# HG changeset patch
# User Andrew John Hughes
# Date 1239062537 -3600
# Node ID 3a122c249dda9449581e3f295cead8cdcdbf51fc
# Parent 9933c527970bffcfb10e5898edb808cfccedc7c8
Port latest security fixes from IcedTea6.
2009-04-06 Andrew John Hughes
* Makefile.am:
Add new patches.
* patches/security/icedtea-6536193.patch,
* patches/security/icedtea-6610888.patch,
* patches/security/icedtea-6610896.patch,
* patches/security/icedtea-6630639.patch,
* patches/security/icedtea-6632886.patch,
* patches/security/icedtea-6636360.patch,
* patches/security/icedtea-6652463.patch,
* patches/security/icedtea-6656633.patch,
* patches/security/icedtea-6658158.patch,
* patches/security/icedtea-6691246.patch,
* patches/security/icedtea-6717680.patch,
* patches/security/icedtea-6721651.patch,
* patches/security/icedtea-6737315.patch,
* patches/security/icedtea-6792554.patch,
* patches/security/icedtea-6804996.patch,
* patches/security/icedtea-6804997.patch,
* patches/security/icedtea-6804998.patch:
Security patches ported from IcedTea6.
diff -r 9933c527970b -r 3a122c249dda ChangeLog
--- a/ChangeLog Fri Mar 20 11:42:36 2009 +0000
+++ b/ChangeLog Tue Apr 07 01:02:17 2009 +0100
@@ -1,3 +1,26 @@
+2009-04-06 Andrew John Hughes
+
+ * Makefile.am:
+ Add new patches.
+ * patches/security/icedtea-6536193.patch,
+ * patches/security/icedtea-6610888.patch,
+ * patches/security/icedtea-6610896.patch,
+ * patches/security/icedtea-6630639.patch,
+ * patches/security/icedtea-6632886.patch,
+ * patches/security/icedtea-6636360.patch,
+ * patches/security/icedtea-6652463.patch,
+ * patches/security/icedtea-6656633.patch,
+ * patches/security/icedtea-6658158.patch,
+ * patches/security/icedtea-6691246.patch,
+ * patches/security/icedtea-6717680.patch,
+ * patches/security/icedtea-6721651.patch,
+ * patches/security/icedtea-6737315.patch,
+ * patches/security/icedtea-6792554.patch,
+ * patches/security/icedtea-6804996.patch,
+ * patches/security/icedtea-6804997.patch,
+ * patches/security/icedtea-6804998.patch:
+ Security patches ported from IcedTea6.
+
2009-03-20 Andrew John Hughes
* NEWS: Add release date for 1.9.
diff -r 9933c527970b -r 3a122c249dda Makefile.am
--- a/Makefile.am Fri Mar 20 11:42:36 2009 +0000
+++ b/Makefile.am Tue Apr 07 01:02:17 2009 +0100
@@ -1832,6 +1832,23 @@
patches/icedtea-jvmtiEnv.patch \
patches/icedtea-xml-encodinginfo.patch \
patches/icedtea-cc-interp-backedge.patch \
+ patches/security/icedtea-6536193.patch \
+ patches/security/icedtea-6610888.patch \
+ patches/security/icedtea-6610896.patch \
+ patches/security/icedtea-6630639.patch \
+ patches/security/icedtea-6632886.patch \
+ patches/security/icedtea-6636360.patch \
+ patches/security/icedtea-6652463.patch \
+ patches/security/icedtea-6656633.patch \
+ patches/security/icedtea-6658158.patch \
+ patches/security/icedtea-6691246.patch \
+ patches/security/icedtea-6717680.patch \
+ patches/security/icedtea-6721651.patch \
+ patches/security/icedtea-6737315.patch \
+ patches/security/icedtea-6792554.patch \
+ patches/security/icedtea-6804996.patch \
+ patches/security/icedtea-6804997.patch \
+ patches/security/icedtea-6804998.patch \
$(DISTRIBUTION_PATCHES)
if WITH_RHINO
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6536193.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6536193.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,74 @@
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java 2009-04-06 17:03:00.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java 2009-04-06 17:06:08.000000000 +0100
+@@ -33,6 +33,7 @@
+ import com.sun.xml.internal.bind.DatatypeConverterImpl;
+ import com.sun.xml.internal.bind.v2.runtime.Name;
+ import com.sun.xml.internal.bind.v2.runtime.XMLSerializer;
++import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl;
+
+ import org.xml.sax.SAXException;
+
+@@ -82,6 +83,11 @@
+ protected boolean closeStartTagPending = false;
+
+ /**
++ * @see MarshallerImpl#header
++ */
++ private String header;
++
++ /**
+ *
+ * @param localNames
+ * local names encoded in UTF-8.
+@@ -93,6 +99,9 @@
+ prefixes[i] = new Encoded();
+ }
+
++ public void setHeader(String header) {
++ this.header = header;
++ }
+
+ public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException {
+ super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext);
+@@ -101,6 +110,10 @@
+ if(!fragment) {
+ write(XML_DECL);
+ }
++ if(header!=null) {
++ textBuffer.set(header);
++ textBuffer.write(this);
++ }
+ }
+
+ public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException {
+@@ -391,11 +404,23 @@
+ return buf;
+ }
+
+- private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\"");
+- private static final byte[] XMLNS_COLON = toBytes(" xmlns:");
+- private static final byte[] EQUALS = toBytes("=\"");
+- private static final byte[] CLOSE_TAG = toBytes("");
+- private static final byte[] EMPTY_TAG = toBytes("/>");
++ // per instance copy to prevent an attack where malicious OutputStream
++ // rewrites the byte array.
++ private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone();
++ private final byte[] XMLNS_COLON = _XMLNS_COLON.clone();
++ private final byte[] EQUALS = _EQUALS.clone();
++ private final byte[] CLOSE_TAG = _CLOSE_TAG.clone();
++ private final byte[] EMPTY_TAG = _EMPTY_TAG.clone();
++ private final byte[] XML_DECL = _XML_DECL.clone();
++
++ // masters
++ private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\"");
++ private static final byte[] _XMLNS_COLON = toBytes(" xmlns:");
++ private static final byte[] _EQUALS = toBytes("=\"");
++ private static final byte[] _CLOSE_TAG = toBytes("");
++ private static final byte[] _EMPTY_TAG = toBytes("/>");
++ private static final byte[] _XML_DECL = toBytes("");
++
++ // no need to copy
+ private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
+- private static final byte[] XML_DECL = toBytes("");
+ }
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6610888.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6610888.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,59 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/javax/management/monitor/Monitor.java openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java
+--- openjdk.orig/jdk/src/share/classes/javax/management/monitor/Monitor.java 2009-04-06 17:08:59.000000000 +0100
++++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java 2009-04-06 17:10:45.000000000 +0100
+@@ -32,6 +32,7 @@
+ import java.security.AccessControlContext;
+ import java.security.AccessController;
+ import java.security.PrivilegedAction;
++import java.security.ProtectionDomain;
+ import java.util.List;
+ import java.util.concurrent.CopyOnWriteArrayList;
+ import java.util.concurrent.Executors;
+@@ -163,7 +164,10 @@
+ /**
+ * AccessControlContext of the Monitor.start() caller.
+ */
+- private AccessControlContext acc;
++ private static final AccessControlContext noPermissionsACC =
++ new AccessControlContext(
++ new ProtectionDomain[] {new ProtectionDomain(null, null)});
++ private volatile AccessControlContext acc = noPermissionsACC;
+
+ /**
+ * Scheduler Service.
+@@ -748,7 +752,7 @@
+
+ // Reset the AccessControlContext.
+ //
+- acc = null;
++ acc = noPermissionsACC;
+
+ // Reset the complex type attribute information
+ // such that it is recalculated again.
+@@ -1517,10 +1521,12 @@
+
+ public void run() {
+ final ScheduledFuture> sf;
++ final AccessControlContext ac;
+ synchronized (Monitor.this) {
+ sf = Monitor.this.schedulerFuture;
++ ac = Monitor.this.acc;
+ }
+- AccessController.doPrivileged(new PrivilegedAction() {
++ PrivilegedAction action = new PrivilegedAction() {
+ public Void run() {
+ if (Monitor.this.isActive()) {
+ final int an[] = alreadyNotifieds;
+@@ -1533,7 +1539,11 @@
+ }
+ return null;
+ }
+- }, Monitor.this.acc);
++ };
++ if (ac == null) {
++ throw new SecurityException("AccessControlContext cannot be null");
++ }
++ AccessController.doPrivileged(action, ac);
+ synchronized (Monitor.this) {
+ if (Monitor.this.isActive() &&
+ Monitor.this.schedulerFuture == sf) {
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6610896.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6610896.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,188 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/javax/management/monitor/Monitor.java openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java
+--- openjdk.orig/jdk/src/share/classes/javax/management/monitor/Monitor.java 2009-04-06 17:13:38.000000000 +0100
++++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java 2009-04-06 17:18:07.000000000 +0100
+@@ -34,6 +34,8 @@
+ import java.security.PrivilegedAction;
+ import java.security.ProtectionDomain;
+ import java.util.List;
++import java.util.Map;
++import java.util.WeakHashMap;
+ import java.util.concurrent.CopyOnWriteArrayList;
+ import java.util.concurrent.Executors;
+ import java.util.concurrent.Future;
+@@ -177,14 +179,20 @@
+ new DaemonThreadFactory("Scheduler"));
+
+ /**
+- * Maximum Pool Size
++ * Map containing the thread pool executor per thread group.
+ */
+- private static final int maximumPoolSize;
++ private static final Map executors =
++ new WeakHashMap();
++
++ /**
++ * Lock for executors map.
++ */
++ private static final Object executorsLock = new Object();
+
+ /**
+- * Executor Service.
