Mercurial > hg > release > icedtea6-1.12

view patches/security/20130416/6657673-factory_finder.patch @ 2999:f12754deed53

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Cleanup from previous commit. 2013-04-24 Andrew John Hughes <gnu.andrew@redhat.com> * Makefile.am: (ICEDTEA_PATCHES): Rename patches. * NEWS: List backports in previous change correctly. * patches/openjdk/7133220-factory-finder-parser-transform-useBSClassLoader.patch: Moved to... * patches/openjdk/7133220-factory_finder_parser_transform_useBSClassLoader.patch: ...this. * patches/openjdk/6657673-factory-finder-parser-transform-internal-packages.patch: Moved to.. * patches/security/20130416/6657673-factory_finder.patch: ...this.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Wed, 24 Apr 2013 09:21:10 +0100
parents patches/openjdk/6657673-factory-finder-parser-transform-internal-packages.patch@148faa0f0f08
children
line wrap: on
line source

diff -ur openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java
--- openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java	2013-04-22 12:42:32.138748378 -0400
+++ openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/parsers/FactoryFinder.java	2013-04-22 12:41:36.033419998 -0400
@@ -44,7 +44,7 @@
  * @author Santiago.PericasGeertsen@sun.com
  */
 class FactoryFinder {
-    
+    private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal";
     /**
      * Internal debug flag.
      */
@@ -140,6 +140,14 @@
     static Object newInstance(String className, ClassLoader cl, boolean doFallback)
         throws ConfigurationError
     {
+        // make sure we have access to restricted packages
+        if (System.getSecurityManager() != null) {
+            if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
+                cl = null;
+                useBSClsLoader = true;
+            }
+        }
+
         try {
             Class providerClass = getProviderClass(className, cl, doFallback);                        
             Object instance = providerClass.newInstance();
Only in openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/parsers: FactoryFinder.java.orig
diff -ur openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java
--- openjdk/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java	2013-04-22 12:42:32.230748906 -0400
+++ openjdk.new/jaxp/drop_included/jaxp_src/src/javax/xml/transform/FactoryFinder.java	2013-04-22 12:41:41.268451218 -0400
@@ -44,6 +44,7 @@
  * @author Santiago.PericasGeertsen@sun.com
  */
 class FactoryFinder {
+    private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xalan.internal.";
     
     /**
      * Internal debug flag.
@@ -140,6 +141,14 @@
     static Object newInstance(String className, ClassLoader cl, boolean doFallback)
         throws ConfigurationError
     {
+        // make sure we have access to restricted packages
+        if (System.getSecurityManager() != null) {
+            if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
+                cl = null;
+                useBSClsLoader = true;
+            }
+        }
+
         try {
             Class providerClass = getProviderClass(className, cl, doFallback);                        
             Object instance = providerClass.newInstance();