/hg/icedtea6-hg: Drop security patches now they are available up...
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Oct 19 06:29:28 PDT 2010
changeset 7d44885fc5aa in /hg/icedtea6-hg
details: http://icedtea.classpath.org/hg/icedtea6-hg?cmd=changeset;node=7d44885fc5aa
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Oct 19 14:28:59 2010 +0100
Drop security patches now they are available upstream.
2010-10-19 Andrew John Hughes <ahughes at redhat.com>
* patches/security/20101012/6559775.patch,
* patches/security/20101012/6622002.patch,
* patches/security/20101012/6891766.patch,
* patches/security/20101012/6914943.patch,
* patches/security/20101012/6925710.patch,
* patches/security/20101012/6938813.patch,
* patches/security/20101012/6952017.patch,
* patches/security/20101012/6952603.patch,
* patches/security/20101012/6957564.patch,
* patches/security/20101012/6958060.patch,
* patches/security/20101012/6961084.patch,
* patches/security/20101012/6963023.patch,
* patches/security/20101012/6963285.patch,
* patches/security/20101012/6963489.patch,
* patches/security/20101012/6966692.patch,
* patches/security/20101012/6981426.patch,
* patches/security/20101012/6990437.patch: Dropped; available
upstream.
* Makefile.am: Drop above patches.
* patches/icedtea-lcms.patch: Rejigged against upstream
security patch.
diffstat:
20 files changed, 37 insertions(+), 4966 deletions(-)
ChangeLog | 24
Makefile.am | 21
patches/icedtea-lcms.patch | 25
patches/security/20101012/6559775.patch | 317 ----
patches/security/20101012/6622002.patch | 64
patches/security/20101012/6891766.patch | 1147 ----------------
patches/security/20101012/6914943.patch | 2129 -------------------------------
patches/security/20101012/6925710.patch | 198 --
patches/security/20101012/6938813.patch | 196 --
patches/security/20101012/6952017.patch | 50
patches/security/20101012/6952603.patch | 38
patches/security/20101012/6957564.patch | 77 -
patches/security/20101012/6958060.patch | 15
patches/security/20101012/6961084.patch | 325 ----
patches/security/20101012/6963023.patch | 95 -
patches/security/20101012/6963285.patch | 20
patches/security/20101012/6963489.patch | 31
patches/security/20101012/6966692.patch | 91 -
patches/security/20101012/6981426.patch | 24
patches/security/20101012/6990437.patch | 116 -
diffs (truncated from 5113 to 500 lines):
diff -r 5bc57773f41d -r 7d44885fc5aa ChangeLog
--- a/ChangeLog Tue Oct 19 00:15:10 2010 +0100
+++ b/ChangeLog Tue Oct 19 14:28:59 2010 +0100
@@ -1,3 +1,27 @@ 2010-10-18 Andrew John Hughes <ahughes
+2010-10-19 Andrew John Hughes <ahughes at redhat.com>
+
+ * patches/security/20101012/6559775.patch,
+ * patches/security/20101012/6622002.patch,
+ * patches/security/20101012/6891766.patch,
+ * patches/security/20101012/6914943.patch,
+ * patches/security/20101012/6925710.patch,
+ * patches/security/20101012/6938813.patch,
+ * patches/security/20101012/6952017.patch,
+ * patches/security/20101012/6952603.patch,
+ * patches/security/20101012/6957564.patch,
+ * patches/security/20101012/6958060.patch,
+ * patches/security/20101012/6961084.patch,
+ * patches/security/20101012/6963023.patch,
+ * patches/security/20101012/6963285.patch,
+ * patches/security/20101012/6963489.patch,
+ * patches/security/20101012/6966692.patch,
+ * patches/security/20101012/6981426.patch,
+ * patches/security/20101012/6990437.patch:
+ Dropped; available upstream.
+ * Makefile.am: Drop above patches.
+ * patches/icedtea-lcms.patch: Rejigged against
+ upstream security patch.
