/hg/release/icedtea6-1.7: 9 new changesets

andrew at icedtea.classpath.org andrew at icedtea.classpath.org
Tue Oct 12 16:19:13 PDT 2010


changeset b5086c3910b3 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=b5086c3910b3
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Oct 05 15:57:31 2010 +0100

	Security updates.

	2010-10-05 Andrew John Hughes <ahughes at redhat.com>

	 * Makefile.am: Add new patches.
		* NEWS: List security updates.
		* patches/security/20101012/6559775.patch,
		* patches/security/20101012/6891766.patch,
		* patches/security/20101012/6914943.patch,
		* patches/security/20101012/6925710.patch,
		* patches/security/20101012/6938813.patch,
		* patches/security/20101012/6957564.patch,
		* patches/security/20101012/6958060.patch,
		* patches/security/20101012/6963023.patch,
		* patches/security/20101012/6963489.patch,
		* patches/security/20101012/6966692.patch: New security
	patches.


changeset 943f33237d51 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=943f33237d51
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Oct 05 16:01:23 2010 +0100

	Bump to 1.7.5pre.

	2010-10-05 Andrew John Hughes <ahughes at redhat.com>

	 * configure.ac: Bump to 1.7.5pre.


changeset 7215a5763a4e in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=7215a5763a4e
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Oct 06 16:27:10 2010 +0100

	Bump to 1.7.5 and set date of release to 2010-10-13.

	2010-10-06 Andrew John Hughes <ahughes at redhat.com>

	 * configure.ac: Bump to 1.7.5.
		* NEWS: Set date of 1.7.5 to 2010-10-13.


changeset 3dbe18286f7a in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=3dbe18286f7a
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Oct 07 14:10:27 2010 +0100

	Apply HotSpot patches before conditional patches.

	2010-10-07 Andrew John Hughes <ahughes at redhat.com>

	 * Makefile.am: Move HotSpot patches up so they
	aren't affected by conditional patches.
		* patches/icedtea-systemtap.patch: Fix to apply after the hs16
	sparc patch.


changeset a6202fb4b8c4 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=a6202fb4b8c4
author: Andrew John Hughes <ahughes at redhat.com>
date: Fri Oct 08 00:46:01 2010 +0100

	Fix SystemTap patch to work on both hs16 and original builds.

	2010-10-07 Andrew John Hughes <ahughes at redhat.com>

	 * patches/icedtea-systemtap.patch: Split patch into
	hs16 and original versions.
		* Makefile.am: Use a hsbuild-specific version of the systemtap
	patch.
		* patches/hotspot/hs16/systemtap.patch: SystemTap patch from
	last checkin.
		* patches/hotspot/original/systemtap.patch: SystemTap patch
	prior to last checkin.


changeset 1cdd796efef3 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=1cdd796efef3
author: Andrew John Hughes <ahughes at redhat.com>
date: Mon Oct 11 21:52:05 2010 +0100

	Second batch of security updates.

	2010-10-11 Andrew John Hughes <ahughes at redhat.com>

	 * patches/icedtea-timerqueue.patch: Dropped;
	superceded by 6623943.
		* Makefile.am: Add new security patches.
		* NEWS: List new security patches.
		* patches/security/20101012/6622002.patch,
		* patches/security/20101012/6623943.patch,
		* patches/security/20101012/6952017.patch,
		* patches/security/20101012/6952603.patch,
		* patches/security/20101012/6961084.patch,
		* patches/security/20101012/6963285.patch,
		* patches/security/20101012/6981426.patch,
		* patches/security/20101012/6990437.patch: Added.


changeset 1c4624a3afe8 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=1c4624a3afe8
author: andrew
date: Mon Oct 11 22:31:47 2010 +0100

	Add CVE numbers.

	2010-10-11 Andrew John Hughes <ahughes at redhat.com>

	 * NEWS: Add CVE numbers and list 6925672 which is
	covered by the 6891766 fix.


changeset 9f1417fbbb12 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=9f1417fbbb12
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Oct 12 18:01:47 2010 +0100

	Add man page for javaws.

