Mercurial > hg > release > icedtea7-2.1

changeset 2531:82725f53704e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2012/10/16 security updates and update NEWS. 2011-10-17 Andrew John Hughes <gnu.andrew@redhat.com> * Makefile.am: (CORBA_CHANGESET): Update to IcedTea7 2.1 forest head; the tag icedtea-2.1.3. (JAXP_CHANGESET): Likewise. (JAXWS_CHANGESET): Likewise. (JDK_CHANGESET): Likewise. (HOTSPOT_CHANGESET): Likewise. (LANGTOOLS_CHANGESET): Likewise. (OPENJDK_CHANGESET): Likewise. (CORBA_SHA256SUM): Likewise. (JAXP_SHA256SUM): Likewise. (JAXWS_SHA256SUM): Likewise. (JDK_SHA256SUM): Likewise. (HOTSPOT_SHA256SUM): Likewise. (LANGTOOLS_SHA256SUM): Likewise. (OPENJDK_SHA256SUM): Likewise. * NEWS: Updated. * patches/boot/ecj-autoboxing.patch: Add additional case in java.lang.invoke.MethodHandleImpl. * patches/boot/ecj-diamond.patch: Add additional case in com.sun.beans.decoder.DocumentHandler. * patches/boot/ecj-stringswitch.patch: Add additional case in java.lang.invoke.MethodHandleNatives. * patches/boot/ecj-trywithresources.patch: Add additional case in java.lang.invoke.MethodHandleImpl.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Wed, 17 Oct 2012 07:42:22 +0100
parents 812a19049ddb
children 24cca27b5ed6
files ChangeLog Makefile.am NEWS patches/boot/ecj-autoboxing.patch patches/boot/ecj-diamond.patch patches/boot/ecj-stringswitch.patch patches/boot/ecj-trywithresources.patch
diffstat 7 files changed, 279 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Sep 05 11:48:34 2012 +0200
+++ b/ChangeLog	Wed Oct 17 07:42:22 2012 +0100
@@ -1,3 +1,35 @@
+2011-10-17  Andrew John Hughes  <gnu.andrew@redhat.com>
+
+	* Makefile.am:
+	(CORBA_CHANGESET): Update to IcedTea7 2.1 forest head;
+	the tag icedtea-2.1.3.
+	(JAXP_CHANGESET): Likewise.
+	(JAXWS_CHANGESET): Likewise.
+	(JDK_CHANGESET): Likewise.
+	(HOTSPOT_CHANGESET): Likewise.
+	(LANGTOOLS_CHANGESET): Likewise.
+	(OPENJDK_CHANGESET): Likewise.
+	(CORBA_SHA256SUM): Likewise.
+	(JAXP_SHA256SUM): Likewise.
+	(JAXWS_SHA256SUM): Likewise.
+	(JDK_SHA256SUM): Likewise.
+	(HOTSPOT_SHA256SUM): Likewise.
+	(LANGTOOLS_SHA256SUM): Likewise.
+	(OPENJDK_SHA256SUM): Likewise.
+	* NEWS: Updated.
+	* patches/boot/ecj-autoboxing.patch:
+	Add additional case in
+	java.lang.invoke.MethodHandleImpl.
+	* patches/boot/ecj-diamond.patch:
+	Add additional case in
+	com.sun.beans.decoder.DocumentHandler.
+	* patches/boot/ecj-stringswitch.patch:
+	Add additional case in
+	java.lang.invoke.MethodHandleNatives.
+	* patches/boot/ecj-trywithresources.patch:
+	Add additional case in
+	java.lang.invoke.MethodHandleImpl.
+
 2012-09-05  Matthias Klose  <doko@ubuntu.com>
 
 	* configure.ac: Remove the Xp header and library checks.
--- a/Makefile.am	Wed Sep 05 11:48:34 2012 +0200
+++ b/Makefile.am	Wed Oct 17 07:42:22 2012 +0100
@@ -4,21 +4,21 @@
 JDK_UPDATE_VERSION = 03
 COMBINED_VERSION = $(JDK_UPDATE_VERSION)-$(OPENJDK_VERSION)
 
