# HG changeset patch # User Andrew John Hughes # Date 1318991071 -3600 # Node ID 9efe0319ef13688a7eab2e9c0503096651ca7128 # Parent 6f576649251701bd0ab3ed41670cb9a4f611a158 Import security updates. 2011-10-19 Andrew John Hughes * Makefile.am: Bring in security updates. (CORBA_CHANGESET): Updated. (JAXWS_CHANGESET): Likewise. (JDK_CHANGESET): Likewise. (CORBA_SHA256SUM): Likewise. (JAXWS_SHA256SUM): Likewise. (JDK_SHA256SUM): Likewise. * patches/rhino.patch: Updated to work after 7046823 is applied. * NEWS: Updated. diff -r 6f5766492517 -r 9efe0319ef13 ChangeLog --- a/ChangeLog Mon Oct 10 23:02:34 2011 +0100 +++ b/ChangeLog Wed Oct 19 03:24:31 2011 +0100 @@ -1,3 +1,16 @@ +2011-10-19 Andrew John Hughes + + * Makefile.am: Bring in security updates. + (CORBA_CHANGESET): Updated. + (JAXWS_CHANGESET): Likewise. + (JDK_CHANGESET): Likewise. + (CORBA_SHA256SUM): Likewise. + (JAXWS_SHA256SUM): Likewise. + (JDK_SHA256SUM): Likewise. + * patches/rhino.patch: Updated to work + after 7046823 is applied. + * NEWS: Updated. + 2011-10-10 Andrew John Hughes * Makefile.am: diff -r 6f5766492517 -r 9efe0319ef13 Makefile.am --- a/Makefile.am Mon Oct 10 23:02:34 2011 +0100 +++ b/Makefile.am Wed Oct 19 03:24:31 2011 +0100 @@ -2,19 +2,19 @@ OPENJDK_VERSION = b147 -CORBA_CHANGESET = 953de8c7bccb +CORBA_CHANGESET = 4d9e4fb8af09 HOTSPOT_CHANGESET = b28ae681bae0 JAXP_CHANGESET = 948e734135ea -JAXWS_CHANGESET = 5d3734549424 -JDK_CHANGESET = d9fca71ba183 +JAXWS_CHANGESET = a2ebfdc9db7e +JDK_CHANGESET = 2054526dd141 LANGTOOLS_CHANGESET = 9b85f1265346 OPENJDK_CHANGESET = 0a76e5390e68 -CORBA_SHA256SUM = 303d862f722d34ede330e9afdb0f2c9d61e02134beb4d562957e9574a91f8cca +CORBA_SHA256SUM = 9579b9f47c45d4e6f4eb080a7a27886163691a77c193d83423389cb87656aec5 HOTSPOT_SHA256SUM = dcb5a8d4a0a466e3673f891cea40ce163c02f26b0054dfc41c30e0f87c5c2f64 JAXP_SHA256SUM = 66948dee25e0224b12587ba150b21dab2e21b260a853bd1272e07c8d08d2e586 -JAXWS_SHA256SUM = 6aace2cc9f1a98a3822733ad568cc070ec178ff3618c05229c68072af3ed4765 -JDK_SHA256SUM = d8e9bb264f2a31424764466273f10c05d4247328ab4c08a0f4b8123993d78e65 +JAXWS_SHA256SUM = 6edd17ac49c33a32538262486c0b8147954100cab43a6ee7023789f3840f22a8 +JDK_SHA256SUM = 4cd94391909ca86d2a5e25e3378c8fde1b1368076577fc58fed57097932750e1 LANGTOOLS_SHA256SUM = 03a256afc7371b3b0fbbbfd80a318e22984f6cbff26082948e8d5845ba193aee OPENJDK_SHA256SUM = bb47d452a61ed154fad98fda35f93e6e0f3328632ef2cf0afa1d95cd6264071e diff -r 6f5766492517 -r 9efe0319ef13 NEWS --- a/NEWS Mon Oct 10 23:02:34 2011 +0100 +++ b/NEWS Wed Oct 19 03:24:31 2011 +0100 @@ -12,6 +12,20 @@ New in release 2.0 (2011-XX-XX): +* Security fixes + - S7000600, CVE-2011-3547: InputStream skip() information leak + - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor + - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow + - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager + - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak + - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine + - S7055902, CVE-2011-3521: IIOP deserialization code execution + - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks + - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) + - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer + - S7077466, CVE-2011-3556: RMI DGC server remote code execution + - S7083012, CVE-2011-3557: RMI registry privileged code execution + - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection * Bug fixes - Allow the compiler used to be overridden by setting BUILD_GCC/BUILD_CPP. - Fixed regression test runtime/7020373. diff -r 6f5766492517 -r 9efe0319ef13 patches/rhino.patch --- a/patches/rhino.patch Mon Oct 10 23:02:34 2011 +0100 +++ b/patches/rhino.patch Wed Oct 19 03:24:31 2011 +0100 @@ -1,6 +1,6 @@ diff -Nru openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile ---- openjdk.orig/jdk/make/com/sun/Makefile 2011-04-20 04:40:20.000000000 +0100 -+++ openjdk/jdk/make/com/sun/Makefile 2011-04-21 22:36:31.443422475 +0100 +--- openjdk.orig/jdk/make/com/sun/Makefile 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/make/com/sun/Makefile 2011-10-19 01:57:22.982499164 +0100 @@ -31,13 +31,6 @@ PRODUCT = sun include $(BUILDDIR)/common/Defs.gmk @@ -16,8 +16,8 @@ SUBDIRS = java security net/ssl jarsigner diff -Nru openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile ---- openjdk.orig/jdk/make/com/sun/script/Makefile 2011-04-20 04:40:20.000000000 +0100 -+++ openjdk/jdk/make/com/sun/script/Makefile 2011-04-21 22:36:31.443422475 +0100 +--- openjdk.orig/jdk/make/com/sun/script/Makefile 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/make/com/sun/script/Makefile 2011-10-19 01:57:22.994499353 +0100 @@ -31,6 +31,8 @@ AUTO_FILES_JAVA_DIRS = com/sun/script @@ -28,9 +28,9 @@ # Files that need to be copied # diff -Nru openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk ---- openjdk.orig/jdk/make/common/Release.gmk 2011-04-21 20:56:37.000000000 +0100 -+++ openjdk/jdk/make/common/Release.gmk 2011-04-21 22:36:31.443422475 +0100 -@@ -735,6 +735,7 @@ +--- openjdk.orig/jdk/make/common/Release.gmk 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/make/common/Release.gmk 2011-10-19 01:57:22.994499353 +0100 +@@ -756,6 +756,7 @@ $(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar $(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar $(CP) $(JSSE_JAR) $(JRE_IMAGE_DIR)/lib/jsse.jar @@ -39,8 +39,8 @@ $(CD) $(JRE_IMAGE_DIR)/lib && \ $(BOOT_JAVA_CMD) -jar $(BUILDMETAINDEX_JARFILE) \ diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2010-07-29 21:55:35.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-04-21 22:36:31.443422475 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-10-19 01:57:22.994499353 +0100 @@ -24,7 +24,7 @@ */ @@ -51,8 +51,8 @@ import java.util.*; diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2010-07-29 21:55:35.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-04-21 22:36:31.455422660 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-10-19 01:57:22.994499353 +0100 @@ -26,7 +26,7 @@ package com.sun.script.javascript; @@ -63,8 +63,8 @@ /** * This class implements Rhino-like JavaAdapter to help implement a Java diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2010-07-29 21:55:35.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-04-21 22:36:31.455422660 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-10-19 01:57:22.994499353 +0100 @@ -25,7 +25,7 @@ package com.sun.script.javascript; @@ -75,8 +75,8 @@ /** diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2010-07-29 21:55:35.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-04-21 22:36:31.455422660 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-10-19 01:57:22.994499353 +0100 @@ -26,7 +26,7 @@ package com.sun.script.javascript; @@ -87,8 +87,8 @@ /** * This class prevents script access to certain sensitive classes. diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2010-07-29 21:55:35.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-04-21 22:36:31.455422660 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-10-19 01:57:22.994499353 +0100 @@ -25,7 +25,7 @@ package com.sun.script.javascript; @@ -99,8 +99,8 @@ /** * Represents compiled JavaScript code. diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-04-18 18:04:37.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-04-21 22:36:31.455422660 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-10-19 01:57:22.994499353 +0100 @@ -26,7 +26,7 @@ package com.sun.script.javascript; import javax.script.*; @@ -111,8 +111,8 @@ /** diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-04-20 04:40:21.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-04-21 22:36:31.455422660 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-19 01:57:22.994499353 +0100 @@ -26,7 +26,7 @@ package com.sun.script.javascript; import com.sun.script.util.*; @@ -121,22 +121,22 @@ +import sun.org.mozilla.javascript.*; import java.lang.reflect.Method; import java.io.*; - import java.util.*; + import java.security.*; diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-04-11 12:34:30.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-04-21 22:36:31.455422660 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-19 01:57:37.454729539 +0100 @@ -25,7 +25,7 @@ package com.sun.script.javascript; -import sun.org.mozilla.javascript.internal.*; +import sun.org.mozilla.javascript.*; + import java.security.AccessControlContext; import javax.script.*; - /** diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2010-07-29 21:55:35.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-04-21 22:36:31.455422660 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-10-14 03:02:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-10-19 01:57:22.994499353 +0100 @@ -27,7 +27,7 @@ import java.lang.reflect.*;