/hg/release/icedtea6-1.8: Add new security updates.
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Mar 30 15:20:42 PDT 2010
changeset 6ffc7f201041 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=6ffc7f201041
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Mar 30 23:19:58 2010 +0100
Add new security updates.
2009-03-30 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add new security patches.
* NEWS: List new security patches.
* patches/security/20100330/6626217.patch,
* patches/security/20100330/6633872.patch,
* patches/security/20100330/6639665.patch,
* patches/security/20100330/6736390.patch,
* patches/security/20100330/6745393.patch,
* patches/security/20100330/6887703.patch,
* patches/security/20100330/6888149.patch,
* patches/security/20100330/6892265.patch,
* patches/security/20100330/6893947.patch,
* patches/security/20100330/6893954.patch,
* patches/security/20100330/6898622.patch,
* patches/security/20100330/6898739.patch,
* patches/security/20100330/6899653.patch,
* patches/security/20100330/6902299.patch,
* patches/security/20100330/6904691.patch,
* patches/security/20100330/6909597.patch,
* patches/security/20100330/6910590.patch,
* patches/security/20100330/6914823.patch,
* patches/security/20100330/6914866.patch,
* patches/security/20100330/6932480.patch,
* patches/security/20100330/hotspot/hs16/6894807.patch,
* patches/security/20100330/hotspot/original/6894807.patch:
New security and hardening patches
http://www.oracle.com/technology/deploy/security/critical-patch-
updates/javacpumar2010.html
diffstat:
25 files changed, 3649 insertions(+), 1 deletion(-)
ChangeLog | 29
Makefile.am | 23
NEWS | 22
patches/security/20100330/6626217.patch | 180 ++
patches/security/20100330/6633872.patch | 443 +++++
patches/security/20100330/6639665.patch | 51
patches/security/20100330/6736390.patch | 18
patches/security/20100330/6745393.patch | 1233 ++++++++++++++
patches/security/20100330/6887703.patch | 28
patches/security/20100330/6888149.patch | 33
patches/security/20100330/6892265.patch | 35
patches/security/20100330/6893947.patch | 86
patches/security/20100330/6893954.patch | 248 ++
patches/security/20100330/6898622.patch | 20
patches/security/20100330/6898739.patch | 437 ++++
patches/security/20100330/6899653.patch | 27
patches/security/20100330/6902299.patch | 104 +
patches/security/20100330/6904691.patch | 166 +
patches/security/20100330/6909597.patch | 74
patches/security/20100330/6910590.patch | 10
patches/security/20100330/6914823.patch | 80
patches/security/20100330/6914866.patch | 118 +
patches/security/20100330/6932480.patch | 43
patches/security/20100330/hotspot/hs16/6894807.patch | 115 +
patches/security/20100330/hotspot/original/6894807.patch | 27
diffs (truncated from 3765 to 500 lines):
diff -r c65048b3e9d7 -r 6ffc7f201041 ChangeLog
--- a/ChangeLog Thu Mar 25 15:14:34 2010 +0100
+++ b/ChangeLog Tue Mar 30 23:19:58 2010 +0100
@@ -1,3 +1,32 @@ 2010-03-25 Matthias Klose <doko at ubuntu
+2009-03-30 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add new security patches.
+ * NEWS: List new security patches.
+ * patches/security/20100330/6626217.patch,
+ * patches/security/20100330/6633872.patch,
+ * patches/security/20100330/6639665.patch,
+ * patches/security/20100330/6736390.patch,
+ * patches/security/20100330/6745393.patch,
+ * patches/security/20100330/6887703.patch,
+ * patches/security/20100330/6888149.patch,
+ * patches/security/20100330/6892265.patch,
+ * patches/security/20100330/6893947.patch,
+ * patches/security/20100330/6893954.patch,
+ * patches/security/20100330/6898622.patch,
+ * patches/security/20100330/6898739.patch,
+ * patches/security/20100330/6899653.patch,
+ * patches/security/20100330/6902299.patch,
+ * patches/security/20100330/6904691.patch,
+ * patches/security/20100330/6909597.patch,
+ * patches/security/20100330/6910590.patch,
+ * patches/security/20100330/6914823.patch,
+ * patches/security/20100330/6914866.patch,
+ * patches/security/20100330/6932480.patch,
+ * patches/security/20100330/hotspot/hs16/6894807.patch,
+ * patches/security/20100330/hotspot/original/6894807.patch:
+ New security and hardening patches
+ http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
+
2010-03-25 Matthias Klose <doko at ubuntu.com>
* configure.ac: Bump version to 1.8.
