/hg/icedtea-web: 2 new changesets
jvanek at icedtea.classpath.org
jvanek at icedtea.classpath.org
Mon Jul 20 12:20:13 UTC 2015
changeset 26be3170e944 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=26be3170e944
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Jul 20 12:59:57 2015 +0200
Fixed download service
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (fillInPartJars) for-each loop replaced by indexed loop to prevent ConcurrentModificationException
* tests/reproducers/signed/DownloadService/testcases/DownloadServiceTest.java: small refactoring in favour of diamond operator
changeset 44f4568a01aa in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=44f4568a01aa
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Jul 20 14:15:07 2015 +0200
Tuned permissions attribute behavior for unsigned jnlps
* netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java: permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
* tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java: Failing tests of (javawsAllPermNoSecurity) (javawsAppletAllPermNoSecurity) with bug comment got removed this comment and are now passing
* tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java Failing tests of (javawsAllPermNoSecurity) (javawsAppletAllPermNoSecurity) with bug comment got removed this comment and are now passing
diffstat:
ChangeLog | 21 ++++++++++
NEWS | 1 +
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 5 +-
netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java | 6 +-
tests/reproducers/signed/DownloadService/testcases/DownloadServiceTest.java | 8 +-
tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java | 2 -
tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java | 2 -
7 files changed, 33 insertions(+), 12 deletions(-)
diffs (129 lines):
diff -r 90be136f00b7 -r 44f4568a01aa ChangeLog
--- a/ChangeLog Thu Jul 16 12:03:45 2015 +0200
+++ b/ChangeLog Mon Jul 20 14:15:07 2015 +0200
@@ -1,3 +1,24 @@
+2015-07-20 Jiri Vanek <jvanek at redhat.com>
+
+ Tuned permissions attribute behavior for unsigned jnlps
+ * netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java:
+ permissions sandbox and signed app and unsigned app with permissions all-permissions
+ now run in sandbox instead of not at all.
+ * tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java:
+ Failing tests of (javawsAllPermNoSecurity) (javawsAppletAllPermNoSecurity)
+ with bug comment got removed this comment and are now passing
+ * tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java
+ Failing tests of (javawsAllPermNoSecurity) (javawsAppletAllPermNoSecurity)
+ with bug comment got removed this comment and are now passing
+
+2015-07-20 Jiri Vanek <jvanek at redhat.com>
+
+ Fixed download service
+ * /netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (fillInPartJars)
+ for-each loop replaced by indexed loop to prevent ConcurrentModificationException
+ * tests/reproducers/signed/DownloadService/testcases/DownloadServiceTest.java:
+ small refactoring in favour of diamond operator
+
2015-07-16 Jiri Vanek <jvanek at redhat.com>
Fixing various reproducers
diff -r 90be136f00b7 -r 44f4568a01aa NEWS
--- a/NEWS Thu Jul 16 12:03:45 2015 +0200
+++ b/NEWS Mon Jul 20 14:15:07 2015 +0200
@@ -9,6 +9,7 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release 1.7 (2015-XX-XX):
+* fixed DownloadService
* comments in deployment.properties now should persists load/save
* fixed bug in caching of files with query
* fixed issues with recreating of existing shortcut
diff -r 90be136f00b7 -r 44f4568a01aa netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Jul 16 12:03:45 2015 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Mon Jul 20 14:15:07 2015 +0200
@@ -1204,8 +1204,9 @@
* @param jars jar archives to be added
*/
protected void fillInPartJars(List<JARDesc> jars) {
- for (JARDesc desc : jars) {
- String part = desc.getPart();
+ //can not use iterator, will rise ConcurrentModificationException on jars.add(jar);
+ for (int x = 0 ; x< jars.size() ; x++) {
+ String part = jars.get(x).getPart();
// "available" field can be affected by two different threads
// working in loadClass(String)
diff -r 90be136f00b7 -r 44f4568a01aa netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java
--- a/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java Thu Jul 16 12:03:45 2015 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java Mon Jul 20 14:15:07 2015 +0200
@@ -295,10 +295,12 @@
} else { // JNLP
if (isNoneOrDefault(requestedPermissions)) {
if (sandboxForced == ManifestBoolean.TRUE && signing != SigningState.NONE) {
- throw new LaunchException("The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. This is fatal.");
+ OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. Forcing sandbox.");
+ securityDelegate.setRunInSandbox();
}
if (sandboxForced == ManifestBoolean.FALSE && signing == SigningState.NONE) {
- throw new LaunchException("The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. This is fatal.");
+ OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. Forcing sandbox.");
+ securityDelegate.setRunInSandbox();
}
}
}
diff -r 90be136f00b7 -r 44f4568a01aa tests/reproducers/signed/DownloadService/testcases/DownloadServiceTest.java
--- a/tests/reproducers/signed/DownloadService/testcases/DownloadServiceTest.java Thu Jul 16 12:03:45 2015 +0200
+++ b/tests/reproducers/signed/DownloadService/testcases/DownloadServiceTest.java Mon Jul 20 14:15:07 2015 +0200
@@ -48,11 +48,11 @@
import org.junit.Test;
public class DownloadServiceTest {
- private static ServerAccess server = new ServerAccess();
+ private static final ServerAccess server = new ServerAccess();
private final String exitString = "Exiting DownloadService..";
- private static List<String> checkCache = new ArrayList<String>();
- private static List<String> manageJnlpResources = new ArrayList<String>();
- private static List<String> manageExternalResources = new ArrayList<String>();
+ private static final List<String> checkCache = new ArrayList<>();
+ private static final List<String> manageJnlpResources = new ArrayList<>();
+ private static final List<String> manageExternalResources = new ArrayList<>();
@BeforeClass
public static void initalizeClass() throws MalformedURLException {
diff -r 90be136f00b7 -r 44f4568a01aa tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java
--- a/tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java Thu Jul 16 12:03:45 2015 +0200
+++ b/tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java Mon Jul 20 14:15:07 2015 +0200
@@ -75,7 +75,6 @@
@Test
//no security dialog
//should run in snadbox (jnlp dont have all-permnissions)
- //dont run at all. BUG!
public void javawsAllPermNoSecurity() throws Exception{
ProcessResult p = server.executeJavawsHeadless("SandboxSignedSandbox.jnlp");
Assert.assertTrue(p.stdout.contains(confirmation));
@@ -95,7 +94,6 @@
@Test
//no security dialog
//should run in snadbox (jnlp dont have all-permnissions)
- //dont run at all. BUG!
public void javawsAppletAllPermNoSecurity() throws Exception{
ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}),"SandboxSignedSandbox_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
Assert.assertTrue(p.stdout.contains(confirmation));
diff -r 90be136f00b7 -r 44f4568a01aa tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java
--- a/tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java Thu Jul 16 12:03:45 2015 +0200
+++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java Mon Jul 20 14:15:07 2015 +0200
@@ -71,7 +71,6 @@
}
@Test
- //bug, should run in sandbox, see appletAllPermAllSecurity
public void javawsAllPermNoSecurity() throws Exception {
ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedAllPerm.jnlp");
Assert.assertTrue(p.stdout.contains(confirmation));
@@ -88,7 +87,6 @@
}
@Test
- //bug, should run in sandbox, see appletAllPermAllSecurity
public void javawsAppletAllPermNoSecurity() throws Exception {
ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}), "SandboxUnsignedAllPerm_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener());
Assert.assertTrue(p.stdout.contains(confirmation));
More information about the distro-pkg-dev
mailing list