/hg/release/icedtea6-1.9: 6 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Oct 12 16:23:46 PDT 2010
changeset 821336d74fc7 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=821336d74fc7
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Oct 06 00:23:56 2010 +0100
Security update.
2010-10-05 Andrew John Hughes <ahughes at redhat.com>
* patches/security/20100330/hotspot/original/6626217.patch:
Remove dead security patch.
* Makefile.am: Add new patches.
* NEWS: List security updates.
* patches/security/20101012/6559775.patch,
* patches/security/20101012/6891766.patch,
* patches/security/20101012/6914943.patch,
* patches/security/20101012/6925710.patch,
* patches/security/20101012/6938813.patch,
* patches/security/20101012/6957564.patch,
* patches/security/20101012/6958060.patch,
* patches/security/20101012/6963023.patch,
* patches/security/20101012/6963489.patch,
* patches/security/20101012/6966692.patch: New security
patches.
changeset 5a4598d77f03 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=5a4598d77f03
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Oct 06 16:22:46 2010 +0100
Bump to 1.9.1 proper and set assumed date of release.
2010-10-06 Andrew John Hughes <ahughes at redhat.com>
* configure.ac: Bump to 1.9.1 proper.
* NEWS: Set date of 1.9.1 to 2010-10-13.
changeset 93e1ae5ab337 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=93e1ae5ab337
author: Andrew John Hughes <ahughes at redhat.com>
date: Mon Oct 11 23:32:31 2010 +0100
Second batch of security updates.
2010-10-11 Andrew John Hughes <ahughes at redhat.com>
* patches/icedtea-timerqueue.patch: Dropped;
superceded by 6623943.
* Makefile.am: Add new security patches.
* NEWS: List new security patches.
* patches/security/20101012/6622002.patch,
* patches/security/20101012/6623943.patch,
* patches/security/20101012/6952017.patch,
* patches/security/20101012/6952603.patch,
* patches/security/20101012/6961084.patch,
* patches/security/20101012/6963285.patch,
* patches/security/20101012/6981426.patch,
* patches/security/20101012/6990437.patch: Added.
changeset e71a0bed639b in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=e71a0bed639b
author: andrew
date: Mon Oct 11 22:31:47 2010 +0100
Add CVE numbers.
2010-10-11 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Add CVE numbers and list 6925672 which is
covered by the 6891766 fix.
changeset 2fa3935ab384 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=2fa3935ab384
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Oct 12 14:07:07 2010 +0100
Ensure man page directory exists before copying javaws man page.
2010-10-12 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: (add-netx): Ensure directory exists
before copying javaws man page. (add-netx-debug):
Likewise.
changeset dd9c36d63a95 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=dd9c36d63a95
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Oct 13 00:23:28 2010 +0100
Added tag icedtea6-1.9.1 for changeset 2fa3935ab384
diffstat:
25 files changed, 5184 insertions(+), 209 deletions(-)
.hgtags | 1
ChangeLog | 51
Makefile.am | 46
NEWS | 24
configure.ac | 2
patches/icedtea-timerqueue.patch | 18
patches/security/20100330/hotspot/original/6626217.patch | 180 -
patches/security/20101012/6559775.patch | 317 ++
patches/security/20101012/6622002.patch | 64
patches/security/20101012/6623943.patch | 138
patches/security/20101012/6891766.patch | 1147 +++++++
patches/security/20101012/6914943.patch | 2129 ++++++++++++++
patches/security/20101012/6925710.patch | 198 +
patches/security/20101012/6938813.patch | 196 +
patches/security/20101012/6952017.patch | 50
patches/security/20101012/6952603.patch | 38
patches/security/20101012/6957564.patch | 77
patches/security/20101012/6958060.patch | 15
patches/security/20101012/6961084.patch | 325 ++
patches/security/20101012/6963023.patch | 95
patches/security/20101012/6963285.patch | 20
patches/security/20101012/6963489.patch | 31
patches/security/20101012/6966692.patch | 91
patches/security/20101012/6981426.patch | 24
patches/security/20101012/6990437.patch | 116
diffs (truncated from 5537 to 500 lines):
diff -r f1c14c74edd7 -r dd9c36d63a95 .hgtags
--- a/.hgtags Mon Oct 04 23:47:52 2010 +0100
+++ b/.hgtags Wed Oct 13 00:23:28 2010 +0100
@@ -20,3 +20,4 @@ 9420faca6468e1c75e9bfa73b31246ba0b73a77d
9420faca6468e1c75e9bfa73b31246ba0b73a77d icedtea6-1.8-branchpoint
cb463b94b82da269ea089c481ed5e39700525a8a icedtea6-1.9-branch
5464f814f82f7d9c8428179a71c51f11094717fd icedtea6-1.9
+2fa3935ab384958d06614cec587506702bc8e658 icedtea6-1.9.1
diff -r f1c14c74edd7 -r dd9c36d63a95 ChangeLog
--- a/ChangeLog Mon Oct 04 23:47:52 2010 +0100
+++ b/ChangeLog Wed Oct 13 00:23:28 2010 +0100
@@ -1,3 +1,54 @@ 2010-09-17 Andrew John Hughes <ahughes
+2010-10-12 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am:
+ (add-netx): Ensure directory exists before
+ copying javaws man page.
