/hg/icedtea7-forest/jdk: 5 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Jun 9 16:35:55 UTC 2015
changeset 871094d6431a in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=871094d6431a
author: robm
date: Mon Apr 27 17:17:07 2015 +0100
6991580, PR2308: IPv6 Nameservers in resolv.conf throws NumberFormatException
Reviewed-by: michaelm, andrew, alanb, rriggs
Contributed-by: sgehwolf at redhat.com
changeset 78da0280399f in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=78da0280399f
author: prr
date: Wed Jun 03 15:52:40 2015 +0100
8078654, PR2333: CloseTTFontFileFunc callback should be removed
Reviewed-by: prr, martin
changeset 728458b19b51 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=728458b19b51
author: robm
date: Mon Mar 23 17:05:01 2015 +0000
8072385, PR2387: Only the first DNSName entry is checked for endpoint identification
Reviewed-by: xuelei
changeset d17bcae64927 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=d17bcae64927
author: andrew
date: Mon Jun 08 20:56:16 2015 +0100
Bump to icedtea-2.6.0pre22
changeset 41c1f4403827 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=41c1f4403827
author: andrew
date: Tue Jun 09 17:32:54 2015 +0100
Added tag icedtea-2.6pre22 for changeset d17bcae64927
diffstat:
.hgtags | 1 +
make/jdk_generic_profile.sh | 2 +-
src/share/classes/sun/security/ssl/ClientHandshaker.java | 107 +++++++--
src/share/native/sun/font/freetypeScaler.c | 16 +-
src/solaris/classes/sun/net/dns/ResolverConfigurationImpl.java | 9 +
test/com/sun/jndi/dns/IPv6NameserverPlatformParsingTest.java | 104 +++++++++
6 files changed, 193 insertions(+), 46 deletions(-)
diffs (318 lines):
diff -r 4d9d165a8e7c -r 41c1f4403827 .hgtags
--- a/.hgtags Fri May 01 01:27:36 2015 +0100
+++ b/.hgtags Tue Jun 09 17:32:54 2015 +0100
@@ -589,3 +589,4 @@
29fdd3e4a4321604f113df9573b9d4d215cf1b1d icedtea-2.6pre19
95e2e973f2708306632792991502a86907a8e2ca icedtea-2.6pre20
533e9029af3503d09a95b70abb4c21ca3fc9ac89 icedtea-2.6pre21
+d17bcae64927f33e6e7e0e6132c62a7bf523dbc3 icedtea-2.6pre22
diff -r 4d9d165a8e7c -r 41c1f4403827 make/jdk_generic_profile.sh
--- a/make/jdk_generic_profile.sh Fri May 01 01:27:36 2015 +0100
+++ b/make/jdk_generic_profile.sh Tue Jun 09 17:32:54 2015 +0100
@@ -655,7 +655,7 @@
# IcedTea versioning
export ICEDTEA_NAME="IcedTea"
-export PACKAGE_VERSION="2.6.0pre21"
+export PACKAGE_VERSION="2.6.0pre22"
export DERIVATIVE_ID="${ICEDTEA_NAME} ${PACKAGE_VERSION}"
echo "Building ${DERIVATIVE_ID}"
diff -r 4d9d165a8e7c -r 41c1f4403827 src/share/classes/sun/security/ssl/ClientHandshaker.java
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Fri May 01 01:27:36 2015 +0100
+++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Tue Jun 09 17:32:54 2015 +0100
@@ -62,6 +62,10 @@
*/
final class ClientHandshaker extends Handshaker {
+ // constants for subject alt names of type DNS and IP
+ private final static int ALTNAME_DNS = 2;
+ private final static int ALTNAME_IP = 7;
+
// the server's public key from its certificate.