++ * Maximum Pool Size
+ */
+- private static final ThreadPoolExecutor executor;
++ private static final int maximumPoolSize;
+ static {
+ final String maximumPoolSizeSysProp = "jmx.x.monitor.maximum.pool.size";
+ final String maximumPoolSizeStr = AccessController.doPrivileged(
+@@ -214,22 +222,9 @@
+ maximumPoolSize = maximumPoolSizeTmp;
+ }
+ }
+- executor = new ThreadPoolExecutor(
+- maximumPoolSize,
+- maximumPoolSize,
+- 60L,
+- TimeUnit.SECONDS,
+- new LinkedBlockingQueue(),
+- new DaemonThreadFactory("Executor"));
+- executor.allowCoreThreadTimeOut(true);
+ }
+
+ /**
+- * Monitor task to be executed by the Executor Service.
+- */
+- private final MonitorTask monitorTask = new MonitorTask();
+-
+- /**
+ * Future associated to the current monitor task.
+ */
+ private Future> monitorFuture;
+@@ -237,7 +232,7 @@
+ /**
+ * Scheduler task to be executed by the Scheduler Service.
+ */
+- private final SchedulerTask schedulerTask = new SchedulerTask(monitorTask);
++ private final SchedulerTask schedulerTask = new SchedulerTask();
+
+ /**
+ * ScheduledFuture associated to the current scheduler task.
+@@ -723,6 +718,7 @@
+ // Start the scheduler.
+ //
+ cleanupFutures();
++ schedulerTask.setMonitorTask(new MonitorTask());
+ schedulerFuture = scheduler.schedule(schedulerTask,
+ getGranularityPeriod(),
+ TimeUnit.MILLISECONDS);
+@@ -1471,7 +1467,7 @@
+ */
+ private class SchedulerTask implements Runnable {
+
+- private Runnable task = null;
++ private MonitorTask task;
+
+ /*
+ * ------------------------------------------
+@@ -1479,7 +1475,16 @@
+ * ------------------------------------------
+ */
+
+- public SchedulerTask(Runnable task) {
++ public SchedulerTask() {
++ }
++
++ /*
++ * ------------------------------------------
++ * GETTERS/SETTERS
++ * ------------------------------------------
++ */
++
++ public void setMonitorTask(MonitorTask task) {
+ this.task = task;
+ }
+
+@@ -1491,7 +1496,7 @@
+
+ public void run() {
+ synchronized (Monitor.this) {
+- Monitor.this.monitorFuture = executor.submit(task);
++ Monitor.this.monitorFuture = task.submit();
+ }
+ }
+ }
+@@ -1504,6 +1509,8 @@
+ */
+ private class MonitorTask implements Runnable {
+
++ private ThreadPoolExecutor executor;
++
+ /*
+ * ------------------------------------------
+ * CONSTRUCTORS
+@@ -1511,6 +1518,38 @@
+ */
+
+ public MonitorTask() {
++ // Find out if there's already an existing executor for the calling
++ // thread and reuse it. Otherwise, create a new one and store it in
++ // the executors map. If there is a SecurityManager, the group of
++ // System.getSecurityManager() is used, else the group of the thread
++ // instantiating this MonitorTask, i.e. the group of the thread that
++ // calls "Monitor.start()".
++ SecurityManager s = System.getSecurityManager();
++ ThreadGroup group = (s != null) ? s.getThreadGroup() :
++ Thread.currentThread().getThreadGroup();
++ synchronized (executorsLock) {
++ for (ThreadPoolExecutor e : executors.keySet()) {
++ DaemonThreadFactory tf =
++ (DaemonThreadFactory) e.getThreadFactory();
++ ThreadGroup tg = tf.getThreadGroup();
++ if (tg == group) {
++ executor = e;
++ break;
++ }
++ }
++ if (executor == null) {
++ executor = new ThreadPoolExecutor(
++ maximumPoolSize,
++ maximumPoolSize,
++ 60L,
++ TimeUnit.SECONDS,
++ new LinkedBlockingQueue(),
++ new DaemonThreadFactory("ThreadGroup<" +
++ group.getName() + "> Executor", group));
++ executor.allowCoreThreadTimeOut(true);
++ executors.put(executor, null);
++ }
++ }
+ }
+
+ /*
+@@ -1519,6 +1558,10 @@
+ * ------------------------------------------
+ */
+
++ public Future> submit() {
++ return executor.submit(this);
++ }
++
+ public void run() {
+ final ScheduledFuture> sf;
+ final AccessControlContext ac;
+@@ -1583,6 +1626,15 @@
+ namePrefix = "JMX Monitor " + poolName + " Pool [Thread-";
+ }
+
++ public DaemonThreadFactory(String poolName, ThreadGroup threadGroup) {
++ group = threadGroup;
++ namePrefix = "JMX Monitor " + poolName + " Pool [Thread-";
++ }
++
++ public ThreadGroup getThreadGroup() {
++ return group;
++ }
++
+ public Thread newThread(Runnable r) {
+ Thread t = new Thread(group,
+ r,
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6630639.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6630639.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,33 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/net/httpserver/Request.java openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java
+--- openjdk.orig/jdk/src/share/classes/sun/net/httpserver/Request.java 2009-04-06 17:19:49.000000000 +0100
++++ openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java 2009-04-06 17:23:16.000000000 +0100
+@@ -52,6 +52,9 @@
+ os = rawout;
+ do {
+ startLine = readLine();
++ if (startLine == null) {
++ return;
++ }
+ /* skip blank lines */
+ } while (startLine == null ? false : startLine.equals (""));
+ }
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java openjdk/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java
+--- openjdk.orig/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java 2009-04-06 17:19:49.000000000 +0100
++++ openjdk/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java 2009-04-06 17:23:16.000000000 +0100
+@@ -433,6 +433,7 @@
+ rawin = sslStreams.getInputStream();
+ rawout = sslStreams.getOutputStream();
+ engine = sslStreams.getSSLEngine();
++ connection.sslStreams = sslStreams;
+ } else {
+ rawin = new BufferedInputStream(
+ new Request.ReadStream (
+@@ -442,6 +443,8 @@
+ ServerImpl.this, chan
+ );
+ }
++ connection.raw = rawin;
++ connection.rawout = rawout;
+ }
+ Request req = new Request (rawin, rawout);
+ requestLine = req.requestLine();
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6632886.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6632886.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,498 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/java/awt/Font.java openjdk/jdk/src/share/classes/java/awt/Font.java
+--- openjdk.orig/jdk/src/share/classes/java/awt/Font.java 2009-04-06 17:20:02.000000000 +0100
++++ openjdk/jdk/src/share/classes/java/awt/Font.java 2009-04-06 17:24:48.000000000 +0100
+@@ -37,6 +37,8 @@
+ import java.awt.peer.FontPeer;
+ import java.io.*;
+ import java.lang.ref.SoftReference;
++import java.security.AccessController;
++import java.security.PrivilegedExceptionAction;
+ import java.text.AttributedCharacterIterator.Attribute;
+ import java.text.CharacterIterator;
+ import java.text.StringCharacterIterator;
+@@ -51,6 +53,7 @@
+ import sun.font.AttributeValues;
+ import sun.font.EAttribute;
+ import sun.font.CompositeFont;
++import sun.font.CreatedFontTracker;
+ import sun.font.Font2D;
+ import sun.font.Font2DHandle;
+ import sun.font.FontManager;
+@@ -575,14 +578,16 @@
+ }
+
+ /* used to implement Font.createFont */
+- private Font(File fontFile, int fontFormat, boolean isCopy)
++ private Font(File fontFile, int fontFormat,
++ boolean isCopy, CreatedFontTracker tracker)
+ throws FontFormatException {
+ this.createdFont = true;
+ /* Font2D instances created by this method track their font file
+ * so that when the Font2D is GC'd it can also remove the file.
+ */
+ this.font2DHandle =
+- FontManager.createFont2D(fontFile, fontFormat, isCopy).handle;
++ FontManager.createFont2D(fontFile, fontFormat,
++ isCopy, tracker).handle;
+ this.name = this.font2DHandle.font2D.getFontName(Locale.getDefault());
+ this.style = Font.PLAIN;
+ this.size = 1;
+@@ -788,6 +793,29 @@
+ }
+
+ /**
++ * Used with the byte count tracker for fonts created from streams.
++ * If a thread can create temp files anyway, no point in counting
++ * font bytes.
++ */
++ private static boolean hasTempPermission() {
++
++ if (System.getSecurityManager() == null) {
++ return true;
++ }
++ File f = null;
++ boolean hasPerm = false;
++ try {
++ f = File.createTempFile("+~JT", ".tmp", null);
++ f.delete();
++ f = null;
++ hasPerm = true;
++ } catch (Throwable t) {
++ /* inc. any kind of SecurityException */
++ }
++ return hasPerm;
++ }
++
++ /**
+ * Returns a new Font using the specified font type
+ * and input data. The new Font is
+ * created with a point size of 1 and style {@link #PLAIN PLAIN}.
