/hg/icedtea6: 5 new changesets

andrew at icedtea.classpath.org andrew at icedtea.classpath.org
Thu Mar 7 07:50:17 PST 2013


changeset 076acbb953a5 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=076acbb953a5
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Mar 06 19:28:09 2013 +0000

	Add LogManager regression fixes.

	2013-02-17  Andrew John Hughes  <gnu.andrew at redhat.com>

		* Makefile.am:
		(ICEDTEA_PATCHES): Add new patches.
		* patches/openjdk/8007393.patch,
		* patches/openjdk/8007611.patch:
		Regression fixes for LogManager.


changeset 1ecedefb66fa in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=1ecedefb66fa
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Mar 07 13:16:01 2013 +0000

	Add 2013/03/04 security patches.

	2013-03-07  Andrew John Hughes  <gnu.andrew at redhat.com>

		* Makefile.am:
		(SECURITY_PATCHES): List new patches.
		* patches/security/20130304/8007014.patch,
		* patches/security/20130304/8007675.patch:
		Patches from upstream.
		* patches/security/20130304/declaration_correction.patch:
		Correct bad code added to LCMSTransform.java
		which fails with ecj.


changeset 7088315fb75f in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=7088315fb75f
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Mar 07 13:21:49 2013 +0000

	Add 1.11.9 & 1.12.4 release notes.

	2013-03-07  Andrew John Hughes  <gnu.andrew at redhat.com>

		* NEWS:
		Add 1.11.9 & 1.12.4 release notes.


changeset 0f212e1c6cb4 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=0f212e1c6cb4
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Mar 07 15:48:35 2013 +0000

	S8009641: OpenJDK 6 build broken via 8007675 fix

	2013-03-07  Andrew John Hughes  <gnu.andrew at redhat.com>

		* patches/security/20130304/declaration_correction.patch:
		Remove local patch...
		* Makefile.am: Swap patches.
		* NEWS: Updated.
		* patches/openjdk/8009641-8007675_build_fix.patch:
		...replaced by this from upstream.


changeset e162a16dad26 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=e162a16dad26
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Mar 07 15:49:50 2013 +0000

	Sync hs23 build with IcedTea7 2.3.  Only changes are release tags.

	2013-03-07  Andrew John Hughes  <gnu.andrew at redhat.com>

		* hotspot.map: Sync with IcedTea7 2.3 tree;
		only changes are new release tags.


diffstat:

 ChangeLog                                       |   38 +
 Makefile.am                                     |    9 +-
 NEWS                                            |   14 +
 hotspot.map                                     |    2 +-
 patches/openjdk/8007393.patch                   |   78 +++
 patches/openjdk/8007611.patch                   |   24 +
 patches/openjdk/8009641-8007675_build_fix.patch |   49 ++
 patches/security/20130304/8007014.patch         |  477 ++++++++++++++++++++++++
 patches/security/20130304/8007675.patch         |  416 ++++++++++++++++++++
 9 files changed, 1104 insertions(+), 3 deletions(-)

diffs (truncated from 1169 to 500 lines):

diff -r 9389cc43b7b8 -r e162a16dad26 ChangeLog
--- a/ChangeLog	Wed Mar 06 19:22:19 2013 +0000
+++ b/ChangeLog	Thu Mar 07 15:49:50 2013 +0000
@@ -1,3 +1,41 @@
+2013-03-07  Andrew John Hughes  <gnu.andrew at redhat.com>
+
+	* hotspot.map: Sync with IcedTea7 2.3 tree;
+	only changes are new release tags.
+
+2013-03-07  Andrew John Hughes  <gnu.andrew at redhat.com>
+
+	* patches/security/20130304/declaration_correction.patch:
+	Remove local patch...
+	* Makefile.am: Swap patches.
+	* NEWS: Updated.
+	* patches/openjdk/8009641-8007675_build_fix.patch:
+	...replaced by this from upstream.
+
+2013-03-07  Andrew John Hughes  <gnu.andrew at redhat.com>
+
+	* NEWS:
+	Add 1.11.9 & 1.12.4 release notes.
+
+2013-03-07  Andrew John Hughes  <gnu.andrew at redhat.com>
+
+	* Makefile.am:
+	(SECURITY_PATCHES): List new patches.
+	* patches/security/20130304/8007014.patch,
+	* patches/security/20130304/8007675.patch:
+	Patches from upstream.
+	* patches/security/20130304/declaration_correction.patch:
+	Correct bad code added to LCMSTransform.java
+	which fails with ecj.
+
+2013-02-17  Andrew John Hughes  <gnu.andrew at redhat.com>
+
+	* Makefile.am:
+	(ICEDTEA_PATCHES): Add new patches.
+	* patches/openjdk/8007393.patch,
+	* patches/openjdk/8007611.patch:
+	Regression fixes for LogManager.
+
 2013-02-15  Andrew John Hughes  <gnu.andrew at redhat.com>
 
