mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-16 07:58:04 +00:00
Code Issues Releases Activity

- Add 2012/10/16 security patches from IcedTea6 1.11.5. [1]

Browse Source 
http://icedtea.classpath.org/hg/release/icedtea6-1.11/rev/d9564350faa6
http://blog.fuseyism.com/index.php/2012/10/19/security-icedtea-1-10-10-1-11-15-2-1-3-2-2-3-2-3-3-released/

- Completely turn off parallel build by default and remove parallel build
hack for HotSpot.  There were several reports that it fails to build under
certain environment, ports/162991 for example.  Users can still do parallel
build by setting FORCE_MAKE_JOBS (and MAKE_JOBS_NUMBER if desired).
- Implement os::available_memory().  Now it is consistent with "vm.vmtotal"
sysctl(3) MIB rather than bogus (physical memory / 4).
- Prefer sysconf(_SC_NPROCESSORS_CONF) over HW_NCPU sysctl MIB to get the
number of installed processors.  There is no functional difference except
for CURRENT, which obtains the information from ELF aux vector.
- Prefer sysconf(_SC_PHYS_PAGES) * sysconf(_SC_PAGESIZE) over HW_USERMEM
sysctl MIB to get size of physical memory.  Although it looks more logical
to find currently available memory, it has an inevitable side-effect, i. e.,
it changes dynamically depending on current wired page count.  Therefore,
it is unpredictable and not too useful some times.  For example, launcher
uses the parameter to determine initial heap size and machine class for i386.
Now it is more consistent with other places (and Linux JDK/JREs, including
the ones we have in ports tree).
- Implement os::active_processor_count() using cpuset_getaffinity(2).  For
example, Runtime.getRuntime().availableProcessors() now returns number of
available processors for the current process as it should.
- Sync. launchers (java_md.c) for HotSpot and JDK as much as possible for
maintainability.  As a good side-effect, launcher for i386 can now determine
machine class based on the current hardware configuration.  Previously,
client VM was always chosen by default.
- Fix CounterGet(), which is only used for debugging launcher.
- Add swap info for os::print_memory_info().

Obtained from:	IcedTea project [1]
Feature safe:	yes
This commit is contained in:
Jung-uk Kim 2012-10-19 22:43:10 +00:00
parent aadc8c6b1d
commit 81a8a55b63
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=306138
24 changed files with 3729 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
java/openjdk6-jre/Makefile
View File

@ -1,6 +1,6 @@
# $FreeBSD$
PORTREVISION= 0
PORTREVISION= 1
CATEGORIES= java devel
PKGNAMESUFFIX= -jre

26
java/openjdk6/Makefile
View File

@ -3,7 +3,7 @@
PORTNAME= openjdk6
PORTVERSION= b26
PORTREVISION?= 0
PORTREVISION?= 1
CATEGORIES= java devel
MASTER_SITES= http://download.java.net/openjdk/jdk6/promoted/${PORTVERSION}/ \
http://download.java.net/jaxp/openjdk/jdk6/:jaxp \
@ -40,8 +40,10 @@ RUN_DEPENDS= javavm:${PORTSDIR}/java/javavmwrapper \
OPENJDK_BUILDDATE= 21_sep_2012
EXTRA_PATCHES= ${FILESDIR}/icedtea/security/*.patch
OPTIONS_DEFINE= ICEDTEA IPV6 POLICY SOUND TZUPDATE
OPTIONS_DEFAULT=ICEDTEA TZUPDATE
OPTIONS_DEFAULT=ICEDTEA IPV6 TZUPDATE
ICEDTEA_DESC= Apply additional patches from IcedTea
POLICY_DESC= Install the Unlimited Strength Policy Files
SOUND_DESC= Enable sound support
@ -62,7 +64,6 @@ WRKSRC= ${WRKDIR}
USE_GMAKE= yes
USE_MOTIF= yes
USE_XORG= x11 xext xi xt xtst
MAKE_JOBS_UNSAFE= yes
JAXP_BUILD= 144_04
JAXPFILE= jaxp${JAXP_BUILD}.zip
@ -143,6 +144,16 @@ MAKE_ENV+= CCC="${CXX}" GCC="${CC}"
# XXX Turn off -Werror from HotSpot.
MAKE_ENV+= WARNINGS_ARE_ERRORS="${WARNINGS_ARE_ERRORS}"
# XXX Turn off parallel build by default.
.if defined(DISABLE_MAKE_JOBS) || !defined(FORCE_MAKE_JOBS)
BUILD_JOBS_NUMBER= 1
.elif defined(FORCE_MAKE_JOBS)
BUILD_JOBS_NUMBER= ${MAKE_JOBS_NUMBER}
.endif
_MAKE_JOBS= #
MAKE_ENV+= ALT_PARALLEL_COMPILE_JOBS=${BUILD_JOBS_NUMBER} \
HOTSPOT_BUILD_JOBS=${BUILD_JOBS_NUMBER}
.if ${PORT_OPTIONS:MDEBUG}
ALL_TARGET= debug_build
OPENJDK_OSARCH= bsd-${ARCH:S/i386/i586/}-debug
@ -183,15 +194,6 @@ BUILD_DEPENDS+= ${LOCALBASE}/lib/X11/fonts/dejavu:${PORTSDIR}/x11-fonts/dejavu
USE_DISPLAY= yes
.endif
.if !defined(DISABLE_MAKE_JOBS)
.if defined(MAKE_JOBS_NUMBER)
BUILD_JOBS_NUMBER= ${MAKE_JOBS_NUMBER}
.else
BUILD_JOBS_NUMBER= `${SYSCTL} -n kern.smp.cpus`
.endif
MAKE_ENV+= HOTSPOT_BUILD_JOBS=${BUILD_JOBS_NUMBER}
.endif
COPYDIRS= \
hotspot/src/os/linux/vm \
hotspot/src/os_cpu/linux_x86/vm \

20
java/openjdk6/files/icedtea/security/6631398.patch Normal file
View File

@ -0,0 +1,20 @@
# HG changeset patch
# User weijun
# Date 1339724916 -28800
# Node ID 0fdc422fba9b63be684f1229af75f0c1f3ceec87
# Parent f09937f0b2e32aa60a2cdd23f03a7e2d45091b60
6631398: FilePermission improved path checking
Reviewed-by: mullan, skoivu, jdn
diff --git a/src/share/classes/java/io/FilePermission.java b/src/share/classes/java/io/FilePermission.java
--- jdk/src/share/classes/java/io/FilePermission.java
+++ jdk/src/share/classes/java/io/FilePermission.java
@@ -399,7 +399,7 @@
*/
public int hashCode() {
- return this.cpath.hashCode();
+ return 0;
}
/**

28
java/openjdk6/files/icedtea/security/7093490.patch Normal file
View File

@ -0,0 +1,28 @@
# HG changeset patch
# User coffeys
# Date 1340913225 -3600
# Node ID e7334bb16ad694bed492da52e5713c8391e79ce8
# Parent 0fdc422fba9b63be684f1229af75f0c1f3ceec87
7093490: adjust package access in rmiregistry
Reviewed-by: smarks
diff --git a/src/share/classes/sun/rmi/registry/RegistryImpl.java b/src/share/classes/sun/rmi/registry/RegistryImpl.java
--- jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java
+++ jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -405,7 +405,8 @@
*/
perms.add(new SocketPermission("*", "connect,accept"));
- perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
+ perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
+ perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));

31
java/openjdk6/files/icedtea/security/7143535.patch Normal file
View File

@ -0,0 +1,31 @@
# HG changeset patch
# User sundar
# Date 1345469787 -14400
# Node ID 1e170e3c1b682d0f98a61a47e5049535c5bd4999
# Parent e7334bb16ad694bed492da52e5713c8391e79ce8
7143535: ScriptEngine corrected permissions
Reviewed-by: mschoene
diff --git a/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java b/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
--- jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
+++ jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -130,7 +130,11 @@
public RhinoScriptEngine() {
if (System.getSecurityManager() != null) {
- accCtxt = AccessController.getContext();
+ try {
+ AccessController.checkPermission(new AllPermission());
+ } catch (AccessControlException ace) {
+ accCtxt = AccessController.getContext();
+ }
}
Context cx = enterContext();

