Mercurial > hg > release > icedtea6-1.12
view patches/security/20130618/8004584-augment_applet_contextualization.patch @ 3004:08ce3247b5b0
Add 2013/06/18 security patches.
2013-06-22 Andrew John Hughes <gnu.andrew@member.fsf.org>
* patches/idresolver_fix.patch:
Removed. Part of 6469266.
* Makefile.am:
(SECURITY_PATCHES): Add new ones.
(SPECIAL_SECURITY_PATCH_1): Renamed from
SPECIAL_SECURITY_PATCH.
(SPECIAL_SECURITY_PATCH_2): Add 8009071, which
needs to be applied after some AWT backports.
(ICEDTEA_PATCHES): Use SPECIAL_SECURITY_PATCH_{1,2}.
Move 8005615, 8007393 & 8007611 to SECURITY_PATCHES
as must be applied before 8004584. Add 7171223 to
end.
* patches/openjdk/6307603-xrender-01.patch,
* patches/openjdk/6469266-xmlsec_1.4.2.patch,
* patches/openjdk/6656651-windows_lcd_glyphs.patch,
* patches/openjdk/6786028-wcag_bold_tags.patch,
* patches/openjdk/6786682-wcag_lang.patch,
* patches/openjdk/6786688-wcag_table.patch,
* patches/openjdk/6786690-wcag_dl.patch,
* patches/openjdk/6802694-no_deprecated.patch,
* patches/openjdk/6851834-restructure.patch,
* patches/openjdk/6888167-medialib_memory_leaks.patch,
* patches/openjdk/6961178-doclet_xml.patch,
* patches/openjdk/6990754-use_native_memory_for_symboltable.patch,
* patches/openjdk/7006270-regressions.patch,
* patches/openjdk/7008809-report_class_in_arraystoreexception.patch,
* patches/openjdk/7014851-unused_parallel_compaction_code.patch,
* patches/openjdk/7017732-move_static_fields_to_class.patch,
* patches/openjdk/7036747-elfstringtable.patch,
* patches/openjdk/7086585-flexible_field_injection.patch,
* patches/openjdk/7171223-strict_aliasing.patch,
* patches/openjdk/7195301-no_instanceof_node.patch,
* patches/security/20130618/6741606-apache_santuario.patch,
* patches/security/20130618/7158805-nested_subroutine_rewriting.patch,
* patches/security/20130618/7170730-windows_network_stack.patch,
* patches/security/20130618/8000638-improve_deserialization.patch,
* patches/security/20130618/8000642-better_transportation_handling.patch,
* patches/security/20130618/8001032-restrict_object_access-corba.patch,
* patches/security/20130618/8001032-restrict_object_access-jdk.patch,
* patches/security/20130618/8001033-refactor_address_handling.patch,
* patches/security/20130618/8001034-memory_management.patch,
* patches/security/20130618/8001038-resourcefully_handle_resources.patch,
* patches/security/20130618/8001043-clarify_definition_restrictions.patch,
* patches/security/20130618/8001309-better_handling_of_annotation_interfaces.patch,
* patches/security/20130618/8001318-6_fixup.patch,
* patches/security/20130618/8001318-socket_getlocaladdress_consistency.patch,
* patches/security/20130618/8001330-checking_order_improvement.patch,
* patches/security/20130618/8001330-improve_checking_order.patch,
* patches/security/20130618/8003703-update_rmi_connection_dialog.patch,
* patches/security/20130618/8004584-augment_applet_contextualization.patch,
* patches/security/20130618/8005007-better_glyph_processing.patch,
* patches/security/20130618/8006328-6_fixup.patch,
* patches/security/20130618/8006328-sound_class_robustness.patch,
* patches/security/20130618/8006611-improve_scripting.patch,
* patches/security/20130618/8007467-improve_jmx_internal_api_robustness.patch,
* patches/security/20130618/8007471-6_fixup.patch,
* patches/security/20130618/8007471-improve_mbean_notifications.patch,
* patches/security/20130618/8007812-getenclosingmethod.patch,
* patches/security/20130618/8008120-improve_jmx_class_checking.patch,
* patches/security/20130618/8008124-better_compliance_testing.patch,
* patches/security/20130618/8008128-better_jmx_api_coherence.patch,
* patches/security/20130618/8008132-better_serialization.patch,
* patches/security/20130618/8008585-jmx_data_handling.patch,
* patches/security/20130618/8008593-better_urlclassloader.patch,
* patches/security/20130618/8008603-jmx_provider_provision.patch,
* patches/security/20130618/8008611-6_fixup.patch,
* patches/security/20130618/8008611-jmx_annotations.patch,
* patches/security/20130618/8008615-jmx_internal_api_robustness.patch,
* patches/security/20130618/8008623-mbeanserver_handling.patch,
* patches/security/20130618/8008744-6741606_rework.patch,