private PublicKey serverKey;
@@ -1466,20 +1470,49 @@
return true;
}
- // check the iPAddress field in subjectAltName extension
- Object thisIPAddress = getSubjectAltName(thisCert, 7); // 7: iPAddress
- Object prevIPAddress = getSubjectAltName(prevCert, 7);
- if (thisIPAddress != null && prevIPAddress!= null) {
- // only allow the exactly match
- return Objects.equals(thisIPAddress, prevIPAddress);
+ // check subject alternative names
+ Collection<List<?>> thisSubjectAltNames = null;
+ try {
+ thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
+ } catch (CertificateParsingException cpe) {
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "Attempt to obtain subjectAltNames extension failed!");
+ }
}
- // check the dNSName field in subjectAltName extension
- Object thisDNSName = getSubjectAltName(thisCert, 2); // 2: dNSName
- Object prevDNSName = getSubjectAltName(prevCert, 2);
- if (thisDNSName != null && prevDNSName!= null) {
- // only allow the exactly match
- return Objects.equals(thisDNSName, prevDNSName);
+ Collection<List<?>> prevSubjectAltNames = null;
+ try {
+ prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
+ } catch (CertificateParsingException cpe) {
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "Attempt to obtain subjectAltNames extension failed!");
+ }
+ }
+
+ if ((thisSubjectAltNames != null) && (prevSubjectAltNames != null)) {
+ // check the iPAddress field in subjectAltName extension
+ Collection<String> thisSubAltIPAddrs =
+ getSubjectAltNames(thisSubjectAltNames, ALTNAME_IP);
+ Collection<String> prevSubAltIPAddrs =
+ getSubjectAltNames(prevSubjectAltNames, ALTNAME_IP);
+ if ((thisSubAltIPAddrs != null) && (prevSubAltIPAddrs != null) &&
+ (isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs))) {
+
+ return true;
+ }
+
+ // check the dNSName field in subjectAltName extension
+ Collection<String> thisSubAltDnsNames =
+ getSubjectAltNames(thisSubjectAltNames, ALTNAME_DNS);
+ Collection<String> prevSubAltDnsNames =
+ getSubjectAltNames(prevSubjectAltNames, ALTNAME_DNS);
+ if ((thisSubAltDnsNames != null) && (prevSubAltDnsNames != null) &&
+ (isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames))) {
+
+ return true;
+ }
}
// check the certificate subject and issuer
@@ -1500,29 +1533,43 @@
/*
* Returns the subject alternative name of the specified type in the
* subjectAltNames extension of a certificate.
+ *
+ * Note that only those subjectAltName types that use String data
+ * should be passed into this function.
*/
- private static Object getSubjectAltName(X509Certificate cert, int type) {
- Collection<List<?>> subjectAltNames;
+ private static Collection<String> getSubjectAltNames(
+ Collection<List<?>> subjectAltNames, int type) {
- try {
- subjectAltNames = cert.getSubjectAlternativeNames();
- } catch (CertificateParsingException cpe) {
- if (debug != null && Debug.isOn("handshake")) {
- System.out.println(
- "Attempt to obtain subjectAltNames extension failed!");
- }
- return null;
- }
-
- if (subjectAltNames != null) {
- for (List<?> subjectAltName : subjectAltNames) {
- int subjectAltNameType = (Integer)subjectAltName.get(0);
- if (subjectAltNameType == type) {
- return subjectAltName.get(1);
+ HashSet<String> subAltDnsNames = null;
+ for (List<?> subjectAltName : subjectAltNames) {
+ int subjectAltNameType = (Integer)subjectAltName.get(0);
+ if (subjectAltNameType == type) {
+ String subAltDnsName = (String)subjectAltName.get(1);
+ if ((subAltDnsName != null) && !subAltDnsName.isEmpty()) {
+ if (subAltDnsNames == null) {
+ subAltDnsNames =
+ new HashSet<>(subjectAltNames.size());
+ }
+ subAltDnsNames.add(subAltDnsName);
}
}
}
- return null;
+ return subAltDnsNames;
+ }
+
+ private static boolean isEquivalent(Collection<String> thisSubAltNames,
+ Collection<String> prevSubAltNames) {
+
+ for (String thisSubAltName : thisSubAltNames) {
+ for (String prevSubAltName : prevSubAltNames) {
+ // Only allow the exactly match. Check no wildcard character.
