Mercurial > hg > release > icedtea6-1.12

view patches/openjdk/8013744-better_tabling.patch @ 3029:dfef77966f7c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2013/10/15 security fixes. 2013-10-29 Andrew John Hughes <gnu.andrew@redhat.com> * Makefile.am: (SECURITY_PATCHES): Add security update. * NEWS: Updated. * patches/jtreg-LastErrorString.patch, * patches/use-idx_t.patch, * patches/openjdk/7162902-corba_fixes.patch, * patches/openjdk/7196533-timezone_bottleneck.patch, * patches/openjdk/8010727-empty_logger_name.patch, * patches/openjdk/8010939-logmanager_deadlock.patch, * patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch, * patches/openjdk/8014718-remove_logging_suntoolkit.patch: Regenerated. * patches/nss-config.patch: Fix path to java.security. * patches/openjdk/4075303-javap_update.patch, * patches/openjdk/4111861-static_fields.patch, * patches/openjdk/4501661-disallow_mixing.patch, * patches/openjdk/4884240-javap_additional_option.patch, * patches/openjdk/6708729-javap_makefile_update.patch, * patches/openjdk/6715767-javap_crash.patch, * patches/openjdk/6819246-javap_instruction_decoding.patch, * patches/openjdk/6824493-experimental.patch, * patches/openjdk/6841419-classfile_iterator.patch, * patches/openjdk/6841420-classfile_methods.patch, * patches/openjdk/6843013-missing_experimental.patch, * patches/openjdk/6852856-javap_subclasses.patch, * patches/openjdk/6867671-javap_whitespace.patch, * patches/openjdk/6868539-constant_pool_tags.patch, * patches/openjdk/6902264-fix_indentation.patch, * patches/openjdk/6954275-big_xml_signatures.patch, * patches/openjdk/7146431-java.security_files.patch, * patches/openjdk/8000450-restrict_access.patch, * patches/openjdk/8002070-remove_logger_stack_search.patch, * patches/openjdk/8003992-embedded_nulls.patch, * patches/openjdk/8004188-rename_java.security.patch, * patches/openjdk/8006882-jmockit.patch, * patches/openjdk/8006900-new_date_time.patch, * patches/openjdk/8008589-better_mbean_permission_validation.patch, * patches/openjdk/8010118-caller_sensitive.patch, * patches/openjdk/8011071-better_crypto_provider_handling.patch, * patches/openjdk/8011081-improve_jhat.patch, * patches/openjdk/8011139-revise_checking_getenclosingclass.patch, * patches/openjdk/8011157-improve_corba_portability-jdk.patch, * patches/openjdk/8011157-improve_corba_portability.patch, * patches/openjdk/8011990-logger_test_urls.patch, * patches/openjdk/8012071-better_bean_building.patch, * patches/openjdk/8012147-improve_tool.patch, * patches/openjdk/8012243-serial_regression.patch, * patches/openjdk/8012277-improve_dataflavour.patch, * patches/openjdk/8012425-transform_transformfactory.patch, * patches/openjdk/8012453-runtime.exec.patch, * patches/openjdk/8013380-logger_stack_walk_glassfish.patch, * patches/openjdk/8013503-improve_stream_factories.patch, * patches/openjdk/8013506-better_pack200.patch, * patches/openjdk/8013510-augment_image_writing.patch, * patches/openjdk/8013514-improve_cmap_stability.patch, * patches/openjdk/8013739-better_ldap_resource_management.patch, * patches/openjdk/8013744-better_tabling.patch, * patches/openjdk/8013827-createtempfile_hang.patch, * patches/openjdk/8014085-better_serialization.patch, * patches/openjdk/8014093-improve_image_parsing.patch, * patches/openjdk/8014102-improve_image_conversion.patch, * patches/openjdk/8014341-better_kerberos_service.patch, * patches/openjdk/8014349-getdeclaredclass_fix.patch, * patches/openjdk/8014530-better_dsp.patch, * patches/openjdk/8014534-better_profiling.patch, * patches/openjdk/8014745-logger_stack_walk_switch.patch, * patches/openjdk/8014987-augment_serialization.patch, * patches/openjdk/8015144-performance_regression.patch, * patches/openjdk/8015614-update_build.patch, * patches/openjdk/8015731-auth_improvements.patch, * patches/openjdk/8015743-address_internet_addresses.patch, * patches/openjdk/8015965-typo_in_property_name.patch, * patches/openjdk/8015978-incorrect_transformation.patch, * patches/openjdk/8016256-finalization_final.patch, * patches/openjdk/8016357-update_hs_diagnostic_class.patch, * patches/openjdk/8016653-ignoreable_characters.patch, * patches/openjdk/8016675-robust_javadoc.patch, * patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch, * patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch, * patches/openjdk/8017287-better_resource_disposal.patch, * patches/openjdk/8017291-cast_proxies_aside.patch, * patches/openjdk/8017298-better_xml_support.patch, * patches/openjdk/8017300-improve_interface_implementation.patch, * patches/openjdk/8017505-better_client_service.patch, * patches/openjdk/8017566-backout_part_of_8000450.patch, * patches/openjdk/8019292-better_attribute_value_exceptions.patch, * patches/openjdk/8019584-invalid_notification_fix.patch, * patches/openjdk/8019617-better_view_of_objects.patch, * patches/openjdk/8019969-inet6_test_case_fix.patch, * patches/openjdk/8019979-better_access_test.patch, * patches/openjdk/8020293-jvm_crash.patch, * patches/openjdk/8021290-signature_validation.patch, * patches/openjdk/8021355-splashscreen_regression.patch, * patches/openjdk/8021366-jaxp_test_fix-01.patch, * patches/openjdk/8021577-bean_serialization_fix.patch, * patches/openjdk/8021933-jaxp_test_fix-02.patch, * patches/openjdk/8021969-jnlp_load_failure.patch, * patches/openjdk/8022661-writeobject_flush.patch, * patches/openjdk/8022682-supporting_xom.patch, * patches/openjdk/8022940-enhance_corba_translations.patch, * patches/openjdk/8023683-enhance_class_file_parsing.patch, * patches/openjdk/8023964-ignore_test.patch, * patches/openjdk/8024914-swapped_usage.patch, * patches/openjdk/8025128-createtempfile_absolute_prefix.patch, * patches/openjdk/oj6-19-fix_8010118_test_cases.patch, * patches/openjdk/oj6-20-merge.patch, * patches/openjdk/oj6-21-overrides.patch: Added.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Wed, 20 Nov 2013 22:56:43 +0000
parents
children
line wrap: on
line source

