/hg/icedtea6: Add latest security updates.
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Oct 18 22:16:25 PDT 2011
changeset 769602222e65 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=769602222e65
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Oct 19 06:16:09 2011 +0100
Add latest security updates.
2011-10-14 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add patches.
* patches/rhino.patch: Change after 7046823 is applied.
* patches/xjc.patch: Update against 7046794.
* patches/security/20111018/7000600.patch,
* patches/security/20111018/7019773.patch,
* patches/security/20111018/7023640.patch,
* patches/security/20111018/7032417.patch,
* patches/security/20111018/7046823.patch,
* patches/security/20111018/7055902.patch,
* patches/security/20111018/7057857.patch,
* patches/security/20111018/7064341.patch,
* patches/security/20111018/7070134.patch,
* patches/security/20111018/7083012.patch,
* patches/security/20111018/7096936.patch,
* patches/security/20111018/7046794.patch,
* patches/security/20111018/7077466.patch: Security patches.
diffstat:
ChangeLog | 20 +
Makefile.am | 15 +-
patches/rhino.patch | 134 +-
patches/security/20111018/7000600.patch | 44 +
patches/security/20111018/7019773.patch | 116 +
patches/security/20111018/7023640.patch | 97 +
patches/security/20111018/7032417.patch | 29 +
patches/security/20111018/7046794.patch | 35 +
patches/security/20111018/7046823.patch | 140 +
patches/security/20111018/7055902.patch | 39 +
patches/security/20111018/7057857.patch | 73 +
patches/security/20111018/7064341.patch | 475 +
patches/security/20111018/7070134.patch | 97771 ++++++++++++++++++++++++++++++
patches/security/20111018/7077466.patch | 30 +
patches/security/20111018/7083012.patch | 966 +
patches/security/20111018/7096936.patch | 50 +
patches/xjc.patch | 14 +-
17 files changed, 99978 insertions(+), 70 deletions(-)
diffs (truncated from 100257 to 500 lines):
diff -r 5b8d816b6f79 -r 769602222e65 ChangeLog
--- a/ChangeLog Wed Oct 19 03:36:58 2011 +0100
+++ b/ChangeLog Wed Oct 19 06:16:09 2011 +0100
@@ -1,3 +1,23 @@
+2011-10-14 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add patches.
+ * patches/rhino.patch: Change after 7046823 is applied.
+ * patches/xjc.patch: Update against 7046794.
+ * patches/security/20111018/7000600.patch,
+ * patches/security/20111018/7019773.patch,
+ * patches/security/20111018/7023640.patch,
+ * patches/security/20111018/7032417.patch,
+ * patches/security/20111018/7046823.patch,
+ * patches/security/20111018/7055902.patch,
+ * patches/security/20111018/7057857.patch,
+ * patches/security/20111018/7064341.patch,
+ * patches/security/20111018/7070134.patch,
+ * patches/security/20111018/7083012.patch,
+ * patches/security/20111018/7096936.patch,
+ * patches/security/20111018/7046794.patch,
+ * patches/security/20111018/7077466.patch:
+ Security patches.
