Mercurial > hg > release > icedtea6-1.5
changeset 1449:e091113be80d
Move security patches to subdirectory.
2009-03-24 Andrew John Hughes <ahughes@redhat.com>
* patches/icedtea-6536193.patch,
* patches/icedtea-6610888.patch,
* patches/icedtea-6610896.patch,
* patches/icedtea-6630639.patch,
* patches/icedtea-6632886.patch,
* patches/icedtea-6636360.patch,
* patches/icedtea-6652463.patch,
* patches/icedtea-6656633.patch,
* patches/icedtea-6658158.patch,
* patches/icedtea-6691246.patch,
* patches/icedtea-6717680.patch,
* patches/icedtea-6721651.patch,
* patches/icedtea-6737315.patch,
* patches/icedtea-6792554.patch,
* patches/icedtea-6804996.patch,
* patches/icedtea-6804997.patch,
* patches/icedtea-6804998.patch: Moved...
* Makefile.am: Updated.
* patches/security/icedtea-6536193.patch,
* patches/security/icedtea-6610888.patch,
* patches/security/icedtea-6610896.patch,
* patches/security/icedtea-6630639.patch,
* patches/security/icedtea-6632886.patch,
* patches/security/icedtea-6636360.patch,
* patches/security/icedtea-6652463.patch,
* patches/security/icedtea-6656633.patch,
* patches/security/icedtea-6658158.patch,
* patches/security/icedtea-6691246.patch,
* patches/security/icedtea-6717680.patch,
* patches/security/icedtea-6721651.patch,
* patches/security/icedtea-6737315.patch,
* patches/security/icedtea-6792554.patch,
* patches/security/icedtea-6804996.patch,
* patches/security/icedtea-6804997.patch,
* patches/security/icedtea-6804998.patch:
to here.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Tue, 24 Mar 2009 14:15:51 +0000 |
parents | 246837dabf32 |
children | 294a48a8e60a |
files | ChangeLog Makefile.am patches/icedtea-6536193.patch patches/icedtea-6610888.patch patches/icedtea-6610896.patch patches/icedtea-6630639.patch patches/icedtea-6632886.patch patches/icedtea-6636360.patch patches/icedtea-6652463.patch patches/icedtea-6656633.patch patches/icedtea-6658158.patch patches/icedtea-6691246.patch patches/icedtea-6717680.patch patches/icedtea-6721651.patch patches/icedtea-6737315.patch patches/icedtea-6792554.patch patches/icedtea-6804996.patch patches/icedtea-6804997.patch patches/icedtea-6804998.patch patches/security/icedtea-6536193.patch patches/security/icedtea-6610888.patch patches/security/icedtea-6610896.patch patches/security/icedtea-6630639.patch patches/security/icedtea-6632886.patch patches/security/icedtea-6636360.patch patches/security/icedtea-6652463.patch patches/security/icedtea-6656633.patch patches/security/icedtea-6658158.patch patches/security/icedtea-6691246.patch patches/security/icedtea-6717680.patch patches/security/icedtea-6721651.patch patches/security/icedtea-6737315.patch patches/security/icedtea-6792554.patch patches/security/icedtea-6804996.patch patches/security/icedtea-6804997.patch patches/security/icedtea-6804998.patch |
diffstat | 36 files changed, 3393 insertions(+), 3354 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Mar 24 07:54:27 2009 -0400 +++ b/ChangeLog Tue Mar 24 14:15:51 2009 +0000 @@ -1,3 +1,42 @@ +2009-03-24 Andrew John Hughes <ahughes@redhat.com> + + * patches/icedtea-6536193.patch, + * patches/icedtea-6610888.patch, + * patches/icedtea-6610896.patch, + * patches/icedtea-6630639.patch, + * patches/icedtea-6632886.patch, + * patches/icedtea-6636360.patch, + * patches/icedtea-6652463.patch, + * patches/icedtea-6656633.patch, + * patches/icedtea-6658158.patch, + * patches/icedtea-6691246.patch, + * patches/icedtea-6717680.patch, + * patches/icedtea-6721651.patch, + * patches/icedtea-6737315.patch, + * patches/icedtea-6792554.patch, + * patches/icedtea-6804996.patch, + * patches/icedtea-6804997.patch, + * patches/icedtea-6804998.patch: Moved... + * Makefile.am: Updated. + * patches/security/icedtea-6536193.patch, + * patches/security/icedtea-6610888.patch, + * patches/security/icedtea-6610896.patch, + * patches/security/icedtea-6630639.patch, + * patches/security/icedtea-6632886.patch, + * patches/security/icedtea-6636360.patch, + * patches/security/icedtea-6652463.patch, + * patches/security/icedtea-6656633.patch, + * patches/security/icedtea-6658158.patch, + * patches/security/icedtea-6691246.patch, + * patches/security/icedtea-6717680.patch, + * patches/security/icedtea-6721651.patch, + * patches/security/icedtea-6737315.patch, + * patches/security/icedtea-6792554.patch, + * patches/security/icedtea-6804996.patch, + * patches/security/icedtea-6804997.patch, + * patches/security/icedtea-6804998.patch: + to here. + 2009-03-24 Lillian Angel <langel@redhat.com> * Makefile.am
--- a/Makefile.am Tue Mar 24 07:54:27 2009 -0400 +++ b/Makefile.am Tue Mar 24 14:15:51 2009 +0000 @@ -544,22 +544,22 @@ patches/icedtea-core-build.patch \ patches/icedtea-jvmtiEnv.patch \ patches/icedtea-lcms.patch \ - patches/icedtea-6536193.patch \ - patches/icedtea-6610888.patch \ - patches/icedtea-6610896.patch \ - patches/icedtea-6630639.patch \ - patches/icedtea-6632886.patch \ - patches/icedtea-6652463.patch \ - patches/icedtea-6656633.patch \ - patches/icedtea-6658158.patch \ - patches/icedtea-6691246.patch \ - patches/icedtea-6717680.patch \ - patches/icedtea-6721651.patch \ - patches/icedtea-6737315.patch \ - patches/icedtea-6792554.patch \ - patches/icedtea-6804996.patch \ - patches/icedtea-6804997.patch \ - patches/icedtea-6804998.patch + patches/security/icedtea-6536193.patch \ + patches/security/icedtea-6610888.patch \ + patches/security/icedtea-6610896.patch \ + patches/security/icedtea-6630639.patch \ + patches/security/icedtea-6632886.patch \ + patches/security/icedtea-6652463.patch \ + patches/security/icedtea-6656633.patch \ + patches/security/icedtea-6658158.patch \ + patches/security/icedtea-6691246.patch \ + patches/security/icedtea-6717680.patch \ + patches/security/icedtea-6721651.patch \ + patches/security/icedtea-6737315.patch \ + patches/security/icedtea-6792554.patch \ + patches/security/icedtea-6804996.patch \ + patches/security/icedtea-6804997.patch \ + patches/security/icedtea-6804998.patch if WITH_ALT_HSBUILD ICEDTEA_PATCHES += \
--- a/patches/icedtea-6536193.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,102 +0,0 @@ ---- old/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Tue Mar 3 11:34:51 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Tue Mar 3 11:34:50 2009 -@@ -1,27 +1,3 @@ --/* -- * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved. -- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -- * -- * This code is free software; you can redistribute it and/or modify it -- * under the terms of the GNU General Public License version 2 only, as -- * published by the Free Software Foundation. Sun designates this -- * particular file as subject to the "Classpath" exception as provided -- * by Sun in the LICENSE file that accompanied this code. -- * -- * This code is distributed in the hope that it will be useful, but WITHOUT -- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -- * version 2 for more details (a copy is included in the LICENSE file that -- * accompanied this code). -- * -- * You should have received a copy of the GNU General Public License version -- * 2 along with this work; if not, write to the Free Software Foundation, -- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -- * -- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, -- * CA 95054 USA or visit www.sun.com if you need additional information or -- * have any questions. -- */ - package com.sun.xml.internal.bind.v2.runtime.output; - - import java.io.IOException; -@@ -32,6 +8,7 @@ - import com.sun.xml.internal.bind.DatatypeConverterImpl; - import com.sun.xml.internal.bind.v2.runtime.Name; - import com.sun.xml.internal.bind.v2.runtime.XMLSerializer; -+import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl; - - import org.xml.sax.SAXException; - -@@ -81,6 +58,11 @@ - protected boolean closeStartTagPending = false; - - /** -+ * @see MarshallerImpl#header -+ */ -+ private String header; -+ -+ /** - * - * @param localNames - * local names encoded in UTF-8. -@@ -92,6 +74,10 @@ - prefixes[i] = new Encoded(); - } - -+ public void setHeader(String header) { -+ this.header = header; -+ } -+ - @Override - public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException { - super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext); -@@ -100,6 +86,10 @@ - if(!fragment) { - write(XML_DECL); - } -+ if(header!=null) { -+ textBuffer.set(header); -+ textBuffer.write(this); -+ } - } - - public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException { -@@ -383,11 +373,23 @@ - return buf; - } - -- private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\""); -- private static final byte[] XMLNS_COLON = toBytes(" xmlns:"); -- private static final byte[] EQUALS = toBytes("=\""); -- private static final byte[] CLOSE_TAG = toBytes("</"); -- private static final byte[] EMPTY_TAG = toBytes("/>"); -+ // per instance copy to prevent an attack where malicious OutputStream -+ // rewrites the byte array. -+ private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone(); -+ private final byte[] XMLNS_COLON = _XMLNS_COLON.clone(); -+ private final byte[] EQUALS = _EQUALS.clone(); -+ private final byte[] CLOSE_TAG = _CLOSE_TAG.clone(); -+ private final byte[] EMPTY_TAG = _EMPTY_TAG.clone(); -+ private final byte[] XML_DECL = _XML_DECL.clone(); -+ -+ // masters -+ private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\""); -+ private static final byte[] _XMLNS_COLON = toBytes(" xmlns:"); -+ private static final byte[] _EQUALS = toBytes("=\""); -+ private static final byte[] _CLOSE_TAG = toBytes("</"); -+ private static final byte[] _EMPTY_TAG = toBytes("/>"); -+ private static final byte[] _XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"); -+ -+ // no need to copy - private static final byte[] EMPTY_BYTE_ARRAY = new byte[0]; -- private static final byte[] XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"); - }
--- a/patches/icedtea-6610888.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,58 +0,0 @@ ---- old/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 17:21:12 2009 -+++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 17:21:11 2009 -@@ -37,6 +37,7 @@ - import java.security.AccessControlContext; - import java.security.AccessController; - import java.security.PrivilegedAction; -+import java.security.ProtectionDomain; - import java.util.List; - import java.util.concurrent.CopyOnWriteArrayList; - import java.util.concurrent.ExecutorService; -@@ -170,7 +171,10 @@ - /** - * AccessControlContext of the Monitor.start() caller. - */ -- private AccessControlContext acc; -+ private static final AccessControlContext noPermissionsACC = -+ new AccessControlContext( -+ new ProtectionDomain[] {new ProtectionDomain(null, null)}); -+ private volatile AccessControlContext acc = noPermissionsACC; - - /** - * Scheduler Service. -@@ -755,7 +759,7 @@ - - // Reset the AccessControlContext. - // -- acc = null; -+ acc = noPermissionsACC; - - // Reset the complex type attribute information - // such that it is recalculated again. -@@ -1555,10 +1559,12 @@ - - public void run() { - final ScheduledFuture<?> sf; -+ final AccessControlContext ac; - synchronized (Monitor.this) { - sf = Monitor.this.schedulerFuture; -+ ac = Monitor.this.acc; - } -- AccessController.doPrivileged(new PrivilegedAction<Void>() { -+ PrivilegedAction<Void> action = new PrivilegedAction<Void>() { - public Void run() { - if (Monitor.this.isActive()) { - final int an[] = alreadyNotifieds; -@@ -1571,7 +1577,11 @@ - } - return null; - } -- }, Monitor.this.acc); -+ }; -+ if (ac == null) { -+ throw new SecurityException("AccessControlContext cannot be null"); -+ } -+ AccessController.doPrivileged(action, ac); - synchronized (Monitor.this) { - if (Monitor.this.isActive() && - Monitor.this.schedulerFuture == sf) {
--- a/patches/icedtea-6610896.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,189 +0,0 @@ ---- old/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 16:53:02 2009 -+++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 16:53:01 2009 -@@ -38,8 +38,9 @@ - import java.security.AccessController; - import java.security.PrivilegedAction; - import java.util.List; -+import java.util.Map; -+import java.util.WeakHashMap; - import java.util.concurrent.CopyOnWriteArrayList; --import java.util.concurrent.ExecutorService; - import java.util.concurrent.Executors; - import java.util.concurrent.Future; - import java.util.concurrent.LinkedBlockingQueue; -@@ -180,14 +181,20 @@ - new DaemonThreadFactory("Scheduler")); - - /** -- * Maximum Pool Size -+ * Map containing the thread pool executor per thread group. - */ -- private static final int maximumPoolSize; -+ private static final Map<ThreadPoolExecutor, Void> executors = -+ new WeakHashMap<ThreadPoolExecutor, Void>(); - - /** -- * Executor Service. -+ * Lock for executors map. - */ -- private static final ExecutorService executor; -+ private static final Object executorsLock = new Object(); -+ -+ /** -+ * Maximum Pool Size -+ */ -+ private static final int maximumPoolSize; - static { - final String maximumPoolSizeSysProp = "jmx.x.monitor.maximum.pool.size"; - final String maximumPoolSizeStr = AccessController.doPrivileged( -@@ -217,22 +224,9 @@ - maximumPoolSize = maximumPoolSizeTmp; - } - } -- executor = new ThreadPoolExecutor( -- maximumPoolSize, -- maximumPoolSize, -- 60L, -- TimeUnit.SECONDS, -- new LinkedBlockingQueue<Runnable>(), -- new DaemonThreadFactory("Executor")); -- ((ThreadPoolExecutor)executor).allowCoreThreadTimeOut(true); - } - - /** -- * Monitor task to be executed by the Executor Service. -- */ -- private final MonitorTask monitorTask = new MonitorTask(); -- -- /** - * Future associated to the current monitor task. - */ - private Future<?> monitorFuture; -@@ -240,7 +234,7 @@ - /** - * Scheduler task to be executed by the Scheduler Service. - */ -- private final SchedulerTask schedulerTask = new SchedulerTask(monitorTask); -+ private final SchedulerTask schedulerTask = new SchedulerTask(); - - /** - * ScheduledFuture associated to the current scheduler task. -@@ -726,6 +720,7 @@ - // Start the scheduler. - // - cleanupFutures(); -+ schedulerTask.setMonitorTask(new MonitorTask()); - schedulerFuture = scheduler.schedule(schedulerTask, - getGranularityPeriod(), - TimeUnit.MILLISECONDS); -@@ -1505,7 +1500,7 @@ - */ - private class SchedulerTask implements Runnable { - -- private Runnable task = null; -+ private MonitorTask task; - - /* - * ------------------------------------------ -@@ -1513,7 +1508,16 @@ - * ------------------------------------------ - */ - -- public SchedulerTask(Runnable task) { -+ public SchedulerTask() { -+ } -+ -+ /* -+ * ------------------------------------------ -+ * GETTERS/SETTERS -+ * ------------------------------------------ -+ */ -+ -+ public void setMonitorTask(MonitorTask task) { - this.task = task; - } - -@@ -1525,7 +1529,7 @@ - - public void run() { - synchronized (Monitor.this) { -- Monitor.this.monitorFuture = executor.submit(task); -+ Monitor.this.monitorFuture = task.submit(); - } - } - } -@@ -1538,6 +1542,8 @@ - */ - private class MonitorTask implements Runnable { - -+ private ThreadPoolExecutor executor; -+ - /* - * ------------------------------------------ - * CONSTRUCTORS -@@ -1545,6 +1551,38 @@ - */ - - public MonitorTask() { -+ // Find out if there's already an existing executor for the calling -+ // thread and reuse it. Otherwise, create a new one and store it in -+ // the executors map. If there is a SecurityManager, the group of -+ // System.getSecurityManager() is used, else the group of the thread -+ // instantiating this MonitorTask, i.e. the group of the thread that -+ // calls "Monitor.start()". -+ SecurityManager s = System.getSecurityManager(); -+ ThreadGroup group = (s != null) ? s.getThreadGroup() : -+ Thread.currentThread().getThreadGroup(); -+ synchronized (executorsLock) { -+ for (ThreadPoolExecutor e : executors.keySet()) { -+ DaemonThreadFactory tf = -+ (DaemonThreadFactory) e.getThreadFactory(); -+ ThreadGroup tg = tf.getThreadGroup(); -+ if (tg == group) { -+ executor = e; -+ break; -+ } -+ } -+ if (executor == null) { -+ executor = new ThreadPoolExecutor( -+ maximumPoolSize, -+ maximumPoolSize, -+ 60L, -+ TimeUnit.SECONDS, -+ new LinkedBlockingQueue<Runnable>(), -+ new DaemonThreadFactory("ThreadGroup<" + -+ group.getName() + "> Executor", group)); -+ executor.allowCoreThreadTimeOut(true); -+ executors.put(executor, null); -+ } -+ } - } - - /* -@@ -1553,6 +1591,10 @@ - * ------------------------------------------ - */ - -+ public Future<?> submit() { -+ return executor.submit(this); -+ } -+ - public void run() { - final ScheduledFuture<?> sf; - synchronized (Monitor.this) { -@@ -1611,6 +1653,15 @@ - namePrefix = "JMX Monitor " + poolName + " Pool [Thread-"; - } - -+ public DaemonThreadFactory(String poolName, ThreadGroup threadGroup) { -+ group = threadGroup; -+ namePrefix = "JMX Monitor " + poolName + " Pool [Thread-"; -+ } -+ -+ public ThreadGroup getThreadGroup() { -+ return group; -+ } -+ - public Thread newThread(Runnable r) { - Thread t = new Thread(group, - r,
--- a/patches/icedtea-6630639.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,31 +0,0 @@ ---- old/src/share/classes/sun/net/httpserver/Request.java Wed Mar 4 03:29:39 2009 -+++ openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java Wed Mar 4 03:29:39 2009 -@@ -52,6 +52,9 @@ - os = rawout; - do { - startLine = readLine(); -+ if (startLine == null) { -+ return; -+ } - /* skip blank lines */ - } while (startLine.equals ("")); - } ---- old/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Mar 4 03:29:41 2009 -+++ openjdk/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Mar 4 03:29:41 2009 -@@ -437,6 +437,7 @@ - rawin = sslStreams.getInputStream(); - rawout = sslStreams.getOutputStream(); - engine = sslStreams.getSSLEngine(); -+ connection.sslStreams = sslStreams; - } else { - rawin = new BufferedInputStream( - new Request.ReadStream ( -@@ -446,6 +447,8 @@ - ServerImpl.this, chan - ); - } -+ connection.raw = rawin; -+ connection.rawout = rawout; - } - Request req = new Request (rawin, rawout); - requestLine = req.requestLine();
