Mercurial > hg > release > icedtea6-1.11
changeset 2644:23404f48955e
Support hg, post security patches.
2011-07-06 Andrew John Hughes <ahughes@redhat.com>
* patches/security/20110215/6878713.patch,
* patches/security/20110607/6213702.patch,
* patches/security/20110607/6618658.patch,
* patches/security/20110607/7012520.patch,
* patches/security/20110607/7013519.patch,
* patches/security/20110607/7013969.patch,
* patches/security/20110607/7013971.patch,
* patches/security/20110607/7016495.patch,
* patches/security/20110607/7020198.patch,
* patches/security/20110607/7020373.patch:
Removed; upstream.
* Makefile.am:
(JAXWS_DROP_ZIP): Updatede.
(JAXWS_DROP_SHA256SUM): Likewise.
(JAXP_DROP_ZIP): Likewise.
(JAXP_DROP_SHA256SUM): Likewise.
(SECURITY_PATCHES): Set to empty.
* patches/xjc.patch: Revert to pre-security
patch version (security patch is now part of the
tarball, not a patch)
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Wed, 06 Jul 2011 20:45:21 +0100 |
| parents | 5deef52b5a9c |
| children | 380a9db76b36 |
| files | ChangeLog Makefile.am patches/security/20110215/6878713.patch patches/security/20110607/6213702.patch patches/security/20110607/6618658.patch patches/security/20110607/7012520.patch patches/security/20110607/7013519.patch patches/security/20110607/7013969.patch patches/security/20110607/7013971.patch patches/security/20110607/7016495.patch patches/security/20110607/7020198.patch patches/security/20110607/7020373.patch patches/xjc.patch |
| diffstat | 13 files changed, 37 insertions(+), 1132 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jul 06 17:11:34 2011 +0100 +++ b/ChangeLog Wed Jul 06 20:45:21 2011 +0100 @@ -1,3 +1,26 @@ +2011-07-06 Andrew John Hughes <ahughes@redhat.com> + + * patches/security/20110215/6878713.patch, + * patches/security/20110607/6213702.patch, + * patches/security/20110607/6618658.patch, + * patches/security/20110607/7012520.patch, + * patches/security/20110607/7013519.patch, + * patches/security/20110607/7013969.patch, + * patches/security/20110607/7013971.patch, + * patches/security/20110607/7016495.patch, + * patches/security/20110607/7020198.patch, + * patches/security/20110607/7020373.patch: + Removed; upstream. + * Makefile.am: + (JAXWS_DROP_ZIP): Updatede. + (JAXWS_DROP_SHA256SUM): Likewise. + (JAXP_DROP_ZIP): Likewise. + (JAXP_DROP_SHA256SUM): Likewise. + (SECURITY_PATCHES): Set to empty. + * patches/xjc.patch: Revert to pre-security + patch version (security patch is now part of the + tarball, not a patch) + 2011-07-01 Pavel Tisnovsky <ptisnovs@redhat.com> * Makefile.am: added new patches
--- a/Makefile.am Wed Jul 06 17:11:34 2011 +0100 +++ b/Makefile.am Wed Jul 06 20:45:21 2011 +0100 @@ -18,14 +18,14 @@ JAMVM_SRC_ZIP = jamvm-$(JAMVM_VERSION).tar.gz JAXWS_DROP_URL = http://icedtea.classpath.org/download/drops -JAXWS_DROP_ZIP = jdk6-jaxws-b20.zip -JAXWS_DROP_SHA256SUM = 0c460583898b968a58bf88eb53f90a0e34369e2562d65fb3a143512dfcaeb3eb +JAXWS_DROP_ZIP = jdk6-jaxws2_1_6-2011_06_08.zip +JAXWS_DROP_SHA256SUM = be95ff0ae05b474d0bbb3ad8bdb2a23f20cb8c48b1a21f16aa079e43a50c057f JAF_DROP_URL = http://icedtea.classpath.org/download/drops JAF_DROP_ZIP = jdk6-jaf-b20.zip JAF_DROP_SHA256SUM = 78c7b5c9d6271e88ee46abadd018a61f1e9645f8936cc8df1617e5f4f5074012 JAXP_DROP_URL = http://icedtea.classpath.org/download/drops -JAXP_DROP_ZIP = jaxp144_02.zip -JAXP_DROP_SHA256SUM = 29edfda4b7e5e2f87da5a172b4d3e3cf05b1c1ec60e5ebb0144470edcb2a9c1d +JAXP_DROP_ZIP = jaxp144_03.zip +JAXP_DROP_SHA256SUM = c1a5348e17b330a7e4b18431e61a40efd2ba99a7da71102cf2c604478ef96012 OPENJDK_HG_URL = http://hg.openjdk.java.net/jdk6/jdk6 HOTSPOT_SRC_ZIP = hotspot.tar.gz @@ -185,15 +185,7 @@ ICEDTEA_FSG_PATCHES = -SECURITY_PATCHES = patches/security/20110607/6213702.patch \ - patches/security/20110607/6618658.patch \ - patches/security/20110607/7012520.patch \ - patches/security/20110607/7013519.patch \ - patches/security/20110607/7013969.patch \ - patches/security/20110607/7013971.patch \ - patches/security/20110607/7016495.patch \ - patches/security/20110607/7020198.patch \ - patches/security/20110607/7020373.patch +SECURITY_PATCHES = ICEDTEA_PATCHES = \ $(SECURITY_PATCHES) \
--- a/patches/security/20110215/6878713.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,143 +0,0 @@ -# HG changeset patch -# User kamg -# Date 1296505046 18000 -# Node ID a6f5011d46a97d3e710aaed5c8ea85af04236c28 -# Parent 2c8e1acf0433db897eb3bc8f6e1276b2c84769b7 -6878713: Verifier heap corruption, relating to backward jsrs -Summary: Added overflow detection in arena Amalloc methods -Reviewed-by: coleenp, phh - -diff --git a/src/share/vm/memory/allocation.cpp b/src/share/vm/memory/allocation.cpp ---- openjdk/hotspot/src/share/vm/memory/allocation.cpp -+++ openjdk/hotspot/src/share/vm/memory/allocation.cpp -@@ -377,6 +377,9 @@ size_t Arena::used() const { - return sum; // Return total consumed space. - } - -+void Arena::signal_out_of_memory(size_t sz, const char* whence) const { -+ vm_exit_out_of_memory(sz, whence); -+} - - // Grow a new Chunk - void* Arena::grow( size_t x ) { -@@ -386,8 +389,9 @@ void* Arena::grow( size_t x ) { - Chunk *k = _chunk; // Get filled-up chunk address - _chunk = new (len) Chunk(len); - -- if (_chunk == NULL) -- vm_exit_out_of_memory(len * Chunk::aligned_overhead_size(), "Arena::grow"); -+ if (_chunk == NULL) { -+ signal_out_of_memory(len * Chunk::aligned_overhead_size(), "Arena::grow"); -+ } - - if (k) k->set_next(_chunk); // Append new chunk to end of linked list - else _first = _chunk; -@@ -484,6 +488,7 @@ void* Arena::malloc(size_t size) { - // for debugging with UseMallocOnly - void* Arena::internal_malloc_4(size_t x) { - assert( (x&(sizeof(char*)-1)) == 0, "misaligned size" ); -+ check_for_overflow(x, "Arena::internal_malloc_4"); - if (_hwm + x > _max) { - return grow(x); - } else { -diff --git a/src/share/vm/memory/allocation.hpp b/src/share/vm/memory/allocation.hpp ---- openjdk/hotspot/src/share/vm/memory/allocation.hpp -+++ openjdk/hotspot/src/share/vm/memory/allocation.hpp -@@ -194,6 +194,15 @@ protected: - friend class AllocStats; - debug_only(void* malloc(size_t size);) - debug_only(void* internal_malloc_4(size_t x);) -+ -+ void signal_out_of_memory(size_t request, const char* whence) const; -+ -+ void check_for_overflow(size_t request, const char* whence) const { -+ if (UINTPTR_MAX - request < (uintptr_t)_hwm) { -+ signal_out_of_memory(request, whence); -+ } -+ } -+ - public: - Arena(); - Arena(size_t init_size); -@@ -207,6 +216,7 @@ protected: - assert(is_power_of_2(ARENA_AMALLOC_ALIGNMENT) , "should be a power of 2"); - x = ARENA_ALIGN(x); - debug_only(if (UseMallocOnly) return malloc(x);) -+ check_for_overflow(x, "Arena::Amalloc"); - NOT_PRODUCT(_bytes_allocated += x); - if (_hwm + x > _max) { - return grow(x); -@@ -220,6 +230,7 @@ protected: - void *Amalloc_4(size_t x) { - assert( (x&(sizeof(char*)-1)) == 0, "misaligned size" ); - debug_only(if (UseMallocOnly) return malloc(x);) -+ check_for_overflow(x, "Arena::Amalloc_4"); - NOT_PRODUCT(_bytes_allocated += x); - if (_hwm + x > _max) { - return grow(x); -@@ -240,6 +251,7 @@ protected: - size_t delta = (((size_t)_hwm + DALIGN_M1) & ~DALIGN_M1) - (size_t)_hwm; - x += delta; - #endif -+ check_for_overflow(x, "Arena::Amalloc_D"); - NOT_PRODUCT(_bytes_allocated += x); - if (_hwm + x > _max) { - return grow(x); // grow() returns a result aligned >= 8 bytes. -diff --git a/src/share/vm/utilities/globalDefinitions_gcc.hpp b/src/share/vm/utilities/globalDefinitions_gcc.hpp ---- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp -+++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp -@@ -72,6 +72,7 @@ - # endif - - #ifdef LINUX -+#define __STDC_LIMIT_MACROS - #include <inttypes.h> - #include <signal.h> - #include <ucontext.h> -diff --git a/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp b/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp ---- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp -+++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp -@@ -141,6 +141,17 @@ typedef unsigned int uintptr_ - // If this gets an error, figure out a symbol XXX that implies the - // prior definition of intptr_t, and add "&& !defined(XXX)" above. - #endif -+#endif -+ -+// On solaris 8, UINTPTR_MAX is defined as empty. -+// Everywhere else it's an actual value. -+#if UINTPTR_MAX - 1 == -1 -+#undef UINTPTR_MAX -+#ifdef _LP64 -+#define UINTPTR_MAX UINT64_MAX -+#else -+#define UINTPTR_MAX UINT32_MAX -+#endif /* ifdef _LP64 */ - #endif - - // Additional Java basic types -diff --git a/src/share/vm/utilities/globalDefinitions_visCPP.hpp b/src/share/vm/utilities/globalDefinitions_visCPP.hpp ---- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_visCPP.hpp -+++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_visCPP.hpp -@@ -36,6 +36,7 @@ - # include <stdio.h> // for va_list - # include <time.h> - # include <fcntl.h> -+# include <limits.h> - // Need this on windows to get the math constants (e.g., M_PI). - #define _USE_MATH_DEFINES - # include <math.h> -@@ -92,6 +93,14 @@ typedef signed __int64 ssize_t; - #else - typedef signed int intptr_t; - typedef signed int ssize_t; -+#endif -+ -+#ifndef UINTPTR_MAX -+#ifdef _WIN64 -+#define UINTPTR_MAX _UI64_MAX -+#else -+#define UINTPTR_MAX _UI32_MAX -+#endif - #endif - - //----------------------------------------------------------------------------------------------------
--- a/patches/security/20110607/6213702.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,107 +0,0 @@ -# HG changeset patch -# User asaha -# Date 1300988627 25200 -# Node ID bfc1a4516e20e13c84b6597d7bfcbd2fbc3e0c4d -# Parent 16fbb8d0b834c3e0a95a4d51e22ec77b81192bb3 -6213702: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) -Reviewed-by: alanb - -diff --git a/src/windows/classes/sun/nio/ch/WindowsSelectorImpl.java b/src/windows/classes/sun/nio/ch/WindowsSelectorImpl.java ---- openjdk/jdk/src/windows/classes/sun/nio/ch/WindowsSelectorImpl.java -+++ openjdk/jdk/src/windows/classes/sun/nio/ch/WindowsSelectorImpl.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -308,14 +308,17 @@ final class WindowsSelectorImpl extends - private int processSelectedKeys(long updateCount) { - int numKeysUpdated = 0; - numKeysUpdated += processFDSet(updateCount, readFds, -- PollArrayWrapper.POLLIN); -+ PollArrayWrapper.POLLIN, -+ false); - numKeysUpdated += processFDSet(updateCount, writeFds, - PollArrayWrapper.POLLCONN | -- PollArrayWrapper.POLLOUT); -+ PollArrayWrapper.POLLOUT, -+ false); - numKeysUpdated += processFDSet(updateCount, exceptFds, - PollArrayWrapper.POLLIN | - PollArrayWrapper.POLLCONN | -- PollArrayWrapper.POLLOUT); -+ PollArrayWrapper.POLLOUT, -+ true); - return numKeysUpdated; - } - -@@ -327,7 +330,8 @@ final class WindowsSelectorImpl extends - * - * me.updateCount <= me.clearedCount <= updateCount - */ -- private int processFDSet(long updateCount, int[] fds, int rOps) { -+ private int processFDSet(long updateCount, int[] fds, int rOps, -+ boolean isExceptFds) { - int numKeysUpdated = 0; - for (int i = 1; i <= fds[0]; i++) { - int desc = fds[i]; -@@ -343,6 +347,17 @@ final class WindowsSelectorImpl extends - if (me == null) - continue; - SelectionKeyImpl sk = me.ski; -+ -+ // The descriptor may be in the exceptfds set because there is -+ // OOB data queued to the socket. If there is OOB data then it -+ // is discarded and the key is not added to the selected set. -+ if (isExceptFds && -+ (sk.channel() instanceof SocketChannelImpl) && -+ discardUrgentData(desc)) -+ { -+ continue; -+ } -+ - if (selectedKeys.contains(sk)) { // Key in selected set - if (me.clearedCount != updateCount) { - if (sk.channel.translateAndSetReadyOps(rOps, sk) && -@@ -448,6 +463,8 @@ final class WindowsSelectorImpl extends - } - - private native void resetWakeupSocket0(int wakeupSourceFd); -+ -+ private native boolean discardUrgentData(int fd); - - // We increment this counter on each call to updateSelectedKeys() - // each entry in SubSelector.fdsMap has a memorized value of -diff --git a/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c b/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c ---- openjdk/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c -+++ openjdk/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -211,3 +211,20 @@ Java_sun_nio_ch_WindowsSelectorImpl_rese - recv(scinFd, bytes, WAKEUP_SOCKET_BUF_SIZE, 0); - } - } -+ -+JNIEXPORT jboolean JNICALL -+Java_sun_nio_ch_WindowsSelectorImpl_discardUrgentData(JNIEnv* env, jobject this, -+ jint s) -+{ -+ char data[8]; -+ jboolean discarded = JNI_FALSE; -+ int n; -+ do { -+ n = recv(s, data, sizeof(data), MSG_OOB); -+ if (n > 0) { -+ discarded = JNI_TRUE; -+ } -+ } while (n > 0); -+ return discarded; -+} -+
--- a/patches/security/20110607/6618658.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,25 +0,0 @@ ---- openjdk/jdk/src/share/classes/java/security/SignedObject.java 2011-02-09 16:33:11.000000000 +0800 -+++ openjdk/jdk/src/share/classes/java/security/SignedObject.java 2011-02-09 16:33:10.000000000 +0800 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -249,10 +249,10 @@ - * a stream. - */ - private void readObject(java.io.ObjectInputStream s) -- throws java.io.IOException, ClassNotFoundException -- { -- s.defaultReadObject(); -- content = content.clone(); -- signature = signature.clone(); -+ throws java.io.IOException, ClassNotFoundException { -+ java.io.ObjectInputStream.GetField fields = s.readFields(); -+ content = ((byte[])fields.get("content", null)).clone(); -+ signature = ((byte[])fields.get("signature", null)).clone(); -+ thealgorithm = (String)fields.get("thealgorithm", null); - } - }
--- a/patches/security/20110607/7012520.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,25 +0,0 @@ -# HG changeset patch -# User dcherepanov -# Date 1301921550 -14400 -# Node ID 049b0098d27c509fd57843ab4ea7aa5fa5fc84bd -# Parent dc0eabbd9955ebe6a40aa931d6f3333e1f50a1b2 -7012520: Heap overflow vulnerability in FileDialog.show() -Reviewed-by: art, anthony - -diff --git a/src/windows/native/sun/windows/awt_FileDialog.cpp b/src/windows/native/sun/windows/awt_FileDialog.cpp ---- openjdk/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp -+++ openjdk/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp -@@ -231,11 +231,12 @@ AwtFileDialog::Show(void *p) - JavaStringBuffer directoryBuffer(env, directory); - - fileBuffer = new TCHAR[MAX_PATH+1]; -+ memset(fileBuffer, 0, (MAX_PATH+1) * sizeof(TCHAR)); - - file = (jstring)env->GetObjectField(target, AwtFileDialog::fileID); - if (file != NULL) { - LPCTSTR tmp = JNU_GetStringPlatformChars(env, file, NULL); -- _tcscpy(fileBuffer, tmp); -+ _tcsncpy(fileBuffer, tmp, MAX_PATH-1); // the fileBuffer is double null terminated string - JNU_ReleaseStringPlatformChars(env, file, tmp); - } else { - fileBuffer[0] = _T('\0');
--- a/patches/security/20110607/7013519.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,50 +0,0 @@ -# HG changeset patch -# User bae -# Date 1301414029 -14400 -# Node ID dc0eabbd9955ebe6a40aa931d6f3333e1f50a1b2 -# Parent bfc1a4516e20e13c84b6597d7bfcbd2fbc3e0c4d -7013519: [parfait] Integer overflows in 2D code -Reviewed-by: prr - -diff --git a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c ---- openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c -+++ openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c -@@ -40,6 +40,7 @@ - #include <setjmp.h> - #include <assert.h> - #include <string.h> -+#include <limits.h> - - - /* java native interface headers */ -@@ -1921,6 +1922,14 @@ Java_com_sun_imageio_plugins_jpeg_JPEGIm - } - - // Allocate a 1-scanline buffer -+ if (cinfo->num_components <= 0 || -+ cinfo->image_width > (UINT_MAX / (unsigned int)cinfo->num_components)) -+ { -+ RELEASE_ARRAYS(env, data, src->next_input_byte); -+ JNU_ThrowByName(env, "javax/imageio/IIOException", -+ "Invalid number of color components"); -+ return data->abortFlag; -+ } - scanLinePtr = (JSAMPROW)malloc(cinfo->image_width*cinfo->num_components); - if (scanLinePtr == NULL) { - RELEASE_ARRAYS(env, data, src->next_input_byte); -diff --git a/src/share/native/sun/font/layout/SunLayoutEngine.cpp b/src/share/native/sun/font/layout/SunLayoutEngine.cpp ---- openjdk/jdk/src/share/native/sun/font/layout/SunLayoutEngine.cpp -+++ openjdk/jdk/src/share/native/sun/font/layout/SunLayoutEngine.cpp -@@ -186,7 +186,11 @@ JNIEXPORT void JNICALL Java_sun_font_Sun - jchar buffer[256]; - jchar* chars = buffer; - if (len > 256) { -- chars = (jchar*)malloc(len * sizeof(jchar)); -+ size_t size = len * sizeof(jchar); -+ if (size / sizeof(jchar) != len) { -+ return; -+ } -+ chars = (jchar*)malloc(size); - if (chars == 0) { - return; - }
