/hg/release/icedtea7-2.5: 6 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Thu Jan 22 01:27:54 UTC 2015
changeset 4795a4f25e49 in /hg/release/icedtea7-2.5
details: http://icedtea.classpath.org/hg/release/icedtea7-2.5?cmd=changeset;node=4795a4f25e49
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Tue Jan 06 20:30:58 2015 +0000
Fix RH bug reference in 2.5.3 release notes.
2015-01-06 Andrew John Hughes <gnu.andrew at member.fsf.org>
* NEWS:
Fix RH bug reference in 2.5.3 release notes.
changeset bf9210d67acb in /hg/release/icedtea7-2.5
details: http://icedtea.classpath.org/hg/release/icedtea7-2.5?cmd=changeset;node=bf9210d67acb
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Wed Jan 21 18:17:25 2015 +0000
PR2064: Unset OS before running OpenJDK build
2015-01-06 Andrew John Hughes <gnu.andrew at member.fsf.org>
PR2064: Unset OS before running OpenJDK build
* Makefile.am:
(ICEDTEA_UNSET): Introduce variable to
store unsetting of environment variables.
(ICEDTEA_ENV): Move JAVAC, JAVA_HOME and
JDK_HOME to ICEDTEA_UNSET.
(icedtea): Unset variables prior to running
$(MAKE).
(icedtea-debug): Likewise.
(icedtea-boot): Likewise.
* NEWS: Updated.
changeset b08e78ab545a in /hg/release/icedtea7-2.5
details: http://icedtea.classpath.org/hg/release/icedtea7-2.5?cmd=changeset;node=b08e78ab545a
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Wed Jan 21 18:20:42 2015 +0000
PR2161: RHEL 6 has a version of GIO which meets the version criteria, but has no g_settings_*
2015-01-07 Andrew John Hughes <gnu.andrew at member.fsf.org>
PR2161: RHEL 6 has a version of GIO which meets
the version criteria, but has no g_settings_*
* NEWS: Updated.
* acinclude.m4:
(IT_CHECK_FOR_GIO): Replace version test with
a check for g_settings_new.
changeset 17332a8545d8 in /hg/release/icedtea7-2.5
details: http://icedtea.classpath.org/hg/release/icedtea7-2.5?cmd=changeset;node=17332a8545d8
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Thu Jan 22 00:19:21 2015 +0000
PR2050: JamVM lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
2015-01-07 Andrew John Hughes <gnu.andrew at member.fsf.org>
PR2050: JamVM lacks JVM_FindClassFromCaller introduced
by security patch in 2.5.3
* Makefile.am:
(ICEDTEA_PATCHES): Add new patch when building
JamVM.
(EXTRA_DIST): Include patches from JamVM directory.
* NEWS: Updated.
* patches/jamvm/find_class_from_caller.patch:
Backport JamVM patch to implement FindClassFromCaller.
changeset 885a6e1730a8 in /hg/release/icedtea7-2.5
details: http://icedtea.classpath.org/hg/release/icedtea7-2.5?cmd=changeset;node=885a6e1730a8
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Thu Jan 22 00:51:01 2015 +0000
PR2171: JamVM builds with executable stack, causing failures on SELinux & PaX kernels
2011-08-15 Pavel Tisnovsky <ptisnovs at redhat.com>
PR2171: JamVM builds with executable stack,
causing failures on SELinux & PaX kernels
* Makefile.am:
(jamvm): Added LDFLAGS for JamVM
to fix the SELinux executable flag issue.
changeset 45ac6cd7aae2 in /hg/release/icedtea7-2.5
details: http://icedtea.classpath.org/hg/release/icedtea7-2.5?cmd=changeset;node=45ac6cd7aae2
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Thu Jan 22 01:27:39 2015 +0000
PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
2014-10-29 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patch for CACAO
builds.
* NEWS: Updated.
* patches/cacao/pr2032.patch:
Implement JVM_FindClassFromCaller as same
as JVM_FindClassFromClassLoader for now.
diffstat:
ChangeLog | 58 ++++++++++++++
Makefile.am | 25 ++++-
NEWS | 13 ++-
acinclude.m4 | 11 +-
patches/cacao/pr2032.patch | 75 ++++++++++++++++++
patches/jamvm/pr2050-find_class_from_caller.patch | 93 +++++++++++++++++++++++
6 files changed, 261 insertions(+), 14 deletions(-)
diffs (390 lines):
diff -r 5ecf54fa7dcd -r 45ac6cd7aae2 ChangeLog
--- a/ChangeLog Wed Jan 21 03:46:59 2015 +0000
+++ b/ChangeLog Thu Jan 22 01:27:39 2015 +0000
@@ -1,3 +1,61 @@
+2014-10-29 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add new patch for CACAO
+ builds.