--- a/patches/icedtea-6632886.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,502 +0,0 @@ ---- old/src/share/classes/java/awt/Font.java Tue Mar 3 14:12:23 2009 -+++ openjdk/jdk/src/share/classes/java/awt/Font.java Tue Mar 3 14:12:23 2009 -@@ -37,6 +37,8 @@ - import java.awt.peer.FontPeer; - import java.io.*; - import java.lang.ref.SoftReference; -+import java.security.AccessController; -+import java.security.PrivilegedExceptionAction; - import java.text.AttributedCharacterIterator.Attribute; - import java.text.CharacterIterator; - import java.text.StringCharacterIterator; -@@ -51,6 +53,7 @@ - import sun.font.AttributeValues; - import sun.font.EAttribute; - import sun.font.CompositeFont; -+import sun.font.CreatedFontTracker; - import sun.font.Font2D; - import sun.font.Font2DHandle; - import sun.font.FontManager; -@@ -575,7 +578,8 @@ - } - - /* used to implement Font.createFont */ -- private Font(File fontFile, int fontFormat, boolean isCopy) -+ private Font(File fontFile, int fontFormat, -+ boolean isCopy, CreatedFontTracker tracker) - throws FontFormatException { - this.createdFont = true; - /* Font2D instances created by this method track their font file -@@ -582,7 +586,8 @@ - * so that when the Font2D is GC'd it can also remove the file. - */ - this.font2DHandle = -- FontManager.createFont2D(fontFile, fontFormat, isCopy).handle; -+ FontManager.createFont2D(fontFile, fontFormat, -+ isCopy, tracker).handle; - this.name = this.font2DHandle.font2D.getFontName(Locale.getDefault()); - this.style = Font.PLAIN; - this.size = 1; -@@ -788,6 +793,29 @@ - } - - /** -+ * Used with the byte count tracker for fonts created from streams. -+ * If a thread can create temp files anyway, no point in counting -+ * font bytes. -+ */ -+ private static boolean hasTempPermission() { -+ -+ if (System.getSecurityManager() == null) { -+ return true; -+ } -+ File f = null; -+ boolean hasPerm = false; -+ try { -+ f = File.createTempFile("+~JT", ".tmp", null); -+ f.delete(); -+ f = null; -+ hasPerm = true; -+ } catch (Throwable t) { -+ /* inc. any kind of SecurityException */ -+ } -+ return hasPerm; -+ } -+ -+ /** - * Returns a new <code>Font</code> using the specified font type - * and input data. The new <code>Font</code> is - * created with a point size of 1 and style {@link #PLAIN PLAIN}. -@@ -822,58 +850,96 @@ - fontFormat != Font.TYPE1_FONT) { - throw new IllegalArgumentException ("font format not recognized"); - } -- final InputStream fStream = fontStream; -- Object ret = java.security.AccessController.doPrivileged( -- new java.security.PrivilegedAction() { -- public Object run() { -- File tFile = null; -- FileOutputStream outStream = null; -- try { -- tFile = File.createTempFile("+~JF", ".tmp", null); -- /* Temp file deleted by font shutdown hook */ -- BufferedInputStream inStream = -- new BufferedInputStream(fStream); -- outStream = new FileOutputStream(tFile); -- int bytesRead = 0; -- int bufSize = 8192; -- byte [] buf = new byte[bufSize]; -- while (bytesRead != -1) { -- try { -- bytesRead = inStream.read(buf, 0, bufSize); -- } catch (Throwable t) { -- throw new IOException(); -- } -- if (bytesRead != -1) { -- outStream.write(buf, 0, bytesRead); -- } -- } -- /* don't close the input stream */ -- outStream.close(); -- } catch (IOException e) { -- if (outStream != null) { -- try { -- outStream.close(); -- } catch (Exception e1) { -- } -- } -- if (tFile != null) { -- try { -- tFile.delete(); -- } catch (Exception e2) { -- } -- } -- return e; -- } -- return tFile; -- } -- }); -+ boolean copiedFontData = false; - -- if (ret instanceof File) { -- return new Font((File)ret, fontFormat, true); -- } else if (ret instanceof IOException) { -- throw (IOException)ret; -- } else { -- throw new FontFormatException("Couldn't access font stream"); -+ try { -+ final File tFile = AccessController.doPrivileged( -+ new PrivilegedExceptionAction<File>() { -+ public File run() throws IOException { -+ return File.createTempFile("+~JF", ".tmp", null); -+ } -+ } -+ ); -+ -+ int totalSize = 0; -+ CreatedFontTracker tracker = null; -+ try { -+ final OutputStream outStream = -+ AccessController.doPrivileged( -+ new PrivilegedExceptionAction<OutputStream>() { -+ public OutputStream run() throws IOException { -+ return new FileOutputStream(tFile); -+ } -+ } -+ ); -+ if (!hasTempPermission()) { -+ tracker = CreatedFontTracker.getTracker(); -+ } -+ try { -+ byte[] buf = new byte[8192]; -+ for (;;) { -+ int bytesRead = fontStream.read(buf); -+ if (bytesRead < 0) { -+ break; -+ } -+ if (tracker != null) { -+ if (totalSize+bytesRead > tracker.MAX_FILE_SIZE) { -+ throw new IOException("File too big."); -+ } -+ if (totalSize+tracker.getNumBytes() > -+ tracker.MAX_TOTAL_BYTES) -+ { -+ throw new IOException("Total files too big."); -+ } -+ totalSize += bytesRead; -+ tracker.addBytes(bytesRead); -+ } -+ outStream.write(buf, 0, bytesRead); -+ } -+ /* don't close the input stream */ -+ } finally { -+ outStream.close(); -+ } -+ /* After all references to a Font2D are dropped, the file -+ * will be removed. To support long-lived AppContexts, -+ * we need to then decrement the byte count by the size -+ * of the file. -+ * If the data isn't a valid font, the implementation will -+ * delete the tmp file and decrement the byte count -+ * in the tracker object before returning from the -+ * constructor, so we can set 'copiedFontData' to true here -+ * without waiting for the results of that constructor. -+ */ -+ copiedFontData = true; -+ Font font = new Font(tFile, fontFormat, true, tracker); -+ return font; -+ } finally { -+ if (!copiedFontData) { -+ if (tracker != null) { -+ tracker.subBytes(totalSize); -+ } -+ AccessController.doPrivileged( -+ new PrivilegedExceptionAction<Void>() { -+ public Void run() { -+ tFile.delete(); -+ return null; -+ } -+ } -+ ); -+ } -+ } -+ } catch (Throwable t) { -+ if (t instanceof FontFormatException) { -+ throw (FontFormatException)t; -+ } -+ if (t instanceof IOException) { -+ throw (IOException)t; -+ } -+ Throwable cause = t.getCause(); -+ if (cause instanceof FontFormatException) { -+ throw (FontFormatException)cause; -+ } -+ throw new IOException("Problem reading font data."); - } - } - -@@ -913,6 +979,9 @@ - */ - public static Font createFont(int fontFormat, File fontFile) - throws java.awt.FontFormatException, java.io.IOException { -+ -+ fontFile = new File(fontFile.getPath()); -+ - if (fontFormat != Font.TRUETYPE_FONT && - fontFormat != Font.TYPE1_FONT) { - throw new IllegalArgumentException ("font format not recognized"); -@@ -926,7 +995,7 @@ - if (!fontFile.canRead()) { - throw new IOException("Can't read " + fontFile); - } -- return new Font(fontFile, fontFormat, false); -+ return new Font(fontFile, fontFormat, false, null); - } - - /** ---- old/src/share/classes/sun/font/FileFont.java Tue Mar 3 14:12:26 2009 -+++ openjdk/jdk/src/share/classes/sun/font/FileFont.java Tue Mar 3 14:12:25 2009 -@@ -1,5 +1,5 @@ - /* -- * Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -125,9 +125,9 @@ - return true; - } - -- void setFileToRemove(File file) { -+ void setFileToRemove(File file, CreatedFontTracker tracker) { - Disposer.addObjectRecord(this, -- new CreatedFontFileDisposerRecord(file)); -+ new CreatedFontFileDisposerRecord(file, tracker)); - } - - /* This is called when a font scaler is determined to -@@ -246,12 +246,16 @@ - return getScaler().getUnitsPerEm(); - } - -- private static class CreatedFontFileDisposerRecord implements DisposerRecord { -+ private static class CreatedFontFileDisposerRecord -+ implements DisposerRecord { - - File fontFile = null; -+ CreatedFontTracker tracker; - -- private CreatedFontFileDisposerRecord(File file) { -+ private CreatedFontFileDisposerRecord(File file, -+ CreatedFontTracker tracker) { - fontFile = file; -+ this.tracker = tracker; - } - - public void dispose() { -@@ -260,6 +264,9 @@ - public Object run() { - if (fontFile != null) { - try { -+ if (tracker != null) { -+ tracker.subBytes((int)fontFile.length()); -+ } - /* REMIND: is it possible that the file is - * still open? It will be closed when the - * font2D is disposed but could this code ---- old/src/share/classes/sun/font/FontManager.java Tue Mar 3 14:12:29 2009 -+++ openjdk/jdk/src/share/classes/sun/font/FontManager.java Tue Mar 3 14:12:28 2009 -@@ -1,5 +1,5 @@ - /* -- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -2331,12 +2331,14 @@ - static Vector<File> tmpFontFiles = null; - - public static Font2D createFont2D(File fontFile, int fontFormat, -- boolean isCopy) -+ boolean isCopy, -+ CreatedFontTracker tracker) - throws FontFormatException { - - String fontFilePath = fontFile.getPath(); - FileFont font2D = null; - final File fFile = fontFile; -+ final CreatedFontTracker _tracker = tracker; - try { - switch (fontFormat) { - case Font.TRUETYPE_FONT: -@@ -2343,7 +2345,7 @@ - font2D = new TrueTypeFont(fontFilePath, null, 0, true); - break; - case Font.TYPE1_FONT: -- font2D = new Type1Font(fontFilePath, null); -+ font2D = new Type1Font(fontFilePath, null, isCopy); - break; - default: - throw new FontFormatException("Unrecognised Font Format"); -@@ -2353,6 +2355,9 @@ - java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { - public Object run() { -+ if (_tracker != null) { -+ _tracker.subBytes((int)fFile.length()); -+ } - fFile.delete(); - return null; - } -@@ -2361,7 +2366,7 @@ - throw(e); - } - if (isCopy) { -- font2D.setFileToRemove(fontFile); -+ font2D.setFileToRemove(fontFile, tracker); - synchronized (FontManager.class) { - - if (tmpFontFiles == null) { ---- /dev/null Tue Mar 3 14:12:32 2009 -+++ openjdk/jdk/src/share/classes/sun/font/CreatedFontTracker.java Tue Mar 3 14:12:31 2009 -@@ -0,0 +1,54 @@ -+/* -+ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Sun designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Sun in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, -+ * CA 95054 USA or visit www.sun.com if you need additional information or -+ * have any questions. -+ */ -+ -+package sun.font; -+ -+public class CreatedFontTracker { -+ -+ public static final int MAX_FILE_SIZE = 32 * 1024 * 1024; -+ public static final int MAX_TOTAL_BYTES = 10 * MAX_FILE_SIZE; -+ -+ static int numBytes; -+ static CreatedFontTracker tracker; -+ -+ public static synchronized CreatedFontTracker getTracker() { -+ if (tracker == null) { -+ tracker = new CreatedFontTracker(); -+ } -+ return tracker; -+ } -+ -+ public synchronized int getNumBytes() { -+ return numBytes; -+ } -+ -+ public synchronized void addBytes(int sz) { -+ numBytes += sz; -+ } -+ -+ public synchronized void subBytes(int sz) { -+ numBytes -= sz; -+ } -+} ---- old/src/share/classes/sun/font/TrueTypeFont.java Tue Mar 3 14:12:34 2009 -+++ openjdk/jdk/src/share/classes/sun/font/TrueTypeFont.java Tue Mar 3 14:12:33 2009 -@@ -174,8 +174,17 @@ - super(platname, nativeNames); - useJavaRasterizer = javaRasterizer; - fontRank = Font2D.TTF_RANK; -- verify(); -- init(fIndex); -+ try { -+ verify(); -+ init(fIndex); -+ } catch (Throwable t) { -+ close(); -+ if (t instanceof FontFormatException) { -+ throw (FontFormatException)t; -+ } else { -+ throw new FontFormatException("Unexpected runtime exception."); -+ } -+ } - Disposer.addObjectRecord(this, disposerRecord); - } - ---- old/src/share/classes/sun/font/Type1Font.java Tue Mar 3 14:12:37 2009 -+++ openjdk/jdk/src/share/classes/sun/font/Type1Font.java Tue Mar 3 14:12:36 2009 -@@ -39,6 +39,7 @@ - import java.nio.channels.ClosedChannelException; - import java.nio.channels.FileChannel; - import sun.java2d.Disposer; -+import sun.java2d.DisposerRecord; - import java.util.HashSet; - import java.util.HashMap; - import java.awt.Font; -@@ -76,6 +77,27 @@ - */ - public class Type1Font extends FileFont { - -+ private static class T1DisposerRecord implements DisposerRecord { -+ String fileName = null; -+ -+ T1DisposerRecord(String name) { -+ fileName = name; -+ } -+ -+ public synchronized void dispose() { -+ java.security.AccessController.doPrivileged( -+ new java.security.PrivilegedAction() { -+ public Object run() { -+ -+ if (fileName != null) { -+ (new java.io.File(fileName)).delete(); -+ } -+ return null; -+ } -+ }); -+ } -+ } -+ - WeakReference bufferRef = new WeakReference(null); - - private String psName = null; -@@ -125,6 +147,17 @@ - - - /** -+ * Constructs a Type1 Font. -+ * @param platname - Platform identifier of the font. Typically file name. -+ * @param nativeNames - Native names - typically XLFDs on Unix. -+ */ -+ public Type1Font(String platname, Object nativeNames) -+ throws FontFormatException { -+ -+ this(platname, nativeNames, false); -+ } -+ -+ /** - * - does basic verification of the file - * - reads the names (full, family). - * - determines the style of the font. -@@ -131,12 +164,25 @@ - * @throws FontFormatException - if the font can't be opened - * or fails verification, or there's no usable cmap - */ -- public Type1Font(String platname, Object nativeNames) -+ public Type1Font(String platname, Object nativeNames, boolean createdCopy) - throws FontFormatException { - super(platname, nativeNames); - fontRank = Font2D.TYPE1_RANK; - checkedNatives = true; -- verify(); -+ try { -+ verify(); -+ } catch (Throwable t) { -+ if (createdCopy) { -+ T1DisposerRecord ref = new T1DisposerRecord(platname); -+ Disposer.addObjectRecord(bufferRef, ref); -+ bufferRef = null; -+ } -+ if (t instanceof FontFormatException) { -+ throw (FontFormatException)t; -+ } else { -+ throw new FontFormatException("Unexpected runtime exception."); -+ } -+ } - } - - private synchronized ByteBuffer getBuffer() throws FontFormatException {
--- a/patches/icedtea-6636360.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,34 +0,0 @@ ---- vtableStubs_sparc.cpp 2009-03-16 16:52:18.000000000 -0400 -+++ openjdk/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp 2009-03-16 16:53:52.000000000 -0400 -@@ -190,12 +190,16 @@ - // Compute itableMethodEntry and get methodOop(G5_method) and entrypoint(L0) for compiler - const int method_offset = (itableMethodEntry::size() * wordSize * vtable_index) + itableMethodEntry::method_offset_in_bytes(); - __ add(G3_klassOop, L0, L1); -- __ ld_ptr(L1, method_offset, G5_method); -+ if (__ is_simm13(method_offset)) { -+ __ ld_ptr(L1, method_offset, G5_method); -+ } else { -+ __ set(method_offset, G5_method); -+ __ ld_ptr(L1, G5_method, G5_method); -+ } - - #ifndef PRODUCT - if (DebugVtables) { - Label L01; -- __ ld_ptr(L1, method_offset, G5_method); - __ bpr(Assembler::rc_nz, false, Assembler::pt, G5_method, L01); - __ delayed()->nop(); - __ stop("methodOop is null"); -@@ -243,10 +247,8 @@ - (UseCompressedOops ? 2*BytesPerInstWord : 0); - return basic + slop; - } else { -- // save, ld, ld, sll, and, add, add, ld, cmp, br, add, ld, add, ld, ld, jmp, restore, sethi, jmpl, restore -- const int basic = (20 LP64_ONLY(+ 6)) * BytesPerInstWord + -- // shift;add for load_klass -- (UseCompressedOops ? 2*BytesPerInstWord : 0); -+ // save, ld, ld, sll, and, add, add, ld, cmp, br, add, ld, add, sethi, add, ld, ld, jmp, restore, sethi, jmpl, restore -+ const int basic = (22 LP64_ONLY(+ 12)) * BytesPerInstWord; // worst case extra 6 bytes for each sethi in 64-bit mode - return (basic + slop); - } - }
--- a/patches/icedtea-6652463.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,28 +0,0 @@ ---- old/src/share/classes/javax/print/attribute/standard/MediaSize.java Tue Mar 3 10:16:15 2009 -+++ openjdk/jdk/src/share/classes/javax/print/attribute/standard/MediaSize.java Tue Mar 3 10:16:14 2009 -@@ -123,8 +123,10 @@ - if (x > y) { - throw new IllegalArgumentException("X dimension > Y dimension"); - } -- mediaName = media; -- mediaMap.put(mediaName, this); -+ if (media != null && mediaMap.get(media) == null) { -+ mediaName = media; -+ mediaMap.put(mediaName, this); -+ } - sizeVector.add(this); - } - -@@ -147,8 +149,10 @@ - if (x > y) { - throw new IllegalArgumentException("X dimension > Y dimension"); - } -- mediaName = media; -- mediaMap.put(mediaName, this); -+ if (media != null && mediaMap.get(media) == null) { -+ mediaName = media; -+ mediaMap.put(mediaName, this); -+ } - sizeVector.add(this); - } -
--- a/patches/icedtea-6656633.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,51 +0,0 @@ ---- old/src/share/classes/javax/management/monitor/CounterMonitor.java Mon Mar 9 13:19:14 2009 -+++ openjdk/jdk/src/share/classes/javax/management/monitor/CounterMonitor.java Mon Mar 9 13:19:14 2009 -@@ -599,7 +599,7 @@ - */ - @Override - public MBeanNotificationInfo[] getNotificationInfo() { -- return notifsInfo; -+ return notifsInfo.clone(); - } - - /* ---- old/src/share/classes/javax/management/monitor/GaugeMonitor.java Mon Mar 9 13:19:16 2009 -+++ openjdk/jdk//src/share/classes/javax/management/monitor/GaugeMonitor.java Mon Mar 9 13:19:16 2009 -@@ -481,7 +481,7 @@ - */ - @Override - public MBeanNotificationInfo[] getNotificationInfo() { -- return notifsInfo; -+ return notifsInfo.clone(); - } - - /* ---- old/src/share/classes/javax/management/monitor/StringMonitor.java Mon Mar 9 13:19:18 2009 -+++ openjdk/jdk//src/share/classes/javax/management/monitor/StringMonitor.java Mon Mar 9 13:19:18 2009 -@@ -184,6 +184,7 @@ - * @return The derived gauge of the specified object. - * - */ -+ @Override - public synchronized String getDerivedGauge(ObjectName object) { - return (String) super.getDerivedGauge(object); - } -@@ -199,6 +200,7 @@ - * @return The derived gauge timestamp of the specified object. - * - */ -+ @Override - public synchronized long getDerivedGaugeTimeStamp(ObjectName object) { - return super.getDerivedGaugeTimeStamp(object); - } -@@ -341,8 +343,9 @@ - * the Java class of the notification and the notification types sent by - * the string monitor. - */ -+ @Override - public MBeanNotificationInfo[] getNotificationInfo() { -- return notifsInfo; -+ return notifsInfo.clone(); - } - - /*
--- a/patches/icedtea-6658158.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,815 +0,0 @@ ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java Mon Mar 9 22:21:43 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java Mon Mar 9 22:21:42 2009 -@@ -54,13 +54,20 @@ - * - */ - public class HttpSOAPConnection extends SOAPConnection { -+ -+ public static final String vmVendor = System.getProperty("java.vendor.url"); -+ private static final String sunVmVendor = "http://java.sun.com/"; -+ private static final String ibmVmVendor = "http://www.ibm.com/"; -+ private static final boolean isSunVM = sunVmVendor.equals(vmVendor) ? true: false; -+ private static final boolean isIBMVM = ibmVmVendor.equals(vmVendor) ? true : false; -+ private static final String JAXM_URLENDPOINT="javax.xml.messaging.URLEndpoint"; - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.HTTP_CONN_DOMAIN, - "com.sun.xml.internal.messaging.saaj.client.p2p.LocalStrings"); - -- public static String defaultProxyHost = null; -- public static int defaultProxyPort = -1; -+ public static final String defaultProxyHost = null; -+ public static final int defaultProxyPort = -1; - - MessageFactory messageFactory = null; - -@@ -72,6 +79,9 @@ - - try { - messageFactory = MessageFactory.newInstance(SOAPConstants.DYNAMIC_SOAP_PROTOCOL); -+ } catch (NoSuchMethodError ex) { -+ //fallback to default SOAP 1.1 in this case for backward compatibility -+ messageFactory = MessageFactory.newInstance(); - } catch (Exception ex) { - log.log(Level.SEVERE, "SAAJ0001.p2p.cannot.create.msg.factory", ex); - throw new SOAPExceptionImpl("Unable to create message factory", ex); -@@ -95,14 +105,19 @@ - throw new SOAPExceptionImpl("Connection is closed"); - } - -- Class urlEndpointClass = null; -+ Class urlEndpointClass = null; -+ ClassLoader loader = Thread.currentThread().getContextClassLoader(); - - try { -- urlEndpointClass = Class.forName("javax.xml.messaging.URLEndpoint"); -- } catch (Exception ex) { -- //Do nothing. URLEndpoint is available only when JAXM is there. -- log.finest("SAAJ0090.p2p.endpoint.available.only.for.JAXM"); -- } -+ if (loader != null) { -+ urlEndpointClass = loader.loadClass(JAXM_URLENDPOINT); -+ } else { -+ urlEndpointClass = Class.forName(JAXM_URLENDPOINT); -+ } -+ } catch (ClassNotFoundException ex) { -+ //Do nothing. URLEndpoint is available only when JAXM is there. -+ log.finest("SAAJ0090.p2p.endpoint.available.only.for.JAXM"); -+ } - - if (urlEndpointClass != null) { - if (urlEndpointClass.isInstance(endPoint)) { -@@ -639,10 +654,23 @@ - - return ret; - } -- -- private static String SSL_PKG = "com.sun.net.ssl.internal.www.protocol"; -- private static String SSL_PROVIDER = -- "com.sun.net.ssl.internal.ssl.Provider"; -+ //private static String SSL_PKG = "com.sun.net.ssl.internal.www.protocol"; -+ //private static String SSL_PROVIDER = -+ // "com.sun.net.ssl.internal.ssl.Provider"; -+ private static final String SSL_PKG; -+ private static final String SSL_PROVIDER; -+ -+ -+ static { -+ if (isIBMVM) { -+ SSL_PKG ="com.ibm.net.ssl.internal.www.protocol"; -+ SSL_PROVIDER ="com.ibm.net.ssl.internal.ssl.Provider"; -+ } else { -+ //if not IBM VM default to Sun. -+ SSL_PKG = "com.sun.net.ssl.internal.www.protocol"; -+ SSL_PROVIDER ="com.sun.net.ssl.internal.ssl.Provider"; -+ } -+ } - private void initHttps() { - //if(!setHttps) { - String pkgs = System.getProperty("java.protocol.handler.pkgs"); ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/AttachmentPartImpl.java Mon Mar 9 22:21:45 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/AttachmentPartImpl.java Mon Mar 9 22:21:45 2009 -@@ -70,7 +70,7 @@ - */ - public class AttachmentPartImpl extends AttachmentPart { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/EnvelopeFactory.java Mon Mar 9 22:21:48 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/EnvelopeFactory.java Mon Mar 9 22:21:47 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: EnvelopeFactory.java,v 1.24 2006/01/27 12:49:26 vj135062 Exp $ -- * $Revision: 1.24 $ -- * $Date: 2006/01/27 12:49:26 $ -+ * -+ * -+ * - */ - - -@@ -55,7 +55,7 @@ - */ - public class EnvelopeFactory { - -- protected static Logger -+ protected static final Logger - log = Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ImageDataContentHandler.java Mon Mar 9 22:21:50 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ImageDataContentHandler.java Mon Mar 9 22:21:50 2009 -@@ -49,7 +49,7 @@ - public class ImageDataContentHandler extends Component - implements DataContentHandler { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageFactoryImpl.java Mon Mar 9 22:21:53 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageFactoryImpl.java Mon Mar 9 22:21:52 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: MessageFactoryImpl.java,v 1.23 2006/01/27 12:49:27 vj135062 Exp $ -- * $Revision: 1.23 $ -- * $Date: 2006/01/27 12:49:27 $ -+ * -+ * -+ * - */ - - -@@ -54,15 +54,15 @@ - */ - public class MessageFactoryImpl extends MessageFactory { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - -- protected static OutputStream listener; -+ protected OutputStream listener; - - protected boolean lazyAttachments = false; - -- public static OutputStream listen(OutputStream newListener) { -+ public OutputStream listen(OutputStream newListener) { - OutputStream oldListener = listener; - listener = newListener; - return oldListener; ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageImpl.java Mon Mar 9 22:21:55 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageImpl.java Mon Mar 9 22:21:54 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: MessageImpl.java,v 1.5 2006/12/12 10:16:33 kumarjayanti Exp $ -- * $Revision: 1.5 $ -- * $Date: 2006/12/12 10:16:33 $ -+ * -+ * -+ * - */ - - -@@ -69,7 +69,7 @@ - public static final String CONTENT_ID = "Content-ID"; - public static final String CONTENT_LOCATION = "Content-Location"; - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SAAJMetaFactoryImpl.java Mon Mar 9 22:21:58 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SAAJMetaFactoryImpl.java Mon Mar 9 22:21:57 