+
2010-10-19 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Add release notes for 1.8.10,
diff -r 5b8d816b6f79 -r 769602222e65 Makefile.am
--- a/Makefile.am Wed Oct 19 03:36:58 2011 +0100
+++ b/Makefile.am Wed Oct 19 06:16:09 2011 +0100
@@ -199,7 +199,20 @@
ICEDTEA_FSG_PATCHES =
-SECURITY_PATCHES =
+SECURITY_PATCHES = \
+ patches/security/20111018/7000600.patch \
+ patches/security/20111018/7019773.patch \
+ patches/security/20111018/7023640.patch \
+ patches/security/20111018/7032417.patch \
+ patches/security/20111018/7046823.patch \
+ patches/security/20111018/7055902.patch \
+ patches/security/20111018/7057857.patch \
+ patches/security/20111018/7064341.patch \
+ patches/security/20111018/7070134.patch \
+ patches/security/20111018/7083012.patch \
+ patches/security/20111018/7096936.patch \
+ patches/security/20111018/7046794.patch \
+ patches/security/20111018/7077466.patch
ICEDTEA_PATCHES = \
$(SECURITY_PATCHES) \
diff -r 5b8d816b6f79 -r 769602222e65 patches/rhino.patch
--- a/patches/rhino.patch Wed Oct 19 03:36:58 2011 +0100
+++ b/patches/rhino.patch Wed Oct 19 06:16:09 2011 +0100
@@ -1,16 +1,6 @@
---- openjdk/jdk/make/com/sun/script/Makefile.orig 2008-11-25 09:01:10.000000000 +0000
-+++ openjdk/jdk/make/com/sun/script/Makefile 2008-12-03 21:13:14.000000000 +0000
-@@ -31,6 +31,8 @@
-
- AUTO_FILES_JAVA_DIRS = com/sun/script
-
-+OTHER_JAVACFLAGS = -classpath $(RHINO_JAR)
-+
- #
- # Files that need to be copied
- #
---- openjdk/jdk/make/com/sun/Makefile.orig 2008-11-25 09:01:09.000000000 +0000
-+++ openjdk/jdk/make/com/sun/Makefile 2008-12-03 21:14:36.000000000 +0000
+diff -Nru openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile
+--- openjdk.orig/jdk/make/com/sun/Makefile 2011-02-28 16:06:10.000000000 +0000
++++ openjdk/jdk/make/com/sun/Makefile 2011-10-13 17:46:30.119082413 +0100
@@ -31,15 +31,8 @@
PRODUCT = sun
include $(BUILDDIR)/common/Defs.gmk
@@ -28,8 +18,21 @@
java inputmethods org rowset net/httpserver net/ssl demo \
tools jarsigner
---- openjdk/jdk/make/common/Release.gmk.orig 2008-12-03 21:12:23.000000000 +0000
-+++ openjdk/jdk/make/common/Release.gmk 2008-12-03 21:13:14.000000000 +0000
+diff -Nru openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile
+--- openjdk.orig/jdk/make/com/sun/script/Makefile 2011-02-28 16:06:10.000000000 +0000
++++ openjdk/jdk/make/com/sun/script/Makefile 2011-10-13 17:46:30.103082160 +0100
+@@ -31,6 +31,8 @@
+
+ AUTO_FILES_JAVA_DIRS = com/sun/script
+
++OTHER_JAVACFLAGS = -classpath $(RHINO_JAR)
++
+ #
+ # Files that need to be copied
+ #
+diff -Nru openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk
+--- openjdk.orig/jdk/make/common/Release.gmk 2011-10-13 17:44:00.000000000 +0100
++++ openjdk/jdk/make/common/Release.gmk 2011-10-13 17:46:30.123082475 +0100
@@ -772,6 +772,7 @@
$(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar
$(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar
@@ -38,19 +41,69 @@
@# Generate meta-index to make boot and extension class loaders lazier
$(CD) $(JRE_IMAGE_DIR)/lib && \
$(BOOT_JAVA_CMD) -jar $(BUILDMETAINDEX_JARFILE) \
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2008-12-03 21:13:13.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2011-10-13 17:46:30.123082475 +0100
+@@ -24,7 +24,7 @@
+ */
+
+ package com.sun.script.javascript;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+ import javax.script.*;
+ import java.util.*;
+
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2011-10-13 17:46:30.123082475 +0100
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+
+ import javax.script.Invocable;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * This class implements Rhino-like JavaAdapter to help implement a Java
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2011-10-13 17:46:30.123082475 +0100
@@ -25,7 +25,7 @@
package com.sun.script.javascript;
-import sun.org.mozilla.javascript.internal.*;
+import sun.org.mozilla.javascript.*;
- import javax.script.*;
+ import java.util.*;
/**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2008-12-03 21:13:05.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2011-10-13 17:46:30.123082475 +0100
+@@ -26,7 +26,7 @@
+ package com.sun.script.javascript;
+
+ import java.util.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * This class prevents script access to certain sensitive classes.
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2011-10-13 17:46:30.123082475 +0100
+@@ -25,7 +25,7 @@
+
+ package com.sun.script.javascript;
+ import javax.script.*;
+-import sun.org.mozilla.javascript.internal.*;
++import sun.org.mozilla.javascript.*;
+
+ /**
+ * Represents compiled JavaScript code.