	2010-10-12 Andrew John Hughes <ahughes at redhat.com>

	 * Makefile.am: (add-netx): Ensure directory
	exists before copying javaws man page. (add-
	netx-debug): Likewise.

	2010-09-13 Omair Majid <omajid at redhat.com>

	 Add a new man page for netx's javaws.
		    * NEWS: Updated to indicate the new man page for javaws.
		    * Makefile.am (icedtea.stamp): Copy over the javaws man
	page into the build. (icedtea-debug.stamp): Copy over
	the javaws man page.
		    * netx/javaws.1: New man page for netx's javaws.


changeset 3b1a69fc737b in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=3b1a69fc737b
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Oct 13 00:18:49 2010 +0100

	Added tag icedtea6-1.7.5 for changeset 9f1417fbbb12


diffstat:

28 files changed, 5604 insertions(+), 274 deletions(-)
.hgtags                                  |    1 
ChangeLog                                |   80 +
Makefile.am                              |  141 +-
NEWS                                     |   34 
configure.ac                             |    2 
patches/hotspot/hs16/systemtap.patch     |  186 ++
patches/hotspot/original/systemtap.patch |  182 ++
patches/icedtea-lcms.patch               |   28 
patches/icedtea-systemtap.patch          |  182 --
patches/icedtea-timerqueue.patch         |   18 
patches/security/20101012/6559775.patch  |  303 ++++
patches/security/20101012/6622002.patch  |   64 
patches/security/20101012/6623943.patch  |  138 ++
patches/security/20101012/6891766.patch  | 1289 +++++++++++++++++++
patches/security/20101012/6914943.patch  | 1982 ++++++++++++++++++++++++++++++
patches/security/20101012/6925710.patch  |  198 ++
patches/security/20101012/6938813.patch  |  175 ++
patches/security/20101012/6952017.patch  |   50 
patches/security/20101012/6952603.patch  |   38 
patches/security/20101012/6957564.patch  |   77 +
patches/security/20101012/6958060.patch  |   15 
patches/security/20101012/6961084.patch  |  325 ++++
patches/security/20101012/6963023.patch  |   95 +
patches/security/20101012/6963285.patch  |   20 
patches/security/20101012/6963489.patch  |   31 
patches/security/20101012/6966692.patch  |   84 +
patches/security/20101012/6981426.patch  |   24 
patches/security/20101012/6990437.patch  |  116 +

diffs (truncated from 6107 to 500 lines):

