Mercurial > hg > release > icedtea7-2.1
changeset 2538:c117045cbb6d
Add 2013/01/15 security update.
2013-01-15 Andrew John Hughes <gnu_andrew@member.fsf.org>
* Makefile.am:
(CORBA_CHANGESET): Update to IcedTea7 2.1 forest head;
the tag icedtea-2.1.4.
(HOTSPOT_CHANGESET): Likewise.
(JAXP_CHANGESET): Likewise.
(JAXWS_CHANGESET): Likewise.
(JDK_CHANGESET): Likewise.
(LANGTOOLS_CHANGESET): Likewise.
(OPENJDK_CHANGESET): Likewise.
(CORBA_SHA256SUM): Likewise.
(HOTSPOT_SHA256SUM): Likewise.
(JAXP_SHA256SUM): Likewise.
(JAXWS_SHA256SUM): Likewise.
(JDK_SHA256SUM): Likewise.
(LANGTOOLS_SHA256SUM): Likewise.
(OPENJDK_SHA256SUM): Likewise.
* NEWS: List security fixes and set release date.
* patches/boot/ecj-stringswitch.patch:
Updated to work post-security-patches.
author | Andrew John Hughes <gnu_andrew@member.fsf.org> |
---|---|
date | Tue, 15 Jan 2013 17:43:51 +0000 |
parents | 815ed44765eb |
children | a25c80a05735 |
files | ChangeLog Makefile.am NEWS patches/boot/ecj-stringswitch.patch |
diffstat | 4 files changed, 74 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Oct 24 17:47:28 2012 +0100 +++ b/ChangeLog Tue Jan 15 17:43:51 2013 +0000 @@ -1,3 +1,25 @@ +2013-01-15 Andrew John Hughes <gnu_andrew@member.fsf.org> + + * Makefile.am: + (CORBA_CHANGESET): Update to IcedTea7 2.1 forest head; + the tag icedtea-2.1.4. + (HOTSPOT_CHANGESET): Likewise. + (JAXP_CHANGESET): Likewise. + (JAXWS_CHANGESET): Likewise. + (JDK_CHANGESET): Likewise. + (LANGTOOLS_CHANGESET): Likewise. + (OPENJDK_CHANGESET): Likewise. + (CORBA_SHA256SUM): Likewise. + (HOTSPOT_SHA256SUM): Likewise. + (JAXP_SHA256SUM): Likewise. + (JAXWS_SHA256SUM): Likewise. + (JDK_SHA256SUM): Likewise. + (LANGTOOLS_SHA256SUM): Likewise. + (OPENJDK_SHA256SUM): Likewise. + * NEWS: List security fixes and set release date. + * patches/boot/ecj-stringswitch.patch: + Updated to work post-security-patches. + 2012-10-24 Andrew John Hughes <gnu.andrew@redhat.com> * NEWS: Corrected bad CVE number
--- a/Makefile.am Wed Oct 24 17:47:28 2012 +0100 +++ b/Makefile.am Tue Jan 15 17:43:51 2013 +0000 @@ -4,21 +4,21 @@ JDK_UPDATE_VERSION = 03 COMBINED_VERSION = $(JDK_UPDATE_VERSION)-$(OPENJDK_VERSION) -CORBA_CHANGESET = 79ee8535bc51 -HOTSPOT_CHANGESET = a456d0771ba0 -JAXP_CHANGESET = 77e7219c7424 -JAXWS_CHANGESET = d92eda447bca -JDK_CHANGESET = d7ecb57d3c61 -LANGTOOLS_CHANGESET = fd2fdb20d858 -OPENJDK_CHANGESET = f89009ada191 +CORBA_CHANGESET = fccd14ecf86c +HOTSPOT_CHANGESET = 3f345e5f65eb +JAXP_CHANGESET = fb08c190f504 +JAXWS_CHANGESET = 77e7849c5e50 +JDK_CHANGESET = e7d1cb36e005 +LANGTOOLS_CHANGESET = de674a569978 +OPENJDK_CHANGESET = bc612c7c99ec -CORBA_SHA256SUM = f61dad8d484e4a9e645b7fb73da87bc44f9986a074629154f37ed46be05f5b84 -HOTSPOT_SHA256SUM = 09a64fca0beff0759ef1b461d63ed6a00e43032972781bb3a55e49d8b93f67d0 -JAXP_SHA256SUM = 9cfbc0efaface20f7188870b9bf5b0ebc73d745cd9a49d013cd4e81ba223ccdc -JAXWS_SHA256SUM = 6d0858d46b68d6e8488e70d1675e5b656aeb4ef51e8ee4e330e77219f92c1c0c -JDK_SHA256SUM = 11146763409098a42dd9896f3fb7e7324a58c5cff5298009eb347ad26abeed51 -LANGTOOLS_SHA256SUM = 3a4039348aa49547fffa96563b77b704c72e2ac3ead2c132843ba1e9fe4dbad2 -OPENJDK_SHA256SUM = 