+ (add-netx-debug): Likewise.
+
+2010-10-11 Andrew John Hughes <ahughes at redhat.com>
+
+ * NEWS: Add CVE numbers and list 6925672
+ which is covered by the 6891766 fix.
+
+2010-10-11 Andrew John Hughes <ahughes at redhat.com>
+
+ * patches/icedtea-timerqueue.patch:
+ Dropped; superceded by 6623943.
+ * Makefile.am: Add new security patches.
+ * NEWS: List new security patches.
+ * patches/security/20101012/6622002.patch,
+ * patches/security/20101012/6623943.patch,
+ * patches/security/20101012/6952017.patch,
+ * patches/security/20101012/6952603.patch,
+ * patches/security/20101012/6961084.patch,
+ * patches/security/20101012/6963285.patch,
+ * patches/security/20101012/6981426.patch,
+ * patches/security/20101012/6990437.patch:
+ Added.
+
+2010-10-06 Andrew John Hughes <ahughes at redhat.com>
+
+ * configure.ac: Bump to 1.9.1 proper.
+ * NEWS: Set date of 1.9.1 to 2010-10-13.
+
+2010-10-05 Andrew John Hughes <ahughes at redhat.com>
+
+ * patches/security/20100330/hotspot/original/6626217.patch:
+ Remove dead security patch.
+ * Makefile.am: Add new patches.
+ * NEWS: List security updates.
+ * patches/security/20101012/6559775.patch,
+ * patches/security/20101012/6891766.patch,
+ * patches/security/20101012/6914943.patch,
+ * patches/security/20101012/6925710.patch,
+ * patches/security/20101012/6938813.patch,
+ * patches/security/20101012/6957564.patch,
+ * patches/security/20101012/6958060.patch,
+ * patches/security/20101012/6963023.patch,
+ * patches/security/20101012/6963489.patch,
+ * patches/security/20101012/6966692.patch:
+ New security patches.
+
2010-09-17 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am:
diff -r f1c14c74edd7 -r dd9c36d63a95 Makefile.am
--- a/Makefile.am Mon Oct 04 23:47:52 2010 +0100
+++ b/Makefile.am Wed Oct 13 00:23:28 2010 +0100
@@ -199,7 +199,28 @@ REWRITER_SRCS = $(abs_top_srcdir)/rewrit
ICEDTEA_FSG_PATCHES =
+SECURITY_PATCHES = \
+ patches/security/20101012/6891766.patch \
+ patches/security/20101012/6925710.patch \
+ patches/security/20101012/6938813.patch \
+ patches/security/20101012/6957564.patch \
+ patches/security/20101012/6958060.patch \
+ patches/security/20101012/6963023.patch \
+ patches/security/20101012/6963489.patch \
+ patches/security/20101012/6966692.patch \
+ patches/security/20101012/6914943.patch \
+ patches/security/20101012/6559775.patch \
+ patches/security/20101012/6622002.patch \
+ patches/security/20101012/6623943.patch \
+ patches/security/20101012/6952017.patch \
+ patches/security/20101012/6952603.patch \
+ patches/security/20101012/6961084.patch \
+ patches/security/20101012/6963285.patch \
+ patches/security/20101012/6981426.patch \
+ patches/security/20101012/6990437.patch
+
ICEDTEA_PATCHES = \
+ $(SECURITY_PATCHES) \
patches/icedtea-notice-safepoints.patch \
patches/icedtea-parisc-opt.patch \
patches/icedtea-lucene-crash.patch \
@@ -221,7 +242,6 @@ ICEDTEA_PATCHES = \
patches/icedtea-javafiles.patch \
patches/icedtea-jvmtiEnv.patch \
patches/icedtea-lcms.patch \
- patches/icedtea-timerqueue.patch \
patches/hotspot/$(HSBUILD)/print_lsb_release.patch \
patches/icedtea-jpegclasses.patch \
patches/icedtea-uname.patch \
@@ -1438,10 +1458,14 @@ stamps/add-netx.stamp: stamps/netx-dist.
