/hg/release/icedtea6-1.11: 2 new changesets
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Wed Jan 15 09:53:40 PST 2014
changeset 4fbd0af15397 in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=4fbd0af15397
author: Omair Majid <omajid at redhat.com>
date: Fri Jan 10 18:13:33 2014 -0500
Fix path in nss-not-enabled-config.patch
changeset a3249839270a in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=a3249839270a
author: Omair Majid <omajid at redhat.com>
date: Wed Jan 15 12:52:12 2014 -0500
Add 20140114 CPU patches
diffstat:
ChangeLog | 42 +
Makefile.am | 36 +-
NEWS | 36 +
patches/ecj/override.patch | 160 +
patches/nss-not-enabled-config.patch | 4 +-
patches/security/20140114/6995424-deprecated_dependency.patch | 180 +
patches/security/20140114/7068126-snmp_status.patch | 372 +
patches/security/20140114/8010935-xml_handling.patch | 818 ++
patches/security/20140114/8011786-networking.patch | 394 +
patches/security/20140114/8021257-restrict_package.corba.patch | 194 +
patches/security/20140114/8021257-restrict_package.jdk.patch | 78 +
patches/security/20140114/8022904-jdbc.patch | 83 +
patches/security/20140114/8022927-conversions.patch | 158 +
patches/security/20140114/8022935-resolver_classes.patch | 163 +
patches/security/20140114/8022945-jndi.patch | 66 +
patches/security/20140114/8023057-splashscreen.patch | 96 +
patches/security/20140114/8023069-tls.patch | 627 ++
patches/security/20140114/8023245-beans_decoding.patch | 34 +
patches/security/20140114/8023301-generic_classes.patch | 125 +
patches/security/20140114/8023672-jar_validation.patch | 24 +
patches/security/20140114/8024306-subject_consistency.patch | 24 +
patches/security/20140114/8024530-font_process.patch | 2933 ++++++++++
patches/security/20140114/8024867-logging.patch | 44 +
patches/security/20140114/8025014-security_policy.patch | 185 +
patches/security/20140114/8025018-jaxp_setup.patch | 58 +
patches/security/20140114/8025026-canonicalization.patch | 132 +
patches/security/20140114/8025034-layout_lookups.patch | 48 +
patches/security/20140114/8025448-swing_listening.patch | 31 +
patches/security/20140114/8025758-naming.patch | 218 +
patches/security/20140114/8025767-corba_iiop_streams.patch | 738 ++
patches/security/20140114/8026172-ui_management.patch | 28 +
patches/security/20140114/8026176-document_printing.patch | 24 +
patches/security/20140114/8026193-corba_stub_factories.patch | 100 +
patches/security/20140114/8026204-auth_login_contexts.patch | 307 +
patches/security/20140114/8026417-xml_canonicalization.patch | 201 +
patches/security/20140114/8026826-fix_build.patch | 639 ++
patches/security/20140114/8027201-jaxp_setup.patch | 197 +
37 files changed, 9593 insertions(+), 4 deletions(-)
diffs (truncated from 9773 to 500 lines):
diff -r 6901d30f4321 -r a3249839270a ChangeLog
--- a/ChangeLog Wed Nov 13 03:58:58 2013 +0000
+++ b/ChangeLog Wed Jan 15 12:52:12 2014 -0500
@@ -1,3 +1,45 @@
+2014-01-15 Omair Majid <omajid at redhat.com>
+
+ * Makefile (SECURITY_PATCHES): Add patches.
