Mercurial > hg > release > icedtea7-2.1
changeset 2545:421a34013779
Add security patches.
2013-02-20 Andrew John Hughes <gnu.andrew@member.fsf.org>
* Makefile.am,
(HOTSPOT_CHANGESET): Update to IcedTea7 2.1 forest head,
bringing in latest security updates.
(HOTSPOT_CHANGESET): Likewise.
(JAXP_CHANGESET): Likewise.
(JAXWS_CHANGESET): Likewise.
(JDK_CHANGESET): Likewise.
(LANGTOOLS_CHANGESET): Likewise.
(OPENJDK_CHANGESET): Likewise.
(HOTSPOT_SHA256SUM): Likewise.
(CORBA_SHA256SUM): Likewise.
(JAXP_SHA256SUM): Likewise.
(JAXWS_SHA256SUM): Likewise.
(JDK_SHA256SUM): Likewise.
(LANGTOOLS_SHA256SUM): Likewise.
(OPENJDK_SHA256SUM): Likewise.
* patches/boot/ecj-diamond.patch,
* patches/boot/ecj-multicatch.patch:
Add additional case for UntrustedCertificates
class introduced by 7123519.
* patches/boot/ecj-stringswitch.patch:
Update MethodHandleNatives case.
* patches/boot/ecj-trywithresources.patch:
Same issue as diamond & multicatch.
author | Andrew John Hughes <gnu_andrew@member.fsf.org> |
---|---|
date | Wed, 20 Feb 2013 06:14:09 +0000 |
parents | c18375e2aaef |
children | 88cc265f0504 |
files | ChangeLog Makefile.am patches/boot/ecj-diamond.patch patches/boot/ecj-multicatch.patch patches/boot/ecj-stringswitch.patch patches/boot/ecj-trywithresources.patch |
diffstat | 6 files changed, 118 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Feb 14 00:47:41 2013 +0000 +++ b/ChangeLog Wed Feb 20 06:14:09 2013 +0000 @@ -1,3 +1,30 @@ +2013-02-20 Andrew John Hughes <gnu.andrew@member.fsf.org> + + * Makefile.am, + (HOTSPOT_CHANGESET): Update to IcedTea7 2.1 forest head, + bringing in latest security updates. + (HOTSPOT_CHANGESET): Likewise. + (JAXP_CHANGESET): Likewise. + (JAXWS_CHANGESET): Likewise. + (JDK_CHANGESET): Likewise. + (LANGTOOLS_CHANGESET): Likewise. + (OPENJDK_CHANGESET): Likewise. + (HOTSPOT_SHA256SUM): Likewise. + (CORBA_SHA256SUM): Likewise. + (JAXP_SHA256SUM): Likewise. + (JAXWS_SHA256SUM): Likewise. + (JDK_SHA256SUM): Likewise. + (LANGTOOLS_SHA256SUM): Likewise. + (OPENJDK_SHA256SUM): Likewise. + * patches/boot/ecj-diamond.patch, + * patches/boot/ecj-multicatch.patch: + Add additional case for UntrustedCertificates + class introduced by 7123519. + * patches/boot/ecj-stringswitch.patch: + Update MethodHandleNatives case. + * patches/boot/ecj-trywithresources.patch: + Same issue as diamond & multicatch. + 2013-02-13 Andrew John Hughes <gnu.andrew@member.fsf.org> * configure.ac: Bump to 2.1.6pre.