# HG changeset patch
# User alexsch
# Date 1381852031 -3600
#      Tue Oct 15 16:47:11 2013 +0100
# Node ID d10e47deb098d4af5d58a8bfe92dc8033e5ef6f7
# Parent  a28b8ce4d90e7d7bc1fab599298831e0d62e171e
8013744: Better tabling for AWT
Reviewed-by: art, malenkov, skoivu

diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/javax/swing/JTable.java
--- openjdk/jdk/src/share/classes/javax/swing/JTable.java	Tue Oct 15 16:35:33 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/swing/JTable.java	Tue Oct 15 16:47:11 2013 +0100
@@ -52,6 +52,7 @@
 
 import javax.print.attribute.*;
 import javax.print.PrintService;
+import sun.reflect.misc.ReflectUtil;
 
 import sun.swing.SwingUtilities2;
 import sun.swing.SwingUtilities2.Section;
@@ -5461,14 +5462,15 @@
             // they have the option to replace the value with
             // null or use escape to restore the original.
             // For Strings, return "" for backward compatibility.
-            if ("".equals(s)) {
-                if (constructor.getDeclaringClass() == String.class) {
-                    value = s;
-                }
-                super.stopCellEditing();
-            }
-
             try {
+                if ("".equals(s)) {
+                    if (constructor.getDeclaringClass() == String.class) {
+                        value = s;
+                    }
+                    super.stopCellEditing();
+                }
+
+                SwingUtilities2.checkAccess(constructor.getModifiers());
                 value = constructor.newInstance(new Object[]{s});
             }
             catch (Exception e) {
@@ -5492,6 +5494,8 @@
                 if (type == Object.class) {
                     type = String.class;
                 }
+                ReflectUtil.checkPackageAccess(type);
+                SwingUtilities2.checkAccess(type.getModifiers());
                 constructor = type.getConstructor(argTypes);
             }
             catch (Exception e) {
diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/javax/swing/UIDefaults.java
--- openjdk/jdk/src/share/classes/javax/swing/UIDefaults.java	Tue Oct 15 16:35:33 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/swing/UIDefaults.java	Tue Oct 15 16:47:11 2013 +0100
@@ -53,6 +53,7 @@
 
 import sun.reflect.misc.MethodUtil;
 import sun.reflect.misc.ReflectUtil;
+import sun.swing.SwingUtilities2;
 import sun.util.CoreResourceBundleControl;
 
 /**
@@ -1102,7 +1103,7 @@
                         }
                         ReflectUtil.checkPackageAccess(className);
                         c = Class.forName(className, true, (ClassLoader)cl);
-                        checkAccess(c.getModifiers());
+                        SwingUtilities2.checkAccess(c.getModifiers());
                         if (methodName != null) {
                             Class[] types = getClassArray(args);
                             Method m = c.getMethod(methodName, types);
@@ -1110,7 +1111,7 @@
                         } else {
                             Class[] types = getClassArray(args);
                             Constructor constructor = c.getConstructor(types);
-                            checkAccess(constructor.getModifiers());
+                            SwingUtilities2.checkAccess(constructor.getModifiers());
                             return constructor.newInstance(args);
                         }
                     } catch(Exception e) {
@@ -1125,13 +1126,6 @@
             }, acc);
         }
         
