main/openjdk: security upgrade to icedtea 1.11.11

fixes #1803

icedtea6-1.11.11:
    RH952389: Temporary files created with insecure permissions

icedtea6-1.11.10:
    S6657673, CVE-2013-1518: Issues with JAXP
    S7200507: Refactor Introspector internals
    S8000724, CVE-2013-2417: Improve networking serialization
    S8001031, CVE-2013-2419: Better font processing
    S8001040, CVE-2013-1537: Rework RMI model
    S8001322: Refactor deserialization
    S8001329, CVE-2013-1557: Augment RMI logging
    S8003335: Better handling of Finalizer thread
    S8003445: Adjust JAX-WS to focus on API
    S8003543, CVE-2013-2415: Improve processing of MTOM attachments
    S8004261: Improve input validation
    S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames
    S8004986, CVE-2013-2383: Better handling of glyph table
    S8004987, CVE-2013-2384: Improve font layout
    S8004994, CVE-2013-1569: Improve checking of glyph table
    S8005432: Update access to JAX-WS
    S8005943: (process) Improved Runtime.exec
    S8006309: More reliable control panel operation
    S8006435, CVE-2013-2424: Improvements in JMX
    S8006790: Improve checking for windows
    S8006795: Improve font warning messages
    S8007406: Improve accessibility of AccessBridge
    S8007617, CVE-2013-2420: Better validation of images
    S8007667, CVE-2013-2430: Better image reading
    S8007918, CVE-2013-2429: Better image writing
    S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap
    S8009305, CVE-2013-0401: Improve AWT data transfer
    S8009699, CVE-2013-2421: Methodhandle lookup
    S8009814, CVE-2013-1488: Better driver management
    S8009857, CVE-2013-2422: Problem with plugin

icedtea6-1.11.9:
    S8007014, CVE-2013-0809: Improve image handling
    S8007675, CVE-2013-1493: Improve color conversion

icedtea6-1.11.8:
    S8006446, CVE-2013-1486: Restrict MBeanServer access
    S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
    S8007688: Blacklist known bad certificate

icedtea6-1.11.7:
    (bugfixes only)

icedtea6-1.11.6:
    S6563318, CVE-2013-0424: RMI data sanitization
    S6664509, CVE-2013-0425: Add logging context
    S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
    S6776941: CVE-2013-0427: Improve thread pool shutdown
    S7141694, CVE-2013-0429: Improving CORBA internals
    S7173145: Improve in-memory representation of splashscreens
    S7186945: Unpack200 improvement
    S7186946: Refine unpacker resource usage
    S7186948: Improve Swing data validation
    S7186952, CVE-2013-0432: Improve clipboard access
    S7186954: Improve connection performance
    S7186957: Improve Pack200 data validation
    S7192392, CVE-2013-0443: Better validation of client keys
    S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
    S7192977, CVE-2013-0442: Issue in toolkit thread
    S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
    S7200491: Tighten up JTable layout code
    S7200500: Launcher better input validation
    S7201064: Better dialogue checking
    S7201066, CVE-2013-0441: Change modifiers on unused fields
    S7201068, CVE-2013-0435: Better handling of UI elements
    S7201070: Serialization to conform to protocol
    S7201071, CVE-2013-0433: InetSocketAddress serialization issue
    S8000210: Improve JarFile code quality
    S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
    S8000540, CVE-2013-1475: Improve IIOP type reuse management
    S8000631, CVE-2013-1476: Restrict access to class constructor
    S8001235, CVE-2013-0434: Improve JAXP HTTP handling
    S8001242: Improve RMI HTTP conformance
    S8001307: Modify ACC_SUPER behavior
    S8001972, CVE-2013-1478: Improve image processing
    S8002325, CVE-2013-1480: Improve management of images

icedtea6-1.11.5:
    S6631398, CVE-2012-3216: FilePermission improved path checking
    S7093490: adjust package access in rmiregistry
    S7143535, CVE-2012-5068: ScriptEngine corrected permissions
    S7167656, CVE-2012-5077: Multiple Seeders are being created
    S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
    S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
    S7172522, CVE-2012-5072: Improve DomainCombiner checking
    S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
    S7189103, CVE-2012-5069: Executors needs to maintain state
    S7189490: More improvements to DomainCombiner checking
    S7189567, CVE-2012-5085: java net obselete protocol
    S7192975, CVE-2012-5071: Conditional usage check is wrong
    S7195194, CVE-2012-5084: Better data validation for Swing
    S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
    S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance
    S7198296, CVE-2012-5089: Refactor classloader usage
    S7158800: Improve storage of symbol tables
    S7158801: Improve VM CompileOnly option
    S7158804: Improve config file parsing
    S7176337: Additional changes needed for 7158801 fix
    S7198606, CVE-2012-4416: Improve VM optimization

