diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-26 09:00:09 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-26 09:28:25 +0000 |
commit | 871dd194e68719bcef84b37a602e0d01884ab2b6 (patch) | |
tree | 81c0782d27e3a1ada86726deed6ef45a5431b5c5 /main/openjdk6 | |
parent | e428e6c5df2bf4a3c59227464550972b38846cae (diff) | |
download | aports-871dd194e68719bcef84b37a602e0d01884ab2b6.tar.bz2 aports-871dd194e68719bcef84b37a602e0d01884ab2b6.tar.xz |
main/openjdk: security upgrade to icedtea 1.11.11
fixes #1801
icedtea6-1.11.11:
RH952389: Temporary files created with insecure permissions
icedtea6-1.11.10:
S6657673, CVE-2013-1518: Issues with JAXP
S7200507: Refactor Introspector internals
S8000724, CVE-2013-2417: Improve networking serialization
S8001031, CVE-2013-2419: Better font processing
S8001040, CVE-2013-1537: Rework RMI model
S8001322: Refactor deserialization
S8001329, CVE-2013-1557: Augment RMI logging
S8003335: Better handling of Finalizer thread
S8003445: Adjust JAX-WS to focus on API
S8003543, CVE-2013-2415: Improve processing of MTOM attachments
S8004261: Improve input validation
S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames
S8004986, CVE-2013-2383: Better handling of glyph table
S8004987, CVE-2013-2384: Improve font layout
S8004994, CVE-2013-1569: Improve checking of glyph table
S8005432: Update access to JAX-WS
S8005943: (process) Improved Runtime.exec
S8006309: More reliable control panel operation
S8006435, CVE-2013-2424: Improvements in JMX
S8006790: Improve checking for windows
S8006795: Improve font warning messages
S8007406: Improve accessibility of AccessBridge
S8007617, CVE-2013-2420: Better validation of images
S8007667, CVE-2013-2430: Better image reading
S8007918, CVE-2013-2429: Better image writing
S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap
S8009305, CVE-2013-0401: Improve AWT data transfer
S8009699, CVE-2013-2421: Methodhandle lookup
S8009814, CVE-2013-1488: Better driver management
S8009857, CVE-2013-2422: Problem with plugin
icedtea6-1.11.9:
S8007014, CVE-2013-0809: Improve image handling
S8007675, CVE-2013-1493: Improve color conversion
icedtea6-1.11.8:
S8006446, CVE-2013-1486: Restrict MBeanServer access
S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
S8007688: Blacklist known bad certificate
icedtea6-1.11.7:
(bugfixes only)
icedtea6-1.11.6:
S6563318, CVE-2013-0424: RMI data sanitization
S6664509, CVE-2013-0425: Add logging context
S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
S6776941: CVE-2013-0427: Improve thread pool shutdown
S7141694, CVE-2013-0429: Improving CORBA internals
S7173145: Improve in-memory representation of splashscreens
S7186945: Unpack200 improvement
S7186946: Refine unpacker resource usage
S7186948: Improve Swing data validation
S7186952, CVE-2013-0432: Improve clipboard access
S7186954: Improve connection performance
