/hg/icedtea: 4 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Jun 1 04:59:37 PDT 2010
changeset 52e42458b501 in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=52e42458b501
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Feb 24 16:59:24 2010 -0500
Fix security permissions related to get/set property, based on
specifications
* plugin/icedteanp/java/sun/applet/PluginMain.java: Add some
javaplugin.* properties that some applets expect.
* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
Implement allowed property get/set based on specifications.
changeset 7f7959c2cfa5 in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=7f7959c2cfa5
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 24 23:30:18 2010 +0000
Ensure THANKYOU is distributed in the tarball. Remove duplicate
AUTHORS file.
2010-02-24 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add THANKYOU to EXTRA_DIST.
* pulseaudio/AUTHORS: Removed; duplicates top-level file.
changeset 83a0a5889a52 in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=83a0a5889a52
author: Xerxes R?nby <xerxes at zafena.se>
date: Fri Feb 26 15:53:18 2010 +0100
Undefine Shark debug code for NDEBUG builds
2010-02-26 Xerxes R?nby <xerxes at zafena.se>
* ports/hotspot/src/share/vm/shark/sharkCompiler.cpp
(SharkCompiler::generate_native_code): Undefine debug code for
NDEBUG builds
changeset 76f02702e374 in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=76f02702e374
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Jun 01 12:59:18 2010 +0100
Update langtools changeset/checksum to include genstubs classpath
fix.
2010-06-01 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Update langtools changeset ID and
sha256 sum to bring in fix to no-fork genstubs classpath:
http://hg.openjdk.java.net/icedtea/jdk7/langtools/rev/681f1f51926f
diffstat:
6 files changed, 114 insertions(+), 19 deletions(-)
ChangeLog | 27 +++
Makefile.am | 7
netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java | 88 ++++++++++--
plugin/icedteanp/java/sun/applet/PluginMain.java | 4
ports/hotspot/src/share/vm/shark/sharkCompiler.cpp | 2
pulseaudio/AUTHORS | 5
diffs (228 lines):
diff -r 0b38b757f001 -r 76f02702e374 ChangeLog
--- a/ChangeLog Fri May 28 17:48:11 2010 +0100
+++ b/ChangeLog Tue Jun 01 12:59:18 2010 +0100
@@ -1,3 +1,30 @@ 2010-05-28 Andrew John Hughes <ahughes@
+2010-06-01 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Update langtools
+ changeset ID and sha256 sum to bring in
+ fix to no-fork genstubs classpath:
+ http://hg.openjdk.java.net/icedtea/jdk7/langtools/rev/681f1f51926f
+
+2010-02-26 Xerxes RÃ¥nby <xerxes at zafena.se>
+
+ * ports/hotspot/src/share/vm/shark/sharkCompiler.cpp
+ (SharkCompiler::generate_native_code): Undefine debug code for
+ NDEBUG builds
+
+2010-02-24 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add THANKYOU to
+ EXTRA_DIST.
+ * pulseaudio/AUTHORS: Removed; duplicates
+ top-level file.
+
+2010-02-24 Deepak Bhole <dbhole at redhat.com>
+
+ * plugin/icedteanp/java/sun/applet/PluginMain.java: Add some javaplugin.*
+ properties that some applets expect.
+ * rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: Implement
+ allowed property get/set based on specifications.
