[packages/icedtea8] Up to 3.3.0. SECURITY fixes

arekm arekm at pld-linux.org
Sun Jan 29 10:07:42 CET 2017 

commit 48ab9d62e18dd82c202f3fcbe300eb1c276ba8cd
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Sun Jan 29 10:06:58 2017 +0100

    Up to 3.3.0. SECURITY fixes
    
    S8138725: Add options for Javadoc generation
    S8140353: Improve signature checking
    S8151934, CVE-2017-3231: Resolve class resolution
    S8156804, CVE-2017-3241: Better constraint checking
    S8158406: Limited Parameter Processing
    S8158997: JNDI Protocols Switch
    S8159507: RuntimeVisibleAnnotation validation
    S8161218: Better bytecode loading
    S8161743, CVE-2017-3252: Provide proper login context
    S8162577: Standardize logging levels
    S8162973: Better component components
    S8164143, CVE-2017-3260: Improve components for menu items
    S8164147, CVE-2017-3261: Improve streaming socket output
    S8165071, CVE-2016-2183: Expand TLS support
    S8165344, CVE-2017-3272: Update concurrency support
    S8166988, CVE-2017-3253: Improve image processing performance
    S8167104, CVE-2017-3289: Additional class construction refinements
    S8167223, CVE-2016-5552: URL handling improvements
    S8168705, CVE-2016-5547: Better ObjectIdentifier validation
    S8168714, CVE-2016-5546: Tighten ECDSA validation
    S8168728, CVE-2016-5548: DSA signing improvments
    S8168724, CVE-2016-5549: ECDSA signing improvments

