[PATCH][IcedTea6] Fix Backport from S6657673
Andrew Hughes
gnu.andrew at redhat.com
Mon Apr 22 09:08:05 PDT 2013
----- Original Message -----
> On 04/22/2013 11:59 AM, Andrew Hughes wrote:
> >
> > ----- Original Message -----
> >> On 04/22/2013 07:03 AM, Andrew Hughes wrote:
> >>> ----- Original Message -----
> >>>> Hi Andrew,
> >>>>
> >>>> On 04/19/2013 02:59 PM, Andrew Hughes wrote:
> >>>>> ----- Original Message -----
> >>>>>> Hi,
> >>>>>>
> >>>>>> This patch improves our backport of the Java 7 S6657673 security fix.
> >>>>>> This fixes a problem where
> >>>>>> javax.xml.parsers.DocumentBuilderFactory.newInstance would fail due to
> >>>>>> package access restrictions on Xerces.
> >>>>>> Okay to push?
> >>>>>>
> >>>>> No. If you're backporting patches, as has been said before, they
> >>>>> should
> >>>>> be in the openjdk directory named with the bug ID so they can be
> >>>>> traced.
> >>>>> This is hard for me to read now, never mind for long term maintenance.
> >>>>>
> >>>>>> Thanks,
> >>>>>> Elliott
> >>>>>>
> >>>> There were actually a couple of patches I backported, and they were just
> >>>> partial backports. I didn't think it was suitable to classify it as a
> >>>> proper OpenJDK patch. The commit policy says only direct backports
> >>>> should be placed in the openjdk subdirectory.
> >>>>
> >>>> Thanks,
> >>>> Elliott
> >>>>
> >>> Can you provide more details on:
> >>>
> >>> * The repository these changes came from and which changesets
> >> From the ChangeLog:
> >>> * patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch:
> >>> Backported {parser,transform}.FactoryFinder fixes
> >>> from jdk7u-dev changesets: 4a61ac055189 & 38d4d23d167c.
> > Yes, I've seen this. Which repository?
>
> http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxp
>
> >
> >>> * What subset of the patches were used?
> >> The first changeset 4a61ac055189: Adding the parameter useBSClassLoader
> >> to getProviderClass and newInstance. Other portions of the patch that
> >> updated the usage of these two methods to include useBSClassLoader were
> >> also backported.
> >> The second changeset 38d4d23d167c: Is a fixed backport of S6657673 for
> >> these two FactoryFinder classes that actually sets useBSClassLoader.
> >>
> > Ok can we at least have these as two separate patches? I need to know
> > what's going on if we're ever going to upstream this.
>
> Alright, I will split them up.
>
> Thanks,
> Elliott
>
>
It would make it much easier to review.
Thanks,
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the distro-pkg-dev
mailing list