+ if (thisSubAltName.equalsIgnoreCase(prevSubAltName)) {
+ return true;
+ }
+ }
+ }
+
+ return false;
}
}
diff -r 4d9d165a8e7c -r 41c1f4403827 src/share/native/sun/font/freetypeScaler.c
--- a/src/share/native/sun/font/freetypeScaler.c Fri May 01 01:27:36 2015 +0100
+++ b/src/share/native/sun/font/freetypeScaler.c Tue Jun 09 17:32:54 2015 +0100
@@ -151,20 +151,6 @@
#define FILEDATACACHESIZE 1024
-/* NB: is it ever called? */
-static void CloseTTFontFileFunc(FT_Stream stream) {
- FTScalerInfo *scalerInfo = (FTScalerInfo *) stream->pathname.pointer;
- JNIEnv* env = scalerInfo->env;
- jclass tmpClass = (*env)->FindClass(env, "sun/font/TrueTypeFont");
- jfieldID platNameField =
- (*env)->GetFieldID(env, tmpClass, "platName", "Ljava/lang/String;");
- jstring platName = (*env)->GetObjectField(env,
- scalerInfo->font2D,
- platNameField);
- const char *name = JNU_GetStringPlatformChars(env, platName, NULL);
- JNU_ReleaseStringPlatformChars(env, platName, name);
-}
-
static unsigned long ReadTTFontFileFunc(FT_Stream stream,
unsigned long offset,
unsigned char* destBuffer,
@@ -309,7 +295,7 @@
ftstream->size = filesize;
ftstream->pos = 0;
ftstream->read = (FT_Stream_IoFunc) ReadTTFontFileFunc;
- ftstream->close = (FT_Stream_CloseFunc) CloseTTFontFileFunc;
+ ftstream->close = NULL;
ftstream->pathname.pointer = (void *) scalerInfo;
memset(&ft_open_args, 0, sizeof(FT_Open_Args));
diff -r 4d9d165a8e7c -r 41c1f4403827 src/solaris/classes/sun/net/dns/ResolverConfigurationImpl.java
--- a/src/solaris/classes/sun/net/dns/ResolverConfigurationImpl.java Fri May 01 01:27:36 2015 +0100
+++ b/src/solaris/classes/sun/net/dns/ResolverConfigurationImpl.java Tue Jun 09 17:32:54 2015 +0100
@@ -85,6 +85,15 @@
if (val.charAt(0) == '#' || val.charAt(0) == ';') {
break;
}
+ if ("nameserver".equals(keyword)) {
+ if (val.indexOf(':') >= 0 &&
+ val.indexOf('.') < 0 && // skip for IPv4 literals with port
+ val.indexOf('[') < 0 &&
+ val.indexOf(']') < 0 ) {
+ // IPv6 literal, in non-BSD-style.
+ val = "[" + val + "]";
+ }
+ }
ll.add(val);
if (--maxvalues == 0) {
break;
diff -r 4d9d165a8e7c -r 41c1f4403827 test/com/sun/jndi/dns/IPv6NameserverPlatformParsingTest.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/jndi/dns/IPv6NameserverPlatformParsingTest.java Tue Jun 09 17:32:54 2015 +0100
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2015, Red Hat, Inc.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.lang.reflect.Field;
+import java.util.Hashtable;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.spi.NamingManager;
+
+import com.sun.jndi.dns.DnsContext;
+
+/**
+ * @test
+ * @bug 6991580
+ * @summary IPv6 Nameservers in resolv.conf throws NumberFormatException
+ * @run main/manual IPv6NameserverPlatformParsingTest
+ *
+ * In order to run this test be sure to place, for example, the following
+ * snippet into your platform's {@code /etc/resolv.conf}:
+ * <pre>
+ * nameserver 127.0.0.1
+ * nameserver 2001:4860:4860::8888
+ * nameserver [::1]:5353
+ * nameserver 127.0.0.1:5353
+ * </pre>
+ *
+ * Then, run this test as manual jtreg test.
+ *
+ * @author Severin Gehwolf
+ *
+ */
+public class IPv6NameserverPlatformParsingTest {
+
+ private static boolean foundIPv6 = false;
+
+ public static void main(String[] args) {
+ Hashtable<String, String> env = new Hashtable<>();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.dns.DnsContextFactory.class.getName());
+
+ String[] servers;
+ try {
+ Context ctx = NamingManager.getInitialContext(env);
+ if (!com.sun.jndi.dns.DnsContextFactory.platformServersAvailable()) {
+ throw new RuntimeException("FAIL: no platform servers available, test does not make sense");
+ }
+ DnsContext context = (DnsContext)ctx;
+ servers = getServersFromContext(context);
+ } catch (NamingException e) {
+ throw new RuntimeException(e);
+ }
+ for (String server: servers) {
+ System.out.println("DEBUG: 'nameserver = " + server + "'");
+ if (server.indexOf(':') >= 0 && server.indexOf('.') < 0) {
+ System.out.println("DEBUG: ==> Found IPv6 address in servers list: " + server);
+ foundIPv6 = true;
+ }
+ }
+ try {
+ new com.sun.jndi.dns.DnsClient(servers, 100, 1);
+ } catch (NumberFormatException e) {
+ throw new RuntimeException("FAIL: Tried to parse non-[]-encapsulated IPv6 address.", e);
+ } catch (Exception e) {
+ throw new RuntimeException("ERROR: Something unexpected happened.");
+ }
+ if (!foundIPv6) {
+ // This is a manual test, since it requires changing /etc/resolv.conf on Linux/Unix
+ // platforms. See comment as to how to run this test.
+ throw new RuntimeException("ERROR: No IPv6 address returned from platform.");
+ }
+ System.out.println("PASS: Found IPv6 address and DnsClient parsed it correctly.");
+ }
+
+ private static String[] getServersFromContext(DnsContext context) {
+ try {
+ Field serversField = DnsContext.class.getDeclaredField("servers");
+ serversField.setAccessible(true);
+ return (String[])serversField.get(context);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+}
More information about the distro-pkg-dev
mailing list