1413
java/openjdk6/files/icedtea/security/7158800.patch Normal file
View File

File diff suppressed because it is too large Load Diff

30
java/openjdk6/files/icedtea/security/7158801.patch Normal file
View File

@ -0,0 +1,30 @@
# HG changeset patch
# User kvn
# Date 1337800285 25200
# Node ID f7493d50b47d3946902e18153bcd912e37589d00
# Parent 2faa3f7bad65189e69ab2f9a491743786bb8f07f
7158801: Improve VM CompileOnly option
Summary: Fixed buffer overflow during parsing flags -XX:CompileCommand=, -XX:CompileOnly= and command lines in .hotspot_compiler file.
Reviewed-by: never
diff --git a/src/share/vm/compiler/compilerOracle.cpp b/src/share/vm/compiler/compilerOracle.cpp
--- hotspot/src/share/vm/compiler/compilerOracle.cpp
+++ hotspot/src/share/vm/compiler/compilerOracle.cpp
@@ -573,7 +573,7 @@
char token[1024];
int pos = 0;
int c = getc(stream);
- while(c != EOF) {
+ while(c != EOF && pos < (sizeof(token)-1)) {
if (c == '\n') {
token[pos++] = '\0';
parse_from_line(token);
@@ -594,7 +594,7 @@
int pos = 0;
const char* sp = str;
int c = *sp++;
- while (c != '\0') {
+ while (c != '\0' && pos < (sizeof(token)-1)) {
if (c == '\n') {
token[pos++] = '\0';
parse_line(token);

28
java/openjdk6/files/icedtea/security/7158804.patch Normal file
View File

@ -0,0 +1,28 @@
# HG changeset patch
# User dbuck
# Date 1342799006 25200
# Node ID fde4cc8479824449b03abedd5357500aec92e990
# Parent f7493d50b47d3946902e18153bcd912e37589d00
7158804: Improve config file parsing
Summary: see bugdb 13784108 for details
Reviewed-by: vikram, kamg
diff --git a/src/share/vm/runtime/arguments.cpp b/src/share/vm/runtime/arguments.cpp
--- hotspot/src/share/vm/runtime/arguments.cpp
+++ hotspot/src/share/vm/runtime/arguments.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -842,7 +842,7 @@
bool result = true;
int c = getc(stream);
- while(c != EOF) {
+ while(c != EOF && pos < (int)(sizeof(token)-1)) {
if (in_white_space) {
if (in_comment) {
if (c == '\n') in_comment = false;

75
java/openjdk6/files/icedtea/security/7167656.patch Normal file
View File

@ -0,0 +1,75 @@
# HG changeset patch
# User coffeys
# Date 1340139680 -3600
# Node ID d04575148db287475168da344159e583f7bff02c
# Parent 1e170e3c1b682d0f98a61a47e5049535c5bd4999
7167656: Multiple Seeders are being created
Reviewed-by: wetmore
diff --git a/src/share/classes/sun/security/provider/SecureRandom.java b/src/share/classes/sun/security/provider/SecureRandom.java
--- jdk/src/share/classes/sun/security/provider/SecureRandom.java
+++ jdk/src/share/classes/sun/security/provider/SecureRandom.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,6 @@
private static final long serialVersionUID = 3581829991155417889L;
- /**
- * This static object will be seeded by SeedGenerator, and used
- * to seed future instances of SecureRandom
- */
- private static SecureRandom seeder;
-
private static final int DIGEST_SIZE = 20;
private transient MessageDigest digest;
private byte[] state;
@@ -173,6 +167,28 @@
}
/**
+ * This static object will be seeded by SeedGenerator, and used
+ * to seed future instances of SHA1PRNG SecureRandoms.
+ *
+ * Bloch, Effective Java Second Edition: Item 71
+ */
+ private static class SeederHolder {
+
+ private static final SecureRandom seeder;
+
+ static {
+ /*
+ * Call to SeedGenerator.generateSeed() to add additional
+ * seed material (likely from the Native implementation).
+ */
+ seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
+ byte [] b = new byte[DIGEST_SIZE];
+ SeedGenerator.generateSeed(b);
+ seeder.engineSetSeed(b);
+ }
+ }
+
+ /**
* Generates a user-specified number of random bytes.
*
* @param bytes the array to be filled in with random bytes.
@@ -183,13 +199,8 @@
byte[] output = remainder;
if (state == null) {
- if (seeder == null) {
- seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
- seeder.engineSetSeed(engineGenerateSeed(DIGEST_SIZE));
- }
-
byte[] seed = new byte[DIGEST_SIZE];
- seeder.engineNextBytes(seed);
+ SeederHolder.seeder.engineNextBytes(seed);
state = digest.digest(seed);
}