2009 -@@ -37,7 +37,7 @@ - - public class SAAJMetaFactoryImpl extends SAAJMetaFactory { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPDocumentImpl.java Mon Mar 9 22:22:00 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPDocumentImpl.java Mon Mar 9 22:21:59 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: SOAPDocumentImpl.java,v 1.15 2006/01/27 12:49:29 vj135062 Exp $ -+ * - */ - - -@@ -45,7 +45,7 @@ - - public class SOAPDocumentImpl extends DocumentImpl implements SOAPDocument { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPFactoryImpl.java Mon Mar 9 22:22:02 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPFactoryImpl.java Mon Mar 9 22:22:02 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: SOAPFactoryImpl.java,v 1.21 2006/01/27 12:49:29 vj135062 Exp $ -- * $Revision: 1.21 $ -- * $Date: 2006/01/27 12:49:29 $ -+ * -+ * -+ * - */ - - -@@ -50,7 +50,7 @@ - - public abstract class SOAPFactoryImpl extends SOAPFactory { - -- protected static Logger -+ protected static final Logger - log = Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPPartImpl.java Mon Mar 9 22:22:05 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPPartImpl.java Mon Mar 9 22:22:04 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: SOAPPartImpl.java,v 1.1.1.1 2006/01/27 13:10:55 kumarjayanti Exp $ -- * $Revision: 1.1.1.1 $ -- * $Date: 2006/01/27 13:10:55 $ -+ * -+ * -+ * - */ - - -@@ -59,7 +59,7 @@ - * @author Anil Vijendran (anil@sun.com) - */ - public abstract class SOAPPartImpl extends SOAPPart implements SOAPDocument { -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CDATAImpl.java Mon Mar 9 22:22:07 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CDATAImpl.java Mon Mar 9 22:22:07 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: CDATAImpl.java,v 1.19 2006/01/27 12:49:34 vj135062 Exp $ -- * $Revision: 1.19 $ -- * $Date: 2006/01/27 12:49:34 $ -+ * -+ * -+ * - */ - - -@@ -43,7 +43,7 @@ - extends com.sun.org.apache.xerces.internal.dom.CDATASectionImpl - implements javax.xml.soap.Text { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CommentImpl.java Mon Mar 9 22:22:10 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CommentImpl.java Mon Mar 9 22:22:09 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: CommentImpl.java,v 1.17 2006/01/27 12:49:34 vj135062 Exp $ -- * $Revision: 1.17 $ -- * $Date: 2006/01/27 12:49:34 $ -+ * -+ * -+ * - */ - - -@@ -47,7 +47,7 @@ - extends com.sun.org.apache.xerces.internal.dom.CommentImpl - implements javax.xml.soap.Text, org.w3c.dom.Comment { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings"); - protected static ResourceBundle rb = ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/ElementImpl.java Mon Mar 9 22:22:12 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/ElementImpl.java Mon Mar 9 22:22:11 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: ElementImpl.java,v 1.6 2006/11/16 16:01:14 kumarjayanti Exp $ -- * $Revision: 1.6 $ -- * $Date: 2006/11/16 16:01:14 $ -+ * -+ * -+ * - */ - - -@@ -60,7 +60,7 @@ - - protected QName elementQName; - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/TextImpl.java Mon Mar 9 22:22:15 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/TextImpl.java Mon Mar 9 22:22:14 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: TextImpl.java,v 1.19 2006/01/27 12:49:36 vj135062 Exp $ -- * $Revision: 1.19 $ -- * $Date: 2006/01/27 12:49:36 $ -+ * -+ * -+ * - */ - - -@@ -43,7 +43,7 @@ - extends com.sun.org.apache.xerces.internal.dom.TextImpl - implements javax.xml.soap.Text, org.w3c.dom.Text { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/name/NameImpl.java Mon Mar 9 22:22:17 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/name/NameImpl.java Mon Mar 9 22:22:16 2009 -@@ -23,9 +23,9 @@ - * have any questions. - */ - /* -- * $Id: NameImpl.java,v 1.48 2006/01/27 12:49:38 vj135062 Exp $ -- * $Revision: 1.48 $ -- * $Date: 2006/01/27 12:49:38 $ -+ * -+ * -+ * - */ - - -@@ -63,7 +63,7 @@ - protected String prefix = ""; - private String qualifiedName = null; - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.NAMING_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.name.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Fault1_1Impl.java Mon Mar 9 22:22:19 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Fault1_1Impl.java Mon Mar 9 22:22:19 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: Fault1_1Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $ -+ * - */ - - -@@ -57,7 +57,7 @@ - - public class Fault1_1Impl extends FaultImpl { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger( - LogDomainConstants.SOAP_VER1_1_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Header1_1Impl.java Mon Mar 9 22:22:22 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Header1_1Impl.java Mon Mar 9 22:22:21 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: Header1_1Impl.java,v 1.29 2006/01/27 12:49:41 vj135062 Exp $ -+ * - */ - - -@@ -50,7 +50,7 @@ - - public class Header1_1Impl extends HeaderImpl { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/HeaderElement1_1Impl.java Mon Mar 9 22:22:24 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/HeaderElement1_1Impl.java Mon Mar 9 22:22:24 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: HeaderElement1_1Impl.java,v 1.29 2006/01/27 12:49:41 vj135062 Exp $ -+ * - */ - - -@@ -49,7 +49,7 @@ - - public class HeaderElement1_1Impl extends HeaderElementImpl { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Message1_1Impl.java Mon Mar 9 22:22:27 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Message1_1Impl.java Mon Mar 9 22:22:26 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: Message1_1Impl.java,v 1.24 2006/01/27 12:49:41 vj135062 Exp $ -+ * - */ - - -@@ -48,7 +48,7 @@ - - public class Message1_1Impl extends MessageImpl implements SOAPConstants { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/SOAPPart1_1Impl.java Mon Mar 9 22:22:29 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/SOAPPart1_1Impl.java Mon Mar 9 22:22:28 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: SOAPPart1_1Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $ -+ * - */ - - -@@ -48,7 +48,7 @@ - - public class SOAPPart1_1Impl extends SOAPPartImpl implements SOAPConstants { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Body1_2Impl.java Mon Mar 9 22:22:32 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Body1_2Impl.java Mon Mar 9 22:22:31 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: Body1_2Impl.java,v 1.32 2006/01/27 12:49:44 vj135062 Exp $ -+ * - */ - - -@@ -50,7 +50,7 @@ - - public class Body1_2Impl extends BodyImpl { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(Body1_2Impl.class.getName(), - "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Detail1_2Impl.java Mon Mar 9 22:22:34 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Detail1_2Impl.java Mon Mar 9 22:22:34 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: Detail1_2Impl.java,v 1.24 2006/01/27 12:49:45 vj135062 Exp $ -+ * - */ - - -@@ -47,7 +47,7 @@ - - public class Detail1_2Impl extends DetailImpl { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(Detail1_2Impl.class.getName(), - "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Envelope1_2Impl.java Mon Mar 9 22:22:37 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Envelope1_2Impl.java Mon Mar 9 22:22:36 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: Envelope1_2Impl.java,v 1.26 2006/01/27 12:49:47 vj135062 Exp $ -+ * - */ - - -@@ -47,7 +47,7 @@ - - public class Envelope1_2Impl extends EnvelopeImpl { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(Envelope1_2Impl.class.getName(), - "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Fault1_2Impl.java Mon Mar 9 22:22:39 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Fault1_2Impl.java Mon Mar 9 22:22:38 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: Fault1_2Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $ -+ * - */ - - -@@ -51,7 +51,7 @@ - - public class Fault1_2Impl extends FaultImpl { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger( - LogDomainConstants.SOAP_VER1_2_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Header1_2Impl.java Mon Mar 9 22:22:41 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Header1_2Impl.java Mon Mar 9 22:22:41 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: Header1_2Impl.java,v 1.36 2006/01/27 12:49:48 vj135062 Exp $ -+ * - */ - - -@@ -53,7 +53,7 @@ - - public class Header1_2Impl extends HeaderImpl { - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger( - LogDomainConstants.SOAP_VER1_2_DOMAIN, - "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/HeaderElement1_2Impl.java Mon Mar 9 22:22:44 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/HeaderElement1_2Impl.java Mon Mar 9 22:22:43 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: HeaderElement1_2Impl.java,v 1.29 2006/01/27 12:49:48 vj135062 Exp $ -+ * - */ - - -@@ -47,7 +47,7 @@ - - public class HeaderElement1_2Impl extends HeaderElementImpl { - -- private static Logger log = -+ private static final Logger log = - Logger.getLogger(HeaderElement1_2Impl.class.getName(), - "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/SOAPPart1_2Impl.java Mon Mar 9 22:22:46 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/SOAPPart1_2Impl.java Mon Mar 9 22:22:46 2009 -@@ -23,7 +23,7 @@ - * have any questions. - */ - /* -- * $Id: SOAPPart1_2Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $ -+ * - */ - - -@@ -47,7 +47,7 @@ - - public class SOAPPart1_2Impl extends SOAPPartImpl implements SOAPConstants{ - -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(SOAPPart1_2Impl.class.getName(), - "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/util/RejectDoctypeSaxFilter.java Mon Mar 9 22:22:49 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/RejectDoctypeSaxFilter.java Mon Mar 9 22:22:48 2009 -@@ -45,12 +45,12 @@ - * because they are not legal in SOAP. If the user of this class sets a - * LexicalHandler, then it forwards events to that handler. - * -- * $Id: RejectDoctypeSaxFilter.java,v 1.13 2006/01/27 12:49:52 vj135062 Exp $ -+ * - * @author Edwin Goei - */ - - public class RejectDoctypeSaxFilter extends XMLFilterImpl implements XMLReader, LexicalHandler{ -- protected static Logger log = -+ protected static final Logger log = - Logger.getLogger(LogDomainConstants.UTIL_DOMAIN, - "com.sun.xml.internal.messaging.saaj.util.LocalStrings"); - ---- old/src/share/classes/com/sun/xml/internal/messaging/saaj/util/transform/EfficientStreamingTransformer.java Mon Mar 9 22:22:51 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/transform/EfficientStreamingTransformer.java Mon Mar 9 22:22:50 2009 -@@ -62,20 +62,22 @@ - public class EfficientStreamingTransformer - extends javax.xml.transform.Transformer { - -- static final String version; -- static final String vendor; -+ //static final String version; -+ //static final String vendor; - -- protected static TransformerFactory transformerFactory = TransformerFactory.newInstance(); -+ protected static final TransformerFactory transformerFactory = TransformerFactory.newInstance(); - -- static { -- version = System.getProperty("java.vm.version"); -- vendor = System.getProperty("java.vm.vendor"); -- if (vendor.startsWith("Sun") && -- (version.startsWith("1.4") || version.startsWith("1.3"))) { -- transformerFactory = -- new com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl(); -- } -- } -+ //removing support for Java 1.4 and 1.3 : CR6658158 -+ /*static { -+ version = System.getProperty("java.vm.version"); -+ vendor = System.getProperty("java.vm.vendor"); -+ if (vendor.startsWith("Sun") && -+ (version.startsWith("1.4") || version.startsWith("1.3"))) { -+ transformerFactory = -+ new com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl(); -+ } -+} -+*/ - - /** - * TransformerFactory instance. ---- old/src/share/classes/com/sun/xml/internal/txw2/DatatypeWriter.java Mon Mar 9 22:22:53 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/txw2/DatatypeWriter.java Mon Mar 9 22:22:53 2009 -@@ -25,6 +25,9 @@ - - package com.sun.xml.internal.txw2; - -+import java.util.AbstractList; -+import java.util.Collections; -+import java.util.List; - import javax.xml.namespace.QName; - - /** -@@ -53,50 +56,60 @@ - */ - void print(DT dt, NamespaceResolver resolver, StringBuilder buf); - -- -- static final DatatypeWriter<?>[] BUILDIN = new DatatypeWriter<?>[] { -- new DatatypeWriter<String>() { -- public Class<String> getType() { -- return String.class; -+ static final List<DatatypeWriter<?>> BUILTIN = Collections.unmodifiableList(new AbstractList() { -+ -+ private DatatypeWriter<?>[] BUILTIN_ARRAY = new DatatypeWriter<?>[] { -+ new DatatypeWriter<String>() { -+ public Class<String> getType() { -+ return String.class; -+ } -+ public void print(String s, NamespaceResolver resolver, StringBuilder buf) { -+ buf.append(s); -+ } -+ }, -+ new DatatypeWriter<Integer>() { -+ public Class<Integer> getType() { -+ return Integer.class; -+ } -+ public void print(Integer i, NamespaceResolver resolver, StringBuilder buf) { -+ buf.append(i); -+ } -+ }, -+ new DatatypeWriter<Float>() { -+ public Class<Float> getType() { -+ return Float.class; -+ } -+ public void print(Float f, NamespaceResolver resolver, StringBuilder buf) { -+ buf.append(f); -+ } -+ }, -+ new DatatypeWriter<Double>() { -+ public Class<Double> getType() { -+ return Double.class; -+ } -+ public void print(Double d, NamespaceResolver resolver, StringBuilder buf) { -+ buf.append(d); -+ } -+ }, -+ new DatatypeWriter<QName>() { -+ public Class<QName> getType() { -+ return QName.class; -+ } -+ public void print(QName qn, NamespaceResolver resolver, StringBuilder buf) { -+ String p = resolver.getPrefix(qn.getNamespaceURI()); -+ if(p.length()!=0) -+ buf.append(p).append(':'); -+ buf.append(qn.getLocalPart()); -+ } - } -- public void print(String s, NamespaceResolver resolver, StringBuilder buf) { -- buf.append(s); -- } -- }, -- new DatatypeWriter<Integer>() { -- public Class<Integer> getType() { -- return Integer.class; -- } -- public void print(Integer i, NamespaceResolver resolver, StringBuilder buf) { -- buf.append(i); -- } -- }, -- new DatatypeWriter<Float>() { -- public Class<Float> getType() { -- return Float.class; -- } -- public void print(Float f, NamespaceResolver resolver, StringBuilder buf) { -- buf.append(f); -- } -- }, -- new DatatypeWriter<Double>() { -- public Class<Double> getType() { -- return Double.class; -- } -- public void print(Double d, NamespaceResolver resolver, StringBuilder buf) { -- buf.append(d); -- } -- }, -- new DatatypeWriter<QName>() { -- public Class<QName> getType() { -- return QName.class; -- } -- public void print(QName qn, NamespaceResolver resolver, StringBuilder buf) { -- String p = resolver.getPrefix(qn.getNamespaceURI()); -- if(p.length()!=0) -- buf.append(p).append(':'); -- buf.append(qn.getLocalPart()); -- } -+ }; -+ -+ public DatatypeWriter<?> get(int n) { -+ return BUILTIN_ARRAY[n]; - } -- }; -+ -+ public int size() { -+ return BUILTIN_ARRAY.length; -+ } -+ }); - } ---- old/src/share/classes/com/sun/xml/internal/txw2/Document.java Mon Mar 9 22:22:56 2009 -+++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/txw2/Document.java Mon Mar 9 22:22:55 2009 -@@ -76,7 +76,7 @@ - - Document(XmlSerializer out) { - this.out = out; -- for( DatatypeWriter dw : DatatypeWriter.BUILDIN ) -+ for( DatatypeWriter dw : DatatypeWriter.BUILTIN ) - datatypeWriters.put(dw.getType(),dw); - } -
--- a/patches/icedtea-6691246.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,166 +0,0 @@ ---- old/src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java Mon Mar 9 16:07:47 2009 -+++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java Mon Mar 9 16:07:46 2009 -@@ -22,7 +22,6 @@ - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. - */ -- - package com.sun.jmx.remote.internal; - - import java.io.IOException; -@@ -34,6 +33,7 @@ - import java.util.Map; - import java.util.concurrent.Executor; - -+import java.security.AccessControlContext; - import java.security.AccessController; - import java.security.PrivilegedAction; - import javax.security.auth.Subject; -@@ -54,6 +54,9 @@ - - - public abstract class ClientNotifForwarder { -+ -+ private final AccessControlContext acc; -+ - public ClientNotifForwarder(Map env) { - this(null, env); - } -@@ -87,6 +90,8 @@ - this.command = command; - if (thread == null) { - thread = new Thread() { -+ -+ @Override - public void run() { - while (true) { - Runnable r; -@@ -130,6 +135,7 @@ - - this.defaultClassLoader = defaultClassLoader; - this.executor = ex; -+ this.acc = AccessController.getContext(); - } - - /** -@@ -390,28 +396,85 @@ - setState(TERMINATED); - } - --// ------------------------------------------------- --// private classes --// ------------------------------------------------- -+ -+ // ------------------------------------------------- -+ // private classes -+ // ------------------------------------------------- - // -+ - private class NotifFetcher implements Runnable { -+ -+ private volatile boolean alreadyLogged = false; -+ -+ private void logOnce(String msg, SecurityException x) { -+ if (alreadyLogged) return; -+ // Log only once. -+ logger.config("setContextClassLoader",msg); -+ if (x != null) logger.fine("setContextClassLoader", x); -+ alreadyLogged = true; -+ } -+ -+ // Set new context class loader, returns previous one. -+ private final ClassLoader setContextClassLoader(final ClassLoader loader) { -+ final AccessControlContext ctxt = ClientNotifForwarder.this.acc; -+ // if ctxt is null, log a config message and throw a -+ // SecurityException. -+ if (ctxt == null) { -+ logOnce("AccessControlContext must not be null.",null); -+ throw new SecurityException("AccessControlContext must not be null"); -+ } -+ return AccessController.doPrivileged( -+ new PrivilegedAction<ClassLoader>() { -+ public ClassLoader run() { -+ try { -+ // get context class loader - may throw -+ // SecurityException - though unlikely. -+ final ClassLoader previous = -+ Thread.currentThread().getContextClassLoader(); -+ -+ // if nothing needs to be done, break here... -+ if (loader == previous) return previous; -+ -+ // reset context class loader - may throw -+ // SecurityException -+ Thread.currentThread().setContextClassLoader(loader); -+ return previous; -+ } catch (SecurityException x) { -+ logOnce("Permission to set ContextClassLoader missing. " + -+ "Notifications will not be dispatched. " + -+ "Please check your Java policy configuration: " + -+ x, x); -+ throw x; -+ } -+ } -+ }, ctxt); -+ } -+ - public void run() { -+ final ClassLoader previous; -+ if (defaultClassLoader != null) { -+ previous = setContextClassLoader(defaultClassLoader); -+ } else { -+ previous = null; -+ } -+ try { -+ doRun(); -+ } finally { -+ if (defaultClassLoader != null) { -+ setContextClassLoader(previous); -+ } -+ } -+ } -+ -+ private void doRun() { - synchronized (ClientNotifForwarder.this) { - currentFetchThread = Thread.currentThread(); - -- if (state == STARTING) -+ if (state == STARTING) { - setState(STARTED); -+ } - } - -- if (defaultClassLoader != null) { -- AccessController.doPrivileged(new PrivilegedAction<Void>() { -- public Void run() { -- Thread.currentThread(). -- setContextClassLoader(defaultClassLoader); -- return null; -- } -- }); -- } - - NotificationResult nr = null; - if (!shouldStop() && (nr = fetchNotifs()) != null) { -@@ -445,8 +508,9 @@ - // check if an mbean unregistration notif - if (!listenerID.equals(mbeanRemovedNotifID)) { - final ClientListenerInfo li = infoList.get(listenerID); -- if (li != null) -- listeners.put(listenerID,li); -+ if (li != null) { -+ listeners.put(listenerID, li); -+ } - continue; - } - final Notification notif = tn.getNotification(); -@@ -787,9 +851,7 @@ - private long clientSequenceNumber = -1; - private final int maxNotifications; - private final long timeout; -- - private Integer mbeanRemovedNotifID = null; -- - private Thread currentFetchThread; - - // admin stuff
--- a/patches/icedtea-6717680.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,27 +0,0 @@ ---- old/src/share/classes/com/sun/jndi/ldap/LdapCtx.java Tue Mar 3 14:42:48 2009 -+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtx.java Tue Mar 3 14:42:47 2009 -@@ -1,5 +1,5 @@ - /* -- * Copyright 1999-2005 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -302,7 +302,16 @@ - - schemaTrees = new Hashtable(11, 0.75f); - initEnv(); -- connect(false); -+ try { -+ connect(false); -+ } catch (NamingException e) { -+ try { -+ close(); -+ } catch (Exception e2) { -+ // Nothing -+ } -+ throw e; -+ } - } - - LdapCtx(LdapCtx existing, String newDN) throws NamingException {
