Backport JPopupMenu fixes to release branches.
Dr Andrew John Hughes
ahughes at redhat.com
Wed Feb 23 05:49:28 PST 2011
On 18:36 Tue 22 Feb , Denis Lila wrote:
> Hi.
>
> I would like to backport these changesets:
> http://hg.openjdk.java.net/jdk7/jdk7/jdk/rev/dd66920b2d51
> http://hg.openjdk.java.net/jdk7/jdk7/jdk/rev/40414219305f
>
> to 1.7, 1.8, 1.9.
>
> Ok to push?
>
> Thank you,
> Denis.
Approved.
> diff -r 6a127ad66978 ChangeLog
> --- a/ChangeLog Tue Feb 15 23:04:22 2011 +0000
> +++ b/ChangeLog Tue Feb 22 18:31:28 2011 -0500
> @@ -1,3 +1,12 @@
> +2011-02-22 Denis Lila <dlila at redhat.com>
> +
> + * Makefile.am: Added patches.
> + * NEWS: Updated.
> + * patches/openjdk/6675802-securityExceptions-applets.patch:
> + Get permissions before setting always on top.
> + * patches/openjdk/6691503-malicious-applet-always-on-top.patch:
> + Remove the fix above. Do nothing if SecurityException is thrown.
> +
> 2011-02-15 Andrew John Hughes <ahughes at redhat.com>
>
> * NEWS: Add 1.7.11 section.
> diff -r 6a127ad66978 Makefile.am
> --- a/Makefile.am Tue Feb 15 23:04:22 2011 +0000
> +++ b/Makefile.am Tue Feb 22 18:31:28 2011 -0500
> @@ -393,7 +393,9 @@
> patches/openjdk/6541476-png-iTXt-chunk.patch \
> patches/openjdk/6782079-png_metadata_oom.patch \
> patches/rh676659-gcc-export-dynamic.patch \
> - patches/latent_jaxp_bug.patch
> + patches/latent_jaxp_bug.patch \
> + patches/openjdk/6675802-securityExceptions-applets.patch \
> + patches/openjdk/6691503-malicious-applet-always-on-top.patch
>
> if WITH_ALT_HSBUILD
> ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/openjdk-6886353-ignore_deoptimizealot.patch \
> diff -r 6a127ad66978 NEWS
> --- a/NEWS Tue Feb 15 23:04:22 2011 +0000
> +++ b/NEWS Tue Feb 22 18:31:28 2011 -0500
> @@ -10,6 +10,10 @@
>
> New in release 1.7.11 (20XX-XX-XX):
>
> +* Backports
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +
> New in release 1.7.10 (2011-02-15):
>
> * Security updates
> diff -r 6a127ad66978 patches/openjdk/6675802-securityExceptions-applets.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6675802-securityExceptions-applets.patch Tue Feb 22 18:31:28 2011 -0500
> @@ -0,0 +1,75 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208528462 -14400
> +# Node ID dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +# Parent 147803acf437b81e72e50236030f2bc9ac37caee
> +6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> +Summary: The problem code in Popup class is surrounded by AccessController.doPrivileged()
> +Reviewed-by: alexp
> +
> +diff -r 147803acf437 -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Mon Apr 14 16:41:00 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -229,7 +229,14 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- setAlwaysOnTop(true);
> ++ java.security.AccessController.doPrivileged(
> ++ new java.security.PrivilegedAction<Object>() {
> ++ public Object run() {
> ++ setAlwaysOnTop(true);
> ++ return null;
> ++ }
> ++ }
> ++ );
> + }
> +
> + public void update(Graphics g) {
> +diff -r 147803acf437 -r dd66920b2d51 test/javax/swing/JPopupMenu/6675802/bug6675802.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6675802/bug6675802.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -0,0 +1,43 @@
> ++/*
> ++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> ++ * CA 95054 USA or visit www.sun.com if you need additional information or
> ++ * have any questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6675802
> ++ * @summary Checks that there is no AccessControlException when
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6675802
> ++ */
> ++
> ++import javax.swing.*;
> ++
> ++public class bug6675802 {
> ++ public static void main(String[] args) {
> ++ System.setSecurityManager(new SecurityManager());
> ++ final JPopupMenu popupMenu = new JPopupMenu();
> ++ popupMenu.add(new JMenuItem("Click"));
> ++ popupMenu.show(null, 0, 0);
> ++ System.out.println("Test passed");
> ++ }
> ++}
> diff -r 6a127ad66978 patches/openjdk/6691503-malicious-applet-always-on-top.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch Tue Feb 22 18:31:28 2011 -0500
> @@ -0,0 +1,153 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208959594 -14400
> +# Node ID 40414219305f6b38ac156fdedd5528923ba9aada
> +# Parent dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +Summary: The fix for 6675802 is replaced by a try-catch clause that catches SequrityExceptions for applets.