$(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib
cp $(NETX_RESOURCE_DIR)/about.jnlp extra-lib/about.jar \
$(BUILD_OUTPUT_DIR)/j2re-image/lib
- cp $(NETX_SRCDIR)/javaws.1 \
- $(BUILD_OUTPUT_DIR)/j2sdk-image/man/man1
- cp $(NETX_SRCDIR)/javaws.1 \
- $(BUILD_OUTPUT_DIR)/j2re-image/man/man1
+ if [ -d $(BUILD_OUTPUT_DIR)/j2sdk-image/man/man1 ] ; then \
+ cp $(NETX_SRCDIR)/javaws.1 \
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/man/man1 ; \
+ fi
+ if [ -d $(BUILD_OUTPUT_DIR)/j2re-image/man/man1 ] ; then \
+ cp $(NETX_SRCDIR)/javaws.1 \
+ $(BUILD_OUTPUT_DIR)/j2re-image/man/man1 ; \
+ fi
touch stamps/add-netx.stamp
clean-add-netx:
@@ -1464,10 +1488,14 @@ stamps/add-netx-debug.stamp: stamps/netx
$(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib
cp $(NETX_RESOURCE_DIR)/about.jnlp extra-lib/about.jar \
$(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/lib
- cp $(NETX_SRCDIR)/javaws.1 \
- $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/man/man1
- cp $(NETX_SRCDIR)/javaws.1 \
- $(BUILD_OUTPUT_DIR)/j2re-image/man/man1
+ if [ -d $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/man/man1 ] ; then \
+ cp $(NETX_SRCDIR)/javaws.1 \
+ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/man/man1 ; \
+ fi
+ if [ -d $(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/man/man1 ] ; then \
+ cp $(NETX_SRCDIR)/javaws.1 \
+ $(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/man/man1 ; \
+ fi
touch stamps/add-netx-debug.stamp
clean-add-netx-debug:
diff -r f1c14c74edd7 -r dd9c36d63a95 NEWS
--- a/NEWS Mon Oct 04 23:47:52 2010 +0100
+++ b/NEWS Wed Oct 13 00:23:28 2010 +0100
@@ -8,8 +8,30 @@ GX - http://bugs.gentoo.org/show_bug.cg
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.9.1 (2010-XX-XX):
+New in release 1.9.1 (2010-10-13):
+
* HotSpot 19 supported; use --with-hotspot-build=hs19 to enable.
