[java-1.6.0-openjdk/f16] - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Updated to icedtea6 1.11.6 * Secu
jiri vanek
jvanek at fedoraproject.org
Sat Feb 2 17:56:59 UTC 2013
commit 16ba10b87fb558c42129d48d4b4a9797d9bfb305
Author: Jiri Vanek <jvanek at jvanek.redhat>
Date: Sat Feb 2 18:57:32 2013 +0100
- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch
- Updated to icedtea6 1.11.6
* Security fixes
- S6563318, CVE-2013-0424: RMI data sanitization
- S6664509, CVE-2013-0425: Add logging context
- S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
- S6776941: CVE-2013-0427: Improve thread pool shutdown
- S7141694, CVE-2013-0429: Improving CORBA internals
- S7173145: Improve in-memory representation of splashscreens
- S7186945: Unpack200 improvement
- S7186946: Refine unpacker resource usage
- S7186948: Improve Swing data validation
- S7186952, CVE-2013-0432: Improve clipboard access
- S7186954: Improve connection performance
- S7186957: Improve Pack200 data validation
- S7192392, CVE-2013-0443: Better validation of client keys
- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
- S7192977, CVE-2013-0442: Issue in toolkit thread
- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
- S7200491: Tighten up JTable layout code
- S7200500: Launcher better input validation
- S7201064: Better dialogue checking
- S7201066, CVE-2013-0441: Change modifiers on unused fields
- S7201068, CVE-2013-0435: Better handling of UI elements
- S7201070: Serialization to conform to protocol
- S7201071, CVE-2013-0433: InetSocketAddress serialization issue
- S8000210: Improve JarFile code quality
- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
- S8000540, CVE-2013-1475: Improve IIOP type reuse management
- S8000631, CVE-2013-1476: Restrict access to class constructor
- S8001235, CVE-2013-0434: Improve JAXP HTTP handling
- S8001242: Improve RMI HTTP conformance
- S8001307: Modify ACC_SUPER behavior
- S8001972, CVE-2013-1478: Improve image processing
- S8002325, CVE-2013-1480: Improve management of images
* Backports
- S7010849: 5/5 Extraneous javac source/target options when building sa-jdi
.gitignore | 1 +
...1.6.0-openjdk-java-access-bridge-security.patch | 28 +++++++-----
java-1.6.0-openjdk.spec | 44 +++++++++++++++++++-
sources | 2 +-
4 files changed, 60 insertions(+), 15 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 3077c92..c5a3782 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,3 +33,4 @@ icedtea6-1.8.tar.gz
/icedtea6-1.11.3.tar.gz
/icedtea6-1.11.4.tar.gz
/icedtea6-1.11.5.tar.gz
+/icedtea6-1.11.6.tar.gz
diff --git a/java-1.6.0-openjdk-java-access-bridge-security.patch b/java-1.6.0-openjdk-java-access-bridge-security.patch
index 3f202aa..5edc1a0 100644
--- a/java-1.6.0-openjdk-java-access-bridge-security.patch
+++ b/java-1.6.0-openjdk-java-access-bridge-security.patch
@@ -1,20 +1,24 @@
--- openjdk/jdk/src/share/lib/security/java.security-src
+++ openjdk/jdk/src/share/lib/security/java.security
-@@ -131,7 +131,7 @@
- # passed to checkPackageAccess unless the
- # corresponding RuntimePermission ("accessClassInPackage."+package) has
- # been granted.
--package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
-+package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,org.GNOME.Accessibility.,org.GNOME.Bonobo.
+@@ -136,7 +136,9 @@
+ com.sun.imageio.,\
+ com.sun.istack.internal.,\
+ com.sun.jmx.defaults.,\
+- com.sun.jmx.remote.util.
++ com.sun.jmx.remote.util.,\
++ org.GNOME.Accessibility.,\
++ org.GNOME.Bonobo.
#
# List of comma-separated packages that start with or equal this string
-@@ -143,7 +143,7 @@
- # by default, none of the class loaders supplied with the JDK call
- # checkPackageDefinition.
- #
--package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
-+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,org.GNOME.Accessibility.,org.GNOME.Bonobo.
