aboutsummaryrefslogtreecommitdiffstats
path: root/main/openjdk6
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2011-11-11 08:23:22 +0200
committerTimo Teräs <timo.teras@iki.fi>2011-11-11 08:23:22 +0200
commit0389c0810effbe38de6d05d68e3ab6bb08a8aaef (patch)
treed448a18e10ec15196e7999047943f621693e5d62 /main/openjdk6
parent2962b2178b5ab294ca1b3d61e8e1037253ec85f4 (diff)
downloadaports-0389c0810effbe38de6d05d68e3ab6bb08a8aaef.tar.bz2
aports-0389c0810effbe38de6d05d68e3ab6bb08a8aaef.tar.xz
main/openjdk6: security upgrade icedtea6 to 1.10.4
ref #802 icedtea6 1.10.4 includes patches for the following security issues: CVE-2011-3547: InputStream skip() information leak CVE-2011-3548: mutable static AWTKeyStroke.ctor CVE-2011-3551: Java2D TransformHelper integer overflow CVE-2011-3552: excessive default UDP socket limit under SecurityManager CVE-2011-3553: JAX-WS stack-traces information leak CVE-2011-3544: missing SecurityManager checks in scripting engine CVE-2011-3521: IIOP deserialization code execution CVE-2011-3554: insufficient pack200 JAR files uncompress error checks CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer CVE-2011-3556: RMI DGC server remote code execution CVE-2011-3557: RMI registry privileged code execution CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer icedtea6 1.10.2 security patches (since upgrading from icedtea6 1.10.1): CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) CVE-2011-0865: Vulnerability in deserialization CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code CVE-2011-0867: NetworkInterface.toString can reveal bindings CVE-2011-0869: Vulnerability in SAAJ CVE-2011-0870: Vulnerability in SAAJ CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero CVE-2011-0871: ImageIcon creates Component with null acc CVE-2011-0864: JSR rewriting can overflow memory address size variables
Diffstat (limited to 'main/openjdk6')
-rw-r--r--main/openjdk6/APKBUILD23
-rw-r--r--main/openjdk6/build-paxctl.patch10
2 files changed, 25 insertions, 8 deletions
diff --git a/main/openjdk6/APKBUILD b/main/openjdk6/APKBUILD
index 07c642ac1d..e38f48cff5 100644
--- a/main/openjdk6/APKBUILD
+++ b/main/openjdk6/APKBUILD
@@ -2,15 +2,15 @@
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openjdk6
pkgver=1.6.0_p22
-icedteaver=1.10.1
-pkgrel=1
+icedteaver=1.10.4
+pkgrel=2
pkgdesc="Sun OpenJDK 6 via IcedTea"
url="http://icedtea.classpath.org/"
arch="all"
license="GPL-2 with Classpath"
depends="$pkgname-jre"
-makedepends="java-gcj-compat findutils tar zip gawk pkgconfig util-linux-ng
- nss-dev cups-dev jpeg-dev giflib-dev libpng-dev libxt-dev
+makedepends="java-gcj-compat findutils tar zip paxctl gawk pkgconfig util-linux-ng
+ autoconf automake nss-dev cups-dev jpeg-dev giflib-dev libpng-dev libxt-dev
libxp-dev libxtst-dev libxinerama-dev libiconv-dev
libxrender-dev alsa-lib-dev freetype-dev xulrunner-dev
gtk+2.0-dev"
@@ -22,7 +22,7 @@ OPENJDK_VERSION=b22
OPENJDK_DATE=28_feb_2011
XALAN2_VER=2_7_1
XERCES_VER=2.9.0
-RHINO_VER=1_7R2
+RHINO_VER=1_7R3
ANT_VER=1.8.2
JAXWS_DROP_ZIP=jdk6-jaxws-b20.zip
JAXP_DROP_ZIP=jaxp144_01.zip
@@ -36,6 +36,7 @@ source="http://download.java.net/openjdk/jdk6/promoted/$OPENJDK_VERSION/openjdk-
http://icedtea.classpath.org/download/drops/$JAXWS_DROP_ZIP
http://icedtea.classpath.org/download/drops/$JAXP_DROP_ZIP
http://icedtea.classpath.org/download/drops/$JAF_DROP_ZIP
+ build-paxctl.patch
icedtea-hotspot-uclibc-fixes.patch
icedtea-jdk-iconv-uclibc.patch
icedtea-jdk-execinfo.patch
@@ -64,9 +65,10 @@ prepare() {
cd "$_builddir"
# Busybox sha256 does not support longopts
- sed -e "s/--check/-c/g" -i Makefile.in
+ sed -e "s/--check/-c/g" -i Makefile.am
cp ../icedtea-*.patch patches
+ patch -p0 < ../build-paxctl.patch
}
build() {
@@ -138,6 +140,10 @@ jrebase() {
# rest of the jre subdir (which were not taken by -jre subpkg)
mv "$pkgdir"/$INSTALL_BASE/jre "$subpkgdir"/$INSTALL_BASE
+
+ # java vm needs mprotect disabled
+ paxctl -c -m "$subpkgdir"/$INSTALL_BASE/bin/java
+ paxctl -c -m "$subpkgdir"/$INSTALL_BASE/jre/bin/java
}
jre() {
@@ -164,14 +170,15 @@ doc() {
}
md5sums="2d2bbbb0f9b81f1fec41ec730da8a933 openjdk-6-src-b22-28_feb_2011.tar.gz
-f3b31b9f591afc752372addacb1eb335 icedtea6-1.10.1.tar.gz
+c381d987f8d2facece8c54e98fd547f8 icedtea6-1.10.4.tar.gz
afb0c7950a663f94e65da9f3be676d8f apache-ant-1.8.2-bin.tar.gz
3ccda39bcd08b780436dfd2f22fb23d5 xalan-j_2_7_1-bin-2jars.tar.gz
138f2d1cddd823281d5dfb700f2bd7d4 Xerces-J-bin.2.9.0.tar.gz
-40d0a9abec8169e42920214b37fa8e0e rhino1_7R2.zip
+99d94103662a8d0b571e247a77432ac5 rhino1_7R3.zip
91adfd41e6f001add4f92ae31216b1e3 jdk6-jaxws-b20.zip
ef7a8b3624ea904bf584bc46d79b5e75 jaxp144_01.zip
bc95c133620bd68c161cac9891592901 jdk6-jaf-b20.zip
+6379a15ae0f4c374c34b908d80e8e4a1 build-paxctl.patch
dc6a1e28a97d897d7a1057c11696727d icedtea-hotspot-uclibc-fixes.patch
7c0814181e5adc0763c5c0a24b01d4cb icedtea-jdk-iconv-uclibc.patch
dae2ba8b87e2106b53974ace07e4ca72 icedtea-jdk-execinfo.patch
diff --git a/main/openjdk6/build-paxctl.patch b/main/openjdk6/build-paxctl.patch
new file mode 100644
index 0000000000..9cd4eebda3
--- /dev/null
+++ b/main/openjdk6/build-paxctl.patch
@@ -0,0 +1,10 @@
+--- Makefile.am.orig
++++ Makefile.am
+@@ -1334,6 +1334,7 @@
+ mkdir -p bootstrap
+ rm -f $(BOOT_DIR)
+ ln -sf $(ICEDTEA_HOME) $(BOOT_DIR); \
++ paxctl -c -m $(BOOT_DIR)/bin/java ; \
+ if ! $(BOOT_DIR)/bin/java -version ; \
+ then \
+ echo "$(BOOT_DIR)/bin/java" \