+ * NEWS: Updated.
+ * patches/cacao/pr2032.patch:
+ Implement JVM_FindClassFromCaller as same
+ as JVM_FindClassFromClassLoader for now.
+
+2011-08-15 Pavel Tisnovsky <ptisnovs at redhat.com>
+
+ PR2171: JamVM builds with executable stack,
+ causing failures on SELinux & PaX kernels
+ * Makefile.am:
+ (jamvm): Added LDFLAGS for JamVM
+ to fix the SELinux executable flag issue.
+
+2015-01-07 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ PR2050: JamVM lacks JVM_FindClassFromCaller introduced
+ by security patch in 2.5.3
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add new patch when building
+ JamVM.
+ (EXTRA_DIST): Include patches from JamVM directory.
+ * NEWS: Updated.
+ * patches/jamvm/find_class_from_caller.patch:
+ Backport JamVM patch to implement FindClassFromCaller.
+
+2015-01-07 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ PR2161: RHEL 6 has a version of GIO which meets
+ the version criteria, but has no g_settings_*
+ * NEWS: Updated.
+ * acinclude.m4:
+ (IT_CHECK_FOR_GIO): Replace version test with
+ a check for g_settings_new.
+
+2015-01-06 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ PR2064: Unset OS before running OpenJDK build
+ * Makefile.am:
+ (ICEDTEA_UNSET): Introduce variable to
+ store unsetting of environment variables.
+ (ICEDTEA_ENV): Move JAVAC, JAVA_HOME and
+ JDK_HOME to ICEDTEA_UNSET.
+ (icedtea): Unset variables prior to running
+ $(MAKE).
+ (icedtea-debug): Likewise.
+ (icedtea-boot): Likewise.
+ * NEWS: Updated.
+
+2015-01-06 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ * NEWS:
+ Fix RH bug reference in 2.5.3 release notes.
+
2015-01-20 Andrew John Hughes <gnu.andrew at member.fsf.org>
* Makefile.am:
diff -r 5ecf54fa7dcd -r 45ac6cd7aae2 Makefile.am
--- a/Makefile.am Wed Jan 21 03:46:59 2015 +0000
+++ b/Makefile.am Thu Jan 22 01:27:39 2015 +0000
@@ -255,7 +255,8 @@
ICEDTEA_PATCHES += \
patches/cacao/launcher.patch \
patches/cacao/memory.patch \
- patches/cacao/armhf.patch
+ patches/cacao/armhf.patch \
+ patches/cacao/pr2032.patch
else
if USING_CACAO
ICEDTEA_PATCHES += \
@@ -268,6 +269,11 @@
patches/cacao/ignore-tests.patch
endif
+if BUILD_JAMVM
+ICEDTEA_PATCHES += \
+ patches/jamvm/pr2050-find_class_from_caller.patch
+endif
+
if ENABLE_NSS
ICEDTEA_PATCHES += patches/nss-config.patch \
patches/rh1022017.patch
@@ -450,6 +456,12 @@
TEST_IN_BUILD=false
endif
+ICEDTEA_UNSET = \
+ JAVAC= \
+ JAVA_HOME= \
+ JDK_HOME= \
+ OS=
+
ICEDTEA_ENV = \
ALT_JDK_IMPORT_PATH="$(BOOT_DIR)" \
ANT="$(ANT)" \
@@ -480,9 +492,6 @@
FT2_LIBS="$(FREETYPE2_LIBS)" \
ALT_PARALLEL_COMPILE_JOBS="$(PARALLEL_JOBS)" \
HOTSPOT_BUILD_JOBS="$(PARALLEL_JOBS)" \
- JAVAC="" \
- JAVA_HOME="" \
- JDK_HOME="" \
QUIETLY="" \
ANT_RESPECT_JAVA_HOME="TRUE" \
DISTRIBUTION_ID="$(DIST_ID)" \
@@ -773,6 +782,7 @@
$(top_srcdir)/patches/boot/*.patch \
$(top_srcdir)/patches/cacao/*.patch \
$(top_srcdir)/patches/hotspot/*/*.patch \
+ $(top_srcdir)/patches/jamvm/*.patch \
tools-copy contrib overlays \
jconsole.desktop policytool.desktop \
$(JTREG_SRCS) HACKING autogen.sh \
@@ -1713,7 +1723,7 @@
stamps/icedtea.stamp: stamps/bootstrap-directory-symlink-stage2.stamp \
stamps/download.stamp stamps/extract.stamp $(OPENJDK_TREE) \
stamps/cacao.stamp stamps/rewrite-rhino.stamp stamps/jamvm.stamp
- $(ARCH_PREFIX) $(MAKE) -j1 \
+ $(ICEDTEA_UNSET) $(ARCH_PREFIX) $(MAKE) -j1 \
