/hg/release/icedtea7-2.1: Add security patches.
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Feb 19 22:14:17 PST 2013
changeset 421a34013779 in /hg/release/icedtea7-2.1
details: http://icedtea.classpath.org/hg/release/icedtea7-2.1?cmd=changeset;node=421a34013779
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Wed Feb 20 06:14:09 2013 +0000
Add security patches.
2013-02-20 Andrew John Hughes <gnu.andrew at member.fsf.org>
* Makefile.am,
(HOTSPOT_CHANGESET): Update to IcedTea7 2.1 forest head,
bringing in latest security updates.
(HOTSPOT_CHANGESET): Likewise.
(JAXP_CHANGESET): Likewise.
(JAXWS_CHANGESET): Likewise.
(JDK_CHANGESET): Likewise.
(LANGTOOLS_CHANGESET): Likewise.
(OPENJDK_CHANGESET): Likewise.
(HOTSPOT_SHA256SUM): Likewise.
(CORBA_SHA256SUM): Likewise.
(JAXP_SHA256SUM): Likewise.
(JAXWS_SHA256SUM): Likewise.
(JDK_SHA256SUM): Likewise.
(LANGTOOLS_SHA256SUM): Likewise.
(OPENJDK_SHA256SUM): Likewise.
* patches/boot/ecj-diamond.patch,
* patches/boot/ecj-multicatch.patch:
Add additional case for UntrustedCertificates
class introduced by 7123519.
* patches/boot/ecj-stringswitch.patch:
Update MethodHandleNatives case.
* patches/boot/ecj-trywithresources.patch:
Same issue as diamond & multicatch.
diffstat:
ChangeLog | 27 ++++++++++++++++++++++++
Makefile.am | 28 ++++++++++++------------
patches/boot/ecj-diamond.patch | 11 ++++++++++
patches/boot/ecj-multicatch.patch | 15 +++++++++++++
patches/boot/ecj-stringswitch.patch | 19 +++++++++++++---
patches/boot/ecj-trywithresources.patch | 36 +++++++++++++++++++++++++++++++++
6 files changed, 118 insertions(+), 18 deletions(-)
diffs (210 lines):
diff -r c18375e2aaef -r 421a34013779 ChangeLog
--- a/ChangeLog Thu Feb 14 00:47:41 2013 +0000
+++ b/ChangeLog Wed Feb 20 06:14:09 2013 +0000
@@ -1,3 +1,30 @@
+2013-02-20 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ * Makefile.am,
+ (HOTSPOT_CHANGESET): Update to IcedTea7 2.1 forest head,
+ bringing in latest security updates.
+ (HOTSPOT_CHANGESET): Likewise.
+ (JAXP_CHANGESET): Likewise.
+ (JAXWS_CHANGESET): Likewise.
+ (JDK_CHANGESET): Likewise.
+ (LANGTOOLS_CHANGESET): Likewise.
+ (OPENJDK_CHANGESET): Likewise.
+ (HOTSPOT_SHA256SUM): Likewise.
+ (CORBA_SHA256SUM): Likewise.
+ (JAXP_SHA256SUM): Likewise.
+ (JAXWS_SHA256SUM): Likewise.
+ (JDK_SHA256SUM): Likewise.
+ (LANGTOOLS_SHA256SUM): Likewise.
+ (OPENJDK_SHA256SUM): Likewise.
+ * patches/boot/ecj-diamond.patch,
+ * patches/boot/ecj-multicatch.patch:
+ Add additional case for UntrustedCertificates
+ class introduced by 7123519.
+ * patches/boot/ecj-stringswitch.patch:
+ Update MethodHandleNatives case.
+ * patches/boot/ecj-trywithresources.patch:
+ Same issue as diamond & multicatch.
+
2013-02-13 Andrew John Hughes <gnu.andrew at member.fsf.org>
* configure.ac: Bump to 2.1.6pre.
