Mercurial > hg > release > icedtea6-1.12
changeset 2994:db270ea37a50
RH952389: Restrict temp file permissions.
2013-04-17 Andrew John Hughes <gnu.andrew@redhat.com>
* ChangeLog:
Move Elliott's entry to correct position.
* Makefile.am:
(ICEDTEA_PATCHES): Fix path to previous patch.
* patches/openjdk/jaxws-tempfiles-ioutils-6.patch:
Moved from here to...
* patches/jaxws-tempfiles-ioutils-6.patch:
...here as not an upstream OpenJDK patch.
2013-04-17 Elliott Baron <ebaron@redhat.com>
* patches/openjdk/jaxws-tempfiles-ioutils-6.patch:
Restrict temp file permissions.
* Makefile.am:
(ICEDTEA_PATCHES): Added new patch.
* NEWS: Updated.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Wed, 24 Apr 2013 09:09:25 +0100 |
parents | 6b16bd8e8e34 |
children | 2e7ef54df229 |
files | ChangeLog Makefile.am NEWS patches/jaxws-tempfiles-ioutils-6.patch |
diffstat | 4 files changed, 199 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Apr 24 08:26:15 2013 +0100 +++ b/ChangeLog Wed Apr 24 09:09:25 2013 +0100 @@ -1,3 +1,22 @@ +2013-04-17 Andrew John Hughes <gnu.andrew@redhat.com> + + * ChangeLog: + Move Elliott's entry to correct position. + * Makefile.am: + (ICEDTEA_PATCHES): Fix path to previous patch. + * patches/openjdk/jaxws-tempfiles-ioutils-6.patch: + Moved from here to... + * patches/jaxws-tempfiles-ioutils-6.patch: + ...here as not an upstream OpenJDK patch. + +2013-04-17 Elliott Baron <ebaron@redhat.com> + + * patches/openjdk/jaxws-tempfiles-ioutils-6.patch: + Restrict temp file permissions. + * Makefile.am: + (ICEDTEA_PATCHES): Added new patch. + * NEWS: Updated. + 2013-04-17 Andrew John Hughes <gnu.andrew@redhat.com> * patches/aarch64.patch:
--- a/Makefile.am Wed Apr 24 08:26:15 2013 +0100 +++ b/Makefile.am Wed Apr 24 09:09:25 2013 +0100 @@ -568,10 +568,9 @@ patches/openjdk/8007393.patch \ patches/openjdk/8007611.patch \ patches/fix_get_stack_bounds_leak.patch \ - patches/openjdk/7197906-handle_32_bit_shifts.patch - -# Needs to be after the addition of SH support to the original HotSpot -ICEDTEA_PATCHES += patches/aarch64.patch + patches/openjdk/7197906-handle_32_bit_shifts.patch \ + patches/aarch64.patch \ + patches/jaxws-tempfiles-ioutils-6.patch if WITH_RHINO ICEDTEA_PATCHES += \
--- a/NEWS Wed Apr 24 08:26:15 2013 +0100 +++ b/NEWS Wed Apr 24 09:09:25 2013 +0100 @@ -46,6 +46,7 @@ - S8009699, CVE-2013-2421: Methodhandle lookup - S8009814, CVE-2013-1488: Better driver management - S8009857, CVE-2013-2422: Problem with plugin + - RH952389: Temporary files created with insecure permissions * Backports - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts - S7036559: ConcurrentHashMap footprint and contention improvements
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/jaxws-tempfiles-ioutils-6.patch Wed Apr 24 09:09:25 2013 +0100 @@ -0,0 +1,176 @@ +diff -ru openjdk/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/org/jvnet/mimepull/TempFiles.java openjdk.new/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/org/jvnet/mimepull/TempFiles.java +--- openjdk/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/org/jvnet/mimepull/TempFiles.java 2013-04-17 13:14:56.952315541 -0400 ++++ openjdk.new/jaxws/drop_included/jaxws_src/src/com/sun/xml/internal/org/jvnet/mimepull/TempFiles.java 2013-04-17 13:14:20.578155775 -0400 +@@ -44,25 +44,47 @@ + private static final Class<?> CLASS_PATH; + private static final Class<?> CLASS_FILE_ATTRIBUTE; + private static final Class<?> CLASS_FILE_ATTRIBUTES; ++ private static final Class<?