Subject: Re: lang/sun-j* security updates
To: None <tech-pkg@netbsd.org>
From: Geert Hendrickx <ghen@telenet.be>
List: tech-pkg
Date: 11/30/2005 11:41:09
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Wed, Nov 30, 2005 at 11:07:00AM +0100, Geert Hendrickx wrote:
> Is anyone upgrading the lang/sun-j*14 packages already? (security update
> 1.4.2.10 released today). Otherwise /me volunteers.
Here are the diffs. The update is minimal, so the diffs are quite trivial.
The most important is this one:
--- pkg-vulnerabilities.orig 2005-11-30 11:35:31.000000000 +0100
+++ pkg-vulnerabilities 2005-11-30 11:35:27.000000000 +0100
@@ -1145,7 +1145,7 @@
gsharutils<4.2.1nb6 1119,privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0990
mysql-server<3.23.59 1120,privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957
sun-{jre,jdk}15-* 1121,local-file-write http://secunia.com/advisories/14902/
-sun-{jre,jdk}14-* 1122,local-file-write http://secunia.com/advisories/14902/
+sun-{jre,jdk}14<2.10 1122,local-file-write http://secunia.com/advisories/14902/
kdelibs-3.4.0{,nb1,nb2} 1123,buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
kdelibs<3.3.2nb10 1124,buffer-overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
gnome-vfs2-cdda-2.10.0 1125,remote-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706
Geert
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="sun-jre14.diff"
Index: Makefile
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/lang/sun-jre14/Makefile,v
retrieving revision 1.31
diff -u -r1.31 Makefile
--- Makefile 11 Oct 2005 15:49:48 -0000 1.31
+++ Makefile 30 Nov 2005 10:37:29 -0000
@@ -2,8 +2,8 @@
# Note: Regen distinfo with PKG_DEFAULT_OPTIONS+=sun-jre-jce
-DISTNAME= j2re-1_4_2_09-linux-i586
-PKGNAME= sun-jre14-2.9
+DISTNAME= j2re-1_4_2_10-linux-i586
+PKGNAME= sun-jre14-2.10
PKGREVISION= # none
MASTER_SITES= # empty
@@ -11,7 +11,7 @@
SHORT= JRE
-WRKSRC= ${WRKDIR}/j2re1.4.2_09
+WRKSRC= ${WRKDIR}/j2re1.4.2_10
USE_PKGINSTALL= yes
JAVA_WRAPPERS= java keytool orbd policytool rmid rmiregistry \
servertool tnameserv
Index: PLIST
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/lang/sun-jre14/PLIST,v
retrieving revision 1.16
diff -u -r1.16 PLIST
--- PLIST 14 Oct 2004 14:32:32 -0000 1.16
+++ PLIST 30 Nov 2005 10:37:29 -0000
@@ -96,6 +96,7 @@
java/sun-1.4/lib/font.properties.ja.Redhat6.2.default
java/sun-1.4/lib/font.properties.Redhat8.0
java/sun-1.4/lib/font.properties.SuSE8.0
+java/sun-1.4/lib/font.properties.ja.Redhat4
java/sun-1.4/lib/font.properties.ja.Redhat7.2
java/sun-1.4/lib/font.properties.ja.Redhat7.3
java/sun-1.4/lib/font.properties.ja.Redhat8.0
@@ -103,6 +104,7 @@
java/sun-1.4/lib/font.properties.ko.Redhat2.1
java/sun-1.4/lib/font.properties.zh_CN.Redhat
java/sun-1.4/lib/font.properties.zh_CN.Redhat2.1
+java/sun-1.4/lib/font.properties.zh_CN.Redhat4
java/sun-1.4/lib/font.properties.zh_TW.Redhat
java/sun-1.4/lib/font.properties.zh_TW.Redhat2.1
java/sun-1.4/lib/font.properties.ja.Turbo.default
Index: distinfo
