Backport JPopupMenu fixes to release branches.
Dr Andrew John Hughes
ahughes at redhat.com
Wed Feb 23 12:44:04 PST 2011
On 15:14 Wed 23 Feb , Denis Lila wrote:
> > It might be a good idea to update the copyright (Sun -> Oracle).
>
> Done.
Ugh, I hate that stuff. But Omair's right. Thanks for doing it.
> Also, I noticed that the old patches I posted were bad because
> they were against some very old clones of the release branches.
> I fixed that.
>
> Ok to push now?
>
Assuming all three build with the patch, yes.
> Thanks,
> Denis.
>
> ----- Original Message -----
> > On 02/23/2011 08:49 AM, Dr Andrew John Hughes wrote:
> > > On 18:36 Tue 22 Feb , Denis Lila wrote:
> > >> Hi.
> > >>
> > >> I would like to backport these changesets:
> > >> http://hg.openjdk.java.net/jdk7/jdk7/jdk/rev/dd66920b2d51
> > >> http://hg.openjdk.java.net/jdk7/jdk7/jdk/rev/40414219305f
> > >>
> > >> to 1.7, 1.8, 1.9.
> > >>
> > >> Ok to push?
> > >>
> > >> Thank you,
> > >> Denis.
> > >
> > > Approved.
> > >
> >
>
> >
> > Cheers,
> > Omair
> exporting patch:
> # HG changeset patch
> # User Denis Lila <dlila at redhat.com>
> # Date 1298487624 18000
> # Node ID d780d2efc83003834055684ed4ac9c9811c76098
> # Parent 6a127ad66978e81129092004d4c6c6a125c1e1ee
> Fix for security exceptions when JPopupMenu sets always on top.
>
> diff -r 6a127ad66978 -r d780d2efc830 ChangeLog
> --- a/ChangeLog Tue Feb 15 23:04:22 2011 +0000
> +++ b/ChangeLog Wed Feb 23 14:00:24 2011 -0500
> @@ -1,3 +1,12 @@
> +2011-02-23 Denis Lila <dlila at redhat.com>
> +
> + * Makefile.am: Added patches.
> + * NEWS: Updated.
> + * patches/openjdk/6675802-securityExceptions-applets.patch:
> + Get permissions before setting always on top.
> + * patches/openjdk/6691503-malicious-applet-always-on-top.patch:
> + Remove the fix above. Do nothing if SecurityException is thrown.
> +
> 2011-02-15 Andrew John Hughes <ahughes at redhat.com>
>
> * NEWS: Add 1.7.11 section.
> diff -r 6a127ad66978 -r d780d2efc830 Makefile.am
> --- a/Makefile.am Tue Feb 15 23:04:22 2011 +0000
> +++ b/Makefile.am Wed Feb 23 14:00:24 2011 -0500
> @@ -393,7 +393,9 @@
> patches/openjdk/6541476-png-iTXt-chunk.patch \
> patches/openjdk/6782079-png_metadata_oom.patch \
> patches/rh676659-gcc-export-dynamic.patch \
> - patches/latent_jaxp_bug.patch
> + patches/latent_jaxp_bug.patch \
> + patches/openjdk/6675802-securityExceptions-applets.patch \
> + patches/openjdk/6691503-malicious-applet-always-on-top.patch
>
> if WITH_ALT_HSBUILD
> ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/openjdk-6886353-ignore_deoptimizealot.patch \
> diff -r 6a127ad66978 -r d780d2efc830 NEWS
> --- a/NEWS Tue Feb 15 23:04:22 2011 +0000
> +++ b/NEWS Wed Feb 23 14:00:24 2011 -0500
> @@ -10,6 +10,10 @@
>
> New in release 1.7.11 (20XX-XX-XX):
>
> +* Backports
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +
> New in release 1.7.10 (2011-02-15):
>
> * Security updates
> diff -r 6a127ad66978 -r d780d2efc830 patches/openjdk/6675802-securityExceptions-applets.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6675802-securityExceptions-applets.patch Wed Feb 23 14:00:24 2011 -0500
> @@ -0,0 +1,75 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208528462 -14400
> +# Node ID dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +# Parent 147803acf437b81e72e50236030f2bc9ac37caee
> +6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> +Summary: The problem code in Popup class is surrounded by AccessController.doPrivileged()
> +Reviewed-by: alexp
> +
> +diff -r 147803acf437 -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Mon Apr 14 16:41:00 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -229,7 +229,14 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- setAlwaysOnTop(true);
> ++ java.security.AccessController.doPrivileged(
> ++ new java.security.PrivilegedAction<Object>() {