+
2010-10-18 Andrew John Hughes <ahughes at redhat.com>
* patches/hotspot/hs19/alpha-fixes.patch,
diff -r 5bc57773f41d -r 7d44885fc5aa Makefile.am
--- a/Makefile.am Tue Oct 19 00:15:10 2010 +0100
+++ b/Makefile.am Tue Oct 19 14:28:59 2010 +0100
@@ -232,26 +232,7 @@ REWRITER_SRCS = $(abs_top_srcdir)/rewrit
ICEDTEA_FSG_PATCHES =
-BROKEN =
-
-SECURITY_PATCHES = \
- patches/security/20101012/6891766.patch \
- patches/security/20101012/6925710.patch \
- patches/security/20101012/6938813.patch \
- patches/security/20101012/6957564.patch \
- patches/security/20101012/6958060.patch \
- patches/security/20101012/6963023.patch \
- patches/security/20101012/6963489.patch \
- patches/security/20101012/6966692.patch \
- patches/security/20101012/6914943.patch \
- patches/security/20101012/6559775.patch \
- patches/security/20101012/6622002.patch \
- patches/security/20101012/6952017.patch \
- patches/security/20101012/6952603.patch \
- patches/security/20101012/6961084.patch \
- patches/security/20101012/6963285.patch \
- patches/security/20101012/6981426.patch \
- patches/security/20101012/6990437.patch
+SECURITY_PATCHES =
ICEDTEA_PATCHES = \
$(SECURITY_PATCHES) \
diff -r 5bc57773f41d -r 7d44885fc5aa patches/icedtea-lcms.patch
--- a/patches/icedtea-lcms.patch Tue Oct 19 00:15:10 2010 +0100
+++ b/patches/icedtea-lcms.patch Tue Oct 19 14:28:59 2010 +0100
@@ -1,8 +1,8 @@ diff -Nru openjdk.orig/jdk/src/share/nat
diff -Nru openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c
---- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c 2010-04-06 11:57:21.000000000 +0100
-+++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c 2010-04-06 17:35:02.000000000 +0100
-@@ -689,6 +689,9 @@
- GrayTRC = cmsReadICCGamma(hProfile, icSigGrayTRCTag);
+--- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c 2010-10-19 10:19:13.000000000 +0100
++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c 2010-10-19 13:02:07.580264578 +0100
+@@ -692,6 +692,9 @@
+ }
FromLstarToXYZ(GrayTRC, Shapes1);
+ if (GrayTRC == NULL)
@@ -11,17 +11,16 @@ diff -Nru openjdk.orig/jdk/src/share/nat
// Reversing must be done after curve translation
Shapes[0] = cmsReverseGamma(Shapes1[0]->nEntries, Shapes1[0]);
-@@ -704,6 +707,9 @@
+@@ -706,7 +709,7 @@
+ // Normal case
GrayTRC = cmsReadICCGammaReversed(hProfile, icSigGrayTRCTag); // Y
-
-+ if (GrayTRC == NULL)
-+ return NULL;
-+
+- if (!GrayTRC) {
++ if (GrayTRC == NULL) {
+ return NULL;
+ }
Shapes[0] = cmsDupGamma(GrayTRC);
- Shapes[1] = cmsDupGamma(GrayTRC);
- Shapes[2] = cmsDupGamma(GrayTRC);
-@@ -1343,7 +1349,7 @@
+@@ -1348,7 +1351,7 @@
p -> ToDevice = PCStoShaperMatrix;
p -> OutMatShaper = cmsBuildOutputMatrixShaper(p->OutputProfile);
@@ -30,7 +29,7 @@ diff -Nru openjdk.orig/jdk/src/share/nat
cmsSignalError(LCMS_ERRC_ABORTED, "profile is unsuitable for output");
return NULL;
}
-@@ -1920,6 +1926,8 @@
+@@ -1925,6 +1928,8 @@
ColorSpace = ColorSpaceIn;
diff -r 5bc57773f41d -r 7d44885fc5aa patches/security/20101012/6559775.patch
--- a/patches/security/20101012/6559775.patch Tue Oct 19 00:15:10 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,317 +0,0 @@
-# HG changeset patch
-# User skoppar
-# Date 1285671517 25200
-# Node ID 57681551c11efbec9906bdf321554aabcac25228
-# Parent bb1c74cae929a5903c0aca64b9e5a7f67726b02a
-6559775: Race allows defaultReadObject to be invoked instead of readFields during deserialization
-Reviewed-by: hawtin
-
-diff --git a/make/java/java/FILES_java.gmk b/make/java/java/FILES_java.gmk
---- openjdk.orig/jdk/make/java/java/FILES_java.gmk
-+++ openjdk/jdk/make/java/java/FILES_java.gmk
-@@ -384,6 +384,7 @@ JAVA_JAVA_java = \
- java/io/FilePermission.java \
- java/io/Serializable.java \
- java/io/Externalizable.java \
-+ java/io/SerialCallbackContext.java \
- java/io/Bits.java \
- java/io/ObjectInput.java \
- java/io/ObjectInputStream.java \
-diff --git a/src/share/classes/java/io/ObjectInputStream.java b/src/share/classes/java/io/ObjectInputStream.java
---- openjdk.orig/jdk/src/share/classes/java/io/ObjectInputStream.java
-+++ openjdk/jdk/src/share/classes/java/io/ObjectInputStream.java
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -264,7 +264,7 @@ public class ObjectInputStream
- * object currently being deserialized and descriptor for current class.
