community/openjdk7: security upgrade to 7.211.2.6.17

2 files changed, 41 insertions, 14 deletions

diff --git a/community/openjdk7/APKBUILD b/community/openjdk7/APKBUILD
index a5d32105df..27a5f4bcbd 100644
--- a/community/openjdk7/APKBUILD
+++ b/community/openjdk7/APKBUILD
@@ -2,10 +2,11 @@
 # Contributor: Jakub Jirutka <jakub@jirutka.cz>
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openjdk7
-_icedteaver=2.6.16
+_icedteaver=2.6.17
+_icedteaversrc=$_icedteaver-r1
 # pkgver is <JDK version>.<JDK update>
 # check icedtea JDK when updating
-pkgver=7.201.$_icedteaver
+pkgver=7.211.$_icedteaver
 pkgrel=0
 pkgdesc="OpenJDK 7 via IcedTea"
 url="https://icedtea.classpath.org/"
@@ -20,7 +21,7 @@ makedepends="bash findutils tar zip file paxmark gawk util-linux libxslt
 	lcms2-dev libxp-dev libxtst-dev libxinerama-dev zlib-dev
 	libxrender-dev alsa-lib-dev freetype-dev fontconfig-dev
 	gtk+2.0-dev krb5-dev attr-dev pcsc-lite-dev lksctp-tools-dev
-	libxcomposite-dev nss-static"
+	libxcomposite-dev nss-static xz"
 install=""
 
 # upstream binary versions
@@ -61,7 +62,7 @@ fi
 _dropsver=$_icedteaver
 _dropsurl=https://icedtea.classpath.org/download/drops/icedtea7/$_dropsver
 
-source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.gz
+source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaversrc.tar.xz
 	openjdk-$_dropsver.tar.bz2::$_dropsurl/openjdk.tar.bz2
 	corba-$_dropsver.tar.bz2::$_dropsurl/corba.tar.bz2
 	jaxp-$_dropsver.tar.bz2::$_dropsurl/jaxp.tar.bz2
@@ -78,6 +79,7 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.g
 	icedtea-hotspot-uclibc-fixes.patch
 	icedtea-jdk-fix-build.patch
 	icedtea-jdk-execinfo.patch
+	icedtea-jdk-fix-freetype-detection.patch
 	icedtea-jdk-fix-ipv6-init.patch
 	icedtea-jdk-musl.patch
 	icedtea-jdk-no-soname.patch
@@ -85,6 +87,10 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.g
 	"
 
 # secfixes:
+#   7.211.2.6.17-r0:
+#   - CVE-2018-11212
+#   - CVE-2019-2422
+#   - CVE_2019-2426
 #   7.201.2.6.16-r0:
 #   - CVE-2018-3136
 #   - CVE-2018-3139
@@ -103,8 +109,8 @@ unpack() {
 	fi
 	mkdir -p "$srcdir"
 	msg "Unpacking sources..."
-	tar -C "$srcdir" -zxf icedtea-$_icedteaver.tar.gz
-	tar -C "$srcdir" -zxf apache-ant-$ANT_VER-bin.tar.gz
+	tar -C "$srcdir" -xf icedtea-$_icedteaversrc.tar.xz
+	tar -C "$srcdir" -xf apache-ant-$ANT_VER-bin.tar.gz
 	unzip -o -q "rhino-$RHINO_VER.zip" -d "$srcdir"
 }
 
@@ -261,14 +267,14 @@ doc() {
 	mv "$pkgdir"/$INSTALL_BASE/man "$subpkgdir"/$INSTALL_BASE/
 }
 