> ++ public Object run() {
> ++ setAlwaysOnTop(true);
> ++ return null;
> ++ }
> ++ }
> ++ );
> + }
> +
> + public void update(Graphics g) {
> +diff -r 147803acf437 -r dd66920b2d51 test/javax/swing/JPopupMenu/6675802/bug6675802.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6675802/bug6675802.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -0,0 +1,43 @@
> ++/*
> ++ * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visit www.oracle.com if you need additional information or have any
> ++ * questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6675802
> ++ * @summary Checks that there is no AccessControlException when
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6675802
> ++ */
> ++
> ++import javax.swing.*;
> ++
> ++public class bug6675802 {
> ++ public static void main(String[] args) {
> ++ System.setSecurityManager(new SecurityManager());
> ++ final JPopupMenu popupMenu = new JPopupMenu();
> ++ popupMenu.add(new JMenuItem("Click"));
> ++ popupMenu.show(null, 0, 0);
> ++ System.out.println("Test passed");
> ++ }
> ++}
> diff -r 6a127ad66978 -r d780d2efc830 patches/openjdk/6691503-malicious-applet-always-on-top.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch Wed Feb 23 14:00:24 2011 -0500
> @@ -0,0 +1,173 @@
> +diff -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Feb 23 13:50:58 2011 -0500
> +@@ -1,12 +1,12 @@
> + /*
> +- * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
> ++ * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved.
> + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> + *
> + * This code is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License version 2 only, as
> +- * published by the Free Software Foundation. Sun designates this
> ++ * published by the Free Software Foundation. Oracle designates this
> + * particular file as subject to the "Classpath" exception as provided
> +- * by Sun in the LICENSE file that accompanied this code.
> ++ * by Oracle in the LICENSE file that accompanied this code.
> + *
> + * This code is distributed in the hope that it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> +@@ -18,9 +18,9 @@
> + * 2 along with this work; if not, write to the Free Software Foundation,
> + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> + *
> +- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> +- * CA 95054 USA or visit www.sun.com if you need additional information or
> +- * have any questions.
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visit www.oracle.com if you need additional information or have any
> ++ * questions.
> + */
> +
> + package javax.swing;
> +@@ -229,14 +229,15 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- java.security.AccessController.doPrivileged(
> +- new java.security.PrivilegedAction<Object>() {
> +- public Object run() {
> +- setAlwaysOnTop(true);
> +- return null;
> +- }
> +- }
> +- );
> ++ // Try to set "always-on-top" for the popup window.
> ++ // Applets usually don't have sufficient permissions to do it.
> ++ // In this case simply ignore the exception.
> ++ try {
> ++ setAlwaysOnTop(true);
> ++ } catch (SecurityException se) {
> ++ // setAlwaysOnTop is restricted,
> ++ // the exception is ignored
> ++ }
> + }
> +
> + public void update(Graphics g) {
> +diff -r dd66920b2d51 test/javax/swing/JPopupMenu/6691503/bug6691503.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6691503/bug6691503.java Wed Feb 23 13:50:58 2011 -0500
> +@@ -0,0 +1,113 @@
> ++/*
> ++ * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visit www.oracle.com if you need additional information or have any
> ++ * questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6691503
> ++ * @summary Checks that there is no opportunity for a malicious applet
> ++ * to show a popup menu which has whole screen size.
