Mercurial > hg > release > icedtea6-1.10
view patches/security/20120214/7110687.patch @ 2555:4e7a700d4ecc
Add 2012/02/14 security patches.
2012-02-08 Omair Majid <omajid@redhat.com>
* NEWS: Update with security fixes.
* Makefile.am
(SECURITY_PATCHES): Add security patches.
(SPECIAL_SECURITY_PATCH): Add new variable.
(ICEDTEA_PATCHES): Add security patch that epends on backport.
* patches/security/20120214/7082299.patch,
* patches/security/20120214/7088367.patch,
* patches/security/20120214/7110683.patch,
* patches/security/20120214/7110687.patch,
* patches/security/20120214/7110700.patch,
* patches/security/20120214/7110704.patch,
* patches/security/20120214/7112642.patch,
* patches/security/20120214/7118283.patch,
* patches/security/20120214/7126960.patch: New security fixes.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Thu, 09 Feb 2012 17:05:26 +0000 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User coffeys # Date 1321351078 0 # Node ID dd8956e41b892ed7102e1d5668781f2c68ea9ac5 # Parent e11df26be5fc2c18af5601afc3793f9abc3e2c45 7110687: (tz) java.util.TimeZone.setDefault() should be controlled by a security manager Reviewed-by: okutsu diff --git a/make/java/java/FILES_java.gmk b/make/java/java/FILES_java.gmk --- openjdk/jdk/make/java/java/FILES_java.gmk +++ openjdk/jdk/make/java/java/FILES_java.gmk @@ -1,5 +1,5 @@ # -# Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -448,6 +448,7 @@ JAVA_JAVA_java = \ sun/misc/MessageUtils.java \ sun/misc/GC.java \ sun/misc/Service.java \ + sun/misc/JavaAWTAccess.java \ sun/misc/JavaLangAccess.java \ sun/misc/JavaIOAccess.java \ sun/misc/JavaIODeleteOnExitAccess.java \ diff --git a/src/share/classes/java/util/TimeZone.java b/src/share/classes/java/util/TimeZone.java --- openjdk/jdk/src/share/classes/java/util/TimeZone.java +++ openjdk/jdk/src/share/classes/java/util/TimeZone.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,6 +43,8 @@ import java.security.AccessController; import java.security.AccessController; import java.security.PrivilegedAction; import java.util.concurrent.ConcurrentHashMap; +import sun.misc.SharedSecrets; +import sun.misc.JavaAWTAccess; import sun.security.action.GetPropertyAction; import sun.util.TimeZoneNameUtility; import sun.util.calendar.ZoneInfo; @@ -542,7 +544,7 @@ abstract public class TimeZone implement * method doesn't create a clone. */ static TimeZone getDefaultRef() { - TimeZone defaultZone = defaultZoneTL.get(); + TimeZone defaultZone = getDefaultInAppContext(); if (defaultZone == null) { defaultZone = defaultTimeZone; if (defaultZone == null) { @@ -633,10 +635,53 @@ abstract public class TimeZone implement if (hasPermission()) { synchronized (TimeZone.class) { defaultTimeZone = zone; - defaultZoneTL.set(null); + setDefaultInAppContext(null); } } else { - defaultZoneTL.set(zone); + setDefaultInAppContext(zone); + } + } + + /** + * Returns the default TimeZone in an AppContext if any AppContext + * has ever used. null is returned if any AppContext hasn't been + * used or if the AppContext doesn't have the default TimeZone. + */ + private synchronized static TimeZone getDefaultInAppContext() { + javaAWTAccess = SharedSecrets.getJavaAWTAccess(); + if (javaAWTAccess == null) { + return mainAppContextDefault; + } else { + if (!javaAWTAccess.isDisposed()) { + TimeZone tz = (TimeZone) + javaAWTAccess.get(TimeZone.class); + if (tz == null && javaAWTAccess.isMainAppContext()) { + return mainAppContextDefault; + } else { + return tz; + } + } + } + return null; + } + + /** + * Sets the default TimeZone in the AppContext to the given + * tz. null is handled special: do nothing if any AppContext + * hasn't been used, remove the default TimeZone in the + * AppContext otherwise. + */ + private synchronized static void setDefaultInAppContext(TimeZone tz) { + javaAWTAccess = SharedSecrets.getJavaAWTAccess(); + if (javaAWTAccess == null) { + mainAppContextDefault = tz; + } else { + if (!javaAWTAccess.isDisposed()) { + javaAWTAccess.put(TimeZone.class, tz); + if (javaAWTAccess.isMainAppContext()) { + mainAppContextDefault = null; + } + } } } @@ -687,11 +732,23 @@ abstract public class TimeZone implement */ private String ID; private static volatile TimeZone defaultTimeZone; - private static final InheritableThreadLocal<TimeZone> defaultZoneTL - = new InheritableThreadLocal<TimeZone>(); static final String GMT_ID = "GMT"; private static final int GMT_ID_LENGTH = 3; + + /* + * Provides access implementation-private methods without using reflection + * + * Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't + * been loaded. If so, it implies that AWTSecurityManager is not our + * SecurityManager and we can use a local static variable. + * This works around a build time issue. + */ + private static JavaAWTAccess javaAWTAccess; + + // a static TimeZone we can reference if no AppContext is in place + private static TimeZone mainAppContextDefault; + /** * Parses a custom time zone identifier and returns a corresponding zone. diff --git a/src/share/classes/sun/awt/AppContext.java b/src/share/classes/sun/awt/AppContext.java --- openjdk/jdk/src/share/classes/sun/awt/AppContext.java +++ openjdk/jdk/src/share/classes/sun/awt/AppContext.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -767,6 +767,27 @@ public final class AppContext { } return changeSupport.getPropertyChangeListeners(propertyName); } + + // Set up JavaAWTAccess in SharedSecrets + static { + sun.misc.SharedSecrets.setJavaAWTAccess(new sun.misc.JavaAWTAccess() { + public Object get(Object key) { + return getAppContext().get(key); + } + public void put(Object key, Object value) { + getAppContext().put(key, value); + } + public void remove(Object key) { + getAppContext().remove(key); + } + public boolean isDisposed() { + return getAppContext().isDisposed(); + } + public boolean isMainAppContext() { + return (numAppContexts == 1); + } + }); + } } final class MostRecentThreadAppContext { diff --git a/src/share/classes/sun/misc/JavaAWTAccess.java b/src/share/classes/sun/misc/JavaAWTAccess.java new file mode 100644 --- /dev/null +++ openjdk/jdk/src/share/classes/sun/misc/JavaAWTAccess.java @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.misc; + +public interface JavaAWTAccess { + public Object get(Object key); + public void put(Object key, Object value); + public void remove(Object key); + public boolean isDisposed(); + public boolean isMainAppContext(); +} diff --git a/src/share/classes/sun/misc/SharedSecrets.java b/src/share/classes/sun/misc/SharedSecrets.java --- openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java +++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java @@ -52,6 +52,7 @@ public class SharedSecrets { private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess; private static JavaSecurityAccess javaSecurityAccess; + private static JavaAWTAccess javaAWTAccess; public static JavaUtilJarAccess javaUtilJarAccess() { if (javaUtilJarAccess == null) { @@ -138,4 +139,14 @@ public class SharedSecrets { } return javaSecurityAccess; } + + public static void setJavaAWTAccess(JavaAWTAccess jaa) { + javaAWTAccess = jaa; + } + + public static JavaAWTAccess getJavaAWTAccess() { + // this may return null in which case calling code needs to + // provision for. + return javaAWTAccess; + } }