Mercurial > hg > release > icedtea6-1.10
view patches/security/20121016/7189567.patch @ 2593:6df81d93af9c
Add 2012/10/16 security updates.
2012-10-11 Andrew John Hughes <gnu.andrew@redhat.com>
* Makefile.am:
(SECURITY_PATCHES): Add new patches.
* patches/ecj/override.patch:
Add new cases in P11Key and RMIConnectionImpl
introduced by security patches.
* patches/ssl.patch:
Removed old unneeded patch which breaks with
this update.
* patches/security/20111018/7092186.patch:
Backport of patch added to OpenJDK6 by Oracle
as part of the last security update but not
included in the bundle delivered ahead of time.
* patches/security/20121016/6631398.patch,
* patches/security/20121016/7093490.patch,
* patches/security/20121016/7143535.patch,
* patches/security/20121016/7158801.patch,
* patches/security/20121016/7167656.patch,
* patches/security/20121016/7169884.patch,
* patches/security/20121016/7169888.patch,
* patches/security/20121016/7172522.patch,
* patches/security/20121016/7176337.patch,
* patches/security/20121016/7186286.patch,
* patches/security/20121016/7189103.patch,
* patches/security/20121016/7189490.patch,
* patches/security/20121016/7189567.patch,
* patches/security/20121016/7192975.patch,
* patches/security/20121016/7195194.patch,
* patches/security/20121016/7195917.patch,
* patches/security/20121016/7195919.patch,
* patches/security/20121016/7198296.patch,
* patches/security/20121016/7198606.patch,
* patches/security/20121016/hs20/7158800.patch,
* patches/security/20121016/hs20/7158804.patch,
* patches/security/20121016/original/7158800.patch,
* patches/security/20121016/original/7158804.patch:
New patches.
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Fri, 12 Oct 2012 02:18:24 +0100 |
| parents | |
| children |
line wrap: on
line source
# HG changeset patch # User robm # Date 1347900712 -3600 # Node ID aa1fa3f96d77541a3bafd767001f3100fe6b8a5a # Parent 7fe230af5036c83eb337b3560821b97c6dec08c9 7189567: java net obselete protocol Reviewed-by: chegar diff --git a/src/share/classes/java/net/URL.java b/src/share/classes/java/net/URL.java --- openjdk/jdk/src/share/classes/java/net/URL.java +++ openjdk/jdk/src/share/classes/java/net/URL.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,8 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Hashtable; import java.util.StringTokenizer; import sun.security.util.SecurityConstants; @@ -1110,6 +1112,21 @@ static Hashtable handlers = new Hashtable(); private static Object streamHandlerLock = new Object(); + // special case the gopher protocol, disabled by default + private static final String GOPHER = "gopher"; + private static final String ENABLE_GOPHER_PROP = "jdk.net.registerGopherProtocol"; + private static final boolean enableGopher = AccessController.doPrivileged( + new PrivilegedAction<Boolean>() { + public Boolean run() { + String prop = System.getProperty(ENABLE_GOPHER_PROP); + return prop == null ? false : + (prop.equalsIgnoreCase("false") ? false : true); + } + }); + + // package name of the JDK implementation protocol handlers + private static final String JDK_PACKAGE_PREFIX = "sun.net.www.protocol"; + /** * Returns the Stream Handler. * @param protocol the protocol to use @@ -1141,7 +1158,7 @@ // REMIND: decide whether to allow the "null" class prefix // or not. - packagePrefixList += "sun.net.www.protocol"; + packagePrefixList += JDK_PACKAGE_PREFIX; StringTokenizer packagePrefixIter = new StringTokenizer(packagePrefixList, "|"); @@ -1151,6 +1168,15 @@ String packagePrefix = packagePrefixIter.nextToken().trim(); + + // do not try to instantiate the JDK gopher handler + // unless the system property had been explicitly set + if (protocol.equalsIgnoreCase(GOPHER) && + packagePrefix.equals(JDK_PACKAGE_PREFIX) && + !enableGopher) { + continue; + } + try { String clsName = packagePrefix + "." + protocol + ".Handler"; diff --git a/test/java/net/URL/Test.java b/test/java/net/URL/Test.java --- openjdk/jdk/test/java/net/URL/Test.java +++ openjdk/jdk/test/java/net/URL/Test.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -322,10 +322,6 @@ test("ftp://ftp.is.co.za/rfc/rfc1808.txt") .s("ftp").h("ftp.is.co.za").p("/rfc/rfc1808.txt").z(); - test("gopher://spinaltap.micro.umn.edu/00/Weather/California/Los%20Angeles") - .s("gopher").h("spinaltap.micro.umn.edu") - .p("/00/Weather/California/Los%20Angeles").z(); - test("http://www.math.uio.no/faq/compression-faq/part1.html") .s("http").h("www.math.uio.no").p("/faq/compression-faq/part1.html").z();