/hg/icedtea7-forest/jdk: 8 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Fri Apr 15 16:55:43 UTC 2016
changeset a3ee39e80fe2 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=a3ee39e80fe2
author: andrew
date: Wed Mar 23 21:27:34 2016 +0000
8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions
Reviewed-by: alanb
changeset 7f896649cfb6 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=7f896649cfb6
author: vinnie
date: Fri Oct 03 16:17:36 2014 +0100
8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
Reviewed-by: mullan
changeset 713b03464164 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=713b03464164
author: neugens
date: Fri Feb 27 15:50:03 2015 +0100
8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically
Summary: JMenu miscalculates the position of the Popup origin when on multiple monitors stacked vertically
Reviewed-by: alexsch
changeset d0202e909a15 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=d0202e909a15
author: sgehwolf
date: Wed Nov 04 11:34:27 2015 +0100
6425769, PR2858: Allow specifying an address to bind JMX remote connector
Reviewed-by: jbachorik, dfuchs
changeset cfdc4211e7cc in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=cfdc4211e7cc
author: jbachorik
date: Mon Jan 04 10:07:08 2016 +0100
8145982, PR2858: JMXInterfaceBindingTest is failing intermittently
Reviewed-by: chegar, sgehwolf, olagneau
changeset c850c5110aff in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=c850c5110aff
author: jbachorik
date: Fri Jan 29 13:35:06 2016 +0100
8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses
Reviewed-by: dfuchs, sspitsyn
changeset a8a1f3433cf6 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=a8a1f3433cf6
author: andrew
date: Wed Mar 23 23:46:58 2016 +0000
8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell
Summary: Use the overlay window rather than the root window when on a composite display.
changeset 3fc5cbcd46dd in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=3fc5cbcd46dd
author: andrew
date: Fri Apr 15 05:02:05 2016 +0100
PR2889: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
diffstat:
make/sun/xawt/Makefile | 2 +-
src/share/classes/javax/swing/JMenu.java | 3 +-
src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java | 212 ++++++-
src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java | 19 +-
src/share/lib/management/management.properties | 13 +
src/share/native/sun/security/ec/ECC_JNI.cpp | 43 +-
src/solaris/native/sun/awt/awt_Robot.c | 33 +
test/javax/swing/JMenu/8071705/bug8071705.java | 207 ++++++
test/sun/management/jmxremote/bootstrap/JMXAgentInterfaceBinding.java | 306 ++++++++++
test/sun/management/jmxremote/bootstrap/JMXInterfaceBindingTest.java | 267 ++++++++
10 files changed, 1082 insertions(+), 23 deletions(-)
diffs (truncated from 1380 to 500 lines):
diff -r 8d5899114117 -r 3fc5cbcd46dd make/sun/xawt/Makefile
--- a/make/sun/xawt/Makefile Wed Jan 27 04:21:22 2016 +0000
+++ b/make/sun/xawt/Makefile Fri Apr 15 05:02:05 2016 +0100
@@ -125,7 +125,7 @@
vpath %.c $(PLATFORM_SRC)/native/common/deps/fontconfig2
endif
-OTHER_LDLIBS = $(LIBM) -lawt -lXext -lX11 -lXrender $(LIBDL) \
+OTHER_LDLIBS = $(LIBM) -lawt -lXext -lX11 -lXrender -lXcomposite $(LIBDL) \
$(LDFLAGS_COMMON) $(AWT_RUNPATH) $(OTHER_LDFLAGS) -lXtst -lXi
ifeq ($(SYSTEM_CUPS), true)
diff -r 8d5899114117 -r 3fc5cbcd46dd src/share/classes/javax/swing/JMenu.java
--- a/src/share/classes/javax/swing/JMenu.java Wed Jan 27 04:21:22 2016 +0000
+++ b/src/share/classes/javax/swing/JMenu.java Fri Apr 15 05:02:05 2016 +0100
@@ -481,7 +481,8 @@
}
// Then the y:
y = s.height + yOffset; // Prefer dropping down
- if (position.y + y + pmSize.height >= screenBounds.height &&
