Mercurial > hg > release > icedtea6-1.10
changeset 2479:b21a09c40d32
Merge
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Wed, 02 Mar 2011 14:29:07 +0000 |
parents | 21f2a8d15854 (current diff) 4b7c7f2492bc (diff) |
children | 661ac5142d6b |
files | ChangeLog Makefile.am patches/security/20110209/4421494.patch patches/security/20110215/6878713.patch patches/security/20110215/6907662.patch patches/security/20110215/6981922.patch patches/security/20110215/6983554.patch patches/security/20110215/6985453.patch patches/security/20110215/6994263.patch |
diffstat | 9 files changed, 28 insertions(+), 1421 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Feb 23 21:55:37 2011 +0000 +++ b/ChangeLog Wed Mar 02 14:29:07 2011 +0000 @@ -494,6 +494,13 @@ 2011-02-18 Andrew John Hughes <ahughes@redhat.com> + * Makefile.am: + (JAXP_DROP_ZIP): Use zip with security fix. + (JAXP_DROP_SHA256SUM): Likewise. + (SECURITY_PATCHES): Drop local JAXP security fix. + +2011-02-17 Andrew John Hughes <ahughes@redhat.com> + S6444769: java/awt/Insets/WindowWithWarningTest/WindowWithWarningTest.html fails * Makefile.am: Add patch. * NEWS: Updated. @@ -502,6 +509,18 @@ 2011-02-17 Andrew John Hughes <ahughes@redhat.com> + * patches/security/20110209/4421494.patch, + * patches/security/20110215/6878713.patch, + * patches/security/20110215/6907662.patch, + * patches/security/20110215/6981922.patch, + * patches/security/20110215/6983554.patch, + * patches/security/20110215/6985453.patch, + * patches/security/20110215/6994263.patch: + Drop security patches available upstream. + * Makefile.am: Remove above. + +2011-02-17 Andrew John Hughes <ahughes@redhat.com> + * NEWS: Fix placement of PR632. 2011-02-17 Andrew John Hughes <ahughes@redhat.com> @@ -780,6 +799,11 @@ 2011-01-22 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: + Bump to b22. + +2011-01-22 Andrew John Hughes <ahughes@redhat.com> + + * Makefile.am: Use b21 tarball. 2011-01-21 Mark Wielaard <mark@klomp.org>
--- a/Makefile.am Wed Feb 23 21:55:37 2011 +0000 +++ b/Makefile.am Wed Mar 02 14:29:07 2011 +0000 @@ -2,7 +2,7 @@ OPENJDK_DATE = 20_jan_2011 OPENJDK_MD5SUM = 595125cd17441122074a4fe0f78c0252 -OPENJDK_VERSION = b21 +OPENJDK_VERSION = b22 OPENJDK_URL = http://download.java.net/openjdk/jdk6/promoted/$(OPENJDK_VERSION)/ CACAO_VERSION = 6a5eda011e49 @@ -24,8 +24,8 @@ JAF_DROP_ZIP = jdk6-jaf-b20.zip JAF_DROP_SHA256SUM = 78c7b5c9d6271e88ee46abadd018a61f1e9645f8936cc8df1617e5f4f5074012 JAXP_DROP_URL = http://icedtea.classpath.org/download/drops -JAXP_DROP_ZIP = jaxp-1_4_4.zip -JAXP_DROP_SHA256SUM = 10b203bec5b7d3dd8f515a9e098f80abc316faf977bcc220b56efe3dc6e9e5e9 +JAXP_DROP_ZIP = jaxp144_01.zip +JAXP_DROP_SHA256SUM = d72c2e27a479e7e78e0141cfcf3a9c5dbc5677495bd21b2d52dce85d21322186 OPENJDK_HG_URL = http://hg.openjdk.java.net/jdk6/jdk6 @@ -186,15 +186,7 @@ ICEDTEA_FSG_PATCHES = -SECURITY_PATCHES = patches/security/20110209/4421494.patch \ - patches/security/20110215/6878713.patch \ - patches/security/20110215/6907662.patch \ - patches/security/20110215/6981922.patch \ - patches/security/20110215/6983554.patch \ - patches/security/20110215/6994263.patch \ - patches/security/20110215/6985453.patch \ - patches/security/20110215/6927050.patch - +SECURITY_PATCHES = ICEDTEA_PATCHES = \ $(SECURITY_PATCHES) \
--- a/patches/security/20110209/4421494.patch Wed Feb 23 21:55:37 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,106 +0,0 @@ -# HG changeset patch -# User alanb -# Date 1297019854 0 -# Node ID d00080320e439c339594d380f0322c865553a046 -# Parent f7afe7a5e086a6af1f23dd6304bcbe7fb2b6226a -4421494: infinite loop while parsing double literal -Reviewed-by: darcy, alanb -Contributed-by: dmitry.nadezhin@oracle.com - -diff --git a/src/share/classes/sun/misc/FloatingDecimal.java b/src/share/classes/sun/misc/FloatingDecimal.java ---- openjdk/jdk/src/share/classes/sun/misc/FloatingDecimal.java -+++ openjdk/jdk/src/share/classes/sun/misc/FloatingDecimal.java -@@ -1547,7 +1547,7 @@ public class FloatingDecimal{ - if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){ - overvalue = true; // our candidate is too big. - diff = bigB.sub( bigD ); -- if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){ -+ if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){ - // candidate is a normalized exact power of 2 and - // is too big. We will be subtracting. - // For our purposes, ulp is the ulp of the -diff --git a/test/java/lang/Double/ParseDouble.java b/test/java/lang/Double/ParseDouble.java ---- openjdk/jdk/test/java/lang/Double/ParseDouble.java -+++ openjdk/jdk/test/java/lang/Double/ParseDouble.java -@@ -23,11 +23,12 @@ - - /* - * @test -- * @bug 4160406 4705734 4707389 4826774 4895911 -+ * @bug 4160406 4705734 4707389 4826774 4895911 4421494 - * @summary Test for Double.parseDouble method and acceptance regex - */ - - import java.util.regex.*; -+import java.math.BigDecimal; - - public class ParseDouble { - -@@ -416,7 +417,15 @@ public class ParseDouble { - - "0x00100p1", - "0x00.100p1", -- "0x001.100p1" -+ "0x001.100p1", -+ -+ // Limits -+ -+ "1.7976931348623157E308", // Double.MAX_VALUE -+ "4.9e-324", // Double.MIN_VALUE -+ "2.2250738585072014e-308", // Double.MIN_NORMAL -+ -+ "2.2250738585072012e-308", // near Double.MIN_NORMAL - }; - - static String paddedBadStrings[]; -@@ -546,6 +555,42 @@ public class ParseDouble { - - } - -+ /** -+ * For each subnormal power of two, test at boundaries of -+ * region that should convert to that value. -+ */ -+ private static void testSubnormalPowers() { -+ BigDecimal TWO = BigDecimal.valueOf(2); -+ // An ulp is the same for all subnormal values -+ BigDecimal ulp_BD = new BigDecimal(Double.MIN_VALUE); -+ -+ System.out.println("Testing subnormal powers of two."); -+ for(int i = -1074; i <= -1022; i++) { -+ double d = Math.scalb(1.0, i); -+ -+ /* -+ * The region [d - ulp/2, d + ulp/2] should round to d. -+ */ -+ BigDecimal d_BD = new BigDecimal(d); -+ -+ BigDecimal lowerBound = d_BD.subtract(ulp_BD.divide(TWO)); -+ BigDecimal upperBound = d_BD.add(ulp_BD.divide(TWO)); -+ -+ double convertedLowerBound = Double.parseDouble(lowerBound.toString()); -+ double convertedUpperBound = Double.parseDouble(upperBound.toString()); -+ -+ if (convertedLowerBound != d) { -+ System.out.printf("Exponent %d, unexpected lower bound converted to %a, not %a.