/hg/release/icedtea6-1.11: Fix Backport from S6657673.
ebaron at icedtea.classpath.org
ebaron at icedtea.classpath.org
Fri Apr 19 11:38:31 PDT 2013
changeset 5254d96fe90f in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=5254d96fe90f
author: Elliott Baron <ebaron at redhat.com>
date: Fri Apr 19 14:38:19 2013 -0400
Fix Backport from S6657673.
2013-04-19 Elliott Baron <ebaron at redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patch.
* patches/security/20130416/6657673.patch:
Removed {parser,transform}.FactoryFinder hunks.
* patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch:
Backported {parser,transform}.FactoryFinder fixes
from jdk7u-dev changesets: 4a61ac055189 & 38d4d23d167c.
* NEWS: Updated.
diffstat:
ChangeLog | 11 +
Makefile.am | 1 +
NEWS | 1 +
patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch | 303 ++++++++++
patches/security/20130416/6657673.patch | 51 -
5 files changed, 316 insertions(+), 51 deletions(-)
diffs (415 lines):
diff -r c5ac2dd72089 -r 5254d96fe90f ChangeLog
--- a/ChangeLog Fri Apr 19 11:44:10 2013 +0100
+++ b/ChangeLog Fri Apr 19 14:38:19 2013 -0400
@@ -1,3 +1,14 @@
+2013-04-19 Elliott Baron <ebaron at redhat.com>
+
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add new patch.
+ * patches/security/20130416/6657673.patch:
+ Removed {parser,transform}.FactoryFinder hunks.
+ * patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch:
+ Backported {parser,transform}.FactoryFinder fixes
+ from jdk7u-dev changesets: 4a61ac055189 & 38d4d23d167c.
+ * NEWS: Updated.
+
2013-04-19 Andrew John Hughes <gnu.andrew at redhat.com>
* NEWS: Add release date of 1.11.11.
diff -r c5ac2dd72089 -r 5254d96fe90f Makefile.am
--- a/Makefile.am Fri Apr 19 11:44:10 2013 +0100
+++ b/Makefile.am Fri Apr 19 14:38:19 2013 -0400
@@ -279,6 +279,7 @@
patches/openjdk/8004302-soap_test_failure.patch \
patches/security/20130416/6657673.patch \
patches/security/20130416/6657673-fixup.patch \
+ patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch \
patches/openjdk/6669869-queries_per_appcontext.patch \
patches/openjdk/5102804-memory_leak.patch \
patches/openjdk/6963811-deadlock_fix.patch \
diff -r c5ac2dd72089 -r 5254d96fe90f NEWS
--- a/NEWS Fri Apr 19 11:44:10 2013 +0100
+++ b/NEWS Fri Apr 19 14:38:19 2013 -0400
@@ -18,6 +18,7 @@
* Bug fixes
- PR1402: Support glibc < 2.17 with AArch64 patch
- Give xalan/xerces access to their own internal packages.
+ - Fix backport from S6657673.
New in release 1.11.10 (2013-04-17):
diff -r c5ac2dd72089 -r 5254d96fe90f patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch Fri Apr 19 14:38:19 2013 -0400
@@ -0,0 +1,303 @@
+diff -ur openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java openjdk.new/jaxp/openjdk/jaxp/drop_included_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java
+--- openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java 2013-04-19 12:18:45.225000000 -0400
++++ openjdk.new/jaxp/openjdk/jaxp/drop_included_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java 2013-04-19 11:53:01.791879226 -0400
+@@ -25,15 +25,12 @@
+
+ package javax.xml.parsers;
+
+-import java.io.File;
+-import java.io.FileInputStream;
+-
+-import java.util.Properties;
+ import java.io.BufferedReader;
++import java.io.File;
+ import java.io.IOException;
+ import java.io.InputStream;
+ import java.io.InputStreamReader;
+-import java.net.URL;
++import java.util.Properties;
+
+ /**
+ * <p>Implements pluggable Datatypes.</p>
+@@ -42,9 +39,10 @@
+ * sync. It is package private for secure class loading.</p>
+ *
+ * @author Santiago.PericasGeertsen at sun.com
++ * @author Huizhe.Wang at oracle.com
+ */
+ class FactoryFinder {
+-
++ private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal";
+ /**
+ * Internal debug flag.