diff -r 02e3bf7ef716 -r 3b1a69fc737b .hgtags
--- a/.hgtags	Mon Oct 04 16:58:32 2010 +0100
+++ b/.hgtags	Wed Oct 13 00:18:49 2010 +0100
@@ -22,3 +22,4 @@ 6e9e64c22c9625939edcd20c1a9dcd7a7aaea723
 6e9e64c22c9625939edcd20c1a9dcd7a7aaea723 icedtea6-1.7.2
 cf5e5cb5f1cd9aa7f3237e918504be6fa732fa26 icedtea6-1.7.3
 30dc9370bebaf7d7bed1f49ff220bcb75f3b2140 icedtea6-1.7.4
+9f1417fbbb12374a1585da2c3265deb8c10d6ec6 icedtea6-1.7.5
diff -r 02e3bf7ef716 -r 3b1a69fc737b ChangeLog
--- a/ChangeLog	Mon Oct 04 16:58:32 2010 +0100
+++ b/ChangeLog	Wed Oct 13 00:18:49 2010 +0100
@@ -1,3 +1,83 @@ 2010-09-17  Andrew John Hughes  <ahughes
+2010-10-12  Andrew John Hughes  <ahughes at redhat.com>
+
+	* Makefile.am:
+	(add-netx): Ensure directory exists before
+	copying javaws man page.
+	(add-netx-debug): Likewise.
+
+2010-09-13  Omair Majid  <omajid at redhat.com>
+
+	Add a new man page for netx's javaws.
+	* NEWS: Updated to indicate the new man page for javaws.
+	* Makefile.am
+	(icedtea.stamp): Copy over the javaws man page into the build.
+	(icedtea-debug.stamp): Copy over the javaws man page.
+	* netx/javaws.1: New man page for netx's javaws.
+
+2010-10-11  Andrew John Hughes  <ahughes at redhat.com>
+
+	* NEWS: Add CVE numbers and list 6925672
+	which is covered by the 6891766 fix.
+
+2010-10-11  Andrew John Hughes  <ahughes at redhat.com>
+
+	* patches/icedtea-timerqueue.patch:
+	Dropped; superceded by 6623943.
+	* Makefile.am: Add new security patches.
+	* NEWS: List new security patches.
+	* patches/security/20101012/6622002.patch,
+	* patches/security/20101012/6623943.patch,
+	* patches/security/20101012/6952017.patch,
+	* patches/security/20101012/6952603.patch,
+	* patches/security/20101012/6961084.patch,
+	* patches/security/20101012/6963285.patch,
+	* patches/security/20101012/6981426.patch,
+	* patches/security/20101012/6990437.patch:
+	Added.
+
+2010-10-07  Andrew John Hughes  <ahughes at redhat.com>
+
+	* patches/icedtea-systemtap.patch:
+	Split patch into hs16 and original versions.
+	* Makefile.am: Use a hsbuild-specific version
+	of the systemtap patch.
+	* patches/hotspot/hs16/systemtap.patch:
+	SystemTap patch from last checkin.
+	* patches/hotspot/original/systemtap.patch:
+	SystemTap patch prior to last checkin.
+
+2010-10-07  Andrew John Hughes  <ahughes at redhat.com>
+
+	* Makefile.am: Move HotSpot patches up
+	so they aren't affected by conditional patches.
+	* patches/icedtea-systemtap.patch:
+	Fix to apply after the hs16 sparc patch.
+
+2010-10-06  Andrew John Hughes  <ahughes at redhat.com>
+
+	* configure.ac: Bump to 1.7.5.
+	* NEWS: Set date of 1.7.5 to 2010-10-13.
+
+2010-10-05  Andrew John Hughes  <ahughes at redhat.com>
+
+	* configure.ac: Bump to 1.7.5pre.
+
+2010-10-05  Andrew John Hughes  <ahughes at redhat.com>
+
+	* Makefile.am: Add new patches.
+	* NEWS: List security updates.
+	* patches/security/20101012/6559775.patch,
+	* patches/security/20101012/6891766.patch,
+	* patches/security/20101012/6914943.patch,
+	* patches/security/20101012/6925710.patch,
+	* patches/security/20101012/6938813.patch,
+	* patches/security/20101012/6957564.patch,
+	* patches/security/20101012/6958060.patch,
+	* patches/security/20101012/6963023.patch,
+	* patches/security/20101012/6963489.patch,
+	* patches/security/20101012/6966692.patch:
+	New security patches.
+
 2010-09-17  Andrew John Hughes  <ahughes at redhat.com>
 
 	* Makefile.am:
diff -r 02e3bf7ef716 -r 3b1a69fc737b Makefile.am
--- a/Makefile.am	Mon Oct 04 16:58:32 2010 +0100
+++ b/Makefile.am	Wed Oct 13 00:18:49 2010 +0100
@@ -55,6 +55,7 @@ JAXWS = openjdk/jaxws/src/share/classes
 JAXWS = openjdk/jaxws/src/share/classes
 
 # FIXME (netx): NetX source directories go here
+NETX_SRCDIR = $(abs_top_srcdir)/rt
 
 OPENJDK_SOURCEPATH_DIRS = \
         $(SHARE):$(SOLARIS):$(LANGTOOLS):$(JAXP):$(CORBA):$(JAXWS)
@@ -201,7 +202,64 @@ REWRITER_SRCS = $(abs_top_srcdir)/rewrit
 