+ * patches/security/20140114/6995424-deprecated_dependency.patch,
+ * patches/security/20140114/7068126-snmp_status.patch,
+ * patches/security/20140114/8010935-xml_handling.patch,
+ * patches/security/20140114/8011786-networking.patch,
+ * patches/security/20140114/8021257-restrict_package.corba.patch,
+ * patches/security/20140114/8021257-restrict_package.jdk.patch,
+ * patches/security/20140114/8022904-jdbc.patch,
+ * patches/security/20140114/8022927-conversions.patch,
+ * patches/security/20140114/8022935-resolver_classes.patch,
+ * patches/security/20140114/8022945-jndi.patch,
+ * patches/security/20140114/8023057-splashscreen.patch,
+ * patches/security/20140114/8023069-tls.patch,
+ * patches/security/20140114/8023245-beans_decoding.patch,
+ * patches/security/20140114/8023301-generic_classes.patch,
+ * patches/security/20140114/8023672-jar_validation.patch,
+ * patches/security/20140114/8024306-subject_consistency.patch,
+ * patches/security/20140114/8024530-font_process.patch,
+ * patches/security/20140114/8024867-logging.patch,
+ * patches/security/20140114/8025014-security_policy.patch,
+ * patches/security/20140114/8025018-jaxp_setup.patch,
+ * patches/security/20140114/8025026-canonicalization.patch,
+ * patches/security/20140114/8025034-layout_lookups.patch,
+ * patches/security/20140114/8025448-swing_listening.patch,
+ * patches/security/20140114/8025758-naming.patch,
+ * patches/security/20140114/8025767-corba_iiop_streams.patch,
+ * patches/security/20140114/8026172-ui_management.patch,
+ * patches/security/20140114/8026176-document_printing.patch,
+ * patches/security/20140114/8026193-corba_stub_factories.patch,
+ * patches/security/20140114/8026204-auth_login_contexts.patch,
+ * patches/security/20140114/8026417-xml_canonicalization.patch,
+ * patches/security/20140114/8026826-fix_build.patch,
+ * patches/security/20140114/8027201-jaxp_setup.patch:
+ New file for CPU update.
+
+2014-01-10 Omair Majid <omajid at redhat.com>
+
+ * patches/nss-not-enabled-config.patch: Fix path
+ to java.security.
+
2013-11-13 Andrew John Hughes <gnu.andrew at redhat.com>
* configure.ac: Set to 1.11.15pre.
diff -r 6901d30f4321 -r a3249839270a Makefile.am
--- a/Makefile.am Wed Nov 13 03:58:58 2013 +0000
+++ b/Makefile.am Wed Jan 15 12:52:12 2014 -0500
@@ -494,7 +494,40 @@
patches/openjdk/8003992-embedded_nulls.patch \
patches/openjdk/8013827-createtempfile_hang.patch \
patches/openjdk/8025128-createtempfile_absolute_prefix.patch \
- patches/openjdk/oj6-21-overrides.patch
+ patches/openjdk/oj6-21-overrides.patch \
+ patches/security/20140114/6995424-deprecated_dependency.patch \
+ patches/security/20140114/7068126-snmp_status.patch \
+ patches/openjdk//8009530-icu_kern_table_support_broken.patch \
+ patches/security/20140114/8010935-xml_handling.patch \
+ patches/security/20140114/8011786-networking.patch \
+ patches/security/20140114/8021257-restrict_package.corba.patch \
+ patches/security/20140114/8021257-restrict_package.jdk.patch \
+ patches/security/20140114/8022904-jdbc.patch \
+ patches/security/20140114/8022927-conversions.patch \
+ patches/security/20140114/8022935-resolver_classes.patch \
+ patches/security/20140114/8022945-jndi.patch \
+ patches/security/20140114/8023057-splashscreen.patch \
+ patches/security/20140114/8023069-tls.patch \
+ patches/security/20140114/8023245-beans_decoding.patch \
+ patches/security/20140114/8023301-generic_classes.patch \
+ patches/security/20140114/8023672-jar_validation.patch \
+ patches/security/20140114/8024306-subject_consistency.patch \
+ patches/security/20140114/8024530-font_process.patch \
+ patches/security/20140114/8024867-logging.patch \