> CLASS_IOUTILS; + private static final Method METHOD_FILE_TO_PATH; + private static final Method METHOD_FILES_CREATE_TEMP_FILE; + private static final Method METHOD_FILES_CREATE_TEMP_FILE_WITHPATH; +- ++ private static final Method METHOD_IOUTILS_CREATE_TEMP_FILE; ++ private static final Method METHOD_IOUTILS_CREATE_TEMP_FILE_WITHDIR; + private static final Method METHOD_PATH_TO_FILE; + + private static boolean useJdk6API; ++ private static boolean useFileAPI; + + static { + useJdk6API = isJdk6(); +- +- CLASS_FILES = safeGetClass("java.nio.file.Files"); +- CLASS_PATH = safeGetClass("java.nio.file.Path"); +- CLASS_FILE_ATTRIBUTE = safeGetClass("java.nio.file.attribute.FileAttribute"); +- CLASS_FILE_ATTRIBUTES = safeGetClass("[Ljava.nio.file.attribute.FileAttribute;"); +- METHOD_FILE_TO_PATH = safeGetMethod(File.class, "toPath"); +- METHOD_FILES_CREATE_TEMP_FILE = safeGetMethod(CLASS_FILES, "createTempFile", String.class, String.class, CLASS_FILE_ATTRIBUTES); +- METHOD_FILES_CREATE_TEMP_FILE_WITHPATH = safeGetMethod(CLASS_FILES, "createTempFile", CLASS_PATH, String.class, String.class, CLASS_FILE_ATTRIBUTES); +- METHOD_PATH_TO_FILE = safeGetMethod(CLASS_PATH, "toFile"); ++ useFileAPI = false; ++ ++ if (useJdk6API) { ++ CLASS_IOUTILS = safeGetClass("sun.misc.IOUtils"); ++ METHOD_IOUTILS_CREATE_TEMP_FILE = safeGetMethod(CLASS_IOUTILS, "createTempFile", String.class, String.class); ++ METHOD_IOUTILS_CREATE_TEMP_FILE_WITHDIR = safeGetMethod(CLASS_IOUTILS, "createTempFile", String.class, String.class, File.class); ++ CLASS_FILES = null; ++ CLASS_PATH = null; ++ CLASS_FILE_ATTRIBUTE = null; ++ CLASS_FILE_ATTRIBUTES = null; ++ METHOD_FILE_TO_PATH = null; ++ METHOD_FILES_CREATE_TEMP_FILE = null; ++ METHOD_FILES_CREATE_TEMP_FILE_WITHPATH = null; ++ METHOD_PATH_TO_FILE = null; ++ } ++ else { ++ CLASS_FILES = safeGetClass("java.nio.file.Files"); ++ CLASS_PATH = safeGetClass("java.nio.file.Path"); ++ CLASS_FILE_ATTRIBUTE = safeGetClass("java.nio.file.attribute.FileAttribute"); ++ CLASS_FILE_ATTRIBUTES = safeGetClass("[Ljava.nio.file.attribute.FileAttribute;"); ++ METHOD_FILE_TO_PATH = safeGetMethod(File.class, "toPath"); ++ METHOD_FILES_CREATE_TEMP_FILE = safeGetMethod(CLASS_FILES, "createTempFile", String.class, String.class, CLASS_FILE_ATTRIBUTES); ++ METHOD_FILES_CREATE_TEMP_FILE_WITHPATH = safeGetMethod(CLASS_FILES, "createTempFile", CLASS_PATH, String.class, String.class, CLASS_FILE_ATTRIBUTES); ++ METHOD_PATH_TO_FILE = safeGetMethod(CLASS_PATH, "toFile"); ++ CLASS_IOUTILS = null; ++ METHOD_IOUTILS_CREATE_TEMP_FILE = null; ++ METHOD_IOUTILS_CREATE_TEMP_FILE_WITHDIR = null; ++ } + } + + private static boolean isJdk6() { +@@ -72,27 +94,27 @@ + } + + private static Class<?> safeGetClass(String className) { +- // it is jdk 6 or something failed already before +- if (useJdk6API) return null; ++ // Something failed already before ++ if (useFileAPI) return null; + try { + return Class.forName(className); + } catch (ClassNotFoundException e) { + LOGGER.log(Level.SEVERE, "Exception cought", e); + LOGGER.log(Level.WARNING, "Class {0} not found. Temp files will be created using old java.io API.", className); +- useJdk6API = true; ++ useFileAPI = true; + return null; + } + } + + private static Method safeGetMethod(Class<?> clazz, String methodName, Class<?>... parameterTypes) { +- // it is jdk 6 or something failed already before +- if (useJdk6API) return null; ++ // Something failed already before ++ if (useFileAPI) return null; + try { + return clazz.getMethod(methodName, parameterTypes); + } catch (NoSuchMethodException e) { + LOGGER.log(Level.SEVERE, "Exception cought", e); + LOGGER.log(Level.WARNING, "Method {0} not found. Temp files will be created using old java.io API.", methodName); +- useJdk6API = true; ++ useFileAPI = true; + return null; + } + } +@@ -107,37 +129,53 @@ + } + + static File createTempFile(String prefix, String suffix, File dir) throws IOException { +- +- if (useJdk6API) { +- LOGGER.log(Level.FINEST, "Jdk6 detected, temp file (prefix:{0}, suffix:{1}) being created using old java.io API.", new Object[]{prefix, suffix}); +- return File.createTempFile(prefix, suffix, dir); +- +- } else { +- +- try { +- if (dir != null) { +- Object path = toPath(dir); +- LOGGER.log(Level.FINEST, "Temp file (path: {0}, prefix:{1}, suffix:{2}) being created using NIO API.", new Object[]{dir.getAbsolutePath(), prefix, suffix}); +- return toFile(METHOD_FILES_CREATE_TEMP_FILE_WITHPATH.invoke(null, path, prefix, suffix, Array.newInstance(CLASS_FILE_ATTRIBUTE, 0))); +- } else { +- LOGGER.log(Level.FINEST, "Temp file (prefix:{0}, suffix:{1}) being created using NIO API.", new Object[]{prefix, suffix}); +- return toFile(METHOD_FILES_CREATE_TEMP_FILE.invoke(null, prefix, suffix, Array.newInstance(CLASS_FILE_ATTRIBUTE, 0))); ++ if (!useFileAPI) { ++ if (useJdk6API) { // Use IOUtils ++ LOGGER.log(Level.FINEST, "Jdk6 detected, temp file (prefix:{0}, suffix:{1}) being created using sun.misc.IOUtils.", new Object[]{prefix, suffix}); ++ try { ++ if (dir != null) { ++ LOGGER.log(Level.FINEST, "Temp file (path: {0}, prefix:{1}, suffix:{2}) being created using sun.misc.IOUtils.", new Object[]{dir.getAbsolutePath(), prefix, suffix}); ++ return (File) METHOD_IOUTILS_CREATE_TEMP_FILE_WITHDIR.invoke(null, prefix, suffix, dir); ++ } ++ else { ++ LOGGER.log(Level.FINEST, "Temp file (prefix:{0}, suffix:{1}) being created using sun.misc.IOUtils.", new Object[]{prefix, suffix}); ++ return (File) METHOD_IOUTILS_CREATE_TEMP_FILE.invoke(null, prefix, suffix); ++ } ++ } catch (IllegalAccessException e) { ++ LOGGER.log(Level.SEVERE, "Exception caught", e); ++ LOGGER.log(Level.WARNING, "Error invoking sun.misc.IOUtils.createTempFile, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.", ++ new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix}); ++ } catch (InvocationTargetException e) { ++ LOGGER.log(Level.SEVERE, "Exception caught", e); ++ LOGGER.log(Level.WARNING, "Error invoking sun.misc.IOUtils.createTempFile, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.", ++ new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix}); + } ++ } else { // Use NIO API + +- } catch (IllegalAccessException e) { +- LOGGER.log(Level.SEVERE, "Exception caught", e); +- LOGGER.log(Level.WARNING, "Error invoking java.nio API, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.", +- new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix}); +- return File.createTempFile(prefix, suffix, dir); +- +- } catch (InvocationTargetException e) { +- LOGGER.log(Level.SEVERE, "Exception caught", e); +- LOGGER.log(Level.WARNING, "Error invoking java.nio API, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.", +- new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix}); +- return File.createTempFile(prefix, suffix, dir); ++ try { ++ if (dir != null) { ++ Object path = toPath(dir); ++ LOGGER.log(Level.FINEST, "Temp file (path: {0}, prefix:{1}, suffix:{2}) being created using NIO API.", new Object[]{dir.getAbsolutePath(), prefix, suffix}); ++ return toFile(METHOD_FILES_CREATE_TEMP_FILE_WITHPATH.invoke(null, path, prefix, suffix, Array.newInstance(CLASS_FILE_ATTRIBUTE, 0))); ++ } else { ++ LOGGER.log(Level.FINEST, "Temp file (prefix:{0}, suffix:{1}) being created using NIO API.", new Object[]{prefix, suffix}); ++ return toFile(METHOD_FILES_CREATE_TEMP_FILE.invoke(null, prefix, suffix, Array.newInstance(CLASS_FILE_ATTRIBUTE, 0))); ++ } ++ ++ } catch (IllegalAccessException e) { ++ LOGGER.log(Level.SEVERE, "Exception caught", e); ++ LOGGER.log(Level.WARNING, "Error invoking java.nio API, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.", ++ new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix}); ++ } catch (InvocationTargetException e) { ++ LOGGER.log(Level.SEVERE, "Exception caught", e); ++ LOGGER.log(Level.WARNING, "Error invoking java.nio API, temp file (path: {0}, prefix:{1}, suffix:{2}) being created using old java.io API.", ++ new Object[]{dir != null ? dir.getAbsolutePath() : null, prefix, suffix}); ++ } + } + } +- ++ ++ // Use IO API ++ return File.createTempFile(prefix, suffix, dir); + } + +