diff -r c65048b3e9d7 -r 6ffc7f201041 Makefile.am
--- a/Makefile.am Thu Mar 25 15:14:34 2010 +0100
+++ b/Makefile.am Tue Mar 30 23:19:58 2010 +0100
@@ -299,7 +299,28 @@ ICEDTEA_PATCHES = \
patches/extensions/netx.patch \
patches/extensions/netx-dist.patch \
patches/extensions/netx-umask.patch \
- patches/icedtea-jtreg-httpTest.patch
+ patches/icedtea-jtreg-httpTest.patch \
+ patches/security/20100330/6626217.patch \
+ patches/security/20100330/6633872.patch \
+ patches/security/20100330/6639665.patch \
+ patches/security/20100330/6736390.patch \
+ patches/security/20100330/6745393.patch \
+ patches/security/20100330/6887703.patch \
+ patches/security/20100330/6888149.patch \
+ patches/security/20100330/6892265.patch \
+ patches/security/20100330/6893947.patch \
+ patches/security/20100330/6893954.patch \
+ patches/security/20100330/hotspot/$(HSBUILD)/6894807.patch \
+ patches/security/20100330/6898622.patch \
+ patches/security/20100330/6898739.patch \
+ patches/security/20100330/6899653.patch \
+ patches/security/20100330/6902299.patch \
+ patches/security/20100330/6904691.patch \
+ patches/security/20100330/6909597.patch \
+ patches/security/20100330/6910590.patch \
+ patches/security/20100330/6914823.patch \
+ patches/security/20100330/6914866.patch \
+ patches/security/20100330/6932480.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
diff -r c65048b3e9d7 -r 6ffc7f201041 NEWS
--- a/NEWS Thu Mar 25 15:14:34 2010 +0100
+++ b/NEWS Tue Mar 30 23:19:58 2010 +0100
@@ -7,6 +7,28 @@ New in release 1.8 (2010-XX-XX):
- Addition of security updates applied in IcedTea6 1.6.2.
- Many bug fixes:
http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html
+- Latest security updates and hardening patches:
+ - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299)
+ - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
+ - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
+ - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)
+ - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
+ - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)
+ - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)
+ - (CVE-2010-0088): Inflater/Deflater clone issues (6745393)
+ - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
+ - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
+ - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
+ - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
+ - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
+ - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
+ - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)
+ - (CVE-2009-3555): TLS: MITM attacks via session renegotiation
+ - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
+ - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
+ - 6910590: Application can modify command array in ProcessBuilder
+ - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability
+ - 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
- Old plugin removed; NPPlugin is now the default and is controlled by
--enable/disable-plugin. As with the old plugin, it produces a
IcedTeaPlugin.so library rather than IcedTeaNPPlugin.so.
diff -r c65048b3e9d7 -r 6ffc7f201041 patches/security/20100330/6626217.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20100330/6626217.patch Tue Mar 30 23:19:58 2010 +0100
@@ -0,0 +1,180 @@
+# HG changeset patch
+# User acorn
+# Date 1261523209 18000
+# Node ID 209a7a8a8f966dc4d6b45333cf4f3fa6648a6ecb
+# Parent 75e095764f403b7425e30711b00cc038554a1ae9
+6626217: Fixed loader constraint array handling
+Summary: Loader constraints track array elements, not arrays themselves.
+Reviewed-by: dcubed, kevinw
+
+diff --git openjdk.orig/hotspot/src/share/vm/ci/ciEnv.cpp openjdk/hotspot/src/share/vm/ci/ciEnv.cpp
+--- openjdk.orig/hotspot/src/share/vm/ci/ciEnv.cpp
++++ openjdk/hotspot/src/share/vm/ci/ciEnv.cpp
+@@ -348,30 +348,6 @@ ciKlass* ciEnv::get_klass_by_name_impl(c
+ if (found_klass != NULL) {
+ // Found it. Build a CI handle.
+ return get_object(found_klass)->as_klass();
+- }
+-
+- // If we fail to find an array klass, look again for its element type.
+- // The element type may be available either locally or via constraints.
+- // In either case, if we can find the element type in the system dictionary,
+- // we must build an array type around it. The CI requires array klasses
+- // to be loaded if their element klasses are loaded, except when memory
+- // is exhausted.
+- if (sym->byte_at(0) == '[' &&
+- (sym->byte_at(1) == '[' || sym->byte_at(1) == 'L')) {
+- // We have an unloaded array.
