Mercurial > hg > release > icedtea6-1.10

view patches/security/20120612/7145239.patch @ 2578:96394d394527

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add security patches for 2012/06/12. 2012-06-07 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: (ICEDTEA_PATCHES): Add security patches. Make more patches HotSpot-build specific. * patches/ecj/override.patch: Add additional cases from 7143872. * patches/arm.patch: Moved to HotSpot-specific versions. * patches/arch.patch, * patches/freetypeversion.patch, * patches/gcc-suffix.patch: Fix to work with no fuzz. * patches/hotspot/hs20/arm.patch, * patches/hotspot/hs20/gcc-stack-markings.patch, * patches/hotspot/hs20/numa_on_early_glibc.patch, * patches/hotspot/hs20/sparc-trapsfix.patch, * patches/hotspot/hs20/version-hotspot.patch: Split to work with hs20 with no fuzz. * patches/hotspot/original/arm.patch, * patches/hotspot/original/gcc-stack-markings.patch, * patches/hotspot/original/numa_on_early_glibc.patch, * patches/hotspot/original/sparc-trapsfix.patch, * patches/hotspot/original/version-hotspot.patch: Likewise for hs19 (original). * patches/jaxp-serial-version-uid.patch, * patches/libraries.patch, * patches/nio2.patch, * patches/no-static-linking.patch, * patches/openjdk/6693253-security_warning.patch, * patches/openjdk/6766342-AA-simple-shape-performance.patch, * patches/openjdk/6797139-jbutton_truncation.patch, * patches/openjdk/6851973-kerberos.patch, * patches/openjdk/7102369-7094468-rmiregistry.patch: Fixed to work with no fuzz. * patches/openjdk/hs20/7034464-hugepage.patch, * patches/openjdk/hs20/7103224-glibc_name_collision.patch, Fixed to work with hs20 and no fuzz. * patches/openjdk/mutter.patch: Fixed to work with no fuzz. * patches/openjdk/original/7034464-hugepage.patch, * patches/openjdk/original/7103224-glibc_name_collision.patch, Fixed to work with hs19 (original) and no fuzz. * patches/openjdk/remove-mimpure-option-to-gcc.patch: Fixed to work with no fuzz. * patches/security/20120612/7079902.patch, * patches/security/20120612/7143606.patch, * patches/security/20120612/7143614.patch, * patches/security/20120612/7143617.patch, * patches/security/20120612/7143851.patch, * patches/security/20120612/7143872.patch, * patches/security/20120612/7145239.patch, * patches/security/20120612/7157609.patch, * patches/security/20120612/7160677.patch, * patches/security/20120612/7160757.patch, * patches/security/20120612/hs20/7110720.patch, * patches/security/20120612/hs20/7152811.patch, * patches/security/20120612/original/7110720.patch, * patches/security/20120612/original/7152811.patch, Security patches for 2012/06/12. * NEWS: Updated.
author Andrew John Hughes <ahughes@redhat.com>
date Fri, 08 Jun 2012 14:23:28 +0100
parents
children
line wrap: on
line source

# HG changeset patch
# User mullan
# Date 1339086824 -3600
# Node ID bb0caf6041c99873347d12f82d0eb65965afafeb
# Parent  c4ba973139576dbaeb13a1bb8de26ffd8d1de9a4
7145239: Finetune package definition restriction
Reviewed-by: hawtin

diff --git a/src/share/lib/security/java.security b/src/share/lib/security/java.security
--- openjdk/jdk/src/share/lib/security/java.security
+++ openjdk/jdk/src/share/lib/security/java.security
@@ -127,7 +127,7 @@
 # passed to checkPackageAccess unless the
 # corresponding RuntimePermission ("accessClassInPackage."+package) has
 # been granted.
-package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.
+package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
 
 #
 # List of comma-separated packages that start with or equal this string
@@ -136,10 +136,10 @@
 # corresponding RuntimePermission ("defineClassInPackage."+package) has
 # been granted.
 #
-# by default, no packages are restricted for definition, and none of
-# the class loaders supplied with the JDK call checkPackageDefinition.
+# by default, none of the class loaders supplied with the JDK call
+# checkPackageDefinition.
 #
-#package.definition=
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
 
 #
 # Determines whether this properties file can be appended to
diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris
--- openjdk/jdk/src/share/lib/security/java.security-solaris
+++ openjdk/jdk/src/share/lib/security/java.security-solaris
@@ -137,10 +137,10 @@
 # corresponding RuntimePermission ("defineClassInPackage."+package) has
 # been granted.
 #
-# by default, no packages are restricted for definition, and none of
-# the class loaders supplied with the JDK call checkPackageDefinition.
+# by default, none of the class loaders supplied with the JDK call
+# checkPackageDefinition.
 #
-#package.definition=
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
 
 #
 # Determines whether this properties file can be appended to
diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows
--- openjdk/jdk/src/share/lib/security/java.security-windows
+++ openjdk/jdk/src/share/lib/security/java.security-windows
@@ -137,10 +137,10 @@
 # corresponding RuntimePermission ("defineClassInPackage."+package) has
 # been granted.
 #
-# by default, no packages are restricted for definition, and none of
-# the class loaders supplied with the JDK call checkPackageDefinition.
+# by default, none of the class loaders supplied with the JDK call
+# checkPackageDefinition.
 #
-#package.definition=
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
 
 #
 # Determines whether this properties file can be appended to