Mercurial > hg > release > icedtea7-2.1
changeset 2531:82725f53704e
Add 2012/10/16 security updates and update NEWS.
2011-10-17 Andrew John Hughes <gnu.andrew@redhat.com>
* Makefile.am:
(CORBA_CHANGESET): Update to IcedTea7 2.1 forest head;
the tag icedtea-2.1.3.
(JAXP_CHANGESET): Likewise.
(JAXWS_CHANGESET): Likewise.
(JDK_CHANGESET): Likewise.
(HOTSPOT_CHANGESET): Likewise.
(LANGTOOLS_CHANGESET): Likewise.
(OPENJDK_CHANGESET): Likewise.
(CORBA_SHA256SUM): Likewise.
(JAXP_SHA256SUM): Likewise.
(JAXWS_SHA256SUM): Likewise.
(JDK_SHA256SUM): Likewise.
(HOTSPOT_SHA256SUM): Likewise.
(LANGTOOLS_SHA256SUM): Likewise.
(OPENJDK_SHA256SUM): Likewise.
* NEWS: Updated.
* patches/boot/ecj-autoboxing.patch:
Add additional case in
java.lang.invoke.MethodHandleImpl.
* patches/boot/ecj-diamond.patch:
Add additional case in
com.sun.beans.decoder.DocumentHandler.
* patches/boot/ecj-stringswitch.patch:
Add additional case in
java.lang.invoke.MethodHandleNatives.
* patches/boot/ecj-trywithresources.patch:
Add additional case in
java.lang.invoke.MethodHandleImpl.
author | Andrew John Hughes <gnu_andrew@member.fsf.org> |
---|---|
date | Wed, 17 Oct 2012 07:42:22 +0100 |
parents | 812a19049ddb |
children | 24cca27b5ed6 |
files | ChangeLog Makefile.am NEWS patches/boot/ecj-autoboxing.patch patches/boot/ecj-diamond.patch patches/boot/ecj-stringswitch.patch patches/boot/ecj-trywithresources.patch |
diffstat | 7 files changed, 279 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Sep 05 11:48:34 2012 +0200 +++ b/ChangeLog Wed Oct 17 07:42:22 2012 +0100 @@ -1,3 +1,35 @@ +2011-10-17 Andrew John Hughes <gnu.andrew@redhat.com> + + * Makefile.am: + (CORBA_CHANGESET): Update to IcedTea7 2.1 forest head; + the tag icedtea-2.1.3. + (JAXP_CHANGESET): Likewise. + (JAXWS_CHANGESET): Likewise. + (JDK_CHANGESET): Likewise. + (HOTSPOT_CHANGESET): Likewise. + (LANGTOOLS_CHANGESET): Likewise. + (OPENJDK_CHANGESET): Likewise. + (CORBA_SHA256SUM): Likewise. + (JAXP_SHA256SUM): Likewise. + (JAXWS_SHA256SUM): Likewise. + (JDK_SHA256SUM): Likewise. + (HOTSPOT_SHA256SUM): Likewise. + (LANGTOOLS_SHA256SUM): Likewise. + (OPENJDK_SHA256SUM): Likewise. + * NEWS: Updated. + * patches/boot/ecj-autoboxing.patch: + Add additional case in + java.lang.invoke.MethodHandleImpl. + * patches/boot/ecj-diamond.patch: + Add additional case in + com.sun.beans.decoder.DocumentHandler. + * patches/boot/ecj-stringswitch.patch: + Add additional case in + java.lang.invoke.MethodHandleNatives. + * patches/boot/ecj-trywithresources.patch: + Add additional case in + java.lang.invoke.MethodHandleImpl. + 2012-09-05 Matthias Klose <doko@ubuntu.com> * configure.ac: Remove the Xp header and library checks.
