/hg/release/icedtea6-1.11: RH952389: Restrict temp file permissi...
ebaron at icedtea.classpath.org
ebaron at icedtea.classpath.org
Wed Apr 17 15:58:09 PDT 2013
changeset 7877650b6ba6 in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=7877650b6ba6
author: Elliott Baron <ebaron at redhat.com>
date: Wed Apr 17 18:50:36 2013 -0400
RH952389: Restrict temp file permissions.
2013-04-17 Elliott Baron <ebaron at redhat.com>
* patches/openjdk/jaxws-tempfiles-ioutils-6.patch:
Restrict temp file permissions.
* Makefile.am:
(ICEDTEA_PATCHES): Added new patch.
* NEWS: Add section for 1.11.11.
* configure.ac: Prepare for 1.11.11.
diffstat:
ChangeLog | 9 +
Makefile.am | 3 +-
NEWS | 4 +
configure.ac | 2 +-
patches/openjdk/jaxws-tempfiles-ioutils-6.patch | 176 ++++++++++++++++++++++++
5 files changed, 192 insertions(+), 2 deletions(-)
diffs (235 lines):
diff -r 1fd1d5a12471 -r 7877650b6ba6 ChangeLog
--- a/ChangeLog Wed Apr 17 21:39:49 2013 +0100
+++ b/ChangeLog Wed Apr 17 18:50:36 2013 -0400
@@ -11,6 +11,15 @@
Define EM_AARCH64 for legacy systems
with glibc earlier than 2.17.
+2013-04-17 Elliott Baron <ebaron at redhat.com>
+
+ * patches/openjdk/jaxws-tempfiles-ioutils-6.patch:
+ Restrict temp file permissions.
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Added new patch.
+ * NEWS: Add section for 1.11.11.
+ * configure.ac: Prepare for 1.11.11.
+
2013-04-17 Andrew John Hughes <gnu.andrew at redhat.com>
* NEWS: Improve listing for S8004987 and
diff -r 1fd1d5a12471 -r 7877650b6ba6 Makefile.am
--- a/Makefile.am Wed Apr 17 21:39:49 2013 +0100
+++ b/Makefile.am Wed Apr 17 18:50:36 2013 -0400
@@ -535,7 +535,8 @@
patches/openjdk/8007611.patch \
patches/fix_get_stack_bounds_leak.patch \
patches/openjdk/7197906-handle_32_bit_shifts.patch \
- patches/aarch64.patch
+ patches/aarch64.patch \
+ patches/openjdk/jaxws-tempfiles-ioutils-6.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
diff -r 1fd1d5a12471 -r 7877650b6ba6 NEWS
--- a/NEWS Wed Apr 17 21:39:49 2013 +0100
+++ b/NEWS Wed Apr 17 18:50:36 2013 -0400
@@ -16,6 +16,10 @@
* Bug fixes
- PR1402: Support glibc < 2.17 with AArch64 patch
+New in release 1.11.11 (2013-XX-XX):
+* Security fixes
+ - RH952389: Temporary files created with insecure permissions
+
New in release 1.11.10 (2013-04-17):
* New features
diff -r 1fd1d5a12471 -r 7877650b6ba6 configure.ac
--- a/configure.ac Wed Apr 17 21:39:49 2013 +0100
+++ b/configure.ac Wed Apr 17 18:50:36 2013 -0400
@@ -1,4 +1,4 @@
-AC_INIT([icedtea6],[1.11.10],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.11.11pre],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r 1fd1d5a12471 -r 7877650b6ba6 patches/openjdk/jaxws-tempfiles-ioutils-6.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/jaxws-tempfiles-ioutils-6.patch Wed Apr 17 18:50:36 2013 -0400
@@ -0,0 +1,176 @@
+diff -ru openjdk/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/org/jvnet/mimepull/TempFiles.java openjdk.new/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/org/jvnet/mimepull/TempFiles.java
+--- openjdk/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/org/jvnet/mimepull/TempFiles.java 2013-04-17 13:14:56.952315541 -0400
++++ openjdk.new/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/org/jvnet/mimepull/TempFiles.java 2013-04-17 13:14:20.578155775 -0400
+@@ -44,25 +44,47 @@
+ private static final Class<?> CLASS_PATH;
+ private static final Class<?> CLASS_FILE_ATTRIBUTE;
+ private static final Class<?> CLASS_FILE_ATTRIBUTES;
++ private static final Class<?> CLASS_IOUTILS;
+ private static final Method METHOD_FILE_TO_PATH;
+ private static final Method METHOD_FILES_CREATE_TEMP_FILE;
+ private static final Method METHOD_FILES_CREATE_TEMP_FILE_WITHPATH;
+-
++ private static final Method METHOD_IOUTILS_CREATE_TEMP_FILE;
++ private static final Method METHOD_IOUTILS_CREATE_TEMP_FILE_WITHDIR;
+ private static final Method METHOD_PATH_TO_FILE;