> +Reviewed-by: alexp
> +
> +diff -r dd66920b2d51 -r 40414219305f src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Apr 23 18:06:34 2008 +0400
> +@@ -229,14 +229,15 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- java.security.AccessController.doPrivileged(
> +- new java.security.PrivilegedAction<Object>() {
> +- public Object run() {
> +- setAlwaysOnTop(true);
> +- return null;
> +- }
> +- }
> +- );
> ++ // Try to set "always-on-top" for the popup window.
> ++ // Applets usually don't have sufficient permissions to do it.
> ++ // In this case simply ignore the exception.
> ++ try {
> ++ setAlwaysOnTop(true);
> ++ } catch (SecurityException se) {
> ++ // setAlwaysOnTop is restricted,
> ++ // the exception is ignored
> ++ }
> + }
> +
> + public void update(Graphics g) {
> +diff -r dd66920b2d51 -r 40414219305f test/javax/swing/JPopupMenu/6691503/bug6691503.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6691503/bug6691503.java Wed Apr 23 18:06:34 2008 +0400
> +@@ -0,0 +1,113 @@
> ++/*
> ++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> ++ * CA 95054 USA or visit www.sun.com if you need additional information or
> ++ * have any questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6691503
> ++ * @summary Checks that there is no opportunity for a malicious applet
> ++ * to show a popup menu which has whole screen size.
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6691503
> ++ */
> ++
> ++import sun.awt.SunToolkit;
> ++
> ++import javax.swing.*;
> ++import java.awt.*;
> ++
> ++public class bug6691503 {
> ++ private JPopupMenu popupMenu;
> ++ private JFrame frame;
> ++ private boolean isAlwaysOnTop1 = false;
> ++ private boolean isAlwaysOnTop2 = true;
> ++
> ++ public static void main(String[] args) {
> ++ bug6691503 test = new bug6691503();
> ++ test.setupUI();
> ++ test.testApplication();
> ++ test.testApplet();
> ++ test.checkResult();
> ++ test.stopEDT();
> ++ }
> ++
> ++ private void setupUI() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame = new JFrame();
> ++ frame.setVisible(true);
> ++ popupMenu = new JPopupMenu();
> ++ JMenuItem click = new JMenuItem("Click");
> ++ popupMenu.add(click);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplication() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop1 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Application: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop1);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplet() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ System.setSecurityManager(new SecurityManager());
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop2 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Applet: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop2);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void checkResult() {
> ++ ((SunToolkit)(Toolkit.getDefaultToolkit())).realSync();
> ++ if (!isAlwaysOnTop1 || isAlwaysOnTop2) {
> ++ throw new RuntimeException("Malicious applet can show always-on-top " +
> ++ "popup menu which has whole screen size");
> ++ }
> ++ System.out.println("Test passed");
> ++ }
> ++
> ++ private void stopEDT() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame.dispose();
> ++ }
> ++ });
> ++ }
> ++}
> ++
> ++
> diff -r 7fbd2259a4c1 ChangeLog
> --- a/ChangeLog Thu Dec 16 19:37:17 2010 +0000
> +++ b/ChangeLog Tue Feb 22 18:32:26 2011 -0500
> @@ -1,3 +1,12 @@
> +2011-02-22 Denis Lila <dlila at redhat.com>
> +
> + * Makefile.am: Added patches.
> + * NEWS: Updated.
> + * patches/openjdk/6675802-securityExceptions-applets.patch:
> + Get permissions before setting always on top.
> + * patches/openjdk/6691503-malicious-applet-always-on-top.patch:
> + Remove the fix above. Do nothing if SecurityException is thrown.
> +
> 2010-12-16 Andrew John Hughes <ahughes at redhat.com>
>
> * NEWS: Fix issue placement.