+@@ -822,58 +850,96 @@
+ fontFormat != Font.TYPE1_FONT) {
+ throw new IllegalArgumentException ("font format not recognized");
+ }
+- final InputStream fStream = fontStream;
+- Object ret = java.security.AccessController.doPrivileged(
+- new java.security.PrivilegedAction() {
+- public Object run() {
+- File tFile = null;
+- FileOutputStream outStream = null;
+- try {
+- tFile = File.createTempFile("+~JF", ".tmp", null);
+- /* Temp file deleted by font shutdown hook */
+- BufferedInputStream inStream =
+- new BufferedInputStream(fStream);
+- outStream = new FileOutputStream(tFile);
+- int bytesRead = 0;
+- int bufSize = 8192;
+- byte [] buf = new byte[bufSize];
+- while (bytesRead != -1) {
+- try {
+- bytesRead = inStream.read(buf, 0, bufSize);
+- } catch (Throwable t) {
+- throw new IOException();
+- }
+- if (bytesRead != -1) {
+- outStream.write(buf, 0, bytesRead);
+- }
+- }
+- /* don't close the input stream */
+- outStream.close();
+- } catch (IOException e) {
+- if (outStream != null) {
+- try {
+- outStream.close();
+- } catch (Exception e1) {
+- }
+- }
+- if (tFile != null) {
+- try {
+- tFile.delete();
+- } catch (Exception e2) {
+- }
+- }
+- return e;
+- }
+- return tFile;
+- }
+- });
+-
+- if (ret instanceof File) {
+- return new Font((File)ret, fontFormat, true);
+- } else if (ret instanceof IOException) {
+- throw (IOException)ret;
+- } else {
+- throw new FontFormatException("Couldn't access font stream");
++ boolean copiedFontData = false;
++
++ try {
++ final File tFile = AccessController.doPrivileged(
++ new PrivilegedExceptionAction() {
++ public File run() throws IOException {
++ return File.createTempFile("+~JF", ".tmp", null);
++ }
++ }
++ );
++
++ int totalSize = 0;
++ CreatedFontTracker tracker = null;
++ try {
++ final OutputStream outStream =
++ AccessController.doPrivileged(
++ new PrivilegedExceptionAction() {
++ public OutputStream run() throws IOException {
++ return new FileOutputStream(tFile);
++ }
++ }
++ );
++ if (!hasTempPermission()) {
++ tracker = CreatedFontTracker.getTracker();
++ }
++ try {
++ byte[] buf = new byte[8192];
++ for (;;) {
++ int bytesRead = fontStream.read(buf);
++ if (bytesRead < 0) {
++ break;
++ }
++ if (tracker != null) {
++ if (totalSize+bytesRead > tracker.MAX_FILE_SIZE) {
++ throw new IOException("File too big.");
++ }
++ if (totalSize+tracker.getNumBytes() >
++ tracker.MAX_TOTAL_BYTES)
++ {
++ throw new IOException("Total files too big.");
++ }
++ totalSize += bytesRead;
++ tracker.addBytes(bytesRead);
++ }
++ outStream.write(buf, 0, bytesRead);
++ }
++ /* don't close the input stream */
++ } finally {
++ outStream.close();
++ }
++ /* After all references to a Font2D are dropped, the file
++ * will be removed. To support long-lived AppContexts,
++ * we need to then decrement the byte count by the size
++ * of the file.
++ * If the data isn't a valid font, the implementation will
++ * delete the tmp file and decrement the byte count
++ * in the tracker object before returning from the
++ * constructor, so we can set 'copiedFontData' to true here
++ * without waiting for the results of that constructor.
++ */
++ copiedFontData = true;
++ Font font = new Font(tFile, fontFormat, true, tracker);
++ return font;
++ } finally {
++ if (!copiedFontData) {
++ if (tracker != null) {
++ tracker.subBytes(totalSize);
++ }
++ AccessController.doPrivileged(
++ new PrivilegedExceptionAction() {
++ public Void run() {
++ tFile.delete();
++ return null;
++ }
++ }
++ );
++ }
++ }
++ } catch (Throwable t) {
++ if (t instanceof FontFormatException) {
++ throw (FontFormatException)t;
++ }
++ if (t instanceof IOException) {
++ throw (IOException)t;
++ }
++ Throwable cause = t.getCause();
++ if (cause instanceof FontFormatException) {
++ throw (FontFormatException)cause;
++ }
++ throw new IOException("Problem reading font data.");
+ }
+ }
+
+@@ -913,6 +979,9 @@
+ */
+ public static Font createFont(int fontFormat, File fontFile)
+ throws java.awt.FontFormatException, java.io.IOException {
++
++ fontFile = new File(fontFile.getPath());
++
+ if (fontFormat != Font.TRUETYPE_FONT &&
+ fontFormat != Font.TYPE1_FONT) {
+ throw new IllegalArgumentException ("font format not recognized");
+@@ -926,7 +995,7 @@
+ if (!fontFile.canRead()) {
+ throw new IOException("Can't read " + fontFile);
+ }
+- return new Font(fontFile, fontFormat, false);
++ return new Font(fontFile, fontFormat, false, null);
+ }
+
+ /**
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/font/CreatedFontTracker.java openjdk/jdk/src/share/classes/sun/font/CreatedFontTracker.java
+--- openjdk.orig/jdk/src/share/classes/sun/font/CreatedFontTracker.java 1970-01-01 01:00:00.000000000 +0100
++++ openjdk/jdk/src/share/classes/sun/font/CreatedFontTracker.java 2009-04-06 17:24:48.000000000 +0100
+@@ -0,0 +1,54 @@
++/*
++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Sun designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Sun in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
++ * CA 95054 USA or visit www.sun.com if you need additional information or
++ * have any questions.
++ */
++
++package sun.font;
++
++public class CreatedFontTracker {
++
++ public static final int MAX_FILE_SIZE = 32 * 1024 * 1024;
++ public static final int MAX_TOTAL_BYTES = 10 * MAX_FILE_SIZE;
++
++ static int numBytes;
++ static CreatedFontTracker tracker;
++
++ public static synchronized CreatedFontTracker getTracker() {
++ if (tracker == null) {
++ tracker = new CreatedFontTracker();
++ }
++ return tracker;
++ }
++
++ public synchronized int getNumBytes() {
++ return numBytes;
++ }
++
++ public synchronized void addBytes(int sz) {
++ numBytes += sz;
++ }
++
++ public synchronized void subBytes(int sz) {
++ numBytes -= sz;
++ }
++}
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/font/FileFont.java openjdk/jdk/src/share/classes/sun/font/FileFont.java
+--- openjdk.orig/jdk/src/share/classes/sun/font/FileFont.java 2009-04-06 17:19:53.000000000 +0100
++++ openjdk/jdk/src/share/classes/sun/font/FileFont.java 2009-04-06 17:24:48.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved.
++ * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -125,9 +125,9 @@
+ return true;
+ }
+
+- void setFileToRemove(File file) {
++ void setFileToRemove(File file, CreatedFontTracker tracker) {
+ Disposer.addObjectRecord(this,
+- new CreatedFontFileDisposerRecord(file));
++ new CreatedFontFileDisposerRecord(file, tracker));
+ }
+
+ /* This is called when a font scaler is determined to
+@@ -246,12 +246,16 @@
+ return getScaler().getUnitsPerEm();
+ }
+
+- private static class CreatedFontFileDisposerRecord implements DisposerRecord {
++ private static class CreatedFontFileDisposerRecord
++ implements DisposerRecord {
+
+ File fontFile = null;
++ CreatedFontTracker tracker;
+
+- private CreatedFontFileDisposerRecord(File file) {
++ private CreatedFontFileDisposerRecord(File file,
++ CreatedFontTracker tracker) {
+ fontFile = file;
++ this.tracker = tracker;
+ }
+
+ public void dispose() {
+@@ -260,6 +264,9 @@
+ public Object run() {
+ if (fontFile != null) {
+ try {
++ if (tracker != null) {
++ tracker.subBytes((int)fontFile.length());
++ }
+ /* REMIND: is it possible that the file is
+ * still open? It will be closed when the
+ * font2D is disposed but could this code
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/font/TrueTypeFont.java openjdk/jdk/src/share/classes/sun/font/TrueTypeFont.java
+--- openjdk.orig/jdk/src/share/classes/sun/font/TrueTypeFont.java 2009-04-06 17:19:53.000000000 +0100
++++ openjdk/jdk/src/share/classes/sun/font/TrueTypeFont.java 2009-04-06 17:24:48.000000000 +0100
+@@ -175,8 +175,17 @@
+ super(platname, nativeNames);
+ useJavaRasterizer = javaRasterizer;
+ fontRank = Font2D.TTF_RANK;
+- verify();
+- init(fIndex);
++ try {
++ verify();
++ init(fIndex);
++ } catch (Throwable t) {
++ close();
++ if (t instanceof FontFormatException) {
++ throw (FontFormatException)t;
++ } else {
++ throw new FontFormatException("Unexpected runtime exception.");
++ }
++ }
+ Disposer.addObjectRecord(this, disposerRecord);
+ }
+
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/font/Type1Font.java openjdk/jdk/src/share/classes/sun/font/Type1Font.java
+--- openjdk.orig/jdk/src/share/classes/sun/font/Type1Font.java 2009-04-06 17:19:53.000000000 +0100
++++ openjdk/jdk/src/share/classes/sun/font/Type1Font.java 2009-04-06 17:24:48.000000000 +0100
+@@ -39,6 +39,7 @@
+ import java.nio.channels.ClosedChannelException;
+ import java.nio.channels.FileChannel;
+ import sun.java2d.Disposer;
++import sun.java2d.DisposerRecord;
+ import java.util.HashSet;
+ import java.util.HashMap;
+ import java.awt.Font;
+@@ -76,6 +77,27 @@
+ */
+ public class Type1Font extends FileFont {
+
++ private static class T1DisposerRecord implements DisposerRecord {
++ String fileName = null;
++
++ T1DisposerRecord(String name) {
++ fileName = name;
++ }
++
++ public synchronized void dispose() {
++ java.security.AccessController.doPrivileged(
++ new java.security.PrivilegedAction() {
++ public Object run() {
++
++ if (fileName != null) {
++ (new java.io.File(fileName)).delete();
++ }
++ return null;
++ }
++ });
++ }
++ }
++
+ WeakReference bufferRef = new WeakReference(null);
+
+ private String psName = null;
+@@ -125,18 +147,42 @@
+
+
+ /**
++ * Constructs a Type1 Font.
++ * @param platname - Platform identifier of the font. Typically file name.
++ * @param nativeNames - Native names - typically XLFDs on Unix.
++ */
++ public Type1Font(String platname, Object nativeNames)
++ throws FontFormatException {
++
++ this(platname, nativeNames, false);
++ }
++
++ /**
+ * - does basic verification of the file
+ * - reads the names (full, family).
+ * - determines the style of the font.