+ patches/security/20140114/8025014-security_policy.patch \
+ patches/security/20140114/8025018-jaxp_setup.patch \
+ patches/security/20140114/8025026-canonicalization.patch \
+ patches/security/20140114/8025034-layout_lookups.patch \
+ patches/security/20140114/8025448-swing_listening.patch \
+ patches/security/20140114/8025758-naming.patch \
+ patches/security/20140114/8025767-corba_iiop_streams.patch \
+ patches/security/20140114/8026172-ui_management.patch \
+ patches/security/20140114/8026176-document_printing.patch \
+ patches/security/20140114/8026193-corba_stub_factories.patch \
+ patches/security/20140114/8026204-auth_login_contexts.patch \
+ patches/security/20140114/8026417-xml_canonicalization.patch \
+ patches/security/20140114/8026826-fix_build.patch \
+ patches/security/20140114/8027201-jaxp_setup.patch
SPECIAL_SECURITY_PATCH_1 = patches/security/20120214/7112642.patch
SPECIAL_SECURITY_PATCH_2 = patches/security/20130618/8009071-improve_shape_handling.patch
@@ -726,7 +759,6 @@
patches/aarch64.patch \
patches/jaxws-tempfiles-ioutils-6.patch \
patches/object-factory-cl-internal.patch \
- patches/openjdk/8009530-icu_kern_table_support_broken.patch \
patches/openjdk/7171223-strict_aliasing.patch \
patches/openjdk/8009165-inappropriate_method_in_reflectutil.patch \
patches/openjdk/8009217-fix_test_compile.patch \
diff -r 6901d30f4321 -r a3249839270a NEWS
--- a/NEWS Wed Nov 13 03:58:58 2013 +0000
+++ b/NEWS Wed Jan 15 12:52:12 2014 -0500
@@ -13,6 +13,42 @@
New in release 1.11.15 (2014-XX-XX):
+* Security fixes
+ - S6727821: Enhance JAAS Configuration
+ - S7068126, CVE-2014-0373: Enhance SNMP status
+ - S8010935: Better XML handling
+ - S8011786, CVE-2014-0368: Better applet networking
+ - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list
+ - S8022904: Enhance JDBC Parsers
+ - S8022927: Input validation for byte/endian conversions
+ - S8022935: Enhance Apache resolver classes
+ - S8022945: Enhance JNDI implementation classes
+ - S8023057: Enhance start up image display
+ - S8023069, CVE-2014-0411: Enhance TLS connections
+ - S8023245, CVE-2014-0423: Enhance Beans decoding
+ - S8023301: Enhance generic classes
+ - S8023672: Enhance jar file validation
+ - S8024306, CVE-2014-0416: Enhance Subject consistency
+ - S8024530: Enhance font process resilience
+ - S8024867: Enhance logging start up
+ - S8025014: Enhance Security Policy
+ - S8025018, CVE-2014-0376: Enhance JAX-P set up
+ - S8025026, CVE-2013-5878: Enhance canonicalization
+ - S8025034, CVE-2013-5907: Improve layout lookups
+ - S8025448: Enhance listening events
+ - S8025758, CVE-2014-0422: Enhance Naming management
+ - S8025767, CVE-2014-0428: Enhance IIOP Streams
+ - S8026172: Enhance UI Management
+ - S8026176: Enhance document printing
+ - S8026193, CVE-2013-5884: Enhance CORBA stub factories
+ - S8026204: Enhance auth login contexts
+ - S8026417, CVE-2013-5910: Enhance XML canonicalization
+ - S8027201, CVE-2014-0376: Enhance JAX-P set up
+* Bug fixes
+ - S8026826: JDK 7 fix for 8010935 broke the build
+* Backports
+ - S6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile
+
New in release 1.11.14 (2013-11-13):
* Security fixes
diff -r 6901d30f4321 -r a3249839270a patches/ecj/override.patch
--- a/patches/ecj/override.patch Wed Nov 13 03:58:58 2013 +0000
+++ b/patches/ecj/override.patch Wed Jan 15 12:52:12 2014 -0500
@@ -310,3 +310,163 @@
public final void close() {
open = false;
synchronized (AbstractMidiDevice.this.traRecLock) {
+diff -ruN openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/corba/AnyImpl.java openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/corba/AnyImpl.java
