/hg/icedtea8-forest/jdk: 6 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Fri Apr 1 07:29:06 UTC 2016
changeset 1531a5b2cc4f in /hg/icedtea8-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea8-forest/jdk?cmd=changeset;node=1531a5b2cc4f
author: sgehwolf
date: Wed Nov 04 11:34:27 2015 +0100
6425769, PR2859: Allow specifying an address to bind JMX remote connector
Reviewed-by: jbachorik, dfuchs
changeset 7a3a5517effc in /hg/icedtea8-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea8-forest/jdk?cmd=changeset;node=7a3a5517effc
author: jbachorik
date: Mon Jan 04 10:07:08 2016 +0100
8145982, PR2859: JMXInterfaceBindingTest is failing intermittently
Reviewed-by: chegar, sgehwolf, olagneau
changeset 2ebaea63abb4 in /hg/icedtea8-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea8-forest/jdk?cmd=changeset;node=2ebaea63abb4
author: jbachorik
date: Fri Jan 29 13:35:06 2016 +0100
8146015, PR2859: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses
Reviewed-by: dfuchs, sspitsyn
changeset 139ec635c8ba in /hg/icedtea8-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea8-forest/jdk?cmd=changeset;node=139ec635c8ba
author: neugens
date: Fri Apr 01 04:32:30 2016 +0100
8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell
Summary: Use the overlay window rather than the root window when on a composite display.
changeset 6b81fd2227d1 in /hg/icedtea8-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea8-forest/jdk?cmd=changeset;node=6b81fd2227d1
author: andrew
date: Fri Apr 01 05:33:37 2016 +0100
PR2869: Revert CRC fix (S8000650) backported as part of PR2462
changeset 3334efeacd83 in /hg/icedtea8-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea8-forest/jdk?cmd=changeset;node=3334efeacd83
author: andrew
date: Fri Apr 01 06:04:05 2016 +0100
PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
diffstat:
make/lib/Awt2dLibraries.gmk | 2 +-
src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java | 212 ++++++-
src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java | 19 +-
src/share/classes/sun/security/tools/KeyStoreUtil.java | 11 +-
src/share/lib/management/management.properties | 13 +
src/share/native/com/sun/java/util/jar/pack/main.cpp | 26 +-
src/share/native/com/sun/java/util/jar/pack/unpack.h | 1 -
src/share/native/com/sun/java/util/jar/pack/zip.cpp | 2 -
src/solaris/native/sun/awt/awt_Robot.c | 33 +
test/sun/management/jmxremote/bootstrap/JMXAgentInterfaceBinding.java | 306 ++++++++++
test/sun/management/jmxremote/bootstrap/JMXInterfaceBindingTest.java | 259 ++++++++
test/tools/pack200/PackChecksum.java | 107 ---
12 files changed, 836 insertions(+), 155 deletions(-)
diffs (truncated from 1236 to 500 lines):
diff -r 9dc0eca5fa89 -r 3334efeacd83 make/lib/Awt2dLibraries.gmk
--- a/make/lib/Awt2dLibraries.gmk Wed Mar 30 05:54:40 2016 +0100
+++ b/make/lib/Awt2dLibraries.gmk Fri Apr 01 06:04:05 2016 +0100
@@ -618,7 +618,7 @@
XRSurfaceData.c \
XRBackendNative.c
- LIBAWT_XAWT_LDFLAGS_SUFFIX := $(LIBM) -lawt -lXext -lX11 -lXrender $(LIBDL) -lXtst -lXi -ljava -ljvm -lc
+ LIBAWT_XAWT_LDFLAGS_SUFFIX := $(LIBM) -lawt -lXext -lX11 -lXrender -lXcomposite $(LIBDL) -lXtst -lXi -ljava -ljvm -lc
ifeq ($(OPENJDK_TARGET_OS), linux)
