diff options
author | J0WI <J0WI@users.noreply.github.com> | 2020-07-17 17:44:15 +0200 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-08-10 04:55:50 +0000 |
commit | 9ff6848e18b6eb0cbff61ba0ff3da449b7f7429c (patch) | |
tree | 3f4d3014c26fc08a0f2cfab6234298c1bdd36895 | |
parent | 9acc45896cee214a02d4e17c622ac4bdea1d9e17 (diff) |
community/openjdk8: security upgrade to 8.252.09
- CVE-2020-2754
- CVE-2020-2755
- CVE-2020-2756
- CVE-2020-2757
- CVE-2020-2773
- CVE-2020-2781
- CVE-2020-2800
- CVE-2020-2803
- CVE-2020-2805
- CVE-2020-2830
-rw-r--r-- | community/openjdk8/APKBUILD | 39 | ||||
-rw-r--r-- | community/openjdk8/icedtea-jdk-getmntent-buffer.patch | 88 | ||||
-rw-r--r-- | community/openjdk8/icedtea-jdk-includes.patch | 23 | ||||
-rw-r--r-- | community/openjdk8/icedtea-jdk-musl.patch | 28 |
4 files changed, 33 insertions, 145 deletions
diff --git a/community/openjdk8/APKBUILD b/community/openjdk8/APKBUILD index 556746b1442..2cf1d3e0f8f 100644 --- a/community/openjdk8/APKBUILD +++ b/community/openjdk8/APKBUILD @@ -2,10 +2,10 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openjdk8 -_icedteaver=3.15.0 +_icedteaver=3.16.0 # pkgver is <JDK version>.<JDK update>.<JDK build> # Check https://icedtea.classpath.org/wiki/Main_Page when updating! -pkgver=8.242.08 +pkgver=8.252.09 pkgrel=0 pkgdesc="OpenJDK 8 provided by IcedTea" url="https://icedtea.classpath.org/" @@ -63,12 +63,22 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x icedtea-jdk-fix-libjvm-load.patch icedtea-jdk-musl.patch icedtea-jdk-includes.patch - icedtea-jdk-getmntent-buffer.patch icedtea-autoconf-config.patch " builddir="$srcdir/icedtea-$_icedteaver" # secfixes: +# 8.252.09-r0: +# - CVE-2020-2754 +# - CVE-2020-2755 +# - CVE-2020-2756 +# - CVE-2020-2757 +# - CVE-2020-2773 +# - CVE-2020-2781 +# - CVE-2020-2800 +# - CVE-2020-2803 +# - CVE-2020-2805 +# - CVE-2020-2830 # 8.242.08-r0: # - CVE-2020-2583 # - CVE-2020-2590 @@ -325,15 +335,15 @@ demos() { "$subpkgdir"/$_java_home/ } -sha512sums="7c5917acc03b19a41b5001beb71a72b3f63e65b3c97c5f9173067fbd795088f9578f628b386bfa0e934caa8f4faab4cfcae80329ee7180c0cbe49563309c84ca icedtea-3.15.0.tar.xz -d7dca834fc65b67b1888c4cfbd50e263e58604b70560b4dd4e8e7ca518fcd54a70eaf9e5cff89fa1954beaa3071f5b55ef36fffb36589f5008e4be39e5a1aa38 openjdk-3.15.0.tar.xz -b27aaef4839be9a6993d8511e492cf33884738e2fe19cd7d00f244a0f94cd0f3a3ff84c63811cd66ea18cdf7327bb270b7ab21c5b66c220a3bb0a31226bb21b5 corba-3.15.0.tar.xz -25e166d208d99360c9ec5deba5075a5268f2fbc3f31ad9dee0dbd33ee37bc78829d12c9ea11faa5d59ec53385f7dc5f0be29512199db2856068cf81b9ec1ca79 jaxp-3.15.0.tar.xz -cb7a9f80bd33a33f4eb03b091e6c6d3fb6a450695d0231c378d04878fc03e1574f82045c628993e6136188fd2e4144e31c82320b178b21a0aae867e989bfdeeb jaxws-3.15.0.tar.xz -306e2c188987de8d1aa233db1c42522249198b4f3eb71919da911289ab2308b4ab9406c6215c5c157868618341cafbc086bb0e5c423bb6650edfedcc05b17475 jdk-3.15.0.tar.xz -3fcb7d264ff23de8b049b264213b05ee9e9120089eaea989e881c0cddc73a2ef9d01f89f66e7ff23c88d9bc4864824c77894d0291caaf9a2a134d5fae650cc32 langtools-3.15.0.tar.xz -181e9f8d0c083b26a24e6bafe0187e39313a6685f3288d62794c5ec07cb8901b53eba25badc74b367de08b53cd2176df45e184f7a6ccbfab57370e7d3cf388f9 hotspot-3.15.0.tar.xz -6d27137dd80d6363e64ef2c6b3abc60603480e9e7f5b99e06ee546a2cc707b801087ce8cc8d021776f5d2b15b73728f08b2e649c65265ba264655d816921ffe7 nashorn-3.15.0.tar.xz +sha512sums="67964f283b5a220ded7c86141ac359fc51f41077686d3e68568a9f303d2e5e6d62472bef2d6f5f9d53897a55589c84d3212983194607b9a6704192752f8ad2ac icedtea-3.16.0.tar.xz +76b32457958c2cdbb0006629bb41652286a1a9bfbda862665eddf822d4653d4858f9f2565e849b0e49f031b7667be73be8fe8c71abc65e1795eb570a96d1fd1e openjdk-3.16.0.tar.xz +bf90c95f401d4628e32b9a7ea78b7d43944f82882818a81d2ff368f09e49148091bf823d78ed56c343c175fe6d25492d9b78e25b725f218592ea94c4ae285e56 corba-3.16.0.tar.xz +86e8c18741c1f4baca27d784b068765e404a5c2ee6ecb172c826fc1d6192b5776133f103b749839c39154fcaec87a0df95e8fd5bcb56b1e9b811711b296a4836 jaxp-3.16.0.tar.xz +824ef15aa70ec629406fd9b98a69e5699fe8f6a8ab06be00ac546bcda1daf485b20de6ea0310064e000efbaf35b1cebee25bf69033634fdce8434efb3bb16f1d jaxws-3.16.0.tar.xz +9202f88b360637ad474920d8a6f85740e6a425679617ef713efd67778b4c7ca0b3eba7e4fc9d33de0bbd5dacda4862c8a9b63a13880204388b01af29d5fb6a55 jdk-3.16.0.tar.xz +1858bb3b7dd37edd817a52c67a878b48bc9b790623e77d9a6107f54b141638cb101ae3b8df560e3352c9ca2925aa5d493b4924e36a238be5a9628c714cc23642 langtools-3.16.0.tar.xz +19490ccc377fde5dc3d4396425e945f32e121ad0cc4be394b07f8698a7e3805b16fc41e427bab5fa290cb84efc7edb62acf8ca98072176343f5584d692592d2d hotspot-3.16.0.tar.xz +4bf87e7441ac747f133612e1fba5c06946c6731bae76132ffc614b41fcb689fda9d9ceb1e1fee3765765c6109894c85cf0f6e6fa9eb301f9a2d640ea6cd1c16c nashorn-3.16.0.tar.xz 1f470432275d5beaa8b4e4352a2f24a4a00593546dc4f3bd857794c89e521e8e6d6abc540762bbd769be3e1e3da058e134dc5dc066d12b9b8a1f0656040a795c fix-paxmark.patch 28709285390a997adbd56ebda42ef718fbc08daf572b8568f484436d255514f9d25f033e3333dff8aa352fc9846057ac5bb42fa955d3e5e44eddc96dc273c07c icedtea-hotspot-musl.patch e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch @@ -341,7 +351,6 @@ e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d95 f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f icedtea-jdk-execinfo.patch 48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch b135991c76b0db8fa7c363e0903624668e11eda7b54a943035c214aa4d7fc8c3e8110ed200edcec82792f3c9393150a9bd628625ddf7f3e55720ff163fbbb471 icedtea-jdk-fix-libjvm-load.patch -1fbc32ddc528c7c0099dbc1e48f88d29dccf55e7b8997793aa1d3d8408003a1223d898cca4248e1a12d343d3feec5144f875e6cdac8460d763c73ab3ad7e49f9 icedtea-jdk-musl.patch -e8d9f1b867bf4fc84aa00d1237b264bcf503b1ed5f34735e14b0b747a728953fe0051a5af69ed058d377fbf65d8be1ed9e38fe5fc6edb2d50b31f34bf3ba91dc icedtea-jdk-includes.patch -7e6fa46b10c630517bfa46943858aea1d032c12d32ba3fcb7a2143ae1e896c34fa4cb8f925af80cb19f8e29149b835aa054adfd30ebb00539f6c78588d6f5211 icedtea-jdk-getmntent-buffer.patch +3b01de971f64f082d3e289cf337e635ef001381e8ca427a77baa9c52c7ba423889f57665779ca5b3c8bcefb8feacbea31dfaac580c969a4f061439069ee34aae icedtea-jdk-musl.patch +974fb54532b7e7d738f4278187fc6bd9f9b2d99866b94f68a617ee4911c89a3b8cc41ecfdcaefecf9157492d006b1844b6b0b41ac4209d84f9e8d13c9e485dd3 icedtea-jdk-includes.patch 662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167 icedtea-autoconf-config.patch" diff --git a/community/openjdk8/icedtea-jdk-getmntent-buffer.patch b/community/openjdk8/icedtea-jdk-getmntent-buffer.patch deleted file mode 100644 index 075a9d42385..00000000000 --- a/community/openjdk8/icedtea-jdk-getmntent-buffer.patch +++ /dev/null @@ -1,88 +0,0 @@ -Give a much bigger buffer to getmntent_r. - -https://bugs.alpinelinux.org/issues/7093 - -diff --git a/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c b/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -index c8500db..d0b85d6 100644 ---- openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -+++ openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -@@ -33,6 +33,7 @@ - #include <dlfcn.h> - #include <errno.h> - #include <mntent.h> -+#include <limits.h> - - #include "sun_nio_fs_LinuxNativeDispatcher.h" - -@@ -173,8 +174,8 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - jlong value, jobject entry) - { - struct mntent ent; -- char buf[1024]; -- int buflen = sizeof(buf); -+ char *buf = NULL; -+ const size_t buflen = PATH_MAX * 4; - struct mntent* m; - FILE* fp = jlong_to_ptr(value); - jsize len; -@@ -183,10 +184,17 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - char* dir; - char* fstype; - char* options; -+ jint res = -1; - -- m = getmntent_r(fp, &ent, (char*)&buf, buflen); -- if (m == NULL) -+ buf = malloc(buflen); -+ if (buf == NULL) { -+ JNU_ThrowOutOfMemoryError(env, "native heap"); - return -1; -+ } -+ m = getmntent_r(fp, &ent, buf, buflen); -+ if (m == NULL) -+ goto out; -+ - name = m->mnt_fsname; - dir = m->mnt_dir; - fstype = m->mnt_type; -@@ -195,32 +203,35 