+* Security updates
+ - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation
+ - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition
+ - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities
+ - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free
+ - S6938813, CVE-2010-3557: OpenJDK Swing mutable static
+ - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak
+ - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability
+ - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution
+ - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution
+ - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies
+ - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage
+ - S6623943: javax.swing.TimerQueue's thread occasionally fails to start
+ - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host
+ - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting)
+ - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code
+ - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection
+ - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts
+ - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection
+ - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
+ - S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes
* Backports
- S6638712: Inference with wildcard types causes selection of inapplicable method
- S6650759: Inference of formal type parameter (unused in formal parameters) is not performed
diff -r f1c14c74edd7 -r dd9c36d63a95 configure.ac
--- a/configure.ac Mon Oct 04 23:47:52 2010 +0100
+++ b/configure.ac Wed Oct 13 00:23:28 2010 +0100
@@ -1,4 +1,4 @@ AC_INIT([icedtea6],[1.9.1pre],[distro-pk
-AC_INIT([icedtea6],[1.9.1pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.9.1],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r f1c14c74edd7 -r dd9c36d63a95 patches/icedtea-timerqueue.patch
--- a/patches/icedtea-timerqueue.patch Mon Oct 04 23:47:52 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
---- TimerQueue.java.orig 2007-12-13 14:08:33.000000000 -0500
-+++ openjdk/jdk/src/share/classes/javax/swing/TimerQueue.java 2007-12-13 14:08:52.000000000 -0500
-@@ -106,7 +106,6 @@
- return null;
- }
- });
-- running = true;
- }
- }
-
-@@ -164,6 +163,7 @@
-
-
- public void run() {
-+ running = true;
- try {
- while (running) {
- try {
diff -r f1c14c74edd7 -r dd9c36d63a95 patches/security/20100330/hotspot/original/6626217.patch
--- a/patches/security/20100330/hotspot/original/6626217.patch Mon Oct 04 23:47:52 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,180 +0,0 @@
-# HG changeset patch
-# User acorn
-# Date 1261523209 18000
-# Node ID 209a7a8a8f966dc4d6b45333cf4f3fa6648a6ecb
-# Parent 75e095764f403b7425e30711b00cc038554a1ae9
-6626217: Fixed loader constraint array handling
-Summary: Loader constraints track array elements, not arrays themselves.
-Reviewed-by: dcubed, kevinw
-
-diff --git openjdk.orig/hotspot/src/share/vm/ci/ciEnv.cpp openjdk/hotspot/src/share/vm/ci/ciEnv.cpp
---- openjdk.orig/hotspot/src/share/vm/ci/ciEnv.cpp
-+++ openjdk/hotspot/src/share/vm/ci/ciEnv.cpp
-@@ -348,30 +348,6 @@ ciKlass* ciEnv::get_klass_by_name_impl(c
- if (found_klass != NULL) {
- // Found it. Build a CI handle.
- return get_object(found_klass)->as_klass();
-- }
--
-- // If we fail to find an array klass, look again for its element type.
-- // The element type may be available either locally or via constraints.
-- // In either case, if we can find the element type in the system dictionary,
-- // we must build an array type around it. The CI requires array klasses
-- // to be loaded if their element klasses are loaded, except when memory
-- // is exhausted.
-- if (sym->byte_at(0) == '[' &&
-- (sym->byte_at(1) == '[' || sym->byte_at(1) == 'L')) {
-- // We have an unloaded array.
-- // Build it on the fly if the element class exists.
-- symbolOop elem_sym = oopFactory::new_symbol(sym->as_utf8()+1,
-- sym->utf8_length()-1,
-- KILL_COMPILE_ON_FATAL_(fail_type));
-- // Get element ciKlass recursively.
-- ciKlass* elem_klass =
-- get_klass_by_name_impl(accessing_klass,
-- get_object(elem_sym)->as_symbol(),
-- require_local);
-- if (elem_klass != NULL && elem_klass->is_loaded()) {
-- // Now make an array for it
-- return ciObjArrayKlass::make_impl(elem_klass);
-- }
- }
-
- if (require_local) return NULL;
-diff --git openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.cpp openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp
---- openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.cpp
-+++ openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp
-@@ -338,32 +338,6 @@ klassOop LoaderConstraintTable::find_con
- }
-
-
--klassOop LoaderConstraintTable::find_constrained_elem_klass(symbolHandle name,
-- symbolHandle elem_name,
-- Handle loader,
-- TRAPS) {
-- LoaderConstraintEntry *p = *(find_loader_constraint(name, loader));
-- if (p != NULL) {
-- assert(p->klass() == NULL, "Expecting null array klass");
--
-- // The array name has a constraint, but it will not have a class. Check
-- // each loader for an associated elem
-- for (int i = 0; i < p->num_loaders(); i++) {
-- Handle no_protection_domain;
--
-- klassOop k = SystemDictionary::find(elem_name, p->loader(i), no_protection_domain, THREAD);
-- if (k != NULL) {
-- // Return the first elem klass found.
-- return k;
-- }
-- }
-- }
--
-- // No constraints, or else no klass loaded yet.