 	* Makefile.am:
diff -r 9389cc43b7b8 -r e162a16dad26 Makefile.am
--- a/Makefile.am	Wed Mar 06 19:22:19 2013 +0000
+++ b/Makefile.am	Thu Mar 07 15:49:50 2013 +0000
@@ -276,7 +276,10 @@
 	patches/security/20130201/8001235.patch \
 	patches/security/20130219/8006446.patch \
 	patches/security/20130219/8006777.patch \
-	patches/security/20130219/8007688.patch
+	patches/security/20130219/8007688.patch \
+	patches/security/20130304/8007014.patch \
+	patches/security/20130304/8007675.patch \
+	patches/openjdk/8009641-8007675_build_fix.patch
 
 if !WITH_ALT_HSBUILD
 SECURITY_PATCHES += \
@@ -473,7 +476,9 @@
 	patches/traceable.patch \
 	patches/openjdk/8005615-failure_to_load_logger_implementation.patch \
 	patches/openjdk/8004341-jck_dialog_failure.patch \
-	patches/pr1319-support_giflib_5.patch
+	patches/pr1319-support_giflib_5.patch \
+	patches/openjdk/8007393.patch \
+	patches/openjdk/8007611.patch
 
 if WITH_ALT_HSBUILD
 ICEDTEA_PATCHES += \
diff -r 9389cc43b7b8 -r e162a16dad26 NEWS
--- a/NEWS	Wed Mar 06 19:22:19 2013 +0000
+++ b/NEWS	Thu Mar 07 15:49:50 2013 +0000
@@ -14,9 +14,23 @@
 
 * New features
   - PR1317: Provide an option to build with a more up-to-date HotSpot
+* Backports
+  - S8009641: OpenJDK 6 build broken via 8007675 fix
 * Bug fixes
   - PR1318: Fix automatic enabling of the Zero build on non-JIT architectures which don't use CACAO or JamVM.
 
+New in release 1.12.4 (2013-03-04):
+
+* Security fixes
+  - S8007014, CVE-2013-0809: Improve image handling
+  - S8007675, CVE-2013-1493: Improve color conversion
+
+New in release 1.11.9 (2013-03-04):
+
+* Security fixes
+  - S8007014, CVE-2013-0809: Improve image handling
+  - S8007675, CVE-2013-1493: Improve color conversion
+
 New in release 1.12.3 (2013-02-19):
 