349
java/openjdk6/files/icedtea/security/7169884.patch Normal file
View File

@ -0,0 +1,349 @@
# HG changeset patch
# User robm
# Date 1347903606 -3600
# Node ID 47e7c8e33cd82dade3e84af94bff125cdbdae062
# Parent d04575148db287475168da344159e583f7bff02c
7169884: LogManager checks do not work correctly for sub-types
Reviewed-by: alanb
diff --git a/src/share/classes/java/util/logging/FileHandler.java b/src/share/classes/java/util/logging/FileHandler.java
--- jdk/src/share/classes/java/util/logging/FileHandler.java
+++ jdk/src/share/classes/java/util/logging/FileHandler.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -220,7 +220,7 @@
* @exception NullPointerException if pattern property is an empty String.
*/
public FileHandler() throws IOException, SecurityException {
- checkAccess();
+ checkPermission();
configure();
openFiles();
}
@@ -246,7 +246,7 @@
if (pattern.length() < 1 ) {
throw new IllegalArgumentException();
}
- checkAccess();
+ checkPermission();
configure();
this.pattern = pattern;
this.limit = 0;
@@ -278,7 +278,7 @@
if (pattern.length() < 1 ) {
throw new IllegalArgumentException();
}
- checkAccess();
+ checkPermission();
configure();
this.pattern = pattern;
this.limit = 0;
@@ -315,7 +315,7 @@
if (limit < 0 || count < 1 || pattern.length() < 1) {
throw new IllegalArgumentException();
}
- checkAccess();
+ checkPermission();
configure();
this.pattern = pattern;
this.limit = limit;
@@ -354,7 +354,7 @@
if (limit < 0 || count < 1 || pattern.length() < 1) {
throw new IllegalArgumentException();
}
- checkAccess();
+ checkPermission();
configure();
this.pattern = pattern;
this.limit = limit;
@@ -367,7 +367,7 @@
// configured instance variables.
private void openFiles() throws IOException {
LogManager manager = LogManager.getLogManager();
- manager.checkAccess();
+ manager.checkPermission();
if (count < 1) {
throw new IllegalArgumentException("file count = " + count);
}
diff --git a/src/share/classes/java/util/logging/Handler.java b/src/share/classes/java/util/logging/Handler.java
--- jdk/src/share/classes/java/util/logging/Handler.java
+++ jdk/src/share/classes/java/util/logging/Handler.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@
* the caller does not have <tt>LoggingPermission("control")</tt>.
*/
public void setFormatter(Formatter newFormatter) throws SecurityException {
- checkAccess();
+ checkPermission();
// Check for a null pointer:
newFormatter.getClass();
formatter = newFormatter;
@@ -140,7 +140,7 @@
*/
public void setEncoding(String encoding)
throws SecurityException, java.io.UnsupportedEncodingException {
- checkAccess();
+ checkPermission();
if (encoding != null) {
try {
if(!java.nio.charset.Charset.isSupported(encoding)) {
@@ -175,7 +175,7 @@
* the caller does not have <tt>LoggingPermission("control")</tt>.
*/
public void setFilter(Filter newFilter) throws SecurityException {
- checkAccess();
+ checkPermission();
filter = newFilter;
}
@@ -199,7 +199,7 @@
* the caller does not have <tt>LoggingPermission("control")</tt>.
*/
public void setErrorManager(ErrorManager em) {
- checkAccess();
+ checkPermission();
if (em == null) {
throw new NullPointerException();
}
@@ -213,7 +213,7 @@
* the caller does not have <tt>LoggingPermission("control")</tt>.
*/
public ErrorManager getErrorManager() {
- checkAccess();
+ checkPermission();
return errorManager;
}
@@ -253,7 +253,7 @@
if (newLevel == null) {
throw new NullPointerException();
}
- checkAccess();
+ checkPermission();
logLevel = newLevel;
}
@@ -296,9 +296,9 @@
// If "sealed" is true, we check that the caller has
// appropriate security privileges to update Handler
// state and if not throw a SecurityException.
- void checkAccess() throws SecurityException {
+ void checkPermission() throws SecurityException {
if (sealed) {
- manager.checkAccess();
+ manager.checkPermission();
}
}
}
diff --git a/src/share/classes/java/util/logging/LogManager.java b/src/share/classes/java/util/logging/LogManager.java
--- jdk/src/share/classes/java/util/logging/LogManager.java
+++ jdk/src/share/classes/java/util/logging/LogManager.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -303,7 +303,7 @@
if (l == null) {
throw new NullPointerException();
}
- checkAccess();
+ checkPermission();
changes.addPropertyChangeListener(l);
}
@@ -322,7 +322,7 @@
* the caller does not have LoggingPermission("control").
*/
public void removePropertyChangeListener(PropertyChangeListener l) throws SecurityException {
- checkAccess();
+ checkPermission();
changes.removePropertyChangeListener(l);
}
@@ -740,7 +740,7 @@
* @exception IOException if there are IO problems reading the configuration.
*/
public void readConfiguration() throws IOException, SecurityException {
- checkAccess();
+ checkPermission();
// if a configuration class is specified, load it and use it.
String cname = System.getProperty("java.util.logging.config.class");
@@ -798,7 +798,7 @@
*/
public void reset() throws SecurityException {
- checkAccess();
+ checkPermission();
synchronized (this) {
props = new Properties();
// Since we are doing a reset we no longer want to initialize
@@ -883,7 +883,7 @@
* @exception IOException if there are problems reading from the stream.
*/
public void readConfiguration(InputStream ins) throws IOException, SecurityException {
- checkAccess();
+ checkPermission();
reset();
// Load the properties
@@ -1045,7 +1045,13 @@
}
- private Permission ourPermission = new LoggingPermission("control", null);
+ private final Permission controlPermission = new LoggingPermission("control", null);
+
+ void checkPermission() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(controlPermission);
+ }
/**
* Check that the current context is trusted to modify the logging
@@ -1058,11 +1064,7 @@
* the caller does not have LoggingPermission("control").
*/
public void checkAccess() throws SecurityException {
- SecurityManager sm = System.getSecurityManager();
- if (sm == null) {
- return;
- }
- sm.checkPermission(ourPermission);
+ checkPermission();
}
// Nested class to represent a node in our tree of named loggers.
diff --git a/src/share/classes/java/util/logging/Logger.java b/src/share/classes/java/util/logging/Logger.java
--- jdk/src/share/classes/java/util/logging/Logger.java
+++ jdk/src/share/classes/java/util/logging/Logger.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -266,13 +266,13 @@
this.manager = manager;
}
- private void checkAccess() throws SecurityException {
+ private void checkPermission() throws SecurityException {
if (!anonymous) {
if (manager == null) {
// Complete initialization of the global Logger.
manager = LogManager.getLogManager();
}
- manager.checkAccess();
+ manager.checkPermission();
}
}
@@ -454,7 +454,7 @@
* the caller does not have LoggingPermission("control").
*/
public synchronized void setFilter(Filter newFilter) throws SecurityException {
- checkAccess();
+ checkPermission();
filter = newFilter;
}
@@ -1145,7 +1145,7 @@
* the caller does not have LoggingPermission("control").
*/
public void setLevel(Level newLevel) throws SecurityException {
- checkAccess();
+ checkPermission();
synchronized (treeLock) {
levelObject = newLevel;
updateEffectiveLevel();
@@ -1200,7 +1200,7 @@
public synchronized void addHandler(Handler handler) throws SecurityException {
// Check for null handler
handler.getClass();
- checkAccess();
+ checkPermission();
if (handlers == null) {
handlers = new ArrayList<Handler>();
}
@@ -1217,7 +1217,7 @@
* the caller does not have LoggingPermission("control").
*/
public synchronized void removeHandler(Handler handler) throws SecurityException {
- checkAccess();
+ checkPermission();
if (handler == null) {
return;
}
@@ -1251,7 +1251,7 @@
* the caller does not have LoggingPermission("control").
*/
public synchronized void setUseParentHandlers(boolean useParentHandlers) {
- checkAccess();
+ checkPermission();
this.useParentHandlers = useParentHandlers;
}
@@ -1388,7 +1388,7 @@
if (parent == null) {
throw new NullPointerException();
}
- manager.checkAccess();
+ manager.checkPermission();
doSetParent(parent);
}
diff --git a/src/share/classes/java/util/logging/MemoryHandler.java b/src/share/classes/java/util/logging/MemoryHandler.java
--- jdk/src/share/classes/java/util/logging/MemoryHandler.java
+++ jdk/src/share/classes/java/util/logging/MemoryHandler.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -238,7 +238,7 @@
throw new NullPointerException();
}
LogManager manager = LogManager.getLogManager();
- checkAccess();
+ checkPermission();
pushLevel = newLevel;
}
diff --git a/src/share/classes/java/util/logging/StreamHandler.java b/src/share/classes/java/util/logging/StreamHandler.java
--- jdk/src/share/classes/java/util/logging/StreamHandler.java
+++ jdk/src/share/classes/java/util/logging/StreamHandler.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -249,7 +249,7 @@
}
private synchronized void flushAndClose() throws SecurityException {
- checkAccess();
+ checkPermission();
if (writer != null) {
try {
if (!doneHeader) {

125
java/openjdk6/files/icedtea/security/7169888.patch Normal file
View File

@ -0,0 +1,125 @@
# HG changeset patch
# User dbuck
# Date 1342799616 25200
# Node ID 39b599e90c7b33435ca42ae96ed673812a8be3d7
# Parent 47e7c8e33cd82dade3e84af94bff125cdbdae062
7169888: Narrowing resource definitions in JMX RMI connector
Summary: see bugdb 13932219 for details
Reviewed-by: fparain, vikram
diff --git a/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java b/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
--- jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
+++ jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,11 +39,17 @@
import java.rmi.MarshalledObject;
import java.rmi.UnmarshalException;
import java.rmi.server.Unreferenced;
+
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
+
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
@@ -60,6 +66,7 @@
import javax.management.MBeanException;
import javax.management.MBeanInfo;
import javax.management.MBeanRegistrationException;
+import javax.management.MBeanPermission;
import javax.management.MBeanServer;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
@@ -144,15 +151,20 @@
this.mbeanServer = rmiServer.getMBeanServer();
final ClassLoader dcl = defaultClassLoader;
+
this.classLoaderWithRepository =
AccessController.doPrivileged(
new PrivilegedAction<ClassLoaderWithRepository>() {
public ClassLoaderWithRepository run() {
return new ClassLoaderWithRepository(
- getClassLoaderRepository(),
+ mbeanServer.getClassLoaderRepository(),
dcl);
}
- });
+ },
+
+ withPermissions( new MBeanPermission("*", "getClassLoaderRepository"),
+ new RuntimePermission("createClassLoader"))
+ );
serverCommunicatorAdmin = new
RMIServerCommunicatorAdmin(EnvHelp.getServerConnectionTimeout(env));
@@ -160,6 +172,17 @@
this.env = env;
}
+ private static AccessControlContext withPermissions(Permission ... perms){
+ Permissions col = new Permissions();
+
+ for (Permission thePerm : perms ) {
+ col.add(thePerm);
+ }
+
+ final ProtectionDomain pd = new ProtectionDomain(null, col);
+ return new AccessControlContext( new ProtectionDomain[] { pd });
+ }
+
private synchronized ServerNotifForwarder getServerNotifFwd() {
// Lazily created when first use. Mainly when
// addNotificationListener is first called.
@@ -1314,16 +1337,6 @@
// private methods
//------------------------------------------------------------------------
- private ClassLoaderRepository getClassLoaderRepository() {
- return
- AccessController.doPrivileged(
- new PrivilegedAction<ClassLoaderRepository>() {
- public ClassLoaderRepository run() {
- return mbeanServer.getClassLoaderRepository();
- }
- });
- }
-
private ClassLoader getClassLoader(final ObjectName name)
throws InstanceNotFoundException {
try {
@@ -1333,7 +1346,9 @@
public ClassLoader run() throws InstanceNotFoundException {
return mbeanServer.getClassLoader(name);
}
- });
+ },
+ withPermissions(new MBeanPermission("*", "getClassLoader"))
+ );
} catch (PrivilegedActionException pe) {
throw (InstanceNotFoundException) extractException(pe);
}
@@ -1348,7 +1363,9 @@
public Object run() throws InstanceNotFoundException {
return mbeanServer.getClassLoaderFor(name);
}
- });
+ },
+ withPermissions(new MBeanPermission("*", "getClassLoaderFor"))
+ );
} catch (PrivilegedActionException pe) {
throw (InstanceNotFoundException) extractException(pe);
}

