Mercurial > hg > release > icedtea6-1.12
view patches/openjdk/8013744-better_tabling.patch @ 3029:dfef77966f7c
Add 2013/10/15 security fixes.
2013-10-29 Andrew John Hughes <gnu.andrew@redhat.com>
* Makefile.am:
(SECURITY_PATCHES): Add security update.
* NEWS: Updated.
* patches/jtreg-LastErrorString.patch,
* patches/use-idx_t.patch,
* patches/openjdk/7162902-corba_fixes.patch,
* patches/openjdk/7196533-timezone_bottleneck.patch,
* patches/openjdk/8010727-empty_logger_name.patch,
* patches/openjdk/8010939-logmanager_deadlock.patch,
* patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch,
* patches/openjdk/8014718-remove_logging_suntoolkit.patch:
Regenerated.
* patches/nss-config.patch: Fix path to java.security.
* patches/openjdk/4075303-javap_update.patch,
* patches/openjdk/4111861-static_fields.patch,
* patches/openjdk/4501661-disallow_mixing.patch,
* patches/openjdk/4884240-javap_additional_option.patch,
* patches/openjdk/6708729-javap_makefile_update.patch,
* patches/openjdk/6715767-javap_crash.patch,
* patches/openjdk/6819246-javap_instruction_decoding.patch,
* patches/openjdk/6824493-experimental.patch,
* patches/openjdk/6841419-classfile_iterator.patch,
* patches/openjdk/6841420-classfile_methods.patch,
* patches/openjdk/6843013-missing_experimental.patch,
* patches/openjdk/6852856-javap_subclasses.patch,
* patches/openjdk/6867671-javap_whitespace.patch,
* patches/openjdk/6868539-constant_pool_tags.patch,
* patches/openjdk/6902264-fix_indentation.patch,
* patches/openjdk/6954275-big_xml_signatures.patch,
* patches/openjdk/7146431-java.security_files.patch,
* patches/openjdk/8000450-restrict_access.patch,
* patches/openjdk/8002070-remove_logger_stack_search.patch,
* patches/openjdk/8003992-embedded_nulls.patch,
* patches/openjdk/8004188-rename_java.security.patch,
* patches/openjdk/8006882-jmockit.patch,
* patches/openjdk/8006900-new_date_time.patch,
* patches/openjdk/8008589-better_mbean_permission_validation.patch,
* patches/openjdk/8010118-caller_sensitive.patch,
* patches/openjdk/8011071-better_crypto_provider_handling.patch,
* patches/openjdk/8011081-improve_jhat.patch,
* patches/openjdk/8011139-revise_checking_getenclosingclass.patch,
* patches/openjdk/8011157-improve_corba_portability-jdk.patch,
* patches/openjdk/8011157-improve_corba_portability.patch,
* patches/openjdk/8011990-logger_test_urls.patch,
* patches/openjdk/8012071-better_bean_building.patch,
* patches/openjdk/8012147-improve_tool.patch,
* patches/openjdk/8012243-serial_regression.patch,
* patches/openjdk/8012277-improve_dataflavour.patch,
* patches/openjdk/8012425-transform_transformfactory.patch,
* patches/openjdk/8012453-runtime.exec.patch,
* patches/openjdk/8013380-logger_stack_walk_glassfish.patch,
* patches/openjdk/8013503-improve_stream_factories.patch,
* patches/openjdk/8013506-better_pack200.patch,
* patches/openjdk/8013510-augment_image_writing.patch,
* patches/openjdk/8013514-improve_cmap_stability.patch,
* patches/openjdk/8013739-better_ldap_resource_management.patch,
* patches/openjdk/8013744-better_tabling.patch,
* patches/openjdk/8013827-createtempfile_hang.patch,
* patches/openjdk/8014085-better_serialization.patch,
* patches/openjdk/8014093-improve_image_parsing.patch,
* patches/openjdk/8014102-improve_image_conversion.patch,
* patches/openjdk/8014341-better_kerberos_service.patch,
* patches/openjdk/8014349-getdeclaredclass_fix.patch,
* patches/openjdk/8014530-better_dsp.patch,
* patches/openjdk/8014534-better_profiling.patch,
* patches/openjdk/8014745-logger_stack_walk_switch.patch,
* patches/openjdk/8014987-augment_serialization.patch,
* patches/openjdk/8015144-performance_regression.patch,
* patches/openjdk/8015614-update_build.patch,
* patches/openjdk/8015731-auth_improvements.patch,
* patches/openjdk/8015743-address_internet_addresses.patch,
* patches/openjdk/8015965-typo_in_property_name.patch,
* patches/openjdk/8015978-incorrect_transformation.patch,
* patches/openjdk/8016256-finalization_final.patch,
* patches/openjdk/8016357-update_hs_diagnostic_class.patch,
* patches/openjdk/8016653-ignoreable_characters.patch,
* patches/openjdk/8016675-robust_javadoc.patch,
* patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch,
* patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch,
* patches/openjdk/8017287-better_resource_disposal.patch,
* patches/openjdk/8017291-cast_proxies_aside.patch,
* patches/openjdk/8017298-better_xml_support.patch,
* patches/openjdk/8017300-improve_interface_implementation.patch,
* patches/openjdk/8017505-better_client_service.patch,
* patches/openjdk/8017566-backout_part_of_8000450.patch,
* patches/openjdk/8019292-better_attribute_value_exceptions.patch,
* patches/openjdk/8019584-invalid_notification_fix.patch,
* patches/openjdk/8019617-better_view_of_objects.patch,
* patches/openjdk/8019969-inet6_test_case_fix.patch,
* patches/openjdk/8019979-better_access_test.patch,
* patches/openjdk/8020293-jvm_crash.patch,
* patches/openjdk/8021290-signature_validation.patch,
* patches/openjdk/8021355-splashscreen_regression.patch,
* patches/openjdk/8021366-jaxp_test_fix-01.patch,
* patches/openjdk/8021577-bean_serialization_fix.patch,
* patches/openjdk/8021933-jaxp_test_fix-02.patch,
* patches/openjdk/8021969-jnlp_load_failure.patch,
* patches/openjdk/8022661-writeobject_flush.patch,
* patches/openjdk/8022682-supporting_xom.patch,
* patches/openjdk/8022940-enhance_corba_translations.patch,
* patches/openjdk/8023683-enhance_class_file_parsing.patch,
* patches/openjdk/8023964-ignore_test.patch,
* patches/openjdk/8024914-swapped_usage.patch,
* patches/openjdk/8025128-createtempfile_absolute_prefix.patch,
* patches/openjdk/oj6-19-fix_8010118_test_cases.patch,
* patches/openjdk/oj6-20-merge.patch,
* patches/openjdk/oj6-21-overrides.patch: Added.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Wed, 20 Nov 2013 22:56:43 +0000 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User alexsch # Date 1381852031 -3600 # Tue Oct 15 16:47:11 2013 +0100 # Node ID d10e47deb098d4af5d58a8bfe92dc8033e5ef6f7 # Parent a28b8ce4d90e7d7bc1fab599298831e0d62e171e 8013744: Better tabling for AWT Reviewed-by: art, malenkov, skoivu diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/javax/swing/JTable.java --- openjdk/jdk/src/share/classes/javax/swing/JTable.java Tue Oct 15 16:35:33 2013 +0100 +++ openjdk/jdk/src/share/classes/javax/swing/JTable.java Tue Oct 15 16:47:11 2013 +0100 @@ -52,6 +52,7 @@ import javax.print.attribute.*; import javax.print.PrintService; +import sun.reflect.misc.ReflectUtil; import sun.swing.SwingUtilities2; import sun.swing.SwingUtilities2.Section; @@ -5461,14 +5462,15 @@ // they have the option to replace the value with // null or use escape to restore the original. // For Strings, return "" for backward compatibility. - if ("".equals(s)) { - if (constructor.getDeclaringClass() == String.class) { - value = s; - } - super.stopCellEditing(); - } - try { + if ("".equals(s)) { + if (constructor.getDeclaringClass() == String.class) { + value = s; + } + super.stopCellEditing(); + } + + SwingUtilities2.checkAccess(constructor.getModifiers()); value = constructor.newInstance(new Object[]{s}); } catch (Exception e) { @@ -5492,6 +5494,8 @@ if (type == Object.class) { type = String.class; } + ReflectUtil.checkPackageAccess(type); + SwingUtilities2.checkAccess(type.getModifiers()); constructor = type.getConstructor(argTypes); } catch (Exception e) { diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/javax/swing/UIDefaults.java --- openjdk/jdk/src/share/classes/javax/swing/UIDefaults.java Tue Oct 15 16:35:33 2013 +0100 +++ openjdk/jdk/src/share/classes/javax/swing/UIDefaults.java Tue Oct 15 16:47:11 2013 +0100 @@ -53,6 +53,7 @@ import sun.reflect.misc.MethodUtil; import sun.reflect.misc.ReflectUtil; +import sun.swing.SwingUtilities2; import sun.util.CoreResourceBundleControl; /** @@ -1102,7 +1103,7 @@ } ReflectUtil.checkPackageAccess(className); c = Class.forName(className, true, (ClassLoader)cl); - checkAccess(c.getModifiers()); + SwingUtilities2.checkAccess(c.getModifiers()); if (methodName != null) { Class[] types = getClassArray(args); Method m = c.getMethod(methodName, types); @@ -1110,7 +1111,7 @@ } else { Class[] types = getClassArray(args); Constructor constructor = c.getConstructor(types); - checkAccess(constructor.getModifiers()); + SwingUtilities2.checkAccess(constructor.getModifiers()); return constructor.newInstance(args); } } catch(Exception e) { @@ -1125,13 +1126,6 @@ }, acc); } - private void checkAccess(int modifiers) { - if(System.getSecurityManager() != null && - !Modifier.isPublic(modifiers)) { - throw new SecurityException("Resource is not accessible"); - } - } - /* * Coerce the array of class types provided into one which * looks the way the Reflection APIs expect. This is done diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/javax/swing/text/DefaultFormatter.java --- openjdk/jdk/src/share/classes/javax/swing/text/DefaultFormatter.java Tue Oct 15 16:35:33 2013 +0100 +++ openjdk/jdk/src/share/classes/javax/swing/text/DefaultFormatter.java Tue Oct 15 16:47:11 2013 +0100 @@ -24,7 +24,8 @@ */ package javax.swing.text; -import sun.reflect.misc.ConstructorUtil; +import sun.reflect.misc.ReflectUtil; +import sun.swing.SwingUtilities2; import java.io.Serializable; import java.lang.reflect.*; @@ -247,7 +248,9 @@ Constructor cons; try { - cons = ConstructorUtil.getConstructor(vc, new Class[]{String.class}); + ReflectUtil.checkPackageAccess(vc); + SwingUtilities2.checkAccess(vc.getModifiers()); + cons = vc.getConstructor(new Class[]{String.class}); } catch (NoSuchMethodException nsme) { cons = null; @@ -255,6 +258,7 @@ if (cons != null) { try { + SwingUtilities2.checkAccess(cons.getModifiers()); return cons.newInstance(new Object[] { string }); } catch (Throwable ex) { throw new ParseException("Error creating instance", 0); diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/javax/swing/text/NumberFormatter.java --- openjdk/jdk/src/share/classes/javax/swing/text/NumberFormatter.java Tue Oct 15 16:35:33 2013 +0100 +++ openjdk/jdk/src/share/classes/javax/swing/text/NumberFormatter.java Tue Oct 15 16:47:11 2013 +0100 @@ -28,6 +28,8 @@ import java.text.*; import java.util.*; import javax.swing.text.*; +import sun.reflect.misc.ReflectUtil; +import sun.swing.SwingUtilities2; /** * <code>NumberFormatter</code> subclasses <code>InternationalFormatter</code> @@ -466,10 +468,12 @@ valueClass = value.getClass(); } try { + ReflectUtil.checkPackageAccess(valueClass); + SwingUtilities2.checkAccess(valueClass.getModifiers()); Constructor cons = valueClass.getConstructor( new Class[] { String.class }); - if (cons != null) { + SwingUtilities2.checkAccess(cons.getModifiers()); return cons.newInstance(new Object[]{string}); } } catch (Throwable ex) { } diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/sun/swing/SwingLazyValue.java --- openjdk/jdk/src/share/classes/sun/swing/SwingLazyValue.java Tue Oct 15 16:35:33 2013 +0100 +++ openjdk/jdk/src/share/classes/sun/swing/SwingLazyValue.java Tue Oct 15 16:47:11 2013 +0100 @@ -30,6 +30,7 @@ import java.security.AccessController; import java.security.PrivilegedAction; import javax.swing.UIDefaults; +import sun.reflect.misc.ReflectUtil; /** * SwingLazyValue is a copy of ProxyLazyValue that does not snapshot the @@ -64,7 +65,7 @@ public Object createValue(final UIDefaults table) { try { Class c; - Object cl; + ReflectUtil.checkPackageAccess(className); c = Class.forName(className, true, null); if (methodName != null) { Class[] types = getClassArray(args); diff -r a28b8ce4d90e -r d10e47deb098 src/share/classes/sun/swing/SwingUtilities2.java --- openjdk/jdk/src/share/classes/sun/swing/SwingUtilities2.java Tue Oct 15 16:35:33 2013 +0100 +++ openjdk/jdk/src/share/classes/sun/swing/SwingUtilities2.java Tue Oct 15 16:47:11 2013 +0100 @@ -1319,6 +1319,19 @@ } /** + * Utility method that throws SecurityException if SecurityManager is set + * and modifiers are not public + * + * @param modifiers a set of modifiers + */ + public static void checkAccess(int modifiers) { + if (System.getSecurityManager() != null + && !Modifier.isPublic(modifiers)) { + throw new SecurityException("Resource is not accessible"); + } + } + + /** * Returns true if EventQueue.getCurrentEvent() has the permissions to * access the system clipboard and if it is allowed gesture (if * checkGesture true)