Mercurial > hg > release > icedtea7-2.1

--- a/ChangeLog	Wed Oct 24 17:47:28 2012 +0100
+++ b/ChangeLog	Tue Jan 15 17:43:51 2013 +0000
@@ -1,3 +1,25 @@
+2013-01-15  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	* Makefile.am:
+	(CORBA_CHANGESET): Update to IcedTea7 2.1 forest head;
+	the tag icedtea-2.1.4.
+	(HOTSPOT_CHANGESET): Likewise.
+	(JAXP_CHANGESET): Likewise.
+	(JAXWS_CHANGESET): Likewise.
+	(JDK_CHANGESET): Likewise.
+	(LANGTOOLS_CHANGESET): Likewise.
+	(OPENJDK_CHANGESET): Likewise.
+	(CORBA_SHA256SUM): Likewise.
+	(HOTSPOT_SHA256SUM): Likewise.
+	(JAXP_SHA256SUM): Likewise.
+	(JAXWS_SHA256SUM): Likewise.
+	(JDK_SHA256SUM): Likewise.
+	(LANGTOOLS_SHA256SUM): Likewise.
+	(OPENJDK_SHA256SUM): Likewise.
+	* NEWS: List security fixes and set release date.
+	* patches/boot/ecj-stringswitch.patch:
+	Updated to work post-security-patches.
+
 2012-10-24  Andrew John Hughes  <gnu.andrew@redhat.com>

 	* NEWS: Corrected bad CVE number
--- a/Makefile.am	Wed Oct 24 17:47:28 2012 +0100
+++ b/Makefile.am	Tue Jan 15 17:43:51 2013 +0000
@@ -4,21 +4,21 @@
 JDK_UPDATE_VERSION = 03
 COMBINED_VERSION = $(JDK_UPDATE_VERSION)-$(OPENJDK_VERSION)

-CORBA_CHANGESET = 79ee8535bc51
-HOTSPOT_CHANGESET = a456d0771ba0
-JAXP_CHANGESET = 77e7219c7424
-JAXWS_CHANGESET = d92eda447bca
-JDK_CHANGESET = d7ecb57d3c61
-LANGTOOLS_CHANGESET = fd2fdb20d858
-OPENJDK_CHANGESET = f89009ada191
+CORBA_CHANGESET = fccd14ecf86c
+HOTSPOT_CHANGESET = 3f345e5f65eb
+JAXP_CHANGESET = fb08c190f504
+JAXWS_CHANGESET = 77e7849c5e50
+JDK_CHANGESET = e7d1cb36e005
+LANGTOOLS_CHANGESET = de674a569978
+OPENJDK_CHANGESET = bc612c7c99ec

-CORBA_SHA256SUM = f61dad8d484e4a9e645b7fb73da87bc44f9986a074629154f37ed46be05f5b84
-HOTSPOT_SHA256SUM = 09a64fca0beff0759ef1b461d63ed6a00e43032972781bb3a55e49d8b93f67d0
-JAXP_SHA256SUM = 9cfbc0efaface20f7188870b9bf5b0ebc73d745cd9a49d013cd4e81ba223ccdc
-JAXWS_SHA256SUM = 6d0858d46b68d6e8488e70d1675e5b656aeb4ef51e8ee4e330e77219f92c1c0c
-JDK_SHA256SUM = 11146763409098a42dd9896f3fb7e7324a58c5cff5298009eb347ad26abeed51
-LANGTOOLS_SHA256SUM = 3a4039348aa49547fffa96563b77b704c72e2ac3ead2c132843ba1e9fe4dbad2
-OPENJDK_SHA256SUM = 0f2e414fee619e78c33bceaee7c440efa598d651b23a75fd61e1282ad6001839
+CORBA_SHA256SUM = bc761a960972906ec67b208e94f557bd9d1ceb07ae9020776a4774674d57ff44
+HOTSPOT_SHA256SUM = fa482a6ace16f95dd53cb99c842da401e634a4536ef1a18280e5d3b7843954b0
+JAXP_SHA256SUM = 619254245e5876614689c95cff44124462252bc0c074c85c657a1bac76e04043
+JAXWS_SHA256SUM = 4a60a1af32b4a274579e9932b22d552df6aae00640a3caf6a27109bdc2fe5d5a
+JDK_SHA256SUM = 1397d8e1f15fb6cb28a8c37fe15c93f8b95d36d5a4c6753cf621d28af620d6bf
+LANGTOOLS_SHA256SUM = b8c28b2de175694d1b8d6ff94c5ba616250aa3f39f41123e188cfec0b0a14da8
+OPENJDK_SHA256SUM = 4ee8fda9898f0b90fa05ea31907c20cd28d65bef550a332d35e3bd2f412cd399