-sha512sums="cc782e1c5b1ce158be315cff5be61676373870c2062eb34688583a875ab68413bbabd909ce83e79a9c46c3d0c8ec10aad3c015276ddf782ce2079cb5a7098f82  icedtea-2.6.16.tar.gz
-ee2443da63ab6b1a525d0633a577f28d28d3916cb47b312d61d71b4795ae3bde4a70478017b7639133fb65cfb63aa0fcbc397afbde18f20d605a50286163e4a2  openjdk-2.6.16.tar.bz2
-3926a1c889d0ff5386dd78e8fb1ff71b553744fe574ab9655d9e1677da9aea3306d65e631866afcbb533b8e0fefbb34ae655400c9bc7c2058aaa34f8fb0a04d8  corba-2.6.16.tar.bz2
-2b37ba6f235b684682d9590c292b6af5fb6f41d4001f92dcf4945570e13fe760f91bbc7068d071e3e935829c9719936ae96940874ee211fd32cba187e05f0255  jaxp-2.6.16.tar.bz2
-41dc2b7a610cd5f4c9155c14670bb97f1c57924af2737faf6beb7b284c0ad7c0f0b33f4276cde5674a57db3f88ba4503f94f2dff7a52db3273ee53ed0b14be64  jaxws-2.6.16.tar.bz2
-2703b7bf7455aa3997426f2ce3d4c2285ee44640a940d15c1c3434414c295d87b44e749fece5a7b966661910c8768a79774fb03b43ab5605df9dc8965b600fd7  jdk-2.6.16.tar.bz2
-192dd5fac399c52bcb547617832428b40af493089b4bb63159cd9363c78af76c7acdc051d461eb4e4692b2090e05ed769b9fec460a328973b36b57bbb28cee39  langtools-2.6.16.tar.bz2
-73b0338ec293d0d87cc7251f63ef453ec10c7de978c56d8ff455b16ee0506175aed681a9a95fbdcc8b747ba00ef6cf914f63d0c5d22268b40620d4dbc7390a98  hotspot-2.6.16.tar.bz2
+sha512sums="cc4f3f06da3332224e3826e7b3f8292e708a791d6b478db612b7bd01bdcf5ab717507d144ec03349361d665df899459930e0f21f6a5ee78195575488e58bec57  icedtea-2.6.17-r1.tar.xz
+fe1ce302fe887dcb71f589387b44d3ae71ea389825df4f09d578a67c23aee79a1c2a463da84b22cf74e9b2ce92801da72c40d66093d0eb1c790f09955bb277cc  openjdk-2.6.17.tar.bz2
+20336ab198e42d42c2f68d15b82fd25db523d68b65313df4c1233a13ccb286fc94e9941c84a2b2b18a196aa121109aedb0c2c6ca772b71c8e1721ebf04b702f6  corba-2.6.17.tar.bz2
+d7589d0586eb155225b263387099022af69b9e79c07348db4d48200f7b0a2f53b59c42df284a41604647b06ee4aff43b07dbc4d737b2a0cb29f857cb7fbc7f54  jaxp-2.6.17.tar.bz2
+cbc40096706743302b03204099ddc2d632cd14c24dd3d7a5dcb8ad6258146535d660a5f384e2df64c2b97e376122852f050f69f7e67983d86bfbf12a92c7cd2c  jaxws-2.6.17.tar.bz2
+f0ba8dd6011b205fbc3b67924c7535cd7618df3b1ed084aa65e70532a352d604a908894bbc010d7a50fc2e2d28be7c3d0730d73fc30f1c361e444e63d4b34ac5  jdk-2.6.17.tar.bz2
+fd6cb9004c886b78b45ddad7ba98b202998d497ff26e3f0dd861cd418a52e7c0dd7e25e1e035a4278db449abd606a8248cccc28a10cdc543e9870848e05d30f5  langtools-2.6.17.tar.bz2
+2777299457b9f82736351a4c948431c1671a40bdc1315da66ba13f0f9930a40812da5385f7d8b10f4a847592cc4f253a36eb14b15bd6699fa5dcd7841718f821  hotspot-2.6.17.tar.bz2
 0da12cb0f761b8cb76e042449e7d93f43236e7bc948e337215470a70031f0a2dda6d1b508f9397b283808d84c4ebddb31558fe1cd8e6e6469c1dd390d69ec6e7  apache-ant-1.9.11-bin.tar.gz