+
2010-05-28 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am:
diff -r 0b38b757f001 -r 76f02702e374 Makefile.am
--- a/Makefile.am Fri May 28 17:48:11 2010 +0100
+++ b/Makefile.am Tue Jun 01 12:59:18 2010 +0100
@@ -7,7 +7,7 @@ JAXP_CHANGESET = 826bafcb6c4a
JAXP_CHANGESET = 826bafcb6c4a
JAXWS_CHANGESET = 1661166c82dc
JDK_CHANGESET = 3d1a836736bf
-LANGTOOLS_CHANGESET = a0499f48ec96
+LANGTOOLS_CHANGESET = 681f1f51926f
OPENJDK_CHANGESET = 195fcceefddc
CORBA_SHA256SUM = 870e2eac993a4eef48197ed7309cab176b56a994add1de215a026599052627cb
@@ -15,7 +15,7 @@ JAXP_SHA256SUM = 42d004e51a1f01d146ad230
JAXP_SHA256SUM = 42d004e51a1f01d146ad230ce48996ddf8da3719fe571a41653f431d6b2e8a7b
JAXWS_SHA256SUM = 4523909cd46fd61b5c6670bf932099d5899236a37a4058e7b2bcb855e503a0e4
JDK_SHA256SUM = 637372a089a1d50dc85d098e8b897d01e001730dd0ed94a6d347243272dedeeb
-LANGTOOLS_SHA256SUM = 96f6be5d89195353f55ef775e0dec9bd9a5da7f869aba6ed428e4a2cac806991
+LANGTOOLS_SHA256SUM = 5ff6f2a6d15403ed8d948a07204904f6ce60e363bd0516e22f1cae830aba84f8
OPENJDK_SHA256SUM = 93c536e6bc4e962050a00321e88e694fc4e0000e2ad887b8de22830bfda2649f
CACAO_VERSION = 0.99.4
@@ -736,7 +736,8 @@ EXTRA_DIST = $(GENERATED_FILES) $(top_sr
scripts/jni_create_stap.c \
scripts/jni_desc \
rewriter/agpl-3.0.txt \
- $(REWRITER_SRCS)
+ $(REWRITER_SRCS) \
+ THANKYOU
# Top-Level Targets
# =================
diff -r 0b38b757f001 -r 76f02702e374 netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Fri May 28 17:48:11 2010 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Tue Jun 01 12:59:18 2010 +0100
@@ -27,6 +27,7 @@ import java.security.AccessController;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
+import java.util.PropertyPermission;
import javax.swing.JWindow;
@@ -288,7 +289,7 @@ class JNLPSecurityManager extends Securi
//Change this SocketPermission's action to connect and accept
//(and resolve). This is to avoid asking for connect permission
//on every address resolve.
- Permission tmpPerm;
+ Permission tmpPerm = null;
if (perm instanceof SocketPermission) {
tmpPerm = new SocketPermission(perm.getName(),
SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
@@ -332,16 +333,81 @@ class JNLPSecurityManager extends Securi
}
}
- } else
- tmpPerm = perm;
-
- //askPermission will only prompt the user on SocketPermission
- //meaning we're denying all other SecurityExceptions that may arise.
- if (askPermission(tmpPerm)) {
- addPermission(tmpPerm);
- //return quietly.
+ } else if (perm instanceof PropertyPermission) {
+
+ if (JNLPRuntime.isDebug())
+ System.err.println("Requesting property: " + perm.toString());
+
+ // We go by the rules here:
+ // http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/properties.html
+
+ // Since this is security sensitive, take a conservative approach:
+ // Allow only what is specifically allowed, and deny everything else
+
+ // First, allow what everyone is allowed to read
+ if (perm.getActions().equals("read")) {
+ if ( perm.getName().equals("java.class.version") ||
+ perm.getName().equals("java.vendor") ||
+ perm.getName().equals("java.vendor.url") ||
+ perm.getName().equals("java.version") ||
+ perm.getName().equals("os.name") ||
+ perm.getName().equals("os.arch") ||
+ perm.getName().equals("os.version") ||
+ perm.getName().equals("file.separator") ||
+ perm.getName().equals("path.separator") ||
+ perm.getName().equals("line.separator") ||
+ perm.getName().startsWith("javaplugin.")
