Mercurial > hg > release > icedtea6-1.9
view patches/icedtea-rhino.patch @ 2352:941103576384
Add first batch of security patches.
S7000600, CVE-2011-3547: InputStream skip() information leak
S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
S7055902, CVE-2011-3521: IIOP deserialization code execution
S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
S7064341, CVE-2011-3389: JSSE
S7070134, CVE-2011-3558: Hotspot unspecified issue
S7077466, CVE-2011-3556: RMI DGC server remote code execution
S7083012, CVE-2011-3557: RMI registry privileged code execution
S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
2011-10-13 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am: Add patches.
* NEWS: List security updates.
* patches/icedtea-rhino.patch: Change
after 7046823 is applied.
* patches/security/20111018/7000600.patch,
* patches/security/20111018/7019773.patch,
* patches/security/20111018/7023640.patch,
* patches/security/20111018/7032417.patch,
* patches/security/20111018/7046823.patch,
* patches/security/20111018/7055902.patch,
* patches/security/20111018/7057857.patch,
* patches/security/20111018/7064341.patch,
* patches/security/20111018/7070134.patch,
* patches/security/20111018/7083012.patch,
* patches/security/20111018/7096936.patch:
First batch of security patches.
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Thu, 13 Oct 2011 15:04:46 +0100 |
| parents | 7816c6d7a641 |
| children |
line wrap: on
line source
diff -Nru openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile --- openjdk.orig/jdk/make/com/sun/Makefile 2010-06-21 22:15:07.000000000 +0100 +++ openjdk/jdk/make/com/sun/Makefile 2011-10-13 00:33:19.852945178 +0100 @@ -31,15 +31,8 @@ PRODUCT = sun include $(BUILDDIR)/common/Defs.gmk -ifndef OPENJDK - ORG_EXISTS := $(call DirExists,$(CLOSED_SRC)/share/classes/sun/org,,) - ifneq ("$(ORG_EXISTS)", "") - SCRIPT_SUBDIR = script - endif -endif - # Omit mirror since it's built with the apt tool. -SUBDIRS = $(SCRIPT_SUBDIR) image security crypto/provider jndi jmx \ +SUBDIRS = script image security crypto/provider jndi jmx \ java inputmethods org rowset net/httpserver net/ssl demo \ tools jarsigner diff -Nru openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile --- openjdk.orig/jdk/make/com/sun/script/Makefile 2010-06-21 22:15:07.000000000 +0100 +++ openjdk/jdk/make/com/sun/script/Makefile 2011-10-13 00:33:19.840944989 +0100 @@ -31,6 +31,8 @@ AUTO_FILES_JAVA_DIRS = com/sun/script +OTHER_JAVACFLAGS = -classpath $(RHINO_JAR) + # # Files that need to be copied # diff -Nru openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk --- openjdk.orig/jdk/make/common/Release.gmk 2011-10-13 00:21:13.000000000 +0100 +++ openjdk/jdk/make/common/Release.gmk 2011-10-13 00:33:19.852945178 +0100 @@ -772,6 +772,7 @@ $(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar $(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar $(CP) $(JSSE_JAR) $(JRE_IMAGE_DIR)/lib/jsse.jar + $(CP) $(RHINO_JAR) $(JRE_IMAGE_DIR)/lib/rhino.jar @# Generate meta-index to make boot and extension class loaders lazier $(CD) $(JRE_IMAGE_DIR)/lib && \ $(BOOT_JAVA_CMD) -jar $(BUILDMETAINDEX_JARFILE) \ diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-10-13 00:33:19.852945178 +0100 @@ -24,7 +24,7 @@ */ package com.sun.script.javascript; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; import javax.script.*; import java.util.*; diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-10-13 00:33:19.852945178 +0100 @@ -26,7 +26,7 @@ package com.sun.script.javascript; import javax.script.Invocable; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; /** * This class implements Rhino-like JavaAdapter to help implement a Java diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-10-13 00:33:19.852945178 +0100 @@ -25,7 +25,7 @@ package com.sun.script.javascript; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; import java.util.*; /** diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-10-13 00:33:19.852945178 +0100 @@ -26,7 +26,7 @@ package com.sun.script.javascript; import java.util.*; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; /** * This class prevents script access to certain sensitive classes. diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-10-13 00:33:19.852945178 +0100 @@ -25,7 +25,7 @@ package com.sun.script.javascript; import javax.script.*; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; /** * Represents compiled JavaScript code. diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-10-13 00:33:19.852945178 +0100 @@ -26,7 +26,7 @@ package com.sun.script.javascript; import javax.script.*; import java.util.*; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; import com.sun.script.util.*; /** diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 00:21:08.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 00:33:19.852945178 +0100 @@ -26,7 +26,7 @@ package com.sun.script.javascript; import com.sun.script.util.*; import javax.script.*; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; import java.lang.reflect.Method; import java.io.*; import java.security.*; diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 00:21:08.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 00:33:36.289203779 +0100 @@ -25,7 +25,7 @@ package com.sun.script.javascript; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; import java.security.AccessControlContext; import javax.script.*; diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-10-13 00:33:19.852945178 +0100 @@ -27,7 +27,7 @@ import java.lang.reflect.*; import static sun.security.util.SecurityConstants.*; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; /** * This wrap factory is used for security reasons. JSR 223 script