$(ICEDTEA_ENV) \
-C openjdk/ \
$(ICEDTEA_BUILD_TARGET)
@@ -1823,7 +1833,7 @@
stamps/icedtea-debug.stamp: stamps/bootstrap-directory-symlink-stage2.stamp \
stamps/download.stamp stamps/extract.stamp $(OPENJDK_TREE) \
stamps/cacao.stamp stamps/rewrite-rhino.stamp stamps/jamvm.stamp
- $(ARCH_PREFIX) $(MAKE) -j1 \
+ $(ICEDTEA_UNSET) $(ARCH_PREFIX) $(MAKE) -j1 \
$(ICEDTEA_ENV) \
-C openjdk/ \
$(ICEDTEA_DEBUG_BUILD_TARGET)
@@ -1953,7 +1963,7 @@
stamps/icedtea-boot.stamp: stamps/bootstrap-directory-symlink-stage1.stamp \
stamps/download.stamp $(OPENJDK_BOOT_TREE) stamps/cacao.stamp \
stamps/rewrite-rhino.stamp stamps/jamvm.stamp stamps/generated.stamp
- $(ARCH_PREFIX) $(MAKE) -j1 \
+ $(ICEDTEA_UNSET) $(ARCH_PREFIX) $(MAKE) -j1 \
$(ICEDTEA_ENV_BOOT) \
-C openjdk-boot \
$(ICEDTEA_BUILD_TARGET)
@@ -2138,6 +2148,7 @@
stamps/jamvm.stamp: $(OPENJDK_TREE) stamps/rt.stamp
if BUILD_JAMVM
cd jamvm/jamvm && \
+ LDFLAGS="-Xlinker -z -Xlinker noexecstack" \
./autogen.sh --with-java-runtime-library=openjdk7 \
--prefix=$(abs_top_builddir)/jamvm/install ; \
$(MAKE) ; \
diff -r 5ecf54fa7dcd -r 45ac6cd7aae2 NEWS
--- a/NEWS Wed Jan 21 03:46:59 2015 +0000
+++ b/NEWS Thu Jan 22 01:27:39 2015 +0000
@@ -103,11 +103,18 @@
- S8066747: Backing out Japanese translation change in awt_ja.properties
- S8067364, PR2145, RH114622: Printing to Postscript doesn't support dieresis
* Bug fixes
+ - PR2064: Unset OS before running OpenJDK build
- PR2069: Type-punning warnings still evident on RHEL 5
- PR2094, RH1163501: 2048-bit DH upper bound too small for Fedora infrastructure
- PR2123: SunEC provider crashes when built using system NSS
- PR2124: Synchronise elliptic curves in sun.security.ec.NamedCurve with those listed by NSS
- PR2135: Race condition in SunEC provider with system NSS
+ - PR2161: RHEL 6 has a version of GIO which meets the version criteria, but has no g_settings_*
+* CACAO
+ - PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
+* JamVM
+ - PR2050: JamVM lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
+ - PR2171: JamVM builds with executable stack, causing failures on SELinux & PaX kernels
New in release 2.5.3 (2014-10-14):
@@ -137,11 +144,11 @@
- S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
- S8044274, CVE-2014-6531: Proper property processing
* Backports
- - S4963723, RH1131221: Implement SHA-224
- - S7044060, RH1131221: Need to support NSA Suite B Cryptography algorithms
+ - S4963723, RH1145848: Implement SHA-224
+ - S7044060, RH1145848: Need to support NSA Suite B Cryptography algorithms
- S7122142: (ann) Race condition between isAnnotationPresent and getAnnotations
- S7160837: DigestOutputStream does not turn off digest calculation when "close()" is called
- - S8006935, RH1131221: Need to take care of long secret keys in HMAC/PRF compuation
+ - S8006935, RH1145848: Need to take care of long secret keys in HMAC/PRF compuation
- S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
- S8028192: Use of PKCS11-NSS provider in FIPS mode broken
- S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride
diff -r 5ecf54fa7dcd -r 45ac6cd7aae2 acinclude.m4
--- a/acinclude.m4 Wed Jan 21 03:46:59 2015 +0000
+++ b/acinclude.m4 Thu Jan 22 01:27:39 2015 +0000
@@ -2129,10 +2129,13 @@
AC_MSG_RESULT(${ENABLE_SYSTEM_GIO})
if test x"${ENABLE_SYSTEM_GIO}" = "xyes"; then
dnl Check for Gio+ headers and libraries.