Conflicts:

	main/openjdk6/APKBUILD

2 files changed, 22 insertions, 5 deletions

diff --git a/main/openjdk6/APKBUILD b/main/openjdk6/APKBUILD
index 55a2bce63..2ca54c86b 100644
--- a/main/openjdk6/APKBUILD
+++ b/main/openjdk6/APKBUILD
@@ -2,8 +2,8 @@
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openjdk6
 pkgver=1.6.0_p24
-icedteaver=1.11.4
-pkgrel=1
+icedteaver=1.11.11
+pkgrel=2
 pkgdesc="Sun OpenJDK 6 via IcedTea"
 url="http://icedtea.classpath.org/"
 arch="all"
@@ -38,6 +38,7 @@ source="http://download.java.net/openjdk/jdk6/promoted/$OPENJDK_VERSION/openjdk-
 	icedtea-jdk-execinfo.patch
 	icedtea-jdk-no-lib-nsl.patch
 	icedtea6-1.9.7-generate_cacerts-1.patch
+	icedtea-jdk-early-paxctl.patch
 	"
 
 _builddir="$srcdir/icedtea6-$icedteaver"
@@ -74,7 +75,9 @@ build() {
 	export PATH=$JAVA_HOME/bin:$srcdir/apache-ant-$ANT_VER/bin:$PATH
 	export DISTRIBUTION_PATCHES=`echo $source | awk -v RS=' ' '/icedtea-[^ ]*\.patch/ { printf "patches/%s ",$1 }'`
 	
-	JOBS=`echo $MAKEFLAGS | sed -n -e 's/.*-j\([0-9]\+\).*/\1/p'`
+	if [ -z "$JOBS" ]; then
+		JOBS=`echo $MAKEFLAGS | sed -n -e 's/.*-j\([0-9]\+\).*/\1/p'`
+	fi
 	if [ "$JOBS" ]; then
 		confjobs="--with-parallel-jobs=$JOBS"
 	else
@@ -170,7 +173,7 @@ doc() {
 }
 
 md5sums="0eabdd360169144336e50081b8d01001  openjdk-6-src-b24-14_nov_2011.tar.gz
-a5a3a5aeaba0ddf4c9fdf8e899bf77c2  icedtea6-1.11.4.tar.gz
+fd9749b16f88c4f67920d2ffc0964a83  icedtea6-1.11.11.tar.gz
 afb0c7950a663f94e65da9f3be676d8f  apache-ant-1.8.2-bin.tar.gz
 99d94103662a8d0b571e247a77432ac5  rhino1_7R3.zip
 8fd91b09b643a19a912b8a75e7a7a9d5  jdk6-jaxws2_1_6-2011_06_13.zip
@@ -181,4 +184,5 @@ dc6a1e28a97d897d7a1057c11696727d  icedtea-hotspot-uclibc-fixes.patch
 7c0814181e5adc0763c5c0a24b01d4cb  icedtea-jdk-iconv-uclibc.patch
 dae2ba8b87e2106b53974ace07e4ca72  icedtea-jdk-execinfo.patch
 c4bb40d5b1ff690b27900c5cd06bc1e5  icedtea-jdk-no-lib-nsl.patch
-0bc0131c87fcc0d1046e3ba20d205c73  icedtea6-1.9.7-generate_cacerts-1.patch"
+0bc0131c87fcc0d1046e3ba20d205c73  icedtea6-1.9.7-generate_cacerts-1.patch
+7eda2c7837b14793076e7675c756be0c  icedtea-jdk-early-paxctl.patch"
diff --git a/main/openjdk6/icedtea-jdk-early-paxctl.patch b/main/openjdk6/icedtea-jdk-early-paxctl.patch
new file mode 100644
index 000000000..ce4cabef6
--- /dev/null
+++ b/main/openjdk6/icedtea-jdk-early-paxctl.patch
@@ -0,0 +1,13 @@
+--- ./openjdk/jdk/make/java/main/java/Makefile.orig	2013-04-26 08:10:58.853977182 +0000
++++ ./openjdk/jdk/make/java/main/java/Makefile	2013-04-26 08:15:20.819826501 +0000
+@@ -58,6 +58,10 @@
+ OTHER_CPPFLAGS += -DEXPAND_CLASSPATH_WILDCARDS
+ OTHER_CPPFLAGS += -DLAUNCHER_NAME='"$(LAUNCHER_NAME)"'
+ 
++# We need pax mark java early
++$(ACTUAL_PROGRAM)::
++	paxctl -c -mr $@
++
+ ifeq ($(PLATFORM), solaris)
+ LDFLAGS += -R$(OPENWIN_LIB)
+ endif