 ICEDTEA_FSG_PATCHES =
 
+SECURITY_PATCHES = \
+	patches/security/icedtea-6862968.patch \
+	patches/security/icedtea-6863503.patch \
+	patches/security/icedtea-6864911.patch \
+	patches/security/icedtea-6872357.patch \
+	patches/security/icedtea-6874643.patch \
+	patches/security/icedtea-6631533.patch \
+	patches/security/icedtea-6632445.patch \
+	patches/security/icedtea-6636650.patch \
+	patches/security/icedtea-6657026.patch \
+	patches/security/icedtea-6657138.patch \
+	patches/security/icedtea-6822057.patch \
+	patches/security/icedtea-6824265.patch \
+	patches/security/icedtea-6861062.patch \
+	patches/security/icedtea-6872358.patch \
+	patches/security/icedtea-6664512.patch \
+	patches/security/20100330/hotspot/$(HSBUILD)/6626217.patch \
+	patches/security/20100330/6633872.patch \
+	patches/security/20100330/6639665.patch \
+	patches/security/20100330/6736390.patch \
+	patches/security/20100330/6745393.patch \
+	patches/security/20100330/6887703.patch \
+	patches/security/20100330/6888149.patch \
+	patches/security/20100330/6892265.patch \
+	patches/security/20100330/6893947.patch \
+	patches/security/20100330/6893954.patch \
+	patches/security/20100330/6894807.patch \
+	patches/security/20100330/6898622.patch \
+	patches/security/20100330/6898739.patch \
+	patches/security/20100330/6899653.patch \
+	patches/security/20100330/6902299.patch \
+	patches/security/20100330/6904691.patch \
+	patches/security/20100330/6909597.patch \
+	patches/security/20100330/6910590.patch \
+	patches/security/20100330/6914823.patch \
+	patches/security/20100330/6914866.patch \
+	patches/security/20100330/6932480.patch \
+	patches/security/20101012/6891766.patch \
+	patches/security/20101012/6925710.patch \
+	patches/security/20101012/6938813.patch \
+	patches/security/20101012/6957564.patch \
+	patches/security/20101012/6958060.patch \
+	patches/security/20101012/6963023.patch \
+	patches/security/20101012/6963489.patch \
+	patches/security/20101012/6966692.patch \
+	patches/security/20101012/6914943.patch \
+	patches/security/20101012/6559775.patch \
+	patches/security/20101012/6622002.patch \
+	patches/security/20101012/6623943.patch \
+	patches/security/20101012/6952017.patch \
+	patches/security/20101012/6952603.patch \
+	patches/security/20101012/6961084.patch \
+	patches/security/20101012/6963285.patch \
+	patches/security/20101012/6981426.patch \
+	patches/security/20101012/6990437.patch
+
 ICEDTEA_PATCHES = \
+	$(SECURITY_PATCHES) \
 	patches/zero/6890308.patch \
 	patches/zero/6891677.patch \
 	patches/zero/6896043.patch \
@@ -235,7 +293,6 @@ ICEDTEA_PATCHES = \
 	patches/icedtea-javafiles.patch \
 	patches/icedtea-jvmtiEnv.patch \
 	patches/icedtea-lcms.patch \
-	patches/icedtea-timerqueue.patch \
 	patches/icedtea-print-lsb-release.patch \
 	patches/icedtea-jpegclasses.patch \
 	patches/icedtea-uname.patch \
@@ -270,21 +327,6 @@ ICEDTEA_PATCHES = \
 	patches/icedtea-sparc64-linux.patch \
 	patches/icedtea-sparc-ptracefix.patch \
 	patches/icedtea-sparc-trapsfix.patch \
-	patches/security/icedtea-6862968.patch \
-	patches/security/icedtea-6863503.patch \
-	patches/security/icedtea-6864911.patch \
-	patches/security/icedtea-6872357.patch \
-	patches/security/icedtea-6874643.patch \
-	patches/security/icedtea-6631533.patch \
-	patches/security/icedtea-6632445.patch \
-	patches/security/icedtea-6636650.patch \
-	patches/security/icedtea-6657026.patch \
-	patches/security/icedtea-6657138.patch \
-	patches/security/icedtea-6822057.patch \
-	patches/security/icedtea-6824265.patch \
-	patches/security/icedtea-6861062.patch \
-	patches/security/icedtea-6872358.patch \
-	patches/security/icedtea-6664512.patch \
 	patches/icedtea-demo-swingapplet.patch \
 	patches/icedtea-awt-window-size.patch \
 	patches/icedtea-java2d-dasher.patch \
@@ -311,27 +353,6 @@ ICEDTEA_PATCHES = \
 	patches/icedtea-policy-evaluation.patch \
 	patches/libpng.patch \
 	patches/icedtea-jtreg-httpTest.patch \
-	patches/security/20100330/hotspot/$(HSBUILD)/6626217.patch \
-	patches/security/20100330/6633872.patch \
-	patches/security/20100330/6639665.patch \
-	patches/security/20100330/6736390.patch \
-	patches/security/20100330/6745393.patch \
-	patches/security/20100330/6887703.patch \
-	patches/security/20100330/6888149.patch \
-	patches/security/20100330/6892265.patch \
-	patches/security/20100330/6893947.patch \
-	patches/security/20100330/6893954.patch \
-	patches/security/20100330/6894807.patch \
-	patches/security/20100330/6898622.patch \
-	patches/security/20100330/6898739.patch \
-	patches/security/20100330/6899653.patch \
-	patches/security/20100330/6902299.patch \
-	patches/security/20100330/6904691.patch \
-	patches/security/20100330/6909597.patch \
-	patches/security/20100330/6910590.patch \
-	patches/security/20100330/6914823.patch \
-	patches/security/20100330/6914866.patch \
-	patches/security/20100330/6932480.patch \
 	patches/ant-1.8.0.patch \
 	patches/icedtea-use-system-tzdata.patch \
 	patches/icedtea-override-redirect-metacity.patch \
@@ -349,6 +370,20 @@ ICEDTEA_PATCHES = \
 	patches/openjdk/6638712-wildcard_types.patch \
 	patches/openjdk/6650759-missing_inference.patch \
 	patches/numa_on_early_glibc.patch
+
+if WITH_ALT_HSBUILD
+ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/openjdk-6886353-ignore_deoptimizealot.patch \
+	patches/hotspot/$(HSBUILD)/zero.patch \
+	patches/hotspot/$(HSBUILD)/shark.patch \
+	patches/hotspot/$(HSBUILD)/6951319-sparc_build_fixes.patch
+else
+ICEDTEA_PATCHES += patches/hotspot/original/icedtea-6778662-lib64.patch \
+	patches/hotspot/original/icedtea-6778657-f2i-overflow.patch \
+	patches/hotspot/original/icedtea-6791168.patch \
+	patches/hotspot/original/icedtea-6793825-includedb.patch \
+	patches/openjdk/6822370-reentrantreadwritelock.patch \
+	patches/hotspot/original/6539464-consistent-math.patch
+endif
 