+ if (position.y + y + pmSize.height >= screenBounds.height
+ + screenBounds.y &&
// popup doesn't fit - place it wherever there's more room
screenBounds.height - s.height < 2*(position.y
- screenBounds.y)) {
diff -r 8d5899114117 -r 3fc5cbcd46dd src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
--- a/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Wed Jan 27 04:21:22 2016 +0000
+++ b/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Fri Apr 15 05:02:05 2016 +0100
@@ -30,9 +30,12 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.io.Serializable;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.MalformedURLException;
+import java.net.Socket;
+import java.net.ServerSocket;
import java.net.UnknownHostException;
import java.rmi.NoSuchObjectException;
import java.rmi.Remote;
@@ -40,6 +43,7 @@
import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
+import java.rmi.server.RMISocketFactory;
import java.rmi.server.RemoteObject;
import java.rmi.server.UnicastRemoteObject;
import java.security.KeyStore;
@@ -60,6 +64,8 @@
import javax.management.remote.rmi.RMIConnectorServer;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
@@ -107,6 +113,8 @@
public static final String PORT =
"com.sun.management.jmxremote.port";
+ public static final String HOST =
+ "com.sun.management.jmxremote.host";
public static final String RMI_PORT =
"com.sun.management.jmxremote.rmi.port";
public static final String CONFIG_FILE_NAME =
@@ -425,10 +433,14 @@
checkAccessFile(accessFileName);
}
+ final String bindAddress =
+ props.getProperty(PropertyNames.HOST);
+
if (log.debugOn()) {
log.debug("startRemoteConnectorServer",
Agent.getText("jmxremote.ConnectorBootstrap.starting") +
"\n\t" + PropertyNames.PORT + "=" + port +
+ (bindAddress == null ? "" : "\n\t" + PropertyNames.HOST + "=" + bindAddress) +
"\n\t" + PropertyNames.RMI_PORT + "=" + rmiPort +
"\n\t" + PropertyNames.USE_SSL + "=" + useSsl +
"\n\t" + PropertyNames.USE_REGISTRY_SSL + "=" + useRegistrySsl +
@@ -459,7 +471,7 @@
sslConfigFileName, enabledCipherSuitesList,
enabledProtocolsList, sslNeedClientAuth,
useAuthentication, loginConfigName,
- passwordFileName, accessFileName);
+ passwordFileName, accessFileName, bindAddress);
cs = data.jmxConnectorServer;
url = data.jmxRemoteURL;
log.config("startRemoteConnectorServer",
@@ -629,12 +641,13 @@
String sslConfigFileName,
String[] enabledCipherSuites,
String[] enabledProtocols,
- boolean sslNeedClientAuth) {
+ boolean sslNeedClientAuth,
+ String bindAddress) {
if (sslConfigFileName == null) {
- return new SslRMIServerSocketFactory(
+ return new HostAwareSslSocketFactory(
enabledCipherSuites,
enabledProtocols,
- sslNeedClientAuth);
+ sslNeedClientAuth, bindAddress);
} else {
checkRestrictedFile(sslConfigFileName);
try {
@@ -697,11 +710,11 @@
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
- return new SslRMIServerSocketFactory(
+ return new HostAwareSslSocketFactory(
ctx,
enabledCipherSuites,
enabledProtocols,
- sslNeedClientAuth);
+ sslNeedClientAuth, bindAddress);
} catch (Exception e) {
throw new AgentConfigurationError(AGENT_EXCEPTION, e, e.toString());
}
@@ -721,7 +734,8 @@
boolean useAuthentication,
String loginConfigName,
String passwordFileName,
- String accessFileName)
+ String accessFileName,
+ String bindAddress)
throws IOException, MalformedURLException {
/* Make sure we use non-guessable RMI object IDs. Otherwise
@@ -729,7 +743,7 @@
* IDs. */
System.setProperty("java.rmi.server.randomIDs", "true");
- JMXServiceURL url = new JMXServiceURL("rmi", null, rmiPort);
+ JMXServiceURL url = new JMXServiceURL("rmi", bindAddress, rmiPort);
Map<String, Object> env = new HashMap<String, Object>();