%n", -+ i, convertedLowerBound, d); -+ } -+ -+ if (convertedUpperBound != d) { -+ System.out.printf("Exponent %d, unexpected upper bound converted to %a, not %a.%n", -+ i, convertedUpperBound, d); -+ } -+ } -+ } -+ - public static void main(String[] args) throws Exception { - rudimentaryTest(); - -@@ -558,5 +603,7 @@ public class ParseDouble { - testRegex(paddedGoodStrings, false); - testRegex(badStrings, true); - testRegex(paddedBadStrings, true); -+ -+ testSubnormalPowers(); - } - }
--- a/patches/security/20110215/6878713.patch Wed Feb 23 21:55:37 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,143 +0,0 @@ -# HG changeset patch -# User kamg -# Date 1296505046 18000 -# Node ID a6f5011d46a97d3e710aaed5c8ea85af04236c28 -# Parent 2c8e1acf0433db897eb3bc8f6e1276b2c84769b7 -6878713: Verifier heap corruption, relating to backward jsrs -Summary: Added overflow detection in arena Amalloc methods -Reviewed-by: coleenp, phh - -diff --git a/src/share/vm/memory/allocation.cpp b/src/share/vm/memory/allocation.cpp ---- openjdk/hotspot/src/share/vm/memory/allocation.cpp -+++ openjdk/hotspot/src/share/vm/memory/allocation.cpp -@@ -377,6 +377,9 @@ size_t Arena::used() const { - return sum; // Return total consumed space. - } - -+void Arena::signal_out_of_memory(size_t sz, const char* whence) const { -+ vm_exit_out_of_memory(sz, whence); -+} - - // Grow a new Chunk - void* Arena::grow( size_t x ) { -@@ -386,8 +389,9 @@ void* Arena::grow( size_t x ) { - Chunk *k = _chunk; // Get filled-up chunk address - _chunk = new (len) Chunk(len); - -- if (_chunk == NULL) -- vm_exit_out_of_memory(len * Chunk::aligned_overhead_size(), "Arena::grow"); -+ if (_chunk == NULL) { -+ signal_out_of_memory(len * Chunk::aligned_overhead_size(), "Arena::grow"); -+ } - - if (k) k->set_next(_chunk); // Append new chunk to end of linked list - else _first = _chunk; -@@ -484,6 +488,7 @@ void* Arena::malloc(size_t size) { - // for debugging with UseMallocOnly - void* Arena::internal_malloc_4(size_t x) { - assert( (x&(sizeof(char*)-1)) == 0, "misaligned size" ); -+ check_for_overflow(x, "Arena::internal_malloc_4"); - if (_hwm + x > _max) { - return grow(x); - } else { -diff --git a/src/share/vm/memory/allocation.hpp b/src/share/vm/memory/allocation.hpp ---- openjdk/hotspot/src/share/vm/memory/allocation.hpp -+++ openjdk/hotspot/src/share/vm/memory/allocation.hpp -@@ -194,6 +194,15 @@ protected: - friend class AllocStats; - debug_only(void* malloc(size_t size);) - debug_only(void* internal_malloc_4(size_t x);) -+ -+ void signal_out_of_memory(size_t request, const char* whence) const; -+ -+ void check_for_overflow(size_t request, const char* whence) const { -+ if (UINTPTR_MAX - request < (uintptr_t)_hwm) { -+ signal_out_of_memory(request, whence); -+ } -+ } -+ - public: - Arena(); - Arena(size_t init_size); -@@ -207,6 +216,7 @@ protected: - assert(is_power_of_2(ARENA_AMALLOC_ALIGNMENT) , "should be a power of 2"); - x = ARENA_ALIGN(x); - debug_only(if (UseMallocOnly) return malloc(x);) -+ check_for_overflow(x, "Arena::Amalloc"); - NOT_PRODUCT(_bytes_allocated += x); - if (_hwm + x > _max) { - return grow(x); -@@ -220,6 +230,7 @@ protected: - void *Amalloc_4(size_t x) { - assert( (x&(sizeof(char*)-1)) == 0, "misaligned size" ); - debug_only(if (UseMallocOnly) return malloc(x);) -+ check_for_overflow(x, "Arena::Amalloc_4"); - NOT_PRODUCT(_bytes_allocated += x); - if (_hwm + x > _max) { - return grow(x); -@@ -240,6 +251,7 @@ protected: - size_t delta = (((size_t)_hwm + DALIGN_M1) & ~DALIGN_M1) - (size_t)_hwm; - x += delta; - #endif -+ check_for_overflow(x, "Arena::Amalloc_D"); - NOT_PRODUCT(_bytes_allocated += x); - if (_hwm + x > _max) { - return grow(x); // grow() returns a result aligned >= 8 bytes. -diff --git a/src/share/vm/utilities/globalDefinitions_gcc.hpp b/src/share/vm/utilities/globalDefinitions_gcc.hpp ---- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp -+++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp -@@ -72,6 +72,7 @@ - # endif - - #ifdef LINUX -+#define __STDC_LIMIT_MACROS - #include <inttypes.h> - #include <signal.h> - #include <ucontext.h> -diff --git a/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp b/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp ---- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp -+++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp -@@ -141,6 +141,17 @@ typedef unsigned int uintptr_ - // If this gets an error, figure out a symbol XXX that implies the - // prior definition of intptr_t, and add "&& !defined(XXX)" above. - #endif -+#endif -+ -+// On solaris 8, UINTPTR_MAX is defined as empty. -+// Everywhere else it's an actual value. -+#if UINTPTR_MAX - 1 == -1 -+#undef UINTPTR_MAX -+#ifdef _LP64 -+#define UINTPTR_MAX UINT64_MAX -+#else -+#define UINTPTR_MAX UINT32_MAX -+#endif /* ifdef _LP64 */ - #endif - - // Additional Java basic types -diff --git a/src/share/vm/utilities/globalDefinitions_visCPP.hpp b/src/share/vm/utilities/globalDefinitions_visCPP.hpp ---- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_visCPP.hpp -+++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_visCPP.hpp -@@ -36,6 +36,7 @@ - # include <stdio.h> // for va_list - # include <time.h> - # include <fcntl.h> -+# include <limits.h> - // Need this on windows to get the math constants (e.g., M_PI). - #define _USE_MATH_DEFINES - # include <math.h> -@@ -92,6 +93,14 @@ typedef signed __int64 ssize_t; - #else - typedef signed int intptr_t; - typedef signed int ssize_t; -+#endif -+ -+#ifndef UINTPTR_MAX -+#ifdef _WIN64 -+#define UINTPTR_MAX _UI64_MAX -+#else -+#define UINTPTR_MAX _UI32_MAX -+#endif - #endif - - //----------------------------------------------------------------------------------------------------