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2011-10-13 17:46:30.123082475 +0100
@@ -26,7 +26,7 @@
package com.sun.script.javascript;
import javax.script.*;
@@ -60,19 +113,9 @@
import com.sun.script.util.*;
/**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2008-12-03 21:13:14.000000000 +0000
-@@ -24,7 +24,7 @@
- */
-
- package com.sun.script.javascript;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
- import javax.script.*;
- import java.util.*;
-
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2008-12-03 21:13:05.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 17:43:47.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 17:46:30.123082475 +0100
@@ -26,7 +26,7 @@
package com.sun.script.javascript;
import com.sun.script.util.*;
@@ -81,42 +124,22 @@
+import sun.org.mozilla.javascript.*;
import java.lang.reflect.Method;
import java.io.*;
- import java.util.*;
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2008-12-03 21:13:05.000000000 +0000
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
-
- import java.util.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * This class prevents script access to certain sensitive classes.
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2008-12-03 21:13:14.000000000 +0000
-@@ -26,7 +26,7 @@
- package com.sun.script.javascript;
-
- import javax.script.Invocable;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * This class implements Rhino-like JavaAdapter to help implement a Java
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2008-12-03 21:13:05.000000000 +0000
+ import java.security.*;
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 17:43:47.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 17:46:45.947332953 +0100
@@ -25,7 +25,7 @@
package com.sun.script.javascript;
-import sun.org.mozilla.javascript.internal.*;
+import sun.org.mozilla.javascript.*;
- import java.util.*;
+ import java.security.AccessControlContext;
+ import javax.script.*;
- /**
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2008-12-03 21:13:14.000000000 +0000
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-02-28 16:06:18.000000000 +0000
++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2011-10-13 17:46:30.123082475 +0100
@@ -27,7 +27,7 @@
import java.lang.reflect.*;
@@ -126,14 +149,3 @@
/**
* This wrap factory is used for security reasons. JSR 223 script
---- openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java.orig 2008-11-25 09:02:56.000000000 +0000
-+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2008-12-03 21:13:05.000000000 +0000
-@@ -25,7 +25,7 @@
-
- package com.sun.script.javascript;
- import javax.script.*;
--import sun.org.mozilla.javascript.internal.*;
-+import sun.org.mozilla.javascript.*;
-
- /**
- * Represents compiled JavaScript code.
diff -r 5b8d816b6f79 -r 769602222e65 patches/security/20111018/7000600.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20111018/7000600.patch Wed Oct 19 06:16:09 2011 +0100
@@ -0,0 +1,45 @@
+--- openjdk/jdk/src/share/classes/java/io/InputStream.java Wed Jul 13 15:37:05 2011
++++ openjdk/jdk/src/share/classes/java/io/InputStream.java Wed Jul 13 15:37:02 2011
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1994, 2006, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1994, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -44,10 +44,9 @@
+ */
+ public abstract class InputStream implements Closeable {
+
+- // SKIP_BUFFER_SIZE is used to determine the size of skipBuffer
+- private static final int SKIP_BUFFER_SIZE = 2048;
+- // skipBuffer is initialized in skip(long), if needed.
+- private static byte[] skipBuffer;
++ // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer skip to
++ // use when skipping.