S7186957: Improve Pack200 data validation
S7192392, CVE-2013-0443: Better validation of client keys
S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
S7192977, CVE-2013-0442: Issue in toolkit thread
S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
S7200491: Tighten up JTable layout code
S7200500: Launcher better input validation
S7201064: Better dialogue checking
S7201066, CVE-2013-0441: Change modifiers on unused fields
S7201068, CVE-2013-0435: Better handling of UI elements
S7201070: Serialization to conform to protocol
S7201071, CVE-2013-0433: InetSocketAddress serialization issue
S8000210: Improve JarFile code quality
S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
S8000540, CVE-2013-1475: Improve IIOP type reuse management
S8000631, CVE-2013-1476: Restrict access to class constructor
S8001235, CVE-2013-0434: Improve JAXP HTTP handling
S8001242: Improve RMI HTTP conformance
S8001307: Modify ACC_SUPER behavior
S8001972, CVE-2013-1478: Improve image processing
S8002325, CVE-2013-1480: Improve management of images
icedtea6-1.11.5:
S6631398, CVE-2012-3216: FilePermission improved path checking
S7093490: adjust package access in rmiregistry
S7143535, CVE-2012-5068: ScriptEngine corrected permissions
S7167656, CVE-2012-5077: Multiple Seeders are being created
S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
S7172522, CVE-2012-5072: Improve DomainCombiner checking
S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
S7189103, CVE-2012-5069: Executors needs to maintain state
S7189490: More improvements to DomainCombiner checking
S7189567, CVE-2012-5085: java net obselete protocol
S7192975, CVE-2012-5071: Conditional usage check is wrong
S7195194, CVE-2012-5084: Better data validation for Swing
S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance
S7198296, CVE-2012-5089: Refactor classloader usage
S7158800: Improve storage of symbol tables
S7158801: Improve VM CompileOnly option
S7158804: Improve config file parsing
S7176337: Additional changes needed for 7158801 fix
S7198606, CVE-2012-4416: Improve VM optimization
Diffstat (limited to 'main/openjdk6')
-rw-r--r-- | main/openjdk6/APKBUILD | 44 | ||||
-rw-r--r-- | main/openjdk6/icedtea-jdk-early-paxctl.patch | 13 |
2 files changed, 52 insertions, 5 deletions
diff --git a/main/openjdk6/APKBUILD b/main/openjdk6/APKBUILD index 6ca17e133..2bd90835f 100644 --- a/main/openjdk6/APKBUILD +++ b/main/openjdk6/APKBUILD @@ -2,8 +2,8 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openjdk6 pkgver=1.6.0_p24 -icedteaver=1.11.4 -pkgrel=5 +icedteaver=1.11.11 +pkgrel=6 pkgdesc="Sun OpenJDK 6 via IcedTea" url="http://icedtea.classpath.org/" arch="x86 x86_64" @@ -54,6 +54,7 @@ source="http://download.java.net/openjdk/jdk6/promoted/$OPENJDK_VERSION/openjdk- icedtea-jdk-no-lib-nsl-uclibc.patch icedtea6-1.9.7-generate_cacerts-1.patch icedtea-jdk-no-soname.patch + icedtea-jdk-early-paxctl.patch " _builddir="$srcdir/icedtea6-$icedteaver" @@ -108,7 +109,9 @@ build() { export JAVA_HOME=$BOOTSTRAP_JAVA_HOME export PATH=$JAVA_HOME/bin:$srcdir/apache-ant-$ANT_VER/bin:$PATH - JOBS=`echo $MAKEFLAGS | sed -n -e 's/.