+ * @throws FontFormatException - if the font can't be opened
+ * or fails verification, or there's no usable cmap
+ */
+- public Type1Font(String platname, Object nativeNames)
++ public Type1Font(String platname, Object nativeNames, boolean createdCopy)
+ throws FontFormatException {
+ super(platname, nativeNames);
+ fontRank = Font2D.TYPE1_RANK;
+ checkedNatives = true;
+- verify();
++ try {
++ verify();
++ } catch (Throwable t) {
++ if (createdCopy) {
++ T1DisposerRecord ref = new T1DisposerRecord(platname);
++ Disposer.addObjectRecord(bufferRef, ref);
++ bufferRef = null;
++ }
++ if (t instanceof FontFormatException) {
++ throw (FontFormatException)t;
++ } else {
++ throw new FontFormatException("Unexpected runtime exception.");
++ }
++ }
+ }
+
+ private synchronized ByteBuffer getBuffer() throws FontFormatException {
+--- openjdk.orig/jdk/src/share/classes/sun/font/FontManager.java 2009-04-06 21:46:26.000000000 +0100
++++ openjdk/jdk/src/share/classes/sun/font/FontManager.java 2009-04-06 21:48:08.000000000 +0100
+@@ -2348,19 +2348,21 @@
+ static Vector tmpFontFiles = null;
+
+ public static Font2D createFont2D(File fontFile, int fontFormat,
+- boolean isCopy)
++ boolean isCopy,
++ CreatedFontTracker tracker)
+ throws FontFormatException {
+
+ String fontFilePath = fontFile.getPath();
+ FileFont font2D = null;
+ final File fFile = fontFile;
++ final CreatedFontTracker _tracker = tracker;
+ try {
+ switch (fontFormat) {
+ case Font.TRUETYPE_FONT:
+ font2D = new TrueTypeFont(fontFilePath, null, 0, true);
+ break;
+ case Font.TYPE1_FONT:
+- font2D = new Type1Font(fontFilePath, null);
++ font2D = new Type1Font(fontFilePath, null, isCopy);
+ break;
+ default:
+ throw new FontFormatException("Unrecognised Font Format");
+@@ -2370,6 +2372,9 @@
+ java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction() {
+ public Object run() {
++ if (_tracker != null) {
++ _tracker.subBytes((int)fFile.length());
++ }
+ fFile.delete();
+ return null;
+ }
+@@ -2378,7 +2383,7 @@
+ throw(e);
+ }
+ if (isCopy) {
+- font2D.setFileToRemove(fontFile);
++ font2D.setFileToRemove(fontFile, tracker);
+ synchronized (FontManager.class) {
+
+ if (tmpFontFiles == null) {
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6636360.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6636360.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,35 @@
+diff -Nru openjdk.orig/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp openjdk/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp
+--- openjdk.orig/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp 2009-03-05 08:25:29.000000000 +0000
++++ openjdk/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp 2009-04-06 17:26:08.000000000 +0100
+@@ -190,12 +190,16 @@
+ // Compute itableMethodEntry and get methodOop(G5_method) and entrypoint(L0) for compiler
+ const int method_offset = (itableMethodEntry::size() * wordSize * vtable_index) + itableMethodEntry::method_offset_in_bytes();
+ __ add(G3_klassOop, L0, L1);
+- __ ld_ptr(L1, method_offset, G5_method);
++ if (__ is_simm13(method_offset)) {
++ __ ld_ptr(L1, method_offset, G5_method);
++ } else {
++ __ set(method_offset, G5_method);
++ __ ld_ptr(L1, G5_method, G5_method);
++ }
+
+ #ifndef PRODUCT
+ if (DebugVtables) {
+ Label L01;
+- __ ld_ptr(L1, method_offset, G5_method);
+ __ bpr(Assembler::rc_nz, false, Assembler::pt, G5_method, L01);
+ __ delayed()->nop();
+ __ stop("methodOop is null");
+@@ -243,10 +247,8 @@
+ (UseCompressedOops ? 2*BytesPerInstWord : 0);
+ return basic + slop;
+ } else {
+- // save, ld, ld, sll, and, add, add, ld, cmp, br, add, ld, add, ld, ld, jmp, restore, sethi, jmpl, restore
+- const int basic = (20 LP64_ONLY(+ 6)) * BytesPerInstWord +
+- // shift;add for load_klass
+- (UseCompressedOops ? 2*BytesPerInstWord : 0);
++ // save, ld, ld, sll, and, add, add, ld, cmp, br, add, ld, add, sethi, add, ld, ld, jmp, restore, sethi, jmpl, restore
++ const int basic = (22 LP64_ONLY(+ 12)) * BytesPerInstWord; // worst case extra 6 bytes for each sethi in 64-bit mode
+ return (basic + slop);
+ }
+ }
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6652463.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6652463.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,28 @@
+--- old/src/share/classes/javax/print/attribute/standard/MediaSize.java Tue Mar 3 10:16:15 2009
++++ openjdk/jdk/src/share/classes/javax/print/attribute/standard/MediaSize.java Tue Mar 3 10:16:14 2009
+@@ -123,8 +123,10 @@
+ if (x > y) {
+ throw new IllegalArgumentException("X dimension > Y dimension");
+ }
+- mediaName = media;
+- mediaMap.put(mediaName, this);
++ if (media != null && mediaMap.get(media) == null) {
++ mediaName = media;
++ mediaMap.put(mediaName, this);
++ }
+ sizeVector.add(this);
+ }
+
+@@ -147,8 +149,10 @@
+ if (x > y) {
+ throw new IllegalArgumentException("X dimension > Y dimension");
+ }
+- mediaName = media;
+- mediaMap.put(mediaName, this);
++ if (media != null && mediaMap.get(media) == null) {
++ mediaName = media;
++ mediaMap.put(mediaName, this);
++ }
+ sizeVector.add(this);
+ }
+
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6656633.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6656633.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,54 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/javax/management/monitor/CounterMonitor.java openjdk/jdk/src/share/classes/javax/management/monitor/CounterMonitor.java
+--- openjdk.orig/jdk/src/share/classes/javax/management/monitor/CounterMonitor.java 2009-04-06 17:20:14.000000000 +0100
++++ openjdk/jdk/src/share/classes/javax/management/monitor/CounterMonitor.java 2009-04-06 17:28:19.000000000 +0100
+@@ -599,7 +599,7 @@
+ */
+
+ public MBeanNotificationInfo[] getNotificationInfo() {
+- return notifsInfo;
++ return notifsInfo.clone();
+ }
+
+ /*
+diff -Nru openjdk.orig/jdk/src/share/classes/javax/management/monitor/GaugeMonitor.java openjdk/jdk/src/share/classes/javax/management/monitor/GaugeMonitor.java
+--- openjdk.orig/jdk/src/share/classes/javax/management/monitor/GaugeMonitor.java 2009-04-06 17:20:14.000000000 +0100
++++ openjdk/jdk/src/share/classes/javax/management/monitor/GaugeMonitor.java 2009-04-06 17:28:19.000000000 +0100
+@@ -481,7 +481,7 @@
+ */
+
+ public MBeanNotificationInfo[] getNotificationInfo() {
+- return notifsInfo;
++ return notifsInfo.clone();
+ }
+
+ /*
+diff -Nru openjdk.orig/jdk/src/share/classes/javax/management/monitor/StringMonitor.java openjdk/jdk/src/share/classes/javax/management/monitor/StringMonitor.java
+--- openjdk.orig/jdk/src/share/classes/javax/management/monitor/StringMonitor.java 2009-04-06 17:20:14.000000000 +0100
++++ openjdk/jdk/src/share/classes/javax/management/monitor/StringMonitor.java 2009-04-06 17:28:20.000000000 +0100
+@@ -184,6 +184,7 @@
+ * @return The derived gauge of the specified object.
+ *
+ */
++ @Override
+ public synchronized String getDerivedGauge(ObjectName object) {
+ return (String) super.getDerivedGauge(object);
+ }
+@@ -199,6 +200,7 @@
+ * @return The derived gauge timestamp of the specified object.
+ *
+ */
++ @Override
+ public synchronized long getDerivedGaugeTimeStamp(ObjectName object) {
+ return super.getDerivedGaugeTimeStamp(object);
+ }
+@@ -341,8 +343,9 @@
+ * the Java class of the notification and the notification types sent by
+ * the string monitor.
+ */
++ @Override
+ public MBeanNotificationInfo[] getNotificationInfo() {
+- return notifsInfo;
++ return notifsInfo.clone();
+ }
+
+ /*
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6658158.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6658158.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,737 @@
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java 2009-04-06 18:03:31.000000000 +0100
+@@ -53,13 +53,20 @@
+ *
+ */
+ public class HttpSOAPConnection extends SOAPConnection {
++
++ public static final String vmVendor = System.getProperty("java.vendor.url");
++ private static final String sunVmVendor = "http://java.sun.com/";
++ private static final String ibmVmVendor = "http://www.ibm.com/";
++ private static final boolean isSunVM = sunVmVendor.equals(vmVendor) ? true: false;
++ private static final boolean isIBMVM = ibmVmVendor.equals(vmVendor) ? true : false;
++ private static final String JAXM_URLENDPOINT="javax.xml.messaging.URLEndpoint";
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.HTTP_CONN_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.client.p2p.LocalStrings");
+
+- public static String defaultProxyHost = null;
+- public static int defaultProxyPort = -1;
++ public static final String defaultProxyHost = null;
++ public static final int defaultProxyPort = -1;
+
+ MessageFactory messageFactory = null;
+
+@@ -71,6 +78,9 @@
+
+ try {
+ messageFactory = MessageFactory.newInstance(SOAPConstants.DYNAMIC_SOAP_PROTOCOL);
++ } catch (NoSuchMethodError ex) {
++ //fallback to default SOAP 1.1 in this case for backward compatibility
++ messageFactory = MessageFactory.newInstance();
+ } catch (Exception ex) {
+ log.log(Level.SEVERE, "SAAJ0001.p2p.cannot.create.msg.factory", ex);
+ throw new SOAPExceptionImpl("Unable to create message factory", ex);
+@@ -94,14 +104,19 @@
+ throw new SOAPExceptionImpl("Connection is closed");
+ }
+
+- Class urlEndpointClass = null;
++ Class urlEndpointClass = null;
++ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+
+ try {
+- urlEndpointClass = Class.forName("javax.xml.messaging.URLEndpoint");
+- } catch (Exception ex) {
+- //Do nothing. URLEndpoint is available only when JAXM is there.