+--- openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/corba/AnyImpl.java 2014-01-10 16:24:15.000000000 -0500
++++ openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/corba/AnyImpl.java 2014-01-14 09:38:04.744121397 -0500
+@@ -87,7 +87,6 @@
+ .create_input_stream();
+ AnyInputStream aIS = AccessController
+ .doPrivileged(new PrivilegedAction<AnyInputStream>() {
+- @Override
+ public AnyInputStream run() {
+ return new AnyInputStream(
+ (com.sun.corba.se.impl.encoding.EncapsInputStream) is);
+diff -ruN openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/presentation/rmi/StubFactoryFactoryProxyImpl.java openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/presentation/rmi/StubFactoryFactoryProxyImpl.java
+--- openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/presentation/rmi/StubFactoryFactoryProxyImpl.java 2014-01-10 16:24:28.000000000 -0500
++++ openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/presentation/rmi/StubFactoryFactoryProxyImpl.java 2014-01-14 09:38:22.856141402 -0500
+@@ -38,7 +38,6 @@
+ {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<StubFactoryProxyImpl>() {
+- @Override
+ public StubFactoryProxyImpl run() {
+ return new StubFactoryProxyImpl(classData, classLoader);
+ }
+diff -ruN openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/protocol/SharedCDRClientRequestDispatcherImpl.java openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/protocol/SharedCDRClientRequestDispatcherImpl.java
+--- openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/protocol/SharedCDRClientRequestDispatcherImpl.java 2014-01-10 16:24:15.000000000 -0500
++++ openjdk-ecj/corba/src/share/classes/com/sun/corba/se/impl/protocol/SharedCDRClientRequestDispatcherImpl.java 2014-01-14 09:34:50.248822900 -0500
+@@ -163,7 +163,6 @@
+ final Message inMsg = cdrOutputObject.getMessageHeader();
+ CDRInputObject cdrInputObject = AccessController
+ .doPrivileged(new PrivilegedAction<CDRInputObject>() {
+- @Override
+ public CDRInputObject run() {
+ return new CDRInputObject(inOrb, null, inBuffer,
+ inMsg);
+@@ -206,7 +205,6 @@
+ final Message inMsg2 = cdrOutputObject.getMessageHeader();
+ cdrInputObject = AccessController
+ .doPrivileged(new PrivilegedAction<CDRInputObject>() {
+- @Override
+ public CDRInputObject run() {
+ return new CDRInputObject(inOrb2, null, inBuffer2,
+ inMsg2);
+diff -ruN openjdk-ecj/corba/src/share/classes/org/omg/CORBA_2_3/portable/InputStream.java openjdk-ecj/corba/src/share/classes/org/omg/CORBA_2_3/portable/InputStream.java
+--- openjdk-ecj/corba/src/share/classes/org/omg/CORBA_2_3/portable/InputStream.java 2014-01-10 16:24:15.000000000 -0500
++++ openjdk-ecj/corba/src/share/classes/org/omg/CORBA_2_3/portable/InputStream.java 2014-01-14 09:35:08.657861832 -0500
+@@ -52,7 +52,6 @@
+
+ private static final boolean allowSubclass = AccessController.doPrivileged(
+ new PrivilegedAction<Boolean>() {
+- @Override
+ public Boolean run() {
+ String prop = System.getProperty(ALLOW_SUBCLASS_PROP);
+ return prop == null ? false :
+diff -ruN openjdk-ecj/corba/src/share/classes/sun/corba/EncapsInputStreamFactory.java openjdk-ecj/corba/src/share/classes/sun/corba/EncapsInputStreamFactory.java
+--- openjdk-ecj/corba/src/share/classes/sun/corba/EncapsInputStreamFactory.java 2014-01-10 16:24:15.000000000 -0500
++++ openjdk-ecj/corba/src/share/classes/sun/corba/EncapsInputStreamFactory.java 2014-01-14 09:34:21.846755388 -0500
+@@ -44,7 +44,6 @@
+ final boolean littleEndian, final GIOPVersion version) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<EncapsInputStream>() {
+- @Override
+ public EncapsInputStream run() {