 * Security fixes
diff -r 9389cc43b7b8 -r e162a16dad26 hotspot.map
--- a/hotspot.map	Wed Mar 06 19:22:19 2013 +0000
+++ b/hotspot.map	Thu Mar 07 15:49:50 2013 +0000
@@ -1,2 +1,2 @@
 # version url changeset sha256sum
-hs23 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/hotspot bc0de5a0ece2 4b571c99b9dfdca6e8456a7d0d47eedb1a8e3c4863322cc853f959b1cb4bc068
+hs23 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/hotspot a152dced63a1 eac2313e3012653afa7549257765d56e4348c775363eee0733968d32a7c1eeae
diff -r 9389cc43b7b8 -r e162a16dad26 patches/openjdk/8007393.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/8007393.patch	Thu Mar 07 15:49:50 2013 +0000
@@ -0,0 +1,78 @@
+
+# HG changeset patch
+# User coffeys
+# Date 1360860659 0
+# Node ID 828b93329939ec20530ed98f42b2966b2ea53048
+# Parent cff0241d217f7b463d58ddcd0add8d41de9eb280
+8007393: Possible race condition after JDK-6664509
+Reviewed-by: mchung
+
+--- openjdk/jdk/src/share/classes/java/util/logging/LogManager.java	Tue Feb 05 23:33:50 2013 +0000
++++ openjdk/jdk/src/share/classes/java/util/logging/LogManager.java	Thu Feb 14 16:50:59 2013 +0000
+@@ -411,7 +411,40 @@ public class LogManager {
+     }
+ 
+     Logger demandSystemLogger(String name, String resourceBundleName) {
+-        return systemContext.demandLogger(name, resourceBundleName);
++        // Add a system logger in the system context's namespace
++        final Logger sysLogger = systemContext.demandLogger(name, resourceBundleName);
++
++        // Add the system logger to the LogManager's namespace if not exist
++        // so that there is only one single logger of the given name.
++        // System loggers are visible to applications unless a logger of
++        // the same name has been added.
++        Logger logger;
++        do {
++            // First attempt to call addLogger instead of getLogger
++            // This would avoid potential bug in custom LogManager.getLogger
++            // implementation that adds a logger if not exists
++            if (addLogger(sysLogger)) {
++                // successfully added the new system logger
++                logger = sysLogger;
++            } else {
++                logger = getLogger(name);
++            }
++        } while (logger == null);
++
++        // LogManager will set the sysLogger's handlers via LogManager.addLogger method.
++        if (logger != sysLogger && sysLogger.getHandlers().length == 0) {
++            // if logger already exists but handlers not set
++           final Logger l = logger;
++            AccessController.doPrivileged(new PrivilegedAction<Void>() {
++                public Void run() {
++                    for (Handler hdl : l.getHandlers()) {
++                        sysLogger.addHandler(hdl);
++                    }
++                    return null;
++                }
++            });
++        }
++        return sysLogger;
+     }
+ 
+     // LoggerContext maintains the logger namespace per context.
+@@ -619,22 +652,7 @@ public class LogManager {
+                     }
+                 } while (result == null);
+             }
+-            // Add the system logger to the LogManager's namespace if not exists
+-            // The LogManager will set its handlers via the LogManager.addLogger method.
+-            if (!manager.addLogger(result) && result.getHandlers().length == 0) {
+-                // if logger already exists but handlers not set
+-                final Logger l = manager.getLogger(name);
+-                final Logger logger = result;
+-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
+-                    public Void run() {
+-                        for (Handler hdl : l.getHandlers()) {
+-                            logger.addHandler(hdl);
+-                        }
+-                        return null;
+-                    }
+-                });
+-            }
+-          return result;
++            return result;
+         }
+     }
+ 
+
diff -r 9389cc43b7b8 -r e162a16dad26 patches/openjdk/8007611.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/8007611.patch	Thu Mar 07 15:49:50 2013 +0000
@@ -0,0 +1,24 @@
+
+# HG changeset patch
+# User coffeys
