rpms/java-1.6.0-openjdk/F-10 java-1.6.0-openjdk-securitypatches-20091103.patch, NONE, 1.1 java-1.6.0-openjdk.spec, 1.114, 1.115
Martin Matejovic
mmatejov at fedoraproject.org
Tue Nov 10 15:03:41 UTC 2009
Author: mmatejov
Update of /cvs/pkgs/rpms/java-1.6.0-openjdk/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24896
Modified Files:
java-1.6.0-openjdk.spec
Added Files:
java-1.6.0-openjdk-securitypatches-20091103.patch
Log Message:
* Tue Nov 10 2009 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-22.b16
- Added java-1.6.0-openjdk-securitypatches-20091103.patch
- Resolves: rhbz#510197
- Resolves: rhbz#530053
- Resolves: rhbz#530057
- Resolves: rhbz#530061
- Resolves: rhbz#530062
- Resolves: rhbz#530063
- Resolves: rhbz#530067
- Resolves: rhbz#530098
- Resolves: rhbz#530173
- Resolves: rhbz#530175
- Resolves: rhbz#530296
- Resolves: rhbz#530297
- Resolves: rhbz#530300
java-1.6.0-openjdk-securitypatches-20091103.patch:
icedtea-6631533.patch | 184 +++++
icedtea-6632445.patch | 103 +++
icedtea-6636650.patch | 139 ++++
icedtea-6657026.patch | 1607 ++++++++++++++++++++++++++++++++++++++++++++++++++
icedtea-6657138.patch | 775 ++++++++++++++++++++++++
icedtea-6822057.patch | 32
icedtea-6824265.patch | 119 +++
icedtea-6861062.patch | 341 ++++++++++
icedtea-6862968.patch | 60 +
icedtea-6863503.patch | 33 +
icedtea-6864911.patch | 422 +++++++++++++
icedtea-6872357.patch | 17
icedtea-6872358.patch | 157 ++++
icedtea-6874643.patch | 16
14 files changed, 4005 insertions(+)
--- NEW FILE java-1.6.0-openjdk-securitypatches-20091103.patch ---
diff -ruN patchesold/icedtea-6862968.patch patches/icedtea-6862968.patch
--- patchesold/icedtea-6862968.patch 1969-12-31 19:00:00.000000000 -0500
+++ patches/icedtea-6862968.patch 2009-03-16 11:48:14.000000000 -0400
@@ -0,0 +1,60 @@
+--- old/src/share/native/sun/awt/image/jpeg/imageioJPEG.c 2009-07-29 13:28:11.272200000 +0400
++++ openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c 2009-07-29 13:28:10.710600000 +0400
+@@ -685,6 +685,10 @@
+ #ifdef DEBUG
+ printf("in setQTables, qlen = %d, write is %d\n", qlen, write);
+ #endif
++ if (qlen > NUM_QUANT_TBLS) {
++ /* Ignore extra qunterization tables. */
++ qlen = NUM_QUANT_TBLS;
++ }
+ for (i = 0; i < qlen; i++) {
+ table = (*env)->GetObjectArrayElement(env, qtables, i);
+ qdata = (*env)->GetObjectField(env, table, JPEGQTable_tableID);
+@@ -736,6 +740,11 @@
+ hlensBody = (*env)->GetShortArrayElements(env,
+ huffLens,
+ NULL);
++ if (hlensLen > 16) {
++ /* Ignore extra elements of bits array. Only 16 elements can be
++ stored. 0-th element is not used. (see jpeglib.h, line 107) */
++ hlensLen = 16;
++ }
+ for (i = 1; i <= hlensLen; i++) {
+ huff_ptr->bits[i] = (UINT8)hlensBody[i-1];
+ }
+@@ -752,6 +761,11 @@
+ huffValues,
+ NULL);
+
++ if (hvalsLen > 256) {
++ /* Ignore extra elements of hufval array. Only 256 elements
++ can be stored. (see jpeglib.h, line 109) */
++ hlensLen = 256;
++ }
+ for (i = 0; i < hvalsLen; i++) {
+ huff_ptr->huffval[i] = (UINT8)hvalsBody[i];
+ }
+@@ -772,6 +786,11 @@
+ j_compress_ptr comp;
+ j_decompress_ptr decomp;
+ jsize hlen = (*env)->GetArrayLength(env, DCHuffmanTables);
++
++ if (hlen > NUM_HUFF_TBLS) {
++ /* Ignore extra DC huffman tables. */
++ hlen = NUM_HUFF_TBLS;
++ }
+ for (i = 0; i < hlen; i++) {
+ if (cinfo->is_decompressor) {
+ decomp = (j_decompress_ptr) cinfo;
+@@ -793,6 +812,10 @@
+ huff_ptr->sent_table = !write;
+ }
+ hlen = (*env)->GetArrayLength(env, ACHuffmanTables);
++ if (hlen > NUM_HUFF_TBLS) {
++ /* Ignore extra AC huffman tables. */
++ hlen = NUM_HUFF_TBLS;
++ }
+ for (i = 0; i < hlen; i++) {
+ if (cinfo->is_decompressor) {
+ decomp = (j_decompress_ptr) cinfo;
diff -ruN patchesold/icedtea-6863503.patch patches/icedtea-6863503.patch
--- patchesold/icedtea-6863503.patch 1969-12-31 19:00:00.000000000 -0500
+++ patches/icedtea-6863503.patch 2009-03-16 11:48:14.000000000 -0400
@@ -0,0 +1,33 @@
+--- old/src/share/classes/java/security/MessageDigest.java Thu Sep 24 22:22:15 2009
++++ openjdk/jdk/src/share/classes/java/security/MessageDigest.java Thu Sep 24 22:22:15 2009
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -414,16 +414,17 @@
+ *
+ * @return true if the digests are equal, false otherwise.
