[PATCH][IcedTea6] Fix Backport from S6657673
Andrew Hughes
gnu.andrew at redhat.com
Mon Apr 22 08:59:34 PDT 2013
----- Original Message -----
> On 04/22/2013 07:03 AM, Andrew Hughes wrote:
> > ----- Original Message -----
> >> Hi Andrew,
> >>
> >> On 04/19/2013 02:59 PM, Andrew Hughes wrote:
> >>> ----- Original Message -----
> >>>> Hi,
> >>>>
> >>>> This patch improves our backport of the Java 7 S6657673 security fix.
> >>>> This fixes a problem where
> >>>> javax.xml.parsers.DocumentBuilderFactory.newInstance would fail due to
> >>>> package access restrictions on Xerces.
> >>>> Okay to push?
> >>>>
> >>> No. If you're backporting patches, as has been said before, they should
> >>> be in the openjdk directory named with the bug ID so they can be traced.
> >>> This is hard for me to read now, never mind for long term maintenance.
> >>>
> >>>> Thanks,
> >>>> Elliott
> >>>>
> >> There were actually a couple of patches I backported, and they were just
> >> partial backports. I didn't think it was suitable to classify it as a
> >> proper OpenJDK patch. The commit policy says only direct backports
> >> should be placed in the openjdk subdirectory.
> >>
> >> Thanks,
> >> Elliott
> >>
> > Can you provide more details on:
> >
> > * The repository these changes came from and which changesets
>
> From the ChangeLog:
> > * patches/security/20130416/6657673-jaxp-backport-factoryfinder.patch:
> > Backported {parser,transform}.FactoryFinder fixes
> > from jdk7u-dev changesets: 4a61ac055189 & 38d4d23d167c.
>
Yes, I've seen this. Which repository?
>
> > * What subset of the patches were used?
>
> The first changeset 4a61ac055189: Adding the parameter useBSClassLoader
> to getProviderClass and newInstance. Other portions of the patch that
> updated the usage of these two methods to include useBSClassLoader were
> also backported.
> The second changeset 38d4d23d167c: Is a fixed backport of S6657673 for
> these two FactoryFinder classes that actually sets useBSClassLoader.
>
Ok can we at least have these as two separate patches? I need to know
what's going on if we're ever going to upstream this.
> Elliott
>
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the distro-pkg-dev
mailing list