-- return NULL;
--}
--
--
- void LoaderConstraintTable::ensure_loader_constraint_capacity(
- LoaderConstraintEntry *p,
- int nfree) {
-diff --git openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.hpp openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp
---- openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.hpp
-+++ openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp
-@@ -67,9 +67,6 @@ public:
- Handle loader2, bool is_method, TRAPS);
-
- klassOop find_constrained_klass(symbolHandle name, Handle loader);
-- klassOop find_constrained_elem_klass(symbolHandle name, symbolHandle elem_name,
-- Handle loader, TRAPS);
--
-
- // Class loader constraints
-
-diff --git openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
---- openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp
-+++ openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
-@@ -2113,9 +2113,8 @@ klassOop SystemDictionary::find_constrai
- // a loader constraint that would require this loader to return the
- // klass that is already loaded.
- if (FieldType::is_array(class_name())) {
-- // Array classes are hard because their klassOops are not kept in the
-- // constraint table. The array klass may be constrained, but the elem class
-- // may not be.
-+ // For array classes, their klassOops are not kept in the
-+ // constraint table. The element klassOops are.
- jint dimension;
- symbolOop object_key;
- BasicType t = FieldType::get_array_info(class_name(), &dimension,
-@@ -2125,8 +2124,9 @@ klassOop SystemDictionary::find_constrai
- } else {
- symbolHandle elem_name(THREAD, object_key);
- MutexLocker mu(SystemDictionary_lock, THREAD);
-- klass = constraints()->find_constrained_elem_klass(class_name, elem_name, class_loader, THREAD);
-+ klass = constraints()->find_constrained_klass(elem_name, class_loader);
- }
-+ // If element class already loaded, allocate array klass
- if (klass != NULL) {
- klass = Klass::cast(klass)->array_klass_or_null(dimension);
- }
-@@ -2142,24 +2142,40 @@ klassOop SystemDictionary::find_constrai
-
- bool SystemDictionary::add_loader_constraint(symbolHandle class_name,
- Handle class_loader1,
-- Handle class_loader2,
-- Thread* THREAD) {
-- unsigned int d_hash1 = dictionary()->compute_hash(class_name, class_loader1);
-+ Handle class_loader2,
-+ Thread* THREAD) {
-+ symbolHandle constraint_name;
-+ if (!FieldType::is_array(class_name())) {
-+ constraint_name = class_name;
-+ } else {
-+ // For array classes, their klassOops are not kept in the
-+ // constraint table. The element classes are.
-+ jint dimension;
-+ symbolOop object_key;
-+ BasicType t = FieldType::get_array_info(class_name(), &dimension,
-+ &object_key, CHECK_(false));
-+ // primitive types always pass
-+ if (t != T_OBJECT) {
-+ return true;
-+ } else {
-+ constraint_name = symbolHandle(THREAD, object_key);
-+ }
-+ }
-+ unsigned int d_hash1 = dictionary()->compute_hash(constraint_name, class_loader1);
- int d_index1 = dictionary()->hash_to_index(d_hash1);
-
-- unsigned int d_hash2 = dictionary()->compute_hash(class_name, class_loader2);
-+ unsigned int d_hash2 = dictionary()->compute_hash(constraint_name, class_loader2);
- int d_index2 = dictionary()->hash_to_index(d_hash2);
-+ {
-+ MutexLocker mu_s(SystemDictionary_lock, THREAD);
-
-- {
-- MutexLocker mu_s(SystemDictionary_lock, THREAD);
-+ // Better never do a GC while we're holding these oops
-+ No_Safepoint_Verifier nosafepoint;
-
-- // Better never do a GC while we're holding these oops
-- No_Safepoint_Verifier nosafepoint;
--
-- klassOop klass1 = find_class(d_index1, d_hash1, class_name, class_loader1);
-- klassOop klass2 = find_class(d_index2, d_hash2, class_name, class_loader2);
-- return constraints()->add_entry(class_name, klass1, class_loader1,
-- klass2, class_loader2);
-+ klassOop klass1 = find_class(d_index1, d_hash1, constraint_name, class_loader1);
-+ klassOop klass2 = find_class(d_index2, d_hash2, constraint_name, class_loader2);
-+ return constraints()->add_entry(constraint_name, klass1, class_loader1,
-+ klass2, class_loader2);
- }
- }
-
-@@ -2191,6 +2207,7 @@ symbolOop SystemDictionary::find_resolut
- // Returns the name of the type that failed a loader constraint check, or
- // NULL if no constraint failed. The returned C string needs cleaning up
- // with a ResourceMark in the caller
-+// Arrays are not added to the loader constraint table, their elements are.