+# Date 1360861865 0
+# Node ID 25e83b78298b71abb46eb5a337ed7bddef418ca4
+# Parent 828b93329939ec20530ed98f42b2966b2ea53048
+8007611: logging behavior in applet changed
+Reviewed-by: mchung
+
+--- openjdk/jdk/src/share/classes/java/util/logging/LogManager.java	Thu Feb 14 16:50:59 2013 +0000
++++ openjdk/jdk/src/share/classes/java/util/logging/LogManager.java	Thu Feb 14 17:11:05 2013 +0000
+@@ -351,7 +351,10 @@ public class LogManager {
+                         context = userContext;
+                     } else {
+                         context = new LoggerContext();
+-                        context.addLocalLogger(manager.rootLogger);
++                        // during initialization, rootLogger is null when
++                        // instantiating itself RootLogger
++                        if (manager.rootLogger != null)
++                            context.addLocalLogger(manager.rootLogger);
+                     }
+                     javaAwtAccess.put(ecx, LoggerContext.class, context);
+                 }
+
diff -r 9389cc43b7b8 -r e162a16dad26 patches/openjdk/8009641-8007675_build_fix.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/8009641-8007675_build_fix.patch	Thu Mar 07 15:49:50 2013 +0000
@@ -0,0 +1,49 @@
+# HG changeset patch
+# User bae
+# Date 1362669637 -10800
+# Node ID c73944a23b44ead9aa552ffaa4346bda08940ed3
+# Parent  9714f53ef17344fbcb6dc2249a7b238e6292f726
+8009641: OpenJDK 6 build broken via 8007675 fix
+Reviewed-by: andrew
+
+diff --git a/src/share/classes/sun/java2d/cmm/lcms/LCMSTransform.java b/src/share/classes/sun/java2d/cmm/lcms/LCMSTransform.java
+--- openjdk/jdk/src/share/classes/sun/java2d/cmm/lcms/LCMSTransform.java
++++ openjdk/jdk/src/share/classes/sun/java2d/cmm/lcms/LCMSTransform.java
+@@ -572,14 +572,14 @@
+                 dst, dst.length/getNumOutComponents(),
+                 LCMSImageLayout.CHANNELS_SH(getNumOutComponents()) |
+                 LCMSImageLayout.BYTES_SH(2), getNumOutComponents()*2);
++
++            synchronized(this) {
++                LCMS.colorConvert(this, srcIL, dstIL);
++            }
+         } catch (ImageLayoutException e) {
+             throw new CMMException("Unable to convert data");
+         }
+ 
+-        synchronized(this) {
+-            LCMS.colorConvert(this, srcIL, dstIL);
+-        }
+-
+         return dst;
+     }
+ 
+@@ -598,14 +598,14 @@
+                 dst, dst.length/getNumOutComponents(),
+                 LCMSImageLayout.CHANNELS_SH(getNumOutComponents()) |
+                 LCMSImageLayout.BYTES_SH(1), getNumOutComponents());
++
++            synchronized(this) {
++                LCMS.colorConvert(this, srcIL, dstIL);
++            }
+         } catch (ImageLayoutException e) {
+             throw new CMMException("Unable to convert data");
+         }
+ 
+-        synchronized(this) {
+-            LCMS.colorConvert(this, srcIL, dstIL);
+-        }
+-
+         return dst;
+     }
+ }
diff -r 9389cc43b7b8 -r e162a16dad26 patches/security/20130304/8007014.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20130304/8007014.patch	Thu Mar 07 15:49:50 2013 +0000
@@ -0,0 +1,477 @@
+# HG changeset patch
+# User bae
+# Date 1360857111 -14400
+# Node ID 44c99b68e36c57648829320843fbc77cf2d4c4d1
+# Parent  b8b3916e20ed651fa6ad9da6ae96b2548a13f96c
+8007014: Improve image handling
+Reviewed-by: prr, mschoene, jgodinez
+
+diff --git a/src/share/classes/sun/awt/image/ByteComponentRaster.java b/src/share/classes/sun/awt/image/ByteComponentRaster.java
+--- openjdk/jdk/src/share/classes/sun/awt/image/ByteComponentRaster.java
++++ openjdk/jdk/src/share/classes/sun/awt/image/ByteComponentRaster.java
+@@ -868,6 +868,15 @@
+      * or if data buffer has not enough capacity.
+      */
+     protected final void verify() {
++        /* Need to re-verify the dimensions since a sample model may be
++         * specified to the constructor
++         */
++        if (width <= 0 || height <= 0 ||
++            height > (Integer.MAX_VALUE / width))
++        {
++            throw new RasterFormatException("Invalid raster dimension");
++        }
++
+         for (int i = 0; i < dataOffsets.length; i++) {
+             if (dataOffsets[i] < 0) {