 icedtea8-heimdal.patch | 13 +++++++++----
 icedtea8-x32-ac.patch  |  5 ++++-
 icedtea8.spec          | 22 +++++++++++-----------
 openjdk-heimdal.patch  | 13 +++++++++----
 4 files changed, 33 insertions(+), 20 deletions(-)
---
diff --git a/icedtea8.spec b/icedtea8.spec
index 02d51b5..befcf5b 100644
--- a/icedtea8.spec
+++ b/icedtea8.spec
@@ -31,28 +31,28 @@
 Summary:	OpenJDK and GNU Classpath code
 Summary(pl.UTF-8):	Kod OpenJDK i GNU Classpath
 Name:		icedtea8
-Version:	3.2.0
-Release:	2
+Version:	3.3.0
+Release:	1
 License:	GPL v2
 Group:		Development/Languages/Java
 Source0:	http://icedtea.wildebeest.org/download/source/icedtea-%{version}.tar.gz
-# Source0-md5:	c25ceec95f8df5066c617b14f2735227
+# Source0-md5:	eb6fc764df734e284cb485de909d7a31
 Source1:	http://icedtea.wildebeest.org/download/drops/icedtea8/%{version}/openjdk.tar.xz
-# Source1-md5:	c7a7681fff0afda6a897b135820a1440
+# Source1-md5:	2d1c5467d3c7818ee7ec81d37c1bbbd4
 Source2:	http://icedtea.wildebeest.org/download/drops/icedtea8/%{version}/corba.tar.xz
-# Source2-md5:	19a12dc608da61a6878f4614a91156af
+# Source2-md5:	1bc8c5b63eca3918f1c4c934bf66b233
 Source3:	http://icedtea.wildebeest.org/download/drops/icedtea8/%{version}/jaxp.tar.xz
-# Source3-md5:	8b1171ec1060517fc1c4eee162c78b33
+# Source3-md5:	2b3559177fead9ccb56db07191102870
 Source4:	http://icedtea.wildebeest.org/download/drops/icedtea8/%{version}/jaxws.tar.xz
-# Source4-md5:	ca6bbcdb0f87399bd0a5481ad55939c8
+# Source4-md5:	92612fa7cfecf27357743c932a091b9b
 Source5:	http://icedtea.wildebeest.org/download/drops/icedtea8/%{version}/jdk.tar.xz
-# Source5-md5:	5f5d90b7036f1e8561f6943308528e80
+# Source5-md5:	2a732b3f46453fb45b1a37b7c1ab3db8
 Source6:	http://icedtea.wildebeest.org/download/drops/icedtea8/%{version}/langtools.tar.xz
-# Source6-md5:	9d105ca8e4de3936fe1a4916ec30ad7f
+# Source6-md5:	b10431e5823ac859de631e183b1d0b67
 Source7:	http://icedtea.wildebeest.org/download/drops/icedtea8/%{version}/hotspot.tar.xz
-# Source7-md5:	cc5f423ed2949ee8a7e25d43f0cb425f
+# Source7-md5:	e600f285d00ee367b4129450c35f113a
 Source8:	http://icedtea.wildebeest.org/download/drops/icedtea8/%{version}/nashorn.tar.xz
-# Source8-md5:	05fa4f0110a5c9c18828a3e359b1adde
+# Source8-md5:	9cc3887801b7ad6c290c4adf4a742130
 Source10:	make-cacerts.sh
 # 0-99 patches for the IcedTea files
 Patch0:		%{name}-x32-ac.patch
diff --git a/icedtea8-heimdal.patch b/icedtea8-heimdal.patch
index 0030f69..f35c294 100644
--- a/icedtea8-heimdal.patch
+++ b/icedtea8-heimdal.patch
@@ -1,12 +1,17 @@
---- icedtea-3.2.0/acinclude.m4.orig	2016-11-10 09:04:36.000000000 +0100
-+++ icedtea-3.2.0/acinclude.m4	2016-11-10 09:06:11.000000000 +0100
-@@ -1814,10 +1814,10 @@
+--- icedtea-3.3.0/acinclude.m4~	2017-01-29 09:13:46.000000000 +0100
++++ icedtea-3.3.0/acinclude.m4	2017-01-29 09:14:35.735520204 +0100
+@@ -1822,15 +1822,10 @@ AC_DEFUN_ONCE([IT_CHECK_FOR_KERBEROS],
    AC_MSG_RESULT(${ENABLE_SYSTEM_KERBEROS})
    if test x"${ENABLE_SYSTEM_KERBEROS}" = "xyes"; then
      dnl Check for krb5 header and library.
 -    PKG_CHECK_MODULES(KRB5, krb5, [KRB5_FOUND=yes], [KRB5_FOUND=no])
 -    if test "x${KRB5_FOUND}" = "xno"; then
--      AC_MSG_ERROR([Could not find Kerberos; install Kerberos or build with --disable-system-kerberos to use the default cache location.])
+-      AC_MSG_NOTICE([Could not find Kerberos using pkg-config; trying via krb5.h and krb5 library])
+-      AC_CHECK_LIB([krb5], [krb5_cc_default],
+-        , [AC_MSG_ERROR([Could not find Kerberos library; install Kerberos or build with --disable-system-kerberos to use the default cache location.])])
+-      AC_CHECK_HEADER([krb5.h],
+-        , [AC_MSG_ERROR([Could not find Kerberos header; install Kerberos or build with --disable-system-kerberos to use the default cache location.])])
+-      KRB5_LIBS="-lkrb5"
 -    fi
 +    KRB5_LIBS=`krb5-config --libs`
 +    KRB5_CFLAGS=`krb5-config --cflags`
diff --git a/icedtea8-x32-ac.patch b/icedtea8-x32-ac.patch
index 9783860..e1ccbf0 100644
--- a/icedtea8-x32-ac.patch
+++ b/icedtea8-x32-ac.patch
@@ -1,24 +1,27 @@
 diff -dur icedtea-3.1.0.orig/acinclude.m4 icedtea-3.1.0/acinclude.m4
 --- icedtea-3.1.0.orig/acinclude.m4	2016-07-25 05:31:28.876207700 +0200
 +++ icedtea-3.1.0/acinclude.m4	2016-09-20 12:56:21.236580626 +0200
-@@ -2,10 +2,18 @@
+@@ -2,11 +2,20 @@ AC_DEFUN([IT_SET_ARCH_SETTINGS],
  [
    case "${target_cpu}" in
      x86_64)
 -      BUILD_ARCH_DIR=amd64
 -      INSTALL_ARCH_DIR=amd64
 -      JRE_ARCH_DIR=amd64
+-      RPM_ARCH=x86_64
 -      ARCHFLAG="-m64"
 +      case "${host}" in
 +        *x32)
 +          BUILD_ARCH_DIR=x32
 +          INSTALL_ARCH_DIR=x32
 +          JRE_ARCH_DIR=x32
++          RPM_ARCH=x32
 +          ;;
 +        *)
 +          BUILD_ARCH_DIR=amd64
 +          INSTALL_ARCH_DIR=amd64
 +          JRE_ARCH_DIR=amd64
++          RPM_ARCH=x86_64
 +          ARCHFLAG="-m64"
 +      esac
        ;;
diff --git a/openjdk-heimdal.patch b/openjdk-heimdal.patch
index a14bd2f..2ae7c23 100644
--- a/openjdk-heimdal.patch
+++ b/openjdk-heimdal.patch
@@ -1,6 +1,6 @@
---- openjdk/common/autoconf/libraries.m4.orig	2016-11-10 09:13:39.000000000 +0100
-+++ openjdk/common/autoconf/libraries.m4	2016-11-10 09:14:24.000000000 +0100
-@@ -954,12 +954,12 @@
+--- openjdk/common/autoconf/libraries.m4~	2017-01-29 09:15:15.000000000 +0100
++++ openjdk/common/autoconf/libraries.m4	2017-01-29 09:24:41.628850960 +0100
+@@ -938,17 +938,12 @@ AC_DEFUN_ONCE([LIB_SETUP_MISC_LIBS],
    AC_MSG_RESULT([$system_krb5])
  
    if test "x${system_krb5}" = "xyes"; then
@@ -8,7 +8,12 @@
 -      if test "x${KRB5_FOUND}" = "xyes"; then
 -	  USE_EXTERNAL_KRB5=true
 -      else
--	  AC_MSG_ERROR([--enable-system-kerberos specified, but Kerberos not found.])
+-	  AC_MSG_NOTICE([Could not find Kerberos using pkg-config; trying via krb5.h and krb5 library])
+-          AC_CHECK_LIB([krb5], [krb5_cc_default],
+-            , [AC_MSG_ERROR([Could not find Kerberos library; install Kerberos or build with --disable-system-kerberos to use the default cache location.])])
+-          AC_CHECK_HEADER([krb5.h],
+-            , [AC_MSG_ERROR([Could not find Kerberos header; install Kerberos or build with --disable-system-kerberos to use the default cache location.])])
+-      	  KRB5_LIBS="-lkrb5"
 -      fi
 +      KRB5_LIBS=`krb5-config --libs`
 +      KRB5_CFLAGS=`krb5-config --cflags`
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/icedtea8.git/commitdiff/48ab9d62e18dd82c202f3fcbe300eb1c276ba8cd

More information about the pld-cvs-commit mailing list