+- // Build it on the fly if the element class exists.
+- symbolOop elem_sym = oopFactory::new_symbol(sym->as_utf8()+1,
+- sym->utf8_length()-1,
+- KILL_COMPILE_ON_FATAL_(fail_type));
+- // Get element ciKlass recursively.
+- ciKlass* elem_klass =
+- get_klass_by_name_impl(accessing_klass,
+- get_object(elem_sym)->as_symbol(),
+- require_local);
+- if (elem_klass != NULL && elem_klass->is_loaded()) {
+- // Now make an array for it
+- return ciObjArrayKlass::make_impl(elem_klass);
+- }
+ }
+
+ if (require_local) return NULL;
+diff --git openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.cpp openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp
+--- openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.cpp
++++ openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp
+@@ -338,32 +338,6 @@ klassOop LoaderConstraintTable::find_con
+ }
+
+
+-klassOop LoaderConstraintTable::find_constrained_elem_klass(symbolHandle name,
+- symbolHandle elem_name,
+- Handle loader,
+- TRAPS) {
+- LoaderConstraintEntry *p = *(find_loader_constraint(name, loader));
+- if (p != NULL) {
+- assert(p->klass() == NULL, "Expecting null array klass");
+-
+- // The array name has a constraint, but it will not have a class. Check
+- // each loader for an associated elem
+- for (int i = 0; i < p->num_loaders(); i++) {
+- Handle no_protection_domain;
+-
+- klassOop k = SystemDictionary::find(elem_name, p->loader(i), no_protection_domain, THREAD);
+- if (k != NULL) {
+- // Return the first elem klass found.
+- return k;
+- }
+- }
+- }
+-
+- // No constraints, or else no klass loaded yet.
+- return NULL;
+-}
+-
+-
+ void LoaderConstraintTable::ensure_loader_constraint_capacity(
+ LoaderConstraintEntry *p,
+ int nfree) {
+diff --git openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.hpp openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp
+--- openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.hpp
++++ openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp
+@@ -67,9 +67,6 @@ public:
+ Handle loader2, bool is_method, TRAPS);
+
+ klassOop find_constrained_klass(symbolHandle name, Handle loader);
+- klassOop find_constrained_elem_klass(symbolHandle name, symbolHandle elem_name,
+- Handle loader, TRAPS);
+-
+
+ // Class loader constraints
+
+diff --git openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
+--- openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp
++++ openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
+@@ -2113,9 +2113,8 @@ klassOop SystemDictionary::find_constrai
+ // a loader constraint that would require this loader to return the
+ // klass that is already loaded.
+ if (FieldType::is_array(class_name())) {
+- // Array classes are hard because their klassOops are not kept in the
+- // constraint table. The array klass may be constrained, but the elem class
+- // may not be.
++ // For array classes, their klassOops are not kept in the
++ // constraint table. The element klassOops are.
+ jint dimension;
+ symbolOop object_key;
+ BasicType t = FieldType::get_array_info(class_name(), &dimension,
+@@ -2125,8 +2124,9 @@ klassOop SystemDictionary::find_constrai
+ } else {
+ symbolHandle elem_name(THREAD, object_key);
+ MutexLocker mu(SystemDictionary_lock, THREAD);
+- klass = constraints()->find_constrained_elem_klass(class_name, elem_name, class_loader, THREAD);
++ klass = constraints()->find_constrained_klass(elem_name, class_loader);
+ }
++ // If element class already loaded, allocate array klass
+ if (klass != NULL) {
+ klass = Klass::cast(klass)->array_klass_or_null(dimension);
+ }
+@@ -2142,24 +2142,40 @@ klassOop SystemDictionary::find_constrai
+
+ bool SystemDictionary::add_loader_constraint(symbolHandle class_name,
+ Handle class_loader1,
+- Handle class_loader2,
+- Thread* THREAD) {
+- unsigned int d_hash1 = dictionary()->compute_hash(class_name, class_loader1);
++ Handle class_loader2,
++ Thread* THREAD) {
++ symbolHandle constraint_name;
++ if (!FieldType::is_array(class_name())) {
++ constraint_name = class_name;
++ } else {
++ // For array classes, their klassOops are not kept in the
++ // constraint table. The element classes are.
