changeset in /hg/icedtea6: Move security patches to subdirectory.
Andrew John Hughes
ahughes at redhat.com
Tue Mar 24 07:17:29 PDT 2009
changeset e091113be80d in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=e091113be80d
description:
Move security patches to subdirectory.
2009-03-24 Andrew John Hughes <ahughes at redhat.com>
* patches/icedtea-6536193.patch,
* patches/icedtea-6610888.patch,
* patches/icedtea-6610896.patch,
* patches/icedtea-6630639.patch,
* patches/icedtea-6632886.patch,
* patches/icedtea-6636360.patch,
* patches/icedtea-6652463.patch,
* patches/icedtea-6656633.patch,
* patches/icedtea-6658158.patch,
* patches/icedtea-6691246.patch,
* patches/icedtea-6717680.patch,
* patches/icedtea-6721651.patch,
* patches/icedtea-6737315.patch,
* patches/icedtea-6792554.patch,
* patches/icedtea-6804996.patch,
* patches/icedtea-6804997.patch,
* patches/icedtea-6804998.patch: Moved...
* Makefile.am: Updated.
* patches/security/icedtea-6536193.patch,
* patches/security/icedtea-6610888.patch,
* patches/security/icedtea-6610896.patch,
* patches/security/icedtea-6630639.patch,
* patches/security/icedtea-6632886.patch,
* patches/security/icedtea-6636360.patch,
* patches/security/icedtea-6652463.patch,
* patches/security/icedtea-6656633.patch,
* patches/security/icedtea-6658158.patch,
* patches/security/icedtea-6691246.patch,
* patches/security/icedtea-6717680.patch,
* patches/security/icedtea-6721651.patch,
* patches/security/icedtea-6737315.patch,
* patches/security/icedtea-6792554.patch,
* patches/security/icedtea-6804996.patch,
* patches/security/icedtea-6804997.patch,
* patches/security/icedtea-6804998.patch:
to here.
diffstat:
36 files changed, 3393 insertions(+), 3354 deletions(-)
ChangeLog | 39 +
Makefile.am | 32 -
patches/icedtea-6536193.patch | 102 ----
patches/icedtea-6610888.patch | 58 --
patches/icedtea-6610896.patch | 189 -------
patches/icedtea-6630639.patch | 31 -
patches/icedtea-6632886.patch | 502 -------------------
patches/icedtea-6636360.patch | 34 -
patches/icedtea-6652463.patch | 28 -
patches/icedtea-6656633.patch | 51 --
patches/icedtea-6658158.patch | 815 --------------------------------
patches/icedtea-6691246.patch | 166 ------
patches/icedtea-6717680.patch | 27 -
patches/icedtea-6721651.patch | 735 ----------------------------
patches/icedtea-6737315.patch | 44 -
patches/icedtea-6792554.patch | 415 ----------------
patches/icedtea-6804996.patch | 75 --
patches/icedtea-6804997.patch | 31 -
patches/icedtea-6804998.patch | 35 -
patches/security/icedtea-6536193.patch | 102 ++++
patches/security/icedtea-6610888.patch | 58 ++
patches/security/icedtea-6610896.patch | 189 +++++++
patches/security/icedtea-6630639.patch | 31 +
patches/security/icedtea-6632886.patch | 502 +++++++++++++++++++
patches/security/icedtea-6636360.patch | 34 +
patches/security/icedtea-6652463.patch | 28 +
patches/security/icedtea-6656633.patch | 51 ++
patches/security/icedtea-6658158.patch | 815 ++++++++++++++++++++++++++++++++
patches/security/icedtea-6691246.patch | 166 ++++++
patches/security/icedtea-6717680.patch | 27 +
patches/security/icedtea-6721651.patch | 735 ++++++++++++++++++++++++++++
patches/security/icedtea-6737315.patch | 44 +
patches/security/icedtea-6792554.patch | 415 ++++++++++++++++
patches/security/icedtea-6804996.patch | 75 ++
patches/security/icedtea-6804997.patch | 31 +
patches/security/icedtea-6804998.patch | 35 +
diffs (truncated from 6900 to 500 lines):
diff -r 246837dabf32 -r e091113be80d ChangeLog
--- a/ChangeLog Tue Mar 24 07:54:27 2009 -0400
+++ b/ChangeLog Tue Mar 24 14:15:51 2009 +0000
@@ -1,3 +1,42 @@ 2009-03-24 Lillian Angel <langel at redhat
+2009-03-24 Andrew John Hughes <ahughes at redhat.com>
+
+ * patches/icedtea-6536193.patch,
+ * patches/icedtea-6610888.patch,
+ * patches/icedtea-6610896.patch,
+ * patches/icedtea-6630639.patch,
+ * patches/icedtea-6632886.patch,
+ * patches/icedtea-6636360.patch,
+ * patches/icedtea-6652463.patch,
+ * patches/icedtea-6656633.patch,
+ * patches/icedtea-6658158.patch,
+ * patches/icedtea-6691246.patch,
+ * patches/icedtea-6717680.patch,
+ * patches/icedtea-6721651.patch,
+ * patches/icedtea-6737315.patch,
+ * patches/icedtea-6792554.patch,
+ * patches/icedtea-6804996.patch,
+ * patches/icedtea-6804997.patch,
+ * patches/icedtea-6804998.patch: Moved...