 if WITH_RHINO
 ICEDTEA_PATCHES += \
@@ -387,27 +422,13 @@ endif
 endif
 
 if ENABLE_SYSTEMTAP
-ICEDTEA_PATCHES += patches/icedtea-systemtap.patch \
+ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/systemtap.patch \
 	patches/systemtap-gcc-4.5.patch
 endif
 
 if ENABLE_NSS
 ICEDTEA_PATCHES += patches/icedtea-nss-config.patch \
 		   patches/icedtea-nss-6763530.patch
-endif
-
-if WITH_ALT_HSBUILD
-ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/openjdk-6886353-ignore_deoptimizealot.patch \
-	patches/hotspot/$(HSBUILD)/zero.patch \
-	patches/hotspot/$(HSBUILD)/shark.patch \
-	patches/hotspot/$(HSBUILD)/6951319-sparc_build_fixes.patch
-else
-ICEDTEA_PATCHES += patches/hotspot/original/icedtea-6778662-lib64.patch \
-	patches/hotspot/original/icedtea-6778657-f2i-overflow.patch \
-	patches/hotspot/original/icedtea-6791168.patch \
-	patches/hotspot/original/icedtea-6793825-includedb.patch \
-	patches/openjdk/6822370-reentrantreadwritelock.patch \
-	patches/hotspot/original/6539464-consistent-math.patch
 endif
 