--- a/patches/security/20110215/6907662.patch Wed Feb 23 21:55:37 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,758 +0,0 @@ ---- openjdk/jdk/src/share/classes/java/awt/AWTEvent.java 2011-01-26 18:38:27.502360608 +0300 -+++ openjdk/jdk/src/share/classes/java/awt/AWTEvent.java 2011-01-26 18:38:27.078362272 +0300 -@@ -33,6 +33,12 @@ - import java.util.logging.Logger; - import java.util.logging.Level; - -+import java.security.AccessControlContext; -+import java.security.AccessController; -+import java.io.ObjectInputStream; -+import java.io.IOException; -+import sun.awt.AWTAccessor; -+ - /** - * The root event class for all AWT events. - * This class and its subclasses supercede the original -@@ -97,10 +103,33 @@ - */ - protected boolean consumed = false; - -+ /* -+ * The event's AccessControlContext. -+ */ -+ private transient volatile AccessControlContext acc = -+ AccessController.getContext(); -+ -+ /* -+ * Returns the acc this event was constructed with. -+ */ -+ final AccessControlContext getAccessControlContext() { -+ if (acc == null) { -+ throw new SecurityException("AWTEvent is missing AccessControlContext"); -+ } -+ return acc; -+ } -+ - transient boolean focusManagerIsDispatching = false; - transient boolean isPosted; - - /** -+ * Indicates whether this AWTEvent was generated by the system as -+ * opposed to by user code. -+ */ -+ private transient boolean isSystemGenerated; -+ -+ -+ /** - * The event mask for selecting component events. - */ - public final static long COMPONENT_EVENT_MASK = 0x01; -@@ -230,6 +259,19 @@ - if (!GraphicsEnvironment.isHeadless()) { - initIDs(); - } -+ AWTAccessor.setAWTEventAccessor(new AWTAccessor.AWTEventAccessor() { -+ public void setSystemGenerated(AWTEvent ev) { -+ ev.isSystemGenerated = true; -+ } -+ -+ public boolean isSystemGenerated(AWTEvent ev) { -+ return ev.isSystemGenerated; -+ } -+ -+ public AccessControlContext getAccessControlContext(AWTEvent ev) { -+ return ev.getAccessControlContext(); -+ } -+ }); - } - - private static synchronized Field get_InputEvent_CanAccessSystemClipboard() { -@@ -564,4 +606,11 @@ - } - } - } -+ -+ private void readObject(ObjectInputStream in) -+ throws ClassNotFoundException, IOException -+ { -+ this.acc = AccessController.getContext(); -+ in.defaultReadObject(); -+ } - } // class AWTEvent ---- openjdk/jdk/src/share/classes/java/awt/Component.java 2011-01-26 18:38:28.678359148 +0300 -+++ openjdk/jdk/src/share/classes/java/awt/Component.java 2011-01-26 18:38:28.166361875 +0300 -@@ -58,9 +58,11 @@ - import java.lang.reflect.Method; - import java.security.AccessController; - import java.security.PrivilegedAction; -+import java.security.AccessControlContext; - import javax.accessibility.*; - import java.util.logging.*; - import java.applet.Applet; -+import sun.awt.AWTAccessor; - - import sun.security.action.GetPropertyAction; - import sun.awt.AppContext; -@@ -451,6 +453,12 @@ - static final Object LOCK = new AWTTreeLock(); - static class AWTTreeLock {} - -+ /* -+ * The component's AccessControlContext. -+ */ -+ private transient volatile AccessControlContext acc = -+ AccessController.getContext(); -+ - /** - * Minimum size. - * (This field perhaps should have been transient). -@@ -641,6 +649,16 @@ - return changeSupportLock; - } - -+ /* -+ * Returns the acc this component was constructed with. -+ */ -+ final AccessControlContext getAccessControlContext() { -+ if (acc == null) { -+ throw new SecurityException("Component is missing AccessControlContext"); -+ } -+ return acc; -+ } -+ - boolean isPacked = false; - - /** -@@ -778,6 +796,16 @@ - } - } - -+ static { -+ AWTAccessor.setComponentAccessor(new AWTAccessor.ComponentAccessor() { -+ public AccessControlContext getAccessControlContext(Component comp) { -+ return comp.getAccessControlContext(); -+ } -+ -+ }); -+ } -+ -+ - /** - * Constructs a new component. Class <code>Component</code> can be - * extended directly to create a lightweight component that does not -@@ -8317,6 +8345,8 @@ - { - changeSupportLock = new Object(); - -+ acc = AccessController.getContext(); -+ - s.defaultReadObject(); - - appContext = AppContext.getAppContext(); ---- openjdk/jdk/src/share/classes/java/awt/EventDispatchThread.java 2011-01-26 18:38:30.086359974 +0300 -+++ openjdk/jdk/src/share/classes/java/awt/EventDispatchThread.java 2011-01-26 18:38:29.658361680 +0300 -@@ -284,10 +284,7 @@ - // Threads in the AppContext - - } -- // Can get and throw only unchecked exceptions -- catch (RuntimeException e) { -- processException(e, modalFiltersCount > 0); -- } catch (Error e) { -+ catch (Throwable e) { - processException(e, modalFiltersCount > 0); - } - return true; ---- openjdk/jdk/src/share/classes/java/awt/EventQueue.java 2011-01-26 18:38:31.062358938 +0300 -+++ openjdk/jdk/src/share/classes/java/awt/EventQueue.java 2011-01-26 18:38:30.658361787 +0300 -@@ -43,6 +43,12 @@ - import sun.awt.PeerEvent; - import sun.awt.SunToolkit; - -+import java.security.AccessControlContext; -+import