+- log.finest("SAAJ0090.p2p.endpoint.available.only.for.JAXM");
+- }
++ if (loader != null) {
++ urlEndpointClass = loader.loadClass(JAXM_URLENDPOINT);
++ } else {
++ urlEndpointClass = Class.forName(JAXM_URLENDPOINT);
++ }
++ } catch (ClassNotFoundException ex) {
++ //Do nothing. URLEndpoint is available only when JAXM is there.
++ log.finest("SAAJ0090.p2p.endpoint.available.only.for.JAXM");
++ }
+
+ if (urlEndpointClass != null) {
+ if (urlEndpointClass.isInstance(endPoint)) {
+@@ -638,10 +653,23 @@
+
+ return ret;
+ }
+-
+- private static String SSL_PKG = "com.sun.net.ssl.internal.www.protocol";
+- private static String SSL_PROVIDER =
+- "com.sun.net.ssl.internal.ssl.Provider";
++ //private static String SSL_PKG = "com.sun.net.ssl.internal.www.protocol";
++ //private static String SSL_PROVIDER =
++ // "com.sun.net.ssl.internal.ssl.Provider";
++ private static final String SSL_PKG;
++ private static final String SSL_PROVIDER;
++
++
++ static {
++ if (isIBMVM) {
++ SSL_PKG ="com.ibm.net.ssl.internal.www.protocol";
++ SSL_PROVIDER ="com.ibm.net.ssl.internal.ssl.Provider";
++ } else {
++ //if not IBM VM default to Sun.
++ SSL_PKG = "com.sun.net.ssl.internal.www.protocol";
++ SSL_PROVIDER ="com.sun.net.ssl.internal.ssl.Provider";
++ }
++ }
+ private void initHttps() {
+ //if(!setHttps) {
+ String pkgs = System.getProperty("java.protocol.handler.pkgs");
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/AttachmentPartImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/AttachmentPartImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/AttachmentPartImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/AttachmentPartImpl.java 2009-04-06 18:03:31.000000000 +0100
+@@ -69,7 +69,7 @@
+ */
+ public class AttachmentPartImpl extends AttachmentPart {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/EnvelopeFactory.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/EnvelopeFactory.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/EnvelopeFactory.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/EnvelopeFactory.java 2009-04-06 18:16:24.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: EnvelopeFactory.java,v 1.24 2006/01/27 12:49:26 vj135062 Exp $
+- * $Revision: 1.24 $
+- * $Date: 2006/01/27 12:49:26 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -54,7 +54,7 @@
+ */
+ public class EnvelopeFactory {
+
+- protected static Logger
++ protected static final Logger
+ log = Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ImageDataContentHandler.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ImageDataContentHandler.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ImageDataContentHandler.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ImageDataContentHandler.java 2009-04-06 18:03:31.000000000 +0100
+@@ -48,7 +48,7 @@
+ public class ImageDataContentHandler extends Component
+ implements DataContentHandler {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CDATAImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CDATAImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CDATAImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CDATAImpl.java 2009-04-06 18:14:32.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: CDATAImpl.java,v 1.19 2006/01/27 12:49:34 vj135062 Exp $
+- * $Revision: 1.19 $
+- * $Date: 2006/01/27 12:49:34 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -42,7 +42,7 @@
+ extends com.sun.org.apache.xerces.internal.dom.CDATASectionImpl
+ implements javax.xml.soap.Text {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CommentImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CommentImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CommentImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CommentImpl.java 2009-04-06 18:14:47.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: CommentImpl.java,v 1.17 2006/01/27 12:49:34 vj135062 Exp $
+- * $Revision: 1.17 $
+- * $Date: 2006/01/27 12:49:34 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -46,7 +46,7 @@
+ extends com.sun.org.apache.xerces.internal.dom.CommentImpl
+ implements javax.xml.soap.Text, org.w3c.dom.Comment {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings");
+ protected static ResourceBundle rb =
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/ElementImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/ElementImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/ElementImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/ElementImpl.java 2009-04-06 18:13:49.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: ElementImpl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $
+- * $Revision: 1.1.1.1 $
+- * $Date: 2006/01/27 13:10:57 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -59,7 +59,7 @@
+
+ protected QName elementQName;
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/TextImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/TextImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/TextImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/TextImpl.java 2009-04-06 18:14:14.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: TextImpl.java,v 1.19 2006/01/27 12:49:36 vj135062 Exp $
+- * $Revision: 1.19 $
+- * $Date: 2006/01/27 12:49:36 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -42,7 +42,7 @@
+ extends com.sun.org.apache.xerces.internal.dom.TextImpl
+ implements javax.xml.soap.Text, org.w3c.dom.Text {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageFactoryImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageFactoryImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageFactoryImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageFactoryImpl.java 2009-04-06 18:08:37.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: MessageFactoryImpl.java,v 1.23 2006/01/27 12:49:27 vj135062 Exp $
+- * $Revision: 1.23 $
+- * $Date: 2006/01/27 12:49:27 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -53,15 +53,15 @@
+ */
+ public class MessageFactoryImpl extends MessageFactory {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+- protected static OutputStream listener;
++ protected OutputStream listener;
+
+ protected boolean lazyAttachments = false;
+
+- public static OutputStream listen(OutputStream newListener) {
++ public OutputStream listen(OutputStream newListener) {
+ OutputStream oldListener = listener;
+ listener = newListener;
+ return oldListener;
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageImpl.java 2009-04-06 18:09:47.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: MessageImpl.java,v 1.3 2006/08/04 09:24:24 ashutoshshahi Exp $
+- * $Revision: 1.3 $
+- * $Date: 2006/08/04 09:24:24 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -68,7 +68,7 @@
+ public static final String CONTENT_ID = "Content-ID";
+ public static final String CONTENT_LOCATION = "Content-Location";
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/name/NameImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/name/NameImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/name/NameImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/name/NameImpl.java 2009-04-06 18:25:32.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: NameImpl.java,v 1.48 2006/01/27 12:49:38 vj135062 Exp $
+- * $Revision: 1.48 $
+- * $Date: 2006/01/27 12:49:38 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -62,7 +62,7 @@
+ protected String prefix = "";
+ private String qualifiedName = null;
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.NAMING_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.name.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SAAJMetaFactoryImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SAAJMetaFactoryImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SAAJMetaFactoryImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SAAJMetaFactoryImpl.java 2009-04-06 18:03:31.000000000 +0100
+@@ -38,7 +38,7 @@
+
+ public class SAAJMetaFactoryImpl extends SAAJMetaFactory {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPDocumentImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPDocumentImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPDocumentImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPDocumentImpl.java 2009-04-06 18:24:54.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: SOAPDocumentImpl.java,v 1.15 2006/01/27 12:49:29 vj135062 Exp $
++ *
+ */
+
+ /*
+@@ -44,7 +44,7 @@
+
+ public class SOAPDocumentImpl extends DocumentImpl implements SOAPDocument {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPFactoryImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPFactoryImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPFactoryImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPFactoryImpl.java 2009-04-06 18:10:50.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: SOAPFactoryImpl.java,v 1.21 2006/01/27 12:49:29 vj135062 Exp $
+- * $Revision: 1.21 $
+- * $Date: 2006/01/27 12:49:29 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -49,7 +49,7 @@
+
+ public abstract class SOAPFactoryImpl extends SOAPFactory {
+
+- protected static Logger
++ protected static final Logger
+ log = Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPPartImpl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPPartImpl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPPartImpl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPPartImpl.java 2009-04-06 18:24:42.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- * $Id: SOAPPartImpl.java,v 1.1.1.1 2006/01/27 13:10:55 kumarjayanti Exp $
+- * $Revision: 1.1.1.1 $
+- * $Date: 2006/01/27 13:10:55 $
++ *
++ *
++ *
+ */
+
+ /*
+@@ -58,7 +58,7 @@
+ * @author Anil Vijendran (anil@sun.com)
+ */
+ public abstract class SOAPPartImpl extends SOAPPart implements SOAPDocument {
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Fault1_1Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Fault1_1Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Fault1_1Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Fault1_1Impl.java 2009-04-06 18:29:04.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Fault1_1Impl.java,v 1.20 2006/01/27 12:49:41 vj135062 Exp $
++ *
+ */
+
+ /*
+@@ -56,7 +56,7 @@
+
+ public class Fault1_1Impl extends FaultImpl {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(
+ LogDomainConstants.SOAP_VER1_1_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings");
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Header1_1Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Header1_1Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Header1_1Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Header1_1Impl.java 2009-04-06 18:29:14.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Header1_1Impl.java,v 1.29 2006/01/27 12:49:41 vj135062 Exp $
++ *
+ */
+
+ /*
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/HeaderElement1_1Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/HeaderElement1_1Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/HeaderElement1_1Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/HeaderElement1_1Impl.java 2009-04-06 18:29:28.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: HeaderElement1_1Impl.java,v 1.29 2006/01/27 12:49:41 vj135062 Exp $
++ *
+ */
+
+ /*
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Message1_1Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Message1_1Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Message1_1Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Message1_1Impl.java 2009-04-06 18:29:37.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Message1_1Impl.java,v 1.24 2006/01/27 12:49:41 vj135062 Exp $
++ *
+ */
+
+ /*
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/SOAPPart1_1Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/SOAPPart1_1Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/SOAPPart1_1Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/SOAPPart1_1Impl.java 2009-04-06 18:29:51.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: SOAPPart1_1Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $
++ *
+ */
+
+ /*
+@@ -47,7 +47,7 @@
+
+ public class SOAPPart1_1Impl extends SOAPPartImpl implements SOAPConstants {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Body1_2Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Body1_2Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Body1_2Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Body1_2Impl.java 2009-04-06 18:27:36.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Body1_2Impl.java,v 1.32 2006/01/27 12:49:44 vj135062 Exp $
++ *
+ */
+
+ /*
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Detail1_2Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Detail1_2Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Detail1_2Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Detail1_2Impl.java 2009-04-06 18:27:47.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Detail1_2Impl.java,v 1.24 2006/01/27 12:49:45 vj135062 Exp $
++ *
+ */
+
+ /*
+@@ -46,7 +46,7 @@
+
+ public class Detail1_2Impl extends DetailImpl {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(Detail1_2Impl.class.getName(),
+ "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Envelope1_2Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Envelope1_2Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Envelope1_2Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Envelope1_2Impl.java 2009-04-06 18:27:55.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Envelope1_2Impl.java,v 1.26 2006/01/27 12:49:47 vj135062 Exp $
++ *
+ */
+
+ /*
+@@ -46,7 +46,7 @@
+
+ public class Envelope1_2Impl extends EnvelopeImpl {
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(Envelope1_2Impl.class.getName(),
+ "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Fault1_2Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Fault1_2Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Fault1_2Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Fault1_2Impl.java 2009-04-06 18:28:07.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Fault1_2Impl.java,v 1.45 2006/01/27 12:49:47 vj135062 Exp $
++ *
+ */
+
+ /*
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Header1_2Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Header1_2Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Header1_2Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Header1_2Impl.java 2009-04-06 18:28:16.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Header1_2Impl.java,v 1.36 2006/01/27 12:49:48 vj135062 Exp $
++ *
+ */
+
+ /*
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/HeaderElement1_2Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/HeaderElement1_2Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/HeaderElement1_2Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/HeaderElement1_2Impl.java 2009-04-06 18:28:27.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: HeaderElement1_2Impl.java,v 1.29 2006/01/27 12:49:48 vj135062 Exp $
++ *
+ */
+
+ /*
+@@ -46,7 +46,7 @@
+
+ public class HeaderElement1_2Impl extends HeaderElementImpl {
+
+- private static Logger log =
++ private static final Logger log =
+ Logger.getLogger(HeaderElement1_2Impl.class.getName(),
+ "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/SOAPPart1_2Impl.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/SOAPPart1_2Impl.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/SOAPPart1_2Impl.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/SOAPPart1_2Impl.java 2009-04-06 18:28:40.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: SOAPPart1_2Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $
++ *
+ */
+
+ /*
+@@ -46,7 +46,7 @@
+
+ public class SOAPPart1_2Impl extends SOAPPartImpl implements SOAPConstants{
+
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(SOAPPart1_2Impl.class.getName(),
+ "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/RejectDoctypeSaxFilter.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/RejectDoctypeSaxFilter.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/RejectDoctypeSaxFilter.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/RejectDoctypeSaxFilter.java 2009-04-06 18:03:31.000000000 +0100
+@@ -44,12 +44,12 @@
+ * because they are not legal in SOAP. If the user of this class sets a
+ * LexicalHandler, then it forwards events to that handler.
