- if (off + len > b.length) {
++ if ((long)off + (long)len > (long)b.length) {
+ throw new ArrayIndexOutOfBoundsException(b.length);
+ }
+
+@@ -1000,7 +1000,7 @@ class DirectAudioDevice extends Abstract
+ if (off < 0) {
+ throw new ArrayIndexOutOfBoundsException(off);
+ }
+- if (off + len > b.length) {
++ if ((long)off + (long)len > (long)b.length) {
+ throw new ArrayIndexOutOfBoundsException(b.length);
+ }
+ if (!isActive() && doIO) {
+diff --git a/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java b/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java
+--- openjdk/jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java
++++ openjdk/jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java
+@@ -130,6 +130,12 @@ public class SoftMixingSourceDataLine ex
+ if (len % framesize != 0)
+ throw new IllegalArgumentException(
+ "Number of bytes does not represent an integral number of sample frames.");
++ if (off < 0) {
++ throw new ArrayIndexOutOfBoundsException(off);
++ }
++ if ((long)off + (long)len > (long)b.length) {
++ throw new ArrayIndexOutOfBoundsException(b.length);
++ }
+
+ byte[] buff = cycling_buffer;
+ int buff_len = cycling_buffer.length;
diff -r a5c946d5f4bc -r 9543acd2586e patches/security/20120214/7110683.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20120214/7110683.patch Mon Feb 20 16:05:07 2012 +0000
@@ -0,0 +1,170 @@
+# HG changeset patch
+# User skoppar
+# Date 1324575564 28800
+# Node ID e05eb7bee1ce0a44f3e414454e44cd49d77ba9de
+# Parent bfaa99d5bef813217cdbc6eddcdd511cf53327e7
+7110683: Issues with some KeyboardFocusManager method
+7116384: backout the unallowed changes in the KeyboardFocusManager.java javadoc
+Reviewed-by: ant
+
+diff --git a/src/share/classes/java/awt/KeyboardFocusManager.java b/src/share/classes/java/awt/KeyboardFocusManager.java
+--- openjdk/jdk/src/share/classes/java/awt/KeyboardFocusManager.java
++++ openjdk/jdk/src/share/classes/java/awt/KeyboardFocusManager.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2000, 2007, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -476,14 +476,8 @@ public abstract class KeyboardFocusManag
+ */
+ protected Component getGlobalFocusOwner() throws SecurityException {
+ synchronized (KeyboardFocusManager.class) {
+- if (this == getCurrentKeyboardFocusManager()) {
+- return focusOwner;
+- } else {
+- if (focusLog.isLoggable(Level.FINER)) {
+- focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+- }
+- throw new SecurityException(notPrivileged);
+- }
++ checkCurrentKFMSecurity();
++ return focusOwner;
+ }
+ }
+
+@@ -517,6 +511,7 @@ public abstract class KeyboardFocusManag
+
+ if (focusOwner == null || focusOwner.isFocusable()) {
+ synchronized (KeyboardFocusManager.class) {
++ checkCurrentKFMSecurity();
+ oldFocusOwner = getFocusOwner();
+
+ try {
+@@ -566,6 +561,10 @@ public abstract class KeyboardFocusManag
+ * @see java.awt.event.FocusEvent#FOCUS_LOST
+ */
+ public void clearGlobalFocusOwner() {
++ synchronized (KeyboardFocusManager.class) {
++ checkCurrentKFMSecurity();
++ }
++
+ if (!GraphicsEnvironment.isHeadless()) {
+ // Toolkit must be fully initialized, otherwise
+ // _clearGlobalFocusOwner will crash or throw an exception
+@@ -645,14 +644,8 @@ public abstract class KeyboardFocusManag
+ throws SecurityException
+ {
+ synchronized (KeyboardFocusManager.class) {
+- if (this == getCurrentKeyboardFocusManager()) {
+- return permanentFocusOwner;
+- } else {
+- if (focusLog.isLoggable(Level.FINER)) {
+- focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+- }
+- throw new SecurityException(notPrivileged);
+- }
++ checkCurrentKFMSecurity();
++ return permanentFocusOwner;
+ }
+ }
+
+@@ -688,6 +681,7 @@ public abstract class KeyboardFocusManag
+
+ if (permanentFocusOwner == null || permanentFocusOwner.isFocusable()) {
+ synchronized (KeyboardFocusManager.class) {
++ checkCurrentKFMSecurity();
+ oldPermanentFocusOwner = getPermanentFocusOwner();
+
+ try {
+@@ -753,14 +747,8 @@ public abstract class KeyboardFocusManag
+ */
+ protected Window getGlobalFocusedWindow() throws SecurityException {
+ synchronized (KeyboardFocusManager.class) {
+- if (this == getCurrentKeyboardFocusManager()) {
+- return focusedWindow;
+- } else {
+- if (focusLog.isLoggable(Level.FINER)) {
+- focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+- }
+- throw new SecurityException(notPrivileged);
+- }
More information about the distro-pkg-dev
mailing list