/hg/release/icedtea-web-1.0: 5 new changesets

dbhole at icedtea.classpath.org dbhole at icedtea.classpath.org
Mon Apr 4 08:13:52 PDT 2011 

changeset a5e96f8affa6 in /hg/release/icedtea-web-1.0
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=a5e96f8affa6
author: Deepak Bhole <dbhole at redhat.com>
date: Sat Apr 02 17:59:32 2011 -0400

	Backport patch for RH677772: NoSuchAlgorithmException using SSL/TLS
	in javaws


changeset c16a09791e54 in /hg/release/icedtea-web-1.0
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=c16a09791e54
author: Deepak Bhole <dbhole at redhat.com>
date: Sat Apr 02 18:00:21 2011 -0400

	Handle case where source or source.getLocation() is null when
	checking for system jars


changeset de51c15ae614 in /hg/release/icedtea-web-1.0
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=de51c15ae614
author: Deepak Bhole <dbhole at redhat.com>
date: Sat Apr 02 18:04:47 2011 -0400

	2011-04-04 Deepak Bhole <dbhole at redhat.com>

	 * NEWS: Update for 1.0.2 release.
	    * configure.ac: Bump to 1.0.2


changeset 18c14b6f3d53 in /hg/release/icedtea-web-1.0
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=18c14b6f3d53
author: Deepak Bhole <dbhole at redhat.com>
date: Sat Apr 02 18:05:24 2011 -0400

	Added tag icedtea-web-1.0.2 for changeset de51c15ae614


changeset 9fd1cd238005 in /hg/release/icedtea-web-1.0
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=9fd1cd238005
author: Deepak Bhole <dbhole at redhat.com>
date: Sun Apr 03 19:11:48 2011 -0400

	Prepare for 1.0.3


diffstat:

 .hgtags                                                    |   1 +
 ChangeLog                                                  |  30 ++++++++
 NEWS                                                       |   5 +-
 configure.ac                                               |   2 +-
 netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java          |  31 ++++++++
 netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java |  49 --------------
 6 files changed, 67 insertions(+), 51 deletions(-)

diffs (203 lines):

diff -r 04a9055a491d -r 9fd1cd238005 .hgtags
--- a/.hgtags	Tue Mar 29 15:14:13 2011 +0100
+++ b/.hgtags	Sun Apr 03 19:11:48 2011 -0400
@@ -1,3 +1,4 @@
 692d7e5b31039156aff1600fd7f5034fead2f258 icedtea-web-1.0-branch
 3973cfa679272d5057f2a1527483796964a1de6c icedtea-web-1.0
 6af7ac54a177bf31d335ce4a58f6c7abcbd0333c icedtea-web-1.0.1
+de51c15ae614f5877373d82a8fa492325d4d6db8 icedtea-web-1.0.2
diff -r 04a9055a491d -r 9fd1cd238005 ChangeLog
--- a/ChangeLog	Tue Mar 29 15:14:13 2011 +0100
+++ b/ChangeLog	Sun Apr 03 19:11:48 2011 -0400
@@ -1,3 +1,33 @@
+2011-04-04  Deepak Bhole <dbhole at redhat.com>
+
+	* NEWS: Add 1.0.3
+	* configure.ac: Bump to 1.0.3pre
+
+2011-04-04  Deepak Bhole <dbhole at redhat.com>
+
+	* NEWS: Update for 1.0.2 release.
+	* configure.ac: Bump to 1.0.2
+
+2011-03-01  Omair Majid  <omajid at redhat.com>
+
+	 * netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java (isSystemJar): Check
+	 for nulls.
+
+2011-02-23  Omair Majid  <omajid at redhat.com>
+
+	RH677772: NoSuchAlgorithmException using SSL/TLS in javaws
+	* NEWS: Update with bugfix.
+	* netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java: Add new field
+	jreExtDir.
+	(JNLPPolicy): Initialize jreExtDir.
+	(getPermissions): Grant AllPermissions if the CodeSourse is a system jar.
+	(isSystemJar): New method.
+	* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+	(checkPermission): Remove special casing of
+	SecurityPermission("putProviderProperty.SunJCE") and
+	SecurityPermission("accessClassInPackage.sun.security.internal.spec").
+	(inTrustedCallChain): Remove.
+
 2010-03-29  Andrew John Hughes  <ahughes at redhat.com>
 
 	* NEWS: Updated.
diff -r 04a9055a491d -r 9fd1cd238005 NEWS
--- a/NEWS	Tue Mar 29 15:14:13 2011 +0100
+++ b/NEWS	Sun Apr 03 19:11:48 2011 -0400
@@ -8,9 +8,12 @@
 
