/hg/release/icedtea6-1.11: Fix Backport from S6657673.

ebaron at icedtea.classpath.org ebaron at icedtea.classpath.org
Fri Apr 19 11:38:31 PDT 2013


changeset 5254d96fe90f in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=5254d96fe90f
author: Elliott Baron <ebaron at redhat.com>
date: Fri Apr 19 14:38:19 2013 -0400

	Fix Backport from S6657673.

	2013-04-19  Elliott Baron  <ebaron at redhat.com>

	  * Makefile.am:
	  (ICEDTEA_PATCHES): Add new patch.
	  * patches/security/20130416/6657673.patch:
	  Removed {parser,transform}.FactoryFinder hunks.
	  * patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch:
	  Backported {parser,transform}.FactoryFinder fixes
	  from jdk7u-dev changesets: 4a61ac055189 & 38d4d23d167c.
	  * NEWS: Updated.


diffstat:

 ChangeLog                                                           |   11 +
 Makefile.am                                                         |    1 +
 NEWS                                                                |    1 +
 patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch |  303 ++++++++++
 patches/security/20130416/6657673.patch                             |   51 -
 5 files changed, 316 insertions(+), 51 deletions(-)

diffs (415 lines):

diff -r c5ac2dd72089 -r 5254d96fe90f ChangeLog
--- a/ChangeLog	Fri Apr 19 11:44:10 2013 +0100
+++ b/ChangeLog	Fri Apr 19 14:38:19 2013 -0400
@@ -1,3 +1,14 @@
+2013-04-19  Elliott Baron  <ebaron at redhat.com>
+
+	* Makefile.am:
+	(ICEDTEA_PATCHES): Add new patch.
+	* patches/security/20130416/6657673.patch:
+	Removed {parser,transform}.FactoryFinder hunks.
+	* patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch:
+	Backported {parser,transform}.FactoryFinder fixes
+	from jdk7u-dev changesets: 4a61ac055189 & 38d4d23d167c.
+	* NEWS: Updated.
+
 2013-04-19  Andrew John Hughes  <gnu.andrew at redhat.com>
 
 	* NEWS: Add release date of 1.11.11.
diff -r c5ac2dd72089 -r 5254d96fe90f Makefile.am
--- a/Makefile.am	Fri Apr 19 11:44:10 2013 +0100
+++ b/Makefile.am	Fri Apr 19 14:38:19 2013 -0400
@@ -279,6 +279,7 @@
 	patches/openjdk/8004302-soap_test_failure.patch \
 	patches/security/20130416/6657673.patch \
 	patches/security/20130416/6657673-fixup.patch \
+	patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch \
 	patches/openjdk/6669869-queries_per_appcontext.patch \
 	patches/openjdk/5102804-memory_leak.patch \
 	patches/openjdk/6963811-deadlock_fix.patch \
diff -r c5ac2dd72089 -r 5254d96fe90f NEWS
--- a/NEWS	Fri Apr 19 11:44:10 2013 +0100
+++ b/NEWS	Fri Apr 19 14:38:19 2013 -0400
@@ -18,6 +18,7 @@
 * Bug fixes
   - PR1402: Support glibc < 2.17 with AArch64 patch
   - Give xalan/xerces access to their own internal packages.
+  - Fix backport from S6657673.
 
 New in release 1.11.10 (2013-04-17):
 