+
+ private static boolean useJdk6API;
++ private static boolean useFileAPI;
+
+ static {
+ useJdk6API = isJdk6();
+-
+- CLASS_FILES = safeGetClass("java.nio.file.Files");
+- CLASS_PATH = safeGetClass("java.nio.file.Path");
+- CLASS_FILE_ATTRIBUTE = safeGetClass("java.nio.file.attribute.FileAttribute");
+- CLASS_FILE_ATTRIBUTES = safeGetClass("[Ljava.nio.file.attribute.FileAttribute;");
+- METHOD_FILE_TO_PATH = safeGetMethod(File.class, "toPath");
+- METHOD_FILES_CREATE_TEMP_FILE = safeGetMethod(CLASS_FILES, "createTempFile", String.class, String.class, CLASS_FILE_ATTRIBUTES);
+- METHOD_FILES_CREATE_TEMP_FILE_WITHPATH = safeGetMethod(CLASS_FILES, "createTempFile", CLASS_PATH, String.class, String.class, CLASS_FILE_ATTRIBUTES);
+- METHOD_PATH_TO_FILE = safeGetMethod(CLASS_PATH, "toFile");
++ useFileAPI = false;
++
++ if (useJdk6API) {
++ CLASS_IOUTILS = safeGetClass("sun.misc.IOUtils");
++ METHOD_IOUTILS_CREATE_TEMP_FILE = safeGetMethod(CLASS_IOUTILS, "createTempFile", String.class, String.class);
++ METHOD_IOUTILS_CREATE_TEMP_FILE_WITHDIR = safeGetMethod(CLASS_IOUTILS, "createTempFile", String.class, String.class, File.class);
++ CLASS_FILES = null;
++ CLASS_PATH = null;
++ CLASS_FILE_ATTRIBUTE = null;
++ CLASS_FILE_ATTRIBUTES = null;
++ METHOD_FILE_TO_PATH = null;
++ METHOD_FILES_CREATE_TEMP_FILE = null;
++ METHOD_FILES_CREATE_TEMP_FILE_WITHPATH = null;
++ METHOD_PATH_TO_FILE = null;
++ }
++ else {
++ CLASS_FILES = safeGetClass("java.nio.file.Files");
++ CLASS_PATH = safeGetClass("java.nio.file.Path");
++ CLASS_FILE_ATTRIBUTE = safeGetClass("java.nio.file.attribute.FileAttribute");
++ CLASS_FILE_ATTRIBUTES = safeGetClass("[Ljava.nio.file.attribute.FileAttribute;");
++ METHOD_FILE_TO_PATH = safeGetMethod(File.class, "toPath");
++ METHOD_FILES_CREATE_TEMP_FILE = safeGetMethod(CLASS_FILES, "createTempFile", String.class, String.class, CLASS_FILE_ATTRIBUTES);
++ METHOD_FILES_CREATE_TEMP_FILE_WITHPATH = safeGetMethod(CLASS_FILES, "createTempFile", CLASS_PATH, String.class, String.class, CLASS_FILE_ATTRIBUTES);
++ METHOD_PATH_TO_FILE = safeGetMethod(CLASS_PATH, "toFile");
++ CLASS_IOUTILS = null;
++ METHOD_IOUTILS_CREATE_TEMP_FILE = null;
++ METHOD_IOUTILS_CREATE_TEMP_FILE_WITHDIR = null;
++ }
+ }
+
+ private static boolean isJdk6() {
+@@ -72,27 +94,27 @@
+ }
+
+ private static Class<?> safeGetClass(String className) {
+- // it is jdk 6 or something failed already before
+- if (useJdk6API) return null;
++ // Something failed already before
++ if (useFileAPI) return null;
+ try {
+ return Class.forName(className);
+ } catch (ClassNotFoundException e) {
+ LOGGER.log(Level.SEVERE, "Exception cought", e);
+ LOGGER.log(Level.WARNING, "Class {0} not found. Temp files will be created using old java.io API.", className);
+- useJdk6API = true;
++ useFileAPI = true;
+ return null;
+ }
+ }
+
+ private static Method safeGetMethod(Class<?> clazz, String methodName, Class<?>... parameterTypes) {
+- // it is jdk 6 or something failed already before
+- if (useJdk6API) return null;
++ // Something failed already before
++ if (useFileAPI) return null;
+ try {
+ return clazz.getMethod(methodName, parameterTypes);
+ } catch (NoSuchMethodException e) {
+ LOGGER.log(Level.SEVERE, "Exception cought", e);
+ LOGGER.log(Level.WARNING, "Method {0} not found. Temp files will be created using old java.io API.", methodName);
+- useJdk6API = true;
++ useFileAPI = true;
+ return null;
+ }
+ }
+@@ -107,37 +129,53 @@
+ }
+
+ static File createTempFile(String prefix, String suffix, File dir) throws IOException {
+-
+- if (useJdk6API) {
+- LOGGER.log(Level.FINEST, "Jdk6 detected, temp file (prefix:{0}, suffix:{1}) being created using old java.io API.", new Object[]{prefix, suffix});
+- return File.createTempFile(prefix, suffix, dir);
+-
+- } else {
+-
+- try {
+- if (dir != null) {
+- Object path = toPath(dir);