 CACAO_VERSION = a567bcb7f589
 CACAO_SHA256SUM = d49f79debc131a5694cae6ab3ba2864e7f3249ee8d9dc09aae8afdd4dc6b09f9
--- a/NEWS	Wed Oct 24 17:47:28 2012 +0100
+++ b/NEWS	Tue Jan 15 17:43:51 2013 +0000
@@ -10,7 +10,12 @@

 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

-New in release 2.1.4 (20XX-XX-XX):
+New in release 2.1.4 (2013-01-15):
+
+* Security fixes
+  - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries
+  - S8006017, CVE-2013-0422: Improve lookup resolutions
+  - S8006125: Update MethodHandles library interactions

 New in release 2.1.3 (2012-10-17):
--- a/patches/boot/ecj-stringswitch.patch	Wed Oct 24 17:47:28 2012 +0100
+++ b/patches/boot/ecj-stringswitch.patch	Tue Jan 15 17:43:51 2013 +0000
@@ -302,9 +302,9 @@

                  throw new IllegalArgumentException(
 diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java
---- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java	2012-10-17 03:48:53.678554395 +0100
-+++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java	2012-10-17 04:20:20.203700764 +0100
-@@ -411,89 +411,84 @@
+--- openjdk-boot.orig/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java	2013-01-14 22:25:02.000000000 +0000
++++ openjdk-boot/jdk/src/share/classes/java/lang/invoke/MethodHandleNatives.java	2013-01-15 02:19:34.315049222 +0000
+@@ -411,104 +411,99 @@
      static boolean isCallerSensitive(MemberName mem) {
          assert(mem.isInvocable());
          Class<?> defc = mem.getDeclaringClass();
@@ -319,6 +319,35 @@
 -        case "lookup":
 +	} else if ("lookup".equals(memName)) {
              return defc == java.lang.invoke.MethodHandles.class;
+-        case "findStatic":
+-        case "findVirtual":
+-        case "findConstructor":
+-        case "findSpecial":
+-        case "findGetter":
+-        case "findSetter":
+-        case "findStaticGetter":
+-        case "findStaticSetter":
+-        case "bind":
+-        case "unreflect":
+-        case "unreflectSpecial":
+-        case "unreflectConstructor":
+-        case "unreflectGetter":
+-        case "unreflectSetter":
++	} else if ("findStatic".equals(memName) ||
++		   "findVirtual".equals(memName) ||
++		   "findConstructor".equals(memName) ||
++		   "findSpecial".equals(memName) ||
++		   "findGetter".equals(memName) ||
++		   "findSetter".equals(memName) ||
++		   "findStaticGetter".equals(memName) ||
++		   "findStaticSetter".equals(memName) ||
++		   "bind".equals(memName) ||
++		   "unreflect".equals(memName) ||
++		   "unreflectSpecial".equals(memName) ||
++		   "unreflectConstructor".equals(memName) ||
++		   "unreflectGetter".equals(memName) ||
++		   "unreflectSetter".equals(memName)) {
+             return defc == java.lang.invoke.MethodHandles.Lookup.class;
 -        case "invoke":
 +        } else if ("invoke".equals(memName)) {
              return defc == java.lang.reflect.Method.class;