0f2e414fee619e78c33bceaee7c440efa598d651b23a75fd61e1282ad6001839 +CORBA_SHA256SUM = bc761a960972906ec67b208e94f557bd9d1ceb07ae9020776a4774674d57ff44 +HOTSPOT_SHA256SUM = fa482a6ace16f95dd53cb99c842da401e634a4536ef1a18280e5d3b7843954b0 +JAXP_SHA256SUM = 619254245e5876614689c95cff44124462252bc0c074c85c657a1bac76e04043 +JAXWS_SHA256SUM = 4a60a1af32b4a274579e9932b22d552df6aae00640a3caf6a27109bdc2fe5d5a +JDK_SHA256SUM = 1397d8e1f15fb6cb28a8c37fe15c93f8b95d36d5a4c6753cf621d28af620d6bf +LANGTOOLS_SHA256SUM = b8c28b2de175694d1b8d6ff94c5ba616250aa3f39f41123e188cfec0b0a14da8 +OPENJDK_SHA256SUM = 4ee8fda9898f0b90fa05ea31907c20cd28d65bef550a332d35e3bd2f412cd399 CACAO_VERSION = a567bcb7f589 CACAO_SHA256SUM = d49f79debc131a5694cae6ab3ba2864e7f3249ee8d9dc09aae8afdd4dc6b09f9
--- a/NEWS Wed Oct 24 17:47:28 2012 +0100 +++ b/NEWS Tue Jan 15 17:43:51 2013 +0000 @@ -10,7 +10,12 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY -New in release 2.1.4 (20XX-XX-XX): +New in release 2.1.4 (2013-01-15): + +* Security fixes + - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries + - S8006017, CVE-2013-0422: Improve lookup resolutions + - S8006125: Update MethodHandles library interactions New in release 2.1.3 (2012-10-17):
--- a/patches/boot/ecj-stringswitch.patch Wed Oct 24 17:47:28 2012 +0100 +++ b/patches/boot/ecj-stringswitch.patch Tue Jan 15 17:43:51 2013 +0000 @@ -302,9 +302,9 @@ throw new IllegalArgumentException( diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java ---- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2012-10-17 03:48:53.678554395 +0100 -+++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2012-10-17 04:20:20.203700764 +0100 -@@ -411,89 +411,84 @@ +--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2013-01-14 22:25:02.000000000 +0000 ++++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java 2013-01-15 02:19:34.315049222 +0000 +@@ -411,104 +411,99 @@ static boolean isCallerSensitive(MemberName mem) { assert(mem.isInvocable()); Class<?> defc = mem.getDeclaringClass(); @@ -319,6 +319,35 @@ - case "lookup": + } else if ("lookup".equals(memName)) { return defc == java.lang.invoke.MethodHandles.class; +- case "findStatic": +- case "findVirtual": +- case "findConstructor": +- case "findSpecial": +- case "findGetter": +- case "findSetter": +- case "findStaticGetter": +- case "findStaticSetter": +- case "bind": +- case "unreflect": +- case "unreflectSpecial": +- case "unreflectConstructor": +- case "unreflectGetter": +- case "unreflectSetter": ++ } else if ("findStatic".equals(memName) || ++ "findVirtual".equals(memName) || ++ "findConstructor".equals(memName) || ++ "findSpecial".equals(memName) || ++ "findGetter".equals(memName) || ++ "findSetter".equals(memName) || ++ "findStaticGetter".equals(memName) || ++ "findStaticSetter".equals(memName) || ++ "bind".equals(memName) || ++ "unreflect".equals(memName) || ++ "unreflectSpecial".equals(memName) || ++ "unreflectConstructor".equals(memName) || ++ "unreflectGetter".equals(memName) || ++ "unreflectSetter".equals(memName)) { + return defc == java.lang.invoke.MethodHandles.Lookup.class; - case "invoke": + } else if ("invoke".equals(memName)) { return defc == java.lang.reflect.Method.class;