Update IcedTea-Web to 1.0.1 and fix multiple security vulnerabilities.

CVE-2010-4469: Hotspot backward jsr heap corruption CVE-2010-4465: Swing timer-based security manager bypass CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation CVE-2010-4448: DNS cache poisoning by untrusted applets CVE-2010-4450: Launcher incorrect processing of empty library path entries CVE-2010-4471: Java2D font-related system property leak CVE-2010-4470: JAXP untrusted component state manipulation CVE-2011-0706: Multiple signers privilege escalation Obtained from: icedtea.classpath.org Obtained from: jaxp.java.net
svn path=/head/; revision=269450
2024-12-02 01:20:54 +00:00 · 2011-02-21 19:03:18 +00:00 · 2011-02-21 19:03:18 +00:00 · b6945850a4 · 2021-03-31 03:12:20 +00:00
commit b6945850a4
parent 9e7278d4e8
5 changed files with 1676 additions and 21 deletions
--- a/java/openjdk6/Makefile
+++ b/java/openjdk6/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	openjdk6
 PORTVERSION=	b21
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	java devel
 MASTER_SITES=	http://download.java.net/openjdk/jdk6/promoted/${PORTVERSION}/ \
 		https://java.net/downloads/jaxp/jdk7/:jaxp \
@ -64,7 +64,7 @@ JAXWS_BUILD=	b20
 JAXWSFILE=	jdk6-jaxws-${JAXWS_BUILD}.zip
 JAF_BUILD=	b20
 JAFFILE=	jdk6-jaf-${JAF_BUILD}.zip
-ITWEBVERSION=	1.0
+ITWEBVERSION=	1.0.1
 ITWEBFILE=	icedtea-web-${ITWEBVERSION}${EXTRACT_SUFX}
 JTREGVERSION=	b02
 JTREGFILE=	jtreg-4.1-bin-${JTREGVERSION}_21_may_2010.zip
--- a/java/openjdk6/distinfo
+++ b/java/openjdk6/distinfo
@ -8,7 +8,7 @@ SHA256 (jdk6-jaf-b20.zip) = 78c7b5c9d6271e88ee46abadd018a61f1e9645f8936cc8df1617
 SIZE (jdk6-jaf-b20.zip) = 71243
 SHA256 (apache-ant-1.8.1-bin.tar.bz2) = e0c4e1133b0cb80dc4b29fc48f11b8f57e845e16474472f2749625be5cc66ca9
 SIZE (apache-ant-1.8.1-bin.tar.bz2) = 6702817
-SHA256 (icedtea-web-1.0.tar.gz) = e33413768cdf2ffce66aaff00fed5dd06deb09ed7eb28e522cdad4f29b78e594
-SIZE (icedtea-web-1.0.tar.gz) = 816184
+SHA256 (icedtea-web-1.0.1.tar.gz) = cfcb17e94d6cd406e7aceb08de2ae7c03fe3f2a730829cc5ac54ca6a90a9d46e
+SIZE (icedtea-web-1.0.1.tar.gz) = 834803
 SHA256 (jtreg-4.1-bin-b02_21_may_2010.zip) = 9a9ca107e8004e8d29e6c708e03e347c38ac4d7fdfd1930a25d6dc5cf61ad0f4
 SIZE (jtreg-4.1-bin-b02_21_may_2010.zip) = 5038412
--- a/java/openjdk6/files/patch-FloatingDecimal.java
+++ b/java/openjdk6/files/patch-FloatingDecimal.java
@ -1,11 +0,0 @@
--- jdk/src/share/classes/sun/misc/FloatingDecimal.java.orig	2010-06-21 14:15:30.000000000 -0700
-+++ jdk/src/share/classes/sun/misc/FloatingDecimal.java	2011-02-08 22:30:49.000000000 -0800
-@@ -1547,7 +1547,7 @@
-                 if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
-                     overvalue = true; // our candidate is too big.
-                     diff = bigB.sub( bigD );
-                    if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
-+                    if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
-                         // candidate is a normalized exact power of 2 and
-                         // is too big. We will be subtracting.
-                         // For our purposes, ulp is the ulp of the
--- a/java/openjdk6/files/patch-security
+++ b/java/openjdk6/files/patch-security
--- a/java/openjdk6/files/patch-set
+++ b/java/openjdk6/files/patch-set
@ -7173,13 +7173,14 @@
 #ifdef ZERO
 #define CPU      ZERO_LIBARCH
 --- hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp	2011-01-20 18:51:22.000000000 -0500
-+++ hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp	2011-02-01 17:47:12.000000000 -0500
-@@ -71,12 +71,25 @@
+++ hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp	2011-02-17 19:23:36.000000000 -0500
+@@ -71,12 +71,26 @@
 # include <sys/procfs.h>
 # endif
 
 -#ifdef LINUX
 +#if defined(LINUX) || defined(_ALLBSD_SOURCE)
+#define __STDC_LIMIT_MACROS
 #include <inttypes.h>
 #include <signal.h>
 +#ifndef __OpenBSD__
@ -7202,7 +7203,7 @@
 
 // 4810578: varargs unsafe on 32-bit integer/64-bit pointer architectures
 // When __cplusplus is defined, NULL is defined as 0 (32-bit constant) in
-@@ -112,7 +125,7 @@
+@@ -112,7 +126,7 @@
 // pointer is stored as integer value.  On some platforms, sizeof(intptr_t) >
 // sizeof(void*), so here we want something which is integer type, but has the
 // same size as a pointer.
@ -7211,7 +7212,7 @@
   #ifdef _LP64
     #define NULL_WORD  0L
   #else
-@@ -124,7 +137,7 @@
+@@ -124,7 +138,7 @@
   #define NULL_WORD  NULL
 #endif
 
@ -7220,7 +7221,7 @@
 // Compiler-specific primitive types
 typedef unsigned short     uint16_t;
 #ifndef _UINT32_T
-@@ -144,7 +157,7 @@
+@@ -144,7 +158,7 @@
 // prior definition of intptr_t, and add "&& !defined(XXX)" above.
 #endif // _SYS_INT_TYPES_H
 
@ -7229,7 +7230,7 @@
 
 // Additional Java basic types
 
-@@ -236,7 +249,9 @@
+@@ -236,7 +250,9 @@
 inline int g_isnan(float  f) { return isnand(f); }
 #endif
 inline int g_isnan(double f) { return isnand(f); }