From 7335ca1d71fb97362170a5ef4bff920e0ce7280a Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 31 Aug 2016 16:45:14 -0400 Subject: [PATCH] gnu: icedtea-6: Update to 1.13.12 [security fixes]. Fixes CVE-2016-{3458,3485,3500,3508,3550,3606}. * gnu/packages/java.scm (icedtea-6): Update to 1.13.12. [source]: Remove 'icedtea-remove-overrides' patch. [arguments]: Move ALSA header substitution to 'patch-paths' phase. * gnu/packages/patches/icedtea-remove-overrides.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/java.scm | 24 +- .../patches/icedtea-remove-overrides.patch | 291 ------------------ 3 files changed, 12 insertions(+), 304 deletions(-) delete mode 100644 gnu/packages/patches/icedtea-remove-overrides.patch diff --git a/gnu/local.mk b/gnu/local.mk index 5ec47fc7df..457dc1965d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -576,7 +576,6 @@ dist_patch_DATA = \ %D%/packages/patches/icecat-CVE-2016-2824.patch \ %D%/packages/patches/icecat-CVE-2016-2828.patch \ %D%/packages/patches/icecat-CVE-2016-2831.patch \ - %D%/packages/patches/icedtea-remove-overrides.patch \ %D%/packages/patches/icu4c-CVE-2014-6585.patch \ %D%/packages/patches/icu4c-CVE-2015-1270.patch \ %D%/packages/patches/icu4c-CVE-2015-4760.patch \ diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 3e0b034950..7387235c5b 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -337,16 +337,15 @@ build process and its dependencies, whereas Make uses Makefile format.") (define-public icedtea-6 (package (name "icedtea") - (version "1.13.11") + (version "1.13.12") (source (origin (method url-fetch) (uri (string-append "http://icedtea.wildebeest.org/download/source/icedtea6-" version ".tar.xz")) - (patches (search-patches "icedtea-remove-overrides.patch")) (sha256 (base32 - "1grki39a4rf8n74zc0iglcggxxbpniyfh1gk1lb10p63zvvcsvjj")) + "1q5iqm3dzqj8w3dwj6qqhczkkrslrfhmn3110klfwq9kyi2nimj8")) (modules '((guix build utils))) (snippet '(substitute* "Makefile.in" @@ -441,13 +440,7 @@ build process and its dependencies, whereas Make uses Makefile format.") (substitute* '("patches/jtreg-jrunscript.patch" "patches/hotspot/hs23/drop_unlicensed_test.patch") (("#!/bin/sh") (string-append "#!" (which "sh")))) - - ;; fix path to alsa header in patch - (substitute* "patches/openjdk/6799141-split_out_versions.patch" - (("ALSA_INCLUDE=/usr/include/alsa/version.h") - (string-append "ALSA_INCLUDE=" - (assoc-ref %build-inputs "alsa-lib") - "/include/alsa/version.h"))))) + #t)) (add-after 'unpack 'patch-paths (lambda _ ;; buildtree.make generates shell scripts, so we need to replace @@ -475,6 +468,13 @@ build process and its dependencies, whereas Make uses Makefile format.") (("DEF_OBJCOPY *=.*objcopy") (string-append "DEF_OBJCOPY = " (which "objcopy")))) + ;; fix path to alsa header + (substitute* "openjdk.src/jdk/make/common/shared/Sanity.gmk" + (("ALSA_INCLUDE=/usr/include/alsa/version.h") + (string-append "ALSA_INCLUDE=" + (assoc-ref %build-inputs "alsa-lib") + "/include/alsa/version.h"))) + ;; fix hard-coded utility paths (substitute* '("openjdk.src/jdk/make/common/shared/Defs-utils.gmk" "openjdk.src/corba/make/common/shared/Defs-utils.gmk") @@ -764,10 +764,10 @@ build process and its dependencies, whereas Make uses Makefile format.") ("openjdk6-src" ,(origin (method url-fetch) - (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b39-03_may_2016.tar.gz") + (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b40-22_aug_2016.tar.gz") (sha256 (base32 - "1brxbsgwcj4js26y5lk6capc3pvghgjidvv9cavw6z8n7c7aw8af")))) + "01v4q7g9pa6w7m6yxply5yrin08jgv12fck665xnmp09bpxy8sa5")))) ("lcms" ,lcms) ("zlib" ,zlib) ("gtk" ,gtk+-2) diff --git a/gnu/packages/patches/icedtea-remove-overrides.patch b/gnu/packages/patches/icedtea-remove-overrides.patch deleted file mode 100644 index e4d68a9e58..0000000000 --- a/gnu/packages/patches/icedtea-remove-overrides.patch +++ /dev/null @@ -1,291 +0,0 @@ -Upstream patch: -http://icedtea.classpath.org/hg/icedtea6/rev/60be25a84f2d - -Fixes build failure: -http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2954 - -Changes to the files 'NEWS' and 'ChangeLog' are omitted here. - -# HG changeset patch -# User Andrew John Hughes -# Date 1463144538 -3600 -# Node ID 60be25a84f2dd2bce8ff277cc3854cca1b3f7931 -# Parent c23ceebb80a19a33316f1e743eb93bdf79aac220 -PR2954: ecj/override.patch is missing new @Overrides in RMIJRMPServerImpl.java - -2016-05-13 Andrew John Hughes - - PR2954: ecj/override.patch is missing new - @Overrides in RMIJRMPServerImpl.java - * patches/ecj/override.patch: - Add cases in RMIJRMPServerImpl and others - which show up when source/target 5 is - used in the rt-class-files pre-build. - * patches/openjdk/8014205-blank_swing_dialogs_windows.patch: - Remove addition of @Override. - -diff -r c23ceebb80a1 -r 60be25a84f2d patches/ecj/override.patch ---- a/patches/ecj/override.patch Sun May 08 21:28:21 2016 +0100 -+++ b/patches/ecj/override.patch Fri May 13 14:02:18 2016 +0100 -@@ -362,3 +362,240 @@ - public Class run() { - try { - ReflectUtil.checkPackageAccess(className); -+diff -r 545db1dd8c2a src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java -+--- openjdk-ecj/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java Thu May 12 01:30:54 2016 +0100 -+@@ -1870,7 +1870,6 @@ -+ -+ private ModifiableClassLoaderRepository getInstantiatorCLR() { -+ return AccessController.doPrivileged(new PrivilegedAction() { -+- @Override -+ public ModifiableClassLoaderRepository run() { -+ return instantiator != null ? instantiator.getClassLoaderRepository() : null; -+ } -+diff -r 545db1dd8c2a src/share/classes/com/sun/media/sound/Platform.java -+--- openjdk-ecj/jdk/src/share/classes/com/sun/media/sound/Platform.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/com/sun/media/sound/Platform.java Thu May 12 01:30:54 2016 +0100 -+@@ -160,7 +160,6 @@ -+ try { -+ // load the main library -+ AccessController.doPrivileged(new PrivilegedAction() { -+- @Override -+ public Void run() { -+ System.loadLibrary(libNameMain); -+ return null; -+@@ -182,7 +181,6 @@ -+ final String lib = st.nextToken(); -+ try { -+ AccessController.doPrivileged(new PrivilegedAction() { -+- @Override -+ public Void run() { -+ System.loadLibrary(lib); -+ return null; -+diff -r 545db1dd8c2a src/share/classes/java/awt/EventQueue.java -+--- openjdk-ecj/jdk/src/share/classes/java/awt/EventQueue.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/java/awt/EventQueue.java Thu May 12 01:30:54 2016 +0100 -+@@ -190,7 +190,6 @@ -+ EventQueue.invokeAndWait(source, r); -+ } -+ -+- @Override -+ public long getMostRecentEventTime(EventQueue eventQueue) { -+ return eventQueue.getMostRecentEventTimeImpl(); -+ } -+diff -r 545db1dd8c2a src/share/classes/java/io/ObjectInputStream.java -+--- openjdk-ecj/jdk/src/share/classes/java/io/ObjectInputStream.