# To match old build, add this to LDFLAGS instead of suffix.
diff -r 9dc0eca5fa89 -r 3334efeacd83 src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
--- a/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Wed Mar 30 05:54:40 2016 +0100
+++ b/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Fri Apr 01 06:04:05 2016 +0100
@@ -30,9 +30,12 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.io.Serializable;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.MalformedURLException;
+import java.net.Socket;
+import java.net.ServerSocket;
import java.net.UnknownHostException;
import java.rmi.NoSuchObjectException;
import java.rmi.Remote;
@@ -40,6 +43,7 @@
import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
+import java.rmi.server.RMISocketFactory;
import java.rmi.server.RemoteObject;
import java.rmi.server.UnicastRemoteObject;
import java.security.KeyStore;
@@ -60,6 +64,8 @@
import javax.management.remote.rmi.RMIConnectorServer;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
@@ -107,6 +113,8 @@
public static final String PORT =
"com.sun.management.jmxremote.port";
+ public static final String HOST =
+ "com.sun.management.jmxremote.host";
public static final String RMI_PORT =
"com.sun.management.jmxremote.rmi.port";
public static final String CONFIG_FILE_NAME =
@@ -424,10 +432,14 @@
checkAccessFile(accessFileName);
}
+ final String bindAddress =
+ props.getProperty(PropertyNames.HOST);
+
if (log.debugOn()) {
log.debug("startRemoteConnectorServer",
Agent.getText("jmxremote.ConnectorBootstrap.starting") +
"\n\t" + PropertyNames.PORT + "=" + port +
+ (bindAddress == null ? "" : "\n\t" + PropertyNames.HOST + "=" + bindAddress) +
"\n\t" + PropertyNames.RMI_PORT + "=" + rmiPort +
"\n\t" + PropertyNames.USE_SSL + "=" + useSsl +
"\n\t" + PropertyNames.USE_REGISTRY_SSL + "=" + useRegistrySsl +
@@ -458,7 +470,7 @@
sslConfigFileName, enabledCipherSuitesList,
enabledProtocolsList, sslNeedClientAuth,
useAuthentication, loginConfigName,
- passwordFileName, accessFileName);
+ passwordFileName, accessFileName, bindAddress);
cs = data.jmxConnectorServer;
url = data.jmxRemoteURL;
log.config("startRemoteConnectorServer",
@@ -628,12 +640,13 @@
String sslConfigFileName,
String[] enabledCipherSuites,
String[] enabledProtocols,
- boolean sslNeedClientAuth) {
+ boolean sslNeedClientAuth,
+ String bindAddress) {
if (sslConfigFileName == null) {
- return new SslRMIServerSocketFactory(
+ return new HostAwareSslSocketFactory(
enabledCipherSuites,
enabledProtocols,
- sslNeedClientAuth);
+ sslNeedClientAuth, bindAddress);
} else {
checkRestrictedFile(sslConfigFileName);
try {
@@ -687,11 +700,11 @@
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
- return new SslRMIServerSocketFactory(
+ return new HostAwareSslSocketFactory(
ctx,
enabledCipherSuites,
enabledProtocols,
- sslNeedClientAuth);
+ sslNeedClientAuth, bindAddress);
} catch (Exception e) {
throw new AgentConfigurationError(AGENT_EXCEPTION, e, e.toString());
}
@@ -711,7 +724,8 @@
boolean useAuthentication,
String loginConfigName,
String passwordFileName,
- String accessFileName)
+ String accessFileName,
+ String bindAddress)
throws IOException, MalformedURLException {
/* Make sure we use non-guessable RMI object IDs. Otherwise
@@ -719,7 +733,7 @@
* IDs. */
System.setProperty("java.rmi.server.randomIDs", "true");
- JMXServiceURL url = new JMXServiceURL("rmi", null, rmiPort);
+ JMXServiceURL url = new JMXServiceURL("rmi", bindAddress, rmiPort);
Map<String, Object> env = new HashMap<>();
@@ -727,6 +741,8 @@
env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
+ boolean useSocketFactory = bindAddress != null && !useSsl;
+
if (useAuthentication) {
if (loginConfigName != null) {
env.put("jmx.remote.x.login.config", loginConfigName);
@@ -751,7 +767,7 @@
csf = new SslRMIClientSocketFactory();
ssf = createSslRMIServerSocketFactory(
sslConfigFileName, enabledCipherSuites,
