changeset in /hg/icedtea6: 2009-03-24 Lillian Angel <langel at red...
Lillian Angel
langel at redhat.com
Tue Mar 24 04:54:34 PDT 2009
changeset 246837dabf32 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=246837dabf32
description:
2009-03-24 Lillian Angel <langel at redhat.com>
* Makefile.am
(ICEDTEA_PATCHES): Added new patches to the list.
* patches/icedtea-6536193.patch,
patches/icedtea-6610888.patch,
patches/icedtea-6610896.patch,
patches/icedtea-6630639.patch,
patches/icedtea-6632886.patch,
patches/icedtea-6636360.patch,
patches/icedtea-6652463.patch,
patches/icedtea-6656633.patch,
patches/icedtea-6658158.patch,
patches/icedtea-6691246.patch,
patches/icedtea-6717680.patch,
patches/icedtea-6721651.patch,
patches/icedtea-6737315.patch,
patches/icedtea-6792554.patch,
patches/icedtea-6804996.patch,
patches/icedtea-6804997.patch,
patches/icedtea-6804998.patch: New security patches.
diffstat:
19 files changed, 3380 insertions(+), 4 deletions(-)
ChangeLog | 22 +
Makefile.am | 24 +
patches/icedtea-6536193.patch | 102 +++++
patches/icedtea-6610888.patch | 58 ++
patches/icedtea-6610896.patch | 189 +++++++++
patches/icedtea-6630639.patch | 31 +
patches/icedtea-6632886.patch | 502 +++++++++++++++++++++++++
patches/icedtea-6636360.patch | 34 +
patches/icedtea-6652463.patch | 28 +
patches/icedtea-6656633.patch | 51 ++
patches/icedtea-6658158.patch | 815 +++++++++++++++++++++++++++++++++++++++++
patches/icedtea-6691246.patch | 166 ++++++++
patches/icedtea-6717680.patch | 27 +
patches/icedtea-6721651.patch | 735 ++++++++++++++++++++++++++++++++++++
patches/icedtea-6737315.patch | 44 ++
patches/icedtea-6792554.patch | 415 ++++++++++++++++++++
patches/icedtea-6804996.patch | 75 +++
patches/icedtea-6804997.patch | 31 +
patches/icedtea-6804998.patch | 35 +
diffs (truncated from 3490 to 500 lines):
diff -r 62a746a17ffa -r 246837dabf32 ChangeLog
--- a/ChangeLog Mon Mar 23 09:33:31 2009 -0400
+++ b/ChangeLog Tue Mar 24 07:54:27 2009 -0400
@@ -1,3 +1,25 @@ 2009-03-23 Gary Benson <gbenson at redhat
+2009-03-24 Lillian Angel <langel at redhat.com>
+
+ * Makefile.am
+ (ICEDTEA_PATCHES): Added new patches to the list.
+ * patches/icedtea-6536193.patch,
+ patches/icedtea-6610888.patch,
+ patches/icedtea-6610896.patch,
+ patches/icedtea-6630639.patch,
+ patches/icedtea-6632886.patch,
+ patches/icedtea-6636360.patch,
+ patches/icedtea-6652463.patch,
+ patches/icedtea-6656633.patch,
+ patches/icedtea-6658158.patch,
+ patches/icedtea-6691246.patch,
+ patches/icedtea-6717680.patch,
+ patches/icedtea-6721651.patch,
+ patches/icedtea-6737315.patch,
+ patches/icedtea-6792554.patch,
+ patches/icedtea-6804996.patch,
+ patches/icedtea-6804997.patch,
+ patches/icedtea-6804998.patch: New security patches.