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6691503
> ++ */
> ++
> ++import sun.awt.SunToolkit;
> ++
> ++import javax.swing.*;
> ++import java.awt.*;
> ++
> ++public class bug6691503 {
> ++ private JPopupMenu popupMenu;
> ++ private JFrame frame;
> ++ private boolean isAlwaysOnTop1 = false;
> ++ private boolean isAlwaysOnTop2 = true;
> ++
> ++ public static void main(String[] args) {
> ++ bug6691503 test = new bug6691503();
> ++ test.setupUI();
> ++ test.testApplication();
> ++ test.testApplet();
> ++ test.checkResult();
> ++ test.stopEDT();
> ++ }
> ++
> ++ private void setupUI() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame = new JFrame();
> ++ frame.setVisible(true);
> ++ popupMenu = new JPopupMenu();
> ++ JMenuItem click = new JMenuItem("Click");
> ++ popupMenu.add(click);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplication() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop1 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Application: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop1);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplet() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ System.setSecurityManager(new SecurityManager());
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop2 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Applet: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop2);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void checkResult() {
> ++ ((SunToolkit)(Toolkit.getDefaultToolkit())).realSync();
> ++ if (!isAlwaysOnTop1 || isAlwaysOnTop2) {
> ++ throw new RuntimeException("Malicious applet can show always-on-top " +
> ++ "popup menu which has whole screen size");
> ++ }
> ++ System.out.println("Test passed");
> ++ }
> ++
> ++ private void stopEDT() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame.dispose();
> ++ }
> ++ });
> ++ }
> ++}
> ++
> ++
> exporting patch:
> # HG changeset patch
> # User Denis Lila <dlila at redhat.com>
> # Date 1298488299 18000
> # Node ID 934d7afe1f5278f4142400fa6b2d9e0b23aba664
> # Parent 326f7589d7e8d02f5d6cc1e361a0f0912e9e805e
> Fix for security exceptions when JPopupMenu sets always on top.
>
> diff -r 326f7589d7e8 -r 934d7afe1f52 ChangeLog
> --- a/ChangeLog Tue Feb 15 23:02:33 2011 +0000
> +++ b/ChangeLog Wed Feb 23 14:11:39 2011 -0500
> @@ -1,3 +1,12 @@
> +2011-02-23 Denis Lila <dlila at redhat.com>
> +
> + * Makefile.am: Added patches.
> + * NEWS: Updated.
> + * patches/openjdk/6675802-securityExceptions-applets.patch:
> + Get permissions before setting always on top.
> + * patches/openjdk/6691503-malicious-applet-always-on-top.patch:
> + Remove the fix above. Do nothing if SecurityException is thrown.
> +
> 2011-02-15 Andrew John Hughes <ahughes at redhat.com>
>
> * NEWS: Add 1.8.8 section.