 if HAS_PAX
@@ -1341,6 +1362,14 @@ endif
 	cp $(abs_top_srcdir)/rt/net/sourceforge/jnlp/resources/about.jnlp \
 	  extra-lib/about.jar \
 	  $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib
+	if [ -d $(BUILD_OUTPUT_DIR)/j2sdk-image/man/man1 ] ; then \
+	  cp $(NETX_SRCDIR)/javaws.1 \
+	    $(BUILD_OUTPUT_DIR)/j2sdk-image/man/man1 ; \
+	fi
+	if [ -d $(BUILD_OUTPUT_DIR)/j2re-image/man/man1 ] ; then \
+	  cp $(NETX_SRCDIR)/javaws.1 \
+	    $(BUILD_OUTPUT_DIR)/j2re-image/man/man1 ; \
+	fi
 if ZERO_BUILD
 	printf -- '-zero ALIASED_TO -server\n' >> $(BUILD_JRE_ARCH_DIR)/jvm.cfg
 endif
@@ -1444,6 +1473,14 @@ endif
 	cp $(abs_top_srcdir)/rt/net/sourceforge/jnlp/resources/default.jnlp \
 	  extra-lib/about.jar \
 	  $(BUILD_OUTPUT_DIR)-debug/j2sdk-image/jre/lib
+	if [ -d $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/man/man1 ] ; then \
+	  cp $(NETX_SRCDIR)/javaws.1 \
+	    $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/man/man1 ; \
+	fi
+	if [ -d $(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/man/man1 ] ; then \
+	  cp $(NETX_SRCDIR)/javaws.1 \
+	    $(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/man/man1 ; \
+	fi
 if ZERO_BUILD
 	printf -- '-zero ALIASED_TO -server\n' >> $(BUILD_DEBUG_JRE_ARCH_DIR)/jvm.cfg
 endif
diff -r 02e3bf7ef716 -r 3b1a69fc737b NEWS
--- a/NEWS	Mon Oct 04 16:58:32 2010 +0100
+++ b/NEWS	Wed Oct 13 00:18:49 2010 +0100
@@ -1,5 +1,36 @@ New in release 1.7.5 (XXXX-XX-XX):
-New in release 1.7.5 (XXXX-XX-XX):
+Key:
 
+SX  - http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X
+PRX - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X
+RHX - https://bugzilla.redhat.com/show_bug.cgi?id=X
+DX  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X
+GX  - http://bugs.gentoo.org/show_bug.cgi?id=X
+
+CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+
+New in release 1.7.5 (2010-10-13):
+
+* Security updates
+  - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation 
+  - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition
+  - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities
+  - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free
+  - S6938813, CVE-2010-3557: OpenJDK Swing mutable static
+  - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak
+  - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability
+  - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution
+  - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution
+  - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies
+  - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage
+  - S6623943: javax.swing.TimerQueue's thread occasionally fails to start
+  - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host
+  - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting)
+  - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code
+  - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection
+  - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts
+  - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection
+  - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
+  - S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes
 * Fixes
   - G244901: Skip test_gamma on hardened (PaX-enabled) kernels
   - G266295: Provide font configuration for Gentoo.
@@ -15,6 +46,7 @@ New in release 1.7.5 (XXXX-XX-XX):
   - Run programs that inherit main(String[]) in their main-class
   - Work with JNLP files that use spec version 1.6
   - RH601281: Possible NullPointerException in splash screen code
+  - New man page for javaws
 * Plugin 
   - RH560193: Fix ziperror when applet jar contained another 0-byte jar
   - PR519: 100% CPU usage when displaying applets in Webkit based browsers
diff -r 02e3bf7ef716 -r 3b1a69fc737b configure.ac
--- a/configure.ac	Mon Oct 04 16:58:32 2010 +0100
+++ b/configure.ac	Wed Oct 13 00:18:49 2010 +0100
@@ -1,4 +1,4 @@ AC_INIT([icedtea6], [1.7.4], [distro-pkg
-AC_INIT([icedtea6], [1.7.4], [distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6], [1.7.5], [distro-pkg-dev at openjdk.java.net])
 AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
 AC_CONFIG_FILES([Makefile])
 
