aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2021-09-13 14:27:16 +0300
committerTimo Teräs <timo.teras@iki.fi>2021-09-14 14:10:18 +0000
commitfe9baa46b0230af5da829308a38e4c1e4605047b (patch)
treee78780b942a579461dbbafb940af72fb645b4c0b
parentd90843bb0e1031e3b9472e7dab28da55f9268a8e (diff)
downloadaports-fe9baa46b0230af5da829308a38e4c1e4605047b.tar.gz
aports-fe9baa46b0230af5da829308a38e4c1e4605047b.tar.bz2
aports-fe9baa46b0230af5da829308a38e4c1e4605047b.tar.xz
community/openjdk8: security upgrade to 3.20.0
Security fixes - JDK-8256157: Improve bytecode assembly - JDK-8256491: Better HTTP transport - JDK-8258432, CVE-2021-2341: Improve file transfers - JDK-8260453: Improve Font Bounding - JDK-8260960: Signs of jarsigner signing - JDK-8260967, CVE-2021-2369: Better jar file validation - JDK-8262380: Enhance XML processing passes - JDK-8262403: Enhanced data transfer - JDK-8262410: Enhanced rules for zones - JDK-8262477: Enhance String Conclusions - JDK-8262967: Improve Zip file support - JDK-8264066, CVE-2021-2388: Enhance compiler validation - JDK-8264079: Improve abstractions - JDK-8264460: Improve NTLM support
-rw-r--r--community/openjdk8/APKBUILD30
-rw-r--r--community/openjdk8/icedtea-hotspot-musl-ppc.patch57
2 files changed, 44 insertions, 43 deletions
diff --git a/community/openjdk8/APKBUILD b/community/openjdk8/APKBUILD
index eee0da514b..daa366f13a 100644
--- a/community/openjdk8/APKBUILD
+++ b/community/openjdk8/APKBUILD
@@ -2,11 +2,11 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openjdk8
-_icedteaver=3.19.0
+_icedteaver=3.20.0
# pkgver is <JDK version>.<JDK update>.<JDK build>
# Check https://icedtea.classpath.org/wiki/Main_Page when updating!
-pkgver=8.292.10
-pkgrel=1
+pkgver=8.302.08
+pkgrel=0
pkgdesc="OpenJDK 8 provided by IcedTea"
provider_priority=8
url="https://icedtea.classpath.org/"
@@ -112,6 +112,10 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x
builddir="$srcdir/icedtea-$_icedteaver"
# secfixes:
+# 8.302.08-r0:
+# - CVE-2021-2341
+# - CVE-2021-2369
+# - CVE-2021-2388
# 8.272.10-r0:
# - CVE-2020-14556
# - CVE-2020-14577
@@ -388,17 +392,17 @@ demos() {
}
sha512sums="
-27d7c4c8e025a2c9320c0a47f3c521f51b49bf55d021c7a08aea9b7cb3d522cfc3e10d438b837669eeb5d427e950e7643c5ce4f817567d5e9fe39b56cdce8835 icedtea-3.19.0.tar.xz
-90dea98d26279a5d0a5869a8d53234bc27a4fdcb0682ebc3baba1670ccca2035e41d24d0d67a7ee5d9304058516136c11177eb8190edb35f03ce8b8f63e56357 openjdk-3.19.0.tar.xz
-9127268d519dd95fc5eeb6904b54dab3bb5472610e26c2b691a7306d25169dc82ce6de26ec3fe396a7f19726f73c5597fbf79d33027d905a3a1533316c4a3f1a corba-3.19.0.tar.xz
-78cfb56662e6b76632b746ff3b53496a7fa82daf2fe24d0988eda0552758f6c71d434ececd50fc7baf2e4e8a03b4febe8d489b2b6e1ac791c07170d72f7a881e jaxp-3.19.0.tar.xz
-fca97468d4e73f7b5d345edf35422ea5a417cba2d1441656d2ab2ffdeb814a2641c2bc732b8e76a9a62566f95e1ef2a2d6281a3a6f8bffa900549f6ed6e86444 jaxws-3.19.0.tar.xz
-aa8fdb3d2f43a54bc39f9f243392fcf161d3ad0f568681f0baccc8c99ab667d621b905fd4f32b0787107ab70f402978e0cf06b364a625c05a8358e86c0080a14 jdk-3.19.0.tar.xz
