IcedTea 2.5.3: Avian, JamVM, Cacao: Implement JVM_FindClassFromCaller OpenJDK 8015256: Better class accessibility
Xerxes Rånby
xerxes at zafena.se
Mon Oct 27 08:58:41 UTC 2014
Den 2014-10-20 22:30, Matthias Klose skrev:
>
> - Did you try to build/run these with
> the IcedTea 2.5.3 update? At least Cacao and JamVM fail.
>
>
I received the IcedTea 2.5.3 security update during the week and indeed
all alternative JVM broke.
http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-for-openjdk-7-released/
The OpenJDK source tree revealed the following information:
8015256: Better class accessibility
Summary: Improve protection domain check in forName()
http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/61d1e75e0a58
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/16cd2826a58f
JVM_FindClassFromCaller appears to work quite similar to
JVM_FindClassFromClassLoader with the twist that the protection domain
that belongs to the caller class argument shall be used during the
lookup of the class. But there is no specification or unit-test in
OpenJDK documenting the desired effect, if someone have a specification
or test at hand for how JVM_FindClassFromCaller "security" shall behave
then i would like to see it.
I spent some time yesterday looking into it and have filed patches to
Avian, JamVM and Cacao upstream to make the JVM's compatible with the
"security" update.
Pull request links and commits below:
JamVM: http://sourceforge.net/p/jamvm/mailman/message/32972760/
https://github.com/xranby/jamvm/commit/81f280b4fad847bc393ee4732c23aae9adccb327
CACAO JVM:
https://bitbucket.org/cacaovm/cacao-staging/pull-request/147/implement-jvm_findclassfromcaller-openjdk/
https://bitbucket.org/xranby/cacao-staging/commits/ec6bd33b3e927738d1353e6e639e76f74d55635f
Avian: https://github.com/ReadyTalk/avian/pull/360
https://github.com/xranby/avian/commit/2e5990a6b0c35934b99a0a776762fab8f643599b
Cheers
Xerxes
More information about the distro-pkg-dev
mailing list