+@@ -153,7 +155,9 @@
+ com.sun.imageio.,\
+ com.sun.istack.internal.,\
+ com.sun.jmx.defaults.,\
+- com.sun.jmx.remote.util.
++ com.sun.jmx.remote.util.,\
++ org.GNOME.Accessibility.,\
++ org.GNOME.Bonobo.
#
# Determines whether this properties file can be appended to
diff --git a/java-1.6.0-openjdk.spec b/java-1.6.0-openjdk.spec
index ab6ae10..38103e9 100644
--- a/java-1.6.0-openjdk.spec
+++ b/java-1.6.0-openjdk.spec
@@ -6,7 +6,7 @@
# If runtests is 0 test suites will not be run.
%define runtests 0
-%define icedteaver 1.11.5
+%define icedteaver 1.11.6
%define icedteasnapshot %{nil}
%define openjdkver b24
%define openjdkdate 14_nov_2011
@@ -138,7 +138,7 @@
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{buildver}
-Release: 68.%{icedteaver}%{?dist}
+Release: 69.%{icedteaver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -899,6 +899,46 @@ exit 0
%doc %{_javadocdir}/%{name}
%changelog
+* Sat Jan 15 2013 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-1.69.1.11.6
+- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch
+- Updated to icedtea6 1.11.6
+* Security fixes
+ - S6563318, CVE-2013-0424: RMI data sanitization
+ - S6664509, CVE-2013-0425: Add logging context
+ - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
+ - S6776941: CVE-2013-0427: Improve thread pool shutdown
+ - S7141694, CVE-2013-0429: Improving CORBA internals
+ - S7173145: Improve in-memory representation of splashscreens
+ - S7186945: Unpack200 improvement
+ - S7186946: Refine unpacker resource usage
+ - S7186948: Improve Swing data validation
+ - S7186952, CVE-2013-0432: Improve clipboard access
+ - S7186954: Improve connection performance
+ - S7186957: Improve Pack200 data validation
+ - S7192392, CVE-2013-0443: Better validation of client keys
+ - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
+ - S7192977, CVE-2013-0442: Issue in toolkit thread
+ - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
+ - S7200491: Tighten up JTable layout code
+ - S7200500: Launcher better input validation
+ - S7201064: Better dialogue checking
+ - S7201066, CVE-2013-0441: Change modifiers on unused fields
+ - S7201068, CVE-2013-0435: Better handling of UI elements
+ - S7201070: Serialization to conform to protocol
+ - S7201071, CVE-2013-0433: InetSocketAddress serialization issue
+ - S8000210: Improve JarFile code quality
+ - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
+ - S8000540, CVE-2013-1475: Improve IIOP type reuse management
+ - S8000631, CVE-2013-1476: Restrict access to class constructor
+ - S8001235, CVE-2013-0434: Improve JAXP HTTP handling
+ - S8001242: Improve RMI HTTP conformance
+ - S8001307: Modify ACC_SUPER behavior
+ - S8001972, CVE-2013-1478: Improve image processing
+ - S8002325, CVE-2013-1480: Improve management of images
+* Backports
+ - S7010849: 5/5 Extraneous javac source/target options when building sa-jdi
+
+
* Fri Oct 12 2012 Deepak Bhole <dbhole at redhat.com> - 1:1.6.0.0-68.1.11.5
- Updated to IcedTea6-1.11.5
- Updated java-1.7.0-openjdk-java-access-bridge-security.patch
diff --git a/sources b/sources
index 4b35b80..fc214a9 100644
--- a/sources
+++ b/sources
@@ -5,4 +5,4 @@ c12f124672a97c7491530fed2c0facdc java-access-bridge-1.23.0.tar.bz2
bc95c133620bd68c161cac9891592901 jdk6-jaf-b20.zip
8fd91b09b643a19a912b8a75e7a7a9d5 jdk6-jaxws2_1_6-2011_06_13.zip
7ecb35d87da256e2d4510ce22f56a2bd openjdk-6-src-b24-14_nov_2011-fedora.tar.gz
-3c1865fc6358806e51c8a7a1c8a00a8d icedtea6-1.11.5.tar.gz
+bce2a3dd633d58897e82cf57fd67e6b1 icedtea6-1.11.6.tar.gz
More information about the scm-commits
mailing list