++ jint dimension;
++ symbolOop object_key;
++ BasicType t = FieldType::get_array_info(class_name(), &dimension,
++ &object_key, CHECK_(false));
++ // primitive types always pass
++ if (t != T_OBJECT) {
++ return true;
++ } else {
++ constraint_name = symbolHandle(THREAD, object_key);
++ }
++ }
++ unsigned int d_hash1 = dictionary()->compute_hash(constraint_name, class_loader1);
+ int d_index1 = dictionary()->hash_to_index(d_hash1);
+
+- unsigned int d_hash2 = dictionary()->compute_hash(class_name, class_loader2);
++ unsigned int d_hash2 = dictionary()->compute_hash(constraint_name, class_loader2);
+ int d_index2 = dictionary()->hash_to_index(d_hash2);
++ {
++ MutexLocker mu_s(SystemDictionary_lock, THREAD);
+
+- {
+- MutexLocker mu_s(SystemDictionary_lock, THREAD);
++ // Better never do a GC while we're holding these oops
++ No_Safepoint_Verifier nosafepoint;
+
+- // Better never do a GC while we're holding these oops
+- No_Safepoint_Verifier nosafepoint;
+-
+- klassOop klass1 = find_class(d_index1, d_hash1, class_name, class_loader1);
+- klassOop klass2 = find_class(d_index2, d_hash2, class_name, class_loader2);
+- return constraints()->add_entry(class_name, klass1, class_loader1,
+- klass2, class_loader2);
++ klassOop klass1 = find_class(d_index1, d_hash1, constraint_name, class_loader1);
++ klassOop klass2 = find_class(d_index2, d_hash2, constraint_name, class_loader2);
++ return constraints()->add_entry(constraint_name, klass1, class_loader1,
++ klass2, class_loader2);
+ }
+ }
+
+@@ -2191,6 +2207,7 @@ symbolOop SystemDictionary::find_resolut
+ // Returns the name of the type that failed a loader constraint check, or
+ // NULL if no constraint failed. The returned C string needs cleaning up
+ // with a ResourceMark in the caller
++// Arrays are not added to the loader constraint table, their elements are.
+ char* SystemDictionary::check_signature_loaders(symbolHandle signature,
+ Handle loader1, Handle loader2,
+ bool is_method, TRAPS) {
diff -r c65048b3e9d7 -r 6ffc7f201041 patches/security/20100330/6633872.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20100330/6633872.patch Tue Mar 30 23:19:58 2010 +0100
@@ -0,0 +1,443 @@
+--- openjdk.orig/jdk/src/share/classes/java/security/ProtectionDomain.java Mon Mar 15 10:28:30 2010
++++ openjdk/jdk/src/share/classes/java/security/ProtectionDomain.java Mon Mar 15 10:28:30 2010
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
++ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -25,9 +25,15 @@
+
+ package java.security;
+
++import java.util.ArrayList;
++import java.util.Collections;
+ import java.util.Enumeration;
+ import java.util.List;
+-import java.util.ArrayList;
++import java.util.Map;
++import java.util.WeakHashMap;
++import sun.misc.JavaSecurityProtectionDomainAccess;
++import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
++import sun.misc.SharedSecrets;
+ import sun.security.util.Debug;
+ import sun.security.util.SecurityConstants;
+
+@@ -72,6 +78,11 @@
+ or dynamic (via a policy refresh) */
+ private boolean staticPermissions;
+
++ /*
++ * An object used as a key when the ProtectionDomain is stored in a Map.
++ */
++ final Key key = new Key();
++
+ private static final Debug debug = Debug.getInstance("domain");
+
+ /**
+@@ -238,7 +249,7 @@
+ /**
+ * Convert a ProtectionDomain to a String.
+ */
+- public String toString() {
++ @Override public String toString() {
+ String pals = "<no principals>";
+ if (principals != null && principals.length > 0) {
+ StringBuilder palBuf = new StringBuilder("(principals ");
+@@ -396,4 +407,29 @@
+
+ return mergedPerms;
+ }
++
++ /**
++ * Used for storing ProtectionDomains as keys in a Map.
