[security-dev 01154]: Re: TimeZone.setDefaultZone() permission check change between 6 and 7
Mark Wielaard
mjw at redhat.com
Sun Aug 30 10:08:08 UTC 2009
Hi Andrew,
On Sun, 2009-08-30 at 01:16 +0100, Andrew John Hughes wrote:
> 2009/8/28 Mark Wielaard <mjw at redhat.com>:
> > While investigating a bug report reported by one of the JBoss hackers:
> > http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=381
> > "Stackoverflow error with security manager, signed jars and
> > -Djava.security.debug set", I noticed there is a change in permission
> > check between openjdk6 and openjdk7 with respect to the
> > TimeZone.setDefaultZone() method.
> >
> > Attached is the diff. The first change is similar to what I would have
> > suggested. But I am not sure about the second change.
> >
> > I couldn't find a commit or bug report for this issue. Does someone
> > remember why the changes were made? I would like to backport them to 6.
>
> There is nothing in hg log to suggest that file has changed since the
> initial Mercurial import. Thus the change occurred in the period
> between the version of OpenJDK7 used as the base for OpenJDK6 (b20?)
> and the first Mercurial revision (b24).
Thanks. Indeed, I found the change through the hg mirror of the old
openjdk svn repo: http://icedtea.classpath.org/hg/openjdk/
It is in revision ce9dde984c21, which corresponds to:
Summary: [svn] Load openjdk/jdk7/b22 into jdk/trunk.
So it was in b22. That should help us track down the actual change. But
not directly, since in the old svn days no individual changesets were
available. Also note that back then the jdk tree was called j2se.
Cheers,
Mark
More information about the security-dev
mailing list