[11u] RFR(S): 8223326: Regression introduced by CPU sync: java.security.AccessControlException: access denied ("java.net.NetPermission" "setSocketImpl")
Doerr, Martin
martin.doerr at sap.com
Tue Mar 24 10:21:30 UTC 2020
Thanks a lot for looking into this, Alan, Chris and Christoph!
We had also looked at
"8217997: Better socket support": https://hg.openjdk.java.net/jdk/jdk/rev/94710bb2a5bb
which was backported as
"8218573: Better socket support": http://hg.openjdk.java.net/jdk-updates/jdk11u-dev/rev/c7602effc480
with the spec update.
It's not so easy to understand which changes need to get backportet and we should make sure we don't miss anything really important.
Thanks for shedding more light into the history.
I've closed it as "Not an Issue".
Best regards,
Martin
> -----Original Message-----
> From: Alan Bateman <Alan.Bateman at oracle.com>
> Sent: Dienstag, 24. März 2020 10:53
> To: Langer, Christoph <christoph.langer at sap.com>; Doerr, Martin
> <martin.doerr at sap.com>; core-libs-dev at openjdk.java.net; jdk-updates-
> dev at openjdk.java.net
> Subject: Re: [11u] RFR(S): 8223326: Regression introduced by CPU sync:
> java.security.AccessControlException: access denied
> ("java.net.NetPermission" "setSocketImpl")
>
> On 24/03/2020 08:19, Langer, Christoph wrote:
> >
> > Ah, I see... JDK-8218573 is JDK11u/JDK13u specific. Looks like it was derived
> from JDK-8217997 in jdk/jdk but pushed as a different bug. jdk/jdk was the
> only place where I was looking for JDK-8218573, so I couldn't find it.
> I don't have time to dig into this tangled web but it does appear that a
> backport issue was used instead of the main issue in at least one case.
> That might be part of the confusion with the JBS issues. It also appears
> that JDK-8223326 has been backported to several releases where it is not
> applicable.
>
> >
> > By spec part you mean the "@throws SecurityException" sections? Do you
> think those should not have been part of the 11u/13u change? Should these
> be even rolled back?
> >
> The spec changes to NetPermission and the protected Socket constructor
> should not be in the update releases. If a security fix involves a spec
> clarification then a good starting assumption is that the scope of the
> change for the update releases, if applicable, will be bit different.
>
> -Alan.
More information about the jdk-updates-dev
mailing list