java.security.ProtectionDomain; -+ -+import sun.misc.SharedSecrets; -+import sun.misc.JavaSecurityAccess; -+ - /** - * <code>EventQueue</code> is a platform-independent class - * that queues events, both from the underlying peer classes -@@ -554,6 +560,9 @@ - return null; - } - -+ private static final JavaSecurityAccess javaSecurityAccess = -+ SharedSecrets.getJavaSecurityAccess(); -+ - /** - * Dispatches an event. The manner in which the event is - * dispatched depends upon the type of the event and the -@@ -592,13 +601,49 @@ - * @throws NullPointerException if <code>event</code> is <code>null</code> - * @since 1.2 - */ -- protected void dispatchEvent(AWTEvent event) { -+ protected void dispatchEvent(final AWTEvent event) { -+ final Object src = event.getSource(); -+ final PrivilegedAction<Void> action = new PrivilegedAction<Void>() { -+ public Void run() { -+ dispatchEventImpl(event, src); -+ return null; -+ } -+ }; -+ -+ final AccessControlContext stack = AccessController.getContext(); -+ final AccessControlContext srcAcc = getAccessControlContextFrom(src); -+ final AccessControlContext eventAcc = event.getAccessControlContext(); -+ if (srcAcc == null) { -+ javaSecurityAccess.doIntersectionPrivilege(action, stack, eventAcc); -+ } else { -+ javaSecurityAccess.doIntersectionPrivilege( -+ new PrivilegedAction<Void>() { -+ public Void run() { -+ javaSecurityAccess.doIntersectionPrivilege(action, eventAcc); -+ return null; -+ } -+ }, stack, srcAcc); -+ } -+ } -+ -+ private static AccessControlContext getAccessControlContextFrom(Object src) { -+ return src instanceof Component ? -+ ((Component)src).getAccessControlContext() : -+ src instanceof MenuComponent ? -+ ((MenuComponent)src).getAccessControlContext() : -+ src instanceof TrayIcon ? -+ ((TrayIcon)src).getAccessControlContext() : -+ null; -+ } -+ -+ /** -+ * Called from dispatchEvent() under a correct AccessControlContext -+ */ -+ private void dispatchEventImpl(final AWTEvent event, final Object src) { - event.isPosted = true; -- Object src = event.getSource(); - if (event instanceof ActiveEvent) { - // This could become the sole method of dispatching in time. - setCurrentEventAndMostRecentTimeImpl(event); -- - ((ActiveEvent)event).dispatch(); - } else if (src instanceof Component) { - ((Component)src).dispatchEvent(event); ---- openjdk/jdk/src/share/classes/java/awt/MenuComponent.java 2011-01-26 18:38:32.326360585 +0300 -+++ openjdk/jdk/src/share/classes/java/awt/MenuComponent.java 2011-01-26 18:38:31.821360242 +0300 -@@ -32,6 +32,9 @@ - import sun.awt.SunToolkit; - import javax.accessibility.*; - -+import java.security.AccessControlContext; -+import java.security.AccessController; -+ - /** - * The abstract class <code>MenuComponent</code> is the superclass - * of all menu-related components. In this respect, the class -@@ -99,6 +102,23 @@ - boolean newEventsOnly = false; - - /* -+ * The menu's AccessControlContext. -+ */ -+ private transient volatile AccessControlContext acc = -+ AccessController.getContext(); -+ -+ /* -+ * Returns the acc this menu component was constructed with. -+ */ -+ final AccessControlContext getAccessControlContext() { -+ if (acc == null) { -+ throw new SecurityException( -+ "MenuComponent is missing AccessControlContext"); -+ } -+ return acc; -+ } -+ -+ /* - * Internal constants for serialization. - */ - final static String actionListenerK = Component.actionListenerK; -@@ -385,6 +405,9 @@ - throws ClassNotFoundException, IOException, HeadlessException - { - GraphicsEnvironment.checkHeadless(); -+ -+ acc = AccessController.getContext(); -+ - s.defaultReadObject(); - - appContext = AppContext.getAppContext(); ---- openjdk/jdk/src/share/classes/java/awt/TrayIcon.java 2011-01-26 18:38:33.458362899 +0300 -+++ openjdk/jdk/src/share/classes/java/awt/TrayIcon.java 2011-01-26 18:38:33.014361521 +0300 -@@ -39,6 +39,8 @@ - import sun.awt.AppContext; - import sun.awt.SunToolkit; - import java.util.EventObject; -+import java.security.AccessControlContext; -+import java.security.AccessController; - - /** - * A <code>TrayIcon</code> object represents a tray icon that can be -@@ -89,6 +91,7 @@ - * @author Anton Tarasov - */ - public class TrayIcon { -+ - private Image image; - private String tooltip; - private PopupMenu popup; -@@ -102,6 +105,24 @@ - transient MouseMotionListener mouseMotionListener; - transient ActionListener actionListener; - -+ /* -+ * The tray icon's AccessControlContext. -+ * -+ * Unlike the acc in Component, this field is made final -+ * because TrayIcon is not serializable. -+ */ -+ private final AccessControlContext acc = AccessController.getContext(); -+ -+ /* -+ * Returns the acc this tray icon was constructed with. -+ */ -+ final AccessControlContext getAccessControlContext() { -+ if (acc == null) { -+ throw new SecurityException("TrayIcon is missing AccessControlContext"); -+ } -+ return acc; -+ } -+ - static { - Toolkit.loadLibraries(); - if (!GraphicsEnvironment.isHeadless()) { ---- openjdk/jdk/src/share/classes/java/security/AccessControlContext.java 2011-01-26 18:38:34.693361438 +0300 -+++ openjdk/jdk/src/share/classes/java/security/AccessControlContext.java 2011-01-26 18:38:34.218359986 +0300 -@@ -29,6 +29,9 @@ - import java.util.List; - import sun.security.util.Debug; - import sun.security.util.SecurityConstants; -+import sun.misc.JavaSecurityAccess; -+import sun.misc.SharedSecrets; -+ - - /** - * An AccessControlContext is used to make system resource access decisions -@@ -87,6 +90,36 @@ - private static boolean debugInit = false; - private static Debug debug = null; - -+ static { -+ // Set up JavaSecurityAccess in SharedSecrets -+ SharedSecrets.setJavaSecurityAccess( -+ new JavaSecurityAccess() { -+ public <T> T doIntersectionPrivilege( -+ PrivilegedAction<T> action, -+ final AccessControlContext stack, -+ final AccessControlContext context) -+ { -+ if (action == null) { -+ throw new NullPointerException(); -+ } -+ return AccessController.doPrivileged( -+ action, -+ new AccessControlContext( -+ stack.getContext(), context).optimize() -+ ); -+ } -+ -+ public <T> T doIntersectionPrivilege( -+ PrivilegedAction<T> action, -+ AccessControlContext context) -+ { -+ return doIntersectionPrivilege(action, -+ AccessController.getContext(), context); -+ } -+ } -+ ); -+ } -+ - static Debug getDebug() - { - if (debugInit) -@@ -194,6 +227,24 @@ - } - - /** -+ * Constructor for JavaSecurityAccess.doIntersectionPrivilege() -+ */ -+ AccessControlContext(ProtectionDomain[] context, -+ AccessControlContext privilegedContext) -+ { -+ this.context = context; -+ this.privilegedContext = privilegedContext; -+ this.isPrivileged = true; -+ } -+ -+ /** -+ * Returns this context's context. -+ */ -+ ProtectionDomain[] getContext() { -+ return context; -+ } -+ -+ /** - * Returns true if this context is privileged. - */ - boolean isPrivileged() ---- openjdk/jdk/src/share/classes/javax/swing/Timer.java 2011-01-26 18:38:35.702358958 +0300 -+++ openjdk/jdk/src/share/classes/javax/swing/Timer.java 2011-01-26 18:38:35.290359835 +0300 -@@ -35,6 +35,10 @@ - import java.awt.*; - import java.awt.event.*; - import java.io.Serializable; -+import java.io.*; -+import java.security.AccessControlContext; -+import java.security.AccessController; -+import java.security.PrivilegedAction; - import javax.swing.event.EventListenerList; - - -@@ -174,6 +178,23 @@ - - private transient final Lock lock = new ReentrantLock(); - -+ /* -+ * The timer's AccessControlContext. -+ */ -+ private transient volatile AccessControlContext acc = -+ AccessController.getContext(); -+ -+ /** -+ * Returns the acc this timer was constructed with. -+ */ -+ final AccessControlContext getAccessControlContext() { -+ if (acc == null) { -+ throw new SecurityException( -+ "Timer is missing AccessControlContext"); -+ } -+ return acc; -+ } -+ - // This field is maintained by TimerQueue. - // eventQueued can also be reset by the TimerQueue, but will only ever - // happen in applet case when TimerQueues thread is destroyed. -@@ -191,7 +212,7 @@ - * - * @param delay milliseconds for the initial and between-event delay - * @param listener an initial listener; can be <code>null</code> -- * -+ - * @see #addActionListener - * @see #setInitialDelay - * @see #setRepeats -@@ -208,7 +229,6 @@ - } - } - -- - /** - * DoPostEvent is a runnable class that fires actionEvents to - * the listeners on the EventDispatchThread, via invokeLater. -@@ -589,7 +609,12 @@ - - void post() { - if (notify.compareAndSet(false, true) || !coalesce) { -- SwingUtilities.invokeLater(doPostEvent); -+ AccessController.doPrivileged(new PrivilegedAction<Void>() { -+ public Void run() { -+ SwingUtilities.invokeLater(doPostEvent); -+ return null; -+ } -+ }, getAccessControlContext()); - } - } - -@@ -611,4 +636,11 @@ - timer.actionCommand = actionCommand; - return timer; - } -+ -+ private void readObject(ObjectInputStream in) -+ throws ClassNotFoundException, IOException -+ { -+ this.acc = AccessController.getContext(); -+ in.defaultReadObject(); -+ } - } ---- openjdk/jdk/src/share/classes/javax/swing/TransferHandler.java 2011-01-26 18:38:36.678359115 +0300 -+++ openjdk/jdk/src/share/classes/javax/swing/TransferHandler.java 2011-01-26 18:38:36.270359956 +0300 -@@ -41,6 +41,16 @@ - import sun.awt.AppContext; - import sun.swing.*; - -+import java.security.AccessController; -+import java.security.PrivilegedAction; -+ -+import java.security.AccessControlContext; -+import java.security.ProtectionDomain; -+import sun.misc.SharedSecrets; -+import sun.misc.JavaSecurityAccess; -+ -+import sun.awt.AWTAccessor; -+ - /** - * This class is used to handle the transfer of a <code>Transferable</code> - * to and from Swing components. The <code>Transferable</code> is used to -@@ -1640,7 +1650,37 @@ - return true; - } - -- public void actionPerformed(ActionEvent e) { -+ private static final JavaSecurityAccess javaSecurityAccess = -+ SharedSecrets.getJavaSecurityAccess(); -+ -+ public void actionPerformed(final ActionEvent e) { -+ final Object src = e.getSource(); -+ -+ final PrivilegedAction<Void> action = new PrivilegedAction<Void>() { -+ public Void run() { -+ actionPerformedImpl(e); -+ return null; -+ } -+ }; -+ -+ final AccessControlContext stack = AccessController.getContext(); -+ final AccessControlContext srcAcc = AWTAccessor.getComponentAccessor().getAccessControlContext((Component)src); -+ final AccessControlContext eventAcc = AWTAccessor.getAWTEventAccessor().getAccessControlContext(e); -+ -+ if (srcAcc == null) { -+ javaSecurityAccess.doIntersectionPrivilege(action, stack, eventAcc); -+ } else { -+ javaSecurityAccess.doIntersectionPrivilege( -+ new PrivilegedAction<Void>() { -+ public Void run() { -+ javaSecurityAccess.doIntersectionPrivilege(action, eventAcc); -+ return null; -+ } -+ }, stack, srcAcc); -+ } -+ } -+ -+ private void actionPerformedImpl(ActionEvent e) { - Object src = e.getSource(); - if (src instanceof JComponent) { - JComponent c = (JComponent) src; ---- openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java 2011-01-26 18:38:37.918360769 +0300 -+++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java 2011-01-26 18:38:37.421362526 +0300 -@@ -31,6 +31,8 @@ - import java.io.FileDescriptor; - import java.security.ProtectionDomain; - -+import java.security.AccessController; -+ - /** A repository of "shared secrets", which