--- a/Makefile.am Wed Sep 05 11:48:34 2012 +0200 +++ b/Makefile.am Wed Oct 17 07:42:22 2012 +0100 @@ -4,21 +4,21 @@ JDK_UPDATE_VERSION = 03 COMBINED_VERSION = $(JDK_UPDATE_VERSION)-$(OPENJDK_VERSION) -CORBA_CHANGESET = 5fb07c08e9e8 -HOTSPOT_CHANGESET = c159737dd826 -JAXP_CHANGESET = 68cc6550c43e -JAXWS_CHANGESET = 27864fc81873 -JDK_CHANGESET = 362f79895241 -LANGTOOLS_CHANGESET = 59d1da099001 -OPENJDK_CHANGESET = 1e3893e92a16 +CORBA_CHANGESET = 79ee8535bc51 +HOTSPOT_CHANGESET = 767fdaea4155 +JAXP_CHANGESET = 77e7219c7424 +JAXWS_CHANGESET = d92eda447bca +JDK_CHANGESET = d7ecb57d3c61 +LANGTOOLS_CHANGESET = fd2fdb20d858 +OPENJDK_CHANGESET = f89009ada191 -CORBA_SHA256SUM = c17cc7b5f2e4ee50ccccbe1a0ccc7c0f9e2bcab2c056c1a0e97c41c0083455e2 -HOTSPOT_SHA256SUM = c1e626ecf4e7118ac269923ef0b83f5f8d36b0e816b293197ffbf8dd5083fa8d -JAXP_SHA256SUM = 1db3906130149da1e8222273b6f8c1c0fe1095f2760c04ce28750f5e254cbc7b -JAXWS_SHA256SUM = 5a4641b75f297b79fcb2f46c7fceb7a8b911e1567ecbc0d566abcb992b0a0de3 -JDK_SHA256SUM = a7c9d6e8e855189066fe7aef1a61e08d581e07415cc5a0b398f3c82f017559e2 -LANGTOOLS_SHA256SUM = e901f0e4dba52f4ef3fedc946b0106a29ad7f406ab44c7028f1e16f2a23a6e07 -OPENJDK_SHA256SUM = 55f1c6ab34ce00db014a94fb0c6301de4fcea0077ccff4b4ba6827a17ec3bd77 +CORBA_SHA256SUM = f61dad8d484e4a9e645b7fb73da87bc44f9986a074629154f37ed46be05f5b84 +HOTSPOT_SHA256SUM = a2a2c610e9ebb97a3c95be233533035cf4f59c4cc45a553ba09e52106fbad113 +JAXP_SHA256SUM = 9cfbc0efaface20f7188870b9bf5b0ebc73d745cd9a49d013cd4e81ba223ccdc +JAXWS_SHA256SUM = 6d0858d46b68d6e8488e70d1675e5b656aeb4ef51e8ee4e330e77219f92c1c0c +JDK_SHA256SUM = 11146763409098a42dd9896f3fb7e7324a58c5cff5298009eb347ad26abeed51 +LANGTOOLS_SHA256SUM = 3a4039348aa49547fffa96563b77b704c72e2ac3ead2c132843ba1e9fe4dbad2 +OPENJDK_SHA256SUM = 0f2e414fee619e78c33bceaee7c440efa598d651b23a75fd61e1282ad6001839 CACAO_VERSION = a567bcb7f589 CACAO_SHA256SUM = d49f79debc131a5694cae6ab3ba2864e7f3249ee8d9dc09aae8afdd4dc6b09f9
--- a/NEWS Wed Sep 05 11:48:34 2012 +0200 +++ b/NEWS Wed Oct 17 07:42:22 2012 +0100 @@ -12,6 +12,40 @@ New in release 2.1.3 (2012-XX-XX): +* Security fixes + - S6631398, CVE-2012-3216: FilePermission improved path checking + - S7093490: adjust package access in rmiregistry + - S7143535, CVE-2012-5068: ScriptEngine corrected permissions + - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp + - S7158807: Revise stack management with volatile call sites + - S7163198, CVE-2012-5076: Tightened package accessibility + - S7167656, CVE-2012-5077: Multiple Seeders are being created + - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types + - S7169887, CVE-2012-5074: Tightened package accessibility + - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector + - S7172522, CVE-2012-5072: Improve DomainCombiner checking + - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC + - S7189103, CVE-2012-5069: Executors needs to maintain state + - S7189490: More improvements to DomainCombiner checking + - S7189567, CVE-2012-5085: java net obselete protocol + - S7192975, CVE-2012-5071: Issue with JMX reflection + - S7195194, CVE-2012-5084: Better data validation for Swing + - S7195549, CVE-2012-5087: Better bean object persistence + - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved + - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance + - S7196190, CVE-2012-5088: Improve method of handling MethodHandles + - S7198296, CVE-2012-5089: Refactor classloader usage + - S7158801: Improve VM CompileOnly option + - S7158804: Improve config file parsing + - S7198606, CVE-2012-4416: Improve VM optimization +* Backports + - S7175845: "jar uf" changes file permissions unexpectedly + - S7177216: native2ascii changes file permissions of input file + - S7106773: 512 bits RSA key cannot work with SHA384 and SHA512 +* Bug fixes + - Remove merge artefact. + - Remove the Xp header and library checks. + New in release 2.1.2 (2012-09-02): * Security fixes