-CORBA_CHANGESET = 5fb07c08e9e8
-HOTSPOT_CHANGESET = c159737dd826
-JAXP_CHANGESET = 68cc6550c43e
-JAXWS_CHANGESET = 27864fc81873
-JDK_CHANGESET = 362f79895241
-LANGTOOLS_CHANGESET = 59d1da099001
-OPENJDK_CHANGESET = 1e3893e92a16
+CORBA_CHANGESET = 79ee8535bc51
+HOTSPOT_CHANGESET = 767fdaea4155
+JAXP_CHANGESET = 77e7219c7424
+JAXWS_CHANGESET = d92eda447bca
+JDK_CHANGESET = d7ecb57d3c61
+LANGTOOLS_CHANGESET = fd2fdb20d858
+OPENJDK_CHANGESET = f89009ada191
 
-CORBA_SHA256SUM = c17cc7b5f2e4ee50ccccbe1a0ccc7c0f9e2bcab2c056c1a0e97c41c0083455e2
-HOTSPOT_SHA256SUM = c1e626ecf4e7118ac269923ef0b83f5f8d36b0e816b293197ffbf8dd5083fa8d
-JAXP_SHA256SUM = 1db3906130149da1e8222273b6f8c1c0fe1095f2760c04ce28750f5e254cbc7b
-JAXWS_SHA256SUM = 5a4641b75f297b79fcb2f46c7fceb7a8b911e1567ecbc0d566abcb992b0a0de3
-JDK_SHA256SUM = a7c9d6e8e855189066fe7aef1a61e08d581e07415cc5a0b398f3c82f017559e2
-LANGTOOLS_SHA256SUM = e901f0e4dba52f4ef3fedc946b0106a29ad7f406ab44c7028f1e16f2a23a6e07
-OPENJDK_SHA256SUM = 55f1c6ab34ce00db014a94fb0c6301de4fcea0077ccff4b4ba6827a17ec3bd77
+CORBA_SHA256SUM = f61dad8d484e4a9e645b7fb73da87bc44f9986a074629154f37ed46be05f5b84
+HOTSPOT_SHA256SUM = a2a2c610e9ebb97a3c95be233533035cf4f59c4cc45a553ba09e52106fbad113
+JAXP_SHA256SUM = 9cfbc0efaface20f7188870b9bf5b0ebc73d745cd9a49d013cd4e81ba223ccdc
+JAXWS_SHA256SUM = 6d0858d46b68d6e8488e70d1675e5b656aeb4ef51e8ee4e330e77219f92c1c0c
+JDK_SHA256SUM = 11146763409098a42dd9896f3fb7e7324a58c5cff5298009eb347ad26abeed51
+LANGTOOLS_SHA256SUM = 3a4039348aa49547fffa96563b77b704c72e2ac3ead2c132843ba1e9fe4dbad2
+OPENJDK_SHA256SUM = 0f2e414fee619e78c33bceaee7c440efa598d651b23a75fd61e1282ad6001839
 
 CACAO_VERSION = a567bcb7f589
 CACAO_SHA256SUM = d49f79debc131a5694cae6ab3ba2864e7f3249ee8d9dc09aae8afdd4dc6b09f9
--- a/NEWS	Wed Sep 05 11:48:34 2012 +0200
+++ b/NEWS	Wed Oct 17 07:42:22 2012 +0100
@@ -12,6 +12,40 @@
 
 New in release 2.1.3 (2012-XX-XX):
 