--- a/Makefile.am Thu Feb 14 00:47:41 2013 +0000 +++ b/Makefile.am Wed Feb 20 06:14:09 2013 +0000 @@ -4,21 +4,21 @@ JDK_UPDATE_VERSION = 03 COMBINED_VERSION = $(JDK_UPDATE_VERSION)-$(OPENJDK_VERSION) -HOTSPOT_CHANGESET = 32569b4d36f4 -CORBA_CHANGESET = fb02b0451c09 -JAXP_CHANGESET = c4bf68441a8d -JAXWS_CHANGESET = 5c2f1241ceac -JDK_CHANGESET = 833c87b29994 -LANGTOOLS_CHANGESET = e351b6e580c2 -OPENJDK_CHANGESET = 9806157f99d2 +HOTSPOT_CHANGESET = d8b22e079abe +CORBA_CHANGESET = 4afc0be5b3c6 +JAXP_CHANGESET = efa047bf59e9 +JAXWS_CHANGESET = 52bbe659af64 +JDK_CHANGESET = 78fbbfe20edb +LANGTOOLS_CHANGESET = ac6983a8bd4a +OPENJDK_CHANGESET = 7de37e3bcca6 -HOTSPOT_SHA256SUM = 455be170dcea6edbc9c74f9d67308bb6a1f39dadda0267e7d73ea6af3043f60c -CORBA_SHA256SUM = 84c753fda3ad9d22c5e83d090a9aeaf86a81df240abb634d364cd2cf4a221ef4 -JAXP_SHA256SUM = dac77699dd7cd2efd7b0db620dddbff5e2a74e0ea6164a04fc0345fd13f9bdcc -JAXWS_SHA256SUM = 11f7f159d5afae960223c4aea12c73021365699ae37c16286617700a7fdc2eb4 -JDK_SHA256SUM = 3084038ef84baa3bc42853894a4310da6a413e5221c2a97563f451b440926910 -LANGTOOLS_SHA256SUM = df8eb56f125d568ec11218fa372bed8d7bdcc608803d3568f398ef4231d5204d -OPENJDK_SHA256SUM = 3f48f1e79dcb50fe80707a14c0559b2d91fcaa9305182151d11b7452292e618c +HOTSPOT_SHA256SUM = 28883ebefcfff1ba8b356a7fabf8e449c25fe7fffe1d563f1f58f887100063f0 +CORBA_SHA256SUM = 813e02861d89147c0547f4608fe69b0abd153cf548bf1f21ef9d16ea0a6d683e +JAXP_SHA256SUM = 20d745c58117d1eaa061edb689bb7569b512ac8fb3d0f3518b5fa8b17ba7012e +JAXWS_SHA256SUM = d8acabf54c1a4fe02e45ac4bdfe1ff9f3e7a3abc12884fcacd580bce9063a7c5 +JDK_SHA256SUM = 7eeee7d8479f97ab0eb66be3845224b8b4073de8829ed819175faf9ca2f3b5ca +LANGTOOLS_SHA256SUM = 47db36264b345939176d1a5f36df84ad56d7fae76ce647ea1b619f7df0eb1eda +OPENJDK_SHA256SUM = a856008db052b7f7ec4b466eee117fcc72229531136f71d4dd712c2f6e71cbd6 CACAO_VERSION = a567bcb7f589 CACAO_SHA256SUM = d49f79debc131a5694cae6ab3ba2864e7f3249ee8d9dc09aae8afdd4dc6b09f9
--- a/patches/boot/ecj-diamond.patch Thu Feb 14 00:47:41 2013 +0000 +++ b/patches/boot/ecj-diamond.patch Wed Feb 20 06:14:09 2013 +0000 @@ -6070,3 +6070,14 @@ List<Thread> threads = new ArrayList<Thread>(); for (int i = 0; i < threadCount; i++) { RandomCollector r = new RandomCollector(); +--- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:35:55.724227856 +0000 ++++ openjdk-boot/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:36:16.596559015 +0000 +@@ -42,7 +42,7 @@ + */ + public final class UntrustedCertificates { + +- private final static Set<X509Certificate> untrustedCerts = new HashSet<>(); ++ private final static Set<X509Certificate> untrustedCerts = new HashSet<X509Certificate>(); + + /** + * Checks if a certificate is untrusted.
