[PATCH] 2013/10/15 Security Errata: HotSpot Changes

Alex Kasko mail at alexkasko.com
Sat Nov 23 08:35:19 PST 2013 

On 11/23/2013 05:36 PM, Alex Kasko wrote:
> On 11/23/2013 10:40 AM, Andrew wrote:
>>
>>
>> ----- Original Message -----
>>> * Andrew <gnu.andrew at redhat.com> [2013-11-20 12:13]:
>>>> Webrev: http://cr.openjdk.java.net/~andrew/openjdk6/20131015/hotspot
>>>
>>> Looks identical to patches in icedtea6. No objections from me.
>>>
>>> Thanks,
>>> Omair
>>>
>>> --
>>> PGP Key: 66484681 (http://pgp.mit.edu/)
>>> Fingerprint = F072 555B 0A17 3957 4E95  0056 F286 F14F 6648 4681
>>>
>>
>> Now they're all pushed, we should consider a b29 release, though let's
>> first hear back on Alex's Windows issues.
>>
>
> It was a makefile typo -
> http://cr.openjdk.java.net/~akasko/jdk6/webrev_hotspot_makefile_typo.00/
>
> Windows builds are in progress now, they should finish in 3 hours - I'll
> report later.

Typo was only the part of the issue. The main issue was the /SAFESEH 
linking flag on sawindbg.dll causing link error [1]. I was unable to 
make it work with VS2003 (my knowledge of win32 debug tools seems too 
low), so I am proposing to remove this flag from i586 windows build (it 
is not used in amd64 one). Some links with the context of the problem: 
[2] - [8].

Updated (more clean) typo webrev based on changeset [9] - 
http://cr.openjdk.java.net/~akasko/jdk6/webrev_hotspot_makefile_typo.01/

Separate webrev for safeseh flag remove - 
http://cr.openjdk.java.net/~akasko/jdk6/webrev_hotspot_sa_safeseh_disabled.00/
It is actually the rollback of this change [10] from initial patch.

Another round of windows builds is in progress (problematic i586 hotspot 
is already passed).

PS: maybe it's better to combine both oneliner changes into single patch.


[1] 
http://cr.openjdk.java.net/~akasko/jdk6/hotspot_sawindbg_safeseh_error.txt
[2] https://bugs.openjdk.java.net/browse/JDK-7017110
[3] https://bugs.openjdk.java.net/browse/JDK-7160624
[4] http://msdn.microsoft.com/en-us/library/9a89h429%28v=vs.71%29.aspx
[5] 
http://stackoverflow.com/questions/14710577/error-lnk2026-module-unsafe-for-safeseh-image
[6] 
http://stackoverflow.com/questions/10599940/module-unsafe-for-safeseh-image-c
[7] 
http://stackoverflow.com/questions/1610786/find-windows-dlls-not-compiled-with-safeseh
[8] 
http://mail.openjdk.java.net/pipermail/serviceability-dev/2012-April/005743.html
[9] 
http://hg.openjdk.java.net/hsx/jdk7u/hotspot/diff/75c36a461ecd/make/windows/makefiles/compile.make 

[10] 
http://cr.openjdk.java.net/~andrew/openjdk6/20131015/hotspot/make/windows/makefiles/sa.make.udiff.html


-- 
Regards,
Alex Kasko

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3742 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.openjdk.java.net/pipermail/jdk6-dev/attachments/20131123/1733e14e/smime.p7s

More information about the jdk6-dev mailing list