are a mechanism for - calling implementation-private methods in another package without - using reflection. A package-private class implements a public -@@ -49,6 +51,7 @@ - private static JavaNetAccess javaNetAccess; - private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; - private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess; -+ private static JavaSecurityAccess javaSecurityAccess; - - public static JavaUtilJarAccess javaUtilJarAccess() { - if (javaUtilJarAccess == null) { -@@ -124,4 +127,15 @@ - - return javaSecurityProtectionDomainAccess; - } -+ -+ public static void setJavaSecurityAccess(JavaSecurityAccess jsa) { -+ javaSecurityAccess = jsa; -+ } -+ -+ public static JavaSecurityAccess getJavaSecurityAccess() { -+ if (javaSecurityAccess == null) { -+ unsafe.ensureClassInitialized(AccessController.class); -+ } -+ return javaSecurityAccess; -+ } - } ---- /dev/null 2011-01-25 15:27:47.225362334 +0300 -+++ openjdk/jdk/src/share/classes/sun/awt/AWTAccessor.java 2011-01-26 18:38:38.506361467 +0300 -@@ -0,0 +1,132 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package sun.awt; -+ -+import java.awt.*; -+import java.awt.event.InputEvent; -+import java.awt.geom.Point2D; -+import java.awt.image.BufferedImage; -+ -+import sun.misc.Unsafe; -+import java.awt.peer.ComponentPeer; -+ -+import java.security.AccessController; -+import java.security.AccessControlContext; -+ -+/** -+ * The AWTAccessor utility class. -+ * The main purpose of this class is to enable accessing -+ * private and package-private fields of classes from -+ * different classes/packages. See sun.misc.SharedSecretes -+ * for another example. -+ */ -+public final class AWTAccessor { -+ -+ private static final Unsafe unsafe = Unsafe.getUnsafe(); -+ -+ /* -+ * We don't need any objects of this class. -+ * It's rather a collection of static methods -+ * and interfaces. -+ */ -+ private AWTAccessor() { -+ } -+ -+ /* -+ * An interface of accessor for the java.awt.Component class. -+ */ -+ public interface ComponentAccessor { -+ /* -+ * Returns the acc this component was constructed with. -+ */ -+ AccessControlContext getAccessControlContext(Component comp); -+ } -+ -+ /* -+ * An accessor for the AWTEvent class. -+ */ -+ public interface AWTEventAccessor { -+ /** -+ * Sets the flag on this AWTEvent indicating that it was -+ * generated by the system. -+ */ -+ void setSystemGenerated(AWTEvent ev); -+ -+ /** -+ * Indicates whether this AWTEvent was generated by the system. -+ */ -+ boolean isSystemGenerated(AWTEvent ev); -+ -+ -+ /* -+ * Returns the acc this event was constructed with. -+ */ -+ AccessControlContext getAccessControlContext(AWTEvent ev); -+ -+ } -+ -+ /* -+ * Accessor instances are initialized in the static initializers of -+ * corresponding AWT classes by using setters defined below. -+ */ -+ private static ComponentAccessor componentAccessor; -+ private static AWTEventAccessor awtEventAccessor; -+ -+ /* -+ * Set an accessor object for the java.awt.Component class. -+ */ -+ public static void setComponentAccessor(ComponentAccessor ca) { -+ componentAccessor = ca; -+ } -+ -+ /* -+ * Retrieve the accessor object for the java.awt.Component class. -+ */ -+ public static ComponentAccessor getComponentAccessor() { -+ if (componentAccessor == null) { -+ unsafe.ensureClassInitialized(Component.class); -+ } -+ -+ return componentAccessor; -+ } -+ -+ /* -+ * Set an accessor object for the java.awt.AWTEvent class. -+ */ -+ public static void setAWTEventAccessor(AWTEventAccessor aea) { -+ awtEventAccessor = aea; -+ } -+ -+ /* -+ * Retrieve the accessor object for the java.awt.AWTEvent class. -+ */ -+ public static AWTEventAccessor getAWTEventAccessor() { -+ if (awtEventAccessor == null) { -+ unsafe.ensureClassInitialized(AWTEvent.class); -+ } -+ return awtEventAccessor; -+ } -+} ---- /dev/null 2011-01-25 15:27:47.225362334 +0300 -+++ openjdk/jdk/src/share/classes/sun/misc/JavaSecurityAccess.java 2011-01-26 18:38:39.446362054 +0300 -@@ -0,0 +1,40 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package sun.misc; -+ -+import java.security.AccessControlContext; -+import java.security.PrivilegedAction; -+ -+public interface JavaSecurityAccess { -+ -+ <T> T doIntersectionPrivilege(PrivilegedAction<T> action, -+ AccessControlContext stack, -+ AccessControlContext context); -+ -+ <T> T doIntersectionPrivilege(PrivilegedAction<T> action, -+ AccessControlContext context); -+ -+}
--- a/patches/security/20110215/6981922.patch Wed Feb 23 21:55:37 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,245 +0,0 @@ -# HG changeset patch -# User michaelm -# Date 1296485276 28800 -# Node ID 1da22d47056eebecb9aec43c8d79c0f9f54ff04b -# Parent 0933d8b8547a6c657b4d4f636ac6b94e70bb2e40 -6981922: DNS cache poisoning by untrusted applets -Reviewed-by: chegar - -diff --git a/make/sun/net/FILES_java.gmk b/make/sun/net/FILES_java.gmk ---- openjdk/jdk/make/sun/net/FILES_java.gmk -+++ openjdk/jdk/make/sun/net/FILES_java.gmk -@@ -34,6 +34,7 @@ FILES_java = \ - sun/net/ProgressEvent.java \ - sun/net/ProgressListener.java \ - sun/net/ProgressMeteringPolicy.java \ -+ sun/net/ResourceManager.java \ - sun/net/TelnetInputStream.java \ - sun/net/TelnetOutputStream.java \ - sun/net/TelnetProtocolException.java \ -diff --git a/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java b/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java ---- openjdk/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java -+++ openjdk/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java -@@ -28,6 +28,7 @@ import java.io.IOException; - import java.io.IOException; - import java.io.InterruptedIOException; - import