+ return new EncapsInputStream(orb, buf, size,
+ littleEndian, version);
+@@ -58,7 +57,6 @@
+ final GIOPVersion version) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<EncapsInputStream>() {
+- @Override
+ public EncapsInputStream run() {
+ return new EncapsInputStream(orb, byteBuffer, size,
+ littleEndian, version);
+@@ -70,7 +68,6 @@
+ final org.omg.CORBA.ORB orb, final byte[] data, final int size) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<EncapsInputStream>() {
+- @Override
+ public EncapsInputStream run() {
+ return new EncapsInputStream(orb, data, size);
+ }
+@@ -81,7 +78,6 @@
+ final EncapsInputStream eis) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<EncapsInputStream>() {
+- @Override
+ public EncapsInputStream run() {
+ return new EncapsInputStream(eis);
+ }
+@@ -93,7 +89,6 @@
+ final GIOPVersion version) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<EncapsInputStream>() {
+- @Override
+ public EncapsInputStream run() {
+ return new EncapsInputStream(orb, data, size, version);
+ }
+@@ -105,7 +100,6 @@
+ final GIOPVersion version, final CodeBase codeBase) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<EncapsInputStream>() {
+- @Override
+ public EncapsInputStream run() {
+ return new EncapsInputStream(orb, data, size, version,
+ codeBase);
+@@ -118,7 +112,6 @@
+ final boolean littleEndian, final GIOPVersion version) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<TypeCodeInputStream>() {
+- @Override
+ public TypeCodeInputStream run() {
+ return new TypeCodeInputStream(orb, buf, size,
+ littleEndian, version);
+@@ -132,7 +125,6 @@
+ final GIOPVersion version) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<TypeCodeInputStream>() {
+- @Override
+ public TypeCodeInputStream run() {
+ return new TypeCodeInputStream(orb, byteBuffer, size,
+ littleEndian, version);
+@@ -144,7 +136,6 @@
+ final org.omg.CORBA.ORB orb, final byte[] data, final int size) {
+ return AccessController
+ .doPrivileged(new PrivilegedAction<TypeCodeInputStream>() {
+- @Override
+ public TypeCodeInputStream run() {
+ return new TypeCodeInputStream(orb, data, size);
+ }
+diff -ruN openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/tools/internal/jxc/model/nav/APTNavigator.java openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/tools/internal/jxc/model/nav/APTNavigator.java
+--- openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/tools/internal/jxc/model/nav/APTNavigator.java 2014-01-13 11:30:44.000000000 -0500
++++ openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/tools/internal/jxc/model/nav/APTNavigator.java 2014-01-14 09:55:36.216424718 -0500
+@@ -272,7 +272,6 @@
+ return clazz.getPackage().getQualifiedName();
+ }
+
+- @Override
+ public TypeDeclaration loadObjectFactory(TypeDeclaration referencePoint, String packageName) {
+ return env.getTypeDeclaration(packageName + ".ObjectFactory");
+ }
+diff -ruN openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/tools/internal/xjc/model/nav/NavigatorImpl.java openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/tools/internal/xjc/model/nav/NavigatorImpl.java
+--- openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/tools/internal/xjc/model/nav/NavigatorImpl.java 2014-01-13 11:30:44.000000000 -0500
++++ openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/tools/internal/xjc/model/nav/NavigatorImpl.java 2014-01-14 09:55:54.141449331 -0500
+@@ -299,7 +299,6 @@
+ throw new UnsupportedOperationException();
+ }
+
+- @Override
+ public NClass loadObjectFactory(NClass referencePoint, String pkg) {
+ throw new UnsupportedOperationException();
+ }