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/lang/sun-jre14/distinfo,v
retrieving revision 1.19
diff -u -r1.19 distinfo
--- distinfo 17 Sep 2005 16:44:54 -0000 1.19
+++ distinfo 30 Nov 2005 10:37:29 -0000
@@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.19 2005/09/17 16:44:54 dillo Exp $
-SHA1 (j2re-1_4_2_09-linux-i586.bin) = dfd56fc4715da10a2b5ad0e4e2938c05914049cb
-RMD160 (j2re-1_4_2_09-linux-i586.bin) = abdc9fcc593e4b00151f3bbbcde9e88842f78c8f
-Size (j2re-1_4_2_09-linux-i586.bin) = 14411078 bytes
+SHA1 (j2re-1_4_2_10-linux-i586.bin) = abfa629993ede920a5db87a583b98cf64c229daf
+RMD160 (j2re-1_4_2_10-linux-i586.bin) = fab835b3469e4a38adfd24312ebc0a6995639921
+Size (j2re-1_4_2_10-linux-i586.bin) = 14417572 bytes
SHA1 (jce_policy-1_4_2.zip) = ea17b649ebcaaf4246e9dd28dbc77926176c64ee
RMD160 (jce_policy-1_4_2.zip) = 323340fa8a96f315a35b0ebc918731e6fe56c370
Size (jce_policy-1_4_2.zip) = 12195 bytes
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="sun-jdk14.diff"
Index: Makefile
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/lang/sun-jdk14/Makefile,v
retrieving revision 1.27
diff -u -r1.27 Makefile
--- Makefile 17 Sep 2005 16:44:54 -0000 1.27
+++ Makefile 30 Nov 2005 10:37:27 -0000
@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.27 2005/09/17 16:44:54 dillo Exp $
-DISTNAME= j2sdk-1_4_2_09-linux-i586
-PKGNAME= sun-jdk14-2.9
+DISTNAME= j2sdk-1_4_2_10-linux-i586
+PKGNAME= sun-jdk14-2.10
PKGREVISION= # none
MASTER_SITES= # empty
@@ -11,7 +11,7 @@
DEPENDS= sun-jre14>=2.9:../../lang/sun-jre14
-WRKSRC= ${WRKDIR}/j2sdk1.4.2_09
+WRKSRC= ${WRKDIR}/j2sdk1.4.2_10
JAVA_WRAPPERS= appletviewer extcheck idlj jar jarsigner \
javac javadoc javah javap jdb rmic serialver
Index: PLIST
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/lang/sun-jdk14/PLIST,v
retrieving revision 1.9
diff -u -r1.9 PLIST
--- PLIST 17 Sep 2005 16:44:54 -0000 1.9
+++ PLIST 30 Nov 2005 10:37:27 -0000
@@ -916,6 +916,8 @@
java/sun-1.4/man/man1/rmic.1
java/sun-1.4/man/man1/serialver.1
java/sun-1.4/src.zip
+@dirrm java/sun-1.4/include/linux
+@dirrm java/sun-1.4/include
@dirrm java/sun-1.4/demo/plugin/jfc/TableExample/src
@dirrm java/sun-1.4/demo/plugin/jfc/TableExample
@dirrm java/sun-1.4/demo/plugin/jfc/SwingSet2/src
Index: distinfo
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/lang/sun-jdk14/distinfo,v
retrieving revision 1.15
diff -u -r1.15 distinfo
--- distinfo 17 Sep 2005 16:44:54 -0000 1.15
+++ distinfo 30 Nov 2005 10:37:27 -0000
@@ -1,5 +1,5 @@
$NetBSD: distinfo,v 1.15 2005/09/17 16:44:54 dillo Exp $
-SHA1 (j2sdk-1_4_2_09-linux-i586.bin) = f43f5c23f8e9ac0a53b499d39671a2de1f1fd8c6
-RMD160 (j2sdk-1_4_2_09-linux-i586.bin) = 1cbd84957230ab54e6ad2d98f85e857af3550639
-Size (j2sdk-1_4_2_09-linux-i586.bin) = 36429599 bytes
+SHA1 (j2sdk-1_4_2_10-linux-i586.bin) = bbbd7a44f8642adf56b77fe2755b1c7caad94c91
+RMD160 (j2sdk-1_4_2_10-linux-i586.bin) = c7e65c19747d549a06530af9baba2ef0b52cb152
+Size (j2sdk-1_4_2_10-linux-i586.bin) = 36446523 bytes
--9amGYk9869ThD9tj--