* patches/security/20130618/8008982-jmx_interface_changes.patch,
* patches/security/20130618/8009004-rmi_connection_improvement.patch,
* patches/security/20130618/8009013-t2k_glyphs.patch,
* patches/security/20130618/8009034-jmx_notification_improvement.patch,
* patches/security/20130618/8009038-jmx_notification_support_improvement.patch,
* patches/security/20130618/8009067-improve_key_storing.patch,
* patches/security/20130618/8009071-improve_shape_handling.patch,
* patches/security/20130618/8009235-improve_tsa_data_handling.patch,
* patches/security/20130618/8009554-serialjavaobject.patch,
* patches/security/20130618/8011243-improve_imaginglib.patch,
* patches/security/20130618/8011248-better_component_rasters.patch,
* patches/security/20130618/8011253-better_short_component_rasters.patch,
* patches/security/20130618/8011257-better_byte_component_rasters.patch,
* patches/security/20130618/8011557-improve_reflection.patch,
* patches/security/20130618/8012375-javadoc_framing.patch,
* patches/security/20130618/8012421-better_positioning.patch,
* patches/security/20130618/8012438-better_image_validation.patch,
* patches/security/20130618/8012597-better_image_channel_validation.patch,
* patches/security/20130618/8012601-better_layout_validation.patch,
* patches/security/20130618/8014281-better_xml_signature_checking.patch,
* patches/security/20130618/8015997-more_javadoc_framing.patch,
* patches/security/20130618/diamond_fix.patch,
* patches/security/20130618/handle_npe.patch,
* patches/security/20130618/hs_merge-01.patch,
* patches/security/20130618/hs_merge-02.patch,
* patches/security/20130618/hs_merge-03.patch,
* patches/security/20130618/hs_merge-04.patch,
* patches/security/20130618/javac_issue.patch,
* patches/security/20130618/langtools_generics.patch,
* patches/security/20130618/langtools_merge-01.patch,
* patches/security/20130618/langtools_merge-02.patch,
* patches/security/20130618/langtools_merge-03.patch:
2013/06/18 security patches.
* patches/apache-xml-internal-fix-bug-38655.patch: Remove.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Sat, 22 Jun 2013 16:38:24 -0500 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User andrew # Date 1371392356 18000 # Node ID 148e0adac8e895f2cee0d121f0699bb9d4923044 # Parent 672b00f8dd800d0b494cde9eb219bd82179c5ff5 8004584: Augment applet contextualization Summary: Do not create the main AppContext for applets diff --git a/src/share/classes/java/util/logging/LogManager.java b/src/share/classes/java/util/logging/LogManager.java --- openjdk/jdk/src/share/classes/java/util/logging/LogManager.java +++ openjdk/jdk/src/share/classes/java/util/logging/LogManager.java @@ -342,27 +342,23 @@ // from the execution stack. Object ecx = javaAwtAccess.getExecutionContext(); if (ecx == null) { - // fall back to AppContext.getAppContext() + // fall back to thread group seach of AppContext ecx = javaAwtAccess.getContext(); } - context = (LoggerContext) javaAwtAccess.get(ecx, LoggerContext.class); - if (context == null) { - if (javaAwtAccess.isMainAppContext()) { - context = userContext; - } else { - context = new LoggerContext(); - // during initialization, rootLogger is null when - // instantiating itself RootLogger - if (manager.rootLogger != null) - context.addLocalLogger(manager.rootLogger); + if (ecx != null) { + context = (LoggerContext)javaAwtAccess.get(ecx, LoggerContext.class); + if (context == null) { + if (javaAwtAccess.isMainAppContext()) { + context = userContext; + } else { + context = new LoggerContext(); + } + javaAwtAccess.put(ecx, LoggerContext.class, context); } - javaAwtAccess.put(ecx, LoggerContext.class, context); } } - } else { - context = userContext; } - return context; + return context != null ? context : userContext; } private List<LoggerContext> contexts() { @@ -489,9 +485,22 @@ return logger; } + synchronized void ensureRootLogger(Logger logger) { + if (logger == manager.rootLogger) + return; + + // during initialization, rootLogger is null when + // instantiating itself RootLogger + if (findLogger("") == null && manager.rootLogger != null) { + addLocalLogger(manager.rootLogger); + } + } + // Add a logger to this context. This method will only