+ *
+- * $Id: RejectDoctypeSaxFilter.java,v 1.13 2006/01/27 12:49:52 vj135062 Exp $
++ *
+ * @author Edwin Goei
+ */
+
+ public class RejectDoctypeSaxFilter extends XMLFilterImpl implements XMLReader, LexicalHandler{
+- protected static Logger log =
++ protected static final Logger log =
+ Logger.getLogger(LogDomainConstants.UTIL_DOMAIN,
+ "com.sun.xml.internal.messaging.saaj.util.LocalStrings");
+
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/transform/EfficientStreamingTransformer.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/transform/EfficientStreamingTransformer.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/transform/EfficientStreamingTransformer.java 2009-04-06 17:30:24.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/transform/EfficientStreamingTransformer.java 2009-04-06 18:05:38.000000000 +0100
+@@ -61,12 +61,13 @@
+ public class EfficientStreamingTransformer
+ extends javax.xml.transform.Transformer {
+
+- static final String version;
+- static final String vendor;
++ //static final String version;
++ //static final String vendor;
+
+- protected static TransformerFactory transformerFactory = TransformerFactory.newInstance();
++ protected static final TransformerFactory transformerFactory = TransformerFactory.newInstance();
+
+- static {
++ //removing support for Java 1.4 and 1.3 : CR6658158
++ /*static {
+ version = System.getProperty("java.vm.version");
+ vendor = System.getProperty("java.vm.vendor");
+ if (vendor.startsWith("Sun") &&
+@@ -75,6 +76,7 @@
+ new com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl();
+ }
+ }
++ */
+
+ /**
+ * TransformerFactory instance.
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/txw2/DatatypeWriter.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/txw2/DatatypeWriter.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/txw2/DatatypeWriter.java 2009-04-06 17:30:23.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/txw2/DatatypeWriter.java 2009-04-06 18:03:31.000000000 +0100
+@@ -24,6 +24,9 @@
+ */
+ package com.sun.xml.internal.txw2;
+
++import java.util.AbstractList;
++import java.util.Collections;
++import java.util.List;
+ import javax.xml.namespace.QName;
+
+ /**
+@@ -52,50 +55,60 @@
+ */
+ void print(DT dt, NamespaceResolver resolver, StringBuilder buf);
+
++ static final List> BUILTIN = Collections.unmodifiableList(new AbstractList() {
++
++ private DatatypeWriter>[] BUILTIN_ARRAY = new DatatypeWriter>[] {
++ new DatatypeWriter() {
++ public Class getType() {
++ return String.class;
++ }
++ public void print(String s, NamespaceResolver resolver, StringBuilder buf) {
++ buf.append(s);
++ }
++ },
++ new DatatypeWriter() {
++ public Class getType() {
++ return Integer.class;
++ }
++ public void print(Integer i, NamespaceResolver resolver, StringBuilder buf) {
++ buf.append(i);
++ }
++ },
++ new DatatypeWriter() {
++ public Class getType() {
++ return Float.class;
++ }
++ public void print(Float f, NamespaceResolver resolver, StringBuilder buf) {
++ buf.append(f);
++ }
++ },
++ new DatatypeWriter() {
++ public Class getType() {
++ return Double.class;
++ }
++ public void print(Double d, NamespaceResolver resolver, StringBuilder buf) {
++ buf.append(d);
++ }
++ },
++ new DatatypeWriter() {
++ public Class getType() {
++ return QName.class;
++ }
++ public void print(QName qn, NamespaceResolver resolver, StringBuilder buf) {
++ String p = resolver.getPrefix(qn.getNamespaceURI());
++ if(p.length()!=0)
++ buf.append(p).append(':');
++ buf.append(qn.getLocalPart());
++ }
++ }
++ };
++
++ public DatatypeWriter> get(int n) {
++ return BUILTIN_ARRAY[n];
++ }
+
+- static final DatatypeWriter>[] BUILDIN = new DatatypeWriter>[] {
+- new DatatypeWriter() {
+- public Class getType() {
+- return String.class;
+- }
+- public void print(String s, NamespaceResolver resolver, StringBuilder buf) {
+- buf.append(s);
+- }
+- },
+- new DatatypeWriter() {
+- public Class getType() {
+- return Integer.class;
+- }
+- public void print(Integer i, NamespaceResolver resolver, StringBuilder buf) {
+- buf.append(i);
+- }
+- },
+- new DatatypeWriter() {
+- public Class getType() {
+- return Float.class;
+- }
+- public void print(Float f, NamespaceResolver resolver, StringBuilder buf) {
+- buf.append(f);
+- }
+- },
+- new DatatypeWriter() {
+- public Class getType() {
+- return Double.class;
+- }
+- public void print(Double d, NamespaceResolver resolver, StringBuilder buf) {
+- buf.append(d);
+- }
+- },
+- new DatatypeWriter() {
+- public Class getType() {
+- return QName.class;
+- }
+- public void print(QName qn, NamespaceResolver resolver, StringBuilder buf) {
+- String p = resolver.getPrefix(qn.getNamespaceURI());
+- if(p.length()!=0)
+- buf.append(p).append(':');
+- buf.append(qn.getLocalPart());
+- }
++ public int size() {
++ return BUILTIN_ARRAY.length;
+ }
+- };
++ });
+ }
+diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/txw2/Document.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/txw2/Document.java
+--- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/txw2/Document.java 2009-04-06 17:30:23.000000000 +0100
++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/txw2/Document.java 2009-04-06 18:03:31.000000000 +0100
+@@ -75,7 +75,7 @@
+
+ Document(XmlSerializer out) {
+ this.out = out;
+- for( DatatypeWriter dw : DatatypeWriter.BUILDIN )
++ for( DatatypeWriter dw : DatatypeWriter.BUILTIN )
+ datatypeWriters.put(dw.getType(),dw);
+ }
+
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6691246.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6691246.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,167 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java openjdk/jdk/src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java 2009-04-06 18:37:04.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java 2009-04-06 18:42:39.000000000 +0100
+@@ -22,7 +22,6 @@
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+-
+ package com.sun.jmx.remote.internal;
+
+ import java.io.IOException;
+@@ -34,6 +33,7 @@
+ import java.util.Map;
+ import java.util.concurrent.Executor;
+
++import java.security.AccessControlContext;
+ import java.security.AccessController;
+ import java.security.PrivilegedAction;
+ import javax.security.auth.Subject;
+@@ -54,6 +54,9 @@
+
+
+ public abstract class ClientNotifForwarder {
++
++ private final AccessControlContext acc;
++
+ public ClientNotifForwarder(Map env) {
+ this(null, env);
+ }
+@@ -87,6 +90,8 @@
+ this.command = command;
+ if (thread == null) {
+ thread = new Thread() {
++
++ @Override
+ public void run() {
+ while (true) {
+ Runnable r;
+@@ -130,6 +135,7 @@
+
+ this.defaultClassLoader = defaultClassLoader;
+ this.executor = ex;
++ this.acc = AccessController.getContext();
+ }
+
+ /**
+@@ -380,28 +386,85 @@
+ setState(TERMINATED);
+ }
+
+-// -------------------------------------------------
+-// private classes
+-// -------------------------------------------------
++
++ // -------------------------------------------------
++ // private classes
++ // -------------------------------------------------
+ //
++
+ private class NotifFetcher implements Runnable {
++
++ private volatile boolean alreadyLogged = false;
++
++ private void logOnce(String msg, SecurityException x) {
++ if (alreadyLogged) return;
++ // Log only once.