diff -r 02e3bf7ef716 -r 3b1a69fc737b patches/hotspot/hs16/systemtap.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/hotspot/hs16/systemtap.patch	Wed Oct 13 00:18:49 2010 +0100
@@ -0,0 +1,186 @@
+diff -Nru openjdk.orig/hotspot/make/linux/makefiles/dtrace.make openjdk/hotspot/make/linux/makefiles/dtrace.make
+--- openjdk.orig/hotspot/make/linux/makefiles/dtrace.make	2009-12-08 23:12:17.000000000 +0000
++++ openjdk/hotspot/make/linux/makefiles/dtrace.make	2010-10-07 11:45:17.510211682 +0100
+@@ -25,3 +25,7 @@
+ # Linux does not build jvm_db
+ LIBJVM_DB =
+ 
++# But it does have a Systemtap dtrace compatible sys/sdt.h
++CFLAGS += -DDTRACE_ENABLED
++
++# It doesn't support HAVE_DTRACE_H though.
+diff -Nru openjdk.orig/hotspot/src/share/vm/prims/jni.cpp openjdk/hotspot/src/share/vm/prims/jni.cpp
+--- openjdk.orig/hotspot/src/share/vm/prims/jni.cpp	2010-10-06 21:54:38.000000000 +0100
++++ openjdk/hotspot/src/share/vm/prims/jni.cpp	2010-10-07 11:45:17.510211682 +0100
+@@ -1753,10 +1753,7 @@
+ JNI_QUICK_ENTRY(void, jni_Set##Result##Field(JNIEnv *env, jobject obj, jfieldID fieldID, Argument value)) \
+   JNIWrapper("Set" XSTR(Result) "Field"); \
+ \
+-  HS_DTRACE_PROBE_CDECL_N(hotspot_jni, Set##Result##Field__entry, \
+-    ( JNIEnv*, jobject, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \
+-  HS_DTRACE_PROBE_N(hotspot_jni, Set##Result##Field__entry, \
+-    ( env, obj, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \
++  FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID, value),DTRACE_PROBE3(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID)); \
+ \
+   oop o = JNIHandles::resolve_non_null(obj); \
+   klassOop k = o->klass(); \
+@@ -1930,10 +1927,7 @@
+ \
+ JNI_ENTRY(void, jni_SetStatic##Result##Field(JNIEnv *env, jclass clazz, jfieldID fieldID, Argument value)) \
+   JNIWrapper("SetStatic" XSTR(Result) "Field"); \
+-  HS_DTRACE_PROBE_CDECL_N(hotspot_jni, SetStatic##Result##Field__entry,\
+-    ( JNIEnv*, jclass, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \
+-  HS_DTRACE_PROBE_N(hotspot_jni, SetStatic##Result##Field__entry, \
+-    ( env, clazz, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \
++  FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID, value),DTRACE_PROBE3(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID)); \
+ \
+   JNIid* id = jfieldIDWorkaround::from_static_jfieldID(fieldID); \
+   assert(id->is_static_field_id(), "invalid static field id"); \
+@@ -2116,7 +2110,7 @@
+   DT_RETURN_MARK(GetObjectArrayElement, jobject, (const jobject&)ret);
+   objArrayOop a = objArrayOop(JNIHandles::resolve_non_null(array));
+   if (a->is_within_bounds(index)) {
+-    jobject ret = JNIHandles::make_local(env, a->obj_at(index));
++    ret = JNIHandles::make_local(env, a->obj_at(index));
+     return ret;
+   } else {
+     char buf[jintAsStringSize];
+@@ -2150,14 +2144,14 @@
+ 
+ #define DEFINE_NEWSCALARARRAY(Return,Allocator,Result) \
+ \
+-  DT_RETURN_MARK_DECL_FOR(Result, New##Result##Array, Return);\
++  DT_RETURN_MARK_DECL(New##Result##Array, Return);\
+ \
+ JNI_ENTRY(Return, \