> diff -r 326f7589d7e8 -r 934d7afe1f52 Makefile.am
> --- a/Makefile.am Tue Feb 15 23:02:33 2011 +0000
> +++ b/Makefile.am Wed Feb 23 14:11:39 2011 -0500
> @@ -373,7 +373,9 @@
> patches/openjdk/6541476-png-iTXt-chunk.patch \
> patches/openjdk/6782079-png_metadata_oom.patch \
> patches/rh676659-gcc-export-dynamic.patch \
> - patches/latent_jaxp_bug.patch
> + patches/latent_jaxp_bug.patch \
> + patches/openjdk/6675802-securityExceptions-applets.patch \
> + patches/openjdk/6691503-malicious-applet-always-on-top.patch
>
> if WITH_ALT_HSBUILD
> ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/openjdk-6886353-ignore_deoptimizealot.patch \
> diff -r 326f7589d7e8 -r 934d7afe1f52 NEWS
> --- a/NEWS Tue Feb 15 23:02:33 2011 +0000
> +++ b/NEWS Wed Feb 23 14:11:39 2011 -0500
> @@ -10,6 +10,10 @@
>
> New in release 1.8.8 (20XX-XX-XX):
>
> +* Backports
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +
> New in release 1.8.7 (2011-02-15):
>
> * Security updates
> @@ -21,6 +25,8 @@
> - S6985453, CVE-2010-4471: Java2D font-related system property leak
> - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
> - RH677332, CVE-2011-0706: Multiple signers privilege escalation
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> * Bug fixes
> - RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken
> - Fix latent JAXP bug caused by missing import
> diff -r 326f7589d7e8 -r 934d7afe1f52 patches/openjdk/6675802-securityExceptions-applets.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6675802-securityExceptions-applets.patch Wed Feb 23 14:11:39 2011 -0500
> @@ -0,0 +1,75 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208528462 -14400
> +# Node ID dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +# Parent 147803acf437b81e72e50236030f2bc9ac37caee
> +6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> +Summary: The problem code in Popup class is surrounded by AccessController.doPrivileged()
> +Reviewed-by: alexp
> +
> +diff -r 147803acf437 -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Mon Apr 14 16:41:00 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -229,7 +229,14 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- setAlwaysOnTop(true);
> ++ java.security.AccessController.doPrivileged(
> ++ new java.security.PrivilegedAction<Object>() {
> ++ public Object run() {
> ++ setAlwaysOnTop(true);
> ++ return null;
> ++ }
> ++ }
> ++ );
> + }
> +
> + public void update(Graphics g) {
> +diff -r 147803acf437 -r dd66920b2d51 test/javax/swing/JPopupMenu/6675802/bug6675802.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6675802/bug6675802.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -0,0 +1,43 @@
> ++/*
> ++ * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visit www.oracle.com if you need additional information or have any
> ++ * questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6675802
> ++ * @summary Checks that there is no AccessControlException when
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6675802
> ++ */
> ++
> ++import javax.swing.*;
> ++
> ++public class bug6675802 {
> ++ public static void main(String[] args) {
> ++ System.setSecurityManager(new SecurityManager());
> ++ final JPopupMenu popupMenu = new JPopupMenu();
> ++ popupMenu.add(new JMenuItem("Click"));
> ++ popupMenu.show(null, 0, 0);
> ++ System.out.println("Test passed");
> ++ }
> ++}
> diff -r 326f7589d7e8 -r 934d7afe1f52 patches/openjdk/6691503-malicious-applet-always-on-top.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch Wed Feb 23 14:11:39 2011 -0500
> @@ -0,0 +1,173 @@
> +diff -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Feb 23 13:50:58 2011 -0500
> +@@ -1,12 +1,12 @@
> + /*
> +- * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
> ++ * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved.
> + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> + *
> + * This code is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License version 2 only, as
> +- * published by the Free Software Foundation. Sun designates this
> ++ * published by the Free Software Foundation. Oracle designates this
> + * particular file as subject to the "Classpath" exception as provided
> +- * by Sun in the LICENSE file that accompanied this code.
> ++ * by Oracle in the LICENSE file that accompanied this code.
> + *
> + * This code is distributed in the hope that it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> +@@ -18,9 +18,9 @@
> + * 2 along with this work; if not, write to the Free Software Foundation,
> + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> + *
> +- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> +- * CA 95054 USA or visit www.sun.com if you need additional information or
> +- * have any questions.
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visit www.oracle.com if you need additional information or have any
> ++ * questions.
> + */
> +
> + package javax.swing;
> +@@ -229,14 +229,15 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- java.security.AccessController.doPrivileged(
> +- new java.security.PrivilegedAction<Object>() {
> +- public Object run() {
> +- setAlwaysOnTop(true);
> +- return null;
> +- }
> +- }
> +- );
> ++ // Try to set "always-on-top" for the popup window.