+
2009-03-23 Gary Benson <gbenson at redhat.com>
* ports/hotspot/src/share/vm/shark/sharkFunction.hpp:
diff -r 62a746a17ffa -r 246837dabf32 Makefile.am
--- a/Makefile.am Mon Mar 23 09:33:31 2009 -0400
+++ b/Makefile.am Tue Mar 24 07:54:27 2009 -0400
@@ -543,7 +543,23 @@ ICEDTEA_PATCHES = \
patches/icedtea-javafiles.patch \
patches/icedtea-core-build.patch \
patches/icedtea-jvmtiEnv.patch \
- patches/icedtea-lcms.patch
+ patches/icedtea-lcms.patch \
+ patches/icedtea-6536193.patch \
+ patches/icedtea-6610888.patch \
+ patches/icedtea-6610896.patch \
+ patches/icedtea-6630639.patch \
+ patches/icedtea-6632886.patch \
+ patches/icedtea-6652463.patch \
+ patches/icedtea-6656633.patch \
+ patches/icedtea-6658158.patch \
+ patches/icedtea-6691246.patch \
+ patches/icedtea-6717680.patch \
+ patches/icedtea-6721651.patch \
+ patches/icedtea-6737315.patch \
+ patches/icedtea-6792554.patch \
+ patches/icedtea-6804996.patch \
+ patches/icedtea-6804997.patch \
+ patches/icedtea-6804998.patch
if WITH_ALT_HSBUILD
ICEDTEA_PATCHES += \
@@ -739,7 +755,7 @@ stamps/patch.stamp: stamps/patch-fsg.sta
if test x$${all_patches_ok} = "xyes" \
&& echo Checking $$p \
&& $(PATCH) -l -p0 --dry-run -s -t -f \
- -F 0 < $(abs_top_srcdir)/$$p ; \
+ < $(abs_top_srcdir)/$$p ; \
then \
echo Applying $$p ; \
$(PATCH) -l -p0 < $(abs_top_srcdir)/$$p ; \
@@ -818,7 +834,7 @@ stamps/patch-fsg.stamp: stamps/extract.s
if test x$${all_patches_ok} = "xyes" \
&& echo Checking $$p \
&& $(PATCH) -l -p0 --dry-run -s -t -f \
- -F 0 < $(abs_top_srcdir)/$$p ; \
+ < $(abs_top_srcdir)/$$p ; \
then \
echo Applying $$p ; \
$(PATCH) -l -p0 < $(abs_top_srcdir)/$$p ; \
@@ -917,7 +933,7 @@ stamps/patch-ecj.stamp: stamps/extract-e
if test x$${all_patches_ok} = "xyes" \
&& echo Checking $$p \
&& $(PATCH) -l -p0 --dry-run -s -t -f \
- -F 0 < $(abs_top_srcdir)/$$p ; \
+ < $(abs_top_srcdir)/$$p ; \
then \
echo Applying $$p ; \
$(PATCH) -l -p0 < $(abs_top_srcdir)/$$p ; \
diff -r 62a746a17ffa -r 246837dabf32 patches/icedtea-6536193.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-6536193.patch Tue Mar 24 07:54:27 2009 -0400
@@ -0,0 +1,102 @@
+--- old/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Tue Mar 3 11:34:51 2009
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Tue Mar 3 11:34:50 2009
+@@ -1,27 +1,3 @@
+-/*
+- * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Sun designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Sun in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+- * CA 95054 USA or visit www.sun.com if you need additional information or
+- * have any questions.
+- */
+ package com.sun.xml.internal.bind.v2.runtime.output;
+
+ import java.io.IOException;
+@@ -32,6 +8,7 @@
+ import com.sun.xml.internal.bind.DatatypeConverterImpl;
+ import com.sun.xml.internal.bind.v2.runtime.Name;
+ import com.sun.xml.internal.bind.v2.runtime.XMLSerializer;
++import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl;
+
+ import org.xml.sax.SAXException;
+
+@@ -81,6 +58,11 @@
+ protected boolean closeStartTagPending = false;
+
+ /**
++ * @see MarshallerImpl#header
++ */
++ private String header;
++
++ /**
+ *
+ * @param localNames
+ * local names encoded in UTF-8.