diff -r c5ac2dd72089 -r 5254d96fe90f patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch	Fri Apr 19 14:38:19 2013 -0400
@@ -0,0 +1,303 @@
+diff -ur openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java openjdk.new/jaxp/openjdk/jaxp/drop_included_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java
+--- openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java	2013-04-19 12:18:45.225000000 -0400
++++ openjdk.new/jaxp/openjdk/jaxp/drop_included_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java	2013-04-19 11:53:01.791879226 -0400
+@@ -25,15 +25,12 @@
+ 
+ package javax.xml.parsers;
+ 
+-import java.io.File;
+-import java.io.FileInputStream;
+-
+-import java.util.Properties;
+ import java.io.BufferedReader;
++import java.io.File;
+ import java.io.IOException;
+ import java.io.InputStream;
+ import java.io.InputStreamReader;
+-import java.net.URL;
++import java.util.Properties;
+ 
+ /**
+  * <p>Implements pluggable Datatypes.</p>
+@@ -42,9 +39,10 @@
+  * sync.  It is package private for secure class loading.</p>
+  *
+  * @author Santiago.PericasGeertsen at sun.com
++ * @author Huizhe.Wang at oracle.com
+  */
+ class FactoryFinder {
+-    
++    private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal";
+     /**
+      * Internal debug flag.
+      */
+@@ -95,18 +93,24 @@
+      * If the class loader supplied is <code>null</code>, first try using the
+      * context class loader followed by the current (i.e. bootstrap) class
+      * loader. 
++     *
++     * Use bootstrap classLoader if cl = null and useBSClsLoader is true
+      */
+     static private Class getProviderClass(String className, ClassLoader cl,
+-            boolean doFallback) throws ClassNotFoundException 
++            boolean doFallback, boolean useBSClsLoader) throws ClassNotFoundException
+     {
+         try {
+             if (cl == null) {
+-                cl = ss.getContextClassLoader();
+-                if (cl == null) {
+-                    throw new ClassNotFoundException();
+-                }
+-                else {
+-                    return cl.loadClass(className);
++                if (useBSClsLoader) {
++                    return Class.forName(className, true, FactoryFinder.class.getClassLoader());
++                } else {
++                    cl = ss.getContextClassLoader();
++                    if (cl == null) {
++                        throw new ClassNotFoundException();
++                    }
++                    else {
++                        return cl.loadClass(className);
++                    }
+                 }
+             } 
+             else {
+@@ -131,8 +135,8 @@
+      * @param className Name of the concrete class corresponding to the
+      * service provider
+      *
+-     * @param cl ClassLoader to use to load the class, null means to use
+-     * the bootstrap ClassLoader
++     * @param cl <code>ClassLoader</code> used to load the factory class. If <code>null</code>
++     * current <code>Thread</code>'s context classLoader is used to load the factory class.
+      *
+      * @param doFallback True if the current ClassLoader should be tried as
+      * a fallback if the class is not found using cl
+@@ -140,8 +144,38 @@
+     static Object newInstance(String className, ClassLoader cl, boolean doFallback)
+         throws ConfigurationError
+     {
++        return newInstance(className, cl, doFallback, false);
++    }
++
++    /**
++     * Create an instance of a class. Delegates to method
++     * <code>getProviderClass()</code> in order to load the class.
++     *
++     * @param className Name of the concrete class corresponding to the
++     * service provider
++     *
++     * @param cl <code>ClassLoader</code> used to load the factory class. If <code>null</code>
++     * current <code>Thread</code>'s context classLoader is used to load the factory class.
++     *
++     * @param doFallback True if the current ClassLoader should be tried as
++     * a fallback if the class is not found using cl
++     *
++     * @param useBSClsLoader True if cl=null actually meant bootstrap classLoader. This parameter
++     * is needed since DocumentBuilderFactory/SAXParserFactory defined null as context classLoader.
++     */
++    static Object newInstance(String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader)
++        throws ConfigurationError
++    {
++        // make sure we have access to restricted packages
++        if (System.getSecurityManager() != null) {
++            if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
++                cl = null;
++                useBSClsLoader = true;
++            }
++        }
++
+         try {
+-            Class providerClass = getProviderClass(className, cl, doFallback);                        
++            Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader);
+             Object instance = providerClass.newInstance();
+             if (debug) {    // Extra check to avoid computing cl strings
+                 dPrint("created new instance of " + providerClass +
+@@ -244,6 +278,7 @@
+         
+         // First try the Context ClassLoader
+         ClassLoader cl = ss.getContextClassLoader();
++        boolean useBSClsLoader = false;
+         if (cl != null) {
+             is = ss.getResourceAsStream(cl, serviceId);
+             
+@@ -251,11 +286,13 @@
+             if (is == null) {
+                 cl = FactoryFinder.class.getClassLoader();                
+                 is = ss.getResourceAsStream(cl, serviceId);
++                useBSClsLoader = true;
+             }
+         } else {
+             // No Context ClassLoader, try the current ClassLoader
+             cl = FactoryFinder.class.getClassLoader();
+             is = ss.getResourceAsStream(cl, serviceId);
++            useBSClsLoader = true;
+         }
+         
+         if (is == null) {
+@@ -293,7 +330,7 @@
+             // ClassLoader because we want to avoid the case where the
+             // resource file was found using one ClassLoader and the
+             // provider class was instantiated using a different one.
+-            return newInstance(factoryClassName, cl, false);
++            return newInstance(factoryClassName, cl, false, useBSClsLoader);
+         }
+         
+         // No provider found
+diff -ur openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java openjdk.new/jaxp/openjdk/jaxp/drop_included_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java
+--- openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java	2013-04-19 12:18:45.225000000 -0400
++++ openjdk.new/jaxp/openjdk/jaxp/drop_included_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java	2013-04-19 12:13:52.618746094 -0400