- * Null when not during readObject upcall.
- */
-- private CallbackContext curContext;
-+ private SerialCallbackContext curContext;
-
- /**
- * Creates an ObjectInputStream that reads from the specified InputStream.
-@@ -1797,7 +1797,7 @@ public class ObjectInputStream
- private void readExternalData(Externalizable obj, ObjectStreamClass desc)
- throws IOException
- {
-- CallbackContext oldContext = curContext;
-+ SerialCallbackContext oldContext = curContext;
- curContext = null;
- try {
- boolean blocked = desc.hasBlockExternalData();
-@@ -1856,10 +1856,10 @@ public class ObjectInputStream
- slotDesc.hasReadObjectMethod() &&
- handles.lookupException(passHandle) == null)
- {
-- CallbackContext oldContext = curContext;
-+ SerialCallbackContext oldContext = curContext;
-
- try {
-- curContext = new CallbackContext(obj, slotDesc);
-+ curContext = new SerialCallbackContext(obj, slotDesc);
-
- bin.setBlockDataMode(true);
- slotDesc.invokeReadObject(obj, this);
-@@ -3504,42 +3504,4 @@ public class ObjectInputStream
- }
- }
-
-- /**
-- * Context that during upcalls to class-defined readObject methods; holds
-- * object currently being deserialized and descriptor for current class.
-- * This context keeps a boolean state to indicate that defaultReadObject
-- * or readFields has already been invoked with this context or the class's
-- * readObject method has returned; if true, the getObj method throws
-- * NotActiveException.
-- */
-- private static class CallbackContext {
-- private final Object obj;
-- private final ObjectStreamClass desc;
-- private final AtomicBoolean used = new AtomicBoolean();
--
-- public CallbackContext(Object obj, ObjectStreamClass desc) {
-- this.obj = obj;
-- this.desc = desc;
-- }
--
-- public Object getObj() throws NotActiveException {
-- checkAndSetUsed();
-- return obj;
-- }
--
-- public ObjectStreamClass getDesc() {
-- return desc;
-- }
--
-- private void checkAndSetUsed() throws NotActiveException {
-- if (!used.compareAndSet(false, true)) {
-- throw new NotActiveException(
-- "not in readObject invocation or fields already read");
-- }
-- }
--
-- public void setUsed() {
-- used.set(true);
-- }
-- }
- }
-diff --git a/src/share/classes/java/io/ObjectOutputStream.java b/src/share/classes/java/io/ObjectOutputStream.java
---- openjdk.orig/jdk/src/share/classes/java/io/ObjectOutputStream.java
-+++ openjdk/jdk/src/share/classes/java/io/ObjectOutputStream.java
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -35,6 +35,7 @@ import java.util.concurrent.ConcurrentHa
- import java.util.concurrent.ConcurrentHashMap;
- import java.util.concurrent.ConcurrentMap;
- import static java.io.ObjectStreamClass.processQueue;
-+import java.io.SerialCallbackContext;
-
- /**
- * An ObjectOutputStream writes primitive data types and graphs of Java objects
-@@ -191,10 +192,12 @@ public class ObjectOutputStream
- private boolean enableReplace;
-
- // values below valid only during upcalls to writeObject()/writeExternal()
-- /** object currently being serialized */
-- private Object curObj;
-- /** descriptor for current class (null if in writeExternal()) */
-- private ObjectStreamClass curDesc;
-+ /**
-+ * Context during upcalls to class-defined writeObject methods; holds
-+ * object currently being serialized and descriptor for current class.