- char* SystemDictionary::check_signature_loaders(symbolHandle signature,
- Handle loader1, Handle loader2,
- bool is_method, TRAPS) {
diff -r f1c14c74edd7 -r dd9c36d63a95 patches/security/20101012/6559775.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20101012/6559775.patch Wed Oct 13 00:23:28 2010 +0100
@@ -0,0 +1,317 @@
+# HG changeset patch
+# User skoppar
+# Date 1285671517 25200
+# Node ID 57681551c11efbec9906bdf321554aabcac25228
+# Parent bb1c74cae929a5903c0aca64b9e5a7f67726b02a
+6559775: Race allows defaultReadObject to be invoked instead of readFields during deserialization
+Reviewed-by: hawtin
+
+diff --git a/make/java/java/FILES_java.gmk b/make/java/java/FILES_java.gmk
+--- openjdk.orig/jdk/make/java/java/FILES_java.gmk
++++ openjdk/jdk/make/java/java/FILES_java.gmk
+@@ -384,6 +384,7 @@ JAVA_JAVA_java = \
+ java/io/FilePermission.java \
+ java/io/Serializable.java \
+ java/io/Externalizable.java \
++ java/io/SerialCallbackContext.java \
+ java/io/Bits.java \
+ java/io/ObjectInput.java \
+ java/io/ObjectInputStream.java \
+diff --git a/src/share/classes/java/io/ObjectInputStream.java b/src/share/classes/java/io/ObjectInputStream.java
+--- openjdk.orig/jdk/src/share/classes/java/io/ObjectInputStream.java
++++ openjdk/jdk/src/share/classes/java/io/ObjectInputStream.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -264,7 +264,7 @@ public class ObjectInputStream
+ * object currently being deserialized and descriptor for current class.
+ * Null when not during readObject upcall.
+ */
+- private CallbackContext curContext;
++ private SerialCallbackContext curContext;
+
+ /**
+ * Creates an ObjectInputStream that reads from the specified InputStream.
+@@ -1797,7 +1797,7 @@ public class ObjectInputStream
+ private void readExternalData(Externalizable obj, ObjectStreamClass desc)
+ throws IOException
+ {
+- CallbackContext oldContext = curContext;
++ SerialCallbackContext oldContext = curContext;
+ curContext = null;
+ try {
+ boolean blocked = desc.hasBlockExternalData();
+@@ -1856,10 +1856,10 @@ public class ObjectInputStream
+ slotDesc.hasReadObjectMethod() &&
+ handles.lookupException(passHandle) == null)
+ {
+- CallbackContext oldContext = curContext;
++ SerialCallbackContext oldContext = curContext;
+
+ try {
+- curContext = new CallbackContext(obj, slotDesc);
++ curContext = new SerialCallbackContext(obj, slotDesc);
+
+ bin.setBlockDataMode(true);
+ slotDesc.invokeReadObject(obj, this);
+@@ -3504,42 +3504,4 @@ public class ObjectInputStream
+ }
+ }
+
+- /**
+- * Context that during upcalls to class-defined readObject methods; holds
+- * object currently being deserialized and descriptor for current class.
+- * This context keeps a boolean state to indicate that defaultReadObject
+- * or readFields has already been invoked with this context or the class's
+- * readObject method has returned; if true, the getObj method throws
+- * NotActiveException.
+- */
+- private static class CallbackContext {
+- private final Object obj;
+- private final ObjectStreamClass desc;
+- private final AtomicBoolean used = new AtomicBoolean();
+-
+- public CallbackContext(Object obj, ObjectStreamClass desc) {
+- this.obj = obj;
+- this.desc = desc;
+- }
+-
+- public Object getObj() throws NotActiveException {
+- checkAndSetUsed();
+- return obj;
+- }
+-
+- public ObjectStreamClass getDesc() {
+- return desc;
+- }
+-
+- private void checkAndSetUsed() throws NotActiveException {
+- if (!used.compareAndSet(false, true)) {
+- throw new NotActiveException(
+- "not in readObject invocation or fields already read");
+- }
+- }
+-
+- public void setUsed() {
+- used.set(true);
+- }
+- }
More information about the distro-pkg-dev
mailing list