+ */
+@@ -95,18 +93,24 @@
+ * If the class loader supplied is <code>null</code>, first try using the
+ * context class loader followed by the current (i.e. bootstrap) class
+ * loader.
++ *
++ * Use bootstrap classLoader if cl = null and useBSClsLoader is true
+ */
+ static private Class getProviderClass(String className, ClassLoader cl,
+- boolean doFallback) throws ClassNotFoundException
++ boolean doFallback, boolean useBSClsLoader) throws ClassNotFoundException
+ {
+ try {
+ if (cl == null) {
+- cl = ss.getContextClassLoader();
+- if (cl == null) {
+- throw new ClassNotFoundException();
+- }
+- else {
+- return cl.loadClass(className);
++ if (useBSClsLoader) {
++ return Class.forName(className, true, FactoryFinder.class.getClassLoader());
++ } else {
++ cl = ss.getContextClassLoader();
++ if (cl == null) {
++ throw new ClassNotFoundException();
++ }
++ else {
++ return cl.loadClass(className);
++ }
+ }
+ }
+ else {
+@@ -131,8 +135,8 @@
+ * @param className Name of the concrete class corresponding to the
+ * service provider
+ *
+- * @param cl ClassLoader to use to load the class, null means to use
+- * the bootstrap ClassLoader
++ * @param cl <code>ClassLoader</code> used to load the factory class. If <code>null</code>
++ * current <code>Thread</code>'s context classLoader is used to load the factory class.
+ *
+ * @param doFallback True if the current ClassLoader should be tried as
+ * a fallback if the class is not found using cl
+@@ -140,8 +144,38 @@
+ static Object newInstance(String className, ClassLoader cl, boolean doFallback)
+ throws ConfigurationError
+ {
++ return newInstance(className, cl, doFallback, false);
++ }
++
++ /**
++ * Create an instance of a class. Delegates to method
++ * <code>getProviderClass()</code> in order to load the class.
++ *
++ * @param className Name of the concrete class corresponding to the
++ * service provider
++ *
++ * @param cl <code>ClassLoader</code> used to load the factory class. If <code>null</code>
++ * current <code>Thread</code>'s context classLoader is used to load the factory class.
++ *
++ * @param doFallback True if the current ClassLoader should be tried as
++ * a fallback if the class is not found using cl
++ *
++ * @param useBSClsLoader True if cl=null actually meant bootstrap classLoader. This parameter
++ * is needed since DocumentBuilderFactory/SAXParserFactory defined null as context classLoader.
++ */
++ static Object newInstance(String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader)
++ throws ConfigurationError
++ {
++ // make sure we have access to restricted packages
++ if (System.getSecurityManager() != null) {
++ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
++ cl = null;
++ useBSClsLoader = true;
++ }
++ }
++
+ try {
+- Class providerClass = getProviderClass(className, cl, doFallback);
++ Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader);
+ Object instance = providerClass.newInstance();
+ if (debug) { // Extra check to avoid computing cl strings
+ dPrint("created new instance of " + providerClass +
+@@ -244,6 +278,7 @@
+
+ // First try the Context ClassLoader
+ ClassLoader cl = ss.getContextClassLoader();
++ boolean useBSClsLoader = false;
+ if (cl != null) {
+ is = ss.getResourceAsStream(cl, serviceId);
+
+@@ -251,11 +286,13 @@
+ if (is == null) {
+ cl = FactoryFinder.class.getClassLoader();
+ is = ss.getResourceAsStream(cl, serviceId);
++ useBSClsLoader = true;
+ }
+ } else {
+ // No Context ClassLoader, try the current ClassLoader
+ cl = FactoryFinder.class.getClassLoader();
+ is = ss.getResourceAsStream(cl, serviceId);
++ useBSClsLoader = true;
+ }
+
+ if (is == null) {
+@@ -293,7 +330,7 @@
+ // ClassLoader because we want to avoid the case where the
+ // resource file was found using one ClassLoader and the
+ // provider class was instantiated using a different one.