-+ * Null when not during writeObject upcall.
-+ */
-+ private SerialCallbackContext curContext;
- /** current PutField object */
- private PutFieldImpl curPut;
-
-@@ -426,9 +429,11 @@ public class ObjectOutputStream
- * <code>OutputStream</code>
- */
- public void defaultWriteObject() throws IOException {
-- if (curObj == null || curDesc == null) {
-+ if ( curContext == null ) {
- throw new NotActiveException("not in call to writeObject");
- }
-+ Object curObj = curContext.getObj();
-+ ObjectStreamClass curDesc = curContext.getDesc();
- bout.setBlockDataMode(false);
- defaultWriteFields(curObj, curDesc);
- bout.setBlockDataMode(true);
-@@ -446,9 +451,11 @@ public class ObjectOutputStream
- */
- public ObjectOutputStream.PutField putFields() throws IOException {
- if (curPut == null) {
-- if (curObj == null || curDesc == null) {
-+ if (curContext == null) {
- throw new NotActiveException("not in call to writeObject");
- }
-+ Object curObj = curContext.getObj();
-+ ObjectStreamClass curDesc = curContext.getDesc();
- curPut = new PutFieldImpl(curDesc);
- }
- return curPut;
-@@ -1420,17 +1427,15 @@ public class ObjectOutputStream
- * writeExternal() method.
- */
- private void writeExternalData(Externalizable obj) throws IOException {
-- Object oldObj = curObj;
-- ObjectStreamClass oldDesc = curDesc;
- PutFieldImpl oldPut = curPut;
-- curObj = obj;
-- curDesc = null;
- curPut = null;
--
-+ SerialCallbackContext oldContext = curContext;
-+
- if (extendedDebugInfo) {
- debugInfoStack.push("writeExternal data");
- }
- try {
-+ curContext = null;
- if (protocol == PROTOCOL_VERSION_1) {
- obj.writeExternal(this);
- } else {
-@@ -1440,13 +1445,12 @@ public class ObjectOutputStream
- bout.writeByte(TC_ENDBLOCKDATA);
- }
- } finally {
-+ curContext = oldContext;
- if (extendedDebugInfo) {
- debugInfoStack.pop();
- }
- }
-
-- curObj = oldObj;
-- curDesc = oldDesc;
- curPut = oldPut;
- }
-
-@@ -1461,12 +1465,9 @@ public class ObjectOutputStream
- for (int i = 0; i < slots.length; i++) {
- ObjectStreamClass slotDesc = slots[i].desc;
- if (slotDesc.hasWriteObjectMethod()) {
-- Object oldObj = curObj;
-- ObjectStreamClass oldDesc = curDesc;
- PutFieldImpl oldPut = curPut;
-- curObj = obj;
-- curDesc = slotDesc;
- curPut = null;
-+ SerialCallbackContext oldContext = curContext;
-
- if (extendedDebugInfo) {
- debugInfoStack.push(
-@@ -1474,18 +1475,19 @@ public class ObjectOutputStream
- slotDesc.getName() + "\")");
- }
- try {
-+ curContext = new SerialCallbackContext(obj, slotDesc);
- bout.setBlockDataMode(true);
- slotDesc.invokeWriteObject(obj, this);
- bout.setBlockDataMode(false);
- bout.writeByte(TC_ENDBLOCKDATA);
- } finally {
-+ curContext.setUsed();
-+ curContext = oldContext;
- if (extendedDebugInfo) {
- debugInfoStack.pop();
- }
- }
-
-- curObj = oldObj;
-- curDesc = oldDesc;
- curPut = oldPut;
- } else {
- defaultWriteFields(obj, slotDesc);
-diff --git a/src/share/classes/java/io/SerialCallbackContext.java b/src/share/classes/java/io/SerialCallbackContext.java
-new file mode 100644
---- /dev/null
-+++ openjdk/jdk/src/share/classes/java/io/SerialCallbackContext.java
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+ package java.io;
-+
-+ /**
-+ * Context during upcalls from object stream to class-defined
-+ * readObject/writeObject methods.
-+ * Holds object currently being deserialized and descriptor for current class.
