[rfc][icedtea-web] fix for RH816592

Deepak Bhole dbhole at redhat.com
Wed May 23 07:22:31 PDT 2012 

* Jiri Vanek <jvanek at redhat.com> [2012-05-03 08:21]:
> This patch is fixing
> https://bugzilla.redhat.com/show_bug.cgi?id=816592  reproduced in
> [rfc][icedtea-web] reproducer for RH816592 (http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-May/018357.html)
> 
> This patch have small (one output message) overleap with [rfc]
> [icedtea-web] providing little bit more debug outputs for few
> methods (http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-April/018332.html)
> 

This patch tries to manually add an entry to the security map. However it should not
be needed. Whatever is adding the jar should add an entry to the map --
the bug should be fixed there IMO.

Deepak

> Changelog inlined in patch.
> 
> 
> Best regards
>   J.
> 
> 
> 

> diff -r 11029e99d733 ChangeLog
> --- a/ChangeLog	Wed May 02 12:53:07 2012 +0200
> +++ b/ChangeLog	Thu May 03 14:12:33 2012 +0200
> @@ -1,3 +1,10 @@
> +2012-05-02  Jiri Vanek  <jvanek at redhat.com>
> +
> +	Fix for RH816592
> +	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
> +	(getCodeSourceSecurity): will now try to download and verify resource
> +	which was downloaded outside of netx.
> +
>  2012-05-02  Jiri Vanek  <jvanek at redhat.com>
>  
>  	Introduced new annotations Bug (to connect test/reproducer with documentation)
> diff -r 11029e99d733 NEWS
> --- a/NEWS	Wed May 02 12:53:07 2012 +0200
> +++ b/NEWS	Thu May 03 14:12:33 2012 +0200
> @@ -14,6 +14,7 @@
>  * Plugin
>    - PR820: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp
>    - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
> +  - RH816592: icedtea-web not loading GeoGebra java applets in Firefox or Chrome (even javaws and Opera were affected)
>  * Common
>    - PR918: java applet windows uses a low resulution black/white icon
>  
> diff -r 11029e99d733 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Wed May 02 12:53:07 2012 +0200
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Thu May 03 14:12:33 2012 +0200
> @@ -1732,7 +1743,21 @@
>       */
>  
>      protected SecurityDesc getCodeSourceSecurity(URL source) {
> -        return jarLocationSecurityMap.get(source);
> +        SecurityDesc sec=jarLocationSecurityMap.get(source);
> +        if (sec==null){
> +            //try to load the jar which is requesting the permissions, but was NOT downloaded by standard way
> +            if (JNLPRuntime.isDebug()){
> +                System.out.println("Application is trying to get permissions for "+source.toString()+", which was not downloaded by standard way. Trying to download and verify!");
> +            }
> +            JARDesc des= new JARDesc(source,null, null, false, false, false, false);
> +            addNewJar(des);
> +            sec=jarLocationSecurityMap.get(source);
> +        }
> +        if (sec==null){
> +            System.out.println("Error! No security instance for signed "+source.toString()+". This source was loaded outside of netx, and application will have troubles to continue");
> +        }
> +        return sec;
> +
>      }
>  
>      /**

More information about the distro-pkg-dev mailing list