36
java/openjdk6/files/icedtea/security/7172522.patch Normal file
View File

@ -0,0 +1,36 @@
# HG changeset patch
# User coffeys
# Date 1340096399 -3600
# Node ID 88243aa6e67b6b84ff529ccdfd3b476410f60057
# Parent 39b599e90c7b33435ca42ae96ed673812a8be3d7
7172522: Improve DomainCombiner checking
Reviewed-by: mullan
diff --git a/src/share/classes/java/security/AccessController.java b/src/share/classes/java/security/AccessController.java
--- jdk/src/share/classes/java/security/AccessController.java
+++ jdk/src/share/classes/java/security/AccessController.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -293,7 +293,7 @@
DomainCombiner dc = null;
AccessControlContext acc = getStackAccessControlContext();
if (acc == null || (dc = acc.getAssignedCombiner()) == null) {
- return AccessController.doPrivileged(action);
+ return AccessController.doPrivileged(action, acc);
}
return AccessController.doPrivileged(action, preserveCombiner(dc));
}
@@ -389,7 +389,7 @@
DomainCombiner dc = null;
AccessControlContext acc = getStackAccessControlContext();
if (acc == null || (dc = acc.getAssignedCombiner()) == null) {
- return AccessController.doPrivileged(action);
+ return AccessController.doPrivileged(action, acc);
}
return AccessController.doPrivileged(action, preserveCombiner(dc));
}

29
java/openjdk6/files/icedtea/security/7176337.patch Normal file
View File

@ -0,0 +1,29 @@
# HG changeset patch
# User asaha
# Date 1340145914 25200
# Node ID a148157cd348fe4c251063db7d3973a83cfcf483
# Parent fde4cc8479824449b03abedd5357500aec92e990
7176337: Additional changes needed for 7158801 fix
Reviewed-by: kvn
diff --git a/src/share/vm/compiler/compilerOracle.cpp b/src/share/vm/compiler/compilerOracle.cpp
--- hotspot/src/share/vm/compiler/compilerOracle.cpp
+++ hotspot/src/share/vm/compiler/compilerOracle.cpp
@@ -573,7 +573,7 @@
char token[1024];
int pos = 0;
int c = getc(stream);
- while(c != EOF && pos < (sizeof(token)-1)) {
+ while(c != EOF && pos < (int)(sizeof(token)-1)) {
if (c == '\n') {
token[pos++] = '\0';
parse_from_line(token);
@@ -594,7 +594,7 @@
int pos = 0;
const char* sp = str;
int c = *sp++;
- while (c != '\0' && pos < (sizeof(token)-1)) {
+ while (c != '\0' && pos < (int)(sizeof(token)-1)) {
if (c == '\n') {
token[pos++] = '\0';
parse_line(token);