+ */
+- public static boolean isEqual(byte digesta[], byte digestb[]) {
+- if (digesta.length != digestb.length)
++ public static boolean isEqual(byte[] digesta, byte[] digestb) {
++ if (digesta.length != digestb.length) {
+ return false;
++ }
+
++ int result = 0;
++ // time-constant comparison
+ for (int i = 0; i < digesta.length; i++) {
+- if (digesta[i] != digestb[i]) {
+- return false;
+- }
++ result |= digesta[i] ^ digestb[i];
+ }
+- return true;
++ return result == 0;
+ }
+
+ /**
diff -ruN patchesold/icedtea-6864911.patch patches/icedtea-6864911.patch
--- patchesold/icedtea-6864911.patch 1969-12-31 19:00:00.000000000 -0500
+++ patches/icedtea-6864911.patch 2009-03-16 11:48:14.000000000 -0400
@@ -0,0 +1,422 @@
+--- old/src/share/classes/com/sun/jndi/ldap/Connection.java 2009-08-18 09:35:56.595709900 +0800
++++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java 2009-08-18 09:35:56.087195700 +0800
+@@ -32,12 +32,8 @@
+ import java.io.OutputStream;
+ import java.io.InputStream;
+ import java.net.Socket;
+-import java.util.Vector;
+-import java.util.Hashtable;
+
+ import javax.naming.CommunicationException;
+-import javax.naming.AuthenticationException;
+-import javax.naming.AuthenticationNotSupportedException;
+ import javax.naming.ServiceUnavailableException;
+ import javax.naming.NamingException;
+ import javax.naming.InterruptedNamingException;
+@@ -47,6 +43,8 @@
+ import java.lang.reflect.Method;
+ import java.lang.reflect.Constructor;
+ import java.lang.reflect.InvocationTargetException;
++import java.util.Arrays;
++import sun.misc.IOUtils;
+ //import javax.net.SocketFactory;
+
+ /**
+@@ -799,7 +797,6 @@
+ byte inbuf[]; // Buffer for reading incoming bytes
+ int inMsgId; // Message id of incoming response
+ int bytesread; // Number of bytes in inbuf
+- int bytesleft; // Number of bytes that need to read for completing resp
+ int br; // Temp; number of bytes read from stream
+ int offset; // Offset of where to store bytes in inbuf
+ int seqlen; // Length of ASN sequence
+@@ -811,7 +808,7 @@
+ try {
+ while (true) {
+ try {
+- inbuf = new byte[2048];
++ inbuf = new byte[10];
+
+ offset = 0;
+ seqlen = 0;
+@@ -871,19 +868,10 @@
+ }
+
+ // read in seqlen bytes
+- bytesleft = seqlen;
+- if ((offset + bytesleft) > inbuf.length) {
+- byte nbuf[] = new byte[offset + bytesleft];
+- System.arraycopy(inbuf, 0, nbuf, 0, offset);
+- inbuf = nbuf;
+- }
+- while (bytesleft > 0) {
+- bytesread = in.read(inbuf, offset, bytesleft);
+- if (bytesread < 0)
+- break; // EOF
+- offset += bytesread;
+- bytesleft -= bytesread;
+- }
++ byte[] left = IOUtils.readFully(in, seqlen, false);
++ inbuf = Arrays.copyOf(inbuf, offset + left.length);
++ System.arraycopy(left, 0, inbuf, offset, left.length);
++ offset += left.length;
+ /*
+ if (dump > 0) {
+ System.err.println("seqlen: " + seqlen);
+--- old/src/share/classes/sun/applet/AppletClassLoader.java 2009-08-18 09:36:00.901075900 +0800
++++ openjdk/jdk/src/share/classes/sun/applet/AppletClassLoader.java 2009-08-18 09:35:59.999916100 +0800
+@@ -51,6 +51,7 @@
+ import java.security.PermissionCollection;
+ import sun.awt.AppContext;
+ import sun.awt.SunToolkit;
++import sun.misc.IOUtils;
+ import sun.net.www.ParseUtil;
+ import sun.security.util.SecurityConstants;
+
+@@ -314,36 +315,7 @@
+
+ byte[] b;
+ try {
+- if (len != -1) {
+- // Read exactly len bytes from the input stream
+- b = new byte[len];
+- while (len > 0) {
+- int n = in.read(b, b.length - len, len);
+- if (n == -1) {
+- throw new IOException("unexpected EOF");
+- }
+- len -= n;
+- }
+- } else {
+- // Read until end of stream is reached - use 8K buffer
+- // to speed up performance [stanleyh]
[...3676 lines suppressed...]
