diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index 0965063b7f813795de801dd520605ade4de80a14..e1e648c21b696051d8ec69140a7910dae90c633e 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -13,7 +13,7 @@ # Only produce a release build on x86_64: # $ rhpkg mockbuild --without slowdebug --without fastdebug # -%global anolis_release 3 +%global anolis_release 4 # Enable fastdebug builds by default on relevant arches. %bcond_without fastdebug # Enable slowdebug builds by default on relevant arches. @@ -1426,6 +1426,12 @@ Patch2000: LoongArch64.patch # Init support for riscv64 Patch3000: RISCV64.patch + +#https://github.com/openjdk/jdk8u/commit/33624e872e7d40d3059f4c0d2967f140305378b8 +Patch3001: jdk-1.8-cve-2025-30749.patch +#https://github.com/openjdk/jdk8u/commit/943a5ea328fd2fc8eed0aed4ec9b1957d41f8144 +Patch3002: jdk-1.8-cve-2025-50106.patch + ############################################# # # Shenandoah fixes @@ -1854,6 +1860,9 @@ pushd %{top_level_dir_name} %ifarch riscv64 %patch3000 -p1 %endif + +%patch3001 -p1 +%patch3002 -p1 popd # RPM-only fixes @@ -2659,6 +2668,9 @@ cjc.mainProgram(args) %endif %changelog +* Tue Sep 09 2025 yangxinyu - 1:1.8.0.372.b07-4 +- fix cve-2025-30749 cve-2025-50106 + * Mon Apr 28 2025 Yihao Yan - 1:1.8.0.372.b07-3 - add support for riscv64 - update config.sub and config.guess diff --git a/jdk-1.8-cve-2025-30749.patch b/jdk-1.8-cve-2025-30749.patch new file mode 100644 index 0000000000000000000000000000000000000000..0a6b67d9fdcb70a36c93430626d288c8b86e30c8 --- /dev/null +++ b/jdk-1.8-cve-2025-30749.patch @@ -0,0 +1,263 @@ +From 33624e872e7d40d3059f4c0d2967f140305378b8 Mon Sep 17 00:00:00 2001 +From: Ilarion Nakonechnyy +Date: Tue, 27 May 2025 16:14:48 -0700 +Subject: [PATCH] 8348989: Better Glyph drawing + +Co-authored-by: Alexey Bakhtin +Reviewed-by: avoitylov, mbalao, andrew +Backport-of: 191c37a280faccfaecae033a68313ad06cdfc411 +--- + jdk/src/macosx/native/sun/font/AWTStrike.m | 4 +- + .../macosx/native/sun/font/CGGlyphImages.h | 9 +- + .../macosx/native/sun/font/CGGlyphImages.m | 101 ++++++++++++++---- + 3 files changed, 93 insertions(+), 21 deletions(-) + +diff --git a/jdk/src/macosx/native/sun/font/AWTStrike.m b/jdk/src/macosx/native/sun/font/AWTStrike.m +index e55a267d5fe..5f022f0d990 100644 +--- a/jdk/src/macosx/native/sun/font/AWTStrike.m ++++ b/jdk/src/macosx/native/sun/font/AWTStrike.m +@@ -156,7 +156,7 @@ + (AWTStrike *) awtStrikeForFont:(AWTFont *)awtFont + // to indicate we should use CoreText to substitute the character + CGGlyph glyph; + const CTFontRef fallback = CTS_CopyCTFallbackFontAndGlyphForJavaGlyphCode(awtFont, glyphCode, &glyph); +- CTFontGetAdvancesForGlyphs(fallback, kCTFontDefaultOrientation, &glyph, &advance, 1); ++ CGGlyphImages_GetGlyphMetrics(fallback, &awtStrike->fAltTx, awtStrike->fStyle, &glyph, 1, NULL, &advance); + CFRelease(fallback); + advance = CGSizeApplyAffineTransform(advance, awtStrike->fFontTx); + if (!JRSFontStyleUsesFractionalMetrics(awtStrike->fStyle)) { +@@ -193,7 +193,7 @@ + (AWTStrike *) awtStrikeForFont:(AWTFont *)awtFont + const CTFontRef fallback = CTS_CopyCTFallbackFontAndGlyphForJavaGlyphCode(awtFont, glyphCode, &glyph); + + CGRect bbox; +- JRSFontGetBoundingBoxesForGlyphsAndStyle(fallback, &tx, awtStrike->fStyle, &glyph, 1, &bbox); ++ CGGlyphImages_GetGlyphMetrics(fallback, &tx, awtStrike->fStyle, &glyph, 1, &bbox, NULL); + CFRelease(fallback); + + // the origin of this bounding box is relative to the bottom-left corner baseline +diff --git