+ * Makefile.am: Updated.
+ * patches/security/icedtea-6536193.patch,
+ * patches/security/icedtea-6610888.patch,
+ * patches/security/icedtea-6610896.patch,
+ * patches/security/icedtea-6630639.patch,
+ * patches/security/icedtea-6632886.patch,
+ * patches/security/icedtea-6636360.patch,
+ * patches/security/icedtea-6652463.patch,
+ * patches/security/icedtea-6656633.patch,
+ * patches/security/icedtea-6658158.patch,
+ * patches/security/icedtea-6691246.patch,
+ * patches/security/icedtea-6717680.patch,
+ * patches/security/icedtea-6721651.patch,
+ * patches/security/icedtea-6737315.patch,
+ * patches/security/icedtea-6792554.patch,
+ * patches/security/icedtea-6804996.patch,
+ * patches/security/icedtea-6804997.patch,
+ * patches/security/icedtea-6804998.patch:
+ to here.
+
2009-03-24 Lillian Angel <langel at redhat.com>
* Makefile.am
diff -r 246837dabf32 -r e091113be80d Makefile.am
--- a/Makefile.am Tue Mar 24 07:54:27 2009 -0400
+++ b/Makefile.am Tue Mar 24 14:15:51 2009 +0000
@@ -544,22 +544,22 @@ ICEDTEA_PATCHES = \
patches/icedtea-core-build.patch \
patches/icedtea-jvmtiEnv.patch \
patches/icedtea-lcms.patch \
- patches/icedtea-6536193.patch \
- patches/icedtea-6610888.patch \
- patches/icedtea-6610896.patch \
- patches/icedtea-6630639.patch \
- patches/icedtea-6632886.patch \
- patches/icedtea-6652463.patch \
- patches/icedtea-6656633.patch \
- patches/icedtea-6658158.patch \
- patches/icedtea-6691246.patch \
- patches/icedtea-6717680.patch \
- patches/icedtea-6721651.patch \
- patches/icedtea-6737315.patch \
- patches/icedtea-6792554.patch \
- patches/icedtea-6804996.patch \
- patches/icedtea-6804997.patch \
- patches/icedtea-6804998.patch
+ patches/security/icedtea-6536193.patch \
+ patches/security/icedtea-6610888.patch \
+ patches/security/icedtea-6610896.patch \
+ patches/security/icedtea-6630639.patch \
+ patches/security/icedtea-6632886.patch \
+ patches/security/icedtea-6652463.patch \
+ patches/security/icedtea-6656633.patch \
+ patches/security/icedtea-6658158.patch \
+ patches/security/icedtea-6691246.patch \
+ patches/security/icedtea-6717680.patch \
+ patches/security/icedtea-6721651.patch \
+ patches/security/icedtea-6737315.patch \
+ patches/security/icedtea-6792554.patch \
+ patches/security/icedtea-6804996.patch \
+ patches/security/icedtea-6804997.patch \
+ patches/security/icedtea-6804998.patch
if WITH_ALT_HSBUILD
ICEDTEA_PATCHES += \
diff -r 246837dabf32 -r e091113be80d patches/icedtea-6536193.patch
--- a/patches/icedtea-6536193.patch Tue Mar 24 07:54:27 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,102 +0,0 @@
---- old/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Tue Mar 3 11:34:51 2009
-+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Tue Mar 3 11:34:50 2009
-@@ -1,27 +1,3 @@
--/*
-- * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Sun designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Sun in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
-- * CA 95054 USA or visit www.sun.com if you need additional information or
-- * have any questions.