552
java/openjdk6/files/icedtea/security/7186286.patch Normal file
View File

@ -0,0 +1,552 @@
# HG changeset patch
# User xuelei
# Date 1343546404 25200
# Node ID a6294da5a21f609b67a0d4d216028dda9f56e689
# Parent 88243aa6e67b6b84ff529ccdfd3b476410f60057
7186286: TLS implementation to better adhere to RFC
Summary: also reviewed by Alexander Fomin <Alexander.Fomin@Oracle.COM>, Andrew Gross<Andrew.Gross@Oracle.COM>, Sean Coffey<Sean.Coffey@Oracle.COM>
Reviewed-by: valeriep, wetmore
diff --git a/src/share/classes/sun/security/pkcs11/P11Cipher.java b/src/share/classes/sun/security/pkcs11/P11Cipher.java
--- jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
+++ jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -650,7 +650,7 @@
// see JCE spec
protected int engineGetKeySize(Key key) throws InvalidKeyException {
int n = P11SecretKeyFactory.convertKey
- (token, key, keyAlgorithm).keyLength();
+ (token, key, keyAlgorithm).length();
return n;
}
}
diff --git a/src/share/classes/sun/security/pkcs11/P11Key.java b/src/share/classes/sun/security/pkcs11/P11Key.java
--- jdk/src/share/classes/sun/security/pkcs11/P11Key.java
+++ jdk/src/share/classes/sun/security/pkcs11/P11Key.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,6 +46,7 @@
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
import sun.security.util.DerValue;
+import sun.security.util.Length;
/**
* Key implementation classes.
@@ -61,7 +62,7 @@
* @author Andreas Sterbenz
* @since 1.5
*/
-abstract class P11Key implements Key {
+abstract class P11Key implements Key, Length {
private final static String PUBLIC = "public";
private final static String PRIVATE = "private";
@@ -212,7 +213,11 @@
return s1;
}
- int keyLength() {
+ /**
+ * Return bit length of the key.
+ */
+ @Override
+ public int length() {
return keyLength;
}
diff --git a/src/share/classes/sun/security/pkcs11/P11RSACipher.java b/src/share/classes/sun/security/pkcs11/P11RSACipher.java
--- jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java
+++ jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -201,7 +201,7 @@
} else {
throw new InvalidKeyException("Unknown key type: " + p11Key);
}
- int n = (p11Key.keyLength() + 7) >> 3;
+ int n = (p11Key.length() + 7) >> 3;
outputSize = n;
buffer = new byte[n];
maxInputSize = encrypt ? (n - PKCS1_MIN_PADDING_LENGTH) : n;
@@ -458,7 +458,7 @@
// see JCE spec
protected int engineGetKeySize(Key key) throws InvalidKeyException {
- int n = P11KeyFactory.convertKey(token, key, algorithm).keyLength();
+ int n = P11KeyFactory.convertKey(token, key, algorithm).length();
return n;
}
}
diff --git a/src/share/classes/sun/security/pkcs11/P11Signature.java b/src/share/classes/sun/security/pkcs11/P11Signature.java
--- jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
+++ jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -274,7 +274,7 @@
if (keyAlgorithm.equals("DSA")) {
signature = new byte[40];
} else {
- signature = new byte[(p11Key.keyLength() + 7) >> 3];
+ signature = new byte[(p11Key.length() + 7) >> 3];
}
if (type == T_UPDATE) {
token.p11.C_VerifyFinal(session.id(), signature);
@@ -359,7 +359,7 @@
if (keyAlgorithm.equals("RSA") && publicKey != p11Key) {
int keyLen;
if (publicKey instanceof P11Key) {
- keyLen = ((P11Key) publicKey).keyLength();
+ keyLen = ((P11Key) publicKey).length();
} else {
keyLen = ((RSAKey) publicKey).getModulus().bitLength();
}
@@ -620,7 +620,7 @@
private byte[] pkcs1Pad(byte[] data) {
try {
- int len = (p11Key.keyLength() + 7) >> 3;
+ int len = (p11Key.length() + 7) >> 3;
RSAPadding padding = RSAPadding.getInstance
(RSAPadding.PAD_BLOCKTYPE_1, len);
byte[] padded = padding.pad(data);
diff --git a/src/share/classes/sun/security/ssl/HandshakeInStream.java b/src/share/classes/sun/security/ssl/HandshakeInStream.java
--- jdk/src/share/classes/sun/security/ssl/HandshakeInStream.java
+++ jdk/src/share/classes/sun/security/ssl/HandshakeInStream.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -190,6 +190,7 @@
byte[] getBytes8() throws IOException {
int len = getInt8();
+ verifyLength(len);
byte b[] = new byte[len];
read(b, 0, len);
@@ -198,6 +199,7 @@
byte[] getBytes16() throws IOException {
int len = getInt16();
+ verifyLength(len);
byte b[] = new byte[len];
read(b, 0, len);
@@ -206,10 +208,19 @@
byte[] getBytes24() throws IOException {
int len = getInt24();
+ verifyLength(len);
byte b[] = new byte[len];
read(b, 0, len);
return b;
}
+ // Is a length greater than available bytes in the record?
+ private void verifyLength(int len) throws SSLException {
+ if (len > available()) {
+ throw new SSLException(
+ "Not enough data to fill declared vector size");
+ }
+ }
+
}
diff --git a/src/share/classes/sun/security/ssl/Handshaker.java b/src/share/classes/sun/security/ssl/Handshaker.java
--- jdk/src/share/classes/sun/security/ssl/Handshaker.java
+++ jdk/src/share/classes/sun/security/ssl/Handshaker.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -776,9 +776,9 @@
if (debug != null && Debug.isOn("handshake")) {
System.out.println("RSA master secret generation error:");
e.printStackTrace(System.out);
- System.out.println("Generating new random premaster secret");
}
- preMasterSecret = RSAClientKeyExchange.generateDummySecret(protocolVersion);
+ preMasterSecret =
+ RSAClientKeyExchange.generateDummySecret(protocolVersion);
// recursive call with new premaster secret
return calculateMasterSecret(preMasterSecret, null);
}
@@ -821,9 +821,9 @@
System.out.println("RSA PreMasterSecret version error: expected"
+ protocolVersion + " or " + requestedVersion + ", decrypted: "
+ premasterVersion);
- System.out.println("Generating new random premaster secret");
}
- preMasterSecret = RSAClientKeyExchange.generateDummySecret(protocolVersion);
+ preMasterSecret =
+ RSAClientKeyExchange.generateDummySecret(protocolVersion);
// recursive call with new premaster secret
return calculateMasterSecret(preMasterSecret, null);
}
diff --git a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
--- jdk/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
+++ jdk/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
import javax.net.ssl.*;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+import sun.security.util.KeyLength;
/**
* This is the client key exchange message (CLIENT --> SERVER) used with
@@ -85,7 +86,8 @@
* it, using its RSA private key. Result is the same size as the
* server's public key, and uses PKCS #1 block format 02.
*/
- RSAClientKeyExchange(ProtocolVersion protocolVersion, ProtocolVersion maxVersion,
+ RSAClientKeyExchange(ProtocolVersion protocolVersion,
+ ProtocolVersion maxVersion,
SecureRandom generator, PublicKey publicKey) throws IOException {
if (publicKey.getAlgorithm().equals("RSA") == false) {
throw new SSLKeyException("Public key not of type RSA");
@@ -120,7 +122,8 @@
* Server gets the PKCS #1 (block format 02) data, decrypts
* it with its private key.
*/
- RSAClientKeyExchange(ProtocolVersion currentVersion, HandshakeInStream input,
+ RSAClientKeyExchange(ProtocolVersion currentVersion,
+ ProtocolVersion maxVersion, HandshakeInStream input,
int messageSize, PrivateKey privateKey) throws IOException {
if (privateKey.getAlgorithm().equals("RSA") == false) {
@@ -143,28 +146,119 @@
cipher.init(Cipher.UNWRAP_MODE, privateKey);
preMaster = (SecretKey)cipher.unwrap(encrypted,
"TlsRsaPremasterSecret", Cipher.SECRET_KEY);
+
+ // polish the premaster secret
+ preMaster = polishPreMasterSecretKey(
+ currentVersion, maxVersion, preMaster, null);
} catch (Exception e) {
- /*
- * Bogus decrypted ClientKeyExchange? If so, conjure a
- * a random preMaster secret that will fail later during
- * Finished message processing. This is a countermeasure against
- * the "interactive RSA PKCS#1 encryption envelop attack" reported
- * in June 1998. Preserving the executation path will
- * mitigate timing attacks and force consistent error handling
- * that will prevent an attacking client from differentiating
- * different kinds of decrypted ClientKeyExchange bogosities.
- */
- if (debug != null && Debug.isOn("handshake")) {
- System.out.println("Error decrypting premaster secret:");
- e.printStackTrace(System.out);
- System.out.println("Generating random secret");
+ // polish the premaster secret
+ preMaster = polishPreMasterSecretKey(
+ currentVersion, maxVersion, preMaster, e);
+ }
+ }
+
+ /**
+ * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
+ * treating incorrectly formatted message blocks and/or mismatched
+ * version numbers in a manner indistinguishable from correctly
+ * formatted RSA blocks.
+ *
+ * RFC 5246 describes the approach as :
+ *
+ * 1. Generate a string R of 46 random bytes
+ *
+ * 2. Decrypt the message to recover the plaintext M
+ *
+ * 3. If the PKCS#1 padding is not correct, or the length of message
+ * M is not exactly 48 bytes:
+ * pre_master_secret = ClientHello.client_version || R
+ * else If ClientHello.client_version <= TLS 1.0, and version
+ * number check is explicitly disabled:
+ * pre_master_secret = M
+ * else:
+ * pre_master_secret = ClientHello.client_version || M[2..47]
+ *
+ * Note that although TLS 1.2 is not supported in this release, we still
+ * want to make use of the above approach to provide better protection.
+ */
+ private SecretKey polishPreMasterSecretKey(
+ ProtocolVersion currentVersion, ProtocolVersion clientHelloVersion,
+ SecretKey secretKey, Exception failoverException) {
+
+ if (failoverException == null && secretKey != null) {
+ // check the length
+ byte[] encoded = secretKey.getEncoded();
+ if (encoded == null) { // unable to get the encoded key
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "unable to get the plaintext of the premaster secret");
+ }
+
+ int keySize = KeyLength.getKeySize(secretKey);
+ if (keySize > 0 && keySize != 384) { // 384 = 48 * 8
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "incorrect length of premaster secret: " +
+ (keySize/8));
+ }
+
+ return generateDummySecret(currentVersion);
+ }
+
+ // The key size is exactly 48 bytes or not accessible.
+ //
+ // Conservatively, pass the checking to master secret
+ // calculation.
+ return secretKey;
+ } else if (encoded.length == 48) {
+ // check the version
+ if (clientHelloVersion.major == encoded[0] &&
+ clientHelloVersion.minor == encoded[1]) {
+
+ return secretKey;
+ } else if (clientHelloVersion.v <= ProtocolVersion.TLS10.v &&
+ currentVersion.major == encoded[0] &&
+ currentVersion.minor == encoded[1]) {
+ /*
+ * For compatibility, we maintain the behavior that the
+ * version in pre_master_secret can be the negotiated
+ * version for TLS v1.0 and SSL v3.0.
+ */
+ return secretKey;
+ }
+
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println("Mismatching Protocol Versions, " +
+ "ClientHello.client_version is " + clientHelloVersion +
+ ", while PreMasterSecret.client_version is " +
+ ProtocolVersion.valueOf(encoded[0], encoded[1]));
+ }
+ return generateDummySecret(currentVersion);
+ } else {
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "incorrect length of premaster secret: " +
+ encoded.length);
+ }
+ return generateDummySecret(currentVersion);
}
- preMaster = generateDummySecret(currentVersion);
}
+
+ if (debug != null && Debug.isOn("handshake") &&
+ failoverException != null) {
+ System.out.println("Error decrypting premaster secret:");
+ failoverException.printStackTrace(System.out);
+ }
+
+ return generateDummySecret(currentVersion);
}
// generate a premaster secret with the specified version number
static SecretKey generateDummySecret(ProtocolVersion version) {
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println("Generating a random fake premaster secret");
+ }
+
try {
KeyGenerator kg =
JsseJce.getKeyGenerator("SunTlsRsaPremasterSecret");
diff --git a/src/share/classes/sun/security/ssl/ServerHandshaker.java b/src/share/classes/sun/security/ssl/ServerHandshaker.java
--- jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java
+++ jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -190,8 +190,9 @@
* temporary one used for non-export or signing-only
* certificates/keys.
*/
- RSAClientKeyExchange pms = new RSAClientKeyExchange
- (protocolVersion, input, message_len, privateKey);
+ RSAClientKeyExchange pms = new RSAClientKeyExchange(
+ protocolVersion, clientRequestedVersion,
+ input, message_len, privateKey);
preMasterSecret = this.clientKeyExchange(pms);
break;
case K_KRB5:
diff --git a/src/share/classes/sun/security/util/KeyLength.java b/src/share/classes/sun/security/util/KeyLength.java
new file mode 100644
--- /dev/null
+++ jdk/src/share/classes/sun/security/util/KeyLength.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.security.Key;
+import java.security.PrivilegedAction;
+import java.security.AccessController;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.RSAKey;
+import java.security.interfaces.DSAKey;
+import javax.crypto.SecretKey;
+import javax.crypto.interfaces.DHKey;
+
+/**
+ * A utility class to get key length
+ */
+public final class KeyLength {
+
+ /**
+ * Returns the key size of the given key object in bits.
+ *
+ * @param key the key object, cannot be null
+ * @return the key size of the given key object in bits, or -1 if the
+ * key size is not accessible
+ */
+ final public static int getKeySize(Key key) {
+ int size = -1;
+
+ if (key instanceof Length) {
+ try {
+ Length ruler = (Length)key;
+ size = ruler.length();
+ } catch (UnsupportedOperationException usoe) {
+ // ignore the exception
+ }
+
+ if (size >= 0) {
+ return size;
+ }
+ }
+
+ // try to parse the length from key specification
+ if (key instanceof SecretKey) {
+ SecretKey sk = (SecretKey)key;
+ String format = sk.getFormat();
+ if ("RAW".equals(format) && sk.getEncoded() != null) {
+ size = (sk.getEncoded().length * 8);
+ } // Otherwise, it may be a unextractable key of PKCS#11, or
+ // a key we are not able to handle.
+ } else if (key instanceof RSAKey) {
+ RSAKey pubk = (RSAKey)key;
+ size = pubk.getModulus().bitLength();
+ } else if (key instanceof ECKey) {
+ ECKey pubk = (ECKey)key;
+ size = pubk.getParams().getOrder().bitLength();
+ } else if (key instanceof DSAKey) {
+ DSAKey pubk = (DSAKey)key;
+ size = pubk.getParams().getP().bitLength();
+ } else if (key instanceof DHKey) {
+ DHKey pubk = (DHKey)key;
+ size = pubk.getParams().getP().bitLength();
+ } // Otherwise, it may be a unextractable key of PKCS#11, or
+ // a key we are not able to handle.
+
+ return size;
+ }
+}
+
diff --git a/src/share/classes/sun/security/util/Length.java b/src/share/classes/sun/security/util/Length.java
new file mode 100644
--- /dev/null
+++ jdk/src/share/classes/sun/security/util/Length.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+/**
+ * The Length interface defines the length of an object
+ */
+public interface Length {
+
+ /**
+ * Gets the length of this object
+ * <p>
+ * Note that if a class of java.security.Key implements this interfaces,
+ * the length should be measured in bits.
+ *
+ * @return the length of this object
+ * @throws UnsupportedOperationException if the operation is not supported
+ */
+ public int length();
+}