+                 throw new RasterFormatException("Data offsets for band " + i
+@@ -905,13 +914,14 @@
+         lastPixelOffset += lastScanOffset;
+ 
+         for (int i = 0; i < numDataElements; i++) {
+-            size = lastPixelOffset + dataOffsets[i];
+             if (dataOffsets[i] > (Integer.MAX_VALUE - lastPixelOffset)) {
+                 throw new RasterFormatException("Incorrect band offset: "
+                             + dataOffsets[i]);
+ 
+             }
+ 
++            size = lastPixelOffset + dataOffsets[i];
++
+             if (size > maxSize) {
+                 maxSize = size;
+             }
+diff --git a/src/share/classes/sun/awt/image/BytePackedRaster.java b/src/share/classes/sun/awt/image/BytePackedRaster.java
+--- openjdk/jdk/src/share/classes/sun/awt/image/BytePackedRaster.java
++++ openjdk/jdk/src/share/classes/sun/awt/image/BytePackedRaster.java
+@@ -1368,11 +1368,35 @@
+             throw new RasterFormatException("Data offsets must be >= 0");
+         }
+ 
++        /* Need to re-verify the dimensions since a sample model may be
++         * specified to the constructor
++         */
++        if (width <= 0 || height <= 0 ||
++            height > (Integer.MAX_VALUE / width))
++        {
++            throw new RasterFormatException("Invalid raster dimension");
++        }
++
++
++        /*
++         * pixelBitstride was verified in constructor, so just make
++         * sure that it is safe to multiply it by width.
++         */
++        if ((width - 1) > Integer.MAX_VALUE / pixelBitStride) {
++            throw new RasterFormatException("Invalid raster dimension");
++        }
++
++        if (scanlineStride < 0 ||
++            scanlineStride > (Integer.MAX_VALUE / height))
++        {
++            throw new RasterFormatException("Invalid scanline stride");
++        }
++
+         int lastbit = (dataBitOffset
+                        + (height-1) * scanlineStride * 8
+                        + (width-1) * pixelBitStride
+                        + pixelBitStride - 1);
+-        if (lastbit / 8 >= data.length) {
++        if (lastbit < 0 || lastbit / 8 >= data.length) {
+             throw new RasterFormatException("raster dimensions overflow " +
+                                             "array bounds");
+         }
+diff --git a/src/share/classes/sun/awt/image/IntegerComponentRaster.java b/src/share/classes/sun/awt/image/IntegerComponentRaster.java
+--- openjdk/jdk/src/share/classes/sun/awt/image/IntegerComponentRaster.java
++++ openjdk/jdk/src/share/classes/sun/awt/image/IntegerComponentRaster.java
+@@ -208,7 +208,7 @@
+                                             " SinglePixelPackedSampleModel");
+         }
+ 
+-        verify(false);
++        verify();
+     }
+ 
+ 
+@@ -629,16 +629,26 @@
+     }
+ 
+     /**
+-     * Verify that the layout parameters are consistent with
+-     * the data.  If strictCheck
+-     * is false, this method will check for ArrayIndexOutOfBounds conditions.  If
+-     * strictCheck is true, this method will check for additional error
+-     * conditions such as line wraparound (width of a line greater than
+-     * the scanline stride).
+-     * @return   String   Error string, if the layout is incompatible with
+-     *                    the data.  Otherwise returns null.
++     * Verify that the layout parameters are consistent with the data.
++     *
++     * The method verifies whether scanline stride and pixel stride do not
++     * cause an integer overflow during calculation of a position of the pixel
++     * in data buffer. It also verifies whether the data buffer has enough data
++     *  to correspond the raster layout attributes.
++     *
++     * @throws RasterFormatException if an integer overflow is detected,
++     * or if data buffer has not enough capacity.
+      */
+-    private void verify (boolean strictCheck) {
++    protected final void verify() {
++        /* Need to re-verify the dimensions since a sample model may be
++         * specified to the constructor
++         */
++        if (width <= 0 || height <= 0 ||
++            height > (Integer.MAX_VALUE / width))
++        {