diff -r c18375e2aaef -r 421a34013779 Makefile.am
--- a/Makefile.am Thu Feb 14 00:47:41 2013 +0000
+++ b/Makefile.am Wed Feb 20 06:14:09 2013 +0000
@@ -4,21 +4,21 @@
JDK_UPDATE_VERSION = 03
COMBINED_VERSION = $(JDK_UPDATE_VERSION)-$(OPENJDK_VERSION)
-HOTSPOT_CHANGESET = 32569b4d36f4
-CORBA_CHANGESET = fb02b0451c09
-JAXP_CHANGESET = c4bf68441a8d
-JAXWS_CHANGESET = 5c2f1241ceac
-JDK_CHANGESET = 833c87b29994
-LANGTOOLS_CHANGESET = e351b6e580c2
-OPENJDK_CHANGESET = 9806157f99d2
+HOTSPOT_CHANGESET = d8b22e079abe
+CORBA_CHANGESET = 4afc0be5b3c6
+JAXP_CHANGESET = efa047bf59e9
+JAXWS_CHANGESET = 52bbe659af64
+JDK_CHANGESET = 78fbbfe20edb
+LANGTOOLS_CHANGESET = ac6983a8bd4a
+OPENJDK_CHANGESET = 7de37e3bcca6
-HOTSPOT_SHA256SUM = 455be170dcea6edbc9c74f9d67308bb6a1f39dadda0267e7d73ea6af3043f60c
-CORBA_SHA256SUM = 84c753fda3ad9d22c5e83d090a9aeaf86a81df240abb634d364cd2cf4a221ef4
-JAXP_SHA256SUM = dac77699dd7cd2efd7b0db620dddbff5e2a74e0ea6164a04fc0345fd13f9bdcc
-JAXWS_SHA256SUM = 11f7f159d5afae960223c4aea12c73021365699ae37c16286617700a7fdc2eb4
-JDK_SHA256SUM = 3084038ef84baa3bc42853894a4310da6a413e5221c2a97563f451b440926910
-LANGTOOLS_SHA256SUM = df8eb56f125d568ec11218fa372bed8d7bdcc608803d3568f398ef4231d5204d
-OPENJDK_SHA256SUM = 3f48f1e79dcb50fe80707a14c0559b2d91fcaa9305182151d11b7452292e618c
+HOTSPOT_SHA256SUM = 28883ebefcfff1ba8b356a7fabf8e449c25fe7fffe1d563f1f58f887100063f0
+CORBA_SHA256SUM = 813e02861d89147c0547f4608fe69b0abd153cf548bf1f21ef9d16ea0a6d683e
+JAXP_SHA256SUM = 20d745c58117d1eaa061edb689bb7569b512ac8fb3d0f3518b5fa8b17ba7012e
+JAXWS_SHA256SUM = d8acabf54c1a4fe02e45ac4bdfe1ff9f3e7a3abc12884fcacd580bce9063a7c5
+JDK_SHA256SUM = 7eeee7d8479f97ab0eb66be3845224b8b4073de8829ed819175faf9ca2f3b5ca
+LANGTOOLS_SHA256SUM = 47db36264b345939176d1a5f36df84ad56d7fae76ce647ea1b619f7df0eb1eda
+OPENJDK_SHA256SUM = a856008db052b7f7ec4b466eee117fcc72229531136f71d4dd712c2f6e71cbd6
CACAO_VERSION = a567bcb7f589
CACAO_SHA256SUM = d49f79debc131a5694cae6ab3ba2864e7f3249ee8d9dc09aae8afdd4dc6b09f9
diff -r c18375e2aaef -r 421a34013779 patches/boot/ecj-diamond.patch
--- a/patches/boot/ecj-diamond.patch Thu Feb 14 00:47:41 2013 +0000
+++ b/patches/boot/ecj-diamond.patch Wed Feb 20 06:14:09 2013 +0000
@@ -6070,3 +6070,14 @@
List<Thread> threads = new ArrayList<Thread>();
for (int i = 0; i < threadCount; i++) {
RandomCollector r = new RandomCollector();
+--- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:35:55.724227856 +0000
++++ openjdk-boot/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:36:16.596559015 +0000
+@@ -42,7 +42,7 @@
+ */
+ public final class UntrustedCertificates {
+
+- private final static Set<X509Certificate> untrustedCerts = new HashSet<>();
++ private final static Set<X509Certificate> untrustedCerts = new HashSet<X509Certificate>();
+
+ /**
+ * Checks if a certificate is untrusted.