+diff -ruN openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/bind/v2/model/nav/ReflectionNavigator.java openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/bind/v2/model/nav/ReflectionNavigator.java
+--- openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/bind/v2/model/nav/ReflectionNavigator.java 2014-01-13 11:30:44.000000000 -0500
++++ openjdk-ecj/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/bind/v2/model/nav/ReflectionNavigator.java 2014-01-14 09:56:08.879470090 -0500
+@@ -507,7 +507,6 @@
+ else return name.substring(0,idx);
+ }
+
+- @Override
+ public Class loadObjectFactory(Class referencePoint, String pkg) {
+ String clName = pkg + ".ObjectFactory";
+ checkPackageAccess(clName);
diff -r 6901d30f4321 -r a3249839270a patches/nss-not-enabled-config.patch
--- a/patches/nss-not-enabled-config.patch Wed Nov 13 03:58:58 2013 +0000
+++ b/patches/nss-not-enabled-config.patch Wed Jan 15 12:52:12 2014 -0500
@@ -1,5 +1,5 @@
---- openjdk.orig/jdk/src/share/lib/security/java.security 2009-08-25 11:43:59.000000000 +0100
-+++ openjdk/jdk/src/share/lib/security/java.security 2009-08-27 14:23:54.000000000 +0100
+--- openjdk.orig/jdk/src/share/lib/security/java.security-linux 2009-08-25 11:43:59.000000000 +0100
++++ openjdk/jdk/src/share/lib/security/java.security-linux 2009-08-27 14:23:54.000000000 +0100
@@ -51,6 +51,10 @@
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
diff -r 6901d30f4321 -r a3249839270a patches/security/20140114/6995424-deprecated_dependency.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20140114/6995424-deprecated_dependency.patch Wed Jan 15 12:52:12 2014 -0500
@@ -0,0 +1,180 @@
+# HG changeset patch
+# User mullan
+# Date 1290438967 18000
+# Mon Nov 22 10:16:07 2010 -0500
+# Node ID 951db417fc3c96a7c8bf1bec1c3e4fe699b28926
+# Parent bf284d2db0081df959bede4e5dd318e9b342aac8
+6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile
+Reviewed-by: mchung
+
+diff -Nru openjdk/jdk/src/share/classes/javax/security/auth/Policy.java openjdk/jdk/src/share/classes/javax/security/auth/Policy.java
+--- openjdk/jdk/src/share/classes/javax/security/auth/Policy.java
++++ openjdk/jdk/src/share/classes/javax/security/auth/Policy.java
+@@ -25,6 +25,9 @@
+
+ package javax.security.auth;
+
++import java.security.Security;
++import sun.security.util.Debug;
++
+ /**
+ * <p> This is an abstract class for representing the system policy for
+ * Subject-based authorization. A subclass implementation
+@@ -159,6 +162,10 @@
+ private static Policy policy;
+ private static ClassLoader contextClassLoader;
+
++ // true if a custom (not com.sun.security.auth.PolicyFile) system-wide
++ // policy object is set
++ private static boolean isCustomPolicy;
++
+ static {
+ contextClassLoader = java.security.AccessController.doPrivileged
+ (new java.security.PrivilegedAction<ClassLoader>() {
+@@ -234,6 +241,8 @@
+ contextClassLoader).newInstance();
+ }
+ });
++ isCustomPolicy =
++ !finalClass.equals("com.sun.security.auth.PolicyFile");
+ } catch (Exception e) {
+ throw new SecurityException
+ (sun.security.util.ResourcesMgr.getString
+@@ -265,6 +274,46 @@
+ java.lang.SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
+ Policy.policy = policy;
++ // all non-null policy objects are assumed to be custom
++ isCustomPolicy = policy != null ? true : false;
++ }
++
++ /**
++ * Returns true if a custom (not com.sun.security.auth.PolicyFile)
++ * system-wide policy object has been set or installed. This method is
++ * called by SubjectDomainCombiner to provide backwards compatibility for
++ * developers that provide their own javax.security.auth.Policy
++ * implementations.