--- a/patches/icedtea-6721651.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,735 +0,0 @@ ---- old/src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java Mon Mar 9 18:11:01 2009 -+++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java Mon Mar 9 18:11:00 2009 -@@ -111,6 +111,22 @@ - */ - protected abstract void checkWrite(); - -+ /** -+ * Check if the caller can create the named class. The default -+ * implementation of this method calls {@link #checkWrite()}. -+ */ -+ protected void checkCreate(String className) { -+ checkWrite(); -+ } -+ -+ /** -+ * Check if the caller can unregister the named MBean. The default -+ * implementation of this method calls {@link #checkWrite()}. -+ */ -+ protected void checkUnregister(ObjectName name) { -+ checkWrite(); -+ } -+ - //-------------------------------------------- - //-------------------------------------------- - // -@@ -148,7 +164,7 @@ - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkCreate(className)</code>, then forward this method to the - * wrapped object. - */ - public ObjectInstance createMBean(String className, ObjectName name) -@@ -158,7 +174,7 @@ - MBeanRegistrationException, - MBeanException, - NotCompliantMBeanException { -- checkWrite(); -+ checkCreate(className); - SecurityManager sm = System.getSecurityManager(); - if (sm == null) { - Object object = getMBeanServer().instantiate(className); -@@ -170,7 +186,7 @@ - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkCreate(className)</code>, then forward this method to the - * wrapped object. - */ - public ObjectInstance createMBean(String className, ObjectName name, -@@ -181,7 +197,7 @@ - MBeanRegistrationException, - MBeanException, - NotCompliantMBeanException { -- checkWrite(); -+ checkCreate(className); - SecurityManager sm = System.getSecurityManager(); - if (sm == null) { - Object object = getMBeanServer().instantiate(className, -@@ -196,7 +212,7 @@ - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkCreate(className)</code>, then forward this method to the - * wrapped object. - */ - public ObjectInstance createMBean(String className, -@@ -209,7 +225,7 @@ - MBeanException, - NotCompliantMBeanException, - InstanceNotFoundException { -- checkWrite(); -+ checkCreate(className); - SecurityManager sm = System.getSecurityManager(); - if (sm == null) { - Object object = getMBeanServer().instantiate(className, -@@ -222,7 +238,7 @@ - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkCreate(className)</code>, then forward this method to the - * wrapped object. - */ - public ObjectInstance createMBean(String className, -@@ -237,7 +253,7 @@ - MBeanException, - NotCompliantMBeanException, - InstanceNotFoundException { -- checkWrite(); -+ checkCreate(className); - SecurityManager sm = System.getSecurityManager(); - if (sm == null) { - Object object = getMBeanServer().instantiate(className, -@@ -394,17 +410,17 @@ - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkCreate(className)</code>, then forward this method to the - * wrapped object. - */ - public Object instantiate(String className) - throws ReflectionException, MBeanException { -- checkWrite(); -+ checkCreate(className); - return getMBeanServer().instantiate(className); - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkCreate(className)</code>, then forward this method to the - * wrapped object. - */ - public Object instantiate(String className, -@@ -411,28 +427,28 @@ - Object params[], - String signature[]) - throws ReflectionException, MBeanException { -- checkWrite(); -+ checkCreate(className); - return getMBeanServer().instantiate(className, params, signature); - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkCreate(className)</code>, then forward this method to the - * wrapped object. - */ - public Object instantiate(String className, ObjectName loaderName) - throws ReflectionException, MBeanException, InstanceNotFoundException { -- checkWrite(); -+ checkCreate(className); - return getMBeanServer().instantiate(className, loaderName); - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkCreate(className)</code>, then forward this method to the - * wrapped object. - */ - public Object instantiate(String className, ObjectName loaderName, - Object params[], String signature[]) - throws ReflectionException, MBeanException, InstanceNotFoundException { -- checkWrite(); -+ checkCreate(className); - return getMBeanServer().instantiate(className, loaderName, - params, signature); - } -@@ -579,12 +595,12 @@ - } - - /** -- * Call <code>checkWrite()</code>, then forward this method to the -+ * Call <code>checkUnregister()</code>, then forward this method to the - * wrapped object. - */ - public void unregisterMBean(ObjectName name) - throws InstanceNotFoundException, MBeanRegistrationException { -- checkWrite(); -+ checkUnregister(name); - getMBeanServer().unregisterMBean(name); - } - ---- old/src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java Mon Mar 9 18:11:03 2009 -+++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java Mon Mar 9 18:11:03 2009 -@@ -31,11 +31,17 @@ - import java.security.AccessController; - import java.security.Principal; - import java.security.PrivilegedAction; --import java.util.Collection; -+import java.util.ArrayList; -+import java.util.HashMap; - import java.util.Iterator; -+import java.util.List; -+import java.util.Map; - import java.util.Properties; - import java.util.Set; -+import java.util.StringTokenizer; -+import java.util.regex.Pattern; - import javax.management.MBeanServer; -+import javax.management.ObjectName; - import javax.security.auth.Subject; - - /** -@@ -46,7 +52,8 @@ - * not allowed; in this case the request is not forwarded to the - * wrapped object.</p> - * -- * <p>This class implements the {@link #checkRead()} and {@link #checkWrite()} -+ * <p>This class implements the {@link #checkRead()}, {@link #checkWrite()}, -+ * {@link #checkCreate(String)}, and {@link #checkUnregister(ObjectName)} - * methods based on an access level properties file containing username/access - * level pairs. The set of username/access level pairs is passed either as a - * filename which denotes a properties file on disk, or directly as an instance -@@ -56,15 +63,51 @@ - * has exactly one access level. The same access level can be shared by several - * usernames.</p> - * -- * <p>The supported access level values are <i>readonly</i> and -- * <i>readwrite</i>.</p> -+ * <p>The supported access level values are {@code readonly} and -+ * {@code readwrite}. The {@code readwrite} access level can be -+ * qualified by one or more <i>clauses</i>, where each clause looks -+ * like <code>create <i>classNamePattern</i></code> or {@code -+ * unregister}. For example:</p> -+ * -+ * <pre> -+ * monitorRole readonly -+ * controlRole readwrite \ -+ * create javax.management.timer.*,javax.management.monitor.* \ -+ * unregister -+ * </pre> -+ * -+ * <p>(The continuation lines with {@code \} come from the parser for -+ * Properties files.)</p> - */ - public class MBeanServerFileAccessController - extends MBeanServerAccessController { - -- public static final String READONLY = "readonly"; -- public static final String READWRITE = "readwrite"; -+ static final String READONLY = "readonly"; -+ static final String READWRITE = "readwrite"; - -+ static final String CREATE = "create"; -+ static final String UNREGISTER = "unregister"; -+ -+ private enum AccessType {READ, WRITE, CREATE, UNREGISTER}; -+ -+ private static class Access { -+ final boolean write; -+ final String[] createPatterns; -+ private boolean unregister; -+ -+ Access(boolean write, boolean unregister, List<String> createPatternList) { -+ this.write = write; -+ int npats = (createPatternList == null) ? 0 : createPatternList.size(); -+ if (npats == 0) -+ this.createPatterns = NO_STRINGS; -+ else -+ this.createPatterns = createPatternList.toArray(new String[npats]); -+ this.unregister = unregister; -+ } -+ -+ private final String[] NO_STRINGS = new String[0]; -+ } -+ - /** - * <p>Create a new MBeanServerAccessController that forwards all the - * MBeanServer requests to the MBeanServer set by invoking the {@link -@@ -87,8 +130,8 @@ - throws IOException { - super(); - this.accessFileName = accessFileName; -- props = propertiesFromFile(accessFileName); -- checkValues(props); -+ Properties props = propertiesFromFile(accessFileName); -+ parseProperties(props); - } - - /** -@@ -123,14 +166,14 @@ - * #setMBeanServer} method after doing access checks based on read and - * write permissions.</p> - * -- * <p>This instance is initialized from the specified properties instance. -- * This constructor makes a copy of the properties instance using its -- * <code>clone</code> method and it is the copy that is consulted to check -- * the username and access level of an incoming connection. The original -- * properties object can be modified without affecting the copy. If the -- * {@link #refresh} method is then called, the -- * <code>MBeanServerFileAccessController</code> will make a new copy of the -- * properties object at that time.</p> -+ * <p>This instance is initialized from the specified properties -+ * instance. This constructor makes a copy of the properties -+ * instance and it is the copy that is consulted to check the -+ * username and access level of an incoming connection. The -+ * original properties object can be modified without affecting -+ * the copy. If the {@link #refresh} method is then called, the -+ * <code>MBeanServerFileAccessController</code> will make a new -+ * copy of the properties object at that time.</p> - * - * @param accessFileProps properties list containing the username/access - * level entries. -@@ -145,8 +188,7 @@ - if (accessFileProps == null) - throw new IllegalArgumentException("Null properties"); - originalProps = accessFileProps; -- props = (Properties) accessFileProps.clone(); -- checkValues(props); -+ parseProperties(accessFileProps); - } - - /** -@@ -155,14 +197,14 @@ - * #setMBeanServer} method after doing access checks based on read and - * write permissions.</p> - * -- * <p>This instance is initialized from the specified properties instance. -- * This constructor makes a copy of the properties instance using its -- * <code>clone</code> method and it is the copy that is consulted to check -- * the username and access level of an incoming connection. The original -- * properties object can be modified without affecting the copy. If the -- * {@link #refresh} method is then called, the -- * <code>MBeanServerFileAccessController</code> will make a new copy of the -- * properties object at that time.</p> -+ * <p>This instance is initialized from the specified properties -+ * instance. This constructor makes a copy of the properties -+ * instance and it is the copy that is consulted to check the -+ * username and access level of an incoming connection. The -+ * original properties object can be modified without affecting -+ * the copy. If the {@link #refresh} method is then called, the -+ * <code>MBeanServerFileAccessController</code> will make a new -+ * copy of the properties object at that time.</p> - * - * @param accessFileProps properties list containing the username/access - * level entries. -@@ -184,8 +226,9 @@ - * Check if the caller can do read operations. This method does - * nothing if so, otherwise throws SecurityException. - */ -+ @Override - public void checkRead() { -- checkAccessLevel(READONLY); -+ checkAccess(AccessType.READ, null); - } - - /** -@@ -192,11 +235,30 @@ - * Check if the caller can do write operations. This method does - * nothing if so, otherwise throws SecurityException. - */ -+ @Override - public void checkWrite() { -- checkAccessLevel(READWRITE); -+ checkAccess(AccessType.WRITE, null); - } - - /** -+ * Check if the caller can create MBeans or instances of the given class. -+ * This method does nothing if so, otherwise throws SecurityException. -+ */ -+ @Override -+ public void checkCreate(String className) { -+ checkAccess(AccessType.CREATE, className); -+ } -+ -+ /** -+ * Check if the caller can do unregister operations. This method does -+ * nothing if so, otherwise throws SecurityException. -+ */ -+ @Override -+ public void checkUnregister(ObjectName name) { -+ checkAccess(AccessType.UNREGISTER, null); -+ } -+ -+ /** - * <p>Refresh the set of username/access level entries.</p> - * - * <p>If this instance was created using the -@@ -218,14 +280,13 @@ - * @exception IllegalArgumentException if any of the supplied access - * level values differs from "readonly" or "readwrite". - */ -- public void refresh() throws IOException { -- synchronized (props) { -- if (accessFileName == null) -- props = (Properties) originalProps.clone(); -- else -- props = propertiesFromFile(accessFileName); -- checkValues(props); -- } -+ public synchronized void refresh() throws IOException { -+ Properties props; -+ if (accessFileName == null) -+ props = (Properties) originalProps; -+ else -+ props = propertiesFromFile(accessFileName); -+ parseProperties(props); - } - - private static Properties propertiesFromFile(String fname) -@@ -233,11 +294,13 @@ - FileInputStream fin = new FileInputStream(fname); - Properties p = new Properties(); - p.load(fin); -+ // Properties.load does a buffered read so we don't need to wrap -+ // the FileInputStream in a BufferedInputStream. - fin.close(); - return p; - } - -- private void checkAccessLevel(String accessLevel) { -+ private synchronized void checkAccess(AccessType requiredAccess, String arg) { - final AccessControlContext acc = AccessController.getContext(); - final Subject s = - AccessController.doPrivileged(new PrivilegedAction<Subject>() { -@@ -247,39 +310,234 @@ - }); - if (s == null) return; /* security has not been enabled */ - final Set principals = s.getPrincipals(); -+ String newPropertyValue = null; - for (Iterator i = principals.iterator(); i.hasNext(); ) { - final Principal p = (Principal) i.next(); -- String grantedAccessLevel; -- synchronized (props) { -- grantedAccessLevel = props.getProperty(p.getName()); -- } -- if (grantedAccessLevel != null) { -- if (accessLevel.equals(READONLY) && -- (grantedAccessLevel.equals(READONLY) || -- grantedAccessLevel.equals(READWRITE))) -+ Access access = accessMap.get(p.getName()); -+ if (access != null) { -+ boolean ok; -+ switch (requiredAccess) { -+ case READ: -+ ok = true; // all access entries imply read -+ break; -+ case WRITE: -+ ok = access.write; -+ break; -+ case UNREGISTER: -+ ok = access.unregister; -+ if (!ok && access.write) -+ newPropertyValue = "unregister"; -+ break; -+ case CREATE: -+ ok = checkCreateAccess(access, arg); -+ if (!ok && access.write) -+ newPropertyValue = "create " + arg; -+ break; -+ default: -+ throw new AssertionError(); -+ } -+ if (ok) - return; -- if (accessLevel.equals(READWRITE) && -- grantedAccessLevel.equals(READWRITE)) -- return; - } - } -- throw new SecurityException("Access denied! Invalid access level for " + -- "requested MBeanServer operation."); -+ SecurityException se = new SecurityException("Access denied! Invalid " + -+ "access level for requested MBeanServer operation."); -+ // Add some more information to help people with deployments that -+ // worked before we required explicit create clauses. We're not giving -+ // any information to the bad guys, other than that the access control -+ // is based on a file, which they could have worked out from the stack -+ // trace anyway. -+ if (newPropertyValue != null) { -+ SecurityException se2 = new SecurityException("Access property " + -+ "for this identity should be similar to: " + READWRITE + -+ " " + newPropertyValue); -+ se.initCause(se2); -+ } -+ throw se; - } - -- private void checkValues(Properties props) { -- Collection c = props.values(); -- for (Iterator i = c.iterator(); i.hasNext(); ) { -- final String accessLevel = (String) i.next(); -- if (!accessLevel.equals(READONLY) && -- !accessLevel.equals(READWRITE)) { -- throw new IllegalArgumentException( -- "Syntax error in access level entry [" + accessLevel + "]"); -+ private static boolean checkCreateAccess(Access access, String className) { -+ for (String classNamePattern : access.createPatterns) { -+ if (classNameMatch(classNamePattern, className)) -+ return true; -+ } -+ return false; -+ } -+ -+ private static boolean classNameMatch(String pattern, String className) { -+ // We studiously avoided regexes when parsing the properties file, -+ // because that is done whenever the VM is started with the -+ // appropriate -Dcom.sun.management options, even if nobody ever -+ // creates an MBean. We don't want to incur the overhead of loading -+ // all the regex code whenever those options are specified, but if we -+ // get as far as here then the VM is already running and somebody is -+ // doing the very unusual operation of remotely creating an MBean. -+ // Because that operation is so unusual, we don't try to optimize -+ // by hand-matching or by caching compiled Pattern objects. -+ StringBuilder sb = new StringBuilder(); -+ StringTokenizer stok = new StringTokenizer(pattern, "*", true); -+ while (stok.hasMoreTokens()) { -+ String tok = stok.nextToken(); -+ if (tok.equals("*")) -+ sb.append("[^.]*"); -+ else -+ sb.append(Pattern.quote(tok)); -+ } -+ return className.matches(sb.toString()); -+ } -+ -+ private void parseProperties(Properties props) { -+ this.accessMap = new HashMap<String, Access>(); -+ for (Map.Entry<Object, Object> entry : props.entrySet()) { -+ String identity = (String) entry.getKey(); -+ String accessString = (String) entry.getValue(); -+ Access access = Parser.parseAccess(identity, accessString); -+ accessMap.put(identity, access); -+ } -+ } -+ -+ private static class Parser { -+ private final static int EOS = -1; // pseudo-codepoint "end of string" -+ static { -+ assert !Character.isWhitespace(EOS); -+ } -+ -+ private final String identity; // just for better error messages -+ private final String s; // the string we're parsing -+ private final int len; // s.length() -+ private int i; -+ private int c; -+ // At any point, either c is s.codePointAt(i), or i == len and -+ // c is EOS. We use int rather than char because it is conceivable -+ // (if unlikely) that a classname in a create clause might contain -+ // "supplementary characters", the ones that don't fit in the original -+ // 16 bits for Unicode. -+ -+ private Parser(String identity, String s) { -+ this.identity = identity; -+ this.s = s; -+ this.len = s.length(); -+ this.i = 0; -+ if (i < len) -+ this.c = s.codePointAt(i); -+ else -+ this.c = EOS; -+ } -+ -+ static Access parseAccess(String identity, String s) { -+ return new Parser(identity, s).parseAccess(); -+ } -+ -+ private Access parseAccess() { -+ skipSpace(); -+ String type = parseWord(); -+ Access access; -+ if (type.equals(READONLY)) -+ access = new Access(false, false, null); -+ else if (type.equals(READWRITE)) -+ access = parseReadWrite(); -+ else { -+ throw syntax("Expected " + READONLY + " or " + READWRITE + -+ ": " + type); - } -+ if (c != EOS) -+ throw syntax("Extra text at end of line"); -+ return access; - } -+ -+ private Access parseReadWrite() { -+ List<String> createClasses = new ArrayList<String>(); -+ boolean unregister = false; -+ while (true) { -+ skipSpace(); -+ if (c == EOS) -+ break; -+ String type = parseWord(); -+ if (type.equals(UNREGISTER)) -+ unregister = true; -+ else if (type.equals(CREATE)) -+ parseCreate(createClasses); -+ else -+ throw syntax("Unrecognized keyword " + type); -+ } -+ return new Access(true, unregister, createClasses); -+ } -+ -+ private void parseCreate(List<String> createClasses) { -+ while (true) { -+ skipSpace(); -+ createClasses.add(parseClassName()); -+ skipSpace(); -+ if (c == ',') -+ next(); -+ else -+ break; -+ } -+ } -+ -+ private String parseClassName() { -+ // We don't check that classname components begin with suitable -+ // characters (so we accept 1.2.3 for example). This means that -+ // there are only two states, which we can call dotOK and !dotOK -+ // according as a dot (.) is legal or not. Initially we're in -+ // !dotOK since a classname can't start with a dot; after a dot -+ // we're in !dotOK again; and after any other characters we're in -+ // dotOK. The classname is only accepted if we end in dotOK, -+ // so we reject an empty name or a name that ends with a dot. -+ final int start = i; -+ boolean dotOK = false; -+ while (true) { -+ if (c == '.') { -+ if (!dotOK) -+ throw syntax("Bad . in class name"); -+ dotOK = false; -+ } else if (c == '*' || Character.isJavaIdentifierPart(c)) -+ dotOK = true; -+ else -+ break; -+ next(); -+ } -+ String className = s.substring(start, i); -+ if (!dotOK) -+ throw syntax("Bad class name " + className); -+ return className; -+ } -+ -+ // Advance c and i to the next character, unless already at EOS. -+ private void next() { -+ if (c != EOS) { -+ i += Character.charCount(c); -+ if (i < len) -+ c = s.codePointAt(i); -+ else -+ c = EOS; -+ } -+ } -+ -+ private void skipSpace() { -+ while (Character.isWhitespace(c)) -+ next(); -+ } -+ -+ private String parseWord() { -+ skipSpace(); -+ if (c == EOS) -+ throw syntax("Expected word at end of line"); -+ final int start = i; -+ while (c != EOS && !Character.isWhitespace(c)) -+ next(); -+ String word = s.substring(start, i); -+ skipSpace(); -+ return word; -+ } -+ -+ private IllegalArgumentException syntax(String msg) { -+ return new IllegalArgumentException( -+ msg + " [" + identity + " " + s + "]"); -+ } - } - -- private Properties props; -+ private Map<String, Access> accessMap; - private Properties originalProps; - private String accessFileName; - } ---- old/src/share/lib/management/jmxremote.access Mon Mar 9 18:11:05 2009 -+++ openjdk/jdk/src/share/lib/management/jmxremote.access Mon Mar 9 18:11:05 2009 -@@ -8,7 +8,7 @@ - # passwords. To be functional, a role must have an entry in - # both the password and the access files. - # --# Default location of this file is $JRE/lib/management/jmxremote.access -+# The default location of this file is $JRE/lib/management/jmxremote.access - # You can specify an alternate location by specifying a property in - # the management config file $JRE/lib/management/management.properties - # (See that file for details) -@@ -16,7 +16,7 @@ - # The file format for password and access files is syntactically the same - # as the Properties file format. The syntax is described in the Javadoc - # for java.util.Properties.load. --# Typical access file has multiple lines, where each line is blank, -+# A typical access file has multiple lines, where each line is blank, - # a comment (like this one), or an access control entry. - # - # An access control entry consists of a role name, and an -@@ -29,11 +29,39 @@ - # role can read measurements but cannot perform any action - # that changes the environment of the running program. - # "readwrite" grants access to read and write attributes of MBeans, --# to invoke operations on them, and to create or remove them. --# This access should be granted to only trusted clients, --# since they can potentially interfere with the smooth --# operation of a running program -+# to invoke operations on them, and optionally -+# to create or remove them. This access should be granted -+# only to trusted clients, since they can potentially -+# interfere with the smooth operation of a running program. - # -+# The "readwrite" access level can optionally be followed by the "create" and/or -+# "unregister" keywords. The "unregister" keyword grants access to unregister -+# (delete) MBeans. The "create" keyword grants access to create MBeans of a -+# particular class or of any class matching a particular pattern. Access -+# should only be granted to create MBeans of known and trusted classes. -+# -+# For example, the following entry would grant readwrite access -+# to "controlRole", as well as access to create MBeans of the class -+# javax.management.monitor.CounterMonitor and to unregister any MBean: -+# controlRole readwrite \ -+# create javax.management.monitor.CounterMonitorMBean \ -+# unregister -+# or equivalently: -+# controlRole readwrite unregister create javax.management.monitor.CounterMBean -+# -+# The following entry would grant readwrite access as well as access to create -+# MBeans of any class in the packages javax.management.monitor and -+# javax.management.timer: -+# controlRole readwrite \ -+# create javax.management.monitor.