--- a/patches/boot/ecj-multicatch.patch Thu Feb 14 00:47:41 2013 +0000 +++ b/patches/boot/ecj-multicatch.patch Wed Feb 20 06:14:09 2013 +0000 @@ -130,3 +130,18 @@ throw new AssertionError(x); } } +diff -Nru openjdk-boot.orig/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java openjdk-boot/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java +--- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:34:29.274856281 +0000 ++++ openjdk-boot/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:34:52.071217958 +0000 +@@ -65,7 +65,10 @@ + throw new RuntimeException("Duplicate untrusted certificate: " + + cert.getSubjectX500Principal()); + } +- } catch (CertificateException | IOException e) { ++ } catch (IOException e) { ++ throw new RuntimeException( ++ "Incorrect untrusted certificate: " + alias, e); ++ } catch (CertificateException e) { + throw new RuntimeException( + "Incorrect untrusted certificate: " + alias, e); + }
--- a/patches/boot/ecj-stringswitch.patch Thu Feb 14 00:47:41 2013 +0000 +++ b/patches/boot/ecj-stringswitch.patch Wed Feb 20 06:14:09 2013 +0000 @@ -304,15 +304,20 @@ diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java --- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2013-01-14 22:25:02.000000000 +0000 +++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2013-01-15 02:19:34.315049222 +0000 -@@ -411,104 +411,99 @@ +@@ -411,111 +411,106 @@ static boolean isCallerSensitive(MemberName mem) { - assert(mem.isInvocable()); + if (!mem.isInvocable()) return false; // fields are not caller sensitive Class<?> defc = mem.getDeclaringClass(); - switch (mem.getName()) { - case "doPrivileged": +- case "doPrivilegedWithCombiner": + String memName = mem.getName(); -+ if ("doPrivileged".equals(memName)) { ++ if ("doPrivileged".equals(memName) || ++ "doPrivilegedWithCombiner".equals(memName)) { return defc == java.security.AccessController.class; +- case "checkMemberAccess": ++ } else if ("checkMemberAccess".equals(memName)) { + return canBeCalledVirtual(mem, java.lang.SecurityManager.class); - case "getUnsafe": + } else if ("getUnsafe".equals(memName)) { return defc == sun.misc.Unsafe.class; @@ -442,7 +447,7 @@ - break; - case "getContextClassLoader": + } else if ("getContextClassLoader".equals(memName)) { - return defc == java.lang.Thread.class; + return canBeCalledVirtual(mem, java.lang.Thread.class); - case "getPackage": - case "getPackages": + } else if ("getPackage".equals(memName) || @@ -468,11 +473,17 @@ - case "getCallerClassLoader": + } else if ("getCallerClassLoader".equals(memName)) { return defc == java.lang.ClassLoader.class; +- case "registerAsParallelCapable": ++ } else if ("registerAsParallelCapable".equals(memName)) { + return canBeCalledVirtual(mem, java.lang.ClassLoader.class); - case "getProxyClass": - case "newProxyInstance": + } else if ("getProxyClass".equals(memName) || + "newProxyInstance".equals(memName)) { return defc == java.lang.reflect.Proxy.class; +- case "asInterfaceInstance": ++ } else if ("asInterfaceInstance".equals(memName)) { + return defc == java.lang.invoke.MethodHandleProxies.class; - case "getBundle": - case "clearCache": + } else if ("getBundle".equals(memName) ||
--- a/patches/boot/ecj-trywithresources.patch Thu Feb 14 00:47:41 2013 +0000 +++ b/patches/boot/ecj-trywithresources.patch Wed Feb 20 06:14:09 2013 +0000 @@ -941,3 +941,39 @@ } catch (IOException x) { } return result; +--- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 04:33:00.545448559 +0000 ++++ openjdk-boot/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java 2013-02-20 05:18:03.320280934 +0000 +@@ -56,8 +56,9 @@ + + private static void add(String alias, String pemCert) { + // generate certificate from PEM certificate +- try (ByteArrayInputStream is = +- new ByteArrayInputStream(pemCert.getBytes())) { ++ ByteArrayInputStream is = null; ++ try { ++ is = new ByteArrayInputStream(pemCert.getBytes()); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate)cf.generateCertificate(is); + +@@ -65,13 +66,17 @@ + throw new RuntimeException("Duplicate untrusted certificate: " + + cert.getSubjectX500Principal()); + } +- } catch (IOException e) { +- throw new RuntimeException( +- "Incorrect untrusted certificate: " + alias, e); + } catch (CertificateException e) { + throw new RuntimeException( + "Incorrect untrusted certificate: " + alias, e); +- } ++ } finally { ++ if (is != null) ++ try { is.close(); } ++ catch (IOException e) { ++ throw new RuntimeException( ++ "Incorrect untrusted certificate: " + alias, e); ++ } ++ } + } + + static {