set its level // and process parent loggers. It doesn't set its handlers. synchronized boolean addLocalLogger(Logger logger) { + ensureRootLogger(logger); + final String name = logger.getName(); if (name == null) { throw new NullPointerException(); diff --git a/src/share/classes/sun/applet/AppletSecurity.java b/src/share/classes/sun/applet/AppletSecurity.java --- openjdk/jdk/src/share/classes/sun/applet/AppletSecurity.java +++ openjdk/jdk/src/share/classes/sun/applet/AppletSecurity.java @@ -52,7 +52,6 @@ */ public class AppletSecurity extends AWTSecurityManager { - private AppContext mainAppContext; //URLClassLoader.acc private static Field facc = null; @@ -77,7 +76,6 @@ */ public AppletSecurity() { reset(); - mainAppContext = AppContext.getAppContext(); } // Cache to store known restricted packages @@ -312,7 +310,7 @@ AppContext appContext = AppContext.getAppContext(); AppletClassLoader appletClassLoader = currentAppletClassLoader(); - if ((appContext == mainAppContext) && (appletClassLoader != null)) { + if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) { // If we're about to allow access to the main EventQueue, // and anything untrusted is on the class context stack, // disallow access. diff --git a/src/share/classes/sun/awt/AppContext.java b/src/share/classes/sun/awt/AppContext.java --- openjdk/jdk/src/share/classes/sun/awt/AppContext.java +++ openjdk/jdk/src/share/classes/sun/awt/AppContext.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,6 +42,7 @@ import java.util.HashSet; import java.beans.PropertyChangeSupport; import java.beans.PropertyChangeListener; +import java.util.concurrent.atomic.AtomicInteger; /** * The AppContext is a table referenced by ThreadGroup which stores @@ -147,8 +148,9 @@ } /* The main "system" AppContext, used by everything not otherwise - contained in another AppContext. - */ + contained in another AppContext. It is implicitly created for + standalone apps only (i.e. not applets) + */ private static AppContext mainAppContext = null; /* @@ -181,27 +183,6 @@ } - static { - // On the main Thread, we get the ThreadGroup, make a corresponding - // AppContext, and instantiate the Java EventQueue. This way, legacy - // code is unaffected by the move to multiple AppContext ability. - AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - ThreadGroup currentThreadGroup = - Thread.currentThread().getThreadGroup(); - ThreadGroup parentThreadGroup = currentThreadGroup.getParent(); - while (parentThreadGroup != null) { - // Find the root ThreadGroup to construct our main AppContext - currentThreadGroup = parentThreadGroup; - parentThreadGroup = currentThreadGroup.getParent(); - } - mainAppContext = new AppContext(currentThreadGroup); - numAppContexts = 1; - return mainAppContext; - } - }); - } - /* * The total number of AppContexts, system-wide. This number is * incremented at the beginning of the constructor, and decremented @@ -209,7 +190,7 @@ * number is 1. If so, it returns the sole AppContext without * checking Thread.currentThread(). */ - private static int numAppContexts; + private static final AtomicInteger numAppContexts = new AtomicInteger(0); /* * The context ClassLoader that was used to create this AppContext. @@ -230,7 +211,7 @@ * @since 1.2 */ AppContext(ThreadGroup threadGroup) { - numAppContexts++; + numAppContexts.incrementAndGet(); this.threadGroup = threadGroup; threadGroup2appContext.put(threadGroup, this); @@ -245,6 +226,27 @@ private static MostRecentThreadAppContext mostRecentThreadAppContext = null; + private final static void initMainAppContext() { + // On the main Thread, we get the ThreadGroup, make a corresponding + // AppContext, and instantiate the Java EventQueue. This way, legacy + // code is unaffected by the move to multiple AppContext ability. + AccessController.doPrivileged(new PrivilegedAction<Void>() { + public Void run() { + ThreadGroup currentThreadGroup = + Thread.currentThread().getThreadGroup(); + ThreadGroup parentThreadGroup = currentThreadGroup.getParent(); + while (parentThreadGroup != null) { + // Find the root ThreadGroup to construct our main AppContext + currentThreadGroup = parentThreadGroup; + parentThreadGroup = currentThreadGroup.getParent(); + } + + mainAppContext = SunToolkit.createNewAppContext(currentThreadGroup); + return null; + } + }); + } + /** * Returns the appropriate AppContext for the caller, * as determined by its ThreadGroup. If the main "system" AppContext @@ -257,8 +259,10 @@ * @since 1.2 */ public final static AppContext getAppContext() { - if (numAppContexts == 1) // If there's only one system-wide, - return mainAppContext; // return the main system AppContext. + // we are standalone app, return the main app context + if (numAppContexts.get() == 1 && mainAppContext != null) { + return mainAppContext; + } final Thread currentThread = Thread.currentThread(); @@ -284,16 +288,25 @@ // when new AppContext objects are created. ThreadGroup currentThreadGroup = currentThread.getThreadGroup(); ThreadGroup threadGroup = currentThreadGroup; + + // Special case: we implicitly create the main app context + // if no contexts have been created yet. This covers standalone apps + // and excludes applets because by the time applet starts + // a number of contexts have already been created by the plugin. + if (numAppContexts.get() == 0) { + // This check is not necessary, its purpose is to help + // Plugin devs to catch all the cases of main AC creation. + if (System.getProperty("javaplugin.version") == null && + System.getProperty("javawebstart.version") == null) { + initMainAppContext(); + } + } + AppContext context = threadGroup2appContext.get(threadGroup); while (context == null) { threadGroup = threadGroup.getParent(); if (threadGroup == null) { - // If we get here, we're running under a ThreadGroup that - // has no AppContext associated with it. This should never - // happen, because createNewContext() should be used by the - // toolkit to create the ThreadGroup that everything runs - // under. - throw new RuntimeException("Invalid ThreadGroup"); + return null; } context = threadGroup2appContext.get(threadGroup); } @@ -303,10 +316,8 @@ for (ThreadGroup tg = currentThreadGroup; tg != threadGroup; tg = tg.getParent()) { threadGroup2appContext.put(tg, context); } + // Now we're done, so we cache the latest key/value pair. - // (we do this before checking with any AWTSecurityManager, so if - // this Thread equates with the main AppContext in the cache, it - // still will) mostRecentThreadAppContext = new MostRecentThreadAppContext(currentThread, context); @@ -315,17 +326,17 @@ }); } - if (appContext == mainAppContext) { - // Before we return the main "system" AppContext, check to - // see if there's an AWTSecurityManager installed. If so, - // allow it to choose the AppContext to return. - AppContext secAppContext = getExecutionAppContext(); - if (secAppContext != null) { - appContext = secAppContext; // Return what we're told - } - } + return appContext; + } - return appContext; + /** + * Returns true if the specified AppContext is the main AppContext. + * + * @param ctx the context to compare with the main context + * @return true if the specified AppContext is the main AppContext. + */ + public final static boolean isMainContext(AppContext ctx) { + return (ctx != null && ctx == mainAppContext); } private final static AppContext getExecutionAppContext() { @@ -500,7 +511,7 @@ this.table.clear(); // Clear out the Hashtable to ease garbage collection } - numAppContexts--; + numAppContexts.decrementAndGet(); mostRecentKeyValue = null; } @@ -790,7 +801,7 @@ return getAppContext().isDisposed(); } public boolean isMainAppContext() { - return (numAppContexts == 1); + return (numAppContexts.get() == 1 && mainAppContext != null); } public Object getContext() { return getAppContext(); diff --git a/src/share/classes/sun/awt/SunToolkit.java b/src/share/classes/sun/awt/SunToolkit.java --- openjdk/jdk/src/share/classes/sun/awt/SunToolkit.java +++ openjdk/jdk/src/share/classes/sun/awt/SunToolkit.java @@ -293,6 +293,10 @@ */ public static AppContext createNewAppContext() { ThreadGroup threadGroup = Thread.currentThread().getThreadGroup(); + return createNewAppContext(threadGroup); + } + + static final AppContext createNewAppContext(ThreadGroup threadGroup) { EventQueue eventQueue; String eqName = System.getProperty("AWT.EventQueueClass", "java.awt.EventQueue");