java.util.Enumeration; -+import sun.net.ResourceManager; - - /** - * Abstract datagram and multicast socket implementation base class. -@@ -65,8 +66,15 @@ abstract class AbstractPlainDatagramSock - * Creates a datagram socket - */ - protected synchronized void create() throws SocketException { -+ ResourceManager.beforeUdpCreate(); - fd = new FileDescriptor(); -- datagramSocketCreate(); -+ try { -+ datagramSocketCreate(); -+ } catch (SocketException ioe) { -+ ResourceManager.afterUdpClose(); -+ fd = null; -+ throw ioe; -+ } - } - - /** -@@ -211,6 +219,7 @@ abstract class AbstractPlainDatagramSock - protected void close() { - if (fd != null) { - datagramSocketClose(); -+ ResourceManager.afterUdpClose(); - fd = null; - } - } -diff --git a/src/share/classes/java/net/AbstractPlainSocketImpl.java b/src/share/classes/java/net/AbstractPlainSocketImpl.java ---- openjdk/jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java -+++ openjdk/jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java -@@ -33,6 +33,7 @@ import java.io.ByteArrayOutputStream; - import java.io.ByteArrayOutputStream; - - import sun.net.ConnectionResetException; -+import sun.net.ResourceManager; - - /** - * Default Socket Implementation. This implementation does -@@ -69,6 +70,10 @@ abstract class AbstractPlainSocketImpl e - private int resetState; - private Object resetLock = new Object(); - -+ /* whether this Socket is a stream (TCP) socket or not (UDP) -+ */ -+ private boolean stream; -+ - /** - * Load net library into runtime. - */ -@@ -83,7 +88,19 @@ abstract class AbstractPlainSocketImpl e - */ - protected synchronized void create(boolean stream) throws IOException { - fd = new FileDescriptor(); -- socketCreate(stream); -+ this.stream = stream; -+ if (!stream) { -+ ResourceManager.beforeUdpCreate(); -+ try { -+ socketCreate(false); -+ } catch (IOException ioe) { -+ ResourceManager.afterUdpClose(); -+ fd = null; -+ throw ioe; -+ } -+ } else { -+ socketCreate(true); -+ } - if (socket != null) - socket.setCreated(); - if (serverSocket != null) -@@ -458,6 +475,9 @@ abstract class AbstractPlainSocketImpl e - protected void close() throws IOException { - synchronized(fdLock) { - if (fd != null) { -+ if (!stream) { -+ ResourceManager.afterUdpClose(); -+ } - if (fdUseCount == 0) { - if (closePending) { - return; -diff --git a/src/share/classes/sun/net/ResourceManager.java b/src/share/classes/sun/net/ResourceManager.java -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/src/share/classes/sun/net/ResourceManager.java -@@ -0,0 +1,82 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package sun.net; -+ -+import java.net.SocketException; -+import java.util.concurrent.atomic.AtomicInteger; -+import sun.security.action.GetPropertyAction; -+ -+/** -+ * Manages count of total number of UDP sockets and ensures -+ * that exception is thrown if we try to create more than the -+ * configured limit. -+ * -+ * This functionality could be put in NetHooks some time in future. -+ */ -+ -+public class ResourceManager { -+ -+ /* default maximum number of udp sockets per VM -+ * when a security manager is enabled. -+ * The default is 1024 which is high enough to be useful -+ * but low enough to be well below the maximum number -+ * of port numbers actually available on all OSes for -+ * such sockets (5000 on some versions of windows) -+ */ -+ -+ private static final int DEFAULT_MAX_SOCKETS = 1024; -+ private static final int maxSockets; -+ private static final AtomicInteger numSockets; -+ -+ static { -+ String prop = java.security.AccessController.doPrivileged( -+ new GetPropertyAction("sun.net.maxDatagramSockets") -+ ); -+ int defmax = DEFAULT_MAX_SOCKETS; -+ try { -+ if (prop != null) { -+ defmax = Integer.parseInt(prop); -+ } -+ } catch (NumberFormatException e) {} -+ maxSockets = defmax; -+ numSockets = new AtomicInteger(0); -+ } -+ -+ public static void beforeUdpCreate() throws SocketException { -+ if (System.getSecurityManager() != null) { -+ if (numSockets.incrementAndGet() > maxSockets) { -+ numSockets.decrementAndGet(); -+ throw new SocketException("maximum number of DatagramSockets reached"); -+ } -+ } -+ } -+ -+ public static void afterUdpClose() { -+ if (System.getSecurityManager() != null) { -+ numSockets.decrementAndGet(); -+ } -+ } -+} -diff --git a/src/share/classes/sun/nio/ch/DatagramChannelImpl.java b/src/share/classes/sun/nio/ch/DatagramChannelImpl.java ---- openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java -+++ openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java -@@ -32,6 +32,7 @@ import java.nio.channels.*; - import java.nio.channels.*; - import java.nio.channels.spi.*; - import java.lang.ref.SoftReference; -+import sun.net.ResourceManager; - - - /** -@@ -98,9 +99,15 @@ class DatagramChannelImpl - throws IOException - { - super(sp); -- this.fd = Net.socket(false); -- this.fdVal = IOUtil.fdVal(fd); -- this.state = ST_UNCONNECTED; -+ ResourceManager.beforeUdpCreate(); -+ try { -+ this.fd = Net.socket(false); -+ this.fdVal = IOUtil.fdVal(fd); -+ this.state = ST_UNCONNECTED; -+ } catch (IOException ioe) { -+ ResourceManager.afterUdpClose(); -+ throw ioe; -+ } - } - - public DatagramChannelImpl(SelectorProvider sp, FileDescriptor fd) -@@ -587,6 +594,7 @@ class DatagramChannelImpl - protected void implCloseSelectableChannel() throws IOException { - synchronized (stateLock) { - nd.preClose(fd); -+ ResourceManager.afterUdpClose(); - long th; - if ((th = readerThread) != 0) - NativeThread.signal(th); -diff --git a/src/share/classes/sun/nio/ch/Net.java b/src/share/classes/sun/nio/ch/Net.java ---- openjdk/jdk/src/share/classes/sun/nio/ch/Net.java -+++ openjdk/jdk/src/share/classes/sun/nio/ch/Net.java -@@ -111,7 +111,7 @@ class Net { - - // -- Socket operations -- - -- static FileDescriptor socket(boolean stream) { -+ static FileDescriptor socket(boolean stream) throws IOException { - return IOUtil.newFD(socket0(stream, false)); - } -