-b96e24fe6e03e3522f3ccab956539fc518f9d4fd24d0c476c42c76fac1adee7cc367f9ca451f6dc97877f5bc28bc5d8810fedddf69548781c6429cae348ab736 langtools-3.19.0.tar.xz
-5995a905f9e886d9b2138f112ad9e03ce580f646f58601e354ebc5e0f2fc3f37b61847e64f258e9c31ab479e0e617604fb21d990c33b906d4cd1853fe9f1a0fa hotspot-3.19.0.tar.xz
-d831c844c5cf5fb778cf34f25dca855ba7c7dea9d72c6b59b402a7e19e3d3a2b7aa5b57d218f549aa82c1a1a733f450c3ed78820b2930e1c7d17eb08dd9dec7a nashorn-3.19.0.tar.xz
+120164e93f6f56012ffda8cd30aa0e1f57c06388de99daff50eff15742f5d8c433f369914aaf59a5ffd220ff5f1a1e08619ab589125035be220e034b9aeaa43b icedtea-3.20.0.tar.xz
+b84701d4eb18aba0a6e1d00ce948c80f72df49c560c6800788dbcd9465b7a2a244dc95085fd6967cec6ef76356340e8cc841fcaaeb83c1a35c9d9845095e3ba9 openjdk-3.20.0.tar.xz
+ba893cf3b5c11887f588da1b610d23407669264229e9a4d44e26d8c0b821cc49a0152c0dcfe65ac08b0a5061ac392c6cc03de8e4499c29136aa470b9a20fde9c corba-3.20.0.tar.xz
+ec2da2d6ccd43b16dbb75599597b4a82fca28c5fb9b5c730e0fa3b0589de20d8a112b80f364eb226244ea5b342dd51667f73f524f94f269c28e8162d6ab005d2 jaxp-3.20.0.tar.xz
+c2abc12a36e8122802d3841dd69221366d97abdd86b57a108332954daa940db26acd233e29b440d1580a7cdc3b05379f716fd6e062bc074cb679e967d32f68e5 jaxws-3.20.0.tar.xz
+d171372c4f52d2a980532e11684e5b272e589085a0d2bc0ac9b011247583e053f29c00c2a7a5e1a1ebbee48c4ebb1f6df80ecac5be0c2ca48c52104a2b42a903 jdk-3.20.0.tar.xz
+3861c84f258f11f8e2759e064bf52a9a65b25c9278dd559ac9a6a3a3eacfeb2202c5338647852b39e6f7d8358b8d9a288f522539d2113e04ef155c5c7cd75a02 langtools-3.20.0.tar.xz
+7d3b73891f0c358707941484ec6f056cb98b886654bf6a0ae6e314b7960329742a1f9dd48ed75f381325965e00a109226f3c6b8d7383f858433206fc7ea769b8 hotspot-3.20.0.tar.xz
+b4b129bc5976ae96d4ea52108f477ee8219f5211f55e4edc046c915c2630f51b829d70ce78427484ebfa9a600a8053eb116012b4686185731b1321d06b7e9d04 nashorn-3.20.0.tar.xz
28709285390a997adbd56ebda42ef718fbc08daf572b8568f484436d255514f9d25f033e3333dff8aa352fc9846057ac5bb42fa955d3e5e44eddc96dc273c07c icedtea-hotspot-musl.patch
-54ef36ea5a749b733cadaf4fb47a2766db204fe7c9d4dbc1c2d49dd1cec14a552d18da5c49da9ebe8718329c59bdee2c34f94f7882a23837cee2f18af6ffe95f icedtea-hotspot-musl-ppc.patch
+86e77c1e5e8a48f121e608dce5eafad7a714e4029b55dbd554c2c94633b49a4239f71a40a41273b54d62fcdcfdee21340c8b85f96001cf15b719b02a520e8d9a icedtea-hotspot-musl-ppc.patch
19459dbb922f5a71cd15b53199481498626a783c24f91d2544d55b7dddd2cdb34a64bbf0226b99548612dd1743af01b3f9ff32c30abbbc90ce727ca2dbbbd1f9 icedtea-hotspot-noagent-musl.patch
4bf002ec25844f4e55b588d0516e658c548700d3bcae79be74bf75d9cf30cf9cd448767db36935924dd3b07f34d0cf087321cb35abb4943690353d11485ab0de icedtea-hotspot-insantiate-arrayallocator.patch
f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f icedtea-jdk-execinfo.patch
diff --git a/community/openjdk8/icedtea-hotspot-musl-ppc.patch b/community/openjdk8/icedtea-hotspot-musl-ppc.patch
index dfb3150f6b..6d8c9586dd 100644
--- a/community/openjdk8/icedtea-hotspot-musl-ppc.patch
+++ b/community/openjdk8/icedtea-hotspot-musl-ppc.patch
@@ -7,9 +7,9 @@ running on musl libc. This patch fix this by replacing
"uc_mcontext.regs->grp" with "uc_mcontext.gp_regs"
and accessing the named fields (like "->nip") by the array index constants.