+@@ -42,8 +42,10 @@
+  * sync.  It is package private for secure class loading.</p>
+  *
+  * @author Santiago.PericasGeertsen at sun.com
++ * @author Huizhe.Wang at oracle.com
+  */
+ class FactoryFinder {
++    private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xalan.internal.";
+     
+     /**
+      * Internal debug flag.
+@@ -95,18 +97,24 @@
+      * If the class loader supplied is <code>null</code>, first try using the
+      * context class loader followed by the current (i.e. bootstrap) class
+      * loader. 
++     *
++     * Use bootstrap classLoader if cl = null and useBSClsLoader is true
+      */
+     static private Class getProviderClass(String className, ClassLoader cl,
+-            boolean doFallback) throws ClassNotFoundException 
++            boolean doFallback, boolean useBSClsLoader) throws ClassNotFoundException
+     {
+         try {
+             if (cl == null) {
+-                cl = ss.getContextClassLoader();
+-                if (cl == null) {
+-                    throw new ClassNotFoundException();
+-                }
+-                else {
+-                    return cl.loadClass(className);
++                if (useBSClsLoader) {
++                    return Class.forName(className, true, FactoryFinder.class.getClassLoader());
++                } else {
++                    cl = ss.getContextClassLoader();
++                    if (cl == null) {
++                        throw new ClassNotFoundException();
++                    }
++                    else {
++                        return cl.loadClass(className);
++                    }
+                 }
+             } 
+             else {
+@@ -131,8 +139,8 @@
+      * @param className Name of the concrete class corresponding to the
+      * service provider
+      *
+-     * @param cl ClassLoader to use to load the class, null means to use
+-     * the bootstrap ClassLoader
++     * @param cl <code>ClassLoader</code> used to load the factory class. If <code>null</code>
++     * current <code>Thread</code>'s context classLoader is used to load the factory class.
+      *
+      * @param doFallback True if the current ClassLoader should be tried as
+      * a fallback if the class is not found using cl
+@@ -140,8 +148,38 @@
+     static Object newInstance(String className, ClassLoader cl, boolean doFallback)
+         throws ConfigurationError
+     {
++        return newInstance(className, cl, doFallback, false);
++    }
++
++    /**
++     * Create an instance of a class. Delegates to method
++     * <code>getProviderClass()</code> in order to load the class.
++     *
++     * @param className Name of the concrete class corresponding to the
++     * service provider
++     *
++     * @param cl <code>ClassLoader</code> used to load the factory class. If <code>null</code>
++     * current <code>Thread</code>'s context classLoader is used to load the factory class.
++     *
++     * @param doFallback True if the current ClassLoader should be tried as
++     * a fallback if the class is not found using cl
++     *
++     * @param useBSClsLoader True if cl=null actually meant bootstrap classLoader. This parameter
++     * is needed since DocumentBuilderFactory/SAXParserFactory defined null as context classLoader.
++     */
++    static Object newInstance(String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader)
++        throws ConfigurationError
++    {
++        // make sure we have access to restricted packages
++        if (System.getSecurityManager() != null) {
++            if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
++                cl = null;
++                useBSClsLoader = true;
++            }
++        }
++
+         try {
+-            Class providerClass = getProviderClass(className, cl, doFallback);                        
++            Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader);                        
+             Object instance = providerClass.newInstance();
+             if (debug) {    // Extra check to avoid computing cl strings
+                 dPrint("created new instance of " + providerClass +
+@@ -182,7 +220,7 @@
+             String systemProp = ss.getSystemProperty(factoryId);
+             if (systemProp != null) {                
+                 dPrint("found system property, value=" + systemProp);
+-                return newInstance(systemProp, null, true);
++                return newInstance(systemProp, null, true, false);
+             }
+         } 
+         catch (SecurityException se) {
+@@ -210,7 +248,7 @@
+ 
+             if (factoryClassName != null) {
+                 dPrint("found in $java.home/jaxp.properties, value=" + factoryClassName);
+-                return newInstance(factoryClassName, null, true);
++                return newInstance(factoryClassName, null, true, false);
+             }
+         } 
+         catch (Exception ex) {
+@@ -228,7 +266,7 @@
+         }
+ 
+         dPrint("loaded from fallback value: " + fallbackClassName);
+-        return newInstance(fallbackClassName, null, true);
++        return newInstance(fallbackClassName, null, true, false);
+     }
+     
+     /*
+@@ -244,6 +282,7 @@
+         
+         // First try the Context ClassLoader
+         ClassLoader cl = ss.getContextClassLoader();
++        boolean useBSClsLoader = false;
+         if (cl != null) {
+             is = ss.getResourceAsStream(cl, serviceId);
+             
+@@ -251,11 +290,13 @@
+             if (is == null) {
+                 cl = FactoryFinder.class.getClassLoader();                
+                 is = ss.getResourceAsStream(cl, serviceId);
+-            }
++                useBSClsLoader = true;
++           }
+         } else {
+             // No Context ClassLoader, try the current ClassLoader
+             cl = FactoryFinder.class.getClassLoader();
+             is = ss.getResourceAsStream(cl, serviceId);
++            useBSClsLoader = true;
+         }
+         
+         if (is == null) {
+@@ -293,7 +334,7 @@
+             // ClassLoader because we want to avoid the case where the
+             // resource file was found using one ClassLoader and the
+             // provider class was instantiated using a different one.
+-            return newInstance(factoryClassName, cl, false);
++            return newInstance(factoryClassName, cl, false, useBSClsLoader);
+         }
+         
+         // No provider found
diff -r c5ac2dd72089 -r 5254d96fe90f patches/security/20130416/6657673.patch
--- a/patches/security/20130416/6657673.patch	Fri Apr 19 11:44:10 2013 +0100
+++ b/patches/security/20130416/6657673.patch	Fri Apr 19 14:38:19 2013 -0400
@@ -8630,32 +8630,6 @@
          }
          
