Request to backport 7102369/709446/7100592 and 7092186
Dr Andrew John Hughes
ahughes at redhat.com
Wed Nov 16 21:28:43 PST 2011
On 10:07 Fri 11 Nov , Omair Majid wrote:
> On 11/10/2011 05:51 PM, Dr Andrew John Hughes wrote:
> > On 16:39 Thu 10 Nov , Omair Majid wrote:
> >> Hi,
> >>
> >> The recent security changes breaks some applications as rmiregistry
> >> needs to be started with the java.rmi.server.codebase property set. I
> >> would like to backport the following two changesets from jdk7u to
> >> address this problem:
> >>
> >> http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/7ed2fd310470
> >> http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/2d10aa9d772a
> >>
> >> Does anyone have any thoughts or concerns?
> >>
> >
> > Can you explain a bit more about these patches and why they are
> > needed/appropriate? The bugs don't give much detail and one isn't
> > even accessible.
> >
>
> Here is a bug report of a user who now has to start rmiregistry with
> -J-Djava.rmi.server.codebase= option for his code to continue working
> after the security update:
> https://bugzilla.redhat.com/show_bug.cgi?id=751203
>
> As you can see, one of the patches removes the need for explicitly
> setting this property (and reverts back to the pre-security-update
> condition). I dont know about you, but I think security fixes should not
> be causing any change in behaviour of valid applications (as far as
> possible).
>
I agree.
> Also, the jtreg test sun/tools/jstatd/jstatdExternalRegistry.sh has been
> failing ever since the security fixes were added; applying these two
> patches makes that test pass too.
>
> > Have you posted these to IcedTea?
>
> I was expecting IcedTea7 to get these when it merges OpenJDK 7u
> changesets.
That's only going to happen on HEAD. This looks like something worth proposing
for 2.0.1 on the 2.0 release branch.
I will be adding this to IcedTea6 when it is approved for
> OpenJDK6. Of course, unless people want otherwise and I will be happy to
> accommodate that.
>
Fixes like this should go into IcedTea6 first, so they reach users as speedily
as possible. Patches to OpenJDK6 won't reach users until a release of OpenJDK6
is made and that is then used in a released IcedTea. Also, the OpenJDK6 approval
process is even slower than before at present.
> Cheers,
> Omair
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20111117/7081aae6/attachment.bin
More information about the distro-pkg-dev
mailing list