*,javax.management.timer.* \ -+# unregister -+# -+# The \ character is defined in the Properties file syntax to allow continuation -+# lines as shown here. A * in a class pattern matches a sequence of characters -+# other than dot (.), so javax.management.monitor.* matches -+# javax.management.monitor.CounterMonitor but not -+# javax.management.monitor.foo.Bar. -+# - # A given role should have at most one entry in this file. If a role - # has no entry, it has no access. - # If multiple entries are found for the same role name, then the last -@@ -42,7 +70,10 @@ - # - # Default access control entries: - # o The "monitorRole" role has readonly access. --# o The "controlRole" role has readwrite access. -+# o The "controlRole" role has readwrite access and can create the standard -+# Timer and Monitor MBeans defined by the JMX API. - - monitorRole readonly --controlRole readwrite -+controlRole readwrite \ -+ create javax.management.monitor.*,javax.management.timer.* \ -+ unregister
--- a/patches/icedtea-6737315.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,44 +0,0 @@ ---- old/./src/share/classes/com/sun/jndi/ldap/VersionHelper12.java Tue Mar 10 17:35:37 2009 -+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/VersionHelper12.java Tue Mar 10 17:35:36 2009 -@@ -1,5 +1,5 @@ - /* -- * Copyright 1999 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -33,12 +33,33 @@ - - final class VersionHelper12 extends VersionHelper { - -+ // System property to control whether classes may be loaded from an -+ // arbitrary URL code base. -+ private static final String TRUST_URL_CODEBASE_PROPERTY = -+ "com.sun.jndi.ldap.object.trustURLCodebase"; -+ -+ // Determine whether classes may be loaded from an arbitrary URL code base. -+ private static final String trustURLCodebase = -+ AccessController.doPrivileged( -+ new PrivilegedAction<String>() { -+ public String run() { -+ return System.getProperty(TRUST_URL_CODEBASE_PROPERTY, -+ "false"); -+ } -+ } -+ ); -+ - VersionHelper12() {} // Disallow external from creating one of these. - - ClassLoader getURLClassLoader(String[] url) - throws MalformedURLException { - ClassLoader parent = getContextClassLoader(); -- if (url != null) { -+ /* -+ * Classes may only be loaded from an arbitrary URL code base when -+ * the system property com.sun.jndi.ldap.object.trustURLCodebase -+ * has been set to "true". -+ */ -+ if (url != null && "true".equalsIgnoreCase(trustURLCodebase)) { - return URLClassLoader.newInstance(getUrlArray(url), parent); - } else { - return parent;
--- a/patches/icedtea-6792554.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,415 +0,0 @@ ---- old/src/share/native/com/sun/java/util/jar/pack/bands.cpp Tue Mar 3 22:19:24 2009 -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bands.cpp Tue Mar 3 22:19:23 2009 -@@ -1,5 +1,5 @@ - /* -- * Copyright 2002-2005 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -94,6 +94,7 @@ - assert(!valc->isMalloc); - } - xvs.init(u->rp, u->rplimit, valc); -+ CHECK; - int X = xvs.getInt(); - if (valc->S() != 0) { - assert(valc->min <= -256); -@@ -117,6 +118,7 @@ - byte XB_byte = (byte) XB; - byte* XB_ptr = &XB_byte; - cm.init(u->rp, u->rplimit, XB_ptr, 0, defc, length, null); -+ CHECK; - } else { - NOT_PRODUCT(byte* meta_rp0 = u->meta_rp); - assert(u->meta_rp != null); -@@ -215,8 +217,19 @@ - if (length == 0) return 0; - if (total_memo > 0) return total_memo-1; - int total = getInt(); -+ // overflow checks require that none of the addends are <0, -+ // and that the partial sums never overflow (wrap negative) -+ if (total < 0) { -+ abort("overflow detected"); -+ return 0; -+ } - for (int k = length-1; k > 0; k--) { -- total += vs[0].getInt(); -+ int prev_total = total; -+ total += vs[0].getInt(); -+ if (total < prev_total) { -+ abort("overflow detected"); -+ return 0; -+ } - } - rewind(); - total_memo = total+1; ---- old/src/share/native/com/sun/java/util/jar/pack/coding.cpp Tue Mar 3 22:19:29 2009 -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/coding.cpp Tue Mar 3 22:19:27 2009 -@@ -1,5 +1,5 @@ - /* -- * Copyright 2002-2005 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -809,6 +809,7 @@ - } - band_rp = vs.rp; - } -+ CHECK; - - // Get an accurate upper limit now. - vs0.rplimit = band_rp; ---- old/src/share/native/com/sun/java/util/jar/pack/defines.h Tue Mar 3 22:19:33 2009 -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/defines.h Tue Mar 3 22:19:31 2009 -@@ -1,5 +1,5 @@ - /* -- * Copyright 2001-2008 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -155,6 +155,8 @@ - #define CHECK_NULL_(y,p) _CHECK_DO((p)==null, return y) - #define CHECK_NULL_0(p) _CHECK_DO((p)==null, return 0) - -+#define CHECK_COUNT(t) if (t < 0){abort("bad value count");} CHECK -+ - #define STR_TRUE "true" - #define STR_FALSE "false" - ---- old/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Tue Mar 3 22:19:37 2009 -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Tue Mar 3 22:19:35 2009 -@@ -1,5 +1,5 @@ - /* -- * Copyright 2001-2008 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -504,15 +504,40 @@ - enum { - MAGIC_BYTES = 4, - AH_LENGTH_0 = 3, //minver, majver, options are outside of archive_size -+ AH_LENGTH_0_MAX = AH_LENGTH_0 + 1, // options might have 2 bytes - AH_LENGTH = 26, //maximum archive header length (w/ all fields) - // Length contributions from optional header fields: - AH_FILE_HEADER_LEN = 5, // sizehi/lo/next/modtime/files -+ AH_ARCHIVE_SIZE_LEN = 2, // sizehi/lo only; part of AH_FILE_HEADER_LEN - AH_CP_NUMBER_LEN = 4, // int/float/long/double - AH_SPECIAL_FORMAT_LEN = 2, // layouts/band-headers - AH_LENGTH_MIN = AH_LENGTH - -(AH_FILE_HEADER_LEN+AH_SPECIAL_FORMAT_LEN+AH_CP_NUMBER_LEN), -+ ARCHIVE_SIZE_MIN = AH_LENGTH_MIN - (AH_LENGTH_0 + AH_ARCHIVE_SIZE_LEN), - FIRST_READ = MAGIC_BYTES + AH_LENGTH_MIN - }; -+ -+ -+ assert(AH_LENGTH_MIN == 15); // # of UNSIGNED5 fields required after archive_magic -+ assert(ARCHIVE_SIZE_MIN == 10); // # of UNSIGNED5 fields required after archive_size -+ // An absolute minimum null archive is magic[4], {minver,majver,options}[3], -+ // archive_size[0], cp_counts[8], class_counts[4], for a total of 19 bytes. -+ // (Note that archive_size is optional; it may be 0..10 bytes in length.) -+ // The first read must capture everything up through the options field. -+ // This happens to work even if {minver,majver,options} is a pathological -+ // 15 bytes long. Legal pack files limit those three fields to 1+1+2 bytes. -+ assert(FIRST_READ >= MAGIC_BYTES + AH_LENGTH_0 * B_MAX); -+ -+ // Up through archive_size, the largest possible archive header is -+ // magic[4], {minver,majver,options}[4], archive_size[10]. -+ // (Note only the low 12 bits of options are allowed to be non-zero.) -+ // In order to parse archive_size, we need at least this many bytes -+ // in the first read. Of course, if archive_size_hi is more than -+ // a byte, we probably will fail to allocate the buffer, since it -+ // will be many gigabytes long. This is a practical, not an -+ // architectural limit to Pack200 archive sizes. -+ assert(FIRST_READ >= MAGIC_BYTES + AH_LENGTH_0_MAX + 2*B_MAX); -+ - bool foreign_buf = (read_input_fn == null); - byte initbuf[FIRST_READ + C_SLOP + 200]; // 200 is for JAR I/O - if (foreign_buf) { -@@ -528,7 +553,7 @@ - // There is no way to tell the caller that we used only part of them. - // Therefore, the caller must use only a bare minimum of read-ahead. - if (inbytes.len > FIRST_READ) { -- abort("too much pushback"); -+ abort("too much read-ahead"); - return; - } - input.set(initbuf, sizeof(initbuf)); -@@ -538,7 +563,7 @@ - rplimit += inbytes.len; - bytes_read += inbytes.len; - } -- // Read only 19 bytes, which is certain to contain #archive_size fields, -+ // Read only 19 bytes, which is certain to contain #archive_options fields, - // but is certain not to overflow past the archive_header. - input.b.len = FIRST_READ; - if (!ensure_input(FIRST_READ)) -@@ -611,8 +636,8 @@ - if ((archive_options & ~OPTION_LIMIT) != 0) { - fprintf(errstrm, "Warning: Illegal archive options 0x%x\n", - archive_options); -- // Do not abort. If the format really changes, version numbers will bump. -- //abort("illegal archive options"); -+ abort("illegal archive options"); -+ return; - } - - if ((archive_options & AO_HAVE_FILE_HEADERS) != 0) { -@@ -643,8 +668,17 @@ - return; - } - } else if (archive_size != 0) { -+ if (archive_size < ARCHIVE_SIZE_MIN) { -+ abort("impossible archive size"); // bad input data -+ return; -+ } -+ if (archive_size < header_size_1) { -+ abort("too much read-ahead"); // somehow we pre-fetched too much? -+ return; -+ } - input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), - (size_t) header_size_0 + archive_size); -+ CHECK; - assert(input.limit()[0] == 0); - // Move all the bytes we read initially into the real buffer. - input.b.copyFrom(initbuf, header_size); -@@ -659,6 +693,7 @@ - rp = rplimit = input.base(); - // Set up input buffer as if we already read the header: - input.b.copyFrom(initbuf, header_size); -+ CHECK; - rplimit += header_size; - while (ensure_input(input.limit() - rp)) { - size_t dataSoFar = input_remaining(); -@@ -694,8 +729,10 @@ - - if ((archive_options & AO_HAVE_FILE_HEADERS) != 0) { - archive_next_count = hdr.getInt(); -+ CHECK_COUNT(archive_next_count); - archive_modtime = hdr.getInt(); - file_count = hdr.getInt(); -+ CHECK_COUNT(file_count); - hdrVals += 3; - } else { - hdrValsSkipped += 3; -@@ -703,7 +740,9 @@ - - if ((archive_options & AO_HAVE_SPECIAL_FORMATS) != 0) { - band_headers_size = hdr.getInt(); -+ CHECK_COUNT(band_headers_size); - attr_definition_count = hdr.getInt(); -+ CHECK_COUNT(attr_definition_count); - hdrVals += 2; - } else { - hdrValsSkipped += 2; -@@ -723,13 +762,16 @@ - } - } - cp_counts[k] = hdr.getInt(); -+ CHECK_COUNT(cp_counts[k]); - hdrVals += 1; - } - - ic_count = hdr.getInt(); -+ CHECK_COUNT(ic_count); - default_class_minver = hdr.getInt(); - default_class_majver = hdr.getInt(); - class_count = hdr.getInt(); -+ CHECK_COUNT(class_count); - hdrVals += 4; - - // done with archive_header -@@ -783,7 +825,6 @@ - bytes::of(band_headers.limit(), C_SLOP).clear(_meta_error); - } - -- - void unpacker::finish() { - if (verbose >= 1) { - fprintf(errstrm, -@@ -2089,13 +2130,14 @@ - - field_descr.readData(field_count); - read_attrs(ATTR_CONTEXT_FIELD, field_count); -+ CHECK; - - method_descr.readData(method_count); - read_attrs(ATTR_CONTEXT_METHOD, method_count); -- - CHECK; - - read_attrs(ATTR_CONTEXT_CLASS, class_count); -+ CHECK; - - read_code_headers(); - -@@ -2122,10 +2164,12 @@ - assert(endsWith(xxx_flags_hi.name, "_flags_hi")); - if (haveLongFlags) - xxx_flags_hi.readData(obj_count); -+ CHECK; - - band& xxx_flags_lo = ad.xxx_flags_lo(); - assert(endsWith(xxx_flags_lo.name, "_flags_lo")); - xxx_flags_lo.readData(obj_count); -+ CHECK; - - // pre-scan flags, counting occurrences of each index bit - julong indexMask = ad.flagIndexMask(); // which flag bits are index bits? -@@ -2148,11 +2192,13 @@ - assert(endsWith(xxx_attr_count.name, "_attr_count")); - // There is one count element for each 1<<16 bit set in flags: - xxx_attr_count.readData(ad.predefCount(X_ATTR_OVERFLOW)); -+ CHECK; - - band& xxx_attr_indexes = ad.xxx_attr_indexes(); - assert(endsWith(xxx_attr_indexes.name, "_attr_indexes")); - int overflowIndexCount = xxx_attr_count.getIntTotal(); - xxx_attr_indexes.readData(overflowIndexCount); -+ CHECK; - // pre-scan attr indexes, counting occurrences of each value - for (i = 0; i < overflowIndexCount; i++) { - idx = xxx_attr_indexes.getInt(); -@@ -2183,6 +2229,7 @@ - } - } - ad.xxx_attr_calls().readData(backwardCounts); -+ CHECK; - - // Read built-in bands. - // Mostly, these are hand-coded equivalents to readBandData(). -@@ -2191,13 +2238,16 @@ - - count = ad.predefCount(CLASS_ATTR_SourceFile); - class_SourceFile_RUN.readData(count); -+ CHECK; - - count = ad.predefCount(CLASS_ATTR_EnclosingMethod); - class_EnclosingMethod_RC.readData(count); - class_EnclosingMethod_RDN.readData(count); -+ CHECK; - - count = ad.predefCount(X_ATTR_Signature); - class_Signature_RS.readData(count); -+ CHECK; - - ad.readBandData(X_ATTR_RuntimeVisibleAnnotations); - ad.readBandData(X_ATTR_RuntimeInvisibleAnnotations); -@@ -2204,17 +2254,22 @@ - - count = ad.predefCount(CLASS_ATTR_InnerClasses); - class_InnerClasses_N.readData(count); -+ CHECK; -+ - count = class_InnerClasses_N.getIntTotal(); - class_InnerClasses_RC.readData(count); - class_InnerClasses_F.readData(count); -+ CHECK; - // Drop remaining columns wherever flags are zero: - count -= class_InnerClasses_F.getIntCount(0); - class_InnerClasses_outer_RCN.readData(count); - class_InnerClasses_name_RUN.readData(count); -+ CHECK; - - count = ad.predefCount(CLASS_ATTR_ClassFile_version); - class_ClassFile_version_minor_H.readData(count); - class_ClassFile_version_major_H.readData(count); -+ CHECK; - break; - - case ATTR_CONTEXT_FIELD: -@@ -2221,12 +2276,15 @@ - - count = ad.predefCount(FIELD_ATTR_ConstantValue); - field_ConstantValue_KQ.readData(count); -+ CHECK; - - count = ad.predefCount(X_ATTR_Signature); - field_Signature_RS.readData(count); -+ CHECK; - - ad.readBandData(X_ATTR_RuntimeVisibleAnnotations); - ad.readBandData(X_ATTR_RuntimeInvisibleAnnotations); -+ CHECK; - break; - - case ATTR_CONTEXT_METHOD: -@@ -2238,9 +2296,11 @@ - method_Exceptions_N.readData(count); - count = method_Exceptions_N.getIntTotal(); - method_Exceptions_RC.readData(count); -+ CHECK; - - count = ad.predefCount(X_ATTR_Signature); - method_Signature_RS.readData(count); -+ CHECK; - - ad.readBandData(X_ATTR_RuntimeVisibleAnnotations); - ad.readBandData(X_ATTR_RuntimeInvisibleAnnotations); -@@ -2247,6 +2307,7 @@ - ad.readBandData(METHOD_ATTR_RuntimeVisibleParameterAnnotations); - ad.readBandData(METHOD_ATTR_RuntimeInvisibleParameterAnnotations); - ad.readBandData(METHOD_ATTR_AnnotationDefault); -+ CHECK; - break; - - case ATTR_CONTEXT_CODE: -@@ -2258,8 +2319,10 @@ - return; - } - code_StackMapTable_N.readData(count); -+ CHECK; - count = code_StackMapTable_N.getIntTotal(); - code_StackMapTable_frame_T.readData(count); -+ CHECK; - // the rest of it depends in a complicated way on frame tags - { - int fat_frame_count = 0; -@@ -2293,18 +2356,23 @@ - // deal completely with fat frames: - offset_count += fat_frame_count; - code_StackMapTable_local_N.readData(fat_frame_count); -+ CHECK; - type_count += code_StackMapTable_local_N.getIntTotal(); - code_StackMapTable_stack_N.readData(fat_frame_count); - type_count += code_StackMapTable_stack_N.getIntTotal(); -+ CHECK; - // read the rest: - code_StackMapTable_offset.readData(offset_count); - code_StackMapTable_T.readData(type_count); -+ CHECK; - // (7) [RCH] - count = code_StackMapTable_T.getIntCount(7); - code_StackMapTable_RC.readData(count); -+ CHECK; - // (8) [PH] - count = code_StackMapTable_T.getIntCount(8); - code_StackMapTable_P.readData(count); -+ CHECK; - } - - count = ad.predefCount(CODE_ATTR_LineNumberTable); -@@ -2626,7 +2694,9 @@ - code_max_na_locals.readData(); - code_handler_count.readData(); - totalHandlerCount += code_handler_count.getIntTotal(); -+ CHECK; - -+ - // Read handler specifications. - // Cf. PackageReader.readCodeHandlers. - code_handler_start_P.readData(totalHandlerCount); -@@ -2633,8 +2703,10 @@ - code_handler_end_PO.readData(totalHandlerCount); - code_handler_catch_PO.readData(totalHandlerCount); - code_handler_class_RCN.readData(totalHandlerCount); -+ CHECK; - - read_attrs(ATTR_CONTEXT_CODE, totalFlagsCount); -+ CHECK; - } - - static inline bool is_in_range(uint n, uint min, uint max) {
--- a/patches/icedtea-6804996.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,75 +0,0 @@ ---- old/src/share/native/sun/awt/splashscreen/splashscreen_gif.c Thu Mar 5 16:18:35 2009 -+++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_gif.c Thu Mar 5 16:18:34 2009 -@@ -53,10 +53,6 @@ - // convert libungif samples to our ones - #define MAKE_QUAD_GIF(c,a) MAKE_QUAD((c).Red, (c).Green, (c).Blue, (a)) - --#define SAFE_TO_ALLOC(c, sz) \ -- (((c) > 0) && ((sz) > 0) && \ -- ((0xffffffffu / ((unsigned int)(c))) > (unsigned int)(sz))) -- - /* stdio FILE* and memory input functions for libungif */ - int - SplashStreamGifInputFunc(GifFileType * gif, GifByteType * buf, int n) ---- old/src/share/native/sun/awt/splashscreen/splashscreen_impl.h Thu Mar 5 16:18:38 2009 -+++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_impl.h Thu Mar 5 16:18:37 2009 -@@ -155,6 +155,10 @@ - - void SplashInitFrameShape(Splash * splash, int imageIndex); - -+#define SAFE_TO_ALLOC(c, sz) \ -+ (((c) > 0) && ((sz) > 0) && \ -+ ((0xffffffffu / ((unsigned int)(c))) > (unsigned int)(sz))) -+ - #define dbgprintf printf - - #endif ---- old/src/share/native/sun/awt/splashscreen/splashscreen_png.c Thu Mar 5 16:18:41 2009 -+++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c Thu Mar 5 16:18:40 2009 -@@ -103,9 +103,17 @@ - - rowbytes = png_get_rowbytes(png_ptr, info_ptr); - -+ if (!SAFE_TO_ALLOC(rowbytes, height)) { -+ goto done; -+ } -+ - if ((image_data = (unsigned char *) malloc(rowbytes * height)) == NULL) { - goto done; - } -+ -+ if (!SAFE_TO_ALLOC(height, sizeof(png_bytep))) { -+ goto done; -+ } - if ((row_pointers = (png_bytepp) malloc(height * sizeof(png_bytep))) - == NULL) { - goto done; -@@ -121,13 +129,28 @@ - splash->width = width; - splash->height = height; - -+ if (!SAFE_TO_ALLOC(splash->width, splash->imageFormat.depthBytes)) { -+ goto done; -+ } - stride = splash->width * splash->imageFormat.depthBytes; - -+ if (!SAFE_TO_ALLOC(splash->height, stride)) { -+ goto done; -+ } - splash->frameCount = 1; - splash->frames = (SplashImage *) - malloc(sizeof(SplashImage) * splash->frameCount); -+ -+ if (splash->frames == NULL) { -+ goto done; -+ } -+ - splash->loopCount = 1; - splash->frames[0].bitmapBits = malloc(stride * splash->height); -+ if (splash->frames[0].bitmapBits == NULL) { -+ free(splash->frames); -+ goto done; -+ } - splash->frames[0].delay = 0; - - /* FIXME: sort out the real format */