+- return newInstance(factoryClassName, cl, false);
++ return newInstance(factoryClassName, cl, false, useBSClsLoader);
+ }
+
+ // No provider found
+diff -ur openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java openjdk.new/jaxp/openjdk/jaxp/drop_included_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java
+--- openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java 2013-04-19 12:18:45.225000000 -0400
++++ openjdk.new/jaxp/openjdk/jaxp/drop_included_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java 2013-04-19 12:13:52.618746094 -0400
+@@ -42,8 +42,10 @@
+ * sync. It is package private for secure class loading.</p>
+ *
+ * @author Santiago.PericasGeertsen at sun.com
++ * @author Huizhe.Wang at oracle.com
+ */
+ class FactoryFinder {
++ private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xalan.internal.";
+
+ /**
+ * Internal debug flag.
+@@ -95,18 +97,24 @@
+ * If the class loader supplied is <code>null</code>, first try using the
+ * context class loader followed by the current (i.e. bootstrap) class
+ * loader.
++ *
++ * Use bootstrap classLoader if cl = null and useBSClsLoader is true
+ */
+ static private Class getProviderClass(String className, ClassLoader cl,
+- boolean doFallback) throws ClassNotFoundException
++ boolean doFallback, boolean useBSClsLoader) throws ClassNotFoundException
+ {
+ try {
+ if (cl == null) {
+- cl = ss.getContextClassLoader();
+- if (cl == null) {
+- throw new ClassNotFoundException();
+- }
+- else {
+- return cl.loadClass(className);
++ if (useBSClsLoader) {
++ return Class.forName(className, true, FactoryFinder.class.getClassLoader());
++ } else {
++ cl = ss.getContextClassLoader();
++ if (cl == null) {
++ throw new ClassNotFoundException();
++ }
++ else {
++ return cl.loadClass(className);
++ }
+ }
+ }
+ else {
+@@ -131,8 +139,8 @@
+ * @param className Name of the concrete class corresponding to the
+ * service provider
+ *
+- * @param cl ClassLoader to use to load the class, null means to use
+- * the bootstrap ClassLoader
++ * @param cl <code>ClassLoader</code> used to load the factory class. If <code>null</code>
++ * current <code>Thread</code>'s context classLoader is used to load the factory class.
+ *
+ * @param doFallback True if the current ClassLoader should be tried as
+ * a fallback if the class is not found using cl
+@@ -140,8 +148,38 @@
+ static Object newInstance(String className, ClassLoader cl, boolean doFallback)
+ throws ConfigurationError
+ {
++ return newInstance(className, cl, doFallback, false);
++ }
++
++ /**
++ * Create an instance of a class. Delegates to method
++ * <code>getProviderClass()</code> in order to load the class.
++ *
++ * @param className Name of the concrete class corresponding to the
++ * service provider
++ *
++ * @param cl <code>ClassLoader</code> used to load the factory class. If <code>null</code>
++ * current <code>Thread</code>'s context classLoader is used to load the factory class.
++ *
++ * @param doFallback True if the current ClassLoader should be tried as
++ * a fallback if the class is not found using cl
++ *
++ * @param useBSClsLoader True if cl=null actually meant bootstrap classLoader. This parameter
++ * is needed since DocumentBuilderFactory/SAXParserFactory defined null as context classLoader.