> diff -r 7fbd2259a4c1 Makefile.am
> --- a/Makefile.am Thu Dec 16 19:37:17 2010 +0000
> +++ b/Makefile.am Tue Feb 22 18:32:26 2011 -0500
> @@ -360,7 +360,9 @@
> patches/openjdk/6438179-systray_check.patch \
> patches/openjdk/4356282-opentype.patch \
> patches/openjdk/6954424-opentype_javadoc.patch \
> - patches/openjdk/6795356-proxylazyvalue-leak.patch
> + patches/openjdk/6795356-proxylazyvalue-leak.patch \
> + patches/openjdk/6675802-securityExceptions-applets.patch \
> + patches/openjdk/6691503-malicious-applet-always-on-top.patch
>
> if WITH_ALT_HSBUILD
> ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/openjdk-6886353-ignore_deoptimizealot.patch \
> diff -r 7fbd2259a4c1 NEWS
> --- a/NEWS Thu Dec 16 19:37:17 2010 +0000
> +++ b/NEWS Tue Feb 22 18:32:26 2011 -0500
> @@ -18,6 +18,8 @@
> - S6967433: dashed lines broken when using scaling transforms.
> - S6976265: No STROKE_CONTROL
> - S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> * Fixes:
> - S7003777, RH647674: JTextPane produces incorrect content after parsing the html text
>
> diff -r 7fbd2259a4c1 patches/openjdk/6675802-securityExceptions-applets.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6675802-securityExceptions-applets.patch Tue Feb 22 18:32:26 2011 -0500
> @@ -0,0 +1,75 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208528462 -14400
> +# Node ID dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +# Parent 147803acf437b81e72e50236030f2bc9ac37caee
> +6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> +Summary: The problem code in Popup class is surrounded by AccessController.doPrivileged()
> +Reviewed-by: alexp
> +
> +diff -r 147803acf437 -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Mon Apr 14 16:41:00 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -229,7 +229,14 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- setAlwaysOnTop(true);
> ++ java.security.AccessController.doPrivileged(
> ++ new java.security.PrivilegedAction<Object>() {
> ++ public Object run() {
> ++ setAlwaysOnTop(true);
> ++ return null;
> ++ }
> ++ }
> ++ );
> + }
> +
> + public void update(Graphics g) {
> +diff -r 147803acf437 -r dd66920b2d51 test/javax/swing/JPopupMenu/6675802/bug6675802.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6675802/bug6675802.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -0,0 +1,43 @@
> ++/*
> ++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> ++ * CA 95054 USA or visit www.sun.com if you need additional information or
> ++ * have any questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6675802
> ++ * @summary Checks that there is no AccessControlException when
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6675802
> ++ */
> ++
> ++import javax.swing.*;
> ++
> ++public class bug6675802 {
> ++ public static void main(String[] args) {
> ++ System.setSecurityManager(new SecurityManager());
> ++ final JPopupMenu popupMenu = new JPopupMenu();
> ++ popupMenu.add(new JMenuItem("Click"));
> ++ popupMenu.show(null, 0, 0);
> ++ System.out.println("Test passed");
> ++ }
> ++}
> diff -r 7fbd2259a4c1 patches/openjdk/6691503-malicious-applet-always-on-top.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch Tue Feb 22 18:32:26 2011 -0500
> @@ -0,0 +1,153 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208959594 -14400
> +# Node ID 40414219305f6b38ac156fdedd5528923ba9aada
> +# Parent dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +Summary: The fix for 6675802 is replaced by a try-catch clause that catches SequrityExceptions for applets.
> +Reviewed-by: alexp
> +
> +diff -r dd66920b2d51 -r 40414219305f src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Apr 23 18:06:34 2008 +0400
> +@@ -229,14 +229,15 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- java.security.AccessController.doPrivileged(
> +- new java.security.PrivilegedAction<Object>() {
> +- public Object run() {
> +- setAlwaysOnTop(true);
> +- return null;
> +- }
> +- }
> +- );
> ++ // Try to set "always-on-top" for the popup window.
> ++ // Applets usually don't have sufficient permissions to do it.
> ++ // In this case simply ignore the exception.
> ++ try {
> ++ setAlwaysOnTop(true);
> ++ } catch (SecurityException se) {
> ++ // setAlwaysOnTop is restricted,
> ++ // the exception is ignored
> ++ }
> + }
> +
> + public void update(Graphics g) {
> +diff -r dd66920b2d51 -r 40414219305f test/javax/swing/JPopupMenu/6691503/bug6691503.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6691503/bug6691503.java Wed Apr 23 18:06:34 2008 +0400
> +@@ -0,0 +1,113 @@
> ++/*
> ++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> ++ * CA 95054 USA or visit www.sun.com if you need additional information or
> ++ * have any questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6691503
> ++ * @summary Checks that there is no opportunity for a malicious applet
> ++ * to show a popup menu which has whole screen size.