-- */
- package com.sun.xml.internal.bind.v2.runtime.output;
-
- import java.io.IOException;
-@@ -32,6 +8,7 @@
- import com.sun.xml.internal.bind.DatatypeConverterImpl;
- import com.sun.xml.internal.bind.v2.runtime.Name;
- import com.sun.xml.internal.bind.v2.runtime.XMLSerializer;
-+import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl;
-
- import org.xml.sax.SAXException;
-
-@@ -81,6 +58,11 @@
- protected boolean closeStartTagPending = false;
-
- /**
-+ * @see MarshallerImpl#header
-+ */
-+ private String header;
-+
-+ /**
- *
- * @param localNames
- * local names encoded in UTF-8.
-@@ -92,6 +74,10 @@
- prefixes[i] = new Encoded();
- }
-
-+ public void setHeader(String header) {
-+ this.header = header;
-+ }
-+
- @Override
- public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException {
- super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext);
-@@ -100,6 +86,10 @@
- if(!fragment) {
- write(XML_DECL);
- }
-+ if(header!=null) {
-+ textBuffer.set(header);
-+ textBuffer.write(this);
-+ }
- }
-
- public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException {
-@@ -383,11 +373,23 @@
- return buf;
- }
-
-- private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\"");
-- private static final byte[] XMLNS_COLON = toBytes(" xmlns:");
-- private static final byte[] EQUALS = toBytes("=\"");
-- private static final byte[] CLOSE_TAG = toBytes("</");
-- private static final byte[] EMPTY_TAG = toBytes("/>");
-+ // per instance copy to prevent an attack where malicious OutputStream
-+ // rewrites the byte array.
-+ private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone();
-+ private final byte[] XMLNS_COLON = _XMLNS_COLON.clone();
-+ private final byte[] EQUALS = _EQUALS.clone();
-+ private final byte[] CLOSE_TAG = _CLOSE_TAG.clone();
-+ private final byte[] EMPTY_TAG = _EMPTY_TAG.clone();
-+ private final byte[] XML_DECL = _XML_DECL.clone();
-+
-+ // masters
-+ private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\"");
-+ private static final byte[] _XMLNS_COLON = toBytes(" xmlns:");
-+ private static final byte[] _EQUALS = toBytes("=\"");
-+ private static final byte[] _CLOSE_TAG = toBytes("</");
-+ private static final byte[] _EMPTY_TAG = toBytes("/>");
-+ private static final byte[] _XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
-+
-+ // no need to copy
- private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
-- private static final byte[] XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
- }
diff -r 246837dabf32 -r e091113be80d patches/icedtea-6610888.patch
--- a/patches/icedtea-6610888.patch Tue Mar 24 07:54:27 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,58 +0,0 @@
---- old/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 17:21:12 2009
-+++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 17:21:11 2009
-@@ -37,6 +37,7 @@
- import java.security.AccessControlContext;
- import java.security.AccessController;
- import java.security.PrivilegedAction;
-+import java.security.ProtectionDomain;
- import java.util.List;
- import java.util.concurrent.CopyOnWriteArrayList;
- import java.util.concurrent.ExecutorService;
-@@ -170,7 +171,10 @@
- /**
- * AccessControlContext of the Monitor.start() caller.
- */
-- private AccessControlContext acc;
-+ private static final AccessControlContext noPermissionsACC =
-+ new AccessControlContext(
-+ new ProtectionDomain[] {new ProtectionDomain(null, null)});
-+ private volatile AccessControlContext acc = noPermissionsACC;
-
- /**
- * Scheduler Service.
-@@ -755,7 +759,7 @@
-
- // Reset the AccessControlContext.
- //
-- acc = null;
-+ acc = noPermissionsACC;
-
- // Reset the complex type attribute information
- // such that it is recalculated again.