- enabledProtocols, sslNeedClientAuth);
+ enabledProtocols, sslNeedClientAuth, bindAddress);
}
if (useSsl) {
@@ -761,6 +777,12 @@
ssf);
}
+ if (useSocketFactory) {
+ ssf = new HostAwareSocketFactory(bindAddress);
+ env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE,
+ ssf);
+ }
+
JMXConnectorServer connServer = null;
try {
connServer =
@@ -780,6 +802,10 @@
registry =
new SingleEntryRegistry(port, csf, ssf,
"jmxrmi", exporter.firstExported);
+ } else if (useSocketFactory) {
+ registry =
+ new SingleEntryRegistry(port, csf, ssf,
+ "jmxrmi", exporter.firstExported);
} else {
registry =
new SingleEntryRegistry(port,
@@ -813,4 +839,172 @@
private static final ClassLogger log =
new ClassLogger(ConnectorBootstrap.class.getPackage().getName(),
"ConnectorBootstrap");
+
+ private static class HostAwareSocketFactory implements RMIServerSocketFactory {
+
+ private final String bindAddress;
+
+ private HostAwareSocketFactory(String bindAddress) {
+ this.bindAddress = bindAddress;
+ }
+
+ @Override
+ public ServerSocket createServerSocket(int port) throws IOException {
+ if (bindAddress == null) {
+ return new ServerSocket(port);
+ } else {
+ try {
+ InetAddress addr = InetAddress.getByName(bindAddress);
+ return new ServerSocket(port, 0, addr);
+ } catch (UnknownHostException e) {
+ return new ServerSocket(port);
+ }
+ }
+ }
+ }
+
+ private static class HostAwareSslSocketFactory extends SslRMIServerSocketFactory {
+
+ private final String bindAddress;
+ private final String[] enabledCipherSuites;
+ private final String[] enabledProtocols;
+ private final boolean needClientAuth;
+ private final SSLContext context;
+
+ private HostAwareSslSocketFactory(String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean sslNeedClientAuth,
+ String bindAddress) throws IllegalArgumentException {
+ this(null, enabledCipherSuites, enabledProtocols, sslNeedClientAuth, bindAddress);
+ }
+
+ private HostAwareSslSocketFactory(SSLContext ctx,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean sslNeedClientAuth,
+ String bindAddress) throws IllegalArgumentException {
+ this.context = ctx;
+ this.bindAddress = bindAddress;
+ this.enabledProtocols = enabledProtocols;
+ this.enabledCipherSuites = enabledCipherSuites;
+ this.needClientAuth = sslNeedClientAuth;
+ checkValues(ctx, enabledCipherSuites, enabledProtocols);
+ }
+
+ @Override
+ public ServerSocket createServerSocket(int port) throws IOException {
+ if (bindAddress != null) {
+ try {
+ InetAddress addr = InetAddress.getByName(bindAddress);
+ return new SslServerSocket(port, 0, addr, context,
+ enabledCipherSuites, enabledProtocols, needClientAuth);
+ } catch (UnknownHostException e) {
+ return new SslServerSocket(port, context,
+ enabledCipherSuites, enabledProtocols, needClientAuth);
+ }
+ } else {
+ return new SslServerSocket(port, context,
+ enabledCipherSuites, enabledProtocols, needClientAuth);
+ }
+ }
+
+ private static void checkValues(SSLContext context,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols) throws IllegalArgumentException {
+ // Force the initialization of the default at construction time,
+ // rather than delaying it to the first time createServerSocket()
+ // is called.
+ //
+ final SSLSocketFactory sslSocketFactory =
+ context == null ?
+ (SSLSocketFactory)SSLSocketFactory.getDefault() : context.getSocketFactory();
+ SSLSocket sslSocket = null;
+ if (enabledCipherSuites != null || enabledProtocols != null) {
+ try {
+ sslSocket = (SSLSocket) sslSocketFactory.createSocket();
+ } catch (Exception e) {
+ final String msg = "Unable to check if the cipher suites " +
+ "and protocols to enable are supported";
+ throw (IllegalArgumentException)
+ new IllegalArgumentException(msg).initCause(e);
+ }
+ }
+
+ // Check if all the cipher suites and protocol versions to enable
+ // are supported by the underlying SSL/TLS implementation and if
+ // true create lists from arrays.