a/jdk/src/macosx/native/sun/font/CGGlyphImages.h b/jdk/src/macosx/native/sun/font/CGGlyphImages.h +index 73cb604bcfc..736167d2af4 100644 +--- a/jdk/src/macosx/native/sun/font/CGGlyphImages.h ++++ b/jdk/src/macosx/native/sun/font/CGGlyphImages.h +@@ -33,5 +33,12 @@ void + CGGlyphImages_GetGlyphImagePtrs(jlong glyphInfos[], + const AWTStrike *strike, + jint rawGlyphCodes[], const CFIndex len); +- ++void ++CGGlyphImages_GetGlyphMetrics(const CTFontRef font, ++ const CGAffineTransform *tx, ++ const JRSFontRenderingStyle style, ++ const CGGlyph glyphs[], ++ size_t count, ++ CGRect bboxes[], ++ CGSize advances[]); + #endif /* __CGGLYPHIMAGES_H */ +diff --git a/jdk/src/macosx/native/sun/font/CGGlyphImages.m b/jdk/src/macosx/native/sun/font/CGGlyphImages.m +index c762fac61a3..b4257203f4c 100644 +--- a/jdk/src/macosx/native/sun/font/CGGlyphImages.m ++++ b/jdk/src/macosx/native/sun/font/CGGlyphImages.m +@@ -237,6 +237,7 @@ @implementation CGGI_GlyphCanvas + { + UInt32 *src = (UInt32 *)canvas->image->data; + size_t srcRowWidth = canvas->image->width; ++ size_t srcHeight = canvas->image->height; + + UInt8 *dest = (UInt8 *)info->image; + size_t destRowWidth = info->width; +@@ -246,12 +247,12 @@ @implementation CGGI_GlyphCanvas + size_t y; + + // fill empty glyph image with black-on-white glyph +- for (y = 0; y < height; y++) { ++ for (y = 0; y < height && y < srcHeight; y++) { + size_t destRow = y * destRowWidth * 3; + size_t srcRow = y * srcRowWidth; + + size_t x; +- for (x = 0; x < destRowWidth; x++) { ++ for (x = 0; x < destRowWidth && x < srcRowWidth; x++) { + CGGI_CopyARGBPixelToRGBPixel(src[srcRow + x], + dest + destRow + x * 3); + } +@@ -289,6 +290,7 @@ @implementation CGGI_GlyphCanvas + { + UInt32 *src = (UInt32 *)canvas->image->data; + size_t srcRowWidth = canvas->image->width; ++ size_t srcHeight = canvas->image->height; + + UInt8 *dest = (UInt8 *)info->image; + size_t destRowWidth = info->width; +@@ -298,11 +300,11 @@ @implementation CGGI_GlyphCanvas + size_t y; + + // fill empty glyph image with black-on-white glyph +- for (y = 0; y < height; y++) { ++ for (y = 0; y < height && y < srcHeight; y++) { + size_t destRow = y * destRowWidth; + size_t srcRow = y * srcRowWidth; + size_t x; +- for (x = 0; x < destRowWidth; x++) { ++ for (x = 0; x < destRowWidth && x < srcRowWidth; x++) { + UInt32 p = src[srcRow + x]; + dest[destRow + x] = CGGI_ConvertBWPixelToByteGray(p); + } +@@ -384,8 +386,10 @@ @implementation CGGI_GlyphCanvas + + canvas->image->data = (void *)calloc(byteCount, sizeof(UInt8)); + if (canvas->image->data == NULL) { +- [[NSException exceptionWithName:NSMallocException +- reason:@"Failed to allocate memory for the buffer which backs the CGContext for glyph strikes." userInfo:nil] raise]; ++ canvas->image->width = 0; ++ canvas->image->height = 0; ++ canvas->image->rowBytes = 0; ++ canvas->image->data = malloc(0); + } + + uint32_t bmpInfo = kCGImageAlphaPremultipliedFirst; +@@ -435,6 +439,10 @@ @implementation CGGI_GlyphCanvas + + /* + * Quick and easy inline to check if this canvas is big enough. ++ * This function only increases the size. To get a smaller canvas, free it first. ++ * This function adds padding / slack multiplier to the requested size. ++ * So resizes must be based on the size you need, not the size of the canvas. ++ * The function will internally account for the multiplier it uses. + */ + static inline void + CGGI_SizeCanvas(CGGI_GlyphCanvas *canvas, const vImagePixelCount width, +@@ -442,18 +450,31 @@ @implementation CGGI_GlyphCanvas + const CGGI_RenderingMode* mode) + { + if (canvas->image != NULL && +- width < canvas->image->width && +- height < canvas->image->height) ++ width * CGGI_GLYPH_CANVAS_SLACK <= canvas->image->width && ++ height * CGGI_GLYPH_CANVAS_SLACK <= canvas->image->height) + { + return; + } + ++ vImagePixelCount w = width * CGGI_GLYPH_CANVAS_SLACK; ++ vImagePixelCount h = height * CGGI_GLYPH_CANVAS_SLACK; ++ ++ // Do not allow the canvas to be resized smaller. ++ if (canvas->image != NULL) { ++ if (w < canvas->image->width) { ++ w = canvas->image->width; ++ } ++ if (h < canvas->image->height) { ++ h = canvas->image->height; ++ } ++ } ++ + // if we don't have enough space to strike the largest glyph in the + // run, resize the canvas + CGGI_FreeCanvas(canvas); + CGGI_InitCanvas(canvas, +- width * CGGI_GLYPH_CANVAS_SLACK, +- height * CGGI_GLYPH_CANVAS_SLACK, ++ w, ++ h, + mode); + JRSFontSetRenderingStyleOnContext(canvas->context, mode->cgFontMode); + } +@@ -469,6 +490,12 @@ @implementation CGGI_GlyphCanvas + canvasRectToClear.data = canvas->image->data; + canvasRectToClear.height = info->height; + canvasRectToClear.width = info->width; ++ if (canvas->image->width < canvasRectToClear.width) { ++ canvasRectToClear.width = canvas->image->width; ++ } ++ if (canvas->image->height < canvasRectToClear.height) { ++ canvasRectToClear.height = canvas->image->height; ++ } + // use the row stride of the canvas, not the info + canvasRectToClear.rowBytes = canvas->image->rowBytes; + +@@ -605,10 +632,8 @@ @implementation CGGI_GlyphCanvas + JRSFontRenderingStyle style = JRSFontAlignStyleForFractionalMeasurement(strike->fStyle); + + CGRect bbox; +- JRSFontGetBoundingBoxesForGlyphsAndStyle(fallback, &tx, style, &glyph, 1, &bbox); +- + CGSize advance; +- CTFontGetAdvancesForGlyphs(fallback, kCTFontDefaultOrientation, &glyph, &advance, 1); ++ CGGlyphImages_GetGlyphMetrics(fallback, &tx, style, &glyph, 1, &bbox, &advance); + + // create the Sun2D GlyphInfo we are going to strike into + GlyphInfo *info = CGGI_CreateNewGlyphInfoFrom(advance, bbox, strike, mode); +@@ -764,8 +789,8 @@ @implementation CGGI_GlyphCanvas + CGAffineTransform tx = strike->fTx; + JRSFontRenderingStyle bboxCGMode = JRSFontAlignStyleForFractionalMeasurement(strike->fStyle); + +- JRSFontGetBoundingBoxesForGlyphsAndStyle((CTFontRef)font->fFont, &tx, bboxCGMode, glyphs, len, bboxes); +- CTFontGetAdvancesForGlyphs((CTFontRef)font->fFont, kCTFontDefaultOrientation, glyphs, advances, len); ++ CTFontRef fontRef = (CTFontRef)font->fFont; ++ CGGlyphImages_GetGlyphMetrics(fontRef, &tx, bboxCGMode, glyphs, len, bboxes, advances); + + size_t maxWidth = 1; + size_t maxHeight = 1; +@@ -783,7 +808,6 @@ @implementation CGGI_GlyphCanvas + CGRect bbox = bboxes[i]; + + GlyphInfo *glyphInfo = CGGI_CreateNewGlyphInfoFrom(advance, bbox, strike, mode); +- + if (maxWidth < glyphInfo->width) maxWidth = glyphInfo->width; + if (maxHeight < glyphInfo->height) maxHeight = glyphInfo->height; + +@@ -860,8 +884,7 @@ @implementation CGGI_GlyphCanvas + } + + // just do one malloc, and carve it up for all the buffers +- void *buffer = malloc(sizeof(CGRect) * sizeof(CGSize) * +- sizeof(CGGlyph) * sizeof(UniChar) * len); ++ void *buffer = malloc((sizeof(CGRect) + sizeof(CGSize) + sizeof(CGGlyph) + sizeof(UniChar)) * len); + if (buffer == NULL) { + [[NSException exceptionWithName:NSMallocException + reason:@"Failed to allocate memory for the temporary glyph strike and measurement buffers." userInfo:nil] raise]; +@@ -878,3 +901,45 @@ @implementation CGGI_GlyphCanvas + + free(buffer); + } ++ ++#define TX_FIXED_UNSAFE(v) (isinf(v) || isnan(v) || fabs(v) >= (1<<30)) ++ ++/* ++ * Calculates bounding boxes (for given transform) and advance (for untransformed 1pt-size font) for specified glyphs. ++ */ ++void ++CGGlyphImages_GetGlyphMetrics(const CTFontRef font, ++ const CGAffineTransform *tx, ++ const JRSFontRenderingStyle style, ++ const CGGlyph glyphs[], ++ size_t count, ++ CGRect bboxes[], ++ CGSize advances[]) { ++ ++ if (TX_FIXED_UNSAFE(tx->a) || TX_FIXED_UNSAFE(tx->b) || TX_FIXED_UNSAFE(tx->c) || ++ TX_FIXED_UNSAFE(tx->d) || TX_FIXED_UNSAFE(tx->tx) || TX_FIXED_UNSAFE(tx->tx)) { ++ ++ if (bboxes) { ++ for (int i = 0; i < count; i++) { ++ bboxes[i].origin.x = 0; ++ bboxes[i].origin.y = 0; ++ bboxes[i].size.width = 0; ++ bboxes[i].size.height = 0; ++ } ++ } ++ if (advances) { ++ for (int i = 0; i < count; i++) { ++ advances[i].width = 0; ++ advances[i].height = 0; ++ } ++ } ++ return; ++ } ++ ++ if (bboxes) { ++ JRSFontGetBoundingBoxesForGlyphsAndStyle(font, tx, style, glyphs, count, bboxes); ++ } ++ if (advances) { ++ CTFontGetAdvancesForGlyphs(font, kCTFontDefaultOrientation, glyphs, advances, count); ++ } ++} diff --git a/jdk-1.8-cve-2025-50106.patch b/jdk-1.8-cve-2025-50106.patch new file mode 100644 index 0000000000000000000000000000000000000000..642830fe21ebfe934515aebea9d510c02e1e164c --- /dev/null +++ b/jdk-1.8-cve-2025-50106.patch @@ -0,0 +1,53 @@ +From 943a5ea328fd2fc8eed0aed4ec9b1957d41f8144 Mon Sep 17 00:00:00 2001 +From: Alexey Bakhtin +Date: Mon, 30 Jun 2025 13:20:47 -0700 +Subject: [PATCH] 8360147: Better Glyph drawing redux + +Reviewed-by: mbalao, andrew +Backport-of: 141d7af9cd3c41de974c3d3f8017d6b21dc6d36c +--- + .../macosx/native/sun/font/CGGlyphImages.m | 23 +++++++++++-------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/jdk/src/macosx/native/sun/font/CGGlyphImages.m b/jdk/src/macosx/native/sun/font/CGGlyphImages.m +index b4257203f4..4658911541 100644 +--- a/jdk/src/macosx/native/sun/font/CGGlyphImages.m ++++ b/jdk/src/macosx/native/sun/font/CGGlyphImages.m +@@ -883,23 +883,28 @@ @implementation CGGI_GlyphCanvas + return; + } + +- // just do one malloc, and carve it up for all the buffers +- void *buffer = malloc((sizeof(CGRect) + sizeof(CGSize) + sizeof(CGGlyph) + sizeof(UniChar)) * len); +- if (buffer == NULL) { ++ CGRect *bboxes = (CGRect*)calloc(len, sizeof(CGRect)); ++ CGSize *advances = (CGSize*)calloc(len, sizeof(CGSize)); ++ CGGlyph *glyphs = (CGGlyph*)calloc(len, sizeof(CGGlyph)); ++ UniChar *uniChars = (UniChar*)calloc(len, sizeof(UniChar)); ++ ++ if (bboxes == NULL || advances == NULL || glyphs == NULL || uniChars == NULL) { ++ free(bboxes); ++ free(advances); ++ free(glyphs); ++ free(uniChars); + [[NSException exceptionWithName:NSMallocException + reason:@"Failed to allocate memory for the temporary glyph strike and measurement buffers." userInfo:nil] raise]; + } + +- CGRect *bboxes = (CGRect *)(buffer); +- CGSize *advances = (CGSize *)(bboxes + sizeof(CGRect) * len); +- CGGlyph *glyphs = (CGGlyph *)(advances + sizeof(CGGlyph) * len); +- UniChar *uniChars = (UniChar *)(glyphs + sizeof(UniChar) * len); +- + CGGI_CreateGlyphsAndScanForComplexities(glyphInfos, strike, &mode, + rawGlyphCodes, uniChars, glyphs, + advances, bboxes, len); + +- free(buffer); ++ free(bboxes); ++ free(advances); ++ free(glyphs); ++ free(uniChars); + } + + #define TX_FIXED_UNSAFE(v) (isinf(v) || isnan(v) || fabs(v) >= (1<<30))