diff -r c18375e2aaef -r 421a34013779 patches/boot/ecj-multicatch.patch
--- a/patches/boot/ecj-multicatch.patch Thu Feb 14 00:47:41 2013 +0000
+++ b/patches/boot/ecj-multicatch.patch Wed Feb 20 06:14:09 2013 +0000
@@ -130,3 +130,18 @@
throw new AssertionError(x);
}
}
+diff -Nru openjdk-boot.orig/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java openjdk-boot/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java
+--- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:34:29.274856281 +0000
++++ openjdk-boot/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:34:52.071217958 +0000
+@@ -65,7 +65,10 @@
+ throw new RuntimeException("Duplicate untrusted certificate: " +
+ cert.getSubjectX500Principal());
+ }
+- } catch (CertificateException | IOException e) {
++ } catch (IOException e) {
++ throw new RuntimeException(
++ "Incorrect untrusted certificate: " + alias, e);
++ } catch (CertificateException e) {
+ throw new RuntimeException(
+ "Incorrect untrusted certificate: " + alias, e);
+ }
diff -r c18375e2aaef -r 421a34013779 patches/boot/ecj-stringswitch.patch
--- a/patches/boot/ecj-stringswitch.patch Thu Feb 14 00:47:41 2013 +0000
+++ b/patches/boot/ecj-stringswitch.patch Wed Feb 20 06:14:09 2013 +0000
@@ -304,15 +304,20 @@
diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java
--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2013-01-14 22:25:02.000000000 +0000
+++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2013-01-15 02:19:34.315049222 +0000
-@@ -411,104 +411,99 @@
+@@ -411,111 +411,106 @@
static boolean isCallerSensitive(MemberName mem) {
- assert(mem.isInvocable());
+ if (!mem.isInvocable()) return false; // fields are not caller sensitive
Class<?> defc = mem.getDeclaringClass();
- switch (mem.getName()) {
- case "doPrivileged":
+- case "doPrivilegedWithCombiner":
+ String memName = mem.getName();
-+ if ("doPrivileged".equals(memName)) {
++ if ("doPrivileged".equals(memName) ||
++ "doPrivilegedWithCombiner".equals(memName)) {
return defc == java.security.AccessController.class;
+- case "checkMemberAccess":
++ } else if ("checkMemberAccess".equals(memName)) {
+ return canBeCalledVirtual(mem, java.lang.SecurityManager.class);
- case "getUnsafe":
+ } else if ("getUnsafe".equals(memName)) {
return defc == sun.misc.Unsafe.class;
@@ -442,7 +447,7 @@
- break;
- case "getContextClassLoader":
+ } else if ("getContextClassLoader".equals(memName)) {
- return defc == java.lang.Thread.class;
+ return canBeCalledVirtual(mem, java.lang.Thread.class);
- case "getPackage":
- case "getPackages":
+ } else if ("getPackage".equals(memName) ||
@@ -468,11 +473,17 @@
- case "getCallerClassLoader":
+ } else if ("getCallerClassLoader".equals(memName)) {
return defc == java.lang.ClassLoader.class;
+- case "registerAsParallelCapable":
++ } else if ("registerAsParallelCapable".equals(memName)) {
+ return canBeCalledVirtual(mem, java.lang.ClassLoader.class);
- case "getProxyClass":
- case "newProxyInstance":
+ } else if ("getProxyClass".equals(memName) ||
+ "newProxyInstance".equals(memName)) {
return defc == java.lang.reflect.Proxy.class;
+- case "asInterfaceInstance":
++ } else if ("asInterfaceInstance".equals(memName)) {
+ return defc == java.lang.invoke.MethodHandleProxies.class;
- case "getBundle":
- case "clearCache":
+ } else if ("getBundle".equals(memName) ||
diff -r c18375e2aaef -r 421a34013779 patches/boot/ecj-trywithresources.patch
--- a/patches/boot/ecj-trywithresources.patch Thu Feb 14 00:47:41 2013 +0000
+++ b/patches/boot/ecj-trywithresources.patch Wed Feb 20 06:14:09 2013 +0000
@@ -941,3 +941,39 @@
} catch (IOException x) {
}
return result;
+--- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:33:00.545448559 +0000
++++ openjdk-boot/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 05:18:03.320280934 +0000
+@@ -56,8 +56,9 @@
+
+ private static void add(String alias, String pemCert) {
+ // generate certificate from PEM certificate
+- try (ByteArrayInputStream is =
+- new ByteArrayInputStream(pemCert.getBytes())) {
++ ByteArrayInputStream is = null;
++ try {
++ is = new ByteArrayInputStream(pemCert.getBytes());
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate)cf.generateCertificate(is);
+
+@@ -65,13 +66,17 @@
+ throw new RuntimeException("Duplicate untrusted certificate: " +
+ cert.getSubjectX500Principal());
+ }
+- } catch (IOException e) {
+- throw new RuntimeException(
+- "Incorrect untrusted certificate: " + alias, e);
+ } catch (CertificateException e) {
+ throw new RuntimeException(
+ "Incorrect untrusted certificate: " + alias, e);
+- }
++ } finally {
++ if (is != null)
++ try { is.close(); }
++ catch (IOException e) {
++ throw new RuntimeException(
++ "Incorrect untrusted certificate: " + alias, e);
++ }
++ }
+ }
+
+ static {
More information about the distro-pkg-dev
mailing list