+ ) {
+ return;
+ }
+ }
+
+ // Next, allow what only JNLP apps can do
+ if (getApplication().getJNLPFile().isApplication()) {
+ if ( perm.getName().equals("awt.useSystemAAFontSettings") ||
+ perm.getName().equals("http.agent") ||
+ perm.getName().equals("http.keepAlive") ||
+ perm.getName().equals("java.awt.syncLWRequests") ||
+ perm.getName().equals("java.awt.Window.locationByPlatform") ||
+ perm.getName().equals("javaws.cfg.jauthenticator") ||
+ perm.getName().equals("javax.swing.defaultlf") ||
+ perm.getName().equals("sun.awt.noerasebackground") ||
+ perm.getName().equals("sun.awt.erasebackgroundonresize") ||
+ perm.getName().equals("sun.java2d.d3d") ||
+ perm.getName().equals("sun.java2d.dpiaware") ||
+ perm.getName().equals("sun.java2d.noddraw") ||
+ perm.getName().equals("sun.java2d.opengl") ||
+ perm.getName().equals("swing.boldMetal") ||
+ perm.getName().equals("swing.metalTheme") ||
+ perm.getName().equals("swing.noxp") ||
+ perm.getName().equals("swing.useSystemFontSettings")
+ ) {
+ return; // JNLP apps can read and write to these
+ }
+ }
+
+ // Next, allow access to customizable properties
+ if (perm.getName().startsWith("jnlp.") ||
+ perm.getName().startsWith("javaws.")) {
+ return;
+ }
+
+ // Everything else is denied
+ throw se;
+
} else {
- throw se;
+ tmpPerm = perm;
+ }
+
+ if (tmpPerm != null) {
+ //askPermission will only prompt the user on SocketPermission
+ //meaning we're denying all other SecurityExceptions that may arise.
+ if (askPermission(tmpPerm)) {
+ addPermission(tmpPerm);
+ //return quietly.
+ } else {
+ throw se;
+ }
}
}
}
@@ -352,7 +418,7 @@ class JNLPSecurityManager extends Securi
throw ex;
}
}
-
+
/**
* Asks the user whether or not to grant permission.
* @param perm the permission to be granted
diff -r 0b38b757f001 -r 76f02702e374 plugin/icedteanp/java/sun/applet/PluginMain.java
--- a/plugin/icedteanp/java/sun/applet/PluginMain.java Fri May 28 17:48:11 2010 +0100
+++ b/plugin/icedteanp/java/sun/applet/PluginMain.java Tue Jun 01 12:59:18 2010 +0100
@@ -189,6 +189,10 @@ public class PluginMain
avProps.put("file.separator.applet", "true");
avProps.put("path.separator.applet", "true");
avProps.put("line.separator.applet", "true");
+
+ avProps.put("javaplugin.nodotversion", "160_17");
+ avProps.put("javaplugin.version", "1.6.0_17");
+ avProps.put("javaplugin.vm.options", "");
// Read in the System properties. If something is going to be
// over-written, warn about it.
diff -r 0b38b757f001 -r 76f02702e374 ports/hotspot/src/share/vm/shark/sharkCompiler.cpp
--- a/ports/hotspot/src/share/vm/shark/sharkCompiler.cpp Fri May 28 17:48:11 2010 +0100
+++ b/ports/hotspot/src/share/vm/shark/sharkCompiler.cpp Tue Jun 01 12:59:18 2010 +0100
@@ -250,6 +250,7 @@ void SharkCompiler::generate_native_code
if (SharkPrintAsmOf != NULL) {
#if SHARK_LLVM_VERSION >= 27
+#ifndef NDEBUG
if (!fnmatch(SharkPrintAsmOf, name, 0)) {
llvm::SetCurrentDebugType(X86_ONLY("x86-emitter") NOT_X86("jit"));
llvm::DebugFlag = true;
@@ -258,6 +259,7 @@ void SharkCompiler::generate_native_code
llvm::SetCurrentDebugType("");
llvm::DebugFlag = false;
}
+#endif
#else
// NB you need to patch LLVM with http://tinyurl.com/yf3baln for this
std::vector<const char*> args;
diff -r 0b38b757f001 -r 76f02702e374 pulseaudio/AUTHORS
--- a/pulseaudio/AUTHORS Fri May 28 17:48:11 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-Authors
-
-Ioana Iivan (iivan at redhat.com)
-
-Omair Majid (omajid at redhat.com)
\ No newline at end of file
More information about the distro-pkg-dev
mailing list