---- openjdk.orig/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp
+--- openjdk/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp
+++ openjdk/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp
-@@ -1243,7 +1243,11 @@
+@@ -1243,7 +1243,11 @@ bool MacroAssembler::is_load_from_polling_page(int instruction, void* ucontext,
// the safepoing polling page.
ucontext_t* uc = (ucontext_t*) ucontext;
// Set polling address.
@@ -21,7 +21,7 @@ and accessing the named fields (like "->nip") by the array index constants.
if (polling_address_ptr != NULL) {
*polling_address_ptr = addr;
}
-@@ -1264,15 +1268,24 @@
+@@ -1264,15 +1268,24 @@ bool MacroAssembler::is_memory_serialization(int instruction, JavaThread* thread
int rb = inv_rb_field(instruction);
// look up content of ra and rb in ucontext
@@ -46,7 +46,7 @@ and accessing the named fields (like "->nip") by the array index constants.
return os::is_memory_serialize_page(thread, ra_val+d1);
} else {
return false;
-@@ -1335,11 +1348,20 @@
+@@ -1335,11 +1348,20 @@ address MacroAssembler::get_stack_bang_address(int instruction, void *ucontext)
|| (is_stdu(instruction) && rs == 1)) {
int ds = inv_ds_field(instruction);
// return banged address
@@ -67,21 +67,20 @@ and accessing the named fields (like "->nip") by the array index constants.
return ra != 1 || rb_val >= 0 ? NULL // not a stack bang
: sp + rb_val; // banged address
}
---- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
+--- openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
+++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
-@@ -75,7 +75,11 @@
+@@ -75,6 +75,10 @@
# include <poll.h>
# include <ucontext.h>
+#if ! (defined(__GLIBC__) || defined(__UCLIBC__))
+# include <asm/ptrace.h>
+#endif
-
+
+
address os::current_stack_pointer() {
intptr_t* csp;
-
-@@ -110,11 +114,19 @@
+@@ -110,11 +114,19 @@ address os::Linux::ucontext_get_pc(ucontext_t * uc) {
// it because the volatile registers are not needed to make setcontext() work.
// Hopefully it was zero'd out beforehand.
guarantee(uc->uc_mcontext.regs != NULL, "only use ucontext_get_pc in sigaction context");
@@ -101,7 +100,7 @@ and accessing the named fields (like "->nip") by the array index constants.
}
intptr_t* os::Linux::ucontext_get_fp(ucontext_t * uc) {
-@@ -213,7 +225,11 @@
+@@ -213,7 +225,11 @@ JVM_handle_linux_signal(int sig,
if (uc) {
address const pc = os::Linux::ucontext_get_pc(uc);
if (pc && StubRoutines::is_safefetch_fault(pc)) {
@@ -113,7 +112,7 @@ and accessing the named fields (like "->nip") by the array index constants.
return true;
}
}
-@@ -364,7 +380,11 @@
+@@ -364,7 +380,11 @@ JVM_handle_linux_signal(int sig,
// continue at the next instruction after the faulting read. Returning
// garbage from this read is ok.
thread->set_pending_unsafe_access_error();
@@ -125,7 +124,7 @@ and accessing the named fields (like "->nip") by the array index constants.
return true;
}
}
-@@ -383,7 +403,11 @@
+@@ -383,7 +403,11 @@ JVM_handle_linux_signal(int sig,
// continue at the next instruction after the faulting read. Returning
// garbage from this read is ok.
thread->set_pending_unsafe_access_error();
@@ -137,7 +136,7 @@ and accessing the named fields (like "->nip") by the array index constants.
return true;
}
}
-@@ -406,7 +430,11 @@
+@@ -406,7 +430,11 @@ JVM_handle_linux_signal(int sig,
if (stub != NULL) {
// Save all thread context in case we need to restore it.
if (thread != NULL) thread->set_saved_exception_pc(pc);
@@ -149,7 +148,7 @@ and accessing the named fields (like "->nip") by the array index constants.