++            throw new RasterFormatException("Invalid raster dimension");
++        }
++
+         if (dataOffsets[0] < 0) {
+             throw new RasterFormatException("Data offset ("+dataOffsets[0]+
+                                             ") must be >= 0");
+@@ -647,17 +657,46 @@
+         int maxSize = 0;
+         int size;
+ 
+-        for (int i=0; i < numDataElements; i++) {
+-            size = (height-1)*scanlineStride + (width-1)*pixelStride +
+-                dataOffsets[i];
++        // we can be sure that width and height are greater than 0
++        if (scanlineStride < 0 ||
++            scanlineStride > (Integer.MAX_VALUE / height))
++        {
++            // integer overflow
++            throw new RasterFormatException("Incorrect scanline stride: "
++                    + scanlineStride);
++        }
++        int lastScanOffset = (height - 1) * scanlineStride;
++
++        if (pixelStride < 0 ||
++            pixelStride > (Integer.MAX_VALUE / width))
++        {
++            // integer overflow
++            throw new RasterFormatException("Incorrect pixel stride: "
++                    + pixelStride);
++        }
++        int lastPixelOffset = (width - 1) * pixelStride;
++
++        if (lastPixelOffset > (Integer.MAX_VALUE - lastScanOffset)) {
++            // integer overflow
++            throw new RasterFormatException("Incorrect raster attributes");
++        }
++        lastPixelOffset += lastScanOffset;
++
++        for (int i = 0; i < numDataElements; i++) {
++            if (dataOffsets[i] > (Integer.MAX_VALUE - lastPixelOffset)) {
++                throw new RasterFormatException("Incorrect band offset: "
++                            + dataOffsets[i]);
++            }
++
++            size = lastPixelOffset + dataOffsets[i];
++
+             if (size > maxSize) {
+                 maxSize = size;
+             }
+         }
+         if (data.length < maxSize) {
+-            throw new RasterFormatException("Data array too small (should be "+
+-                                          maxSize
+-                                          +" but is "+data.length+" )");
++            throw new RasterFormatException("Data array too small (should be "
++                    + maxSize + " )");
+         }
+     }
+ 
+diff --git a/src/share/classes/sun/awt/image/IntegerInterleavedRaster.java b/src/share/classes/sun/awt/image/IntegerInterleavedRaster.java
+--- openjdk/jdk/src/share/classes/sun/awt/image/IntegerInterleavedRaster.java
++++ openjdk/jdk/src/share/classes/sun/awt/image/IntegerInterleavedRaster.java
+@@ -151,7 +151,7 @@
+             throw new RasterFormatException("IntegerInterleavedRasters must have"+
+                                             " SinglePixelPackedSampleModel");
+         }
+-        verify(false);
++        verify();
+     }
+ 
+ 
+@@ -540,31 +540,6 @@
+         return createCompatibleWritableRaster(width,height);
+     }
+ 
+-    /**
+-     * Verify that the layout parameters are consistent with
+-     * the data.  If strictCheck
+-     * is false, this method will check for ArrayIndexOutOfBounds conditions.  If
+-     * strictCheck is true, this method will check for additional error
+-     * conditions such as line wraparound (width of a line greater than
+-     * the scanline stride).
+-     * @return   String   Error string, if the layout is incompatible with
+-     *                    the data.  Otherwise returns null.
+-     */
+-    private void verify (boolean strictCheck) {
+-        int maxSize = 0;
+-        int size;
+-
+-        size = (height-1)*scanlineStride + (width-1) + dataOffsets[0];
+-        if (size > maxSize) {
+-            maxSize = size;
+-        }
+-        if (data.length < maxSize) {
+-            throw new RasterFormatException("Data array too small (should be "+
+-                                          maxSize
+-                                          +" but is "+data.length+" )");
+-        }
+-    }
+-
+     public String toString() {
+         return new String ("IntegerInterleavedRaster: width = "+width
+                            +" height = " + height



More information about the distro-pkg-dev mailing list