--- a/patches/security/20110607/7013969.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,26 +0,0 @@ -# HG changeset patch -# User chegar -# Date 1298025619 0 -# Node ID 4c569f18b5a1f4eeb7e13fafba7375e39a5b9161 -# Parent 05a59c28ae9fcb8f7c3362a4e1eeeaa1818edbdc -7013969: NetworkInterface.toString can reveal bindings -Reviewed-by: alanb, michaelm, hawtin - -diff --git a/src/share/classes/java/net/NetworkInterface.java b/src/share/classes/java/net/NetworkInterface.java ---- openjdk/jdk/src/share/classes/java/net/NetworkInterface.java -+++ openjdk/jdk/src/share/classes/java/net/NetworkInterface.java -@@ -527,13 +527,8 @@ public final class NetworkInterface { - if (displayName != null) { - result += " (" + displayName + ")"; - } -- result += " index: "+index+" addresses:\n"; -- for (Enumeration e = getInetAddresses(); e.hasMoreElements(); ) { -- InetAddress addr = (InetAddress)e.nextElement(); -- result += addr+";\n"; -- } - return result; - } -+ - private static native void init(); -- - }
--- a/patches/security/20110607/7013971.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,134 +0,0 @@ -diff -Nru openjdk.orig/jaxws/build.properties openjdk/jaxws/build.properties ---- openjdk.orig/jaxws/build.properties 2011-05-23 22:48:31.989289627 +0100 -+++ openjdk/jaxws/build.properties 2011-05-23 22:49:09.841901697 +0100 -@@ -77,6 +77,9 @@ - # Where patches to drop bundle sources live - patches.dir=patches - -+# Patches to apply -+jaxws_src.patch.list=7013971.patch -+ - # Sanity information - sanity.info= Sanity Settings:${line.separator}\ - ant.home=${ant.home}${line.separator}\ -diff -Nru openjdk.orig/jaxws/patches/jaxws_src/7013971.patch openjdk/jaxws/patches/jaxws_src/7013971.patch ---- openjdk.orig/jaxws/patches/jaxws_src/7013971.patch 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jaxws/patches/jaxws_src/7013971.patch 2011-05-23 22:50:07.414832540 +0100 -@@ -0,0 +1,117 @@ -+--- src/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java Tue Jul 21 14:54:59 2009 -0700 -++++ src/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java Mon Feb 14 09:09:00 2011 +0530 -+@@ -72,16 +72,11 @@ public class HttpSOAPConnection extends -+ Logger.getLogger(LogDomainConstants.HTTP_CONN_DOMAIN, -+ "com.sun.xml.internal.messaging.saaj.client.p2p.LocalStrings"); -+ -+- private static final String defaultProxyHost = null; -+- private static final int defaultProxyPort = -1; -+- -+ MessageFactory messageFactory = null; -+ -+ boolean closed = false; -+ -+ public HttpSOAPConnection() throws SOAPException { -+- proxyHost = defaultProxyHost; -+- proxyPort = defaultProxyPort; -+ -+ try { -+ messageFactory = MessageFactory.newInstance(SOAPConstants.DYNAMIC_SOAP_PROTOCOL); -+@@ -157,11 +152,7 @@ public class HttpSOAPConnection extends -+ -+ if (endPoint instanceof URL) -+ try { -+- PriviledgedPost pp = -+- new PriviledgedPost(this, message, (URL) endPoint); -+- SOAPMessage response = -+- (SOAPMessage) AccessController.doPrivileged(pp); -+- -++ SOAPMessage response = post(message, (URL) endPoint); -+ return response; -+ } catch (Exception ex) { -+ // TBD -- chaining? -+@@ -170,73 +161,6 @@ public class HttpSOAPConnection extends -+ log.severe("SAAJ0007.p2p.bad.endPoint.type"); -+ throw new SOAPExceptionImpl("Bad endPoint type " + endPoint); -+ } -+- } -+- -+- static class PriviledgedPost implements PrivilegedExceptionAction { -+- -+- HttpSOAPConnection c; -+- SOAPMessage message; -+- URL endPoint; -+- -+- PriviledgedPost( -+- HttpSOAPConnection c, -+- SOAPMessage message, -+- URL endPoint) { -+- this.c = c; -+- this.message = message; -+- this.endPoint = endPoint; -+- } -+- -+- public Object run() throws Exception { -+- return c.post(message, endPoint); -+- } -+- } -+- -+- // TBD -+- // Fix this to do things better. -+- -+- private String proxyHost = null; -+- -+- static class PriviledgedSetProxyAction implements PrivilegedExceptionAction { -+- -+- String proxyHost = null; -+- int proxyPort = 0; -+- -+- PriviledgedSetProxyAction(String host, int port) { -+- this.proxyHost = host; -+- this.proxyPort = port; -+- } -+- -+- public Object run() throws Exception { -+- System.setProperty("http.proxyHost", proxyHost); -+- System.setProperty("http.proxyPort", new Integer(proxyPort).toString()); -+- log.log(Level.FINE, "SAAJ0050.p2p.proxy.host", -+- new String[] { proxyHost }); -+- log.log(Level.FINE, "SAAJ0051.p2p.proxy.port", -+- new String[] { new Integer(proxyPort).toString() }); -+- return proxyHost; -+- } -+- } -+- -+- -+- public void setProxy(String host, int port) { -+- try { -+- proxyPort = port; -+- PriviledgedSetProxyAction ps = new PriviledgedSetProxyAction(host, port); -+- proxyHost = (String) AccessController.doPrivileged(ps); -+- } catch (Exception e) { -+- throw new RuntimeException(e); -+- } -+- } -+- -+- public String getProxyHost() { -+- return proxyHost; -+- } -+- -+- private int proxyPort = -1; -+- -+- public int getProxyPort() { -+- return proxyPort; -+ } -+ -+ SOAPMessage post(SOAPMessage message, URL endPoint) throws SOAPException { -+--- src/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java Mon Feb 14 09:09:00 2011 +0530 -++++ src/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java Wed Feb 16 00:11:00 2011 +0530 -+@@ -201,7 +201,7 @@ public class HttpSOAPConnection extends -+ httpConnection.setDoOutput(true); -+ httpConnection.setDoInput(true); -+ httpConnection.setUseCaches(false); -+- HttpURLConnection.setFollowRedirects(true); -++ httpConnection.setInstanceFollowRedirects(true); -+ -+ if (message.saveRequired()) -+ message.saveChanges();