--- a/patches/boot/ecj-autoboxing.patch Wed Sep 05 11:48:34 2012 +0200 +++ b/patches/boot/ecj-autoboxing.patch Wed Oct 17 07:42:22 2012 +0100 @@ -243,6 +243,15 @@ return target.invokeExact(a0, a1, a2, a3, a4, a5, a6, a7); return fallback.invokeExact(a0, a1, a2, a3, a4, a5, a6, a7); } +@@ -1374,7 +1374,7 @@ + MH_checkCallerClass = IMPL_LOOKUP + .findStatic(THIS_CLASS, "checkCallerClass", + MethodType.methodType(boolean.class, Class.class, Class.class)); +- assert((boolean) MH_checkCallerClass.invokeExact(THIS_CLASS, THIS_CLASS)); ++ assert((Boolean) MH_checkCallerClass.invokeExact(THIS_CLASS, THIS_CLASS)); + } catch (Throwable ex) { + throw new InternalError(ex.toString()); + } diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/ToGeneric.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/ToGeneric.java --- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/ToGeneric.java 2011-06-11 00:38:08.000000000 +0100 +++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/ToGeneric.java 2011-07-12 15:12:13.214932157 +0100 @@ -285,3 +294,6 @@ else return (int) unboxLong(x, false); } +diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java +--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java 2012-10-17 03:17:03.331299684 +0100 ++++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java 2012-10-17 03:19:49.546110492 +0100
--- a/patches/boot/ecj-diamond.patch Wed Sep 05 11:48:34 2012 +0200 +++ b/patches/boot/ecj-diamond.patch Wed Oct 17 07:42:22 2012 +0100 @@ -5822,3 +5822,20 @@ for (Extension ex : extensions.getAllExtensions()) { if (!ex.isCritical()) { extSet.add(ex.getExtensionId().toString()); +diff -Nru openjdk-boot.orig/jdk/src/share/classes/com/sun/beans/decoder/DocumentHandler.java openjdk-boot/jdk/src/share/classes/com/sun/beans/decoder/DocumentHandler.java +--- openjdk-boot.orig/jdk/src/share/classes/com/sun/beans/decoder/DocumentHandler.java 2012-10-17 02:42:13.610815469 +0100 ++++ openjdk-boot/jdk/src/share/classes/com/sun/beans/decoder/DocumentHandler.java 2012-10-17 02:43:02.995461481 +0100 +@@ -62,9 +62,10 @@ + */ + public final class DocumentHandler extends DefaultHandler { + private final AccessControlContext acc = AccessController.getContext(); +- private final Map<String, Class<? extends ElementHandler>> handlers = new HashMap<>(); +- private final Map<String, Object> environment = new HashMap<>(); +- private final List<Object> objects = new ArrayList<>(); ++ private final Map<String, Class<? extends ElementHandler>> handlers = ++ new HashMap<String, Class<? extends ElementHandler>>(); ++ private final Map<String, Object> environment = new HashMap<String, Object>(); ++ private final List<Object> objects = new ArrayList<Object>(); + + private Reference<ClassLoader> loader; + private ExceptionListener listener;
--- a/patches/boot/ecj-stringswitch.patch Wed Sep 05 11:48:34 2012 +0200 +++ b/patches/boot/ecj-stringswitch.patch Wed Oct 17 07:42:22 2012 +0100 @@ -301,3 +301,153 @@ } throw new IllegalArgumentException( +diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java +--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2012-10-17 03:48:53.678554395 +0100 ++++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2012-10-17 04:20:20.203700764 +0100 +@@ -411,89 +411,84 @@ + static boolean isCallerSensitive(MemberName mem) { + assert(mem.isInvocable()); + Class<?> defc = mem.getDeclaringClass(); +- switch (mem.getName()) { +- case "doPrivileged": ++ String memName = mem.getName(); ++ if ("doPrivileged".equals(memName)) { + return defc == java.security.AccessController.class; +- case "getUnsafe": ++ } else if ("getUnsafe".equals(memName)) { + return defc == sun.misc.Unsafe.class; +- case "lookup": ++ } else if ("lookup".equals(memName)) { + return defc == java.lang.invoke.MethodHandles.class; +- case "invoke": ++ } else if ("invoke".equals(memName)) { + return defc == java.lang.reflect.Method.class; +- case "get": +- case "getBoolean": +- case "getByte": +- case "getChar": +- case "getShort": +- case "getInt": +- case "getLong": +- case "getFloat": +- case "getDouble": +- case "set": +- case "setBoolean": +- case "setByte": +- case "setChar": +- case "setShort": +- case "setInt": +- case "setLong": +- case "setFloat": +- case "setDouble": ++ } else if ("get".equals(memName) || ++ "getBoolean".equals(memName) || ++ "getByte".equals(memName) || ++ "getChar".equals(memName) || ++ "getShort".equals(memName) || ++ "getInt".equals(memName) || ++ "getFloat".equals(memName) || ++ "getDouble".equals(memName) || ++ "set".equals(memName) || ++ "setBoolean".equals(memName) || ++ "setByte".equals(memName) || ++ "setChar".equals(memName) || ++ "setShort".equals(memName) || ++ "setInt".equals(memName) || ++ "setLong".equals(memName) || ++ "setFloat".equals(memName) || ++ "setDouble".equals(memName)) { + return defc == java.lang.reflect.Field.class; +- case "newInstance": ++ } else if ("newInstance".equals(memName)) { + if (defc == java.lang.reflect.Constructor.class) return true; + if (defc == java.lang.Class.class) return true; +- break; +- case "forName": +- case "getClassLoader": +- case "getClasses": +- case "getFields": +- case "getMethods": +- case "getConstructors": +- case "getDeclaredClasses": +- case "getDeclaredFields": +- case "getDeclaredMethods": +- case "getDeclaredConstructors": +- case "getField": +- case "getMethod": +- case "getConstructor": +- case "getDeclaredField": +- case "getDeclaredMethod": +- case "getDeclaredConstructor": ++ } else if ("forName".equals(memName) || ++ "getClassLoader".equals(memName) || ++ "getClasses".equals(memName) || ++ "getFields".equals(memName) || ++ "getMethods".equals(memName) || ++ "getConstructors".equals(memName) || ++ "getDeclaredClasses".equals(memName) || ++ "getDeclaredFields".equals(memName) || ++ "getDeclaredMethods".equals(memName) || ++ "getDeclaredConstructors".equals(memName) || ++ "getField".equals(memName) || ++ "getMethod".equals(memName) || ++ "getConstructor".equals(memName) || ++ "getDeclaredField".equals(memName) || ++ "getDeclaredMethod".equals(memName) || ++ "getDeclaredConstructor".equals(memName)) { + return defc == java.lang.Class.class; +- case "getConnection": +- case "getDriver": +- case "getDrivers": +- case "deregisterDriver": ++ } else if ("getConnection".equals(memName) || ++ "getDriver".equals(memName) || ++ "getDrivers".equals(memName) || ++ "deregisterDriver".equals(memName)) { + return defc == java.sql.DriverManager.class; +- case "newUpdater": ++ } else if ("newUpdater".equals(memName)) { + if (defc == java.util.concurrent.atomic.AtomicIntegerFieldUpdater.class) return true; + if (defc == java.util.concurrent.atomic.AtomicLongFieldUpdater.class) return true; + if (defc == java.util.concurrent.atomic.AtomicReferenceFieldUpdater.class) return true; +- break; +- case "getContextClassLoader": ++ } else if ("getContextClassLoader".equals(memName)) { + return defc == java.lang.Thread.class; +- case "getPackage": +- case "getPackages": ++ } else if ("getPackage".equals(memName) || ++ "getPackages".equals(memName)) { + return defc == java.lang.Package.class; +- case "getParent": +- case "getSystemClassLoader": ++ } else if ("getParent".equals(memName) || ++ "getSystemClassLoader".equals(memName)) { + return defc == java.lang.ClassLoader.class; +- case "load": +- case "loadLibrary": ++ } else if ("load".equals(memName) || ++ "loadLibrary".equals(memName)) { + if (defc == java.lang.Runtime.class) return true; + if (defc == java.lang.System.class) return true; +- break; +- case "getCallerClass": ++ } else if ("getCallerClass".equals(memName)) { + if (defc == sun.reflect.Reflection.class) return true; + if (defc == java.lang.System.class) return true; +- break; +- case "getCallerClassLoader": ++ } else if ("getCallerClassLoader".equals(memName)) { + return defc == java.lang.ClassLoader.class; +- case "getProxyClass": +- case "newProxyInstance": ++ } else if ("getProxyClass".equals(memName) || ++ "newProxyInstance".equals(memName)) { + return defc == java.lang.reflect.Proxy.class; +- case "getBundle": +- case "clearCache": ++ } else if ("getBundle".equals(memName) || ++ "clearCache".equals(memName)) { + return defc == java.util.ResourceBundle.class; + } + return false;
--- a/patches/boot/ecj-trywithresources.patch Wed Sep 05 11:48:34 2012 +0200 +++ b/patches/boot/ecj-trywithresources.patch Wed Oct 17 07:42:22 2012 +0100 @@ -902,3 +902,23 @@ } catch (IOException x) { } return result; +diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java +--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java 2012-10-17 03:17:03.331299684 +0100 ++++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java 2012-10-17 03:18:04.192329905 +0100 +@@ -1401,10 +1401,14 @@ + java.net.URLConnection uconn = tClass.getResource(tResource).openConnection(); + int len = uconn.getContentLength(); + byte[] bytes = new byte[len]; +- try (java.io.InputStream str = uconn.getInputStream()) { ++ java.io.InputStream str = null; ++ try { ++ str = uconn.getInputStream(); + int nr = str.read(bytes); + if (nr != len) throw new java.io.IOException(tResource); +- } ++ } finally { ++ str.close(); ++ } + values[0] = bytes; + } catch (java.io.IOException ex) { + throw new InternalError(ex.toString());