- PKG_CHECK_MODULES(GIO, gio-2.0 >= 2.26,[GIO_FOUND=yes],[GIO_FOUND=no])
- if test "x${GIO_FOUND}" = xno
- then
- AC_MSG_ERROR([Could not find GIO >= 2.26; install GIO or build with --disable-system-gio to use the in-tree headers.])
+ PKG_CHECK_MODULES(GIO, gio-2.0,[GIO_FOUND=yes],[GIO_FOUND=no])
+ OLD_LIBS=${LIBS}
+ LIBS="${LIBS} ${GIO_LIBS}"
+ AC_CHECK_FUNC([g_settings_new],[GIO_FUNC_FOUND=yes],[GIO_FUNC_FOUND=no])
+ LIBS=${OLD_LIBS}
+ if test "x${GIO_FOUND}" = xno -o "x${GIO_FUNC_FOUND}" = xno; then
+ AC_MSG_ERROR([Could not find GIO; install GIO or build with --disable-system-gio to use the in-tree headers.])
fi
AC_SUBST(GIO_CFLAGS)
AC_SUBST(GIO_LIBS)
diff -r 5ecf54fa7dcd -r 45ac6cd7aae2 patches/cacao/pr2032.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/cacao/pr2032.patch Thu Jan 22 01:27:39 2015 +0000
@@ -0,0 +1,75 @@
+# HG changeset patch
+# User Xerxes RÃ¥nby <xerxes at gudinna.com>
+# Date 1414362363 -3600
+# Node ID ec6bd33b3e927738d1353e6e639e76f74d55635f
+# Parent ea3c9a40d975430d1e9dcb598bf25b4bd7aec4ca
+OpenJDK: Implement JVM_FindClassFromCaller
+
+8015256: Better class accessibility
+Summary: Improve protection domain check in forName()
+
+* contrib/mapfile-vers-product: Export said function.
+* src/native/vm/openjdk/jvm.cpp (JVM_FindClassFromCaller): Implement it.
+
+diff --git a/contrib/mapfile-vers-product b/contrib/mapfile-vers-product
+--- cacao/cacao/contrib/mapfile-vers-product
++++ cacao/cacao/contrib/mapfile-vers-product
+@@ -87,6 +87,7 @@
+ JVM_Exit;
+ JVM_FillInStackTrace;
+ JVM_FindClassFromBootLoader;
++ JVM_FindClassFromCaller;
+ JVM_FindClassFromClass;
+ JVM_FindClassFromClassLoader;
+ JVM_FindLibraryEntry;
+--- cacao/cacao/src/native/vm/openjdk/jvm.cpp.orig 2014-10-29 16:40:30.732305204 +0000
++++ cacao/cacao/src/native/vm/openjdk/jvm.cpp 2014-10-29 16:44:06.643292016 +0000
+@@ -684,6 +684,48 @@
+ }
+
+
++/* JVM_FindClassFromCaller
++ * Find a class from a given class loader. Throws ClassNotFoundException.
++ * name: name of class
++ * init: whether initialization is done
++ * loader: class loader to look up the class.
++ * This may not be the same as the caller's class loader.
++ * caller: initiating class. The initiating class may be null when a security
++ * manager is not installed.
++ *
++ * Find a class with this name in this loader,
++ * using the caller's "protection domain".