@@ -737,6 +751,8 @@
env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
+ boolean useSocketFactory = bindAddress != null && !useSsl;
+
if (useAuthentication) {
if (loginConfigName != null) {
env.put("jmx.remote.x.login.config", loginConfigName);
@@ -761,7 +777,7 @@
csf = new SslRMIClientSocketFactory();
ssf = createSslRMIServerSocketFactory(
sslConfigFileName, enabledCipherSuites,
- enabledProtocols, sslNeedClientAuth);
+ enabledProtocols, sslNeedClientAuth, bindAddress);
}
if (useSsl) {
@@ -771,6 +787,12 @@
ssf);
}
+ if (useSocketFactory) {
+ ssf = new HostAwareSocketFactory(bindAddress);
+ env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE,
+ ssf);
+ }
+
JMXConnectorServer connServer = null;
try {
connServer =
@@ -790,6 +812,10 @@
registry =
new SingleEntryRegistry(port, csf, ssf,
"jmxrmi", exporter.firstExported);
+ } else if (useSocketFactory) {
+ registry =
+ new SingleEntryRegistry(port, csf, ssf,
+ "jmxrmi", exporter.firstExported);
} else {
registry =
new SingleEntryRegistry(port,
@@ -823,4 +849,172 @@
private static final ClassLogger log =
new ClassLogger(ConnectorBootstrap.class.getPackage().getName(),
"ConnectorBootstrap");
+
+ private static class HostAwareSocketFactory implements RMIServerSocketFactory {
+
+ private final String bindAddress;
+
+ private HostAwareSocketFactory(String bindAddress) {
+ this.bindAddress = bindAddress;
+ }
+
+ @Override
+ public ServerSocket createServerSocket(int port) throws IOException {
+ if (bindAddress == null) {
+ return new ServerSocket(port);
+ } else {
+ try {
+ InetAddress addr = InetAddress.getByName(bindAddress);
+ return new ServerSocket(port, 0, addr);
+ } catch (UnknownHostException e) {
+ return new ServerSocket(port);
+ }
+ }
+ }
+ }
+
+ private static class HostAwareSslSocketFactory extends SslRMIServerSocketFactory {
+
+ private final String bindAddress;
+ private final String[] enabledCipherSuites;
+ private final String[] enabledProtocols;
+ private final boolean needClientAuth;
+ private final SSLContext context;
+
+ private HostAwareSslSocketFactory(String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean sslNeedClientAuth,
+ String bindAddress) throws IllegalArgumentException {
+ this(null, enabledCipherSuites, enabledProtocols, sslNeedClientAuth, bindAddress);
+ }
+
+ private HostAwareSslSocketFactory(SSLContext ctx,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean sslNeedClientAuth,
+ String bindAddress) throws IllegalArgumentException {
+ this.context = ctx;
+ this.bindAddress = bindAddress;
+ this.enabledProtocols = enabledProtocols;
+ this.enabledCipherSuites = enabledCipherSuites;
+ this.needClientAuth = sslNeedClientAuth;
+ checkValues(ctx, enabledCipherSuites, enabledProtocols);
+ }
+
+ @Override
+ public ServerSocket createServerSocket(int port) throws IOException {
+ if (bindAddress != null) {
+ try {
+ InetAddress addr = InetAddress.getByName(bindAddress);
+ return new SslServerSocket(port, 0, addr, context,
+ enabledCipherSuites, enabledProtocols, needClientAuth);
+ } catch (UnknownHostException e) {
+ return new SslServerSocket(port, context,
+ enabledCipherSuites, enabledProtocols, needClientAuth);
+ }
+ } else {
+ return new SslServerSocket(port, context,
+ enabledCipherSuites, enabledProtocols, needClientAuth);
+ }
+ }
+
+ private static void checkValues(SSLContext context,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols) throws IllegalArgumentException {
+ // Force the initialization of the default at construction time,
+ // rather than delaying it to the first time createServerSocket()
+ // is called.
+ //
+ final SSLSocketFactory sslSocketFactory =
+ context == null ?
