Mercurial > hg > release > icedtea6-1.11

changeset 2910:a1cb163cb044

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Drop unnecessary patch for S8009554 2013-06-26 Omair Majid <omajid@redhat.com> Severin Gehwolf <sgehwolf@redhat.com> * Makefile.am (SECURITY_PATCHES): Drop patches/security/20130618/8009554-serialjavaobject.patch. * patches/security/20130618/8009554-serialjavaobject.patch: Remove. This was adding redundant permission check
author Omair Majid <omajid@redhat.com>
date Wed, 26 Jun 2013 13:45:20 -0400
parents c5297dd496da
children ea7bce0f610a
files ChangeLog Makefile.am patches/security/20130618/8009554-serialjavaobject.patch
diffstat 3 files changed, 8 insertions(+), 79 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Jun 26 10:47:13 2013 -0400
+++ b/ChangeLog	Wed Jun 26 13:45:20 2013 -0400
@@ -1,3 +1,11 @@
+2013-06-26  Omair Majid  <omajid@redhat.com>
+            Severin Gehwolf  <sgehwolf@redhat.com>
+
+	* Makefile.am (SECURITY_PATCHES): Drop
+	patches/security/20130618/8009554-serialjavaobject.patch.
+	* patches/security/20130618/8009554-serialjavaobject.patch: Remove. This
+	was adding redundant permission checking.
+
 2013-06-26  Omair Majid  <omajid@redhat.com>
 
 	* Makefile.am:
--- a/Makefile.am	Wed Jun 26 10:47:13 2013 -0400
+++ b/Makefile.am	Wed Jun 26 13:45:20 2013 -0400
@@ -363,7 +363,6 @@
 	patches/security/20130618/8009038-jmx_notification_support_improvement.patch \
 	patches/security/20130618/8009067-improve_key_storing.patch \
 	patches/security/20130618/8009235-improve_tsa_data_handling.patch \
-	patches/security/20130618/8009554-serialjavaobject.patch \
 	patches/openjdk/6888167-medialib_memory_leaks.patch \
 	patches/security/20130618/8011243-improve_imaginglib.patch \
 	patches/security/20130618/8011248-better_component_rasters.patch \
--- a/patches/security/20130618/8009554-serialjavaobject.patch	Wed Jun 26 10:47:13 2013 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,78 +0,0 @@
-# HG changeset patch
-# User andrew
-# Date 1371556350 18000
-# Node ID 5fcac0fe0ace5584b980a35afb582519f8434617
-# Parent  97f318cdfb834385beb7370348582daebccc8987
-8009554: Improve SerialJavaObject.getFields
-Reviewed-by: alanb, skoivu
-
-diff --git a/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java b/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
---- openjdk/jdk/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
-+++ openjdk/jdk/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
-  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-  *
-  * This code is free software; you can redistribute it and/or modify it
-@@ -30,6 +30,7 @@
- import java.util.Map;
- import java.lang.reflect.*;
- import javax.sql.rowset.RowSetWarning;
-+import sun.reflect.Reflection;
- 
- /**
-  * A serializable mapping in the Java programming language of an SQL
-@@ -136,10 +137,12 @@
-      * @return an array of <code>Field</code> objects
-      * @throws SerialException if an error is encountered accessing
-      * the serialized object
-+     * @see Class#getFields
-      */
-     public Field[] getFields() throws SerialException {
-         if (fields != null) {
-             Class c = this.obj.getClass();
-+            checkPackageAccess(c);
-             //the following has to be commented before mustang integration
-             //return c.getFields();
-             //the following has to be uncommented before mustang integration
-@@ -172,4 +175,38 @@
-         }
-         chain.add(e);
-     }
-+
-+    /*
-+     * Check if the caller is allowed to access the specified class's package.  If access is denied,
-+     * throw a SecurityException.
-+     *
-+     */
-+    private void checkPackageAccess(Class<?> clz) {
-+        SecurityManager s = System.getSecurityManager();
-+        if (s != null) {
-+            if (sun.reflect.misc.ReflectUtil.needsPackageAccessCheck(
-+                    getCallerClassLoader(), clz.getClassLoader())) {
-+                String name = clz.getName();
-+                int i = name.lastIndexOf('.');
-+                if (i != -1) {
-+                    s.checkPackageAccess(name.substring(0, i));
-+                }
-+            }
-+        }
-+    }
-+
-+    /* Internal method used to get the caller's caller class loader.
-+     * Caution is required if you attempt to make changes as this method assumes
-+     * the following stack frame count:
-+     * 0: Reflection
-+     * 1: getCallerClassLoader
-+     * 2: checkPackageAccess
-+     * 3: getFields
-+     * 4: caller of getFields
-+     */
-+    private static ClassLoader getCallerClassLoader() {
-+        Class<?> cc = Reflection.getCallerClass(4);
-+        ClassLoader cl = (cc != null) ? cc.getClassLoader() : null;
-+        return cl;
-+    }
- }