About recent Security Advisories

Paulo César Pereira de Andrade pcpa at mandriva.com.br
Fri Oct 29 12:17:05 PDT 2010 

Dalibor Topic wrote:
> On 10/25/10 9:31 PM, Paulo César Pereira de Andrade wrote:

  Hi again :-) I did some more work/tests on a possible updated
package.

  I am trying to correct some issues with the jmol applet in the
sagemath notebook, as this is the reason I started doing some work
on the openjdk package... I had it somewhat usable with icedtea-1.8.1,
and almost got it to be in an usable state with icedtea-1.8.2.

  One problem is that opendjdk does not allow popups, but sun-java
allows it, at least for connections to localhost. Because of that,
I had previously changed the package to use signed jars, and due to
that, I needed to patch the scripts because when using signed jars,
it would search files from the root directory, but now in icedtea-1.8.2
it does not, and I need to use unsigned jars again, bad that should
be better as now it should have better compatibility with sun-java.

  So far, with this patch I almost got things to work, but without
popups in the applet:
-%<-
cat
/home/pcpa/mandriva/svn/java-1.6.0-openjdk/SOURCES/icedtea6-1.8.2-mutex_and_leak.patch
diff -p -up icedtea6-1.8.2/plugin/icedteanp/IcedTeaNPPlugin.cc.orig
icedtea6-1.8.2/plugin/icedteanp/IcedTeaNPPlugin.cc
--- icedtea6-1.8.2/plugin/icedteanp/IcedTeaNPPlugin.cc.orig	2010-10-29
16:01:16.842506014 -0200
+++ icedtea6-1.8.2/plugin/icedteanp/IcedTeaNPPlugin.cc	2010-10-29
16:20:23.627505837 -0200
@@ -412,7 +412,9 @@ void start_jvm_if_needed()
   // This is asynchronized function. It must
   // have exclusivity when running.

-  GMutex *vm_start_mutex = g_mutex_new();
+  static GMutex *vm_start_mutex;
+  if (vm_start_mutex == NULL)
+    vm_start_mutex = g_mutex_new();
   g_mutex_lock(vm_start_mutex);

   PLUGIN_DEBUG("Checking JVM status...\n");
@@ -421,6 +423,7 @@ void start_jvm_if_needed()
   if (jvm_up)
   {
       PLUGIN_DEBUG("JVM is up. Returning.\n");
+      g_mutex_unlock(vm_start_mutex);
       return;
   }

diff -p -up icedtea6-1.8.2/plugin/icedteanp/IcedTeaPluginUtils.cc.orig
icedtea6-1.8.2/plugin/icedteanp/IcedTeaPluginUtils.cc
--- icedtea6-1.8.2/plugin/icedteanp/IcedTeaPluginUtils.cc.orig	2010-10-29
16:05:34.780507206 -0200
+++ icedtea6-1.8.2/plugin/icedteanp/IcedTeaPluginUtils.cc	2010-10-29
16:31:36.731506939 -0200
@@ -1029,6 +1029,7 @@ MessageBus::post(const char* message)

 	PLUGIN_DEBUG("Trying to lock %p...\n", &msg_queue_mutex);
 	pthread_mutex_lock(&subscriber_mutex);
+	pthread_mutex_lock(&msg_queue_mutex);

     PLUGIN_DEBUG("Message %s received on bus. Notifying subscribers.\n",
msg);

@@ -1038,10 +1039,14 @@ MessageBus::post(const char* message)
     	message_consumed = ((BusSubscriber*) *i)->newMessageOnBus(msg);
     }

+    pthread_mutex_unlock(&msg_queue_mutex);
     pthread_mutex_unlock(&subscriber_mutex);

-    if (!message_consumed)
+    if (!message_consumed) {
     	PLUGIN_DEBUG("Warning: No consumer found for message %s\n", msg);
+	/* no subscribers */
+	free(msg);
+    }

     PLUGIN_DEBUG("%p unlocked...\n", &msg_queue_mutex);
 }
-%<-

  I believe there is some interleaved mutex somewhere, of maybe,
it should somehow only return from
IcedTeaNPPlugin.cc:plugin_send_message_to_appletviewer() after
having some kind of ack that the message was processed.

  It is almost running in the sense that with the above patch, I
can open a few 3d graphics on a sagemath notebook, but usually
it will lock hard soon or later.

  If anybody have hints, what should be an acceptable solution is:
o Kill any previous applets when starting a new one.
o Patching where it disallows popups to allow from localhost connections
  at least.
Any hints where to investigate and/or patch for it?

  I will do some more debugging and hope to extend the patch above to
correct the problems, but it somewhat acceptable now if one opens only
one applet and/or run "killall -9 `pidof java`" before the next (last
option is not acceptable of course)...

Thanks,
Paulo

>>   Hi,
>>
>>   Does http://lwn.net/Articles/410013/ affect recent openjdk and/or b18
>> in some way?
>
> Hi,
>
> the patches have been pushed into OpenJDK 6, and have made their way
> downstream as
> well, afaik.
>
> cheers,
> dalibor topic
>
> --
> Oracle <http://www.oracle.com>
> Dalibor Topic | Java F/OSS Ambassador
> Phone: +494023646738 <tel:+494023646738> | | | Mobile: +491772664192
> <tel:+491772664192>
> Oracle Java Platform Group
>
> ORACLE Deutschland B.V. & Co. KG | Nagelsweg 55 | 20097 Hamburg
>
> ORACLE Deutschland B.V. & Co. KG
> Hauptverwaltung: Riesstr. 25, D-80992 München
> Registergericht: Amtsgericht München, HRA 95603
>
> Komplementärin: ORACLE Deutschland Verwaltung B.V.
> Rijnzathe 6, 3454PV De Meern, Niederlande
> Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
> Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven
>
> Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
> developing practices and products that help protect the environment
>

More information about the distro-pkg-dev mailing list