+ //
+ if (enabledCipherSuites != null) {
+ sslSocket.setEnabledCipherSuites(enabledCipherSuites);
+ }
+ if (enabledProtocols != null) {
+ sslSocket.setEnabledProtocols(enabledProtocols);
+ }
+ }
+ }
+
+ private static class SslServerSocket extends ServerSocket {
+
+ private static SSLSocketFactory defaultSSLSocketFactory;
+ private final String[] enabledCipherSuites;
+ private final String[] enabledProtocols;
+ private final boolean needClientAuth;
+ private final SSLContext context;
+
+ private SslServerSocket(int port,
+ SSLContext ctx,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean needClientAuth) throws IOException {
+ super(port);
+ this.enabledProtocols = enabledProtocols;
+ this.enabledCipherSuites = enabledCipherSuites;
+ this.needClientAuth = needClientAuth;
+ this.context = ctx;
+ }
+
+ private SslServerSocket(int port,
+ int backlog,
+ InetAddress bindAddr,
+ SSLContext ctx,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean needClientAuth) throws IOException {
+ super(port, backlog, bindAddr);
+ this.enabledProtocols = enabledProtocols;
+ this.enabledCipherSuites = enabledCipherSuites;
+ this.needClientAuth = needClientAuth;
+ this.context = ctx;
+ }
+
+ @Override
+ public Socket accept() throws IOException {
+ final SSLSocketFactory sslSocketFactory =
+ context == null ?
+ getDefaultSSLSocketFactory() : context.getSocketFactory();
+ Socket socket = super.accept();
+ SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
+ socket, socket.getInetAddress().getHostName(),
+ socket.getPort(), true);
+ sslSocket.setUseClientMode(false);
+ if (enabledCipherSuites != null) {
+ sslSocket.setEnabledCipherSuites(enabledCipherSuites);
+ }
+ if (enabledProtocols != null) {
+ sslSocket.setEnabledProtocols(enabledProtocols);
+ }
+ sslSocket.setNeedClientAuth(needClientAuth);
+ return sslSocket;
+ }
+
+ private static synchronized SSLSocketFactory getDefaultSSLSocketFactory() {
+ if (defaultSSLSocketFactory == null) {
+ defaultSSLSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
+ return defaultSSLSocketFactory;
+ } else {
+ return defaultSSLSocketFactory;
+ }
+ }
+
+ }
}
diff -r 9dc0eca5fa89 -r 3334efeacd83 src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
--- a/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java Wed Mar 30 05:54:40 2016 +0100
+++ b/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java Fri Apr 01 06:04:05 2016 +0100
@@ -174,15 +174,20 @@
storeFile = new File(storeFileName);
fis = getFileInputStream(storeFile);
} else {
- String javaHome = props.get("javaHome");
- storeFile = new File(javaHome + sep + "lib" + sep
- + "security" + sep +
- "jssecacerts");
+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
+ storeFile = new File(sep + "etc" + sep + "pki" + sep
+ + "java" + sep + "cacerts");
if ((fis = getFileInputStream(storeFile)) == null) {
+ String javaHome = props.get("javaHome");
storeFile = new File(javaHome + sep + "lib" + sep
- + "security" + sep +
- "cacerts");
- fis = getFileInputStream(storeFile);
+ + "security" + sep +
+ "jssecacerts");
+ if ((fis = getFileInputStream(storeFile)) == null) {
+ storeFile = new File(javaHome + sep + "lib" + sep
+ + "security" + sep +
+ "cacerts");
+ fis = getFileInputStream(storeFile);
+ }
}
}
diff -r 9dc0eca5fa89 -r 3334efeacd83 src/share/classes/sun/security/tools/KeyStoreUtil.java
--- a/src/share/classes/sun/security/tools/KeyStoreUtil.java Wed Mar 30 05:54:40 2016 +0100
+++ b/src/share/classes/sun/security/tools/KeyStoreUtil.java Fri Apr 01 06:04:05 2016 +0100
@@ -87,9 +87,14 @@
throws Exception
{
String sep = File.separator;
- File file = new File(System.getProperty("java.home") + sep
- + "lib" + sep + "security" + sep
- + "cacerts");
+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
+ File file = new File(sep + "etc" + sep + "pki" + sep
+ + "java" + sep + "cacerts");
+ if (!file.exists()) {
+ file = new File(System.getProperty("java.home") + sep
+ + "lib" + sep + "security" + sep
+ + "cacerts");
+ }
if (!file.exists()) {
return null;
}
diff -r 9dc0eca5fa89 -r 3334efeacd83 src/share/lib/management/management.properties
--- a/src/share/lib/management/management.properties Wed Mar 30 05:54:40 2016 +0100
+++ b/src/share/lib/management/management.properties Fri Apr 01 06:04:05 2016 +0100
@@ -316,3 +316,16 @@
# For a non-default password file location use the following line
# com.sun.management.jmxremote.access.file=filepath
+#
+
+# ################ Management agent listen interface #########################
+#
+# com.sun.management.jmxremote.host=<host-or-interface-name>
+# Specifies the local interface on which the JMX RMI agent will bind.