-@@ -1555,10 +1559,12 @@
-
- public void run() {
- final ScheduledFuture<?> sf;
-+ final AccessControlContext ac;
- synchronized (Monitor.this) {
- sf = Monitor.this.schedulerFuture;
-+ ac = Monitor.this.acc;
- }
-- AccessController.doPrivileged(new PrivilegedAction<Void>() {
-+ PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
- public Void run() {
- if (Monitor.this.isActive()) {
- final int an[] = alreadyNotifieds;
-@@ -1571,7 +1577,11 @@
- }
- return null;
- }
-- }, Monitor.this.acc);
-+ };
-+ if (ac == null) {
-+ throw new SecurityException("AccessControlContext cannot be null");
-+ }
-+ AccessController.doPrivileged(action, ac);
- synchronized (Monitor.this) {
- if (Monitor.this.isActive() &&
- Monitor.this.schedulerFuture == sf) {
diff -r 246837dabf32 -r e091113be80d patches/icedtea-6610896.patch
--- a/patches/icedtea-6610896.patch Tue Mar 24 07:54:27 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,189 +0,0 @@
---- old/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 16:53:02 2009
-+++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 16:53:01 2009
-@@ -38,8 +38,9 @@
- import java.security.AccessController;
- import java.security.PrivilegedAction;
- import java.util.List;
-+import java.util.Map;
-+import java.util.WeakHashMap;
- import java.util.concurrent.CopyOnWriteArrayList;
--import java.util.concurrent.ExecutorService;
- import java.util.concurrent.Executors;
- import java.util.concurrent.Future;
- import java.util.concurrent.LinkedBlockingQueue;
-@@ -180,14 +181,20 @@
- new DaemonThreadFactory("Scheduler"));
-
- /**
-- * Maximum Pool Size
-+ * Map containing the thread pool executor per thread group.
- */
-- private static final int maximumPoolSize;
-+ private static final Map<ThreadPoolExecutor, Void> executors =
-+ new WeakHashMap<ThreadPoolExecutor, Void>();
-
- /**
-- * Executor Service.
-+ * Lock for executors map.
- */
-- private static final ExecutorService executor;
-+ private static final Object executorsLock = new Object();
-+
-+ /**
-+ * Maximum Pool Size
-+ */
-+ private static final int maximumPoolSize;
- static {
- final String maximumPoolSizeSysProp = "jmx.x.monitor.maximum.pool.size";
- final String maximumPoolSizeStr = AccessController.doPrivileged(
-@@ -217,22 +224,9 @@
- maximumPoolSize = maximumPoolSizeTmp;
- }
- }
-- executor = new ThreadPoolExecutor(
-- maximumPoolSize,
-- maximumPoolSize,
-- 60L,
-- TimeUnit.SECONDS,
-- new LinkedBlockingQueue<Runnable>(),
-- new DaemonThreadFactory("Executor"));
-- ((ThreadPoolExecutor)executor).allowCoreThreadTimeOut(true);
- }
-
- /**
-- * Monitor task to be executed by the Executor Service.
-- */
-- private final MonitorTask monitorTask = new MonitorTask();
--
-- /**
- * Future associated to the current monitor task.
- */
- private Future<?> monitorFuture;
-@@ -240,7 +234,7 @@
- /**
- * Scheduler task to be executed by the Scheduler Service.
- */
-- private final SchedulerTask schedulerTask = new SchedulerTask(monitorTask);
-+ private final SchedulerTask schedulerTask = new SchedulerTask();
-
- /**
- * ScheduledFuture associated to the current scheduler task.
-@@ -726,6 +720,7 @@
- // Start the scheduler.
- //
- cleanupFutures();
-+ schedulerTask.setMonitorTask(new MonitorTask());
- schedulerFuture = scheduler.schedule(schedulerTask,
- getGranularityPeriod(),
- TimeUnit.MILLISECONDS);
-@@ -1505,7 +1500,7 @@
- */
- private class SchedulerTask implements Runnable {
-
-- private Runnable task = null;
-+ private MonitorTask task;
-
- /*
- * ------------------------------------------
-@@ -1513,7 +1508,16 @@
- * ------------------------------------------
- */
-
-- public SchedulerTask(Runnable task) {
-+ public SchedulerTask() {
-+ }
-+
-+ /*
-+ * ------------------------------------------
-+ * GETTERS/SETTERS
-+ * ------------------------------------------
-+ */
-+
-+ public void setMonitorTask(MonitorTask task) {
- this.task = task;
- }
-
-@@ -1525,7 +1529,7 @@
-
- public void run() {
- synchronized (Monitor.this) {
-- Monitor.this.monitorFuture = executor.submit(task);
-+ Monitor.this.monitorFuture = task.submit();
- }
- }
- }
-@@ -1538,6 +1542,8 @@
- */
- private class MonitorTask implements Runnable {
-
-+ private ThreadPoolExecutor executor;
-+
- /*
- * ------------------------------------------
- * CONSTRUCTORS
-@@ -1545,6 +1551,38 @@
- */
-
- public MonitorTask() {
-+ // Find out if there's already an existing executor for the calling
-+ // thread and reuse it. Otherwise, create a new one and store it in
-+ // the executors map. If there is a SecurityManager, the group of
-+ // System.getSecurityManager() is used, else the group of the thread
-+ // instantiating this MonitorTask, i.e. the group of the thread that
-+ // calls "Monitor.start()".