++ */
++
++jclass JVM_FindClassFromCaller(JNIEnv* env, const char* name, jboolean init, jobject loader, jclass caller)
++{
++ classinfo *c;
++ utf *u;
++ classloader_t *cl;
++
++ TRACEJVMCALLS(("JVM_FindClassFromCaller(name=%s, init=%d, loader=%p, caller=%p)", name, init, loader, caller));
++
++ u = utf_new_char(name);
++ cl = loader_hashtable_classloader_add((java_handle_t *) loader);
++
++ /* XXX The caller's protection domain should be used during
++ the load_class_from_classloader but there is no specification or
++ unit-test in OpenJDK documenting the desired effect */
++
++ c = load_class_from_classloader(u, cl);
++
++ if (c == NULL)
++ return NULL;
++
++ if (init)
++ if (!(c->state & CLASS_INITIALIZED))
++ if (!initialize_class(c))
++ return NULL;
++
++ return (jclass) LLNI_classinfo_wrap(c);
++}
++
++
+ /* JVM_FindClassFromClassLoader */
+
+ jclass JVM_FindClassFromClassLoader(JNIEnv* env, const char* name, jboolean init, jobject loader, jboolean throwError)
diff -r 5ecf54fa7dcd -r 45ac6cd7aae2 patches/jamvm/pr2050-find_class_from_caller.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/jamvm/pr2050-find_class_from_caller.patch Thu Jan 22 01:27:39 2015 +0000
@@ -0,0 +1,93 @@
+diff -Nru jamvm.old/src/classlib/openjdk/class.c jamvm/src/classlib/openjdk/class.c
+--- jamvm/jamvm.old/src/classlib/openjdk/class.c 2013-11-18 03:45:44.000000000 +0000
++++ jamvm/jamvm/src/classlib/openjdk/class.c 2015-01-07 16:14:57.599311159 +0000
+@@ -23,6 +23,7 @@
+ #include "jam.h"
+ #include "hash.h"
+ #include "class.h"
++#include "excep.h"
+ #include "symbol.h"
+
+ /* Cached offset of classes field in java.lang.ClassLoader objects */
+@@ -161,3 +162,24 @@
+
+ return strcat(strcpy(endorsed_dirs, java_home), "/lib/endorsed");
+ }
++
++Class *findClassFromLoader(char *name, int init, Object *loader,
++ int throw_error) {
++
++ Class *class = findClassFromClassLoader(name, loader);
++
++ if(class == NULL) {
++ if(!throw_error) {
++ Object *excep = exceptionOccurred();
++ char *dot_name = slash2DotsDup(name);
++
++ clearException();
++ signalChainedException(java_lang_ClassNotFoundException,
++ dot_name, excep);
++ sysFree(dot_name);
++ }
++ } else if(init)
++ initClass(class);
++
++ return class;
++}
+diff -Nru jamvm.old/src/classlib/openjdk/jvm.c jamvm/src/classlib/openjdk/jvm.c
+--- jamvm/jamvm.old/src/classlib/openjdk/jvm.c 2013-11-18 03:45:44.000000000 +0000
++++ jamvm/jamvm/src/classlib/openjdk/jvm.c 2015-01-07 16:16:43.560605105 +0000
+@@ -520,26 +520,22 @@
+ jclass JVM_FindClassFromClassLoader(JNIEnv *env, const char *name,
+ jboolean init, jobject loader,
+ jboolean throw_error) {
+- Class *class;
+
+ TRACE("JVM_FindClassFromClassLoader(env=%p, name=%s, init=%d, loader=%p,"
+ " throwError=%d)", env, name, init, loader, throwError);
+
+- class = findClassFromClassLoader((char *)name, loader);
++ return findClassFromLoader((char *)name, init, loader, throw_error);
++}
++
++/* JVM_FindClassFromCaller */
++
++jclass JVM_FindClassFromCaller(JNIEnv *env, const char *name, jboolean init,
++ jobject loader, jclass caller) {
+
+- if(class == NULL && !throw_error) {
+- Object *excep = exceptionOccurred();
+- char *dot_name = slash2DotsDup((char*)name);
+-
+- clearException();
+- signalChainedException(java_lang_ClassNotFoundException,
+- dot_name, excep);
+- sysFree(dot_name);
+- } else
+- if(init)
+- initClass(class);
++ TRACE("JVM_FindClassFromCaller(env=%p, name=%s, init=%d, loader=%p,"
++ " caller=%p)", env, name, init, loader, caller);
+
+- return class;
++ return findClassFromLoader((char *)name, init, loader, FALSE);
+ }
+
+
+diff -Nru jamvm.old/src/classlib/openjdk/openjdk.h jamvm/src/classlib/openjdk/openjdk.h
+--- jamvm/jamvm.old/src/classlib/openjdk/openjdk.h 2013-11-18 03:45:44.000000000 +0000
++++ jamvm/jamvm/src/classlib/openjdk/openjdk.h 2015-01-07 16:14:57.599311159 +0000
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2010, 2011, 2013 Robert Lougher <rob at jamvm.org.uk>.
++ * Copyright (C) 2010, 2011, 2013, 2014 Robert Lougher <rob at jamvm.org.uk>.
+ *
+ * This file is part of JamVM.
+ *
+@@ -53,3 +53,6 @@
+ extern Object *resolveMemberName(Class *mh_class, Object *mname);
+
+ extern Object *getMethodParameters(Object *method);
++
++extern Class *findClassFromLoader(char *name, int init, Object *loader,
++ int throw_error);
More information about the distro-pkg-dev
mailing list