--- a/patches/security/20110607/7016495.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,424 +0,0 @@ -# HG changeset patch -# User flar -# Date 1299032055 28800 -# Node ID 50636a6053f85b1355152385560c5856ea14dc3f -# Parent 4c569f18b5a1f4eeb7e13fafba7375e39a5b9161 -7016495: Crash in Java 2D transforming an image with scale close to zero -Reviewed-by: prr, bae - -diff --git a/src/share/classes/sun/java2d/pipe/DrawImage.java b/src/share/classes/sun/java2d/pipe/DrawImage.java ---- openjdk/jdk/src/share/classes/sun/java2d/pipe/DrawImage.java -+++ openjdk/jdk/src/share/classes/sun/java2d/pipe/DrawImage.java -@@ -509,6 +509,9 @@ public class DrawImage implements DrawIm - * edges thus has to be h*2+2 in length - */ - int edges[] = new int[(dy2-dy1)*2+2]; -+ // It is important that edges[0]=edges[1]=0 when we call -+ // Transform in case it must return early and we would -+ // not want to render anything on an error condition. - helper.Transform(tmpmaskblit, srcData, tmpData, - AlphaComposite.Src, null, - itx, interpType, -diff --git a/src/share/native/sun/java2d/loops/TransformHelper.c b/src/share/native/sun/java2d/loops/TransformHelper.c ---- openjdk/jdk/src/share/native/sun/java2d/loops/TransformHelper.c -+++ openjdk/jdk/src/share/native/sun/java2d/loops/TransformHelper.c -@@ -75,6 +75,94 @@ TransformInterpFunc *pBicubicFunc = Bicu - TransformInterpFunc *pBicubicFunc = BicubicInterp; - - /* -+ * The dxydxy parameters of the inverse transform determine how -+ * quickly we step through the source image. For tiny scale -+ * factors (on the order of 1E-16 or so) the stepping distances -+ * are huge. The image has been scaled so small that stepping -+ * a single pixel in device space moves the sampling point by -+ * billions (or more) pixels in the source image space. These -+ * huge stepping values can overflow the whole part of the longs -+ * we use for the fixed point stepping equations and so we need -+ * a more robust solution. We could simply iterate over every -+ * device pixel, use the inverse transform to transform it back -+ * into the source image coordinate system and then test it for -+ * being in range and sample pixel-by-pixel, but that is quite -+ * a bit more expensive. Fortunately, if the scale factors are -+ * so tiny that we overflow our long values then the number of -+ * pixels we are planning to visit should be very tiny. The only -+ * exception to that rule is if the scale factor along one -+ * dimension is tiny (creating the huge stepping values), and -+ * the scale factor along the other dimension is fairly regular -+ * or an up-scale. In that case we have a lot of pixels along -+ * the direction of the larger axis to sample, but few along the -+ * smaller axis. Though, pessimally, with an added shear factor -+ * such a linearly tiny image could have bounds that cover a large -+ * number of pixels. Such odd transformations should be very -+ * rare and the absolute limit on calculations would involve a -+ * single reverse transform of every pixel in the output image -+ * which is not fast, but it should not cause an undue stall -+ * of the rendering software. -+ * -+ * The specific test we will use is to calculate the inverse -+ * transformed values of every corner of the destination bounds -+ * (in order to be user-clip independent) and if we can -+ * perform a fixed-point-long inverse transform of all of -+ * those points without overflowing we will use the fast -+ * fixed point algorithm. Otherwise we will use the safe -+ * per-pixel transform algorithm. -+ * The 4 corners are 0,0, 0,dsth, dstw,0, dstw,dsth -+ * Transformed they are: -+ * tx, ty -+ * tx +dxdy*H, ty +dydy*H -+ * tx+dxdx*W, ty+dydx*W -+ * tx+dxdx*W+dxdy*H, ty+dydx*W+dydy*H -+ */ -+/* We reject coordinates not less than 1<<30 so that the distance between */ -+/* any 2 of them is less than 1<<31 which would overflow into the sign */ -+/* bit of a signed long value used to represent fixed point coordinates. */ -+#define TX_FIXED_UNSAFE(v) (fabs(v) >= (1<<30)) -+static jboolean -+checkOverflow(jint dxoff, jint dyoff, -+ SurfaceDataBounds *pBounds, -+ TransformInfo *pItxInfo, -+ jdouble *retx, jdouble *rety) -+{ -+ jdouble x, y; -+ -+ x = dxoff+pBounds->x1+0.5; /* Center of pixel x1 */ -+ y = dyoff+pBounds->y1+0.5; /* Center of pixel y1 */ -+ Transform_transform(pItxInfo, &x, &y); -+ *retx = x; -+ *rety = y; -+ if (TX_FIXED_UNSAFE(x) || TX_FIXED_UNSAFE(y)) { -+ return JNI_TRUE; -+ } -+ -+ x = dxoff+pBounds->x2-0.5; /* Center of pixel x2-1 */ -+ y = dyoff+pBounds->y1+0.5; /* Center of pixel y1 */ -+ Transform_transform(pItxInfo, &x, &y); -+ if (TX_FIXED_UNSAFE(x) || TX_FIXED_UNSAFE(y)) { -+ return JNI_TRUE; -+ } -+ -+ x = dxoff+pBounds->x1+0.5; /* Center of pixel x1 */ -+ y = dyoff+pBounds->y2-0.5; /* Center of pixel y2-1 */ -+ Transform_transform(pItxInfo, &x, &y); -+ if (TX_FIXED_UNSAFE(x) || TX_FIXED_UNSAFE(y)) { -+ return JNI_TRUE; -+ } -+ -+ x = dxoff+pBounds->x2-0.5; /* Center of pixel x2-1 */ -+ y = dyoff+pBounds->y2-0.5; /* Center of pixel y2-1 */ -+ Transform_transform(pItxInfo, &x, &y); -+ if (TX_FIXED_UNSAFE(x) || TX_FIXED_UNSAFE(y)) { -+ return JNI_TRUE; -+ } -+ -+ return JNI_FALSE; -+} -+ -+/* - * Fill the edge buffer with pairs of coordinates representing the maximum - * left and right pixels of the destination surface that should be processed - * on each scanline, clipped to the bounds parameter. -@@ -82,21 +170,19 @@ TransformInterpFunc *pBicubicFunc = Bicu - * Only