39
java/openjdk6/files/icedtea/security/7189103.patch Normal file
View File

@ -0,0 +1,39 @@
# HG changeset patch
# User coffeys
# Date 1345121690 -3600
# Node ID b6a7a661db8a2141ebb2e79ba5739722d1be7bfd
# Parent a6294da5a21f609b67a0d4d216028dda9f56e689
7189103: Executors needs to maintain state
Reviewed-by: chegar
diff --git a/src/share/classes/java/util/concurrent/Executors.java b/src/share/classes/java/util/concurrent/Executors.java
--- jdk/src/share/classes/java/util/concurrent/Executors.java
+++ jdk/src/share/classes/java/util/concurrent/Executors.java
@@ -530,18 +530,17 @@
return AccessController.doPrivileged(
new PrivilegedExceptionAction<T>() {
public T run() throws Exception {
- ClassLoader savedcl = null;
Thread t = Thread.currentThread();
- try {
- ClassLoader cl = t.getContextClassLoader();
- if (ccl != cl) {
- t.setContextClassLoader(ccl);
- savedcl = cl;
+ ClassLoader cl = t.getContextClassLoader();
+ if (ccl == cl) {
+ return task.call();
+ } else {
+ t.setContextClassLoader(ccl);
+ try {
+ return task.call();
+ } finally {
+ t.setContextClassLoader(cl);
}
- return task.call();
- } finally {
- if (savedcl != null)
- t.setContextClassLoader(savedcl);
}
}
}, acc);

55
java/openjdk6/files/icedtea/security/7189490.patch Normal file
View File

@ -0,0 +1,55 @@
# HG changeset patch
# User coffeys
# Date 1345121553 -3600
# Node ID 7fe230af5036c83eb337b3560821b97c6dec08c9
# Parent b6a7a661db8a2141ebb2e79ba5739722d1be7bfd
7189490: More improvements to DomainCombiner checking
Reviewed-by: mullan
diff --git a/src/share/classes/java/security/AccessController.java b/src/share/classes/java/security/AccessController.java
--- jdk/src/share/classes/java/security/AccessController.java
+++ jdk/src/share/classes/java/security/AccessController.java
@@ -290,11 +290,11 @@
*/
public static <T> T doPrivilegedWithCombiner(PrivilegedAction<T> action) {
- DomainCombiner dc = null;
AccessControlContext acc = getStackAccessControlContext();
- if (acc == null || (dc = acc.getAssignedCombiner()) == null) {
- return AccessController.doPrivileged(action, acc);
+ if (acc == null) {
+ return AccessController.doPrivileged(action);
}
+ DomainCombiner dc = acc.getAssignedCombiner();
return AccessController.doPrivileged(action, preserveCombiner(dc));
}
@@ -386,11 +386,11 @@
public static <T> T doPrivilegedWithCombiner
(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
- DomainCombiner dc = null;
AccessControlContext acc = getStackAccessControlContext();
- if (acc == null || (dc = acc.getAssignedCombiner()) == null) {
- return AccessController.doPrivileged(action, acc);
+ if (acc == null) {
+ return AccessController.doPrivileged(action);
}
+ DomainCombiner dc = acc.getAssignedCombiner();
return AccessController.doPrivileged(action, preserveCombiner(dc));
}
@@ -417,7 +417,12 @@
// perform 'combine' on the caller of doPrivileged,
// even if the caller is from the bootclasspath
ProtectionDomain[] pds = new ProtectionDomain[] {callerPd};
- return new AccessControlContext(combiner.combine(pds, null), combiner);
+ if (combiner == null) {
+ return new AccessControlContext(pds);
+ } else {
+ return new AccessControlContext(combiner.combine(pds, null),
+ combiner);
+ }
}