 1b9e8721749e81c5420a00af1e00ee0e4f48624ccb4e9aa969032114116ad50f59b254d4d16d74feff74de64157cc8b0a2ead9b555907c84b7055b796fba9a75  rhino-1.7.7.2.zip
 f62b942f0bacda8e37d0f1876d8ba14ddb4fc55a7d5fd1019463744927f40f422a85e9ee051948d566242f5a785aa28f275eb58768611283cba89af91235f43c  icedtea-hotspot-musl.patch
@@ -277,6 +283,7 @@ e7a2c1771bb582d427041f8d22e48c0daf8f20d7c0926cbce3549d49c4e949359ee25a35682b486e
 822eee0dc4d3ba677a289dfeb3668b536d2d626708390a9d9702fb4144a481fd443a215a0d2041c6026113837aafa4ba0b5e9ead8589d2da6717a238bbc95a5a  icedtea-hotspot-uclibc-fixes.patch
 213a537de5f011cb39d608515c3413513ac75fb93593f9a9ef4205f71d72bdd8b097c80db185f7b26021d5bb85045b866f34f3478482dc4189972d8614a13458  icedtea-jdk-fix-build.patch
 0391970e6a32946aa3cccf38fdef9c0fe2af26cd0df824b98aa2fcfa1bf661d4a68e339bffcfd16f386c565fc68bb28a29208a67d4bad8a0e847ad02bd8becbb  icedtea-jdk-execinfo.patch
+7b1525b5fb4bc7f0c6a8b957584a35297003b3063b6319f5557257ee1e6c277f0d4d1cf26cc389c72dd5157871010944f3fcb3fe70b64c429c76323521b6eb3d  icedtea-jdk-fix-freetype-detection.patch
 48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774  icedtea-jdk-fix-ipv6-init.patch
 44a35941c80f408d0607e32763b3b6ccee21e1d39886309327d3d74d2900117e4346ef59e77c663fd022fec10ee8f365eeb46c1260014d5765d226ce175ce3c5  icedtea-jdk-musl.patch
 bf4b184e170f7b0ff64ab30d2162784fe2bd5460d1fa31973259f7065fd4c511c46f97724fe2bd72bb94e9006cb568d0e0c87d1a9c90819e65880f8f44830bb1  icedtea-jdk-no-soname.patch
diff --git a/community/openjdk7/icedtea-jdk-fix-freetype-detection.patch b/community/openjdk7/icedtea-jdk-fix-freetype-detection.patch
new file mode 100644
index 0000000000..2870b28db0
--- /dev/null
+++ b/community/openjdk7/icedtea-jdk-fix-freetype-detection.patch
@@ -0,0 +1,20 @@
+--- openjdk/jdk/make/tools/freetypecheck/freetypecheck.c.orig
++++ openjdk/jdk/make/tools/freetypecheck/freetypecheck.c
+@@ -84,7 +84,7 @@
+        QUOTEMACRO(REQUIRED_FREETYPE_VERSION));
+ 
+    printf("Detected freetype headers: %s\n", v);
+-   if (strcmp(v, QUOTEMACRO(REQUIRED_FREETYPE_VERSION)) < 0) {
++   if (strverscmp(v, QUOTEMACRO(REQUIRED_FREETYPE_VERSION)) < 0) {
+        printf("Failed: headers are too old.\n");
+    }
+ 
+@@ -93,7 +93,7 @@
+    sprintf(v, "%d.%d.%d", major, minor, patch);
+ 
+    printf("Detected freetype library: %s\n", v);
+-   if (strcmp(v, QUOTEMACRO(REQUIRED_FREETYPE_VERSION)) < 0) {
++   if (strverscmp(v, QUOTEMACRO(REQUIRED_FREETYPE_VERSION)) < 0) {
+       printf("Failed: too old library.\n");
+    }
+