return true;
}
-@@ -564,6 +592,7 @@
+@@ -564,6 +592,7 @@ void os::print_context(outputStream *st, void *context) {
ucontext_t* uc = (ucontext_t*)context;
st->print_cr("Registers:");
@@ -157,7 +156,7 @@ and accessing the named fields (like "->nip") by the array index constants.
st->print("pc =" INTPTR_FORMAT " ", uc->uc_mcontext.regs->nip);
st->print("lr =" INTPTR_FORMAT " ", uc->uc_mcontext.regs->link);
st->print("ctr=" INTPTR_FORMAT " ", uc->uc_mcontext.regs->ctr);
-@@ -572,8 +601,18 @@
+@@ -572,6 +601,16 @@ void os::print_context(outputStream *st, void *context) {
st->print("r%-2d=" INTPTR_FORMAT " ", i, uc->uc_mcontext.regs->gpr[i]);
if (i % 3 == 2) st->cr();
}
@@ -165,18 +164,16 @@ and accessing the named fields (like "->nip") by the array index constants.
+ st->print("pc =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_NIP]);
+ st->print("lr =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_LNK]);
+ st->print("ctr=" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_CTR]);
- st->cr();
++ st->cr();
+ for (int i = 0; i < 32; i++) {
+ st->print("r%-2d=" INTPTR_FORMAT " ", i, uc->uc_mcontext.gp_regs[i]);
+ if (i % 3 == 2) st->cr();
+ }
+#endif
st->cr();
-+ st->cr();
+ st->cr();
- intptr_t *sp = (intptr_t *)os::Linux::ucontext_get_sp(uc);
- st->print_cr("Top of Stack: (sp=" PTR_FORMAT ")", p2i(sp));
-@@ -600,7 +639,11 @@
+@@ -600,7 +639,11 @@ void os::print_register_info(outputStream *st, void *context) {
// this is only for the "general purpose" registers
for (int i = 0; i < 32; i++) {
st->print("r%-2d=", i);
@@ -188,7 +185,7 @@ and accessing the named fields (like "->nip") by the array index constants.
}
st->cr();
}
---- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/thread_linux_ppc.cpp
+--- openjdk/hotspot/src/os_cpu/linux_ppc/vm/thread_linux_ppc.cpp
+++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/thread_linux_ppc.cpp
@@ -27,6 +27,10 @@
#include "runtime/frame.inline.hpp"
@@ -201,7 +198,7 @@ and accessing the named fields (like "->nip") by the array index constants.
bool JavaThread::pd_get_top_frame_for_profiling(frame* fr_addr, void* ucontext, bool isInJava) {
assert(this->is_Java_thread(), "must be JavaThread");
-@@ -42,8 +46,13 @@
+@@ -42,8 +46,13 @@ bool JavaThread::pd_get_top_frame_for_profiling(frame* fr_addr, void* ucontext,
// if we were running Java code when SIGPROF came in.
if (isInJava) {
ucontext_t* uc = (ucontext_t*) ucontext;
@@ -215,15 +212,15 @@ and accessing the named fields (like "->nip") by the array index constants.
if (ret_frame.pc() == NULL) {
// ucontext wasn't useful
-@@ -55,7 +64,11 @@
- if (!((Method*)(istate->method))->is_metaspace_object()) {
- return false;
- }
+@@ -56,7 +65,11 @@ bool JavaThread::pd_get_top_frame_for_profiling(frame* fr_addr, void* ucontext,
+ if (m == NULL || !m->is_valid_method()) return false;
+ if (!Metaspace::contains((const void*)m)) return false;
+
+#if defined(__GLIBC__) || defined(__UCLIBC__)
- uint64_t reg_bcp = uc->uc_mcontext.regs->gpr[14/*R14_bcp*/];
+ uint64_t reg_bcp = uc->uc_mcontext.regs->gpr[14/*R14_bcp*/];
+#else // Musl
+ uint64_t reg_bcp = uc->uc_mcontext.gp_regs[14/*R14_bcp*/];
+#endif
- uint64_t istate_bcp = istate->bcp;
- uint64_t code_start = (uint64_t)(((Method*)(istate->method))->code_base());
- uint64_t code_end = (uint64_t)(((Method*)istate->method)->code_base() + ((Method*)istate->method)->code_size());
+ uint64_t istate_bcp = istate->bcp;
+ uint64_t code_start = (uint64_t)(m->code_base());
+ uint64_t code_end = (uint64_t)(m->code_base() + m->code_size());