IcedTea 2.5.3: Avian, JamVM, Cacao: Implement JVM_FindClassFromCaller OpenJDK 8015256: Better class accessibility

Andrew Hughes gnu.andrew at redhat.com
Mon Oct 27 14:32:47 UTC 2014 

----- Original Message -----
> 
> Den 2014-10-20 22:30, Matthias Klose skrev:
> >
> >   - Did you try to build/run these with
> >     the IcedTea 2.5.3 update? At least Cacao and JamVM fail.
> >
> >
> 
> I received the IcedTea 2.5.3 security update during the week and indeed
> all alternative JVM broke.
> http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-for-openjdk-7-released/
> 
> The OpenJDK source tree revealed the following information:
> 8015256: Better class accessibility
> Summary: Improve protection domain check in forName()
> http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/61d1e75e0a58
> http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/16cd2826a58f
> 
> JVM_FindClassFromCaller appears to work quite similar to
> JVM_FindClassFromClassLoader with the twist that the protection domain
> that belongs to the caller class argument shall be used during the
> lookup of the class. But there is no specification or unit-test in
> OpenJDK documenting the desired effect, if someone have a specification
> or test at hand for how JVM_FindClassFromCaller "security" shall behave
> then i would like to see it.
> 
> 
> 
> I spent some time yesterday looking into it and have filed patches to
> Avian, JamVM and Cacao upstream to make the JVM's compatible with the
> "security" update.
> Pull request links and commits below:
> 
> JamVM: http://sourceforge.net/p/jamvm/mailman/message/32972760/
> https://github.com/xranby/jamvm/commit/81f280b4fad847bc393ee4732c23aae9adccb327
> 
> CACAO JVM:
> https://bitbucket.org/cacaovm/cacao-staging/pull-request/147/implement-jvm_findclassfromcaller-openjdk/
> https://bitbucket.org/xranby/cacao-staging/commits/ec6bd33b3e927738d1353e6e639e76f74d55635f
> 
> Avian: https://github.com/ReadyTalk/avian/pull/360
> https://github.com/xranby/avian/commit/2e5990a6b0c35934b99a0a776762fab8f643599b
> 
> Cheers
> Xerxes
> 

I mentioned this in reply to your previous post:

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-October/029916.html
-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07

More information about the distro-pkg-dev mailing list