[1.10, 1.11, 2.1 & 2.2 APPROVAL] jar uf support broken with 7143606 security fix
Andrew Hughes
ahughes at redhat.com
Mon Oct 15 06:36:59 PDT 2012
----- Original Message -----
> See
> http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-June/010712.html
> which applied the fix to 8 and 7u6 (thus the fix is in 2.3).
>
> The jar bug rears its head in OpenJDK builds as HotSpot updates
> sa-jdi.jar with
> a service META-INF file, changing its permissions to 600. It's
> pretty simple
> to replicate with any old jar file:
>
> $ jar cf crap.jar crap
> $ ll crap.jar
> -rw-r--r-- 1 andrew staff 924 Oct 15 14:03 crap.jar
> $ /mnt/builder/jdk6/j2sdk-image/bin/jar uf crap.jar -C
> /mnt/builder/icedtea6-1.11/openjdk/hotspot/agent/src/share/classes
> META-INF/services/com.sun.jdi.connect.Connector
> $ ll crap.jar
> -rw------- 1 andrew staff 1.2K Oct 15 14:04 crap.jar
>
> Whoops!
>
> For 1.10 & 1.11, we can "fix" this by simply dropping the
> native2ascii & jar parts
> of that security fix. For 6-HEAD, 2.1 & 2.2, those parts of the
> patch actually need
> to be reverted. I'll also push the 6 fix upstream to OpenJDK6.
>
> Ok for 1.10, 1.11, 2.1 & 2.2?
> --
> Andrew :)
>
> Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
>
> PGP Key: 248BDC07 (https://keys.indymedia.org/)
> Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
>
>
Even better, they are already in 6 too:
http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/2366192c7fcb
http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/0e34d4326386
So we just need these changesets in 1.10 & 1.11.
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the distro-pkg-dev
mailing list