++ */
++ final class Key {}
++
++ static {
++ SharedSecrets.setJavaSecurityProtectionDomainAccess(
++ new JavaSecurityProtectionDomainAccess() {
++ public ProtectionDomainCache getProtectionDomainCache() {
++ return new ProtectionDomainCache() {
++ private final Map<Key, PermissionCollection> map =
++ Collections.synchronizedMap
++ (new WeakHashMap<Key, PermissionCollection>());
++ public void put(ProtectionDomain pd,
++ PermissionCollection pc) {
++ map.put((pd == null ? null : pd.key), pc);
++ }
++ public PermissionCollection get(ProtectionDomain pd) {
++ return pd == null ? map.get(null) : map.get(pd.key);
++ }
++ };
++ }
++ });
++ }
+ }
+--- openjdk.orig/jdk/src/share/classes/java/security/Policy.java Mon Mar 15 10:28:30 2010
++++ openjdk/jdk/src/share/classes/java/security/Policy.java Mon Mar 15 10:28:30 2010
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
++ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -28,22 +28,19 @@
+
+ import java.io.*;
+ import java.lang.RuntimePermission;
++import java.lang.reflect.*;
+ import java.net.MalformedURLException;
+ import java.net.URL;
+ import java.util.Enumeration;
+ import java.util.Hashtable;
+-import java.util.Vector;
+-import java.util.StringTokenizer;
+ import java.util.PropertyPermission;
+-
+-import java.lang.reflect.*;
+-
++import java.util.StringTokenizer;
++import java.util.Vector;
+ import java.util.WeakHashMap;
+-import sun.security.util.Debug;
+ import sun.security.jca.GetInstance;
++import sun.security.util.Debug;
+ import sun.security.util.SecurityConstants;
+
+-
+ /**
+ * A Policy object is responsible for determining whether code executing
+ * in the Java runtime environment has permission to perform a
+@@ -113,8 +110,8 @@
+
+ private static final Debug debug = Debug.getInstance("policy");
+
+- // Cache mapping ProtectionDomain to PermissionCollection
+- private WeakHashMap<ProtectionDomain, PermissionCollection> pdMapping;
++ // Cache mapping ProtectionDomain.Key to PermissionCollection
++ private WeakHashMap<ProtectionDomain.Key, PermissionCollection> pdMapping;
+
+ /** package private for AccessControlContext */
+ static boolean isSet()
+@@ -307,7 +304,7 @@
+ synchronized (p) {
+ if (p.pdMapping == null) {
+ p.pdMapping =
+- new WeakHashMap<ProtectionDomain, PermissionCollection>();
++ new WeakHashMap<ProtectionDomain.Key, PermissionCollection>();
+ }
+ }
+
+@@ -323,7 +320,7 @@
+
+ synchronized (p.pdMapping) {
+ // cache of pd to permissions
+- p.pdMapping.put(policyDomain, policyPerms);
++ p.pdMapping.put(policyDomain.key, policyPerms);
+ }
+ }
+ return;
+@@ -638,7 +635,7 @@
+ }
+
+ synchronized (pdMapping) {
+- pc = pdMapping.get(domain);
++ pc = pdMapping.get(domain.key);
+ }
+
+ if (pc != null) {
+@@ -697,7 +694,7 @@
+ }
+
+ synchronized (pdMapping) {
+- pc = pdMapping.get(domain);
++ pc = pdMapping.get(domain.key);
+ }
+
+ if (pc != null) {
+@@ -711,7 +708,7 @@
+
+ synchronized (pdMapping) {
+ // cache it
+- pdMapping.put(domain, pc);
++ pdMapping.put(domain.key, pc);
+ }
+
+ return pc.implies(permission);
+@@ -747,21 +744,25 @@
+ this.params = params;
+ }
+
+- public String getType() { return type; }
++ @Override public String getType() { return type; }
+
+- public Policy.Parameters getParameters() { return params; }
++ @Override public Policy.Parameters getParameters() { return params; }
+
+- public Provider getProvider() { return p; }
++ @Override public Provider getProvider() { return p; }
+
++ @Override
+ public PermissionCollection getPermissions(CodeSource codesource) {
+ return spi.engineGetPermissions(codesource);
+ }
++ @Override
+ public PermissionCollection getPermissions(ProtectionDomain domain) {
+ return spi.engineGetPermissions(domain);
+ }
++ @Override
+ public boolean implies(ProtectionDomain domain, Permission perm) {
+ return spi.engineImplies(domain, perm);
+ }
++ @Override
+ public void refresh() {
+ spi.engineRefresh();
+ }
+@@ -803,7 +804,7 @@
+ * @exception SecurityException - if this PermissionCollection object
+ * has been marked readonly
+ */
+- public void add(Permission permission) {
++ @Override public void add(Permission permission) {
+ perms.add(permission);
+ }
+
+@@ -816,7 +817,7 @@
+ * @return true if "permission" is implied by the permissions in
+ * the collection, false if not.
+ */
More information about the distro-pkg-dev
mailing list