+* Security fixes
+  - S6631398, CVE-2012-3216: FilePermission improved path checking
+  - S7093490: adjust package access in rmiregistry
+  - S7143535, CVE-2012-5068: ScriptEngine corrected permissions
+  - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp
+  - S7158807: Revise stack management with volatile call sites
+  - S7163198, CVE-2012-5076: Tightened package accessibility
+  - S7167656, CVE-2012-5077: Multiple Seeders are being created
+  - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
+  - S7169887, CVE-2012-5074: Tightened package accessibility
+  - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
+  - S7172522, CVE-2012-5072: Improve DomainCombiner checking
+  - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
+  - S7189103, CVE-2012-5069: Executors needs to maintain state
+  - S7189490: More improvements to DomainCombiner checking
+  - S7189567, CVE-2012-5085: java net obselete protocol
+  - S7192975, CVE-2012-5071: Issue with JMX reflection
+  - S7195194, CVE-2012-5084: Better data validation for Swing
+  - S7195549, CVE-2012-5087: Better bean object persistence
+  - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
+  - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance
+  - S7196190, CVE-2012-5088: Improve method of handling MethodHandles
+  - S7198296, CVE-2012-5089: Refactor classloader usage
+  - S7158801: Improve VM CompileOnly option
+  - S7158804: Improve config file parsing
+  - S7198606, CVE-2012-4416: Improve VM optimization
+* Backports
+  - S7175845: "jar uf" changes file permissions unexpectedly
+  - S7177216: native2ascii changes file permissions of input file
+  - S7106773: 512 bits RSA key cannot work with SHA384 and SHA512
+* Bug fixes
+  - Remove merge artefact.
+  - Remove the Xp header and library checks.
+
 New in release 2.1.2 (2012-09-02):
 
 * Security fixes
--- a/patches/boot/ecj-autoboxing.patch	Wed Sep 05 11:48:34 2012 +0200
+++ b/patches/boot/ecj-autoboxing.patch	Wed Oct 17 07:42:22 2012 +0100
@@ -243,6 +243,15 @@
                  return target.invokeExact(a0, a1, a2, a3, a4, a5, a6, a7);
              return fallback.invokeExact(a0, a1, a2, a3, a4, a5, a6, a7);
          }
+@@ -1374,7 +1374,7 @@
+                 MH_checkCallerClass = IMPL_LOOKUP
+                     .findStatic(THIS_CLASS, "checkCallerClass",
+                                 MethodType.methodType(boolean.class, Class.class, Class.class));
+-                assert((boolean) MH_checkCallerClass.invokeExact(THIS_CLASS, THIS_CLASS));
++                assert((Boolean) MH_checkCallerClass.invokeExact(THIS_CLASS, THIS_CLASS));
+             } catch (Throwable ex) {
+                 throw new InternalError(ex.toString());
+             }
 diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/ToGeneric.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/ToGeneric.java
 --- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/ToGeneric.java	2011-06-11 00:38:08.000000000 +0100
 +++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/ToGeneric.java	2011-07-12 15:12:13.214932157 +0100
@@ -285,3 +294,6 @@
          else
              return (int) unboxLong(x, false);
      }
+diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java
+--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java	2012-10-17 03:17:03.331299684 +0100
++++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java	2012-10-17 03:19:49.546110492 +0100
--- a/patches/boot/ecj-diamond.patch	Wed Sep 05 11:48:34 2012 +0200
+++ b/patches/boot/ecj-diamond.patch	Wed Oct 17 07:42:22 2012 +0100
@@ -5822,3 +5822,20 @@
          for (Extension ex : extensions.getAllExtensions()) {
              if (!ex.isCritical()) {
                  extSet.add(ex.getExtensionId().toString());
+diff -Nru openjdk-boot.orig/jdk/src/share/classes/com/sun/beans/decoder/DocumentHandler.java openjdk-boot/jdk/src/share/classes/com/sun/beans/decoder/DocumentHandler.java
+--- openjdk-boot.orig/jdk/src/share/classes/com/sun/beans/decoder/DocumentHandler.java	2012-10-17 02:42:13.610815469 +0100
++++ openjdk-boot/jdk/src/share/classes/com/sun/beans/decoder/DocumentHandler.java	2012-10-17 02:43:02.995461481 +0100
+@@ -62,9 +62,10 @@
+  */
+ public final class DocumentHandler extends DefaultHandler {
+     private final AccessControlContext acc = AccessController.getContext();
+-    private final Map<String, Class<? extends ElementHandler>> handlers = new HashMap<>();
+-    private final Map<String, Object> environment = new HashMap<>();
+-    private final List<Object> objects = new ArrayList<>();
++    private final Map<String, Class<? extends ElementHandler>> handlers =
++					      new HashMap<String, Class<? extends ElementHandler>>();
++    private final Map<String, Object> environment = new HashMap<String, Object>();
++    private final List<Object> objects = new ArrayList<Object>();
+ 
+     private Reference<ClassLoader> loader;
+     private ExceptionListener listener;
--- a/patches/boot/ecj-stringswitch.patch	Wed Sep 05 11:48:34 2012 +0200
+++ b/patches/boot/ecj-stringswitch.patch	Wed Oct 17 07:42:22 2012 +0100
@@ -301,3 +301,153 @@
                  }
  