+# This is useful when running on machines which have several
+# interfaces defined. It makes it possible to listen to a specific
+# subnet accessible through that interface.
+#
+# The format of the value for that property is any string accepted
+# by java.net.InetAddress.getByName(String).
+#
diff -r 9dc0eca5fa89 -r 3334efeacd83 src/share/native/com/sun/java/util/jar/pack/main.cpp
--- a/src/share/native/com/sun/java/util/jar/pack/main.cpp Wed Mar 30 05:54:40 2016 +0100
+++ b/src/share/native/com/sun/java/util/jar/pack/main.cpp Fri Apr 01 06:04:05 2016 +0100
@@ -62,13 +62,6 @@
return unpacker::run(argc, argv);
}
-// Dealing with big-endian arch
-#ifdef _BIG_ENDIAN
-#define SWAP_INT(a) (((a>>24)&0xff) | ((a<<8)&0xff0000) | ((a>>8)&0xff00) | ((a<<24)&0xff000000))
-#else
-#define SWAP_INT(a) (a)
-#endif
-
// Single-threaded, implementation, not reentrant.
// Includes a weak error check against MT access.
#ifndef THREAD_SELF
@@ -389,7 +382,6 @@
u.start();
}
} else {
- u.gzcrc = 0;
u.start(peek, sizeof(peek));
}
@@ -430,23 +422,7 @@
status = 1;
}
- if (!u.aborting() && u.infileptr != null) {
- if (u.gzcrc != 0) {
- // Read the CRC information from the gzip container
- fseek(u.infileptr, -8, SEEK_END);
- uint filecrc;
- fread(&filecrc, sizeof(filecrc), 1, u.infileptr);
- if (u.gzcrc != SWAP_INT(filecrc)) { // CRC error
- if (strcmp(destination_file, "-") != 0) {
- // Output is not stdout, remove it, it's broken
- if (u.jarout != null)
- u.jarout->closeJarFile(false);
- remove(destination_file);
- }
- // Print out the error and exit with return code != 0
- u.abort("CRC error, invalid compressed data.");
- }
- }
+ if (u.infileptr != null) {
fclose(u.infileptr);
u.infileptr = null;
}
diff -r 9dc0eca5fa89 -r 3334efeacd83 src/share/native/com/sun/java/util/jar/pack/unpack.h
--- a/src/share/native/com/sun/java/util/jar/pack/unpack.h Wed Mar 30 05:54:40 2016 +0100
+++ b/src/share/native/com/sun/java/util/jar/pack/unpack.h Fri Apr 01 06:04:05 2016 +0100
@@ -171,7 +171,6 @@
bytes inbytes; // direct
gunzip* gzin; // gunzip filter, if any
jar* jarout; // output JAR file
- uint gzcrc; // CRC gathered from gzip content
#ifndef PRODUCT
int nowrite;
diff -r 9dc0eca5fa89 -r 3334efeacd83 src/share/native/com/sun/java/util/jar/pack/zip.cpp
--- a/src/share/native/com/sun/java/util/jar/pack/zip.cpp Wed Mar 30 05:54:40 2016 +0100
+++ b/src/share/native/com/sun/java/util/jar/pack/zip.cpp Fri Apr 01 06:04:05 2016 +0100
@@ -551,7 +551,6 @@
break;
}
int nr = readlen - zs.avail_out;
- u->gzcrc = crc32(u->gzcrc, (const unsigned char *)bufptr, nr);
numread += nr;
bufptr += nr;
assert(numread <= maxlen);
@@ -590,7 +589,6 @@
zstream = NEW(z_stream, 1);
u->gzin = this;
u->read_input_fn = read_input_via_gzip;
- u->gzcrc = crc32(0, Z_NULL, 0);
}
void gunzip::start(int magic) {
diff -r 9dc0eca5fa89 -r 3334efeacd83 src/solaris/native/sun/awt/awt_Robot.c
--- a/src/solaris/native/sun/awt/awt_Robot.c Wed Mar 30 05:54:40 2016 +0100
+++ b/src/solaris/native/sun/awt/awt_Robot.c Fri Apr 01 06:04:05 2016 +0100
@@ -38,6 +38,7 @@
#include <X11/extensions/XTest.h>
More information about the distro-pkg-dev
mailing list