+@@ -92,6 +74,10 @@
+ prefixes[i] = new Encoded();
+ }
+
++ public void setHeader(String header) {
++ this.header = header;
++ }
++
+ @Override
+ public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException {
+ super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext);
+@@ -100,6 +86,10 @@
+ if(!fragment) {
+ write(XML_DECL);
+ }
++ if(header!=null) {
++ textBuffer.set(header);
++ textBuffer.write(this);
++ }
+ }
+
+ public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException {
+@@ -383,11 +373,23 @@
+ return buf;
+ }
+
+- private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\"");
+- private static final byte[] XMLNS_COLON = toBytes(" xmlns:");
+- private static final byte[] EQUALS = toBytes("=\"");
+- private static final byte[] CLOSE_TAG = toBytes("</");
+- private static final byte[] EMPTY_TAG = toBytes("/>");
++ // per instance copy to prevent an attack where malicious OutputStream
++ // rewrites the byte array.
++ private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone();
++ private final byte[] XMLNS_COLON = _XMLNS_COLON.clone();
++ private final byte[] EQUALS = _EQUALS.clone();
++ private final byte[] CLOSE_TAG = _CLOSE_TAG.clone();
++ private final byte[] EMPTY_TAG = _EMPTY_TAG.clone();
++ private final byte[] XML_DECL = _XML_DECL.clone();
++
++ // masters
++ private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\"");
++ private static final byte[] _XMLNS_COLON = toBytes(" xmlns:");
++ private static final byte[] _EQUALS = toBytes("=\"");
++ private static final byte[] _CLOSE_TAG = toBytes("</");
++ private static final byte[] _EMPTY_TAG = toBytes("/>");
++ private static final byte[] _XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
++
++ // no need to copy
+ private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
+- private static final byte[] XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
+ }
diff -r 62a746a17ffa -r 246837dabf32 patches/icedtea-6610888.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-6610888.patch Tue Mar 24 07:54:27 2009 -0400
@@ -0,0 +1,58 @@
+--- old/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 17:21:12 2009
++++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 17:21:11 2009
+@@ -37,6 +37,7 @@
+ import java.security.AccessControlContext;
+ import java.security.AccessController;
+ import java.security.PrivilegedAction;
++import java.security.ProtectionDomain;
+ import java.util.List;
+ import java.util.concurrent.CopyOnWriteArrayList;
+ import java.util.concurrent.ExecutorService;
+@@ -170,7 +171,10 @@
+ /**
+ * AccessControlContext of the Monitor.start() caller.
+ */
+- private AccessControlContext acc;
++ private static final AccessControlContext noPermissionsACC =
++ new AccessControlContext(
++ new ProtectionDomain[] {new ProtectionDomain(null, null)});
++ private volatile AccessControlContext acc = noPermissionsACC;
+
+ /**
+ * Scheduler Service.
+@@ -755,7 +759,7 @@
+
+ // Reset the AccessControlContext.
+ //
+- acc = null;
++ acc = noPermissionsACC;
+
+ // Reset the complex type attribute information
+ // such that it is recalculated again.
+@@ -1555,10 +1559,12 @@
+
+ public void run() {
+ final ScheduledFuture<?> sf;
++ final AccessControlContext ac;
+ synchronized (Monitor.this) {
+ sf = Monitor.this.schedulerFuture;
++ ac = Monitor.this.acc;
+ }
+- AccessController.doPrivileged(new PrivilegedAction<Void>() {
++ PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
+ public Void run() {
+ if (Monitor.this.isActive()) {
+ final int an[] = alreadyNotifieds;
+@@ -1571,7 +1577,11 @@
+ }
+ return null;
+ }
+- }, Monitor.this.acc);
++ };
++ if (ac == null) {
++ throw new SecurityException("AccessControlContext cannot be null");
++ }
++ AccessController.doPrivileged(action, ac);
+ synchronized (Monitor.this) {
+ if (Monitor.this.isActive() &&
+ Monitor.this.schedulerFuture == sf) {
diff -r 62a746a17ffa -r 246837dabf32 patches/icedtea-6610896.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-6610896.patch Tue Mar 24 07:54:27 2009 -0400
@@ -0,0 +1,189 @@
+--- old/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 16:53:02 2009
++++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 16:53:01 2009
+@@ -38,8 +38,9 @@
+ import java.security.AccessController;
+ import java.security.PrivilegedAction;
+ import java.util.List;
++import java.util.Map;
++import java.util.WeakHashMap;
+ import java.util.concurrent.CopyOnWriteArrayList;
+-import java.util.concurrent.ExecutorService;
+ import java.util.concurrent.Executors;
+ import java.util.concurrent.Future;
+ import java.util.concurrent.LinkedBlockingQueue;
+@@ -180,14 +181,20 @@
+ new DaemonThreadFactory("Scheduler"));
+
+ /**
+- * Maximum Pool Size
++ * Map containing the thread pool executor per thread group.