++ }
++ return !isLinkedProfileDisabled;
++ }
++
++ private static Boolean isWindowsPlatform = null;
++
++ /**
++ * Verifies whether the byte array contans a unc path.
++ * Non-UNC path examples:
++ * c:\path\to\file - simple notation
++ * \\?\c:\path\to\file - long notation
++ *
++ * UNC path examples:
++ * \\server\share - a UNC path in simple notation
++ * \\?\UNC\server\share - a UNC path in long notation
++ * \\.\some\device - a path to device.
++ */
++ private static boolean isUncOrDevicePath(byte[] p) {
++ if (isWindowsPlatform == null) {
++ PrivilegedAction<Boolean> a = new PrivilegedAction<Boolean>() {
++ public Boolean run() {
++ String osname = System.getProperty("os.name");
++ return (osname != null &&
++ osname.toLowerCase().startsWith("win"));
++ }
++ };
++ isWindowsPlatform = AccessController.doPrivileged(a);
++ }
++
++ if (!isWindowsPlatform) {
++ /* no need for the check on platforms except windows */
++ return false;
++ }
++
++ /* normalize prefix of the path */
++ if (p[0] == '/') p[0] = '\\';
++ if (p[1] == '/') p[1] = '\\';
++ if (p[3] == '/') p[3] = '\\';
++
++
++ if ((p[0] == '\\') && (p[1] == '\\')) {
++ if ((p[2] == '?') && (p[3] == '\\')) {
++ // long path: whether unc or local
++ return ((p[4] == 'U' || p[4] == 'u') &&
++ (p[5] == 'N' || p[5] == 'n') &&
++ (p[6] == 'C' || p[6] == 'c'));
++ } else {
++ // device path or short unc notation
++ return true;
++ }
++ } else {
++ return false;
++ }
++ }
+ }
diff -ruN patchesold/icedtea-6636650.patch patches/icedtea-6636650.patch
--- patchesold/icedtea-6636650.patch 1969-12-31 19:00:00.000000000 -0500
+++ patches/icedtea-6636650.patch 2009-03-16 11:48:14.000000000 -0400
@@ -0,0 +1,139 @@
+--- old/src/share/classes/java/lang/ClassLoader.java Fri Jul 31 15:59:47 2009
++++ openjdk/jdk/src/share/classes/java/lang/ClassLoader.java Fri Jul 31 15:59:46 2009
+@@ -147,11 +147,6 @@
+ registerNatives();
+ }
+
+- // If initialization succeed this is set to true and security checks will
+- // succeed. Otherwise the object is not initialized and the object is
+- // useless.
+- private boolean initialized = false;
+-
+ // The parent class loader for delegation
+ private ClassLoader parent;
+
+@@ -177,6 +172,18 @@
+ // to its corresponding Package object.
+ private HashMap packages = new HashMap();
+
++ private static Void checkCreateClassLoader() {
++ SecurityManager security = System.getSecurityManager();
++ if (security != null) {
++ security.checkCreateClassLoader();
++ }
++ return null;
++ }
++
++ private ClassLoader(Void unused, ClassLoader parent) {
++ this.parent = parent;
++ }
++
+ /**
+ * Creates a new class loader using the specified parent class loader for
+ * delegation.
+@@ -197,12 +204,7 @@
+ * @since 1.2
+ */
+ protected ClassLoader(ClassLoader parent) {
+- SecurityManager security = System.getSecurityManager();
+- if (security != null) {
+- security.checkCreateClassLoader();
+- }
+- this.parent = parent;
+- initialized = true;
++ this(checkCreateClassLoader(), parent);
+ }
+
+ /**
+@@ -221,15 +223,9 @@
+ * of a new class loader.