+           jni_New##Result##Array(JNIEnv *env, jsize len)) \
+   JNIWrapper("New" XSTR(Result) "Array"); \
+   DTRACE_PROBE2(hotspot_jni, New##Result##Array__entry, env, len);\
+   Return ret = NULL;\
+-  DT_RETURN_MARK_FOR(Result, New##Result##Array, Return, (const Return&)ret);\
++  DT_RETURN_MARK(New##Result##Array, Return, (const Return&)ret);\
+ \
+   oop obj= oopFactory::Allocator(len, CHECK_0); \
+   ret = (Return) JNIHandles::make_local(env, obj); \
+diff -Nru openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotspot/src/share/vm/runtime/arguments.cpp
+--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp	2010-10-06 21:54:42.000000000 +0100
++++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp	2010-10-07 11:45:17.510211682 +0100
+@@ -2352,16 +2352,16 @@
+       FLAG_SET_CMDLINE(bool, DisplayVMOutputToStderr, false);
+       FLAG_SET_CMDLINE(bool, DisplayVMOutputToStdout, true);
+     } else if (match_option(option, "-XX:+ExtendedDTraceProbes", &tail)) {
+-#ifdef SOLARIS
++#ifdef DTRACE_ENABLED
+       FLAG_SET_CMDLINE(bool, ExtendedDTraceProbes, true);
+       FLAG_SET_CMDLINE(bool, DTraceMethodProbes, true);
+       FLAG_SET_CMDLINE(bool, DTraceAllocProbes, true);
+       FLAG_SET_CMDLINE(bool, DTraceMonitorProbes, true);
+-#else // ndef SOLARIS
++#else // ndef DTRACE_ENABLED
+       jio_fprintf(defaultStream::error_stream(),
+-                  "ExtendedDTraceProbes flag is only applicable on Solaris\n");
++                  "ExtendedDTraceProbes flag is only applicable on dtrace enabled builds\n");
+       return JNI_EINVAL;
+-#endif // ndef SOLARIS
++#endif // ndef DTRACE_ENABLED
+     } else
+ #ifdef ASSERT
+     if (match_option(option, "-XX:+FullGCALot", &tail)) {
+diff -Nru openjdk.orig/hotspot/src/share/vm/utilities/dtrace.hpp openjdk/hotspot/src/share/vm/utilities/dtrace.hpp
+--- openjdk.orig/hotspot/src/share/vm/utilities/dtrace.hpp	2010-10-06 21:54:47.000000000 +0100
++++ openjdk/hotspot/src/share/vm/utilities/dtrace.hpp	2010-10-07 11:46:11.357276841 +0100
+@@ -1,5 +1,6 @@
+ /*
+  * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
++ * Copyright 2009 Red Hat, Inc.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -22,7 +23,7 @@
+  *
+  */
+ 
+-#if defined(SOLARIS) && defined(DTRACE_ENABLED)
++#if defined(DTRACE_ENABLED)
+ 
+ #include <sys/sdt.h>
+ 
+@@ -33,7 +34,7 @@
+ #define HS_DTRACE_WORKAROUND_TAIL_CALL_BUG() \
+   do { volatile size_t dtrace_workaround_tail_call_bug = 1; } while (0)
+ 
+-#else // ndef SOLARIS || ndef DTRACE_ENABLED
++#else // ndef DTRACE_ENABLED
+ 
+ #define DTRACE_ONLY(x)
+ #define NOT_DTRACE(x) x
+@@ -44,11 +45,18 @@
+ #define DTRACE_PROBE3(a,b,c,d,e) {;}
+ #define DTRACE_PROBE4(a,b,c,d,e,f) {;}
+ #define DTRACE_PROBE5(a,b,c,d,e,f,g) {;}
++#define DTRACE_PROBE6(a,b,c,d,e,f,g,h) {;}
++#define DTRACE_PROBE7(a,b,c,d,e,f,g,h,i) {;}
++#define DTRACE_PROBE8(a,b,c,d,e,f,g,h,i,j) {;}
++#define DTRACE_PROBE9(a,b,c,d,e,f,g,h,i,j,k) {;}
++#define DTRACE_PROBE10(a,b,c,d,e,f,g,h,i,j,k,l) {;}
+ 
+ #define HS_DTRACE_WORKAROUND_TAIL_CALL_BUG()
+ 
+ #endif



More information about the distro-pkg-dev mailing list