--- a/patches/icedtea-6804997.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,31 +0,0 @@ ---- old/src/share/native/sun/awt/giflib/dgif_lib.c Thu Mar 5 16:33:17 2009 -+++ openjdk/jdk/src/share/native/sun/awt/giflib/dgif_lib.c Thu Mar 5 16:33:16 2009 -@@ -722,6 +722,10 @@ - GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; - - READ(GifFile, &CodeSize, 1); /* Read Code size from file. */ -+ if (CodeSize >= 12) { -+ /* Invalid initial code size: report failure */ -+ return GIF_ERROR; -+ } - BitsPerPixel = CodeSize; - - Private->Buf[0] = 0; /* Input Buffer empty. */ -@@ -964,10 +968,13 @@ - - /* If code cannot fit into RunningBits bits, must raise its size. Note - * however that codes above 4095 are used for special signaling. */ -- if (++Private->RunningCode > Private->MaxCode1 && -- Private->RunningBits < LZ_BITS) { -- Private->MaxCode1 <<= 1; -- Private->RunningBits++; -+ if (++Private->RunningCode > Private->MaxCode1) { -+ if (Private->RunningBits < LZ_BITS) { -+ Private->MaxCode1 <<= 1; -+ Private->RunningBits++; -+ } else { -+ Private->RunningCode = Private->MaxCode1; -+ } - } - return GIF_OK; - }
--- a/patches/icedtea-6804998.patch Tue Mar 24 07:54:27 2009 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,35 +0,0 @@ ---- old/src/share/classes/sun/awt/image/GifImageDecoder.java Thu Mar 5 17:00:25 2009 -+++ openjdk/jdk/src/share/classes/sun/awt/image/GifImageDecoder.java Thu Mar 5 17:00:24 2009 -@@ -585,9 +585,16 @@ - System.out.print("Reading a " + width + " by " + height + " " + - (interlace ? "" : "non-") + "interlaced image..."); - } -- -+ int initCodeSize = ExtractByte(block, 9); -+ if (initCodeSize >= 12) { -+ if (verbose) { -+ System.out.println("Invalid initial code size: " + -+ initCodeSize); -+ } -+ return false; -+ } - boolean ret = parseImage(x, y, width, height, -- interlace, ExtractByte(block, 9), -+ interlace, initCodeSize, - block, rasline, model); - - if (!ret) { ---- old/src/share/native/sun/awt/image/gif/gifdecoder.c Thu Mar 5 17:00:28 2009 -+++ openjdk/jdk/src/share/native/sun/awt/image/gif/gifdecoder.c Thu Mar 5 17:00:27 2009 -@@ -191,6 +191,11 @@ - int passht = passinc; - int len; - -+ /* We have verified the initial code size on the java layer. -+ * Here we just check bounds for particular indexes. */ -+ if (freeCode >= 4096 || maxCode >= 4096) { -+ return 0; -+ } - if (blockh == 0 || raslineh == 0 - || prefixh == 0 || suffixh == 0 - || outCodeh == 0)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6536193.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,102 @@ +--- old/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Tue Mar 3 11:34:51 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Tue Mar 3 11:34:50 2009 +@@ -1,27 +1,3 @@ +-/* +- * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Sun designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Sun in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +- * CA 95054 USA or visit www.sun.com if you need additional information or +- * have any questions. +- */ + package com.sun.xml.internal.bind.v2.runtime.output; + + import java.io.IOException; +@@ -32,6 +8,7 @@ + import com.sun.xml.internal.bind.DatatypeConverterImpl; + import com.sun.xml.internal.bind.v2.runtime.Name; + import com.sun.xml.internal.bind.v2.runtime.XMLSerializer; ++import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl; + + import org.xml.sax.SAXException; + +@@ -81,6 +58,11 @@ + protected boolean closeStartTagPending = false; + + /** ++ * @see MarshallerImpl#header ++ */ ++ private String header; ++ ++ /** + * + * @param localNames + * local names encoded in UTF-8. +@@ -92,6 +74,10 @@ + prefixes[i] = new Encoded(); + } + ++ public void setHeader(String header) { ++ this.header = header; ++ } ++ + @Override + public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException { + super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext); +@@ -100,6 +86,10 @@ + if(!fragment) { + write(XML_DECL); + } ++ if(header!=null) { ++ textBuffer.set(header); ++ textBuffer.write(this); ++ } + } + + public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException { +@@ -383,11 +373,23 @@ + return buf; + } + +- private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\""); +- private static final byte[] XMLNS_COLON = toBytes(" xmlns:"); +- private static final byte[] EQUALS = toBytes("=\""); +- private static final byte[] CLOSE_TAG = toBytes("</"); +- private static final byte[] EMPTY_TAG = toBytes("/>"); ++ // per instance copy to prevent an attack where malicious OutputStream ++ // rewrites the byte array. ++ private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone(); ++ private final byte[] XMLNS_COLON = _XMLNS_COLON.clone(); ++ private final byte[] EQUALS = _EQUALS.clone(); ++ private final byte[] CLOSE_TAG = _CLOSE_TAG.clone(); ++ private final byte[] EMPTY_TAG = _EMPTY_TAG.clone(); ++ private final byte[] XML_DECL = _XML_DECL.clone(); ++ ++ // masters ++ private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\""); ++ private static final byte[] _XMLNS_COLON = toBytes(" xmlns:"); ++ private static final byte[] _EQUALS = toBytes("=\""); ++ private static final byte[] _CLOSE_TAG = toBytes("</"); ++ private static final byte[] _EMPTY_TAG = toBytes("/>"); ++ private static final byte[] _XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"); ++ ++ // no need to copy + private static final byte[] EMPTY_BYTE_ARRAY = new byte[0]; +- private static final byte[] XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"); + }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6610888.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,58 @@ +--- old/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 17:21:12 2009 ++++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 17:21:11 2009 +@@ -37,6 +37,7 @@ + import java.security.AccessControlContext; + import java.security.AccessController; + import java.security.PrivilegedAction; ++import java.security.ProtectionDomain; + import java.util.List; + import java.util.concurrent.CopyOnWriteArrayList; + import java.util.concurrent.ExecutorService; +@@ -170,7 +171,10 @@ + /** + * AccessControlContext of the Monitor.start() caller. + */ +- private AccessControlContext acc; ++ private static final AccessControlContext noPermissionsACC = ++ new AccessControlContext( ++ new ProtectionDomain[] {new ProtectionDomain(null, null)}); ++ private volatile AccessControlContext acc = noPermissionsACC; + + /** + * Scheduler Service. +@@ -755,7 +759,7 @@ + + // Reset the AccessControlContext. + // +- acc = null; ++ acc = noPermissionsACC; + + // Reset the complex type attribute information + // such that it is recalculated again. +@@ -1555,10 +1559,12 @@ + + public void run() { + final ScheduledFuture<?> sf; ++ final AccessControlContext ac; + synchronized (Monitor.this) { + sf = Monitor.this.schedulerFuture; ++ ac = Monitor.this.acc; + } +- AccessController.doPrivileged(new PrivilegedAction<Void>() { ++ PrivilegedAction<Void> action = new PrivilegedAction<Void>() { + public Void run() { + if (Monitor.this.isActive()) { + final int an[] = alreadyNotifieds; +@@ -1571,7 +1577,11 @@ + } + return null; + } +- }, Monitor.this.acc); ++ }; ++ if (ac == null) { ++ throw new SecurityException("AccessControlContext cannot be null"); ++ } ++ AccessController.doPrivileged(action, ac); + synchronized (Monitor.this) { + if (Monitor.this.isActive() && + Monitor.this.schedulerFuture == sf) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6610896.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,189 @@ +--- old/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 16:53:02 2009 ++++ openjdk/jdk/src/share/classes/javax/management/monitor/Monitor.java Mon Mar 9 16:53:01 2009 +@@ -38,8 +38,9 @@ + import java.security.AccessController; + import java.security.PrivilegedAction; + import java.util.List; ++import java.util.Map; ++import java.util.WeakHashMap; + import java.util.concurrent.CopyOnWriteArrayList; +-import java.util.concurrent.ExecutorService; + import java.util.concurrent.Executors; + import java.util.concurrent.Future; + import java.util.concurrent.LinkedBlockingQueue; +@@ -180,14 +181,20 @@ + new DaemonThreadFactory("Scheduler")); + + /** +- * Maximum Pool Size ++ * Map containing the thread pool executor per thread group. + */ +- private static final int maximumPoolSize; ++ private static final Map<ThreadPoolExecutor, Void> executors = ++ new WeakHashMap<ThreadPoolExecutor, Void>(); + + /** +- * Executor Service. ++ * Lock for executors map. + */ +- private static final ExecutorService executor; ++ private static final Object executorsLock = new Object(); ++ ++ /** ++ * Maximum Pool Size ++ */ ++ private static final int maximumPoolSize; + static { + final String maximumPoolSizeSysProp = "jmx.x.monitor.maximum.pool.size"; + final String maximumPoolSizeStr = AccessController.doPrivileged( +@@ -217,22 +224,9 @@ + maximumPoolSize = maximumPoolSizeTmp; + } + } +- executor = new ThreadPoolExecutor( +- maximumPoolSize, +- maximumPoolSize, +- 60L, +- TimeUnit.SECONDS, +- new LinkedBlockingQueue<Runnable>(), +- new DaemonThreadFactory("Executor")); +- ((ThreadPoolExecutor)executor).allowCoreThreadTimeOut(true); + } + + /** +- * Monitor task to be executed by the Executor Service. +- */ +- private final MonitorTask monitorTask = new MonitorTask(); +- +- /** + * Future associated to the current monitor task. + */ + private Future<?> monitorFuture; +@@ -240,7 +234,7 @@ + /** + * Scheduler task to be executed by the Scheduler Service. + */ +- private final SchedulerTask schedulerTask = new SchedulerTask(monitorTask); ++ private final SchedulerTask schedulerTask = new SchedulerTask(); + + /** + * ScheduledFuture associated to the current scheduler task. +@@ -726,6 +720,7 @@ + // Start the scheduler. + // + cleanupFutures(); ++ schedulerTask.setMonitorTask(new MonitorTask()); + schedulerFuture = scheduler.schedule(schedulerTask, + getGranularityPeriod(), + TimeUnit.MILLISECONDS); +@@ -1505,7 +1500,7 @@ + */ + private class SchedulerTask implements Runnable { + +- private Runnable task = null; ++ private MonitorTask task; + + /* + * ------------------------------------------ +@@ -1513,7 +1508,16 @@ + * ------------------------------------------ + */ + +- public SchedulerTask(Runnable task) { ++ public SchedulerTask() { ++ } ++ ++ /* ++ * ------------------------------------------ ++ * GETTERS/SETTERS ++ * ------------------------------------------ ++ */ ++ ++ public void setMonitorTask(MonitorTask task) { + this.task = task; + } + +@@ -1525,7 +1529,7 @@ + + public void run() { + synchronized (Monitor.this) { +- Monitor.this.monitorFuture = executor.submit(task); ++ Monitor.this.monitorFuture = task.submit(); + } + } + } +@@ -1538,6 +1542,8 @@ + */ + private class MonitorTask implements Runnable { + ++ private ThreadPoolExecutor executor; ++ + /* + * ------------------------------------------ + * CONSTRUCTORS +@@ -1545,6 +1551,38 @@ + */ + + public MonitorTask() { ++ // Find out if there's already an existing executor for the calling ++ // thread and reuse it. Otherwise, create a new one and store it in ++ // the executors map. If there is a SecurityManager, the group of ++ // System.getSecurityManager() is used, else the group of the thread ++ // instantiating this MonitorTask, i.e. the group of the thread that ++ // calls "Monitor.start()". ++ SecurityManager s = System.getSecurityManager(); ++ ThreadGroup group = (s != null) ? s.getThreadGroup() : ++ Thread.currentThread().getThreadGroup(); ++ synchronized (executorsLock) { ++ for (ThreadPoolExecutor e : executors.keySet()) { ++ DaemonThreadFactory tf = ++ (DaemonThreadFactory) e.getThreadFactory(); ++ ThreadGroup tg = tf.getThreadGroup(); ++ if (tg == group) { ++ executor = e; ++ break; ++ } ++ } ++ if (executor == null) { ++ executor = new ThreadPoolExecutor( ++ maximumPoolSize, ++ maximumPoolSize, ++ 60L, ++ TimeUnit.SECONDS, ++ new LinkedBlockingQueue<Runnable>(), ++ new DaemonThreadFactory("ThreadGroup<" + ++ group.getName() + "> Executor", group)); ++ executor.allowCoreThreadTimeOut(true); ++ executors.put(executor, null); ++ } ++ } + } + + /* +@@ -1553,6 +1591,10 @@ + * ------------------------------------------ + */ + ++ public Future<?> submit() { ++ return executor.submit(this); ++ } ++ + public void run() { + final ScheduledFuture<?> sf; + synchronized (Monitor.this) { +@@ -1611,6 +1653,15 @@ + namePrefix = "JMX Monitor " + poolName + " Pool [Thread-"; + } + ++ public DaemonThreadFactory(String poolName, ThreadGroup threadGroup) { ++ group = threadGroup; ++ namePrefix = "JMX Monitor " + poolName + " Pool [Thread-"; ++ } ++ ++ public ThreadGroup getThreadGroup() { ++ return group; ++ } ++ + public Thread newThread(Runnable r) { + Thread t = new Thread(group, + r,
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6630639.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,31 @@ +--- old/src/share/classes/sun/net/httpserver/Request.java Wed Mar 4 03:29:39 2009 ++++ openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java Wed Mar 4 03:29:39 2009 +@@ -52,6 +52,9 @@ + os = rawout; + do { + startLine = readLine(); ++ if (startLine == null) { ++ return; ++ } + /* skip blank lines */ + } while (startLine.equals ("")); + } +--- old/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Mar 4 03:29:41 2009 ++++ openjdk/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Mar 4 03:29:41 2009 +@@ -437,6 +437,7 @@ + rawin = sslStreams.getInputStream(); + rawout = sslStreams.getOutputStream(); + engine = sslStreams.getSSLEngine(); ++ connection.sslStreams = sslStreams; + } else { + rawin = new BufferedInputStream( + new Request.ReadStream ( +@@ -446,6 +447,8 @@ + ServerImpl.this, chan + ); + } ++ connection.raw = rawin; ++ connection.rawout = rawout; + } + Request req = new Request (rawin, rawout); + requestLine = req.requestLine();
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6632886.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,502 @@ +--- old/src/share/classes/java/awt/Font.java Tue Mar 3 14:12:23 2009 ++++ openjdk/jdk/src/share/classes/java/awt/Font.java Tue Mar 3 14:12:23 2009 +@@ -37,6 +37,8 @@ + import java.awt.peer.FontPeer; + import java.io.*; + import java.lang.ref.SoftReference; ++import java.security.AccessController; ++import java.security.PrivilegedExceptionAction; + import java.text.AttributedCharacterIterator.Attribute; + import java.text.CharacterIterator; + import java.text.StringCharacterIterator; +@@ -51,6 +53,7 @@ + import sun.font.AttributeValues; + import sun.font.EAttribute; + import sun.font.CompositeFont; ++import sun.font.CreatedFontTracker; + import sun.font.Font2D; + import sun.font.Font2DHandle; + import sun.font.FontManager; +@@ -575,7 +578,8 @@ + } + + /* used to implement Font.createFont */ +- private Font(File fontFile, int fontFormat, boolean isCopy) ++ private Font(File fontFile, int fontFormat, ++ boolean isCopy, CreatedFontTracker tracker) + throws FontFormatException { + this.createdFont = true; + /* Font2D instances created by this method track their font file +@@ -582,7 +586,8 @@ + * so that when the Font2D is GC'd it can also remove the file. + */ + this.font2DHandle = +- FontManager.createFont2D(fontFile, fontFormat, isCopy).handle; ++ FontManager.createFont2D(fontFile, fontFormat, ++ isCopy, tracker).handle; + this.name = this.font2DHandle.font2D.getFontName(Locale.getDefault()); + this.style = Font.PLAIN; + this.size = 1; +@@ -788,6 +793,29 @@ + } + + /** ++ * Used with the byte count tracker for fonts created from streams. ++ * If a thread can create temp files anyway, no point in counting ++ * font bytes. ++ */ ++ private static boolean hasTempPermission() { ++ ++ if (System.getSecurityManager() == null) { ++ return true; ++ } ++ File f = null; ++ boolean hasPerm = false; ++ try { ++ f = File.createTempFile("+~JT", ".tmp", null); ++ f.delete(); ++ f = null; ++ hasPerm = true; ++ } catch (Throwable t) { ++ /* inc. any kind of SecurityException */ ++ } ++ return hasPerm; ++ } ++ ++ /** + * Returns a new <code>Font</code> using the specified font type + * and input data. The new <code>Font</code> is + * created with a point size of 1 and style {@link #PLAIN PLAIN}. +@@ -822,58 +850,96 @@ + fontFormat != Font.TYPE1_FONT) { + throw new IllegalArgumentException ("font format not recognized"); + } +- final InputStream fStream = fontStream; +- Object ret = java.security.AccessController.doPrivileged( +- new java.security.PrivilegedAction() { +- public Object run() { +- File tFile = null; +- FileOutputStream outStream = null; +- try { +- tFile = File.createTempFile("+~JF", ".tmp", null); +- /* Temp file deleted by font shutdown hook */ +- BufferedInputStream inStream = +- new BufferedInputStream(fStream); +- outStream = new FileOutputStream(tFile); +- int bytesRead = 0; +- int bufSize = 8192; +- byte [] buf = new byte[bufSize]; +- while (bytesRead != -1) { +- try { +- bytesRead = inStream.read(buf, 0, bufSize); +- } catch (Throwable t) { +- throw new IOException(); +- } +- if (bytesRead != -1) { +- outStream.write(buf, 0, bytesRead); +- } +- } +- /* don't close the input stream */ +- outStream.close(); +- } catch (IOException e) { +- if (outStream != null) { +- try { +- outStream.close(); +- } catch (Exception e1) { +- } +- } +- if (tFile != null) { +- try { +- tFile.delete(); +- } catch (Exception e2) { +- } +- } +- return e; +- } +- return tFile; +- } +- }); ++ boolean copiedFontData = false; + +- if (ret instanceof File) { +- return new Font((File)ret, fontFormat, true); +- } else if (ret instanceof IOException) { +- throw (IOException)ret; +- } else { +- throw new FontFormatException("Couldn't access font stream"); ++ try { ++ final File tFile = AccessController.doPrivileged( ++ new PrivilegedExceptionAction<File>() { ++ public File run() throws IOException { ++ return File.createTempFile("+~JF", ".tmp", null); ++ } ++ } ++ ); ++ ++ int totalSize = 0; ++ CreatedFontTracker tracker = null; ++ try { ++ final OutputStream outStream = ++ AccessController.doPrivileged( ++ new PrivilegedExceptionAction<OutputStream>() { ++ public OutputStream run() throws IOException { ++ return new FileOutputStream(tFile); ++ } ++ } ++ ); ++ if (!hasTempPermission()) { ++ tracker = CreatedFontTracker.getTracker(); ++ } ++ try { ++ byte[] buf = new byte[8192]; ++ for (;;) { ++ int bytesRead = fontStream.read(buf); ++ if (bytesRead < 0) { ++ break; ++ } ++ if (tracker != null) { ++ if (totalSize+bytesRead > tracker.MAX_FILE_SIZE) { ++ throw new IOException("File too big."); ++ } ++ if (totalSize+tracker.getNumBytes() > ++ tracker.MAX_TOTAL_BYTES) ++ { ++ throw new IOException("Total files too big."); ++ } ++ totalSize += bytesRead; ++ tracker.addBytes(bytesRead); ++ } ++ outStream.write(buf, 0, bytesRead); ++ } ++ /* don't close the input stream */ ++ } finally { ++ outStream.close(); ++ } ++ /* After all references to a Font2D are dropped, the file ++ * will be removed. To support long-lived AppContexts, ++ * we need to then decrement the byte count by the size ++ * of the file. ++ * If the data isn't a valid font, the implementation will ++ * delete the tmp file and decrement the byte count ++ * in the tracker object before returning from the ++ * constructor, so we can set 'copiedFontData' to true here ++ * without waiting for the results of that constructor. ++ */ ++ copiedFontData = true; ++ Font font = new Font(tFile, fontFormat, true, tracker); ++ return font; ++ } finally { ++ if (!copiedFontData) { ++ if (tracker != null) { ++ tracker.subBytes(totalSize); ++ } ++ AccessController.doPrivileged( ++ new PrivilegedExceptionAction<Void>() { ++ public Void run() { ++ tFile.delete(); ++ return null; ++ } ++ } ++ ); ++ } ++ } ++ } catch (Throwable t) { ++ if (t instanceof FontFormatException) { ++ throw (FontFormatException)t; ++ } ++ if (t instanceof IOException) { ++ throw (IOException)t; ++ } ++ Throwable cause = t.getCause(); ++ if (cause instanceof FontFormatException) { ++ throw (FontFormatException)cause; ++ } ++ throw new IOException("Problem reading font data."); + } + } + +@@ -913,6 +979,9 @@ + */ + public static Font createFont(int fontFormat, File fontFile) + throws java.awt.FontFormatException, java.io.IOException { ++ ++ fontFile = new File(fontFile.getPath()); ++ + if (fontFormat != Font.TRUETYPE_FONT && + fontFormat != Font.TYPE1_FONT) { + throw new IllegalArgumentException ("font format not recognized"); +@@ -926,7 +995,7 @@ + if (!fontFile.canRead()) { + throw new IOException("Can't read " + fontFile); + } +- return new Font(fontFile, fontFormat, false); ++ return new Font(fontFile, fontFormat, false, null); + } + + /** +--- old/src/share/classes/sun/font/FileFont.java Tue Mar 3 14:12:26 2009 ++++ openjdk/jdk/src/share/classes/sun/font/FileFont.java Tue Mar 3 14:12:25 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -125,9 +125,9 @@ + return true; + } + +- void setFileToRemove(File file) { ++ void