+ */
+- private static final int maximumPoolSize;
++ private static final Map<ThreadPoolExecutor, Void> executors =
++ new WeakHashMap<ThreadPoolExecutor, Void>();
+
+ /**
+- * Executor Service.
++ * Lock for executors map.
+ */
+- private static final ExecutorService executor;
++ private static final Object executorsLock = new Object();
++
++ /**
++ * Maximum Pool Size
++ */
++ private static final int maximumPoolSize;
+ static {
+ final String maximumPoolSizeSysProp = "jmx.x.monitor.maximum.pool.size";
+ final String maximumPoolSizeStr = AccessController.doPrivileged(
+@@ -217,22 +224,9 @@
+ maximumPoolSize = maximumPoolSizeTmp;
+ }
+ }
+- executor = new ThreadPoolExecutor(
+- maximumPoolSize,
+- maximumPoolSize,
+- 60L,
+- TimeUnit.SECONDS,
+- new LinkedBlockingQueue<Runnable>(),
+- new DaemonThreadFactory("Executor"));
+- ((ThreadPoolExecutor)executor).allowCoreThreadTimeOut(true);
+ }
+
+ /**
+- * Monitor task to be executed by the Executor Service.
+- */
+- private final MonitorTask monitorTask = new MonitorTask();
+-
+- /**
+ * Future associated to the current monitor task.
+ */
+ private Future<?> monitorFuture;
+@@ -240,7 +234,7 @@
+ /**
+ * Scheduler task to be executed by the Scheduler Service.
+ */
+- private final SchedulerTask schedulerTask = new SchedulerTask(monitorTask);
++ private final SchedulerTask schedulerTask = new SchedulerTask();
+
+ /**
+ * ScheduledFuture associated to the current scheduler task.
+@@ -726,6 +720,7 @@
+ // Start the scheduler.
+ //
+ cleanupFutures();
++ schedulerTask.setMonitorTask(new MonitorTask());
+ schedulerFuture = scheduler.schedule(schedulerTask,
+ getGranularityPeriod(),
+ TimeUnit.MILLISECONDS);
+@@ -1505,7 +1500,7 @@
+ */
+ private class SchedulerTask implements Runnable {
+
+- private Runnable task = null;
++ private MonitorTask task;
+
+ /*
+ * ------------------------------------------
+@@ -1513,7 +1508,16 @@
+ * ------------------------------------------
+ */
+
+- public SchedulerTask(Runnable task) {
++ public SchedulerTask() {
++ }
++
++ /*
++ * ------------------------------------------
++ * GETTERS/SETTERS
++ * ------------------------------------------
++ */
++
++ public void setMonitorTask(MonitorTask task) {
+ this.task = task;
+ }
+
+@@ -1525,7 +1529,7 @@
+
+ public void run() {
+ synchronized (Monitor.this) {
+- Monitor.this.monitorFuture = executor.submit(task);
++ Monitor.this.monitorFuture = task.submit();
+ }
+ }
+ }
+@@ -1538,6 +1542,8 @@
+ */
+ private class MonitorTask implements Runnable {
+
++ private ThreadPoolExecutor executor;
++
+ /*
+ * ------------------------------------------
+ * CONSTRUCTORS
+@@ -1545,6 +1551,38 @@
+ */
+
+ public MonitorTask() {
++ // Find out if there's already an existing executor for the calling
++ // thread and reuse it. Otherwise, create a new one and store it in
++ // the executors map. If there is a SecurityManager, the group of
++ // System.getSecurityManager() is used, else the group of the thread
++ // instantiating this MonitorTask, i.e. the group of the thread that
++ // calls "Monitor.start()".