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6691503
> ++ */
> ++
> ++import sun.awt.SunToolkit;
> ++
> ++import javax.swing.*;
> ++import java.awt.*;
> ++
> ++public class bug6691503 {
> ++ private JPopupMenu popupMenu;
> ++ private JFrame frame;
> ++ private boolean isAlwaysOnTop1 = false;
> ++ private boolean isAlwaysOnTop2 = true;
> ++
> ++ public static void main(String[] args) {
> ++ bug6691503 test = new bug6691503();
> ++ test.setupUI();
> ++ test.testApplication();
> ++ test.testApplet();
> ++ test.checkResult();
> ++ test.stopEDT();
> ++ }
> ++
> ++ private void setupUI() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame = new JFrame();
> ++ frame.setVisible(true);
> ++ popupMenu = new JPopupMenu();
> ++ JMenuItem click = new JMenuItem("Click");
> ++ popupMenu.add(click);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplication() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop1 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Application: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop1);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplet() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ System.setSecurityManager(new SecurityManager());
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop2 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Applet: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop2);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void checkResult() {
> ++ ((SunToolkit)(Toolkit.getDefaultToolkit())).realSync();
> ++ if (!isAlwaysOnTop1 || isAlwaysOnTop2) {
> ++ throw new RuntimeException("Malicious applet can show always-on-top " +
> ++ "popup menu which has whole screen size");
> ++ }
> ++ System.out.println("Test passed");
> ++ }
> ++
> ++ private void stopEDT() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame.dispose();
> ++ }
> ++ });
> ++ }
> ++}
> ++
> ++
> diff -r 5af2053661b9 ChangeLog
> --- a/ChangeLog Thu Dec 16 19:31:39 2010 +0000
> +++ b/ChangeLog Tue Feb 22 18:36:50 2011 -0500
> @@ -1,3 +1,12 @@
> +2011-02-22 Denis Lila <dlila at redhat.com>
> +
> + * Makefile.am: Added patches.
> + * NEWS: Updated.
> + * patches/openjdk/6675802-securityExceptions-applets.patch:
> + Get permissions before setting always on top.
> + * patches/openjdk/6691503-malicious-applet-always-on-top.patch:
> + Remove the fix above. Do nothing if SecurityException is thrown.
> +
> 2010-12-16 Andrew John Hughes <ahughes at redhat.com>
>
> * NEWS: Place RH647674 under correct section.
> diff -r 5af2053661b9 Makefile.am
> --- a/Makefile.am Thu Dec 16 19:31:39 2010 +0000
> +++ b/Makefile.am Tue Feb 22 18:36:50 2011 -0500
> @@ -323,7 +323,9 @@
> patches/openjdk/6438179-systray_check.patch \
> patches/openjdk/4356282-opentype.patch \
> patches/openjdk/6954424-opentype_javadoc.patch \
> - patches/openjdk/6795356-proxylazyvalue-leak.patch
> + patches/openjdk/6795356-proxylazyvalue-leak.patch \
> + patches/openjdk/6675802-securityExceptions-applets.patch \
> + patches/openjdk/6691503-malicious-applet-always-on-top.patch
>
> if WITH_ALT_HSBUILD
> ICEDTEA_PATCHES += \
> diff -r 5af2053661b9 NEWS
> --- a/NEWS Thu Dec 16 19:31:39 2010 +0000
> +++ b/NEWS Tue Feb 22 18:36:50 2011 -0500
> @@ -19,6 +19,8 @@
> - S6976265: No STROKE_CONTROL
> - S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
> - S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> * Fixes
> - S7003777, RH647674: JTextPane produces incorrect content after parsing the html text
>
> diff -r 5af2053661b9 patches/openjdk/6675802-securityExceptions-applets.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6675802-securityExceptions-applets.patch Tue Feb 22 18:36:50 2011 -0500
> @@ -0,0 +1,75 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208528462 -14400
> +# Node ID dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +# Parent 147803acf437b81e72e50236030f2bc9ac37caee
> +6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> +Summary: The problem code in Popup class is surrounded by AccessController.doPrivileged()
> +Reviewed-by: alexp
> +
> +diff -r 147803acf437 -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Mon Apr 14 16:41:00 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -229,7 +229,14 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- setAlwaysOnTop(true);
> ++ java.security.AccessController.doPrivileged(
> ++ new java.security.PrivilegedAction<Object>() {
> ++ public Object run() {
> ++ setAlwaysOnTop(true);
> ++ return null;
> ++ }
> ++ }
> ++ );
> + }
> +
> + public void update(Graphics g) {
> +diff -r 147803acf437 -r dd66920b2d51 test/javax/swing/JPopupMenu/6675802/bug6675802.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6675802/bug6675802.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -0,0 +1,43 @@