setFileToRemove(File file, CreatedFontTracker tracker) { + Disposer.addObjectRecord(this, +- new CreatedFontFileDisposerRecord(file)); ++ new CreatedFontFileDisposerRecord(file, tracker)); + } + + /* This is called when a font scaler is determined to +@@ -246,12 +246,16 @@ + return getScaler().getUnitsPerEm(); + } + +- private static class CreatedFontFileDisposerRecord implements DisposerRecord { ++ private static class CreatedFontFileDisposerRecord ++ implements DisposerRecord { + + File fontFile = null; ++ CreatedFontTracker tracker; + +- private CreatedFontFileDisposerRecord(File file) { ++ private CreatedFontFileDisposerRecord(File file, ++ CreatedFontTracker tracker) { + fontFile = file; ++ this.tracker = tracker; + } + + public void dispose() { +@@ -260,6 +264,9 @@ + public Object run() { + if (fontFile != null) { + try { ++ if (tracker != null) { ++ tracker.subBytes((int)fontFile.length()); ++ } + /* REMIND: is it possible that the file is + * still open? It will be closed when the + * font2D is disposed but could this code +--- old/src/share/classes/sun/font/FontManager.java Tue Mar 3 14:12:29 2009 ++++ openjdk/jdk/src/share/classes/sun/font/FontManager.java Tue Mar 3 14:12:28 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -2331,12 +2331,14 @@ + static Vector<File> tmpFontFiles = null; + + public static Font2D createFont2D(File fontFile, int fontFormat, +- boolean isCopy) ++ boolean isCopy, ++ CreatedFontTracker tracker) + throws FontFormatException { + + String fontFilePath = fontFile.getPath(); + FileFont font2D = null; + final File fFile = fontFile; ++ final CreatedFontTracker _tracker = tracker; + try { + switch (fontFormat) { + case Font.TRUETYPE_FONT: +@@ -2343,7 +2345,7 @@ + font2D = new TrueTypeFont(fontFilePath, null, 0, true); + break; + case Font.TYPE1_FONT: +- font2D = new Type1Font(fontFilePath, null); ++ font2D = new Type1Font(fontFilePath, null, isCopy); + break; + default: + throw new FontFormatException("Unrecognised Font Format"); +@@ -2353,6 +2355,9 @@ + java.security.AccessController.doPrivileged( + new java.security.PrivilegedAction() { + public Object run() { ++ if (_tracker != null) { ++ _tracker.subBytes((int)fFile.length()); ++ } + fFile.delete(); + return null; + } +@@ -2361,7 +2366,7 @@ + throw(e); + } + if (isCopy) { +- font2D.setFileToRemove(fontFile); ++ font2D.setFileToRemove(fontFile, tracker); + synchronized (FontManager.class) { + + if (tmpFontFiles == null) { +--- /dev/null Tue Mar 3 14:12:32 2009 ++++ openjdk/jdk/src/share/classes/sun/font/CreatedFontTracker.java Tue Mar 3 14:12:31 2009 +@@ -0,0 +1,54 @@ ++/* ++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Sun designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Sun in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, ++ * CA 95054 USA or visit www.sun.com if you need additional information or ++ * have any questions. ++ */ ++ ++package sun.font; ++ ++public class CreatedFontTracker { ++ ++ public static final int MAX_FILE_SIZE = 32 * 1024 * 1024; ++ public static final int MAX_TOTAL_BYTES = 10 * MAX_FILE_SIZE; ++ ++ static int numBytes; ++ static CreatedFontTracker tracker; ++ ++ public static synchronized CreatedFontTracker getTracker() { ++ if (tracker == null) { ++ tracker = new CreatedFontTracker(); ++ } ++ return tracker; ++ } ++ ++ public synchronized int getNumBytes() { ++ return numBytes; ++ } ++ ++ public synchronized void addBytes(int sz) { ++ numBytes += sz; ++ } ++ ++ public synchronized void subBytes(int sz) { ++ numBytes -= sz; ++ } ++} +--- old/src/share/classes/sun/font/TrueTypeFont.java Tue Mar 3 14:12:34 2009 ++++ openjdk/jdk/src/share/classes/sun/font/TrueTypeFont.java Tue Mar 3 14:12:33 2009 +@@ -174,8 +174,17 @@ + super(platname, nativeNames); + useJavaRasterizer = javaRasterizer; + fontRank = Font2D.TTF_RANK; +- verify(); +- init(fIndex); ++ try { ++ verify(); ++ init(fIndex); ++ } catch (Throwable t) { ++ close(); ++ if (t instanceof FontFormatException) { ++ throw (FontFormatException)t; ++ } else { ++ throw new FontFormatException("Unexpected runtime exception."); ++ } ++ } + Disposer.addObjectRecord(this, disposerRecord); + } + +--- old/src/share/classes/sun/font/Type1Font.java Tue Mar 3 14:12:37 2009 ++++ openjdk/jdk/src/share/classes/sun/font/Type1Font.java Tue Mar 3 14:12:36 2009 +@@ -39,6 +39,7 @@ + import java.nio.channels.ClosedChannelException; + import java.nio.channels.FileChannel; + import sun.java2d.Disposer; ++import sun.java2d.DisposerRecord; + import java.util.HashSet; + import java.util.HashMap; + import java.awt.Font; +@@ -76,6 +77,27 @@ + */ + public class Type1Font extends FileFont { + ++ private static class T1DisposerRecord implements DisposerRecord { ++ String fileName = null; ++ ++ T1DisposerRecord(String name) { ++ fileName = name; ++ } ++ ++ public synchronized void dispose() { ++ java.security.AccessController.doPrivileged( ++ new java.security.PrivilegedAction() { ++ public Object run() { ++ ++ if (fileName != null) { ++ (new java.io.File(fileName)).delete(); ++ } ++ return null; ++ } ++ }); ++ } ++ } ++ + WeakReference bufferRef = new WeakReference(null); + + private String psName = null; +@@ -125,6 +147,17 @@ + + + /** ++ * Constructs a Type1 Font. ++ * @param platname - Platform identifier of the font. Typically file name. ++ * @param nativeNames - Native names - typically XLFDs on Unix. ++ */ ++ public Type1Font(String platname, Object nativeNames) ++ throws FontFormatException { ++ ++ this(platname, nativeNames, false); ++ } ++ ++ /** + * - does basic verification of the file + * - reads the names (full, family). + * - determines the style of the font. +@@ -131,12 +164,25 @@ + * @throws FontFormatException - if the font can't be opened + * or fails verification, or there's no usable cmap + */ +- public Type1Font(String platname, Object nativeNames) ++ public Type1Font(String platname, Object nativeNames, boolean createdCopy) + throws FontFormatException { + super(platname, nativeNames); + fontRank = Font2D.TYPE1_RANK; + checkedNatives = true; +- verify(); ++ try { ++ verify(); ++ } catch (Throwable t) { ++ if (createdCopy) { ++ T1DisposerRecord ref = new T1DisposerRecord(platname); ++ Disposer.addObjectRecord(bufferRef, ref); ++ bufferRef = null; ++ } ++ if (t instanceof FontFormatException) { ++ throw (FontFormatException)t; ++ } else { ++ throw new FontFormatException("Unexpected runtime exception."); ++ } ++ } + } + + private synchronized ByteBuffer getBuffer() throws FontFormatException {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6636360.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,34 @@ +--- vtableStubs_sparc.cpp 2009-03-16 16:52:18.000000000 -0400 ++++ openjdk/hotspot/src/cpu/sparc/vm/vtableStubs_sparc.cpp 2009-03-16 16:53:52.000000000 -0400 +@@ -190,12 +190,16 @@ + // Compute itableMethodEntry and get methodOop(G5_method) and entrypoint(L0) for compiler + const int method_offset = (itableMethodEntry::size() * wordSize * vtable_index) + itableMethodEntry::method_offset_in_bytes(); + __ add(G3_klassOop, L0, L1); +- __ ld_ptr(L1, method_offset, G5_method); ++ if (__ is_simm13(method_offset)) { ++ __ ld_ptr(L1, method_offset, G5_method); ++ } else { ++ __ set(method_offset, G5_method); ++ __ ld_ptr(L1, G5_method, G5_method); ++ } + + #ifndef PRODUCT + if (DebugVtables) { + Label L01; +- __ ld_ptr(L1, method_offset, G5_method); + __ bpr(Assembler::rc_nz, false, Assembler::pt, G5_method, L01); + __ delayed()->nop(); + __ stop("methodOop is null"); +@@ -243,10 +247,8 @@ + (UseCompressedOops ? 2*BytesPerInstWord : 0); + return basic + slop; + } else { +- // save, ld, ld, sll, and, add, add, ld, cmp, br, add, ld, add, ld, ld, jmp, restore, sethi, jmpl, restore +- const int basic = (20 LP64_ONLY(+ 6)) * BytesPerInstWord + +- // shift;add for load_klass +- (UseCompressedOops ? 2*BytesPerInstWord : 0); ++ // save, ld, ld, sll, and, add, add, ld, cmp, br, add, ld, add, sethi, add, ld, ld, jmp, restore, sethi, jmpl, restore ++ const int basic = (22 LP64_ONLY(+ 12)) * BytesPerInstWord; // worst case extra 6 bytes for each sethi in 64-bit mode + return (basic + slop); + } + }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6652463.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,28 @@ +--- old/src/share/classes/javax/print/attribute/standard/MediaSize.java Tue Mar 3 10:16:15 2009 ++++ openjdk/jdk/src/share/classes/javax/print/attribute/standard/MediaSize.java Tue Mar 3 10:16:14 2009 +@@ -123,8 +123,10 @@ + if (x > y) { + throw new IllegalArgumentException("X dimension > Y dimension"); + } +- mediaName = media; +- mediaMap.put(mediaName, this); ++ if (media != null && mediaMap.get(media) == null) { ++ mediaName = media; ++ mediaMap.put(mediaName, this); ++ } + sizeVector.add(this); + } + +@@ -147,8 +149,10 @@ + if (x > y) { + throw new IllegalArgumentException("X dimension > Y dimension"); + } +- mediaName = media; +- mediaMap.put(mediaName, this); ++ if (media != null && mediaMap.get(media) == null) { ++ mediaName = media; ++ mediaMap.put(mediaName, this); ++ } + sizeVector.add(this); + } +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6656633.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,51 @@ +--- old/src/share/classes/javax/management/monitor/CounterMonitor.java Mon Mar 9 13:19:14 2009 ++++ openjdk/jdk/src/share/classes/javax/management/monitor/CounterMonitor.java Mon Mar 9 13:19:14 2009 +@@ -599,7 +599,7 @@ + */ + @Override + public MBeanNotificationInfo[] getNotificationInfo() { +- return notifsInfo; ++ return notifsInfo.clone(); + } + + /* +--- old/src/share/classes/javax/management/monitor/GaugeMonitor.java Mon Mar 9 13:19:16 2009 ++++ openjdk/jdk//src/share/classes/javax/management/monitor/GaugeMonitor.java Mon Mar 9 13:19:16 2009 +@@ -481,7 +481,7 @@ + */ + @Override + public MBeanNotificationInfo[] getNotificationInfo() { +- return notifsInfo; ++ return notifsInfo.clone(); + } + + /* +--- old/src/share/classes/javax/management/monitor/StringMonitor.java Mon Mar 9 13:19:18 2009 ++++ openjdk/jdk//src/share/classes/javax/management/monitor/StringMonitor.java Mon Mar 9 13:19:18 2009 +@@ -184,6 +184,7 @@ + * @return The derived gauge of the specified object. + * + */ ++ @Override + public synchronized String getDerivedGauge(ObjectName object) { + return (String) super.getDerivedGauge(object); + } +@@ -199,6 +200,7 @@ + * @return The derived gauge timestamp of the specified object. + * + */ ++ @Override + public synchronized long getDerivedGaugeTimeStamp(ObjectName object) { + return super.getDerivedGaugeTimeStamp(object); + } +@@ -341,8 +343,9 @@ + * the Java class of the notification and the notification types sent by + * the string monitor. + */ ++ @Override + public MBeanNotificationInfo[] getNotificationInfo() { +- return notifsInfo; ++ return notifsInfo.clone(); + } + + /*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6658158.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,815 @@ +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java Mon Mar 9 22:21:43 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/client/p2p/HttpSOAPConnection.java Mon Mar 9 22:21:42 2009 +@@ -54,13 +54,20 @@ + * + */ + public class HttpSOAPConnection extends SOAPConnection { ++ ++ public static final String vmVendor = System.getProperty("java.vendor.url"); ++ private static final String sunVmVendor = "http://java.sun.com/"; ++ private static final String ibmVmVendor = "http://www.ibm.com/"; ++ private static final boolean isSunVM = sunVmVendor.equals(vmVendor) ? true: false; ++ private static final boolean isIBMVM = ibmVmVendor.equals(vmVendor) ? true : false; ++ private static final String JAXM_URLENDPOINT="javax.xml.messaging.URLEndpoint"; + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.HTTP_CONN_DOMAIN, + "com.sun.xml.internal.messaging.saaj.client.p2p.LocalStrings"); + +- public static String defaultProxyHost = null; +- public static int defaultProxyPort = -1; ++ public static final String defaultProxyHost = null; ++ public static final int defaultProxyPort = -1; + + MessageFactory messageFactory = null; + +@@ -72,6 +79,9 @@ + + try { + messageFactory = MessageFactory.newInstance(SOAPConstants.DYNAMIC_SOAP_PROTOCOL); ++ } catch (NoSuchMethodError ex) { ++ //fallback to default SOAP 1.1 in this case for backward compatibility ++ messageFactory = MessageFactory.newInstance(); + } catch (Exception ex) { + log.log(Level.SEVERE, "SAAJ0001.p2p.cannot.create.msg.factory", ex); + throw new SOAPExceptionImpl("Unable to create message factory", ex); +@@ -95,14 +105,19 @@ + throw new SOAPExceptionImpl("Connection is closed"); + } + +- Class urlEndpointClass = null; ++ Class urlEndpointClass = null; ++ ClassLoader loader = Thread.currentThread().getContextClassLoader(); + + try { +- urlEndpointClass = Class.forName("javax.xml.messaging.URLEndpoint"); +- } catch (Exception ex) { +- //Do nothing. URLEndpoint is available only when JAXM is there. +- log.finest("SAAJ0090.p2p.endpoint.available.only.for.JAXM"); +- } ++ if (loader != null) { ++ urlEndpointClass = loader.loadClass(JAXM_URLENDPOINT); ++ } else { ++ urlEndpointClass = Class.forName(JAXM_URLENDPOINT); ++ } ++ } catch (ClassNotFoundException ex) { ++ //Do nothing. URLEndpoint is available only when JAXM is there. ++ log.finest("SAAJ0090.p2p.endpoint.available.only.for.JAXM"); ++ } + + if (urlEndpointClass != null) { + if (urlEndpointClass.isInstance(endPoint)) { +@@ -639,10 +654,23 @@ + + return ret; + } +- +- private static String SSL_PKG = "com.sun.net.ssl.internal.www.protocol"; +- private static String SSL_PROVIDER = +- "com.sun.net.ssl.internal.ssl.Provider"; ++ //private static String SSL_PKG = "com.sun.net.ssl.internal.www.protocol"; ++ //private static String SSL_PROVIDER = ++ // "com.sun.net.ssl.internal.ssl.Provider"; ++ private static final String SSL_PKG; ++ private static final String SSL_PROVIDER; ++ ++ ++ static { ++ if (isIBMVM) { ++ SSL_PKG ="com.ibm.net.ssl.internal.www.protocol"; ++ SSL_PROVIDER ="com.ibm.net.ssl.internal.ssl.Provider"; ++ } else { ++ //if not IBM VM default to Sun. ++ SSL_PKG = "com.sun.net.ssl.internal.www.protocol"; ++ SSL_PROVIDER ="com.sun.net.ssl.internal.ssl.Provider"; ++ } ++ } + private void initHttps() { + //if(!setHttps) { + String pkgs = System.getProperty("java.protocol.handler.pkgs"); +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/AttachmentPartImpl.java Mon Mar 9 22:21:45 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/AttachmentPartImpl.java Mon Mar 9 22:21:45 2009 +@@ -70,7 +70,7 @@ + */ + public class AttachmentPartImpl extends AttachmentPart { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/EnvelopeFactory.java Mon Mar 9 22:21:48 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/EnvelopeFactory.java Mon Mar 9 22:21:47 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: EnvelopeFactory.java,v 1.24 2006/01/27 12:49:26 vj135062 Exp $ +- * $Revision: 1.24 $ +- * $Date: 2006/01/27 12:49:26 $ ++ * ++ * ++ * + */ + + +@@ -55,7 +55,7 @@ + */ + public class EnvelopeFactory { + +- protected static Logger ++ protected static final Logger + log = Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ImageDataContentHandler.java Mon Mar 9 22:21:50 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ImageDataContentHandler.java Mon Mar 9 22:21:50 2009 +@@ -49,7 +49,7 @@ + public class ImageDataContentHandler extends Component + implements DataContentHandler { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageFactoryImpl.java Mon Mar 9 22:21:53 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageFactoryImpl.java Mon Mar 9 22:21:52 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: MessageFactoryImpl.java,v 1.23 2006/01/27 12:49:27 vj135062 Exp $ +- * $Revision: 1.23 $ +- * $Date: 2006/01/27 12:49:27 $ ++ * ++ * ++ * + */ + + +@@ -54,15 +54,15 @@ + */ + public class MessageFactoryImpl extends MessageFactory { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +- protected static OutputStream listener; ++ protected OutputStream listener; + + protected boolean lazyAttachments = false; + +- public static OutputStream listen(OutputStream newListener) { ++ public OutputStream listen(OutputStream newListener) { + OutputStream oldListener = listener; + listener = newListener; + return oldListener; +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageImpl.java Mon Mar 9 22:21:55 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/MessageImpl.java Mon Mar 9 22:21:54 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: MessageImpl.java,v 1.5 2006/12/12 10:16:33 kumarjayanti Exp $ +- * $Revision: 1.5 $ +- * $Date: 2006/12/12 10:16:33 $ ++ * ++ * ++ * + */ + + +@@ -69,7 +69,7 @@ + public static final String CONTENT_ID = "Content-ID"; + public static final String CONTENT_LOCATION = "Content-Location"; + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SAAJMetaFactoryImpl.java Mon Mar 9 22:21:58 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SAAJMetaFactoryImpl.java Mon Mar 9 22:21:57 2009 +@@ -37,7 +37,7 @@ + + public class SAAJMetaFactoryImpl extends SAAJMetaFactory { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPDocumentImpl.java Mon Mar 9 22:22:00 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPDocumentImpl.java Mon Mar 9 22:21:59 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: SOAPDocumentImpl.java,v 1.15 2006/01/27 12:49:29 vj135062 Exp $ ++ * + */ + + +@@ -45,7 +45,7 @@ + + public class SOAPDocumentImpl extends DocumentImpl implements SOAPDocument { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPFactoryImpl.java Mon Mar 9 22:22:02 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPFactoryImpl.java Mon Mar 9 22:22:02 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: SOAPFactoryImpl.java,v 1.21 2006/01/27 12:49:29 vj135062 Exp $ +- * $Revision: 1.21 $ +- * $Date: 2006/01/27 12:49:29 $ ++ * ++ * ++ * + */ + + +@@ -50,7 +50,7 @@ + + public abstract class SOAPFactoryImpl extends SOAPFactory { + +- protected static Logger ++ protected static final Logger + log = Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPPartImpl.java Mon Mar 9 22:22:05 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/SOAPPartImpl.java Mon Mar 9 22:22:04 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: SOAPPartImpl.java,v 1.1.1.1 2006/01/27 13:10:55 kumarjayanti Exp $ +- * $Revision: 1.1.1.1 $ +- * $Date: 2006/01/27 13:10:55 $ ++ * ++ * ++ * + */ + + +@@ -59,7 +59,7 @@ + * @author Anil Vijendran (anil@sun.com) + */ + public abstract class SOAPPartImpl extends SOAPPart implements SOAPDocument { +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CDATAImpl.java Mon Mar 9 22:22:07 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CDATAImpl.java Mon Mar 9 22:22:07 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: CDATAImpl.java,v 1.19 2006/01/27 12:49:34 vj135062 Exp $ +- * $Revision: 1.19 $ +- * $Date: 2006/01/27 12:49:34 $ ++ * ++ * ++ * + */ + + +@@ -43,7 +43,7 @@ + extends com.sun.org.apache.xerces.internal.dom.CDATASectionImpl + implements javax.xml.soap.Text { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CommentImpl.java Mon Mar 9 22:22:10 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/CommentImpl.java Mon Mar 9 22:22:09 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: CommentImpl.java,v 1.17 2006/01/27 12:49:34 vj135062 Exp $ +- * $Revision: 1.17 $ +- * $Date: 2006/01/27 12:49:34 $ ++ * ++ * ++ * + */ + + +@@ -47,7 +47,7 @@ + extends com.sun.org.apache.xerces.internal.dom.CommentImpl + implements javax.xml.soap.Text, org.w3c.dom.Comment { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings"); + protected static ResourceBundle rb = +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/ElementImpl.java Mon Mar 9 22:22:12 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/ElementImpl.java Mon Mar 9 22:22:11 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: ElementImpl.java,v 1.6 2006/11/16 16:01:14 kumarjayanti Exp $ +- * $Revision: 1.6 $ +- * $Date: 2006/11/16 16:01:14 $ ++ * ++ * ++ * + */ + + +@@ -60,7 +60,7 @@ + + protected QName elementQName; + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/TextImpl.java Mon Mar 9 22:22:15 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/impl/TextImpl.java Mon Mar 9 22:22:14 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: TextImpl.java,v 1.19 2006/01/27 12:49:36 vj135062 Exp $ +- * $Revision: 1.19 $ +- * $Date: 2006/01/27 12:49:36 $ ++ * ++ * ++ * + */ + + +@@ -43,7 +43,7 @@ + extends com.sun.org.apache.xerces.internal.dom.TextImpl + implements javax.xml.soap.Text, org.w3c.dom.Text { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_IMPL_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.impl.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/name/NameImpl.java Mon Mar 9 22:22:17 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/name/NameImpl.java Mon Mar 9 22:22:16 2009 +@@ -23,9 +23,9 @@ + * have any questions. + */ + /* +- * $Id: NameImpl.java,v 1.48 2006/01/27 12:49:38 vj135062 Exp $ +- * $Revision: 1.48 $ +- * $Date: 2006/01/27 12:49:38 $ ++ * ++ * ++ * + */ + + +@@ -63,7 +63,7 @@ + protected String prefix = ""; + private String qualifiedName = null; + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.NAMING_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.name.