95
java/openjdk6/files/icedtea/security/7189567.patch Normal file
View File

@ -0,0 +1,95 @@
# HG changeset patch
# User robm
# Date 1347900712 -3600
# Node ID aa1fa3f96d77541a3bafd767001f3100fe6b8a5a
# Parent 7fe230af5036c83eb337b3560821b97c6dec08c9
7189567: java net obselete protocol
Reviewed-by: chegar
diff --git a/src/share/classes/java/net/URL.java b/src/share/classes/java/net/URL.java
--- jdk/src/share/classes/java/net/URL.java
+++ jdk/src/share/classes/java/net/URL.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,8 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.StringTokenizer;
import sun.security.util.SecurityConstants;
@@ -1110,6 +1112,21 @@
static Hashtable handlers = new Hashtable();
private static Object streamHandlerLock = new Object();
+ // special case the gopher protocol, disabled by default
+ private static final String GOPHER = "gopher";
+ private static final String ENABLE_GOPHER_PROP = "jdk.net.registerGopherProtocol";
+ private static final boolean enableGopher = AccessController.doPrivileged(
+ new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ String prop = System.getProperty(ENABLE_GOPHER_PROP);
+ return prop == null ? false :
+ (prop.equalsIgnoreCase("false") ? false : true);
+ }
+ });
+
+ // package name of the JDK implementation protocol handlers
+ private static final String JDK_PACKAGE_PREFIX = "sun.net.www.protocol";
+
/**
* Returns the Stream Handler.
* @param protocol the protocol to use
@@ -1141,7 +1158,7 @@
// REMIND: decide whether to allow the "null" class prefix
// or not.
- packagePrefixList += "sun.net.www.protocol";
+ packagePrefixList += JDK_PACKAGE_PREFIX;
StringTokenizer packagePrefixIter =
new StringTokenizer(packagePrefixList, "|");
@@ -1151,6 +1168,15 @@
String packagePrefix =
packagePrefixIter.nextToken().trim();
+
+ // do not try to instantiate the JDK gopher handler
+ // unless the system property had been explicitly set
+ if (protocol.equalsIgnoreCase(GOPHER) &&
+ packagePrefix.equals(JDK_PACKAGE_PREFIX) &&
+ !enableGopher) {
+ continue;
+ }
+
try {
String clsName = packagePrefix + "." + protocol +
".Handler";
diff --git a/test/java/net/URL/Test.java b/test/java/net/URL/Test.java
--- jdk/test/java/net/URL/Test.java
+++ jdk/test/java/net/URL/Test.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -322,10 +322,6 @@
test("ftp://ftp.is.co.za/rfc/rfc1808.txt")
.s("ftp").h("ftp.is.co.za").p("/rfc/rfc1808.txt").z();
- test("gopher://spinaltap.micro.umn.edu/00/Weather/California/Los%20Angeles")
- .s("gopher").h("spinaltap.micro.umn.edu")
- .p("/00/Weather/California/Los%20Angeles").z();
-
test("http://www.math.uio.no/faq/compression-faq/part1.html")
.s("http").h("www.math.uio.no").p("/faq/compression-faq/part1.html").z();

35
java/openjdk6/files/icedtea/security/7192975.patch Normal file
View File

@ -0,0 +1,35 @@
# HG changeset patch
# User asaha
# Date 1349309813 25200
# Node ID d77bc9151c1dea1a4a396fb59d58ba7c8d77fd88
# Parent aa1fa3f96d77541a3bafd767001f3100fe6b8a5a
7192975: Conditional usage check is wrong
Reviewed-by: dsamersoff
Contributed-by: andreas.eriksson@oracle.com
diff --git a/src/share/classes/javax/management/modelmbean/DescriptorSupport.java b/src/share/classes/javax/management/modelmbean/DescriptorSupport.java
--- jdk/src/share/classes/javax/management/modelmbean/DescriptorSupport.java
+++ jdk/src/share/classes/javax/management/modelmbean/DescriptorSupport.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1239,13 +1239,12 @@
return s.substring(1, s.length() - 1);
}
final String className = s.substring(1, slash);
+
final Constructor<?> constr;
try {
+ ReflectUtil.checkPackageAccess(className);
final ClassLoader contextClassLoader =
Thread.currentThread().getContextClassLoader();
- if (contextClassLoader == null) {
- ReflectUtil.checkPackageAccess(className);
- }
final Class<?> c =
Class.forName(className, false, contextClassLoader);
constr = c.getConstructor(new Class[] {String.class});

29
java/openjdk6/files/icedtea/security/7195194.patch Normal file
View File

@ -0,0 +1,29 @@
# HG changeset patch
# User andrew
# Date 1349974205 -3600
# Node ID 6a383aef225ab7bb99b723bbb29786e29747a4f0
# Parent d77bc9151c1dea1a4a396fb59d58ba7c8d77fd88
7195194: Better data validation for Swing
Reviewed-by: art, ahgross
diff --git a/src/share/classes/javax/swing/text/DefaultFormatter.java b/src/share/classes/javax/swing/text/DefaultFormatter.java
--- jdk/src/share/classes/javax/swing/text/DefaultFormatter.java
+++ jdk/src/share/classes/javax/swing/text/DefaultFormatter.java
@@ -24,6 +24,8 @@
*/
package javax.swing.text;
+import sun.reflect.misc.ConstructorUtil;
+
import java.io.Serializable;
import java.lang.reflect.*;
import java.text.ParseException;
@@ -245,7 +247,7 @@
Constructor cons;
try {
- cons = vc.getConstructor(new Class[] { String.class });
+ cons = ConstructorUtil.getConstructor(vc, new Class[]{String.class});
} catch (NoSuchMethodException nsme) {
cons = null;

88
java/openjdk6/files/icedtea/security/7195917.patch Normal file
View File

@ -0,0 +1,88 @@
# HG changeset patch
# User malenkov
# Date 1348148080 -14400
# Node ID 074f132d65c91231ca989e4c757207e1cf25a476
# Parent 6a383aef225ab7bb99b723bbb29786e29747a4f0
7195917: XMLDecoder parsing at close-time should be improved
Reviewed-by: art, ahgross
diff --git a/src/share/classes/java/beans/XMLDecoder.java b/src/share/classes/java/beans/XMLDecoder.java
--- jdk/src/share/classes/java/beans/XMLDecoder.java
+++ jdk/src/share/classes/java/beans/XMLDecoder.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,10 @@
import java.lang.ref.Reference;
import java.lang.ref.WeakReference;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
import org.xml.sax.SAXException;
import javax.xml.parsers.SAXParserFactory;
@@ -66,6 +70,7 @@
* @author Philip Milne
*/
public class XMLDecoder {
+ private final AccessControlContext acc = AccessController.getContext();
private InputStream in;
private Object owner;
private ExceptionListener exceptionListener;
@@ -248,25 +253,33 @@
*/
private ObjectHandler getHandler() {
if ( handler == null ) {
- SAXParserFactory factory = SAXParserFactory.newInstance();
- try {
- SAXParser parser = factory.newSAXParser();
- handler = new ObjectHandler( this, getClassLoader() );
- parser.parse( in, handler );
+ if ((this.acc == null) && (null != System.getSecurityManager())) {
+ throw new SecurityException("AccessControlContext is not set");
}
- catch ( ParserConfigurationException e ) {
- getExceptionListener().exceptionThrown( e );
- }
- catch ( SAXException se ) {
- Exception e = se.getException();
- if ( e == null ) {
- e = se;
+ handler = AccessController.doPrivileged(new PrivilegedAction<ObjectHandler>() {
+ public ObjectHandler run() {
+ ObjectHandler handler = new ObjectHandler(XMLDecoder.this, getClassLoader());
+ SAXParserFactory factory = SAXParserFactory.newInstance();
+ try {
+ SAXParser parser = factory.newSAXParser();
+ parser.parse( in, handler );
+ }
+ catch ( ParserConfigurationException e ) {
+ getExceptionListener().exceptionThrown( e );
+ }
+ catch ( SAXException se ) {
+ Exception e = se.getException();
+ if ( e == null ) {
+ e = se;
+ }
+ getExceptionListener().exceptionThrown( e );
+ }
+ catch ( IOException ioe ) {
+ getExceptionListener().exceptionThrown( ioe );
+ }
+ return handler;
}
- getExceptionListener().exceptionThrown( e );
- }
- catch ( IOException ioe ) {
- getExceptionListener().exceptionThrown( ioe );
- }
+ }, this.acc);
}
return handler;
}