                  throw new IllegalArgumentException(
+diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java
+--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java	2012-10-17 03:48:53.678554395 +0100
++++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java	2012-10-17 04:20:20.203700764 +0100
+@@ -411,89 +411,84 @@
+     static boolean isCallerSensitive(MemberName mem) {
+         assert(mem.isInvocable());
+         Class<?> defc = mem.getDeclaringClass();
+-        switch (mem.getName()) {
+-        case "doPrivileged":
++	String memName = mem.getName();
++	if ("doPrivileged".equals(memName)) {
+             return defc == java.security.AccessController.class;
+-        case "getUnsafe":
++        } else if ("getUnsafe".equals(memName)) {
+             return defc == sun.misc.Unsafe.class;
+-        case "lookup":
++	} else if ("lookup".equals(memName)) {
+             return defc == java.lang.invoke.MethodHandles.class;
+-        case "invoke":
++        } else if ("invoke".equals(memName)) {
+             return defc == java.lang.reflect.Method.class;
+-        case "get":
+-        case "getBoolean":
+-        case "getByte":
+-        case "getChar":
+-        case "getShort":
+-        case "getInt":
+-        case "getLong":
+-        case "getFloat":
+-        case "getDouble":
+-        case "set":
+-        case "setBoolean":
+-        case "setByte":
+-        case "setChar":
+-        case "setShort":
+-        case "setInt":
+-        case "setLong":
+-        case "setFloat":
+-        case "setDouble":
++	} else if ("get".equals(memName) ||
++		   "getBoolean".equals(memName) ||
++		   "getByte".equals(memName) ||
++		   "getChar".equals(memName) ||
++		   "getShort".equals(memName) ||
++		   "getInt".equals(memName) ||
++		   "getFloat".equals(memName) ||
++		   "getDouble".equals(memName) ||
++		   "set".equals(memName) ||
++		   "setBoolean".equals(memName) ||
++		   "setByte".equals(memName) ||
++		   "setChar".equals(memName) ||
++		   "setShort".equals(memName) ||
++		   "setInt".equals(memName) ||
++		   "setLong".equals(memName) ||
++		   "setFloat".equals(memName) ||
++		   "setDouble".equals(memName)) {
+             return defc == java.lang.reflect.Field.class;
+-        case "newInstance":
++	} else if ("newInstance".equals(memName)) {
+             if (defc == java.lang.reflect.Constructor.class)  return true;
+             if (defc == java.lang.Class.class)  return true;
+-            break;
+-        case "forName":
+-        case "getClassLoader":
+-        case "getClasses":
+-        case "getFields":
+-        case "getMethods":
+-        case "getConstructors":
+-        case "getDeclaredClasses":
+-        case "getDeclaredFields":
+-        case "getDeclaredMethods":
+-        case "getDeclaredConstructors":
+-        case "getField":
+-        case "getMethod":
+-        case "getConstructor":
+-        case "getDeclaredField":
+-        case "getDeclaredMethod":
+-        case "getDeclaredConstructor":
++	} else if ("forName".equals(memName) ||
++		   "getClassLoader".equals(memName) ||
++		   "getClasses".equals(memName) ||
++		   "getFields".equals(memName) ||
++		   "getMethods".equals(memName) ||
++		   "getConstructors".equals(memName) ||
++		   "getDeclaredClasses".equals(memName) ||
++		   "getDeclaredFields".equals(memName) ||
++		   "getDeclaredMethods".equals(memName) ||
++		   "getDeclaredConstructors".equals(memName) ||
++		   "getField".equals(memName) ||
++		   "getMethod".equals(memName) ||
++		   "getConstructor".equals(memName) ||
++		   "getDeclaredField".equals(memName) ||
++		   "getDeclaredMethod".equals(memName) ||
++		   "getDeclaredConstructor".equals(memName)) {
+             return defc == java.lang.Class.class;
+-        case "getConnection":
+-        case "getDriver":
+-        case "getDrivers":