++ private static final int MAX_SKIP_BUFFER_SIZE = 2048;
+
+ /**
+ * Reads the next byte of data from the input stream. The value byte is
+@@ -212,18 +211,15 @@
+
+ long remaining = n;
+ int nr;
+- if (skipBuffer == null)
+- skipBuffer = new byte[SKIP_BUFFER_SIZE];
+-
+- byte[] localSkipBuffer = skipBuffer;
+
+ if (n <= 0) {
+ return 0;
+ }
+
++ int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
++ byte[] skipBuffer = new byte[size];
+ while (remaining > 0) {
+- nr = read(localSkipBuffer, 0,
+- (int) Math.min(SKIP_BUFFER_SIZE, remaining));
++ nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
+ if (nr < 0) {
+ break;
+ }
diff -r 5b8d816b6f79 -r 769602222e65 patches/security/20111018/7019773.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20111018/7019773.patch Wed Oct 19 06:16:09 2011 +0100
@@ -0,0 +1,117 @@
+--- openjdk/jdk/src/share/classes/java/awt/AWTKeyStroke.java 2011-07-21 16:52:23.399614830 +0400
++++ openjdk/jdk/src/share/classes/java/awt/AWTKeyStroke.java 2011-07-21 16:52:23.075617350 +0400
+@@ -25,6 +25,7 @@
+ package java.awt;
+
+ import java.awt.event.KeyEvent;
++import sun.awt.AppContext;
+ import java.awt.event.InputEvent;
+ import java.util.Collections;
+ import java.util.HashMap;
+@@ -66,9 +67,6 @@
+ public class AWTKeyStroke implements Serializable {
+ static final long serialVersionUID = -6430539691155161871L;
+
+- private static Map cache;
+- private static AWTKeyStroke cacheKey;
+- private static Constructor ctor = getCtor(AWTKeyStroke.class);
+ private static Map modifierKeywords;
+ /**
+ * Associates VK_XXX (as a String) with code (as Integer). This is
+@@ -77,6 +75,25 @@
+ */
+ private static VKCollection vks;
+
++ //A key for the collection of AWTKeyStrokes within AppContext.
++ private static Object APP_CONTEXT_CACHE_KEY = new Object();
++ //A key withing the cache
++ private static AWTKeyStroke APP_CONTEXT_KEYSTROKE_KEY = new AWTKeyStroke();
++
++ /*
++ * Reads keystroke class from AppContext and if null, puts there the
++ * AWTKeyStroke class.
++ * Must be called under locked AWTKeyStroke.class
++ */
++ private static Class getAWTKeyStrokeClass() {
++ Class clazz = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
++ if (clazz == null) {
++ clazz = AWTKeyStroke.class;
++ AppContext.getAppContext().put(AWTKeyStroke.class, AWTKeyStroke.class);
++ }
++ return clazz;
++ }
++
+ private char keyChar = KeyEvent.CHAR_UNDEFINED;
+ private int keyCode = KeyEvent.VK_UNDEFINED;
+ private int modifiers;
+@@ -164,9 +181,12 @@
+ if (subclass == null) {
+ throw new IllegalArgumentException("subclass cannot be null");
+ }
+- if (AWTKeyStroke.ctor.getDeclaringClass().equals(subclass)) {
+- // Already registered
+- return;
++ synchronized (AWTKeyStroke.class) {
++ Class keyStrokeClass = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
++ if (keyStrokeClass != null && keyStrokeClass.equals(subclass)){
++ // Already registered
++ return;
++ }
+ }
+ if (!AWTKeyStroke.class.isAssignableFrom(subclass)) {
+ throw new ClassCastException("subclass is not derived from AWTKeyStroke");
+@@ -197,9 +217,9 @@
+ }
+
+ synchronized (AWTKeyStroke.class) {
+- AWTKeyStroke.ctor = ctor;
+- cache = null;
+- cacheKey = null;
++ AppContext.getAppContext().put(AWTKeyStroke.class, subclass);
++ AppContext.getAppContext().remove(APP_CONTEXT_CACHE_KEY);
++ AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
+ }
+ }
+
+@@ -229,13 +249,19 @@
+ private static synchronized AWTKeyStroke getCachedStroke
+ (char keyChar, int keyCode, int modifiers, boolean onKeyRelease)
+ {
++ Map cache = (Map)AppContext.getAppContext().get(APP_CONTEXT_CACHE_KEY);
++ AWTKeyStroke cacheKey = (AWTKeyStroke)AppContext.getAppContext().get(APP_CONTEXT_KEYSTROKE_KEY);
++