pixels that map back through the specified (inverse) transform to a - * source coordinate that falls within the (0, 0, sw, sh) bounds of the - * source image should be processed. -- * pEdgeBuf points to an array of jints that holds MAXEDGES*2 values. -- * If more storage is needed, then this function allocates a new buffer. -- * In either case, a pointer to the buffer actually used to store the -- * results is returned. -- * The caller is responsible for freeing the buffer if the return value -- * is not the same as the original pEdgeBuf passed in. -+ * pEdges points to an array of jints that holds 2 + numedges*2 values where -+ * numedges should match (pBounds->y2 - pBounds->y1). -+ * The first two jints in pEdges should be set to y1 and y2 and every pair -+ * of jints after that represent the xmin,xmax of all pixels in range of -+ * the transformed blit for the corresponding scanline. - */ --static jint * --calculateEdges(jint *pEdgeBuf, -+static void -+calculateEdges(jint *pEdges, - SurfaceDataBounds *pBounds, - TransformInfo *pItxInfo, - jlong xbase, jlong ybase, - juint sw, juint sh) - { -- jint *pEdges; - jlong dxdxlong, dydxlong; - jlong dxdylong, dydylong; - jlong drowxlong, drowylong; -@@ -111,10 +197,8 @@ calculateEdges(jint *pEdgeBuf, - dy1 = pBounds->y1; - dx2 = pBounds->x2; - dy2 = pBounds->y2; -- if ((dy2-dy1) > MAXEDGES) { -- pEdgeBuf = malloc(2 * (dy2-dy1) * sizeof (*pEdges)); -- } -- pEdges = pEdgeBuf; -+ *pEdges++ = dy1; -+ *pEdges++ = dy2; - - drowxlong = (dx2-dx1-1) * dxdxlong; - drowylong = (dx2-dx1-1) * dydxlong; -@@ -155,9 +239,21 @@ calculateEdges(jint *pEdgeBuf, - ybase += dydylong; - dy1++; - } -+} - -- return pEdgeBuf; --} -+static void -+Transform_SafeHelper(JNIEnv *env, -+ SurfaceDataOps *srcOps, -+ SurfaceDataOps *dstOps, -+ SurfaceDataRasInfo *pSrcInfo, -+ SurfaceDataRasInfo *pDstInfo, -+ NativePrimitive *pMaskBlitPrim, -+ CompositeInfo *pCompInfo, -+ TransformHelperFunc *pHelperFunc, -+ TransformInterpFunc *pInterpFunc, -+ RegionData *pClipInfo, TransformInfo *pItxInfo, -+ jint *pData, jint *pEdges, -+ jint dxoff, jint dyoff, jint sw, jint sh); - - /* - * Class: sun_java2d_loops_TransformHelper -@@ -187,12 +283,14 @@ Java_sun_java2d_loops_TransformHelper_Tr - jint maxlinepix; - TransformHelperFunc *pHelperFunc; - TransformInterpFunc *pInterpFunc; -- jint edgebuf[MAXEDGES * 2]; -+ jdouble xorig, yorig; -+ jint numedges; - jint *pEdges; -- jdouble x, y; -- jlong xbase, ybase; -- jlong dxdxlong, dydxlong; -- jlong dxdylong, dydylong; -+ jint edgebuf[2 + MAXEDGES * 2]; -+ union { -+ jlong align; -+ jint data[LINE_SIZE]; -+ } rgb; - - #ifdef MAKE_STUBS - static int th_initialized; -@@ -269,39 +367,62 @@ Java_sun_java2d_loops_TransformHelper_Tr - if (srcOps->Lock(env, srcOps, &srcInfo, pHelperPrim->srcflags) - != SD_SUCCESS) - { -+ /* edgeArray should already contain zeros for min/maxy */ - return; - } - if (dstOps->Lock(env, dstOps, &dstInfo, pMaskBlitPrim->dstflags) - != SD_SUCCESS) - { - SurfaceData_InvokeUnlock(env, srcOps, &srcInfo); -+ /* edgeArray should already contain zeros for min/maxy */ - return; - } - Region_IntersectBounds(&clipInfo, &dstInfo.bounds); - -+ numedges = (dstInfo.bounds.y2 - dstInfo.bounds.y1); -+ if (numedges > MAXEDGES) { -+ pEdges = malloc((2 + 2 * numedges) * sizeof (*pEdges)); -+ if (pEdges == NULL) { -+ SurfaceData_InvokeUnlock(env, dstOps, &dstInfo); -+ SurfaceData_InvokeUnlock(env, srcOps, &srcInfo); -+ /* edgeArray should already contain zeros for min/maxy */ -+ return; -+ } -+ } else { -+ pEdges = edgebuf; -+ } -+ - Transform_GetInfo(env, itxform, &itxInfo); -- dxdxlong = DblToLong(itxInfo.dxdx); -- dydxlong = DblToLong(itxInfo.dydx); -- dxdylong = DblToLong(itxInfo.dxdy); -- dydylong = DblToLong(itxInfo.dydy); -- x = dxoff+dstInfo.bounds.x1+0.5; /* Center of pixel x1 */ -- y = dyoff+dstInfo.bounds.y1+0.5; /* Center of pixel y1 */ -- Transform_transform(&itxInfo, &x, &y); -- xbase = DblToLong(x); -- ybase = DblToLong(y); -- -- pEdges = calculateEdges(edgebuf, &dstInfo.bounds, &itxInfo, -- xbase, ybase, sx2-sx1, sy2-sy1); - - if (!Region_IsEmpty(&clipInfo)) { - srcOps->GetRasInfo(env, srcOps, &srcInfo); - dstOps->GetRasInfo(env, dstOps, &dstInfo); -- if (srcInfo.rasBase && dstInfo.rasBase) { -- union { -- jlong align; -- jint data[LINE_SIZE]; -- } rgb; -+ if (srcInfo.rasBase == NULL || dstInfo.rasBase == NULL) { -+ pEdges[0] = pEdges[1] = 0; -+ } else if (checkOverflow(dxoff, dyoff, &dstInfo.bounds, -+ &itxInfo, &xorig, &yorig)) -+ { -+ Transform_SafeHelper(env, srcOps, dstOps, -+ &srcInfo, &dstInfo, -+ pMaskBlitPrim, &compInfo, -+ pHelperFunc, pInterpFunc, -+ &clipInfo, &itxInfo, rgb.data, pEdges, -+ dxoff, dyoff, sx2-sx1, sy2-sy1); -+ } else { - SurfaceDataBounds span; -+ jlong dxdxlong, dydxlong; -+ jlong dxdylong, dydylong; -+ jlong xbase, ybase; -+ -+ dxdxlong = DblToLong(itxInfo.dxdx); -+ dydxlong = DblToLong(itxInfo.dydx); -+ dxdylong = DblToLong(itxInfo.dxdy); -+ dydylong = DblToLong(itxInfo.dydy); -+ xbase = DblToLong(xorig); -+ ybase = DblToLong(yorig); -+ -+ calculateEdges(pEdges, &dstInfo.bounds, &itxInfo, -+ xbase, ybase, sx2-sx1, sy2-sy1); - - Region_StartIteration(env, &clipInfo); - while (Region_NextIteration(&clipInfo, &span)) { -@@ -318,8 +439,8 @@ Java_sun_java2d_loops_TransformHelper_Tr - - /* Note - process at most one scanline at a time. */ - -- dx1 = pEdges[(dy1 - dstInfo.bounds.y1) * 2]; -- dx2 = pEdges[(dy1 - dstInfo.bounds.y1) * 2 + 1]; -+ dx1 = pEdges[(dy1 - dstInfo.bounds.y1) * 2 + 2]; -+ dx2 = pEdges[(dy1 - dstInfo.bounds.y1) * 2 + 