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - len = strlen(name); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)name); - (*env)->SetObjectField(env, entry, entry_name, bytes); - - len = strlen(dir); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)dir); - (*env)->SetObjectField(env, entry, entry_dir, bytes); - - len = strlen(fstype); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)fstype); - (*env)->SetObjectField(env, entry, entry_fstype, bytes); - - len = strlen(options); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)options); - (*env)->SetObjectField(env, entry, entry_options, bytes); - -- return 0; -+ res = 0; -+out: -+ free(buf); -+ return res; - } - - JNIEXPORT void JNICALL diff --git a/community/openjdk8/icedtea-jdk-includes.patch b/community/openjdk8/icedtea-jdk-includes.patch index 6443a1973d5..5acbb9efb86 100644 --- a/community/openjdk8/icedtea-jdk-includes.patch +++ b/community/openjdk8/icedtea-jdk-includes.patch @@ -53,17 +53,6 @@ /* O Flags */ ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c -+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c -@@ -28,7 +28,7 @@ - #include <sys/types.h> - #include <sys/socket.h> - #if defined(__linux__) && !defined(USE_SELECT) --#include <sys/poll.h> -+#include <poll.h> - #endif - #include <netinet/tcp.h> /* Defines TCP_NODELAY, needed for 2.6 */ - #include <netinet/in.h> --- openjdk.orig/jdk/src/solaris/native/java/net/bsd_close.c +++ openjdk/jdk/src/solaris/native/java/net/bsd_close.c @@ -36,7 +36,7 @@ @@ -88,14 +77,14 @@ * Stack allocated by thread when doing blocking operation --- openjdk.orig/jdk/src/solaris/native/java/net/net_util_md.h +++ openjdk/jdk/src/solaris/native/java/net/net_util_md.h -@@ -33,7 +33,7 @@ - #include <unistd.h> - - #ifndef USE_SELECT +@@ -27,7 +27,7 @@ + #define NET_UTILS_MD_H + + #include <netdb.h> -#include <sys/poll.h> +#include <poll.h> - #endif - + #include <sys/socket.h> + int NET_Timeout(int s, long timeout); --- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c +++ openjdk/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c diff --git a/community/openjdk8/icedtea-jdk-musl.patch b/community/openjdk8/icedtea-jdk-musl.patch index 97946ba424f..09f5c082e58 100644 --- a/community/openjdk8/icedtea-jdk-musl.patch +++ b/community/openjdk8/icedtea-jdk-musl.patch @@ -47,28 +47,6 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/Inet4AddressImpl.c openjdk #define HAS_GLIBC_GETHOSTBY_R 1 #endif -diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c 2017-02-06 11:23:47.047832009 +0000 -@@ -41,7 +41,6 @@ - #endif - #ifdef __linux__ - #include <unistd.h> --#include <sys/sysctl.h> - #include <sys/utsname.h> - #include <netinet/ip.h> - -diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c 2017-02-06 11:23:47.047832009 +0000 -@@ -43,7 +43,6 @@ - #endif - #ifdef __linux__ - #include <unistd.h> --#include <sys/sysctl.h> - #endif - - #include "jvm.h" diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/src/solaris/native/java/net/linux_close.c --- openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c 2017-01-25 04:22:03.000000000 +0000 +++ openjdk/jdk/src/solaris/native/java/net/linux_close.c 2017-02-06 11:23:47.047832009 +0000 @@ -80,7 +58,7 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/ +static int sigWakeup; /* - * The fd table and the number of file descriptors + * fdTable holds one entry per file descriptor, up to a certain @@ -95,6 +95,9 @@ /* * Setup the signal handler @@ -92,8 +70,8 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/ sa.sa_flags = 0; sigemptyset(&sa.sa_mask); diff -ru openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c ---- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-02-06 11:23:47.051165409 +0000 +--- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-01-25 04:22:03.000000000 +0000 ++++ openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-02-06 11:23:47.051165409 +0000 @@ -36,7 +36,7 @@ #include <pthread.h> #include <sys/signal.h> |