+ if (cache == null) {
+ cache = new HashMap();
++ AppContext.getAppContext().put(APP_CONTEXT_CACHE_KEY, cache);
+ }
+
+ if (cacheKey == null) {
+ try {
+- cacheKey = (AWTKeyStroke)ctor.newInstance((Object[]) null);
++ Class clazz = getAWTKeyStrokeClass();
++ cacheKey = (AWTKeyStroke)getCtor(clazz).newInstance((Object[]) null);
++ AppContext.getAppContext().put(APP_CONTEXT_KEYSTROKE_KEY, cacheKey);
+ } catch (InstantiationException e) {
+ assert(false);
+ } catch (IllegalAccessException e) {
+@@ -253,9 +279,8 @@
+ if (stroke == null) {
+ stroke = cacheKey;
+ cache.put(stroke, stroke);
+- cacheKey = null;
++ AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
+ }
+-
+ return stroke;
+ }
+
+@@ -775,7 +800,8 @@
+ protected Object readResolve() throws java.io.ObjectStreamException {
+ synchronized (AWTKeyStroke.class) {
+ Class newClass = getClass();
+- if (!newClass.equals(ctor.getDeclaringClass())) {
++ Class awtKeyStrokeClass = getAWTKeyStrokeClass();
++ if (!newClass.equals(awtKeyStrokeClass)) {
+ registerSubclass(newClass);
+ }
+ return getCachedStroke(keyChar, keyCode, modifiers, onKeyRelease);
diff -r 5b8d816b6f79 -r 769602222e65 patches/security/20111018/7023640.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20111018/7023640.patch Wed Oct 19 06:16:09 2011 +0100
@@ -0,0 +1,98 @@
+# HG changeset patch
+# User asaha
+# Date 1311020591 25200
+# Node ID 08848920eb33efabb049bc4cb2f40d37ab4f18f6
+# Parent 1a1bf4ee2c24c3fc1f6e4071e23b4b562a654d0d
+7023640: calculation for malloc size in TransformHelper.c could overflow an integer
+Reviewed-by: flar
+
+diff --git a/src/share/native/sun/java2d/loops/TransformHelper.c b/src/share/native/sun/java2d/loops/TransformHelper.c
+--- openjdk/jdk/src/share/native/sun/java2d/loops/TransformHelper.c
++++ openjdk/jdk/src/share/native/sun/java2d/loops/TransformHelper.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -284,7 +284,7 @@ Java_sun_java2d_loops_TransformHelper_Tr
+ TransformHelperFunc *pHelperFunc;
+ TransformInterpFunc *pInterpFunc;
+ jdouble xorig, yorig;
+- jint numedges;
++ jlong numedges;
+ jint *pEdges;
+ jint edgebuf[2 + MAXEDGES * 2];
+ union {
+@@ -379,17 +379,41 @@ Java_sun_java2d_loops_TransformHelper_Tr
+ }
+ Region_IntersectBounds(&clipInfo, &dstInfo.bounds);
+
+- numedges = (dstInfo.bounds.y2 - dstInfo.bounds.y1);
+- if (numedges > MAXEDGES) {
+- pEdges = malloc((2 + 2 * numedges) * sizeof (*pEdges));
+- if (pEdges == NULL) {
+- SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
+- SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
+- /* edgeArray should already contain zeros for min/maxy */
+- return;
+- }
++ numedges = (((jlong) dstInfo.bounds.y2) - ((jlong) dstInfo.bounds.y1));
++ if (numedges <= 0) {
++ pEdges = NULL;
++ } else if (!JNU_IsNull(env, edgeArray)) {
++ /*
++ * Ideally Java should allocate an array large enough, but if
++ * we ever have a miscommunication about the number of edge
++ * lines, or if the Java array calculation should overflow to
++ * a positive number and succeed in allocating an array that
++ * is too small, we need to verify that it can still hold the
++ * number of integers that we plan to store to be safe.
++ */
++ jsize edgesize = (*env)->GetArrayLength(env, edgeArray);
++ /* (edgesize/2 - 1) should avoid any overflow or underflow. */
++ pEdges = (((edgesize / 2) - 1) >= numedges)
++ ? (*env)->GetPrimitiveArrayCritical(env, edgeArray, NULL)
++ : NULL;
++ } else if (numedges > MAXEDGES) {
++ /* numedges variable (jlong) can be at most ((1<<32)-1) */
++ /* memsize can overflow a jint, but not a jlong */
++ jlong memsize = ((numedges * 2) + 2) * sizeof(*pEdges);
++ pEdges = (memsize == ((size_t) memsize))
More information about the distro-pkg-dev
mailing list