3]; - if (dx1 < span.x1) dx1 = span.x1; - if (dx2 > span.x2) dx2 = span.x2; - -@@ -376,19 +497,122 @@ Java_sun_java2d_loops_TransformHelper_Tr - } - SurfaceData_InvokeRelease(env, dstOps, &dstInfo); - SurfaceData_InvokeRelease(env, srcOps, &srcInfo); -+ } else { -+ pEdges[0] = pEdges[1] = 0; - } - SurfaceData_InvokeUnlock(env, dstOps, &dstInfo); - SurfaceData_InvokeUnlock(env, srcOps, &srcInfo); - if (!JNU_IsNull(env, edgeArray)) { -- (*env)->SetIntArrayRegion(env, edgeArray, 0, 1, &dstInfo.bounds.y1); -- (*env)->SetIntArrayRegion(env, edgeArray, 1, 1, &dstInfo.bounds.y2); -- (*env)->SetIntArrayRegion(env, edgeArray, -- 2, (dstInfo.bounds.y2 - dstInfo.bounds.y1)*2, -- pEdges); -+ (*env)->SetIntArrayRegion(env, edgeArray, 0, 2+numedges*2, pEdges); - } - if (pEdges != edgebuf) { - free(pEdges); - } -+} -+ -+static void -+Transform_SafeHelper(JNIEnv *env, -+ SurfaceDataOps *srcOps, -+ SurfaceDataOps *dstOps, -+ SurfaceDataRasInfo *pSrcInfo, -+ SurfaceDataRasInfo *pDstInfo, -+ NativePrimitive *pMaskBlitPrim, -+ CompositeInfo *pCompInfo, -+ TransformHelperFunc *pHelperFunc, -+ TransformInterpFunc *pInterpFunc, -+ RegionData *pClipInfo, TransformInfo *pItxInfo, -+ jint *pData, jint *pEdges, -+ jint dxoff, jint dyoff, jint sw, jint sh) -+{ -+ SurfaceDataBounds span; -+ jint dx1, dx2; -+ jint dy1, dy2; -+ jint i, iy; -+ -+ dy1 = pDstInfo->bounds.y1; -+ dy2 = pDstInfo->bounds.y2; -+ dx1 = pDstInfo->bounds.x1; -+ dx2 = pDstInfo->bounds.x2; -+ pEdges[0] = dy1; -+ pEdges[1] = dy2; -+ for (iy = dy1; iy < dy2; iy++) { -+ jint i = (iy - dy1) * 2; -+ /* row spans are set to max,min until we find a pixel in range below */ -+ pEdges[i + 2] = dx2; -+ pEdges[i + 3] = dx1; -+ } -+ -+ Region_StartIteration(env, pClipInfo); -+ while (Region_NextIteration(pClipInfo, &span)) { -+ dy1 = span.y1; -+ dy2 = span.y2; -+ while (dy1 < dy2) { -+ dx1 = span.x1; -+ dx2 = span.x2; -+ i = (dy1 - pDstInfo->bounds.y1) * 2; -+ while (dx1 < dx2) { -+ jdouble x, y; -+ jlong xlong, ylong; -+ -+ x = dxoff + dx1 + 0.5; -+ y = dyoff + dy1 + 0.5; -+ Transform_transform(pItxInfo, &x, &y); -+ xlong = DblToLong(x); -+ ylong = DblToLong(y); -+ -+ /* Process only pixels with centers in bounds -+ * Test double values to avoid overflow in conversion -+ * to long values and then also test the long values -+ * in case they rounded up and out of bounds during -+ * the conversion. -+ */ -+ if (x >= 0 && y >= 0 && x < sw && y < sh && -+ WholeOfLong(xlong) < sw && -+ WholeOfLong(ylong) < sh) -+ { -+ void *pDst; -+ -+ if (pEdges[i + 2] > dx1) { -+ pEdges[i + 2] = dx1; -+ } -+ if (pEdges[i + 3] <= dx1) { -+ pEdges[i + 3] = dx1 + 1; -+ } -+ -+ /* Get IntArgbPre pixel data from source */ -+ (*pHelperFunc)(pSrcInfo, -+ pData, 1, -+ xlong, 0, -+ ylong, 0); -+ -+ /* Interpolate result pixels if needed */ -+ if (pInterpFunc) { -+ (*pInterpFunc)(pData, 1, -+ FractOfLong(xlong-LongOneHalf), 0, -+ FractOfLong(ylong-LongOneHalf), 0); -+ } -+ -+ /* Store/Composite interpolated pixels into dest */ -+ pDst = PtrCoord(pDstInfo->rasBase, -+ dx1, pDstInfo->pixelStride, -+ dy1, pDstInfo->scanStride); -+ (*pMaskBlitPrim->funcs.maskblit)(pDst, pData, -+ 0, 0, 0, -+ 1, 1, -+ pDstInfo, pSrcInfo, -+ pMaskBlitPrim, -+ pCompInfo); -+ } -+ -+ /* Increment to next input pixel */ -+ dx1++; -+ } -+ -+ /* Increment to next scanline */ -+ dy1++; -+ } -+ } -+ Region_EndIteration(env, pClipInfo); - } - - #define BL_INTERP_V1_to_V2_by_F(v1, v2, f) \
--- a/patches/security/20110607/7020198.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,139 +0,0 @@ -# HG changeset patch -# User alexp -# Date 1305650123 -14400 -# Node ID 055d6c57c43057e076396142aae7b53272e8a5fa -# Parent bf0758eb099e803a6353e96dd02f085e970900d0 -7020198: ImageIcon creates Component with null acc -Reviewed-by: rupashka - -diff --git a/src/share/classes/javax/swing/ImageIcon.java b/src/share/classes/javax/swing/ImageIcon.java ---- openjdk/jdk/src/share/classes/javax/swing/ImageIcon.java -+++ openjdk/jdk/src/share/classes/javax/swing/ImageIcon.java -@@ -36,6 +36,9 @@ import java.util.Locale; - import java.util.Locale; - import javax.accessibility.*; - -+import sun.awt.AppContext; -+import java.lang.reflect.Field; -+import java.security.*; - - /** - * An implementation of the Icon interface that paints Icons -@@ -75,13 +78,59 @@ public class ImageIcon implements Icon, - ImageObserver imageObserver; - String description = null; - -- protected final static Component component = new Component() {}; -- protected final static MediaTracker tracker = new MediaTracker(component); -+ // Fields for twisted backward compatibility only. DO NOT USE. -+ protected final static Component component; -+ protected final static MediaTracker tracker; -+ -+ static { -+ component = AccessController.doPrivileged(new PrivilegedAction<Component>() { -+ public Component run() { -+ -+ try { -+ final Component component = createNoPermsComponent(); -+ -+ // 6482575 - clear the appContext field so as not to leak it -+ Field appContextField = -+ -+ Component.class.getDeclaredField("appContext"); -+ appContextField.setAccessible(true); -+ appContextField.set(component, null); -+ -+ return component; -+ } catch (Throwable e) { -+ // We don't care about component. -+ // So don't prevent class initialisation. -+ e.printStackTrace(); -+ -+ return null; -+ } -+ } -+ }); -+ tracker = new MediaTracker(component); -+ } -+ -+ private static Component createNoPermsComponent() { -+ // 7020198 - set acc field to no permissions and no subject -+ // Note, will have appContext set. -+ return