++ logger.config("setContextClassLoader",msg);
++ if (x != null) logger.fine("setContextClassLoader", x);
++ alreadyLogged = true;
++ }
++
++ // Set new context class loader, returns previous one.
++ private final ClassLoader setContextClassLoader(final ClassLoader loader) {
++ final AccessControlContext ctxt = ClientNotifForwarder.this.acc;
++ // if ctxt is null, log a config message and throw a
++ // SecurityException.
++ if (ctxt == null) {
++ logOnce("AccessControlContext must not be null.",null);
++ throw new SecurityException("AccessControlContext must not be null");
++ }
++ return AccessController.doPrivileged(
++ new PrivilegedAction() {
++ public ClassLoader run() {
++ try {
++ // get context class loader - may throw
++ // SecurityException - though unlikely.
++ final ClassLoader previous =
++ Thread.currentThread().getContextClassLoader();
++
++ // if nothing needs to be done, break here...
++ if (loader == previous) return previous;
++
++ // reset context class loader - may throw
++ // SecurityException
++ Thread.currentThread().setContextClassLoader(loader);
++ return previous;
++ } catch (SecurityException x) {
++ logOnce("Permission to set ContextClassLoader missing. " +
++ "Notifications will not be dispatched. " +
++ "Please check your Java policy configuration: " +
++ x, x);
++ throw x;
++ }
++ }
++ }, ctxt);
++ }
++
+ public void run() {
++ final ClassLoader previous;
++ if (defaultClassLoader != null) {
++ previous = setContextClassLoader(defaultClassLoader);
++ } else {
++ previous = null;
++ }
++ try {
++ doRun();
++ } finally {
++ if (defaultClassLoader != null) {
++ setContextClassLoader(previous);
++ }
++ }
++ }
++
++ private void doRun() {
+ synchronized (ClientNotifForwarder.this) {
+ currentFetchThread = Thread.currentThread();
+
+- if (state == STARTING)
++ if (state == STARTING) {
+ setState(STARTED);
++ }
+ }
+
+- if (defaultClassLoader != null) {
+- AccessController.doPrivileged(new PrivilegedAction() {
+- public Void run() {
+- Thread.currentThread().
+- setContextClassLoader(defaultClassLoader);
+- return null;
+- }
+- });
+- }
+
+ NotificationResult nr = null;
+ if (!shouldStop() && (nr = fetchNotifs()) != null) {
+@@ -434,8 +497,9 @@
+ // check if an mbean unregistration notif
+ if (!listenerID.equals(mbeanRemovedNotifID)) {
+ final ClientListenerInfo li = infoList.get(listenerID);
+- if (li != null)
+- listeners.put(listenerID,li);
++ if (li != null) {
++ listeners.put(listenerID, li);
++ }
+ continue;
+ }
+ final Notification notif = tn.getNotification();
+@@ -799,9 +863,7 @@
+ private long clientSequenceNumber = -1;
+ private final int maxNotifications;
+ private final long timeout;
+-
+ private Integer mbeanRemovedNotifID = null;
+-
+ private Thread currentFetchThread;
+
+ // state
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6717680.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6717680.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,27 @@
+--- old/src/share/classes/com/sun/jndi/ldap/LdapCtx.java Tue Mar 3 14:42:48 2009
++++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtx.java Tue Mar 3 14:42:47 2009
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1999-2005 Sun Microsystems, Inc. All Rights Reserved.
++ * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -302,7 +302,16 @@
+
+ schemaTrees = new Hashtable(11, 0.75f);
+ initEnv();
+- connect(false);
++ try {
++ connect(false);
++ } catch (NamingException e) {
++ try {
++ close();
++ } catch (Exception e2) {
++ // Nothing
++ }
++ throw e;
++ }
+ }
+
+ LdapCtx(LdapCtx existing, String newDN) throws NamingException {
diff -r 9933c527970b -r 3a122c249dda patches/security/icedtea-6721651.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/icedtea-6721651.patch Tue Apr 07 01:02:17 2009 +0100
@@ -0,0 +1,732 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java openjdk/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java 2009-04-06 18:37:03.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java 2009-04-06 18:44:48.000000000 +0100
+@@ -111,6 +111,22 @@
+ */
+ protected abstract void checkWrite();
+
++ /**
++ * Check if the caller can create the named class. The default
++ * implementation of this method calls {@link #checkWrite()}.
++ */
++ protected void checkCreate(String className) {
++ checkWrite();
++ }
++
++ /**
++ * Check if the caller can unregister the named MBean. The default
++ * implementation of this method calls {@link #checkWrite()}.
++ */
++ protected void checkUnregister(ObjectName name) {
++ checkWrite();
++ }
++
+ //--------------------------------------------
+ //--------------------------------------------
+ //
+@@ -148,7 +164,7 @@
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkCreate(className), then forward this method to the
+ * wrapped object.
+ */
+ public ObjectInstance createMBean(String className, ObjectName name)
+@@ -158,7 +174,7 @@
+ MBeanRegistrationException,
+ MBeanException,
+ NotCompliantMBeanException {
+- checkWrite();
++ checkCreate(className);
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
+ Object object = getMBeanServer().instantiate(className);
+@@ -170,7 +186,7 @@
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkCreate(className), then forward this method to the
+ * wrapped object.
+ */
+ public ObjectInstance createMBean(String className, ObjectName name,
+@@ -181,7 +197,7 @@
+ MBeanRegistrationException,
+ MBeanException,
+ NotCompliantMBeanException {
+- checkWrite();
++ checkCreate(className);
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
+ Object object = getMBeanServer().instantiate(className,
+@@ -196,7 +212,7 @@
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkCreate(className), then forward this method to the
+ * wrapped object.
+ */
+ public ObjectInstance createMBean(String className,
+@@ -209,7 +225,7 @@
+ MBeanException,
+ NotCompliantMBeanException,
+ InstanceNotFoundException {
+- checkWrite();
++ checkCreate(className);
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
+ Object object = getMBeanServer().instantiate(className,
+@@ -222,7 +238,7 @@
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkCreate(className), then forward this method to the
+ * wrapped object.
+ */
+ public ObjectInstance createMBean(String className,
+@@ -237,7 +253,7 @@
+ MBeanException,
+ NotCompliantMBeanException,
+ InstanceNotFoundException {
+- checkWrite();
++ checkCreate(className);
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
+ Object object = getMBeanServer().instantiate(className,
+@@ -394,45 +410,45 @@
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkCreate(className), then forward this method to the
+ * wrapped object.
+ */
+ public Object instantiate(String className)
+ throws ReflectionException, MBeanException {
+- checkWrite();
++ checkCreate(className);
+ return getMBeanServer().instantiate(className);
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkCreate(className), then forward this method to the
+ * wrapped object.
+ */
+ public Object instantiate(String className,
+ Object params[],
+ String signature[])
+ throws ReflectionException, MBeanException {
+- checkWrite();
++ checkCreate(className);
+ return getMBeanServer().instantiate(className, params, signature);
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkCreate(className), then forward this method to the
+ * wrapped object.
+ */
+ public Object instantiate(String className, ObjectName loaderName)
+ throws ReflectionException, MBeanException, InstanceNotFoundException {
+- checkWrite();
++ checkCreate(className);
+ return getMBeanServer().instantiate(className, loaderName);
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkCreate(className), then forward this method to the
+ * wrapped object.
+ */
+ public Object instantiate(String className, ObjectName loaderName,
+ Object params[], String signature[])
+ throws ReflectionException, MBeanException, InstanceNotFoundException {
+- checkWrite();
++ checkCreate(className);
+ return getMBeanServer().instantiate(className, loaderName,
+ params, signature);
+ }
+@@ -579,12 +595,12 @@
+ }
+
+ /**
+- * Call checkWrite(), then forward this method to the
++ * Call checkUnregister(), then forward this method to the
+ * wrapped object.
+ */
+ public void unregisterMBean(ObjectName name)
+ throws InstanceNotFoundException, MBeanRegistrationException {
+- checkWrite();
++ checkUnregister(name);
+ getMBeanServer().unregisterMBean(name);
+ }
+
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java openjdk/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java 2009-04-06 18:37:03.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java 2009-04-06 18:49:04.000000000 +0100
+@@ -31,11 +31,17 @@
+ import java.security.AccessController;
+ import java.security.Principal;
+ import java.security.PrivilegedAction;
+-import java.util.Collection;
++import java.util.ArrayList;
++import java.util.HashMap;
+ import java.util.Iterator;
++import java.util.List;
++import java.util.Map;
+ import java.util.Properties;
+ import java.util.Set;
++import java.util.StringTokenizer;
++import java.util.regex.Pattern;
+ import javax.management.MBeanServer;
++import javax.management.ObjectName;
+ import javax.security.auth.Subject;
+
+ /**
+@@ -46,7 +52,8 @@
+ * not allowed; in this case the request is not forwarded to the
+ * wrapped object.
+ *
+- *
This class implements the {@link #checkRead()} and {@link #checkWrite()}
++ *
This class implements the {@link #checkRead()}, {@link #checkWrite()},
++ * {@link #checkCreate(String)}, and {@link #checkUnregister(ObjectName)}
+ * methods based on an access level properties file containing username/access
+ * level pairs. The set of username/access level pairs is passed either as a
+ * filename which denotes a properties file on disk, or directly as an instance
+@@ -56,14 +63,50 @@
+ * has exactly one access level. The same access level can be shared by several
+ * usernames.
+ *
+- *
The supported access level values are readonly and
+- * readwrite.