-        private void checkAccess(int modifiers) {
-            if(System.getSecurityManager() != null && 
-                    !Modifier.isPublic(modifiers)) {
-                throw new SecurityException("Resource is not accessible");
-            }
-        }
-
         /* 
          * Coerce the array of class types provided into one which
          * looks the way the Reflection APIs expect.  This is done
diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/javax/swing/text/DefaultFormatter.java
--- openjdk/jdk/src/share/classes/javax/swing/text/DefaultFormatter.java	Tue Oct 15 16:35:33 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/swing/text/DefaultFormatter.java	Tue Oct 15 16:47:11 2013 +0100
@@ -24,7 +24,8 @@
  */
 package javax.swing.text;
 
-import sun.reflect.misc.ConstructorUtil;
+import sun.reflect.misc.ReflectUtil;
+import sun.swing.SwingUtilities2;
 
 import java.io.Serializable;
 import java.lang.reflect.*;
@@ -247,7 +248,9 @@
             Constructor cons;
 
             try {
-                cons = ConstructorUtil.getConstructor(vc, new Class[]{String.class});
+                ReflectUtil.checkPackageAccess(vc);
+                SwingUtilities2.checkAccess(vc.getModifiers());
+                cons = vc.getConstructor(new Class[]{String.class});
 
             } catch (NoSuchMethodException nsme) {
                 cons = null;
@@ -255,6 +258,7 @@
 
             if (cons != null) {
                 try {
+                    SwingUtilities2.checkAccess(cons.getModifiers());
                     return cons.newInstance(new Object[] { string });
                 } catch (Throwable ex) {
                     throw new ParseException("Error creating instance", 0);
diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/javax/swing/text/NumberFormatter.java
--- openjdk/jdk/src/share/classes/javax/swing/text/NumberFormatter.java	Tue Oct 15 16:35:33 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/swing/text/NumberFormatter.java	Tue Oct 15 16:47:11 2013 +0100
@@ -28,6 +28,8 @@
 import java.text.*;
 import java.util.*;
 import javax.swing.text.*;
+import sun.reflect.misc.ReflectUtil;
+import sun.swing.SwingUtilities2;
 
 /**
  * <code>NumberFormatter</code> subclasses <code>InternationalFormatter</code>
@@ -466,10 +468,12 @@
                         valueClass = value.getClass();
                     }
                     try {
+                        ReflectUtil.checkPackageAccess(valueClass);
+                        SwingUtilities2.checkAccess(valueClass.getModifiers());
                         Constructor cons = valueClass.getConstructor(
                                               new Class[] { String.class });
-
                         if (cons != null) {
+                            SwingUtilities2.checkAccess(cons.getModifiers());
                             return cons.newInstance(new Object[]{string});
                         }
                     } catch (Throwable ex) { }
diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/sun/swing/SwingLazyValue.java
--- openjdk/jdk/src/share/classes/sun/swing/SwingLazyValue.java	Tue Oct 15 16:35:33 2013 +0100
+++ openjdk/jdk/src/share/classes/sun/swing/SwingLazyValue.java	Tue Oct 15 16:47:11 2013 +0100
@@ -30,6 +30,7 @@
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import javax.swing.UIDefaults;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * SwingLazyValue is a copy of ProxyLazyValue that does not snapshot the
@@ -64,7 +65,7 @@
     public Object createValue(final UIDefaults table) {
         try {
             Class c;
-            Object cl;
+            ReflectUtil.checkPackageAccess(className);
             c = Class.forName(className, true, null);
             if (methodName != null) {
                 Class[] types = getClassArray(args);
diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/sun/swing/SwingUtilities2.java
--- openjdk/jdk/src/share/classes/sun/swing/SwingUtilities2.java	Tue Oct 15 16:35:33 2013 +0100
+++ openjdk/jdk/src/share/classes/sun/swing/SwingUtilities2.java	Tue Oct 15 16:47:11 2013 +0100
@@ -1319,6 +1319,19 @@
     }
 
     /**
+     * Utility method that throws SecurityException if SecurityManager is set
+     * and modifiers are not public
+     *
+     * @param modifiers a set of modifiers
+     */
+    public static void checkAccess(int modifiers) {
+        if (System.getSecurityManager() != null
+                && !Modifier.isPublic(modifiers)) {
+            throw new SecurityException("Resource is not accessible");
+        }
+    }
+
+    /**
      * Returns true if EventQueue.getCurrentEvent() has the permissions to
      * access the system clipboard and if it is allowed gesture (if
      * checkGesture true)