*-j\([0-9]\+\).*/\1/p'` + if [ -z "$JOBS" ]; then + JOBS=`echo $MAKEFLAGS | sed -n -e 's/.*-j\([0-9]\+\).*/\1/p'` + fi if [ "$JOBS" ]; then confjobs="--with-parallel-jobs=$JOBS" else @@ -207,7 +210,7 @@ doc() { } md5sums="0eabdd360169144336e50081b8d01001 openjdk-6-src-b24-14_nov_2011.tar.gz -a5a3a5aeaba0ddf4c9fdf8e899bf77c2 icedtea6-1.11.4.tar.gz +fd9749b16f88c4f67920d2ffc0964a83 icedtea6-1.11.11.tar.gz afb0c7950a663f94e65da9f3be676d8f apache-ant-1.8.2-bin.tar.gz 99d94103662a8d0b571e247a77432ac5 rhino1_7R3.zip 8fd91b09b643a19a912b8a75e7a7a9d5 jdk6-jaxws2_1_6-2011_06_13.zip @@ -219,4 +222,35 @@ dc6a1e28a97d897d7a1057c11696727d icedtea-hotspot-uclibc-fixes.patch dae2ba8b87e2106b53974ace07e4ca72 icedtea-jdk-execinfo.patch c4bb40d5b1ff690b27900c5cd06bc1e5 icedtea-jdk-no-lib-nsl-uclibc.patch 0bc0131c87fcc0d1046e3ba20d205c73 icedtea6-1.9.7-generate_cacerts-1.patch -d014431e70cdabb82a75e4b9ae4c28a9 icedtea-jdk-no-soname.patch" +d014431e70cdabb82a75e4b9ae4c28a9 icedtea-jdk-no-soname.patch +7eda2c7837b14793076e7675c756be0c icedtea-jdk-early-paxctl.patch" +sha256sums="f84e7f0938f4939660ff8f9c2aa164d301faa8a519f2324ceb05ad34b2e09227 openjdk-6-src-b24-14_nov_2011.tar.gz +6db6124645686ab5e91d2952d8b601bc0789b8fd5f1af86e46a5242ec60dc8e6 icedtea6-1.11.11.tar.gz +664f48cfc9c4a9a832ec1dd9d2bed5229c0a9561e489dcb88841d75d3c2c7cf9 apache-ant-1.8.2-bin.tar.gz +885b46e24fe5af23ad3712c5e08e8d97d6d92a4b89e1be860e8fe88e4a3dacd1 rhino1_7R3.zip +229040544e791f44906e8e7b6f6faf503c730a5d854275135f3925490d5c3be3 jdk6-jaxws2_1_6-2011_06_13.zip +c1a5348e17b330a7e4b18431e61a40efd2ba99a7da71102cf2c604478ef96012 jaxp144_03.zip +78c7b5c9d6271e88ee46abadd018a61f1e9645f8936cc8df1617e5f4f5074012 jdk6-jaf-b20.zip +b7d6bab5394cd0023b6737aeb0ff90569058d151185916ac2f80f5266c468312 build-paxctl.patch +f4b06c01b664922a6d7785d90bb888fe4665ae9ed6ae76c5484314821fd2cc2d icedtea-hotspot-uclibc-fixes.patch +a36ff13d81a1f1415bedd595b77f2c43574c546938cce7882cb33bbe63464865 icedtea-jdk-iconv-uclibc.patch +024a22622da408aa9db5b258e3eed49500292483c923f62b19aa6db0a3fed7b7 icedtea-jdk-execinfo.patch +6bba2870af0c5eac7b6edb7351e8e1833db401b1bf6b4861a14dcb1fd45cbea6 icedtea-jdk-no-lib-nsl-uclibc.patch +f83dea0ee1d11deceb45d643cf0cce84099775de88b972e3ea979a8529bf4c85 icedtea6-1.9.7-generate_cacerts-1.patch +6c0bbe710395c4ced1359ab279be6a7c36da5bfb9fd60dc47d920f06a0456d82 icedtea-jdk-no-soname.patch +13876be6f6ec792894d51b20f261b76db878d330eec7d4a2dcb17f0f1909a7e6 icedtea-jdk-early-paxctl.patch" +sha512sums="a965efa2fbe95a32988f78f1e51c42321ff42c1e631d5062aff204ba42839d6e05455f1ae039540e38ec947b50a635984cd3302eb09e81962575510309374e05 openjdk-6-src-b24-14_nov_2011.tar.gz +30afa752889f43dcf81b89e0e8c810894675f91ddae50cf38a034b53b5bd33be327bbf5eb21ece8ab0aafd088204827500fd5f160eb23d8d64857b38089a7891 icedtea6-1.11.11.tar.gz +869ab792b95c98ee62d748ffc991d78138482c8e2191f0a07c4d6629ad983768b40bef6f2d1370f6c0ab007c1de73f440293c1101eaf1fd82cf40de140c4b020 apache-ant-1.8.2-bin.tar.gz +77964485481e22d20459ea094c773e1930c5ef22d69bc449375a1ead31f340b3a652e2dd85c645e210be1abc8e623aeb560a5dc81629f388322af270ce868d36 rhino1_7R3.zip +643266da495f239aca1a08ba85af337e5ab50e5b859bffbccab64cf1c4099cae641d9741a20ca59c599c1285266a79489dec190d7fb15daa88c82b69ce97dbd6 jdk6-jaxws2_1_6-2011_06_13.zip +fe65d396d0a57bc2b5dd2d8b00b0ecea860d4e5a5c9cb489bc5b9d7abd90861dedd26088184de93807646277c23d3712e8af79e56251f079ef22ed5a3b8f9a90 jaxp144_03.zip +22fef9e0fdde82f141151d426d26316d7c23fd4cc2132ef191f38ea9420ebb3126670b0456ab4de83896307eab48bab0c46aaf0485f39e89cb57dac3215d499a jdk6-jaf-b20.zip +41bfdb08e74cbcc70eac9e6721d886d8e35cd77c19988bd812fa16f71819efa2e8101d8a41a9ae62094069282739a835209a66c8dea6e259a86aee8368c60643 build-paxctl.patch +dc5a72ef92cd31e9ba4870ad2126f619932bae5918b6f6ad22af59dbc3e77a70fc27ba37909df0612f70922dfec6a58464469a18ed7a77d902c4a5038e086900 icedtea-hotspot-uclibc-fixes.patch +a6ee1c63a171859ab1350481bc3e5d464354f1105d80fc72c1d58620672ca5c1a550b954b35917f89537f0aeb28c49470b27522ce53588e42dedff41e074774c icedtea-jdk-iconv-uclibc.patch +dd8d7edad8309d41881d92d173b7b86e37d833bdb9be0ae9dbc39844b226b77f0e2dc2a137a50738c7642df32964b92c6ee74d0a6207aa3f4f7abaeb40ea3435 icedtea-jdk-execinfo.patch +833ec90fa9d3d26191303201012e4b8ca220d634497277f7e8c703ca03753720343e22c97dd2f10cd3e3be79c84f95b8c7d0db21545b8a35761c0de7cb834e7a icedtea-jdk-no-lib-nsl-uclibc.patch +5fbf3571abd6e0eece8fecd45365996ff83368d674782da3435681afdd6cbb51c6da7e8e4d9ca3ba767a1d373a01d0a4109d1c9bf9b93109a34accaee134a8ab icedtea6-1.9.7-generate_cacerts-1.patch +bf4b184e170f7b0ff64ab30d2162784fe2bd5460d1fa31973259f7065fd4c511c46f97724fe2bd72bb94e9006cb568d0e0c87d1a9c90819e65880f8f44830bb1 icedtea-jdk-no-soname.patch +866d4faf58a4892c113e779e59da590065c6a7f15f9262da82c356305a66ed5e14f4ba63865185b3e52656f8b4622ac243a54f939bc63ac9757dd09d312f622f icedtea-jdk-early-paxctl.patch" diff --git a/main/openjdk6/icedtea-jdk-early-paxctl.patch b/main/openjdk6/icedtea-jdk-early-paxctl.patch new file mode 100644 index 000000000..ce4cabef6 --- /dev/null +++ b/main/openjdk6/icedtea-jdk-early-paxctl.patch @@ -0,0 +1,13 @@ +--- ./openjdk/jdk/make/java/main/java/Makefile.orig 2013-04-26 08:10:58.853977182 +0000 ++++ ./openjdk/jdk/make/java/main/java/Makefile 2013-04-26 08:15:20.819826501 +0000 +@@ -58,6 +58,10 @@ + OTHER_CPPFLAGS += -DEXPAND_CLASSPATH_WILDCARDS + OTHER_CPPFLAGS += -DLAUNCHER_NAME='"$(LAUNCHER_NAME)"' + ++# We need pax mark java early ++$(ACTUAL_PROGRAM):: ++ paxctl -c -mr $@ ++ + ifeq ($(PLATFORM), solaris) + LDFLAGS += -R$(OPENWIN_LIB) + endif |