+- LOGGER.log(Level.FINEST, "Temp file (path: {0}, prefix:{1}, suffix:{2}) being created using NIO API.", new Object[]{dir.getAbsolutePath(), prefix, suffix});
+- return toFile(METHOD_FILES_CREATE_TEMP_FILE_WITHPATH.invoke(null, path, prefix, suffix, Array.newInstance(CLASS_FILE_ATTRIBUTE, 0)));
+- } else {
+- LOGGER.log(Level.FINEST, "Temp file (prefix:{0}, suffix:{1}) being created using NIO API.", new Object[]{prefix, suffix});
+- return toFile(METHOD_FILES_CREATE_TEMP_FILE.invoke(null, prefix, suffix, Array.newInstance(CLASS_FILE_ATTRIBUTE, 0)));
++ if (!useFileAPI) {
++ if (useJdk6API) { // Use IOUtils
++ LOGGER.log(Level.FINEST, "Jdk6 detected, temp file (prefix:{0}, suffix:{1}) being created using sun.misc.IOUtils.", new Object[]{prefix, suffix});
++ try {
++ if (dir != null) {
++ LOGGER.log(Level.FINEST, "Temp file (path: {0}, prefix:{1}, suffix:{2}) being created using sun.misc.IOUtils.", new Object[]{dir.getAbsolutePath(), prefix, suffix});
++ return (File) METHOD_IOUTILS_CREATE_TEMP_FILE_WITHDIR.invoke(null, prefix, suffix, dir);
++ }
++ else {
++ LOGGER.log(Level.FINEST, "Temp file (prefix:{0}, suffix:{1}) being created using sun.misc.IOUtils.", new Object[]{prefix, suffix});
++ return (File) METHOD_IOUTILS_CREATE_TEMP_FILE.invoke(null, prefix, suffix);
++ }
++ } catch (IllegalAccessException e) {
++ LOGGER.log(Level.SEVERE, "Exception caught", e);
++ LOGGER.log(Level.WARNING, "Error invoking sun.misc.IOUtils.createTempFile, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.",
++ new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix});
++ } catch (InvocationTargetException e) {
++ LOGGER.log(Level.SEVERE, "Exception caught", e);
++ LOGGER.log(Level.WARNING, "Error invoking sun.misc.IOUtils.createTempFile, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.",
++ new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix});
+ }
++ } else { // Use NIO API
+
+- } catch (IllegalAccessException e) {
+- LOGGER.log(Level.SEVERE, "Exception caught", e);
+- LOGGER.log(Level.WARNING, "Error invoking java.nio API, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.",
+- new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix});
+- return File.createTempFile(prefix, suffix, dir);
+-
+- } catch (InvocationTargetException e) {
+- LOGGER.log(Level.SEVERE, "Exception caught", e);
+- LOGGER.log(Level.WARNING, "Error invoking java.nio API, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.",
+- new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix});
+- return File.createTempFile(prefix, suffix, dir);
++ try {
++ if (dir != null) {
++ Object path = toPath(dir);
++ LOGGER.log(Level.FINEST, "Temp file (path: {0}, prefix:{1}, suffix:{2}) being created using NIO API.", new Object[]{dir.getAbsolutePath(), prefix, suffix});
++ return toFile(METHOD_FILES_CREATE_TEMP_FILE_WITHPATH.invoke(null, path, prefix, suffix, Array.newInstance(CLASS_FILE_ATTRIBUTE, 0)));
++ } else {
++ LOGGER.log(Level.FINEST, "Temp file (prefix:{0}, suffix:{1}) being created using NIO API.", new Object[]{prefix, suffix});
++ return toFile(METHOD_FILES_CREATE_TEMP_FILE.invoke(null, prefix, suffix, Array.newInstance(CLASS_FILE_ATTRIBUTE, 0)));
++ }
++
++ } catch (IllegalAccessException e) {
++ LOGGER.log(Level.SEVERE, "Exception caught", e);
++ LOGGER.log(Level.WARNING, "Error invoking java.nio API, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.",
++ new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix});
++ } catch (InvocationTargetException e) {
++ LOGGER.log(Level.SEVERE, "Exception caught", e);
++ LOGGER.log(Level.WARNING, "Error invoking java.nio API, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.",
++ new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix});
++ }
+ }
+ }
+-
++
++ // Use IO API
++ return File.createTempFile(prefix, suffix, dir);
+ }
+
+
More information about the distro-pkg-dev
mailing list