++ *
++ * @return true if a custom (not com.sun.security.auth.PolicyFile)
++ * system-wide policy object has been set; false otherwise
++ */
++ static boolean isCustomPolicySet(Debug debug) {
++ if (policy != null) {
++ if (debug != null && isCustomPolicy) {
++ debug.println("Providing backwards compatibility for " +
++ "javax.security.auth.policy implementation: " +
++ policy.toString());
++ }
++ return isCustomPolicy;
++ }
++ // check if custom policy has been set using auth.policy.provider prop
++ String policyClass = java.security.AccessController.doPrivileged
++ (new java.security.PrivilegedAction<String>() {
++ public String run() {
++ return Security.getProperty("auth.policy.provider");
++ }
++ });
++ if (policyClass != null
++ && !policyClass.equals("com.sun.security.auth.PolicyFile")) {
++ if (debug != null) {
++ debug.println("Providing backwards compatibility for " +
++ "javax.security.auth.policy implementation: " +
++ policyClass);
++ }
++ return true;
++ }
++ return false;
+ }
+
+ /**
+diff -Nru openjdk/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java openjdk/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java
+--- openjdk/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java
++++ openjdk/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -26,8 +26,6 @@
+ package javax.security.auth;
+
+ import java.security.AccessController;
+-import java.security.AccessControlContext;
+-import java.security.AllPermission;
+ import java.security.Permission;
+ import java.security.Permissions;
+ import java.security.PermissionCollection;
+@@ -35,10 +33,8 @@
+ import java.security.Principal;
+ import java.security.PrivilegedAction;
+ import java.security.ProtectionDomain;
+-import java.lang.ClassLoader;
+ import java.security.Security;
+ import java.util.Set;
+-import java.util.Iterator;
+ import java.util.WeakHashMap;
+ import java.lang.ref.WeakReference;
+
+@@ -61,7 +57,8 @@
+ "\t[SubjectDomainCombiner]");
+
+ // Note: check only at classloading time, not dynamically during combine()
+- private static final boolean useJavaxPolicy = compatPolicy();
++ private static final boolean useJavaxPolicy =
++ javax.security.auth.Policy.isCustomPolicySet(debug);
+
+ // Relevant only when useJavaxPolicy is true
+ private static final boolean allowCaching =
+@@ -202,8 +199,8 @@
+ return null;
+ }
+
+- // maintain backwards compatibility for people who provide
+- // their own javax.security.auth.Policy implementations
++ // maintain backwards compatibility for developers who provide
++ // their own custom javax.security.auth.Policy implementations
+ if (useJavaxPolicy) {
+ return combineJavaxPolicy(currentDomains, assignedDomains);
+ }
+@@ -476,8 +473,7 @@
+ String s = AccessController.doPrivileged
+ (new PrivilegedAction<String>() {
+ public String run() {
+- return java.security.Security.getProperty
+- ("cache.auth.policy");
++ return Security.getProperty("cache.auth.policy");
+ }
+ });
+ if (s != null) {
+@@ -488,29 +484,6 @@
+ return true;
+ }
+
+- // maintain backwards compatibility for people who provide
+- // their own javax.security.auth.Policy implementations
+- private static boolean compatPolicy() {
+- javax.security.auth.Policy javaxPolicy = AccessController.doPrivileged
+- (new PrivilegedAction<javax.security.auth.Policy>() {
+- public javax.security.auth.Policy run() {
+- return javax.security.auth.Policy.getPolicy();
+- }
+- });
+-
+- if (!(javaxPolicy instanceof com.sun.security.auth.PolicyFile)) {
+- if (debug != null) {
+- debug.println("Providing backwards compatibility for " +
+- "javax.security.auth.policy implementation: " +
+- javaxPolicy.toString());
+- }
More information about the distro-pkg-dev
mailing list