++ */
++ static Object newInstance(String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader)
++ throws ConfigurationError
++ {
++ // make sure we have access to restricted packages
++ if (System.getSecurityManager() != null) {
++ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
++ cl = null;
++ useBSClsLoader = true;
++ }
++ }
++
+ try {
+- Class providerClass = getProviderClass(className, cl, doFallback);
++ Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader);
+ Object instance = providerClass.newInstance();
+ if (debug) { // Extra check to avoid computing cl strings
+ dPrint("created new instance of " + providerClass +
+@@ -182,7 +220,7 @@
+ String systemProp = ss.getSystemProperty(factoryId);
+ if (systemProp != null) {
+ dPrint("found system property, value=" + systemProp);
+- return newInstance(systemProp, null, true);
++ return newInstance(systemProp, null, true, false);
+ }
+ }
+ catch (SecurityException se) {
+@@ -210,7 +248,7 @@
+
+ if (factoryClassName != null) {
+ dPrint("found in $java.home/jaxp.properties, value=" + factoryClassName);
+- return newInstance(factoryClassName, null, true);
++ return newInstance(factoryClassName, null, true, false);
+ }
+ }
+ catch (Exception ex) {
+@@ -228,7 +266,7 @@
+ }
+
+ dPrint("loaded from fallback value: " + fallbackClassName);
+- return newInstance(fallbackClassName, null, true);
++ return newInstance(fallbackClassName, null, true, false);
+ }
+
+ /*
+@@ -244,6 +282,7 @@
+
+ // First try the Context ClassLoader
+ ClassLoader cl = ss.getContextClassLoader();
++ boolean useBSClsLoader = false;
+ if (cl != null) {
+ is = ss.getResourceAsStream(cl, serviceId);
+
+@@ -251,11 +290,13 @@
+ if (is == null) {
+ cl = FactoryFinder.class.getClassLoader();
+ is = ss.getResourceAsStream(cl, serviceId);
+- }
++ useBSClsLoader = true;
++ }
+ } else {
+ // No Context ClassLoader, try the current ClassLoader
+ cl = FactoryFinder.class.getClassLoader();
+ is = ss.getResourceAsStream(cl, serviceId);
++ useBSClsLoader = true;
+ }
+
+ if (is == null) {
+@@ -293,7 +334,7 @@
+ // ClassLoader because we want to avoid the case where the
+ // resource file was found using one ClassLoader and the
+ // provider class was instantiated using a different one.
+- return newInstance(factoryClassName, cl, false);
++ return newInstance(factoryClassName, cl, false, useBSClsLoader);
+ }
+
+ // No provider found
diff -r c5ac2dd72089 -r 5254d96fe90f patches/security/20130416/6657673.patch
--- a/patches/security/20130416/6657673.patch Fri Apr 19 11:44:10 2013 +0100
+++ b/patches/security/20130416/6657673.patch Fri Apr 19 14:38:19 2013 -0400
@@ -8630,32 +8630,6 @@
}
// No provider found
-diff -Nru openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java
---- openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java 2013-04-16 14:28:09.788157518 +0100
-+++ openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java 2013-04-16 14:29:26.569394704 +0100
-@@ -44,7 +44,7 @@
- * @author Santiago.PericasGeertsen at sun.com
- */
- class FactoryFinder {
--
-+ private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal";
- /**
- * Internal debug flag.
- */
-@@ -140,6 +140,13 @@
- static Object newInstance(String className, ClassLoader cl, boolean doFallback)
- throws ConfigurationError
- {
-+ // make sure we have access to restricted packages
-+ if (System.getSecurityManager() != null) {
-+ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
-+ cl = null;
-+ }
-+ }
-+
- try {
- Class providerClass = getProviderClass(className, cl, doFallback);
- Object instance = providerClass.newInstance();
diff -Nru openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/stream/FactoryFinder.java openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/stream/FactoryFinder.java
--- openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/stream/FactoryFinder.java 2013-04-16 14:28:09.788157518 +0100
+++ openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/stream/FactoryFinder.java 2013-04-16 14:29:26.569394704 +0100
@@ -8815,31 +8789,6 @@
}
// No provider found
-diff -Nru openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java
---- openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java 2013-04-16 14:28:09.792157582 +0100
-+++ openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java 2013-04-16 14:29:26.569394704 +0100
-@@ -44,6 +44,7 @@
- * @author Santiago.PericasGeertsen at sun.com
- */
- class FactoryFinder {
-+ private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xalan.internal.";
-
- /**
- * Internal debug flag.
-@@ -140,6 +141,13 @@
- static Object newInstance(String className, ClassLoader cl, boolean doFallback)
- throws ConfigurationError
- {
-+ // make sure we have access to restricted packages
-+ if (System.getSecurityManager() != null) {
-+ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
-+ cl = null;
-+ }
-+ }
-+
- try {
- Class providerClass = getProviderClass(className, cl, doFallback);
- Object instance = providerClass.newInstance();
diff -Nru openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java
--- openjdk.orig/jaxp/drop_included/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java 2013-04-16 14:28:09.800157711 +0100
+++ openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java 2013-04-16 14:29:26.569394704 +0100
More information about the distro-pkg-dev
mailing list