++ *
The supported access level values are {@code readonly} and
++ * {@code readwrite}. The {@code readwrite} access level can be
++ * qualified by one or more clauses, where each clause looks
++ * like create classNamePattern or {@code
++ * unregister}. For example:
(The continuation lines with {@code \} come from the parser for
++ * Properties files.)
+ */
+ public class MBeanServerFileAccessController
+ extends MBeanServerAccessController {
+
+- public static final String READONLY = "readonly";
+- public static final String READWRITE = "readwrite";
++ static final String READONLY = "readonly";
++ static final String READWRITE = "readwrite";
++
++ static final String CREATE = "create";
++ static final String UNREGISTER = "unregister";
++
++ private enum AccessType {READ, WRITE, CREATE, UNREGISTER};
++
++ private static class Access {
++ final boolean write;
++ final String[] createPatterns;
++ private boolean unregister;
++
++ Access(boolean write, boolean unregister, List createPatternList) {
++ this.write = write;
++ int npats = (createPatternList == null) ? 0 : createPatternList.size();
++ if (npats == 0)
++ this.createPatterns = NO_STRINGS;
++ else
++ this.createPatterns = createPatternList.toArray(new String[npats]);
++ this.unregister = unregister;
++ }
++
++ private final String[] NO_STRINGS = new String[0];
++ }
+
+ /**
+ *
Create a new MBeanServerAccessController that forwards all the
+@@ -87,8 +130,8 @@
+ throws IOException {
+ super();
+ this.accessFileName = accessFileName;
+- props = propertiesFromFile(accessFileName);
+- checkValues(props);
++ Properties props = propertiesFromFile(accessFileName);
++ parseProperties(props);
+ }
+
+ /**
+@@ -123,14 +166,14 @@
+ * #setMBeanServer} method after doing access checks based on read and
+ * write permissions.
+ *
+- *
This instance is initialized from the specified properties instance.
+- * This constructor makes a copy of the properties instance using its
+- * clone method and it is the copy that is consulted to check
+- * the username and access level of an incoming connection. The original
+- * properties object can be modified without affecting the copy. If the
+- * {@link #refresh} method is then called, the
+- * MBeanServerFileAccessController will make a new copy of the
+- * properties object at that time.
++ *
This instance is initialized from the specified properties
++ * instance. This constructor makes a copy of the properties
++ * instance and it is the copy that is consulted to check the
++ * username and access level of an incoming connection. The
++ * original properties object can be modified without affecting
++ * the copy. If the {@link #refresh} method is then called, the
++ * MBeanServerFileAccessController will make a new
++ * copy of the properties object at that time.
+ *
+ * @param accessFileProps properties list containing the username/access
+ * level entries.
+@@ -145,8 +188,7 @@
+ if (accessFileProps == null)
+ throw new IllegalArgumentException("Null properties");
+ originalProps = accessFileProps;
+- props = (Properties) accessFileProps.clone();
+- checkValues(props);
++ parseProperties(accessFileProps);
+ }
+
+ /**
+@@ -155,14 +197,14 @@
+ * #setMBeanServer} method after doing access checks based on read and
+ * write permissions.
+ *
+- *
This instance is initialized from the specified properties instance.
+- * This constructor makes a copy of the properties instance using its
+- * clone method and it is the copy that is consulted to check
+- * the username and access level of an incoming connection. The original
+- * properties object can be modified without affecting the copy. If the
+- * {@link #refresh} method is then called, the
+- * MBeanServerFileAccessController will make a new copy of the
+- * properties object at that time.
++ *
This instance is initialized from the specified properties
++ * instance. This constructor makes a copy of the properties
++ * instance and it is the copy that is consulted to check the
++ * username and access level of an incoming connection. The
++ * original properties object can be modified without affecting
++ * the copy. If the {@link #refresh} method is then called, the
++ * MBeanServerFileAccessController will make a new
++ * copy of the properties object at that time.
+ *
+ * @param accessFileProps properties list containing the username/access
+ * level entries.
+@@ -184,16 +226,36 @@
+ * Check if the caller can do read operations. This method does
+ * nothing if so, otherwise throws SecurityException.
+ */
++ @Override
+ public void checkRead() {
+- checkAccessLevel(READONLY);
++ checkAccess(AccessType.READ, null);
+ }
+
+ /**
+ * Check if the caller can do write operations. This method does
+ * nothing if so, otherwise throws SecurityException.
+ */
++ @Override
+ public void checkWrite() {
+- checkAccessLevel(READWRITE);
++ checkAccess(AccessType.WRITE, null);
++ }
++
++ /**
++ * Check if the caller can create MBeans or instances of the given class.
++ * This method does nothing if so, otherwise throws SecurityException.
++ */
++ @Override
++ public void checkCreate(String className) {
++ checkAccess(AccessType.CREATE, className);
++ }
++
++ /**
++ * Check if the caller can do unregister operations. This method does
++ * nothing if so, otherwise throws SecurityException.
++ */
++ @Override
++ public void checkUnregister(ObjectName name) {
++ checkAccess(AccessType.UNREGISTER, null);
+ }
+
+ /**
+@@ -218,14 +280,13 @@
+ * @exception IllegalArgumentException if any of the supplied access
+ * level values differs from "readonly" or "readwrite".
+ */
+- public void refresh() throws IOException {
+- synchronized (props) {
+- if (accessFileName == null)
+- props = (Properties) originalProps.clone();
+- else
+- props = propertiesFromFile(accessFileName);
+- checkValues(props);
+- }
++ public synchronized void refresh() throws IOException {
++ Properties props;
++ if (accessFileName == null)
++ props = (Properties) originalProps;
++ else
++ props = propertiesFromFile(accessFileName);
++ parseProperties(props);
+ }
+
+ private static Properties propertiesFromFile(String fname)
+@@ -234,13 +295,15 @@
+ try {
+ Properties p = new Properties();
+ p.load(fin);
++ // Properties.load does a buffered read so we don't need to wrap
++ // the FileInputStream in a BufferedInputStream.
+ return p;
+ } finally {
+ fin.close();
+ }
+ }
+
+- private void checkAccessLevel(String accessLevel) {
++ private synchronized void checkAccess(AccessType requiredAccess, String arg) {
+ final AccessControlContext acc = AccessController.getContext();
+ final Subject s =
+ AccessController.doPrivileged(new PrivilegedAction() {
+@@ -250,38 +313,233 @@
+ });
+ if (s == null) return; /* security has not been enabled */
+ final Set principals = s.getPrincipals();
++ String newPropertyValue = null;
+ for (Principal p : principals) {
+- String grantedAccessLevel;
+- synchronized (props) {
+- grantedAccessLevel = props.getProperty(p.getName());
+- }
+- if (grantedAccessLevel != null) {
+- if (accessLevel.equals(READONLY) &&
+- (grantedAccessLevel.equals(READONLY) ||
+- grantedAccessLevel.equals(READWRITE)))
+- return;
+- if (accessLevel.equals(READWRITE) &&
+- grantedAccessLevel.equals(READWRITE))
++ Access access = accessMap.get(p.getName());
++ if (access != null) {
++ boolean ok;
++ switch (requiredAccess) {
++ case READ:
++ ok = true; // all access entries imply read
++ break;
++ case WRITE:
++ ok = access.write;
++ break;
++ case UNREGISTER:
++ ok = access.unregister;
++ if (!ok && access.write)
++ newPropertyValue = "unregister";
++ break;
++ case CREATE:
++ ok = checkCreateAccess(access, arg);
++ if (!ok && access.write)
++ newPropertyValue = "create " + arg;
++ break;
++ default:
++ throw new AssertionError();
++ }
++ if (ok)
+ return;
+ }
+ }
+- throw new SecurityException("Access denied! Invalid access level for " +
+- "requested MBeanServer operation.");
++ SecurityException se = new SecurityException("Access denied! Invalid " +
++ "access level for requested MBeanServer operation.");
++ // Add some more information to help people with deployments that
++ // worked before we required explicit create clauses. We're not giving
++ // any information to the bad guys, other than that the access control
++ // is based on a file, which they could have worked out from the stack
++ // trace anyway.
++ if (newPropertyValue != null) {
++ SecurityException se2 = new SecurityException("Access property " +
++ "for this identity should be similar to: " + READWRITE +
++ " " + newPropertyValue);
++ se.initCause(se2);
++ }
++ throw se;
++ }
++
++ private static boolean checkCreateAccess(Access access, String className) {
++ for (String classNamePattern : access.createPatterns) {
++ if (classNameMatch(classNamePattern, className))
++ return true;
++ }
++ return false;
++ }
++
++ private static boolean classNameMatch(String pattern, String className) {
++ // We studiously avoided regexes when parsing the properties file,
++ // because that is done whenever the VM is started with the
++ // appropriate -Dcom.sun.management options, even if nobody ever
++ // creates an MBean. We don't want to incur the overhead of loading
++ // all the regex code whenever those options are specified, but if we
++ // get as far as here then the VM is already running and somebody is
++ // doing the very unusual operation of remotely creating an MBean.
++ // Because that operation is so unusual, we don't try to optimize
++ // by hand-matching or by caching compiled Pattern objects.
++ StringBuilder sb = new StringBuilder();
++ StringTokenizer stok = new StringTokenizer(pattern, "*", true);
++ while (stok.hasMoreTokens()) {
++ String tok = stok.nextToken();
++ if (tok.equals("*"))
++ sb.append("[^.]*");
++ else
++ sb.append(Pattern.quote(tok));
++ }
++ return className.matches(sb.toString());
+ }
+
+- private void checkValues(Properties props) {
+- Collection> c = props.values();
+- for (Iterator> i = c.iterator(); i.hasNext(); ) {
+- final String accessLevel = (String) i.next();
+- if (!accessLevel.equals(READONLY) &&
+- !accessLevel.equals(READWRITE)) {
+- throw new IllegalArgumentException(
+- "Syntax error in access level entry [" + accessLevel + "]");
++ private void parseProperties(Properties props) {
++ this.accessMap = new HashMap();
++ for (Map.Entry