[PATCH][IcedTea6] Fix Backport from S6657673
Andrew Hughes
gnu.andrew at redhat.com
Mon Apr 22 14:11:38 PDT 2013
----- Original Message -----
> On 04/22/2013 01:23 PM, Elliott Baron wrote:
> > Hi,
> >
> > On 04/22/2013 12:08 PM, Andrew Hughes wrote:
> >> ----- Original Message -----
> >>> On 04/22/2013 11:59 AM, Andrew Hughes wrote:
> >>>> ----- Original Message -----
> >>>>> On 04/22/2013 07:03 AM, Andrew Hughes wrote:
> >>>>>> ----- Original Message -----
> >>>>>>> Hi Andrew,
> >>>>>>>
> >>>>>>> On 04/19/2013 02:59 PM, Andrew Hughes wrote:
> >>>>>>>> ----- Original Message -----
> >>>>>>>>> Hi,
> >>>>>>>>>
> >>>>>>>>> This patch improves our backport of the Java 7 S6657673
> >>>>>>>>> security fix.
> >>>>>>>>> This fixes a problem where
> >>>>>>>>> javax.xml.parsers.DocumentBuilderFactory.newInstance would
> >>>>>>>>> fail due to
> >>>>>>>>> package access restrictions on Xerces.
> >>>>>>>>> Okay to push?
> >>>>>>>>>
> >>>>>>>> No. If you're backporting patches, as has been said before, they
> >>>>>>>> should
> >>>>>>>> be in the openjdk directory named with the bug ID so they can be
> >>>>>>>> traced.
> >>>>>>>> This is hard for me to read now, never mind for long term
> >>>>>>>> maintenance.
> >>>>>>>>
> >>>>>>>>> Thanks,
> >>>>>>>>> Elliott
> >>>>>>>>>
> >>>>>>> There were actually a couple of patches I backported, and they
> >>>>>>> were just
> >>>>>>> partial backports. I didn't think it was suitable to classify it
> >>>>>>> as a
> >>>>>>> proper OpenJDK patch. The commit policy says only direct backports
> >>>>>>> should be placed in the openjdk subdirectory.
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> Elliott
> >>>>>>>
> >>>>>> Can you provide more details on:
> >>>>>>
> >>>>>> * The repository these changes came from and which changesets
> >>>>> From the ChangeLog:
> >>>>>> *
> >>>>>> patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch:
> >>>>>> Backported {parser,transform}.FactoryFinder fixes
> >>>>>> from jdk7u-dev changesets: 4a61ac055189 & 38d4d23d167c.
> >>>> Yes, I've seen this. Which repository?
> >>> http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxp
> >>>
> >>>>>> * What subset of the patches were used?
> >>>>> The first changeset 4a61ac055189: Adding the parameter
> >>>>> useBSClassLoader
> >>>>> to getProviderClass and newInstance. Other portions of the patch that
> >>>>> updated the usage of these two methods to include useBSClassLoader
> >>>>> were
> >>>>> also backported.
> >>>>> The second changeset 38d4d23d167c: Is a fixed backport of S6657673
> >>>>> for
> >>>>> these two FactoryFinder classes that actually sets useBSClassLoader.
> >>>>>
> >>>> Ok can we at least have these as two separate patches? I need to know
> >>>> what's going on if we're ever going to upstream this.
> >>> Alright, I will split them up.
> >>>
> >>> Thanks,
> >>> Elliott
> >>>
> >>>
> >> It would make it much easier to review.
> >>
> >> Thanks,
> >
> > Here are the split patches. The first patch is 7133220, the second is
> > 6557673.
> >
> > Thanks,
> > Elliott
>
> Here is the full changeset.
>
> Thanks,
> Elliott
>
It really still needs a NEWS update, but just commit it as is and I'll add it.
I'd rather not waste more time tonight and I need to add Roman's patch anyway.
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the distro-pkg-dev
mailing list