-+ *
-+ * This context keeps track of the thread it was constructed on, and allows
-+ * only a single call of defaultReadObject, readFields, defaultWriteObject
-+ * or writeFields which must be invoked on the same thread before the class's
-+ * readObject/writeObject method has returned.
-+ * If not set to the current thread, the getObj method throws NotActiveException.
-+ */
-+ final class SerialCallbackContext {
-+ private final Object obj;
-+ private final ObjectStreamClass desc;
-+ /**
-+ * Thread this context is in use by.
-+ * As this only works in one thread, we do not need to worry about thread-safety.
-+ */
-+ private Thread thread;
-+
-+ public SerialCallbackContext(Object obj, ObjectStreamClass desc) {
-+ this.obj = obj;
-+ this.desc = desc;
-+ this.thread = Thread.currentThread();
-+ }
-+
-+ public Object getObj() throws NotActiveException {
-+ checkAndSetUsed();
-+ return obj;
-+ }
-+
-+ public ObjectStreamClass getDesc() {
-+ return desc;
-+ }
-+
-+ private void checkAndSetUsed() throws NotActiveException {
-+ if (thread != Thread.currentThread()) {
-+ throw new NotActiveException(
-+ "not in readObject invocation or fields already read");
-+ }
-+ thread = null;
-+ }
-+
-+ public void setUsed() {
-+ thread = null;
-+ }
-+ }
-+
-+
diff -r 5bc57773f41d -r 7d44885fc5aa patches/security/20101012/6622002.patch
--- a/patches/security/20101012/6622002.patch Tue Oct 19 00:15:10 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,64 +0,0 @@
-# HG changeset patch
-# User alexp
-# Date 1285685944 -14400
-# Node ID bb1c74cae929a5903c0aca64b9e5a7f67726b02a
-# Parent 1eaaf0f77762dfa6120921f1d2d6ce96e7086513
-6622002: UIDefault.ProxyLazyValue has unsafe reflection usage
-Reviewed-by: malenkov
-
-diff --git a/src/share/classes/javax/swing/UIDefaults.java b/src/share/classes/javax/swing/UIDefaults.java
---- openjdk.orig/jdk/src/share/classes/javax/swing/UIDefaults.java
-+++ openjdk/jdk/src/share/classes/javax/swing/UIDefaults.java
-@@ -52,6 +52,7 @@ import java.security.PrivilegedAction;
- import java.security.PrivilegedAction;
-
- import sun.reflect.misc.MethodUtil;
-+import sun.reflect.misc.ReflectUtil;
- import sun.util.CoreResourceBundleControl;
-
- /**
-@@ -1079,6 +1080,9 @@ public class UIDefaults extends Hashtabl
- // In order to pick up the security policy in effect at the
- // time of creation we use a doPrivileged with the
- // AccessControlContext that was in place when this was created.
-+ if (acc == null && System.getSecurityManager() != null) {
-+ throw new SecurityException("null AccessControlContext");
-+ }
- return AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
- try {
-@@ -1094,7 +1098,9 @@ public class UIDefaults extends Hashtabl
- cl = ClassLoader.getSystemClassLoader();
- }
- }
-+ ReflectUtil.checkPackageAccess(className);
- c = Class.forName(className, true, (ClassLoader)cl);
-+ checkAccess(c.getModifiers());
- if (methodName != null) {
- Class[] types = getClassArray(args);
- Method m = c.getMethod(methodName, types);
-@@ -1102,6 +1108,7 @@ public class UIDefaults extends Hashtabl
- } else {
- Class[] types = getClassArray(args);
- Constructor constructor = c.getConstructor(types);
-+ checkAccess(constructor.getModifiers());
- return constructor.newInstance(args);
- }
- } catch(Exception e) {
-@@ -1115,8 +1122,15 @@ public class UIDefaults extends Hashtabl
- }
- }, acc);
- }
-+
-+ private void checkAccess(int modifiers) {
-+ if(System.getSecurityManager() != null &&
-+ !Modifier.isPublic(modifiers)) {
-+ throw new SecurityException("Resource is not accessible");
-+ }
-+ }
-
-- /*
-+ /*
- * Coerce the array of class types provided into one which
- * looks the way the Reflection APIs expect. This is done
More information about the distro-pkg-dev
mailing list