> ++ // Applets usually don't have sufficient permissions to do it.
> ++ // In this case simply ignore the exception.
> ++ try {
> ++ setAlwaysOnTop(true);
> ++ } catch (SecurityException se) {
> ++ // setAlwaysOnTop is restricted,
> ++ // the exception is ignored
> ++ }
> + }
> +
> + public void update(Graphics g) {
> +diff -r dd66920b2d51 test/javax/swing/JPopupMenu/6691503/bug6691503.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6691503/bug6691503.java Wed Feb 23 13:50:58 2011 -0500
> +@@ -0,0 +1,113 @@
> ++/*
> ++ * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visit www.oracle.com if you need additional information or have any
> ++ * questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6691503
> ++ * @summary Checks that there is no opportunity for a malicious applet
> ++ * to show a popup menu which has whole screen size.
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6691503
> ++ */
> ++
> ++import sun.awt.SunToolkit;
> ++
> ++import javax.swing.*;
> ++import java.awt.*;
> ++
> ++public class bug6691503 {
> ++ private JPopupMenu popupMenu;
> ++ private JFrame frame;
> ++ private boolean isAlwaysOnTop1 = false;
> ++ private boolean isAlwaysOnTop2 = true;
> ++
> ++ public static void main(String[] args) {
> ++ bug6691503 test = new bug6691503();
> ++ test.setupUI();
> ++ test.testApplication();
> ++ test.testApplet();
> ++ test.checkResult();
> ++ test.stopEDT();
> ++ }
> ++
> ++ private void setupUI() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame = new JFrame();
> ++ frame.setVisible(true);
> ++ popupMenu = new JPopupMenu();
> ++ JMenuItem click = new JMenuItem("Click");
> ++ popupMenu.add(click);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplication() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop1 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Application: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop1);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplet() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ System.setSecurityManager(new SecurityManager());
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop2 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Applet: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop2);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void checkResult() {
> ++ ((SunToolkit)(Toolkit.getDefaultToolkit())).realSync();
> ++ if (!isAlwaysOnTop1 || isAlwaysOnTop2) {
> ++ throw new RuntimeException("Malicious applet can show always-on-top " +
> ++ "popup menu which has whole screen size");
> ++ }
> ++ System.out.println("Test passed");
> ++ }
> ++
> ++ private void stopEDT() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame.dispose();
> ++ }
> ++ });
> ++ }
> ++}
> ++
> ++
> exporting patch:
> # HG changeset patch
> # User Denis Lila <dlila at redhat.com>
> # Date 1298490602 18000
> # Node ID 3e07e563aeb454fd519da1830798a1b65d0ed8e6
> # Parent d6deb6050f4a62e2a50d22676d1dca9cc9e143cf
> Fix for security exceptions when JPopupMenu sets always on top.
>
> diff -r d6deb6050f4a -r 3e07e563aeb4 ChangeLog
> --- a/ChangeLog Tue Feb 15 22:20:29 2011 +0000
> +++ b/ChangeLog Wed Feb 23 14:50:02 2011 -0500
> @@ -1,3 +1,12 @@
> +2011-02-23 Denis Lila <dlila at redhat.com>
> +
> + * Makefile.am: Added patches.
> + * NEWS: Updated.
> + * patches/openjdk/6675802-securityExceptions-applets.patch:
> + Get permissions before setting always on top.
> + * patches/openjdk/6691503-malicious-applet-always-on-top.patch:
> + Remove the fix above. Do nothing if SecurityException is thrown.
> +
> 2011-02-15 Andrew John Hughes <ahughes at redhat.com>
>
> * NEWS: Add 1.9.8 section.