--- a/patches/security/20110215/6983554.patch Wed Feb 23 21:55:37 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,20 +0,0 @@ -# HG changeset patch -# User ksrini -# Date 1288026697 25200 -# Node ID 547ec9b43edde622a08cc9bae0f4e2efae861796 -# Parent 9216ec4e4c1443fe854872630aa8b3726523c0c9 -6983554: (launcher) Fix empty user's LD_LIBRARY_PATH environment variable in the launcher -Reviewed-by: darcy, ohair, asaha - -diff --git a/src/solaris/bin/java_md.c b/src/solaris/bin/java_md.c ---- openjdk/jdk/src/solaris/bin/java_md.c -+++ openjdk/jdk/src/solaris/bin/java_md.c -@@ -484,7 +484,7 @@ CreateExecutionEnvironment(int *_argcp, - * LD_LIBRARY_PATH. Note that this prevents any possible infinite - * loop of execv() because we test for the prefix, above. - */ -- if (runpath != 0) { -+ if (runpath != 0 && (runpath[0] != '\0')) { - strcat(new_runpath, ":"); - strcat(new_runpath, runpath); - }
--- a/patches/security/20110215/6985453.patch Wed Feb 23 21:55:37 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,104 +0,0 @@ -# HG changeset patch -# User bae -# Date 1288382134 -14400 -# Node ID 5e70dbac6a7d3743e64e19399552a60d25ba5cff -# Parent f3dff5c1b9c2cc8d38fde74c3661786f6332a3eb -6985453: Font.createFont may expose some system properties in exception text -Reviewed-by: prr, hawtin - -diff --git a/src/share/classes/sun/font/FileFont.java b/src/share/classes/sun/font/FileFont.java ---- openjdk/jdk/src/share/classes/sun/font/FileFont.java -+++ openjdk/jdk/src/share/classes/sun/font/FileFont.java -@@ -48,6 +48,9 @@ import java.util.HashSet; - import java.util.HashSet; - import java.util.HashMap; - import java.awt.Font; -+import java.security.AccessController; -+import java.security.PrivilegedActionException; -+import java.security.PrivilegedExceptionAction; - - public abstract class FileFont extends PhysicalFont { - -@@ -284,4 +287,49 @@ public abstract class FileFont extends P - }); - } - } -+ -+ protected String getPublicFileName() { -+ SecurityManager sm = System.getSecurityManager(); -+ if (sm == null) { -+ return platName; -+ } -+ boolean canReadProperty = true; -+ -+ try { -+ sm.checkPropertyAccess("java.io.tmpdir"); -+ } catch (SecurityException e) { -+ canReadProperty = false; -+ } -+ -+ if (canReadProperty) { -+ return platName; -+ } -+ -+ final File f = new File(platName); -+ -+ Boolean isTmpFile = Boolean.FALSE; -+ try { -+ isTmpFile = AccessController.doPrivileged( -+ new PrivilegedExceptionAction<Boolean>() { -+ public Boolean run() { -+ File tmp = new File(System.getProperty("java.io.tmpdir")); -+ try { -+ String tpath = tmp.getCanonicalPath(); -+ String fpath = f.getCanonicalPath(); -+ -+ return (fpath == null) || fpath.startsWith(tpath); -+ } catch (IOException e) { -+ return Boolean.TRUE; -+ } -+ } -+ } -+ ); -+ } catch (PrivilegedActionException e) { -+ // unable to verify whether value of java.io.tempdir will be -+ // exposed, so return only a name of the font file. -+ isTmpFile = Boolean.TRUE; -+ } -+ -+ return isTmpFile ? "temp file" : platName; -+ } - } -diff --git a/src/share/classes/sun/font/TrueTypeFont.java b/src/share/classes/sun/font/TrueTypeFont.java ---- openjdk/jdk/src/share/classes/sun/font/TrueTypeFont.java -+++ openjdk/jdk/src/share/classes/sun/font/TrueTypeFont.java -@@ -504,7 +504,8 @@ public class TrueTypeFont extends FileFo - break; - - default: -- throw new FontFormatException("Unsupported sfnt " + platName); -+ throw new FontFormatException("Unsupported sfnt " + -+ getPublicFileName()); - } - - /* Now have the offset of this TT font (possibly within a TTC) -@@ -1369,6 +1370,6 @@ public class TrueTypeFont extends FileFo - - public String toString() { - return "** TrueType Font: Family="+familyName+ " Name="+fullName+ -- " style="+style+" fileName="+platName; -+ " style="+style+" fileName="+getPublicFileName(); - } - } -diff --git a/src/share/classes/sun/font/Type1Font.java b/src/share/classes/sun/font/Type1Font.java ---- openjdk/jdk/src/share/classes/sun/font/Type1Font.java -+++ openjdk/jdk/src/share/classes/sun/font/Type1Font.java -@@ -677,7 +677,7 @@ public class Type1Font extends FileFont - - public String toString() { - return "** Type1 Font: Family="+familyName+ " Name="+fullName+ -- " style="+style+" fileName="+platName; -+ " style="+style+" fileName="+getPublicFileName(); - } - - }
--- a/patches/security/20110215/6994263.patch Wed Feb 23 21:55:37 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,33 +0,0 @@ ---- openjdk/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Nov 1 13:25:19 2010 -+++ openjdk/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Nov 1 13:25:18 2010 -@@ -247,6 +247,8 @@ - - if (!_alreadyInitialized) { - _transformHash = new HashMap(10); -+ // make sure builtin algorithms are all registered first -+ com.sun.org.apache.xml.internal.security.Init.init(); - _alreadyInitialized = true; - } - } -@@ -274,19 +276,13 @@ - "algorithm.alreadyRegistered", exArgs); - } - -- ClassLoader cl = (ClassLoader) AccessController.doPrivileged( -- new PrivilegedAction() { -- public Object run() { -- return Thread.currentThread().getContextClassLoader(); -- } -- }); -+ ClassLoader cl = Thread.currentThread().getContextClassLoader(); - - try { - Transform._transformHash.put - (algorithmURI, Class.forName(implementingClass, true, cl)); - } catch (ClassNotFoundException e) { -- // TODO Auto-generated catch block -- e.printStackTrace(); -+ throw new RuntimeException(e); - } - } - }