+ (SSLSocketFactory)SSLSocketFactory.getDefault() : context.getSocketFactory();
+ SSLSocket sslSocket = null;
+ if (enabledCipherSuites != null || enabledProtocols != null) {
+ try {
+ sslSocket = (SSLSocket) sslSocketFactory.createSocket();
+ } catch (Exception e) {
+ final String msg = "Unable to check if the cipher suites " +
+ "and protocols to enable are supported";
+ throw (IllegalArgumentException)
+ new IllegalArgumentException(msg).initCause(e);
+ }
+ }
+
+ // Check if all the cipher suites and protocol versions to enable
+ // are supported by the underlying SSL/TLS implementation and if
+ // true create lists from arrays.
+ //
+ if (enabledCipherSuites != null) {
+ sslSocket.setEnabledCipherSuites(enabledCipherSuites);
+ }
+ if (enabledProtocols != null) {
+ sslSocket.setEnabledProtocols(enabledProtocols);
+ }
+ }
+ }
+
+ private static class SslServerSocket extends ServerSocket {
+
+ private static SSLSocketFactory defaultSSLSocketFactory;
+ private final String[] enabledCipherSuites;
+ private final String[] enabledProtocols;
+ private final boolean needClientAuth;
+ private final SSLContext context;
+
+ private SslServerSocket(int port,
+ SSLContext ctx,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean needClientAuth) throws IOException {
+ super(port);
+ this.enabledProtocols = enabledProtocols;
+ this.enabledCipherSuites = enabledCipherSuites;
+ this.needClientAuth = needClientAuth;
+ this.context = ctx;
+ }
+
+ private SslServerSocket(int port,
+ int backlog,
+ InetAddress bindAddr,
+ SSLContext ctx,
+ String[] enabledCipherSuites,
+ String[] enabledProtocols,
+ boolean needClientAuth) throws IOException {
+ super(port, backlog, bindAddr);
+ this.enabledProtocols = enabledProtocols;
+ this.enabledCipherSuites = enabledCipherSuites;
+ this.needClientAuth = needClientAuth;
+ this.context = ctx;
+ }
+
+ @Override
+ public Socket accept() throws IOException {
+ final SSLSocketFactory sslSocketFactory =
+ context == null ?
+ getDefaultSSLSocketFactory() : context.getSocketFactory();
+ Socket socket = super.accept();
+ SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
+ socket, socket.getInetAddress().getHostName(),
+ socket.getPort(), true);
+ sslSocket.setUseClientMode(false);
+ if (enabledCipherSuites != null) {
+ sslSocket.setEnabledCipherSuites(enabledCipherSuites);
+ }
+ if (enabledProtocols != null) {
+ sslSocket.setEnabledProtocols(enabledProtocols);
+ }
+ sslSocket.setNeedClientAuth(needClientAuth);
+ return sslSocket;
+ }
+
+ private static synchronized SSLSocketFactory getDefaultSSLSocketFactory() {
+ if (defaultSSLSocketFactory == null) {
+ defaultSSLSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
+ return defaultSSLSocketFactory;
+ } else {
+ return defaultSSLSocketFactory;
+ }
+ }
+
+ }
}
diff -r 8d5899114117 -r 3fc5cbcd46dd src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
--- a/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java Wed Jan 27 04:21:22 2016 +0000
+++ b/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java Fri Apr 15 05:02:05 2016 +0100
@@ -170,15 +170,20 @@
storeFile = new File(storeFileName);
fis = getFileInputStream(storeFile);
} else {
- String javaHome = props.get("javaHome");
- storeFile = new File(javaHome + sep + "lib" + sep
- + "security" + sep +
- "jssecacerts");
+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
+ storeFile = new File(sep + "etc" + sep + "pki" + sep
+ + "java" + sep + "cacerts");
if ((fis = getFileInputStream(storeFile)) == null) {
+ String javaHome = props.get("javaHome");
storeFile = new File(javaHome + sep + "lib" + sep
- + "security" + sep +
- "cacerts");
- fis = getFileInputStream(storeFile);
+ + "security" + sep +
+ "jssecacerts");
+ if ((fis = getFileInputStream(storeFile)) == null) {
+ storeFile = new File(javaHome + sep + "lib" + sep
+ + "security" + sep +
+ "cacerts");
+ fis = getFileInputStream(storeFile);
+ }
}
}
diff -r 8d5899114117 -r 3fc5cbcd46dd src/share/lib/management/management.properties
--- a/src/share/lib/management/management.properties Wed Jan 27 04:21:22 2016 +0000
+++ b/src/share/lib/management/management.properties Fri Apr 15 05:02:05 2016 +0100
@@ -316,3 +316,16 @@
# For a non-default password file location use the following line
# com.sun.management.jmxremote.access.file=filepath
+#
+
+# ################ Management agent listen interface #########################
+#
+# com.sun.management.jmxremote.host=<host-or-interface-name>
+# Specifies the local interface on which the JMX RMI agent will bind.