> diff -r d6deb6050f4a -r 3e07e563aeb4 Makefile.am
> --- a/Makefile.am Tue Feb 15 22:20:29 2011 +0000
> +++ b/Makefile.am Wed Feb 23 14:50:02 2011 -0500
> @@ -337,7 +337,9 @@
> patches/openjdk/6782079-png_metadata_oom.patch \
> patches/rh676659-gcc-export-dynamic.patch \
> patches/g344659-sparc_fix.patch \
> - patches/latent_jaxp_bug.patch
> + patches/latent_jaxp_bug.patch \
> + patches/openjdk/6675802-securityExceptions-applets.patch \
> + patches/openjdk/6691503-malicious-applet-always-on-top.patch
>
> if WITH_ALT_HSBUILD
> ICEDTEA_PATCHES += \
> diff -r d6deb6050f4a -r 3e07e563aeb4 NEWS
> --- a/NEWS Tue Feb 15 22:20:29 2011 +0000
> +++ b/NEWS Wed Feb 23 14:50:02 2011 -0500
> @@ -10,6 +10,10 @@
>
> New in release 1.9.8 (20XX-XX-XX):
>
> +* Backports
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +
> New in release 1.9.7 (2011-02-15):
>
> * Security updates
> diff -r d6deb6050f4a -r 3e07e563aeb4 patches/openjdk/6675802-securityExceptions-applets.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6675802-securityExceptions-applets.patch Wed Feb 23 14:50:02 2011 -0500
> @@ -0,0 +1,75 @@
> +# HG changeset patch
> +# User mlapshin
> +# Date 1208528462 -14400
> +# Node ID dd66920b2d51e33ca2157ab045117cc7c7f5f0c0
> +# Parent 147803acf437b81e72e50236030f2bc9ac37caee
> +6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> +Summary: The problem code in Popup class is surrounded by AccessController.doPrivileged()
> +Reviewed-by: alexp
> +
> +diff -r 147803acf437 -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Mon Apr 14 16:41:00 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -229,7 +229,14 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- setAlwaysOnTop(true);
> ++ java.security.AccessController.doPrivileged(
> ++ new java.security.PrivilegedAction<Object>() {
> ++ public Object run() {
> ++ setAlwaysOnTop(true);
> ++ return null;
> ++ }
> ++ }
> ++ );
> + }
> +
> + public void update(Graphics g) {
> +diff -r 147803acf437 -r dd66920b2d51 test/javax/swing/JPopupMenu/6675802/bug6675802.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6675802/bug6675802.java Fri Apr 18 18:21:02 2008 +0400
> +@@ -0,0 +1,43 @@
> ++/*
> ++ * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visit www.oracle.com if you need additional information or have any
> ++ * questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6675802
> ++ * @summary Checks that there is no AccessControlException when
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6675802
> ++ */
> ++
> ++import javax.swing.*;
> ++
> ++public class bug6675802 {
> ++ public static void main(String[] args) {
> ++ System.setSecurityManager(new SecurityManager());
> ++ final JPopupMenu popupMenu = new JPopupMenu();
> ++ popupMenu.add(new JMenuItem("Click"));
> ++ popupMenu.show(null, 0, 0);
> ++ System.out.println("Test passed");
> ++ }
> ++}
> diff -r d6deb6050f4a -r 3e07e563aeb4 patches/openjdk/6691503-malicious-applet-always-on-top.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch Wed Feb 23 14:50:02 2011 -0500
> @@ -0,0 +1,144 @@
> +diff -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Feb 23 13:50:58 2011 -0500
> +@@ -229,14 +229,15 @@
> + // Popups are typically transient and most likely won't benefit
> + // from true double buffering. Turn it off here.
> + getRootPane().setUseTrueDoubleBuffering(false);
> +- java.security.AccessController.doPrivileged(
> +- new java.security.PrivilegedAction<Object>() {
> +- public Object run() {
> +- setAlwaysOnTop(true);
> +- return null;
> +- }
> +- }
> +- );
> ++ // Try to set "always-on-top" for the popup window.
> ++ // Applets usually don't have sufficient permissions to do it.