> ++/*
> ++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> ++ * CA 95054 USA or visit www.sun.com if you need additional information or
> ++ * have any questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6675802
> ++ * @summary Checks that there is no AccessControlException when
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6675802
> ++ */
> ++
> ++import javax.swing.*;
> ++
> ++public class bug6675802 {
> ++ public static void main(String[] args) {
> ++ System.setSecurityManager(new SecurityManager());
> ++ final JPopupMenu popupMenu = new JPopupMenu();
> ++ popupMenu.add(new JMenuItem("Click"));
> ++ popupMenu.show(null, 0, 0);
> ++ System.out.println("Test passed");
> ++ }
> ++}
> diff -r 5af2053661b9 patches/openjdk/6691503-malicious-applet-always-on-top.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch Tue Feb 22 18:36:50 2011 -0500
> @@ -0,0 +1,153 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208959594 -14400
> +# Node ID 40414219305f6b38ac156fdedd5528923ba9aada
> +# Parent dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +Summary: The fix for 6675802 is replaced by a try-catch clause that catches SequrityExceptions for applets.
> +Reviewed-by: alexp
> +
> +diff -r dd66920b2d51 -r 40414219305f src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Apr 23 18:06:34 2008 +0400
> +@@ -229,14 +229,15 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- java.security.AccessController.doPrivileged(
> +- new java.security.PrivilegedAction<Object>() {
> +- public Object run() {
> +- setAlwaysOnTop(true);
> +- return null;
> +- }
> +- }
> +- );
> ++ // Try to set "always-on-top" for the popup window.
> ++ // Applets usually don't have sufficient permissions to do it.
> ++ // In this case simply ignore the exception.
> ++ try {
> ++ setAlwaysOnTop(true);
> ++ } catch (SecurityException se) {
> ++ // setAlwaysOnTop is restricted,
> ++ // the exception is ignored
> ++ }
> + }
> +
> + public void update(Graphics g) {
> +diff -r dd66920b2d51 -r 40414219305f test/javax/swing/JPopupMenu/6691503/bug6691503.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6691503/bug6691503.java Wed Apr 23 18:06:34 2008 +0400
> +@@ -0,0 +1,113 @@
> ++/*
> ++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> ++ * CA 95054 USA or visit www.sun.com if you need additional information or
> ++ * have any questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6691503
> ++ * @summary Checks that there is no opportunity for a malicious applet
> ++ * to show a popup menu which has whole screen size.
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6691503
> ++ */
> ++
> ++import sun.awt.SunToolkit;
> ++
> ++import javax.swing.*;
> ++import java.awt.*;
> ++
> ++public class bug6691503 {
> ++ private JPopupMenu popupMenu;
> ++ private JFrame frame;
> ++ private boolean isAlwaysOnTop1 = false;
> ++ private boolean isAlwaysOnTop2 = true;
> ++
> ++ public static void main(String[] args) {
> ++ bug6691503 test = new bug6691503();
> ++ test.setupUI();
> ++ test.testApplication();
> ++ test.testApplet();
> ++ test.checkResult();
> ++ test.stopEDT();
> ++ }
> ++
> ++ private void setupUI() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame = new JFrame();
> ++ frame.setVisible(true);
> ++ popupMenu = new JPopupMenu();
> ++ JMenuItem click = new JMenuItem("Click");
> ++ popupMenu.add(click);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplication() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop1 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Application: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop1);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplet() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ System.setSecurityManager(new SecurityManager());
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop2 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Applet: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop2);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void checkResult() {
> ++ ((SunToolkit)(Toolkit.getDefaultToolkit())).realSync();
> ++ if (!isAlwaysOnTop1 || isAlwaysOnTop2) {
> ++ throw new RuntimeException("Malicious applet can show always-on-top " +
> ++ "popup menu which has whole screen size");
> ++ }
> ++ System.out.println("Test passed");
> ++ }
> ++
> ++ private void stopEDT() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame.dispose();
> ++ }
> ++ });
> ++ }
> ++}
> ++
> ++
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D 0698 0713 C3ED F586 2A37
More information about the distro-pkg-dev
mailing list