AccessController.doPrivileged( -+ new PrivilegedAction<Component>() { -+ public Component run() { -+ return new Component() { -+ }; -+ } -+ }, -+ new AccessControlContext(new ProtectionDomain[]{ -+ new ProtectionDomain(null, null) -+ }) -+ ); -+ } - - /** - * Id used in loading images from MediaTracker. - */ - private static int mediaTrackerID; -+ -+ private final static Object TRACKER_KEY = new StringBuilder("TRACKER_KEY"); - - int width = -1; - int height = -1; -@@ -243,17 +292,18 @@ public class ImageIcon implements Icon, - * @param image the image - */ - protected void loadImage(Image image) { -- synchronized(tracker) { -+ MediaTracker mTracker = getTracker(); -+ synchronized(mTracker) { - int id = getNextID(); - -- tracker.addImage(image, id); -+ mTracker.addImage(image, id); - try { -- tracker.waitForID(id, 0); -+ mTracker.waitForID(id, 0); - } catch (InterruptedException e) { - System.out.println("INTERRUPTED while loading Image"); - } -- loadStatus = tracker.statusID(id, false); -- tracker.removeImage(image, id); -+ loadStatus = mTracker.statusID(id, false); -+ mTracker.removeImage(image, id); - - width = image.getWidth(imageObserver); - height = image.getHeight(imageObserver); -@@ -264,9 +314,30 @@ public class ImageIcon implements Icon, - * Returns an ID to use with the MediaTracker in loading an image. - */ - private int getNextID() { -- synchronized(tracker) { -+ synchronized(getTracker()) { - return ++mediaTrackerID; - } -+ } -+ -+ /** -+ * Returns the MediaTracker for the current AppContext, creating a new -+ * MediaTracker if necessary. -+ */ -+ private MediaTracker getTracker() { -+ Object trackerObj; -+ AppContext ac = AppContext.getAppContext(); -+ // Opt: Only synchronize if trackerObj comes back null? -+ // If null, synchronize, re-check for null, and put new tracker -+ synchronized (ac) { -+ trackerObj = ac.get(TRACKER_KEY); -+ if (trackerObj == null) { -+ Component comp = new Component() { -+ }; -+ trackerObj = new MediaTracker(comp); -+ ac.put(TRACKER_KEY, trackerObj); -+ } -+ } -+ return (MediaTracker) trackerObj; - } - - /**
--- a/patches/security/20110607/7020373.patch Wed Jul 06 17:11:34 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,38 +0,0 @@ -# HG changeset patch -# User kamg -# Date 1300992148 14400 -# Node ID f6b8cfca1b530e9f7fd9a0c95eeb239afdb53177 -# Parent 4863fa64ae5f5c96c36c68c5c2bb765e23a5d697 -7020373: JSR rewriting can overflow memory address size variables -Summary: Abort if incoming classfile's parameters would cause overflows -Reviewed-by: coleenp, dcubed, never - -diff --git a/src/share/vm/oops/generateOopMap.cpp b/src/share/vm/oops/generateOopMap.cpp ---- openjdk/hotspot/src/share/vm/oops/generateOopMap.cpp -+++ openjdk/hotspot/src/share/vm/oops/generateOopMap.cpp -@@ -956,10 +956,21 @@ void GenerateOopMap::init_basic_blocks() - // initialize the CellTypeState-related information. - init_state(); - -- // We allocate space for all state-vectors for all basicblocks in one huge chuck. -- // Then in the next part of the code, we set a pointer in each _basic_block that -- // points to each piece. -- CellTypeState *basicBlockState = NEW_RESOURCE_ARRAY(CellTypeState, bbNo * _state_len); -+ // We allocate space for all state-vectors for all basicblocks in one huge -+ // chunk. Then in the next part of the code, we set a pointer in each -+ // _basic_block that points to each piece. -+ -+ // The product of bbNo and _state_len can get large if there are lots of -+ // basic blocks and stack/locals/monitors. Need to check to make sure -+ // we don't overflow the capacity of a pointer. -+ if ((unsigned)bbNo > UINTPTR_MAX / sizeof(CellTypeState) / _state_len) { -+ report_error("The amount of memory required to analyze this method " -+ "exceeds addressable range"); -+ return; -+ } -+ -+ CellTypeState *basicBlockState = -+ NEW_RESOURCE_ARRAY(CellTypeState, bbNo * _state_len); - memset(basicBlockState, 0, bbNo * _state_len * sizeof(CellTypeState)); - - // Make a pass over the basicblocks and assign their state vectors.
--- a/patches/xjc.patch Wed Jul 06 17:11:34 2011 +0100 +++ b/patches/xjc.patch Wed Jul 06 20:45:21 2011 +0100 @@ -1,18 +1,19 @@ diff -Nru openjdk.orig/jaxws/build.properties openjdk/jaxws/build.properties ---- openjdk.orig/jaxws/build.properties 2011-05-23 23:27:25.858844463 +0100 -+++ openjdk/jaxws/build.properties 2011-05-23 23:28:12.143588051 +0100 -@@ -78,7 +78,7 @@ +--- openjdk.orig/jaxws/build.properties 2009-12-04 16:41:02.000000000 +0000 ++++ openjdk/jaxws/build.properties 2009-12-04 16:41:47.000000000 +0000 +@@ -73,6 +73,9 @@ + # Where patches to drop bundle sources live patches.dir=patches - # Patches to apply --jaxws_src.patch.list=7013971.patch -+jaxws_src.patch.list=7013971.patch xjc.patch - ++# Patches to apply ++jaxws_src.patch.list=xjc.patch ++ # Sanity information sanity.info= Sanity Settings:${line.separator}\ + ant.home=${ant.home}${line.separator}\ diff -Nru openjdk.orig/jaxws/patches/jaxws_src/xjc.patch openjdk/jaxws/patches/jaxws_src/xjc.patch --- openjdk.orig/jaxws/patches/jaxws_src/xjc.patch 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jaxws/patches/jaxws_src/xjc.patch 2011-05-23 23:28:02.719436649 +0100 ++++ openjdk/jaxws/patches/jaxws_src/xjc.patch 2009-12-04 16:40:10.000000000 +0000 @@ -0,0 +1,17 @@ +--- src/com/sun/tools/internal/xjc/reader/xmlschema/parser/SchemaConstraintChecker.java.prev 2008-10-21 15:50:20.000000000 +0100 ++++ src/com/sun/tools/internal/xjc/reader/xmlschema/parser/SchemaConstraintChecker.java 2008-10-21 15:57:37.000000000 +0100