> ++ // In this case simply ignore the exception.
> ++ try {
> ++ setAlwaysOnTop(true);
> ++ } catch (SecurityException se) {
> ++ // setAlwaysOnTop is restricted,
> ++ // the exception is ignored
> ++ }
> + }
> +
> + public void update(Graphics g) {
> +diff -r dd66920b2d51 test/javax/swing/JPopupMenu/6691503/bug6691503.java
> +--- /dev/null Thu Jan 01 00:00:00 1970 +0000
> ++++ openjdk/jdk/test/javax/swing/JPopupMenu/6691503/bug6691503.java Wed Feb 23 13:50:58 2011 -0500
> +@@ -0,0 +1,113 @@
> ++/*
> ++ * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
> ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> ++ *
> ++ * This code is free software; you can redistribute it and/or modify it
> ++ * under the terms of the GNU General Public License version 2 only, as
> ++ * published by the Free Software Foundation.
> ++ *
> ++ * This code is distributed in the hope that it will be useful, but WITHOUT
> ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> ++ * version 2 for more details (a copy is included in the LICENSE file that
> ++ * accompanied this code).
> ++ *
> ++ * You should have received a copy of the GNU General Public License version
> ++ * 2 along with this work; if not, write to the Free Software Foundation,
> ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> ++ *
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visit www.oracle.com if you need additional information or have any
> ++ * questions.
> ++ */
> ++
> ++/*
> ++ * @test
> ++ * @bug 6691503
> ++ * @summary Checks that there is no opportunity for a malicious applet
> ++ * to show a popup menu which has whole screen size.
> ++ * a heaviweight popup menu is shown from an applet.
> ++ * @author Mikhail Lapshin
> ++ * @run main bug6691503
> ++ */
> ++
> ++import sun.awt.SunToolkit;
> ++
> ++import javax.swing.*;
> ++import java.awt.*;
> ++
> ++public class bug6691503 {
> ++ private JPopupMenu popupMenu;
> ++ private JFrame frame;
> ++ private boolean isAlwaysOnTop1 = false;
> ++ private boolean isAlwaysOnTop2 = true;
> ++
> ++ public static void main(String[] args) {
> ++ bug6691503 test = new bug6691503();
> ++ test.setupUI();
> ++ test.testApplication();
> ++ test.testApplet();
> ++ test.checkResult();
> ++ test.stopEDT();
> ++ }
> ++
> ++ private void setupUI() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame = new JFrame();
> ++ frame.setVisible(true);
> ++ popupMenu = new JPopupMenu();
> ++ JMenuItem click = new JMenuItem("Click");
> ++ popupMenu.add(click);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplication() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop1 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Application: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop1);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void testApplet() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ System.setSecurityManager(new SecurityManager());
> ++ popupMenu.show(frame, 0, 0);
> ++ Window popupWindow = (Window)
> ++ (popupMenu.getParent().getParent().getParent().getParent());
> ++ isAlwaysOnTop2 = popupWindow.isAlwaysOnTop();
> ++ System.out.println(
> ++ "Applet: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop2);
> ++ popupMenu.setVisible(false);
> ++ }
> ++ });
> ++ }
> ++
> ++ private void checkResult() {
> ++ ((SunToolkit)(Toolkit.getDefaultToolkit())).realSync();
> ++ if (!isAlwaysOnTop1 || isAlwaysOnTop2) {
> ++ throw new RuntimeException("Malicious applet can show always-on-top " +
> ++ "popup menu which has whole screen size");
> ++ }
> ++ System.out.println("Test passed");
> ++ }
> ++
> ++ private void stopEDT() {
> ++ SwingUtilities.invokeLater(new Runnable() {
> ++ public void run() {
> ++ frame.dispose();
> ++ }
> ++ });
> ++ }
> ++}
> ++
> ++
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D 0698 0713 C3ED F586 2A37
More information about the distro-pkg-dev
mailing list