+ */
+ protected ClassLoader() {
+- SecurityManager security = System.getSecurityManager();
+- if (security != null) {
+- security.checkCreateClassLoader();
+- }
+- this.parent = getSystemClassLoader();
+- initialized = true;
++ this(checkCreateClassLoader(), getSystemClassLoader());
+ }
+
+-
+ // -- Class --
+
+ /**
+@@ -611,7 +607,6 @@
+ ProtectionDomain protectionDomain)
+ throws ClassFormatError
+ {
+- check();
+ protectionDomain = preDefineClass(name, protectionDomain);
+
+ Class c = null;
+@@ -693,8 +688,6 @@
+ ProtectionDomain protectionDomain)
+ throws ClassFormatError
+ {
+- check();
+-
+ int len = b.remaining();
+
+ // Use byte[] if not a direct ByteBufer:
+@@ -842,7 +835,6 @@
+ * @see #defineClass(String, byte[], int, int)
+ */
+ protected final void resolveClass(Class<?> c) {
+- check();
+ resolveClass0(c);
+ }
+
+@@ -873,7 +865,6 @@
+ protected final Class<?> findSystemClass(String name)
+ throws ClassNotFoundException
+ {
+- check();
+ ClassLoader system = getSystemClassLoader();
+ if (system == null) {
+ if (!checkName(name))
+@@ -886,7 +877,6 @@
+ private Class findBootstrapClass0(String name)
+ throws ClassNotFoundException
+ {
+- check();
+ if (!checkName(name))
+ throw new ClassNotFoundException(name);
+ return findBootstrapClass(name);
+@@ -895,13 +885,6 @@
+ private native Class findBootstrapClass(String name)
+ throws ClassNotFoundException;
+
+- // Check to make sure the class loader has been initialized.
+- private void check() {
+- if (!initialized) {
+- throw new SecurityException("ClassLoader object not initialized");
+- }
+- }
+-
+ /**
+ * Returns the class with the given <a href="#name">binary name</a> if this
+ * loader has been recorded by the Java virtual machine as an initiating
+@@ -917,7 +900,6 @@
+ * @since 1.1
+ */
+ protected final Class<?> findLoadedClass(String name) {
+- check();
+ if (!checkName(name))
+ return null;
+ return findLoadedClass0(name);
+@@ -938,11 +920,9 @@
+ * @since 1.1
+ */
+ protected final void setSigners(Class<?> c, Object[] signers) {
+- check();
+ c.setSigners(signers);
+ }
+
+-
+ // -- Resource --
+
+ /**
Index: java-1.6.0-openjdk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/java-1.6.0-openjdk/F-10/java-1.6.0-openjdk.spec,v
retrieving revision 1.114
retrieving revision 1.115
diff -u -p -r1.114 -r1.115
--- java-1.6.0-openjdk.spec 10 Sep 2009 15:51:44 -0000 1.114
+++ java-1.6.0-openjdk.spec 10 Nov 2009 15:03:41 -0000 1.115
@@ -135,7 +135,7 @@
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{buildver}
-Release: 21.%{openjdkver}%{?dist}
+Release: 22.%{openjdkver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -169,6 +169,7 @@ Patch3: java-1.6.0-openjdk-java-access
Patch4: java-1.6.0-openjdk-accessible-toolkit.patch
Patch5: java-1.6.0-openjdk-sparc-fixes.patch
Patch6: java-1.6.0-openjdk-sparc-hotspot.patch
+Patch7: java-1.6.0-openjdk-securitypatces-20091103.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -405,6 +406,7 @@ make patch
patch -l -p0 < %{PATCH3}
patch -l -p0 < %{PATCH4}
patch -l -p0 < %{PATCH6}
+patch -l -p0 < %{PATCH7}
make
export JAVA_HOME=$(pwd)/%{buildoutputdir}/j2sdk-image
@@ -948,6 +950,22 @@ exit 0
%{_jvmdir}/%{jredir}/lib/%{archinstall}/IcedTeaPlugin.so
%changelog
+* Tue Nov 10 2009 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-22.b16
+- Added java-1.6.0-openjdk-securitypatches-20091103.patch
+- Resolves: rhbz#510197
+- Resolves: rhbz#530053
+- Resolves: rhbz#530057
+- Resolves: rhbz#530061
+- Resolves: rhbz#530062
+- Resolves: rhbz#530063
+- Resolves: rhbz#530067
+- Resolves: rhbz#530098
+- Resolves: rhbz#530173
+- Resolves: rhbz#530175
+- Resolves: rhbz#530296
+- Resolves: rhbz#530297
+- Resolves: rhbz#530300
+
* Thu Sep 9 2009 Lillian Angel <langel at redhat.com> - 1:1.6.0-21.b16
- Removed unneeded patches.
- Updated icedteaver to 1.6
More information about the fedora-extras-commits
mailing list