+-        case "deregisterDriver":
++	} else if ("getConnection".equals(memName) ||
++		   "getDriver".equals(memName) ||
++		   "getDrivers".equals(memName) ||
++		   "deregisterDriver".equals(memName)) {
+             return defc == java.sql.DriverManager.class;
+-        case "newUpdater":
++        } else if ("newUpdater".equals(memName)) {
+             if (defc == java.util.concurrent.atomic.AtomicIntegerFieldUpdater.class)  return true;
+             if (defc == java.util.concurrent.atomic.AtomicLongFieldUpdater.class)  return true;
+             if (defc == java.util.concurrent.atomic.AtomicReferenceFieldUpdater.class)  return true;
+-            break;
+-        case "getContextClassLoader":
++        } else if ("getContextClassLoader".equals(memName)) {
+             return defc == java.lang.Thread.class;
+-        case "getPackage":
+-        case "getPackages":
++        } else if ("getPackage".equals(memName) ||
++		   "getPackages".equals(memName)) {
+             return defc == java.lang.Package.class;
+-        case "getParent":
+-        case "getSystemClassLoader":
++        } else if ("getParent".equals(memName) ||
++		   "getSystemClassLoader".equals(memName)) {
+             return defc == java.lang.ClassLoader.class;
+-        case "load":
+-        case "loadLibrary":
++        } else if ("load".equals(memName) ||
++		   "loadLibrary".equals(memName)) {
+             if (defc == java.lang.Runtime.class)  return true;
+             if (defc == java.lang.System.class)  return true;
+-            break;
+-        case "getCallerClass":
++        } else if ("getCallerClass".equals(memName)) {
+             if (defc == sun.reflect.Reflection.class)  return true;
+             if (defc == java.lang.System.class)  return true;
+-            break;
+-        case "getCallerClassLoader":
++	} else if ("getCallerClassLoader".equals(memName)) {
+             return defc == java.lang.ClassLoader.class;
+-        case "getProxyClass":
+-        case "newProxyInstance":
++        } else if ("getProxyClass".equals(memName) ||
++		   "newProxyInstance".equals(memName)) {
+             return defc == java.lang.reflect.Proxy.class;
+-        case "getBundle":
+-        case "clearCache":
++        } else if ("getBundle".equals(memName) ||
++		   "clearCache".equals(memName)) {
+             return defc == java.util.ResourceBundle.class;
+         }
+         return false;
--- a/patches/boot/ecj-trywithresources.patch	Wed Sep 05 11:48:34 2012 +0200
+++ b/patches/boot/ecj-trywithresources.patch	Wed Oct 17 07:42:22 2012 +0100
@@ -902,3 +902,23 @@
          } catch (IOException x) {
          }
          return result;
+diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java
+--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java	2012-10-17 03:17:03.331299684 +0100
++++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleImpl.java	2012-10-17 03:18:04.192329905 +0100
+@@ -1401,10 +1401,14 @@
+                             java.net.URLConnection uconn = tClass.getResource(tResource).openConnection();
+                             int len = uconn.getContentLength();
+                             byte[] bytes = new byte[len];
+-                            try (java.io.InputStream str = uconn.getInputStream()) {
++			    java.io.InputStream str = null;
++                            try {
++				str = uconn.getInputStream(); 
+                                 int nr = str.read(bytes);
+                                 if (nr != len)  throw new java.io.IOException(tResource);
+-                            }
++                            } finally {
++				str.close();
++			    }
+                             values[0] = bytes;
+                         } catch (java.io.IOException ex) {
+                             throw new InternalError(ex.toString());