          // No provider found
-diff -Nru openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java
---- openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java	2013-04-16 14:28:09.788157518 +0100
-+++ openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java	2013-04-16 14:29:26.569394704 +0100
-@@ -44,7 +44,7 @@
-  * @author Santiago.PericasGeertsen at sun.com
-  */
- class FactoryFinder {
--    
-+    private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal";
-     /**
-      * Internal debug flag.
-      */
-@@ -140,6 +140,13 @@
-     static Object newInstance(String className, ClassLoader cl, boolean doFallback)
-         throws ConfigurationError
-     {
-+        // make sure we have access to restricted packages
-+        if (System.getSecurityManager() != null) {
-+            if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
-+                cl = null;
-+            }
-+        }
-+
-         try {
-             Class providerClass = getProviderClass(className, cl, doFallback);                        
-             Object instance = providerClass.newInstance();
 diff -Nru openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/stream/FactoryFinder.java openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/stream/FactoryFinder.java
 --- openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/stream/FactoryFinder.java	2013-04-16 14:28:09.788157518 +0100
 +++ openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/stream/FactoryFinder.java	2013-04-16 14:29:26.569394704 +0100
@@ -8815,31 +8789,6 @@
          }
  
          // No provider found
-diff -Nru openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java
---- openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java	2013-04-16 14:28:09.792157582 +0100
-+++ openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java	2013-04-16 14:29:26.569394704 +0100
-@@ -44,6 +44,7 @@
-  * @author Santiago.PericasGeertsen at sun.com
-  */
- class FactoryFinder {
-+    private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xalan.internal.";
-     
-     /**
-      * Internal debug flag.
-@@ -140,6 +141,13 @@
-     static Object newInstance(String className, ClassLoader cl, boolean doFallback)
-         throws ConfigurationError
-     {
-+        // make sure we have access to restricted packages
-+        if (System.getSecurityManager() != null) {
-+            if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
-+                cl = null;
-+            }
-+        }
-+
-         try {
-             Class providerClass = getProviderClass(className, cl, doFallback);                        
-             Object instance = providerClass.newInstance();
 diff -Nru openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java
 --- openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java	2013-04-16 14:28:09.800157711 +0100
 +++ openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java	2013-04-16 14:29:26.569394704 +0100



More information about the distro-pkg-dev mailing list