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/java/io/ObjectInputStream.java Thu May 12 01:30:54 2016 +0100 -+@@ -3571,7 +3571,6 @@ -+ } -+ static { -+ SharedSecrets.setJavaObjectInputStreamAccess(new JavaObjectInputStreamAccess() { -+- @Override -+ public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) { -+ ObjectInputStream.setValidator(ois, validator); -+ } -+diff -r 545db1dd8c2a src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java -+--- openjdk-ecj/jdk/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java Thu May 12 01:30:54 2016 +0100 -+@@ -64,7 +64,6 @@ -+ final String propName = "sun.rmi.server.invocationhandler.allowFinalizeInvocation"; -+ String allowProp = java.security.AccessController.doPrivileged( -+ new PrivilegedAction() { -+- @Override -+ public String run() { -+ return System.getProperty(propName); -+ } -+diff -r 545db1dd8c2a src/share/classes/sun/awt/image/SunVolatileImage.java -+--- openjdk-ecj/jdk/src/share/classes/sun/awt/image/SunVolatileImage.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/sun/awt/image/SunVolatileImage.java Thu May 12 01:30:54 2016 +0100 -+@@ -262,7 +262,6 @@ -+ * -+ * @see sun.java2d.DestSurfaceProvider#getDestSurface -+ */ -+- @Override -+ public Surface getDestSurface() { -+ return volSurfaceManager.getPrimarySurfaceData(); -+ } -+diff -r 545db1dd8c2a src/share/classes/sun/java2d/SunGraphics2D.java -+--- openjdk-ecj/jdk/src/share/classes/sun/java2d/SunGraphics2D.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/sun/java2d/SunGraphics2D.java Thu May 12 01:30:54 2016 +0100 -+@@ -3294,7 +3294,6 @@ -+ * -+ * @see sun.java2d.DestSurfaceProvider#getDestSurface -+ */ -+- @Override -+ public Surface getDestSurface() { -+ return surfaceData; -+ } -+diff -r 545db1dd8c2a src/share/classes/sun/rmi/server/UnicastServerRef.java -+--- openjdk-ecj/jdk/src/share/classes/sun/rmi/server/UnicastServerRef.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/sun/rmi/server/UnicastServerRef.java Thu May 12 01:30:54 2016 +0100 -+@@ -630,12 +630,10 @@ -+ this.callID = callID; -+ } -+ -+- @Override -+ public void validateDescriptor(ObjectStreamClass descriptor) { -+ descriptorCheck.check(method, descriptor, parameterIndex, callID); -+ } -+ -+- @Override -+ public void checkProxyInterfaceNames(String[] ifaces) { -+ descriptorCheck.checkProxyClass(method, ifaces, parameterIndex, callID); -+ } -+diff -r 545db1dd8c2a src/share/classes/sun/rmi/transport/Transport.java -+--- openjdk-ecj/jdk/src/share/classes/sun/rmi/transport/Transport.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/sun/rmi/transport/Transport.java Thu May 12 01:30:54 2016 +0100 -+@@ -133,7 +133,6 @@ -+ */ -+ private static void setContextClassLoader(final ClassLoader ccl) { -+ AccessController.doPrivileged(new PrivilegedAction () { -+- @Override -+ public Void run() { -+ Thread.currentThread().setContextClassLoader(ccl); -+ return null; -+diff -r 545db1dd8c2a src/share/classes/sun/rmi/transport/tcp/TCPTransport.java -+--- openjdk-ecj/jdk/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java Thu May 12 01:30:54 2016 +0100 -+@@ -676,7 +676,6 @@ -+ connectionCount.incrementAndGet() + -+ ")-" + remoteHost); -+ AccessController.doPrivileged(new PrivilegedAction() { -+- @Override -+ public Void run() { -+ run0(); -+ return null; -+diff -r 545db1dd8c2a src/solaris/classes/sun/java2d/opengl/GLXGraphicsConfig.java -+--- openjdk-ecj/jdk/src/solaris/classes/sun/java2d/opengl/GLXGraphicsConfig.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/solaris/classes/sun/java2d/opengl/GLXGraphicsConfig.java Thu May 12 01:30:54 2016 +0100 -+@@ -92,7 +92,6 @@ -+ return this; -+ } -+ -+- @Override -+ public SurfaceData createManagedSurface(int w, int h, int transparency) { -+ return GLXSurfaceData.createData(this, w, h, -+ getColorModel(transparency), -+@@ -165,12 +164,10 @@ -+ * Returns true if the provided capability bit is present for this config. -+ * See OGLContext.java for a list of supported capabilities. -+ */ -+- @Override -+ public final boolean isCapPresent(int cap) { -+ return ((oglCaps.getCaps() & cap) != 0); -+ } -+ -+- @Override -+ public final long getNativeConfigInfo() { -+ return pConfigInfo; -+ } -+@@ -180,7 +177,6 @@ -+ * -+ * @see sun.java2d.pipe.hw.BufferedContextProvider#getContext -+ */ -+- @Override -+ public final OGLContext getContext() { -+ return context; -+ } -+@@ -394,7 +390,6 @@ -+ * -+ * @see sun.java2d.pipe.hw.AccelGraphicsConfig#createCompatibleVolatileImage -+ */ -+- @Override -+ public VolatileImage -+ createCompatibleVolatileImage(int width, int height, -+ int transparency, int type) -+@@ -434,17 +429,14 @@ -+ * -+ * @see sun.java2d.pipe.hw.AccelGraphicsConfig#getContextCapabilities -+ */ -+- @Override -+ public ContextCapabilities getContextCapabilities() { -+ return oglCaps; -+ } -+ -+- @Override -+ public void addDeviceEventListener(AccelDeviceEventListener l) { -+ AccelDeviceEventNotifier.addListener(l, screen.getScreen()); -+ } -+ -+- @Override -+ public void removeDeviceEventListener(AccelDeviceEventListener l) { -+ AccelDeviceEventNotifier.removeListener(l); -+ } -+diff -r 545db1dd8c2a src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java -+--- openjdk-ecj/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Wed May 04 23:23:55 2016 +0100 -++++ openjdk-ecj/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Thu May 12 01:51:42 2016 +0100 -+@@ -236,7 +236,6 @@ -+ final MBeanInstantiator fInstantiator = instantiator; -+ this.secureClr = new -+ SecureClassLoaderRepository(AccessController.doPrivileged(new PrivilegedAction() { -+- @Override -+ public ClassLoaderRepository run() { -+ return fInstantiator.getClassLoaderRepository(); -+ } -+@@ -1257,7 +1256,6 @@ -+ ClassLoader myLoader = outerShell.getClass().getClassLoader(); -+ final ModifiableClassLoaderRepository loaders = AccessController.doPrivileged(new PrivilegedAction() { -+ -+- @Override -+ public ModifiableClassLoaderRepository run() { -+ return instantiator.getClassLoaderRepository(); -+ } -+diff -r b72e7b89dda9 src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java -+--- openjdk-ecj/jdk/src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java Thu Sep 08 11:00:33 2011 -0700 -++++ openjdk-ecj/jdk/src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java Thu May 12 16:39:37 2016 +0100 -+@@ -227,17 +227,14 @@ -+ allowedTypes = credentialsTypes; -+ } -+ -+- @Override -+ public String getVersion() throws RemoteException { -+ return impl.getVersion(); -+ } -+ -+- @Override -+ public RMIConnection newClient(Object credentials) throws IOException { -+ return impl.newClient(credentials); -+ } -+ -+- @Override -+ public void check(Method method, ObjectStreamClass descriptor, -+ int paramIndex, int callID) { -+ -+@@ -247,7 +244,6 @@ -+ } -+ } -+ -+- @Override -+ public void checkProxyClass(Method method, String[] ifaces, -+ int paramIndex, int callID) { -+ if (ifaces != null && ifaces.length > 0) { -+@@ -259,7 +255,6 @@ -+ } -+ } -+ -+- @Override -+ public void end(int callID) { -+ /* Do nothing */ -+ } -diff -r c23ceebb80a1 -r 60be25a84f2d patches/openjdk/8014205-blank_swing_dialogs_windows.patch ---- a/patches/openjdk/8014205-blank_swing_dialogs_windows.patch Sun May 08 21:28:21 2016 +0100 -+++ b/patches/openjdk/8014205-blank_swing_dialogs_windows.patch Fri May 13 14:02:18 2016 +0100 -@@ -116,7 +116,7 @@ - { - if (numBands == 3 && !ccm.hasAlpha()) { - imageType = TYPE_3BYTE_BGR; --@@ -804,6 +801,27 @@ -+@@ -804,6 +801,26 @@ - } // else if ((raster instanceof ByteComponentRaster) && - } - -@@ -129,7 +129,6 @@ - + new PrivilegedAction() - + { - + --+ @Override - + public Boolean run() { - + final ClassLoader std = System.class.getClassLoader(); - + -