[PATCH 0/2] Icedtea security updates

[PATCH 0/2] Icedtea security updates

[Leo Famulari]

These patches update icedtea-6 and icedtea-7 to versions 1.13.10 [0] and
2.6.4 [1], respectively.

For icedtea-6, this fixes CVE-2015-{8126, 8472} and CVE-2016-{0402,
0448, 0466, 0483, 0494}.

For icedtea-7, this fixes Fixes CVE-2015-{7575, 8126, 8472} and
CVE-2016-{0402, 0448, 0466, 0483, 0494}.

The list of vulnerabilities addressed by each update is taken from [0]
and [1].

[0]
http://blog.fuseyism.com/index.php/2016/01/25/security-icedtea-1-13-10-for-openjdk-6-released/

[1]
http://blog.fuseyism.com/index.php/2016/01/21/security-icedtea-2-6-4-for-openjdk-7-released/

Leo Famulari (2):
  gnu: icedtea-6: Update to 1.13.10.
  gnu: icedtea-7: Update to 2.6.4.

 gnu/packages/java.scm | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

-- 
2.6.3

[PATCH 1/2] gnu: icedtea-6: Update to 1.13.10.

[Leo Famulari]

Fixes CVE-2015-{8126, 8472} and CVE-2016-{0402, 0448, 0466, 0483, 0494}.

* gnu/packages/java.scm (icedtea-6): Update to 1.13.10.
---
 gnu/packages/java.scm | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 3a5b1e1..f82971b 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -187,7 +188,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
 (define-public icedtea-6
   (package
     (name "icedtea")
-    (version "1.13.9")
+    (version "1.13.10")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -195,7 +196,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "0rf95gsyr849b0nxhc7i0k5pr2iz8a922kg288x7jbgws0pgpq31"))
+                "1mq08sfyfjlfw0c1czjs47303zv4h91s1jc0nhdlra4rbbx0g2d0"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "Makefile.in"
@@ -558,10 +559,10 @@ build process and its dependencies, whereas Make uses Makefile format.")
        ("openjdk6-src"
         ,(origin
            (method url-fetch)
-           (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b37-11_nov_2015.tar.gz")
+           (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b38-20_jan_2016.tar.gz")
            (sha256
             (base32
-             "0iqzvx1zmrfhxrp3z9h7bh95c2rmclrhiszmsqwkjb2gngbs29j5"))))
+             "1fapj9w4ahzf5nwvdgi1dsxjyh9dqbcvf9638r60h1by13wjqk5p"))))
        ("lcms" ,lcms)
        ("zlib" ,zlib)
        ("gtk" ,gtk+-2)
-- 
2.6.3

[PATCH 2/2] gnu: icedtea-7: Update to 2.6.4.

[Leo Famulari]

Fixes CVE-2015-{7575, 8126, 8472} and CVE-2016-{0402, 0448, 0466, 0483,
0494}.

* gnu/packages/java.scm (icedtea-7): Update to 2.6.4.
---
 gnu/packages/java.scm | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index f82971b..ee987fc 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -578,7 +578,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
     (license license:gpl2+)))
 
 (define-public icedtea-7
-  (let* ((version "2.6.3")
+  (let* ((version "2.6.4")
          (drop (lambda (name hash)
                  (origin
                    (method url-fetch)
@@ -595,7 +595,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
                       version ".tar.xz"))
                 (sha256
                  (base32
-                  "04n6ac7rca98q68ifja1nmf3icigqgs75k4x12p3n3yknh8alf6z"))
+                  "0r31h8nlsrbfdkgbjbb7phwgcwglc9siznzrr40lqnm9xrgkc2nj"))
                 (modules '((guix build utils)))
                 (snippet
                  '(substitute* "Makefile.in"
@@ -720,25 +720,25 @@ build process and its dependencies, whereas Make uses Makefile format.")
       (native-inputs
        `(("openjdk-src"
           ,(drop "openjdk"
-                 "0vflz0hhq4arykvvmsv3yas4yk9i0jm57287iqvs3a4832xjcpcy"))
+                 "1qjjf71nq80ac2d08hbaa8589d31vk313z3rkirnwq5df8cyf0mv"))
          ("corba-drop"
           ,(drop "corba"
-                 "1ijy8gkvnvzjnk7x7fypggfapdswd0ha7b8q90vs72lhf0yawlhh"))
+                 "025warxhjal3nr7w1xyd16k0f32fwkchifpaslzyidsga3hgmfr6"))
          ("jaxp-drop"
           ,(drop "jaxp"
-                 "0sw0a49xmzqrffvlg7mvvlicn2yz5r4swv3l19b0269p0yy7isd0"))
+                 "0qiz6swb78w9c0mf88pf0gflgm5rp9k0l6fv6sdl7dki691b0z09"))
          ("jaxws-drop"
           ,(drop "jaxws"
-                 "07nwmpji734fnvb4n3g2cj1fl4mskmg26ksdw3rpvb38wf97v2am"))
+                 "18fz4gl4fdlcmqvh1mlpd9h0gj0qizpfa7njkax97aysmsm08xns"))
          ("jdk-drop"
           ,(drop "jdk"
-                 "1x89l6rj20rzkalizpy74q4nlnskrvr39nvl2i95isajkda9hf2q"))
+                 "0qsx5d9pgwlz9vbpapw4jwpajqc6rwk1150cjb33i4n3z709jccx"))
          ("langtools-drop"
           ,(drop "langtools"
-                 "0zpjkpl294aw4nai35fh4lcxyv3vx0q0hnxchjcb2iz0hkgicizi"))
+                 "1k6plx96smf86z303gb30hncssa8f40qdryzsdv349iwqwacxc7r"))
          ("hotspot-drop"
           ,(drop "hotspot"
-                 "03pggsrhkzpjnj939vhr3b7mcrhfp22b7yg3hkx52kcv8dqkg3yx"))
+                 "0r9ffzyf5vxs8wg732szqcil0ksc8lcxzihdv3viz7d67dy42irp"))
          ,@(fold alist-delete (package-native-inputs icedtea-6)
                  '("openjdk6-src")))))))
 
-- 
2.6.3

Re: [PATCH 0/2] Icedtea security updates

[Ricardo Wurmus]

Leo Famulari <leo@famulari.name> writes:

> These patches update icedtea-6 and icedtea-7 to versions 1.13.10 [0] and
> 2.6.4 [1], respectively.

Thanks!  If both of these packages still build it’s okay to push the
commits.

~~ Ricardo