+# This is useful when running on machines which have several
+# interfaces defined. It makes it possible to listen to a specific
+# subnet accessible through that interface.
+#
+# The format of the value for that property is any string accepted
+# by java.net.InetAddress.getByName(String).
+#
diff -r 8d5899114117 -r 3fc5cbcd46dd src/share/native/sun/security/ec/ECC_JNI.cpp
--- a/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 04:21:22 2016 +0000
+++ b/src/share/native/sun/security/ec/ECC_JNI.cpp Fri Apr 15 05:02:05 2016 +0100
@@ -48,7 +48,9 @@
void ThrowException(JNIEnv *env, const char *exceptionName)
{
jclass exceptionClazz = env->FindClass(exceptionName);
- env->ThrowNew(exceptionClazz, NULL);
+ if (exceptionClazz != NULL) {
+ env->ThrowNew(exceptionClazz, NULL);
+ }
}
/*
@@ -115,6 +117,9 @@
params_item.len = env->GetArrayLength(encodedParams);
params_item.data =
(unsigned char *) env->GetByteArrayElements(encodedParams, 0);
+ if (params_item.data == NULL) {
+ goto cleanup;
+ }
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
@@ -226,6 +231,7 @@
digest_item.len = jDigestLength;
ECPrivateKey privKey;
+ privKey.privateValue.data = NULL;
// Initialize the ECParams struct
ECParams *ecparams = NULL;
@@ -233,6 +239,9 @@
params_item.len = env->GetArrayLength(encodedParams);
params_item.data =
(unsigned char *) env->GetByteArrayElements(encodedParams, 0);
+ if (params_item.data == NULL) {
+ goto cleanup;
+ }
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
@@ -246,6 +255,9 @@
privKey.privateValue.len = env->GetArrayLength(privateKey);
privKey.privateValue.data =
(unsigned char *) env->GetByteArrayElements(privateKey, 0);
+ if (privKey.privateValue.data == NULL) {
+ goto cleanup;
+ }
// Prepare a buffer for the signature (twice the key length)
pSignedDigestBuffer = new jbyte[ecparams->order.len * 2];
@@ -265,6 +277,9 @@
// Create new byte array
temp = env->NewByteArray(signature_item.len);
+ if (temp == NULL) {
+ goto cleanup;
+ }
// Copy data from native buffer
env->SetByteArrayRegion(temp, 0, signature_item.len, pSignedDigestBuffer);
@@ -342,6 +357,9 @@
params_item.len = env->GetArrayLength(encodedParams);
params_item.data =
(unsigned char *) env->GetByteArrayElements(encodedParams, 0);
+ if (params_item.data == NULL) {
+ goto cleanup;
+ }
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
@@ -395,25 +413,37 @@
(JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
{
jbyteArray jSecret = NULL;
+ ECParams *ecparams = NULL;
+ SECItem privateValue_item;
+ privateValue_item.data = NULL;
+ SECItem publicValue_item;
+ publicValue_item.data = NULL;
+ SECKEYECParams params_item;
+ params_item.data = NULL;
// Extract private key value
- SECItem privateValue_item;
privateValue_item.len = env->GetArrayLength(privateKey);
privateValue_item.data =
(unsigned char *) env->GetByteArrayElements(privateKey, 0);
+ if (privateValue_item.data == NULL) {
+ goto cleanup;
+ }
More information about the distro-pkg-dev
mailing list