63
java/openjdk6/files/icedtea/security/7195919.patch Normal file
View File

@ -0,0 +1,63 @@
# HG changeset patch
# User dmeetry
# Date 1347313661 -14400
# Node ID 5352a40bb0ff7e8a6e826478d7687fff695d9805
# Parent 074f132d65c91231ca989e4c757207e1cf25a476
7195919: (sl) ServiceLoader can throw CCE without needing to create instance
Reviewed-by: smarks
diff --git a/src/share/classes/java/util/ServiceLoader.java b/src/share/classes/java/util/ServiceLoader.java
--- jdk/src/share/classes/java/util/ServiceLoader.java
+++ jdk/src/share/classes/java/util/ServiceLoader.java
@@ -358,14 +358,21 @@
}
String cn = nextName;
nextName = null;
+ Class<?> c = null;
try {
- S p = service.cast(Class.forName(cn, true, loader)
- .newInstance());
- providers.put(cn, p);
- return p;
+ c = Class.forName(cn, false, loader);
} catch (ClassNotFoundException x) {
fail(service,
"Provider " + cn + " not found");
+ }
+ if (!service.isAssignableFrom(c)) {
+ fail(service,
+ "Provider " + cn + " not a subtype");
+ }
+ try {
+ S p = service.cast(c.newInstance());
+ providers.put(cn, p);
+ return p;
} catch (Throwable x) {
fail(service,
"Provider " + cn + " could not be instantiated: " + x,
diff --git a/src/share/classes/sun/misc/Service.java b/src/share/classes/sun/misc/Service.java
--- jdk/src/share/classes/sun/misc/Service.java
+++ jdk/src/share/classes/sun/misc/Service.java
@@ -284,12 +284,20 @@
}
String cn = nextName;
nextName = null;
+ Class<?> c = null;
try {
- return Class.forName(cn, true, loader).newInstance();
+ c = Class.forName(cn, false, loader);
} catch (ClassNotFoundException x) {
fail(service,
"Provider " + cn + " not found");
- } catch (Exception x) {
+ }
+ if (!service.isAssignableFrom(c)) {
+ fail(service,
+ "Provider " + cn + " not a subtype");
+ }
+ try {
+ return service.cast(c.newInstance());
+ } catch (Throwable x) {
fail(service,
"Provider " + cn + " could not be instantiated: " + x,
x);

114
java/openjdk6/files/icedtea/security/7198296.patch Normal file
View File

@ -0,0 +1,114 @@
# HG changeset patch
# User asaha
# Date 1349309940 25200
# Node ID a66bba985c2c46743d6780879278092c0fa5cf2b
# Parent 5352a40bb0ff7e8a6e826478d7687fff695d9805
7198296: Refactor classloader usage
Reviewed-by: dsamersoff
Contributed-by: andreas.eriksson@oracle.com
diff --git a/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java b/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
--- jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
+++ jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
@@ -165,9 +165,17 @@
withPermissions( new MBeanPermission("*", "getClassLoaderRepository"),
new RuntimePermission("createClassLoader"))
);
-
- serverCommunicatorAdmin = new
- RMIServerCommunicatorAdmin(EnvHelp.getServerConnectionTimeout(env));
+ this.defaultContextClassLoader =
+ AccessController.doPrivileged(
+ new PrivilegedAction<ClassLoader>() {
+ @Override
+ public ClassLoader run() {
+ return new CombinedClassLoader(Thread.currentThread().getContextClassLoader(),
+ dcl);
+ }
+ });
+ serverCommunicatorAdmin = new
+ RMIServerCommunicatorAdmin(EnvHelp.getServerConnectionTimeout(env));
this.env = env;
}
@@ -529,7 +537,7 @@
"connectionId=" + connectionId
+" unwrapping query with defaultClassLoader.");
- queryValue = unwrap(query, defaultClassLoader, QueryExp.class);
+ queryValue = unwrap(query, defaultContextClassLoader, QueryExp.class);
try {
final Object params[] = new Object[] { name, queryValue };
@@ -563,7 +571,7 @@
"connectionId=" + connectionId
+" unwrapping query with defaultClassLoader.");
- queryValue = unwrap(query, defaultClassLoader, QueryExp.class);
+ queryValue = unwrap(query, defaultContextClassLoader, QueryExp.class);
try {
final Object params[] = new Object[] { name, queryValue };
@@ -1592,7 +1600,8 @@
ClassLoader orderCL = AccessController.doPrivileged(
new PrivilegedExceptionAction<ClassLoader>() {
public ClassLoader run() throws Exception {
- return new OrderClassLoaders(cl1, cl2);
+ return new CombinedClassLoader(Thread.currentThread().getContextClassLoader(),
+ new OrderClassLoaders(cl1, cl2));
}
}
);
@@ -1684,6 +1693,8 @@
private final ClassLoader defaultClassLoader;
+ private final ClassLoader defaultContextClassLoader;
+
private final ClassLoaderWithRepository classLoaderWithRepository;
private boolean terminated = false;
@@ -1768,4 +1779,43 @@
private static final ClassLogger logger =
new ClassLogger("javax.management.remote.rmi", "RMIConnectionImpl");
+
+ private static final class CombinedClassLoader extends ClassLoader {
+
+ private final static class ClassLoaderWrapper extends ClassLoader {
+ ClassLoaderWrapper(ClassLoader cl) {
+ super(cl);
+ }
+
+ @Override
+ protected Class<?> loadClass(String name, boolean resolve)
+ throws ClassNotFoundException {
+ return super.loadClass(name, resolve);
+ }
+ };
+
+ final ClassLoaderWrapper defaultCL;
+
+ private CombinedClassLoader(ClassLoader parent, ClassLoader defaultCL) {
+ super(parent);
+ this.defaultCL = new ClassLoaderWrapper(defaultCL);
+ }
+
+ @Override
+ protected Class<?> loadClass(String name, boolean resolve)
+ throws ClassNotFoundException {
+ try {
+ super.loadClass(name, resolve);
+ } catch(Exception e) {
+ for(Throwable t = e; t != null; t = t.getCause()) {
+ if(t instanceof SecurityException) {
+ throw t==e?(SecurityException)t:new SecurityException(t.getMessage(), e);
+ }
+ }
+ }
+ final Class<?> cl = defaultCL.loadClass(name, resolve);
+ return cl;
+ }
+
+ }
}

28
java/openjdk6/files/icedtea/security/7198606.patch Normal file
View File

@ -0,0 +1,28 @@
# HG changeset patch
# User andrew
# Date 1349974451 -3600
# Node ID 8319efc7c840d099832e06db7a50dcfb95bfd4aa
# Parent a148157cd348fe4c251063db7d3973a83cfcf483
7198606: Improve VM optimization
Reviewed-by: roland, twisti
diff --git a/src/share/vm/opto/loopTransform.cpp b/src/share/vm/opto/loopTransform.cpp
--- hotspot/src/share/vm/opto/loopTransform.cpp
+++ hotspot/src/share/vm/opto/loopTransform.cpp
@@ -2721,6 +2721,8 @@
result_mem = new (C, 1) ProjNode(call,TypeFunc::Memory);
_igvn.register_new_node_with_optimizer(result_mem);
+/* Disable following optimization until proper fix (add missing checks).
+
// If this fill is tightly coupled to an allocation and overwrites
// the whole body, allow it to take over the zeroing.
AllocateNode* alloc = AllocateNode::Ideal_allocation(base, this);
@@ -2744,6 +2746,7 @@
#endif
}
}
+*/
// Redirect the old control and memory edges that are outside the loop.
Node* exit = head->loopexit()->proj_out(0);

593
java/openjdk6/files/patch-set
View File

File diff suppressed because it is too large Load Diff