Mercurial > hg > release > icedtea6-1.12
view patches/security/20130416/6657673-factory_finder.patch @ 2999:f12754deed53
Cleanup from previous commit.
2013-04-24 Andrew John Hughes <gnu.andrew@redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Rename patches.
* NEWS: List backports in previous change
correctly.
* patches/openjdk/7133220-factory-finder-parser-transform-useBSClassLoader.patch:
Moved to...
* patches/openjdk/7133220-factory_finder_parser_transform_useBSClassLoader.patch:
...this.
* patches/openjdk/6657673-factory-finder-parser-transform-internal-packages.patch:
Moved to..
* patches/security/20130416/6657673-factory_finder.patch:
...this.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Wed, 24 Apr 2013 09:21:10 +0100 |
parents | patches/openjdk/6657673-factory-finder-parser-transform-internal-packages.patch@148faa0f0f08 |
children |
line wrap: on
line source
diff -ur openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java --- openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java 2013-04-22 12:42:32.138748378 -0400 +++ openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java 2013-04-22 12:41:36.033419998 -0400 @@ -44,7 +44,7 @@ * @author Santiago.PericasGeertsen@sun.com */ class FactoryFinder { - + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal"; /** * Internal debug flag. */ @@ -140,6 +140,14 @@ static Object newInstance(String className, ClassLoader cl, boolean doFallback) throws ConfigurationError { + // make sure we have access to restricted packages + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + cl = null; + useBSClsLoader = true; + } + } + try { Class providerClass = getProviderClass(className, cl, doFallback); Object instance = providerClass.newInstance(); Only in openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/parsers: FactoryFinder.java.orig diff -ur openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java --- openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java 2013-04-22 12:42:32.230748906 -0400 +++ openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java 2013-04-22 12:41:41.268451218 -0400 @@ -44,6 +44,7 @@ * @author Santiago.PericasGeertsen@sun.com */ class FactoryFinder { + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xalan.internal."; /** * Internal debug flag. @@ -140,6 +141,14 @@ static Object newInstance(String className, ClassLoader cl, boolean doFallback) throws ConfigurationError { + // make sure we have access to restricted packages + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + cl = null; + useBSClsLoader = true; + } + } + try { Class providerClass = getProviderClass(className, cl, doFallback); Object instance = providerClass.newInstance();