++ SecurityManager s = System.getSecurityManager();
++ ThreadGroup group = (s != null) ? s.getThreadGroup() :
++ Thread.currentThread().getThreadGroup();
++ synchronized (executorsLock) {
++ for (ThreadPoolExecutor e : executors.keySet()) {
++ DaemonThreadFactory tf =
++ (DaemonThreadFactory) e.getThreadFactory();
++ ThreadGroup tg = tf.getThreadGroup();
++ if (tg == group) {
++ executor = e;
++ break;
++ }
++ }
++ if (executor == null) {
++ executor = new ThreadPoolExecutor(
++ maximumPoolSize,
++ maximumPoolSize,
++ 60L,
++ TimeUnit.SECONDS,
++ new LinkedBlockingQueue<Runnable>(),
++ new DaemonThreadFactory("ThreadGroup<" +
++ group.getName() + "> Executor", group));
++ executor.allowCoreThreadTimeOut(true);
++ executors.put(executor, null);
++ }
++ }
+ }
+
+ /*
+@@ -1553,6 +1591,10 @@
+ * ------------------------------------------
+ */
+
++ public Future<?> submit() {
++ return executor.submit(this);
++ }
++
+ public void run() {
+ final ScheduledFuture<?> sf;
+ synchronized (Monitor.this) {
+@@ -1611,6 +1653,15 @@
+ namePrefix = "JMX Monitor " + poolName + " Pool [Thread-";
+ }
+
++ public DaemonThreadFactory(String poolName, ThreadGroup threadGroup) {
++ group = threadGroup;
++ namePrefix = "JMX Monitor " + poolName + " Pool [Thread-";
++ }
++
++ public ThreadGroup getThreadGroup() {
++ return group;
++ }
++
+ public Thread newThread(Runnable r) {
+ Thread t = new Thread(group,
+ r,
diff -r 62a746a17ffa -r 246837dabf32 patches/icedtea-6630639.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-6630639.patch Tue Mar 24 07:54:27 2009 -0400
@@ -0,0 +1,31 @@
+--- old/src/share/classes/sun/net/httpserver/Request.java Wed Mar 4 03:29:39 2009
++++ openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java Wed Mar 4 03:29:39 2009
+@@ -52,6 +52,9 @@
+ os = rawout;
+ do {
+ startLine = readLine();
++ if (startLine == null) {
++ return;
++ }
+ /* skip blank lines */
+ } while (startLine.equals (""));
+ }
+--- old/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Mar 4 03:29:41 2009
++++ openjdk/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Mar 4 03:29:41 2009
+@@ -437,6 +437,7 @@
+ rawin = sslStreams.getInputStream();
+ rawout = sslStreams.getOutputStream();
+ engine = sslStreams.getSSLEngine();
++ connection.sslStreams = sslStreams;
+ } else {
+ rawin = new BufferedInputStream(
+ new Request.ReadStream (
+@@ -446,6 +447,8 @@
+ ServerImpl.this, chan
+ );
+ }
++ connection.raw = rawin;
++ connection.rawout = rawout;
+ }
+ Request req = new Request (rawin, rawout);
+ requestLine = req.requestLine();
diff -r 62a746a17ffa -r 246837dabf32 patches/icedtea-6632886.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-6632886.patch Tue Mar 24 07:54:27 2009 -0400
@@ -0,0 +1,502 @@
+--- old/src/share/classes/java/awt/Font.java Tue Mar 3 14:12:23 2009
++++ openjdk/jdk/src/share/classes/java/awt/Font.java Tue Mar 3 14:12:23 2009
+@@ -37,6 +37,8 @@
+ import java.awt.peer.FontPeer;
+ import java.io.*;
+ import java.lang.ref.SoftReference;
++import java.security.AccessController;
++import java.security.PrivilegedExceptionAction;
+ import java.text.AttributedCharacterIterator.Attribute;
+ import java.text.CharacterIterator;
+ import java.text.StringCharacterIterator;
+@@ -51,6 +53,7 @@
+ import sun.font.AttributeValues;
+ import sun.font.EAttribute;
+ import sun.font.CompositeFont;
++import sun.font.CreatedFontTracker;
More information about the distro-pkg-dev
mailing list