 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
-New in release 1.0.2 (2011-XX-XX):
+New in release 1.0.3 (2011-XX-XX):
+
+New in release 1.0.2 (2011-04-04):
 * Common Fixes and Improvements
   - PR638: JNLPClassLoader.loadClass(String name) can return null
+  - RH677772: NoSuchAlgorithmException using SSL/TLS in javaws
 * Plugin
   - PR612: NetDania application ends on java.security.AccessControlException: access denied (java.util.PropertyPermission browser read)
   - Replace binary PDF documentation with editable HTML version.
diff -r 04a9055a491d -r 9fd1cd238005 configure.ac
--- a/configure.ac	Tue Mar 29 15:14:13 2011 +0100
+++ b/configure.ac	Sun Apr 03 19:11:48 2011 -0400
@@ -1,4 +1,4 @@
-AC_INIT([icedtea-web],[1.0.2pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
+AC_INIT([icedtea-web],[1.0.3pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
 AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
 AC_CONFIG_FILES([Makefile])
 
diff -r 04a9055a491d -r 9fd1cd238005 netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java	Tue Mar 29 15:14:13 2011 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java	Sun Apr 03 19:11:48 2011 -0400
@@ -16,6 +16,7 @@
 
 package net.sourceforge.jnlp.runtime;
 
+import java.io.File;
 import java.security.*;
 import java.util.Enumeration;
 
@@ -40,10 +41,15 @@
     /** the previous policy */
     private static Policy systemPolicy;
 
+    private final String jreExtDir;
+
     protected JNLPPolicy() {
         shellSource = JNLPPolicy.class.getProtectionDomain().getCodeSource();
         systemSource = Policy.class.getProtectionDomain().getCodeSource();
         systemPolicy = Policy.getPolicy();
+
+        String jre = System.getProperty("java.home");
+        jreExtDir = jre + File.separator + "lib" + File.separator + "ext";
     }
 
     /**
@@ -54,6 +60,10 @@
         if (source.equals(systemSource) || source.equals(shellSource))
             return getAllPermissions();
 
+        if (isSystemJar(source)) {
+            return getAllPermissions();
+        }
+
         // if we check the SecurityDesc here then keep in mind that
         // code can add properties at runtime to the ResourcesDesc!
         if (JNLPRuntime.getApplication() != null) {
@@ -76,6 +86,27 @@
         return systemPolicy.getPermissions(source);
     }
 
+
+     /**
+     * Returns true if the CodeSource corresponds to a system jar. That is,
+     * it's part of the JRE.
+     */
+    private boolean isSystemJar(CodeSource source) {
+        if (source == null || source.getLocation() == null) {
+            return false;
+        }
+
+        // anything in JRE/lib/ext is a system jar and has full permissions
+        String sourceProtocol = source.getLocation().getProtocol();
+        String sourcePath = source.getLocation().getPath();
+        if (sourceProtocol.toUpperCase().equals("FILE") &&
+                sourcePath.startsWith(jreExtDir)) {
+            return true;
+        }
+
+        return false;
+    }
+
     /**
      * Refresh.
      */
diff -r 04a9055a491d -r 9fd1cd238005 netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Tue Mar 29 15:14:13 2011 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Sun Apr 03 19:11:48 2011 -0400
@@ -311,27 +311,6 @@
                             }
                         }
                     }
-
-                } else if (perm instanceof SecurityPermission) {
-                    tmpPerm = perm;
-
-                    // JCE's initialization requires putProviderProperty permission
-                    if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
-                        if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
-                            return;
-                        }
-                    }
-
-                } else if (perm instanceof RuntimePermission) {
-                    tmpPerm = perm;
-
-                    // KeyGenerator's init method requires internal spec access
-                    if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
-                        if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
-                            return;
-                        }
-                    }
-
                 } else {
                     tmpPerm = perm;
                 }
@@ -356,34 +335,6 @@
     }
 
     /**
-     * Returns weather the given class and method are in the current stack,
-     * and whether or not everything upto then is trusted
-     *
-     * @param className The name of the class to look for in the stack
-     * @param methodName The name of the method for the given class to look for in the stack
-     * @return Weather or not class::method() are in the chain, and everything upto there is trusted
-     */
-    private boolean inTrustedCallChain(String className, String methodName) {
-
-        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
-
-        for (int i = 0; i < stack.length; i++) {
-
-            // Everything up to the desired class/method must be trusted
-            if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) {
-                return false;
-            }
-
-            if (stack[i].getClassName().equals(className) &&
-                    stack[i].getMethodName().equals(methodName)) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
      * Asks the user whether or not to grant permission.
      * @param perm the permission to be granted
      * @return true if the permission was granted, false otherwise.

More information about the distro-pkg-dev mailing list