-+ SecurityManager s = System.getSecurityManager();
-+ ThreadGroup group = (s != null) ? s.getThreadGroup() :
-+ Thread.currentThread().getThreadGroup();
-+ synchronized (executorsLock) {
-+ for (ThreadPoolExecutor e : executors.keySet()) {
-+ DaemonThreadFactory tf =
-+ (DaemonThreadFactory) e.getThreadFactory();
-+ ThreadGroup tg = tf.getThreadGroup();
-+ if (tg == group) {
-+ executor = e;
-+ break;
-+ }
-+ }
-+ if (executor == null) {
-+ executor = new ThreadPoolExecutor(
-+ maximumPoolSize,
-+ maximumPoolSize,
-+ 60L,
-+ TimeUnit.SECONDS,
-+ new LinkedBlockingQueue<Runnable>(),
-+ new DaemonThreadFactory("ThreadGroup<" +
-+ group.getName() + "> Executor", group));
-+ executor.allowCoreThreadTimeOut(true);
-+ executors.put(executor, null);
-+ }
-+ }
- }
-
- /*
-@@ -1553,6 +1591,10 @@
- * ------------------------------------------
- */
-
-+ public Future<?> submit() {
-+ return executor.submit(this);
-+ }
-+
- public void run() {
- final ScheduledFuture<?> sf;
- synchronized (Monitor.this) {
-@@ -1611,6 +1653,15 @@
- namePrefix = "JMX Monitor " + poolName + " Pool [Thread-";
- }
-
-+ public DaemonThreadFactory(String poolName, ThreadGroup threadGroup) {
-+ group = threadGroup;
-+ namePrefix = "JMX Monitor " + poolName + " Pool [Thread-";
-+ }
-+
-+ public ThreadGroup getThreadGroup() {
-+ return group;
-+ }
-+
- public Thread newThread(Runnable r) {
- Thread t = new Thread(group,
- r,
diff -r 246837dabf32 -r e091113be80d patches/icedtea-6630639.patch
--- a/patches/icedtea-6630639.patch Tue Mar 24 07:54:27 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,31 +0,0 @@
---- old/src/share/classes/sun/net/httpserver/Request.java Wed Mar 4 03:29:39 2009
-+++ openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java Wed Mar 4 03:29:39 2009
-@@ -52,6 +52,9 @@
- os = rawout;
- do {
- startLine = readLine();
-+ if (startLine == null) {
-+ return;
-+ }
- /* skip blank lines */
- } while (startLine.equals (""));
- }
---- old/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Mar 4 03:29:41 2009
-+++ openjdk/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Mar 4 03:29:41 2009
-@@ -437,6 +437,7 @@
- rawin = sslStreams.getInputStream();
- rawout = sslStreams.getOutputStream();
- engine = sslStreams.getSSLEngine();
-+ connection.sslStreams = sslStreams;
- } else {
- rawin = new BufferedInputStream(
- new Request.ReadStream (
-@@ -446,6 +447,8 @@
- ServerImpl.this, chan
- );
- }
-+ connection.raw = rawin;
-+ connection.rawout = rawout;
- }
- Request req = new Request (rawin, rawout);
- requestLine = req.requestLine();
diff -r 246837dabf32 -r e091113be80d patches/icedtea-6632886.patch
--- a/patches/icedtea-6632886.patch Tue Mar 24 07:54:27 2009 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,502 +0,0 @@
---- old/src/share/classes/java/awt/Font.java Tue Mar 3 14:12:23 2009
-+++ openjdk/jdk/src/share/classes/java/awt/Font.java Tue Mar 3 14:12:23 2009
-@@ -37,6 +37,8 @@
- import java.awt.peer.FontPeer;
- import java.io.*;
- import java.lang.ref.SoftReference;
-+import java.security.AccessController;
-+import java.security.PrivilegedExceptionAction;
- import java.text.AttributedCharacterIterator.Attribute;
- import java.text.CharacterIterator;
- import java.text.StringCharacterIterator;
-@@ -51,6 +53,7 @@
More information about the distro-pkg-dev
mailing list