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Fault1_1Impl.java Mon Mar 9 22:22:19 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Fault1_1Impl.java Mon Mar 9 22:22:19 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: Fault1_1Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $ ++ * + */ + + +@@ -57,7 +57,7 @@ + + public class Fault1_1Impl extends FaultImpl { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger( + LogDomainConstants.SOAP_VER1_1_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Header1_1Impl.java Mon Mar 9 22:22:22 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Header1_1Impl.java Mon Mar 9 22:22:21 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: Header1_1Impl.java,v 1.29 2006/01/27 12:49:41 vj135062 Exp $ ++ * + */ + + +@@ -50,7 +50,7 @@ + + public class Header1_1Impl extends HeaderImpl { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/HeaderElement1_1Impl.java Mon Mar 9 22:22:24 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/HeaderElement1_1Impl.java Mon Mar 9 22:22:24 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: HeaderElement1_1Impl.java,v 1.29 2006/01/27 12:49:41 vj135062 Exp $ ++ * + */ + + +@@ -49,7 +49,7 @@ + + public class HeaderElement1_1Impl extends HeaderElementImpl { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Message1_1Impl.java Mon Mar 9 22:22:27 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/Message1_1Impl.java Mon Mar 9 22:22:26 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: Message1_1Impl.java,v 1.24 2006/01/27 12:49:41 vj135062 Exp $ ++ * + */ + + +@@ -48,7 +48,7 @@ + + public class Message1_1Impl extends MessageImpl implements SOAPConstants { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/SOAPPart1_1Impl.java Mon Mar 9 22:22:29 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_1/SOAPPart1_1Impl.java Mon Mar 9 22:22:28 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: SOAPPart1_1Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $ ++ * + */ + + +@@ -48,7 +48,7 @@ + + public class SOAPPart1_1Impl extends SOAPPartImpl implements SOAPConstants { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.SOAP_VER1_1_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.ver1_1.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Body1_2Impl.java Mon Mar 9 22:22:32 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Body1_2Impl.java Mon Mar 9 22:22:31 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: Body1_2Impl.java,v 1.32 2006/01/27 12:49:44 vj135062 Exp $ ++ * + */ + + +@@ -50,7 +50,7 @@ + + public class Body1_2Impl extends BodyImpl { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(Body1_2Impl.class.getName(), + "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Detail1_2Impl.java Mon Mar 9 22:22:34 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Detail1_2Impl.java Mon Mar 9 22:22:34 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: Detail1_2Impl.java,v 1.24 2006/01/27 12:49:45 vj135062 Exp $ ++ * + */ + + +@@ -47,7 +47,7 @@ + + public class Detail1_2Impl extends DetailImpl { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(Detail1_2Impl.class.getName(), + "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Envelope1_2Impl.java Mon Mar 9 22:22:37 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Envelope1_2Impl.java Mon Mar 9 22:22:36 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: Envelope1_2Impl.java,v 1.26 2006/01/27 12:49:47 vj135062 Exp $ ++ * + */ + + +@@ -47,7 +47,7 @@ + + public class Envelope1_2Impl extends EnvelopeImpl { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(Envelope1_2Impl.class.getName(), + "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Fault1_2Impl.java Mon Mar 9 22:22:39 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Fault1_2Impl.java Mon Mar 9 22:22:38 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: Fault1_2Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $ ++ * + */ + + +@@ -51,7 +51,7 @@ + + public class Fault1_2Impl extends FaultImpl { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger( + LogDomainConstants.SOAP_VER1_2_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Header1_2Impl.java Mon Mar 9 22:22:41 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/Header1_2Impl.java Mon Mar 9 22:22:41 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: Header1_2Impl.java,v 1.36 2006/01/27 12:49:48 vj135062 Exp $ ++ * + */ + + +@@ -53,7 +53,7 @@ + + public class Header1_2Impl extends HeaderImpl { + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger( + LogDomainConstants.SOAP_VER1_2_DOMAIN, + "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/HeaderElement1_2Impl.java Mon Mar 9 22:22:44 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/HeaderElement1_2Impl.java Mon Mar 9 22:22:43 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: HeaderElement1_2Impl.java,v 1.29 2006/01/27 12:49:48 vj135062 Exp $ ++ * + */ + + +@@ -47,7 +47,7 @@ + + public class HeaderElement1_2Impl extends HeaderElementImpl { + +- private static Logger log = ++ private static final Logger log = + Logger.getLogger(HeaderElement1_2Impl.class.getName(), + "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/SOAPPart1_2Impl.java Mon Mar 9 22:22:46 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/soap/ver1_2/SOAPPart1_2Impl.java Mon Mar 9 22:22:46 2009 +@@ -23,7 +23,7 @@ + * have any questions. + */ + /* +- * $Id: SOAPPart1_2Impl.java,v 1.1.1.1 2006/01/27 13:10:57 kumarjayanti Exp $ ++ * + */ + + +@@ -47,7 +47,7 @@ + + public class SOAPPart1_2Impl extends SOAPPartImpl implements SOAPConstants{ + +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(SOAPPart1_2Impl.class.getName(), + "com.sun.xml.internal.messaging.saaj.soap.ver1_2.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/util/RejectDoctypeSaxFilter.java Mon Mar 9 22:22:49 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/RejectDoctypeSaxFilter.java Mon Mar 9 22:22:48 2009 +@@ -45,12 +45,12 @@ + * because they are not legal in SOAP. If the user of this class sets a + * LexicalHandler, then it forwards events to that handler. + * +- * $Id: RejectDoctypeSaxFilter.java,v 1.13 2006/01/27 12:49:52 vj135062 Exp $ ++ * + * @author Edwin Goei + */ + + public class RejectDoctypeSaxFilter extends XMLFilterImpl implements XMLReader, LexicalHandler{ +- protected static Logger log = ++ protected static final Logger log = + Logger.getLogger(LogDomainConstants.UTIL_DOMAIN, + "com.sun.xml.internal.messaging.saaj.util.LocalStrings"); + +--- old/src/share/classes/com/sun/xml/internal/messaging/saaj/util/transform/EfficientStreamingTransformer.java Mon Mar 9 22:22:51 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/messaging/saaj/util/transform/EfficientStreamingTransformer.java Mon Mar 9 22:22:50 2009 +@@ -62,20 +62,22 @@ + public class EfficientStreamingTransformer + extends javax.xml.transform.Transformer { + +- static final String version; +- static final String vendor; ++ //static final String version; ++ //static final String vendor; + +- protected static TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ protected static final TransformerFactory transformerFactory = TransformerFactory.newInstance(); + +- static { +- version = System.getProperty("java.vm.version"); +- vendor = System.getProperty("java.vm.vendor"); +- if (vendor.startsWith("Sun") && +- (version.startsWith("1.4") || version.startsWith("1.3"))) { +- transformerFactory = +- new com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl(); +- } +- } ++ //removing support for Java 1.4 and 1.3 : CR6658158 ++ /*static { ++ version = System.getProperty("java.vm.version"); ++ vendor = System.getProperty("java.vm.vendor"); ++ if (vendor.startsWith("Sun") && ++ (version.startsWith("1.4") || version.startsWith("1.3"))) { ++ transformerFactory = ++ new com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl(); ++ } ++} ++*/ + + /** + * TransformerFactory instance. +--- old/src/share/classes/com/sun/xml/internal/txw2/DatatypeWriter.java Mon Mar 9 22:22:53 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/txw2/DatatypeWriter.java Mon Mar 9 22:22:53 2009 +@@ -25,6 +25,9 @@ + + package com.sun.xml.internal.txw2; + ++import java.util.AbstractList; ++import java.util.Collections; ++import java.util.List; + import javax.xml.namespace.QName; + + /** +@@ -53,50 +56,60 @@ + */ + void print(DT dt, NamespaceResolver resolver, StringBuilder buf); + +- +- static final DatatypeWriter<?>[] BUILDIN = new DatatypeWriter<?>[] { +- new DatatypeWriter<String>() { +- public Class<String> getType() { +- return String.class; ++ static final List<DatatypeWriter<?>> BUILTIN = Collections.unmodifiableList(new AbstractList() { ++ ++ private DatatypeWriter<?>[] BUILTIN_ARRAY = new DatatypeWriter<?>[] { ++ new DatatypeWriter<String>() { ++ public Class<String> getType() { ++ return String.class; ++ } ++ public void print(String s, NamespaceResolver resolver, StringBuilder buf) { ++ buf.append(s); ++ } ++ }, ++ new DatatypeWriter<Integer>() { ++ public Class<Integer> getType() { ++ return Integer.class; ++ } ++ public void print(Integer i, NamespaceResolver resolver, StringBuilder buf) { ++ buf.append(i); ++ } ++ }, ++ new DatatypeWriter<Float>() { ++ public Class<Float> getType() { ++ return Float.class; ++ } ++ public void print(Float f, NamespaceResolver resolver, StringBuilder buf) { ++ buf.append(f); ++ } ++ }, ++ new DatatypeWriter<Double>() { ++ public Class<Double> getType() { ++ return Double.class; ++ } ++ public void print(Double d, NamespaceResolver resolver, StringBuilder buf) { ++ buf.append(d); ++ } ++ }, ++ new DatatypeWriter<QName>() { ++ public Class<QName> getType() { ++ return QName.class; ++ } ++ public void print(QName qn, NamespaceResolver resolver, StringBuilder buf) { ++ String p = resolver.getPrefix(qn.getNamespaceURI()); ++ if(p.length()!=0) ++ buf.append(p).append(':'); ++ buf.append(qn.getLocalPart()); ++ } + } +- public void print(String s, NamespaceResolver resolver, StringBuilder buf) { +- buf.append(s); +- } +- }, +- new DatatypeWriter<Integer>() { +- public Class<Integer> getType() { +- return Integer.class; +- } +- public void print(Integer i, NamespaceResolver resolver, StringBuilder buf) { +- buf.append(i); +- } +- }, +- new DatatypeWriter<Float>() { +- public Class<Float> getType() { +- return Float.class; +- } +- public void print(Float f, NamespaceResolver resolver, StringBuilder buf) { +- buf.append(f); +- } +- }, +- new DatatypeWriter<Double>() { +- public Class<Double> getType() { +- return Double.class; +- } +- public void print(Double d, NamespaceResolver resolver, StringBuilder buf) { +- buf.append(d); +- } +- }, +- new DatatypeWriter<QName>() { +- public Class<QName> getType() { +- return QName.class; +- } +- public void print(QName qn, NamespaceResolver resolver, StringBuilder buf) { +- String p = resolver.getPrefix(qn.getNamespaceURI()); +- if(p.length()!=0) +- buf.append(p).append(':'); +- buf.append(qn.getLocalPart()); +- } ++ }; ++ ++ public DatatypeWriter<?> get(int n) { ++ return BUILTIN_ARRAY[n]; + } +- }; ++ ++ public int size() { ++ return BUILTIN_ARRAY.length; ++ } ++ }); + } +--- old/src/share/classes/com/sun/xml/internal/txw2/Document.java Mon Mar 9 22:22:56 2009 ++++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/txw2/Document.java Mon Mar 9 22:22:55 2009 +@@ -76,7 +76,7 @@ + + Document(XmlSerializer out) { + this.out = out; +- for( DatatypeWriter dw : DatatypeWriter.BUILDIN ) ++ for( DatatypeWriter dw : DatatypeWriter.BUILTIN ) + datatypeWriters.put(dw.getType(),dw); + } +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6691246.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,166 @@ +--- old/src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java Mon Mar 9 16:07:47 2009 ++++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java Mon Mar 9 16:07:46 2009 +@@ -22,7 +22,6 @@ + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ +- + package com.sun.jmx.remote.internal; + + import java.io.IOException; +@@ -34,6 +33,7 @@ + import java.util.Map; + import java.util.concurrent.Executor; + ++import java.security.AccessControlContext; + import java.security.AccessController; + import java.security.PrivilegedAction; + import javax.security.auth.Subject; +@@ -54,6 +54,9 @@ + + + public abstract class ClientNotifForwarder { ++ ++ private final AccessControlContext acc; ++ + public ClientNotifForwarder(Map env) { + this(null, env); + } +@@ -87,6 +90,8 @@ + this.command = command; + if (thread == null) { + thread = new Thread() { ++ ++ @Override + public void run() { + while (true) { + Runnable r; +@@ -130,6 +135,7 @@ + + this.defaultClassLoader = defaultClassLoader; + this.executor = ex; ++ this.acc = AccessController.getContext(); + } + + /** +@@ -390,28 +396,85 @@ + setState(TERMINATED); + } + +-// ------------------------------------------------- +-// private classes +-// ------------------------------------------------- ++ ++ // ------------------------------------------------- ++ // private classes ++ // ------------------------------------------------- + // ++ + private class NotifFetcher implements Runnable { ++ ++ private volatile boolean alreadyLogged = false; ++ ++ private void logOnce(String msg, SecurityException x) { ++ if (alreadyLogged) return; ++ // Log only once. ++ logger.config("setContextClassLoader",msg); ++ if (x != null) logger.fine("setContextClassLoader", x); ++ alreadyLogged = true; ++ } ++ ++ // Set new context class loader, returns previous one. ++ private final ClassLoader setContextClassLoader(final ClassLoader loader) { ++ final AccessControlContext ctxt = ClientNotifForwarder.this.acc; ++ // if ctxt is null, log a config message and throw a ++ // SecurityException. ++ if (ctxt == null) { ++ logOnce("AccessControlContext must not be null.",null); ++ throw new SecurityException("AccessControlContext must not be null"); ++ } ++ return AccessController.doPrivileged( ++ new PrivilegedAction<ClassLoader>() { ++ public ClassLoader run() { ++ try { ++ // get context class loader - may throw ++ // SecurityException - though unlikely. ++ final ClassLoader previous = ++ Thread.currentThread().getContextClassLoader(); ++ ++ // if nothing needs to be done, break here... ++ if (loader == previous) return previous; ++ ++ // reset context class loader - may throw ++ // SecurityException ++ Thread.currentThread().setContextClassLoader(loader); ++ return previous; ++ } catch (SecurityException x) { ++ logOnce("Permission to set ContextClassLoader missing. " + ++ "Notifications will not be dispatched. " + ++ "Please check your Java policy configuration: " + ++ x, x); ++ throw x; ++ } ++ } ++ }, ctxt); ++ } ++ + public void run() { ++ final ClassLoader previous; ++ if (defaultClassLoader != null) { ++ previous = setContextClassLoader(defaultClassLoader); ++ } else { ++ previous = null; ++ } ++ try { ++ doRun(); ++ } finally { ++ if (defaultClassLoader != null) { ++ setContextClassLoader(previous); ++ } ++ } ++ } ++ ++ private void doRun() { + synchronized (ClientNotifForwarder.this) { + currentFetchThread = Thread.currentThread(); + +- if (state == STARTING) ++ if (state == STARTING) { + setState(STARTED); ++ } + } + +- if (defaultClassLoader != null) { +- AccessController.doPrivileged(new PrivilegedAction<Void>() { +- public Void run() { +- Thread.currentThread(). +- setContextClassLoader(defaultClassLoader); +- return null; +- } +- }); +- } + + NotificationResult nr = null; + if (!shouldStop() && (nr = fetchNotifs()) != null) { +@@ -445,8 +508,9 @@ + // check if an mbean unregistration notif + if (!listenerID.equals(mbeanRemovedNotifID)) { + final ClientListenerInfo li = infoList.get(listenerID); +- if (li != null) +- listeners.put(listenerID,li); ++ if (li != null) { ++ listeners.put(listenerID, li); ++ } + continue; + } + final Notification notif = tn.getNotification(); +@@ -787,9 +851,7 @@ + private long clientSequenceNumber = -1; + private final int maxNotifications; + private final long timeout; +- + private Integer mbeanRemovedNotifID = null; +- + private Thread currentFetchThread; + + // admin stuff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6717680.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,27 @@ +--- old/src/share/classes/com/sun/jndi/ldap/LdapCtx.java Tue Mar 3 14:42:48 2009 ++++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtx.java Tue Mar 3 14:42:47 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1999-2005 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -302,7 +302,16 @@ + + schemaTrees = new Hashtable(11, 0.75f); + initEnv(); +- connect(false); ++ try { ++ connect(false); ++ } catch (NamingException e) { ++ try { ++ close(); ++ } catch (Exception e2) { ++ // Nothing ++ } ++ throw e; ++ } + } + + LdapCtx(LdapCtx existing, String newDN) throws NamingException {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6721651.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,735 @@ +--- old/src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java Mon Mar 9 18:11:01 2009 ++++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java Mon Mar 9 18:11:00 2009 +@@ -111,6 +111,22 @@ + */ + protected abstract void checkWrite(); + ++ /** ++ * Check if the caller can create the named class. The default ++ * implementation of this method calls {@link #checkWrite()}. ++ */ ++ protected void checkCreate(String className) { ++ checkWrite(); ++ } ++ ++ /** ++ * Check if the caller can unregister the named MBean. The default ++ * implementation of this method calls {@link #checkWrite()}. ++ */ ++ protected void checkUnregister(ObjectName name) { ++ checkWrite(); ++ } ++ + //-------------------------------------------- + //-------------------------------------------- + // +@@ -148,7 +164,7 @@ + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkCreate(className)</code>, then forward this method to the + * wrapped object. + */ + public ObjectInstance createMBean(String className, ObjectName name) +@@ -158,7 +174,7 @@ + MBeanRegistrationException, + MBeanException, + NotCompliantMBeanException { +- checkWrite(); ++ checkCreate(className); + SecurityManager sm = System.getSecurityManager(); + if (sm == null) { + Object object = getMBeanServer().instantiate(className); +@@ -170,7 +186,7 @@ + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkCreate(className)</code>, then forward this method to the + * wrapped object. + */ + public ObjectInstance createMBean(String className, ObjectName name, +@@ -181,7 +197,7 @@ + MBeanRegistrationException, + MBeanException, + NotCompliantMBeanException { +- checkWrite(); ++ checkCreate(className); + SecurityManager sm = System.getSecurityManager(); + if (sm == null) { + Object object = getMBeanServer().instantiate(className, +@@ -196,7 +212,7 @@ + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkCreate(className)</code>, then forward this method to the + * wrapped object. + */ + public ObjectInstance createMBean(String className, +@@ -209,7 +225,7 @@ + MBeanException, + NotCompliantMBeanException, + InstanceNotFoundException { +- checkWrite(); ++ checkCreate(className); + SecurityManager sm = System.getSecurityManager(); + if (sm == null) { + Object object = getMBeanServer().instantiate(className, +@@ -222,7 +238,7 @@ + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkCreate(className)</code>, then forward this method to the + * wrapped object. + */ + public ObjectInstance createMBean(String className, +@@ -237,7 +253,7 @@ + MBeanException, + NotCompliantMBeanException, + InstanceNotFoundException { +- checkWrite(); ++ checkCreate(className); + SecurityManager sm = System.getSecurityManager(); + if (sm == null) { + Object object = getMBeanServer().instantiate(className, +@@ -394,17 +410,17 @@ + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkCreate(className)</code>, then forward this method to the + * wrapped object. + */ + public Object instantiate(String className) + throws ReflectionException, MBeanException { +- checkWrite(); ++ checkCreate(className); + return getMBeanServer().instantiate(className); + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkCreate(className)</code>, then forward this method to the + * wrapped object. + */ + public Object instantiate(String className, +@@ -411,28 +427,28 @@ + Object params[], + String signature[]) + throws ReflectionException, MBeanException { +- checkWrite(); ++ checkCreate(className); + return getMBeanServer().instantiate(className, params, signature); + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkCreate(className)</code>, then forward this method to the + * wrapped object. + */ + public Object instantiate(String className, ObjectName loaderName) + throws ReflectionException, MBeanException, InstanceNotFoundException { +- checkWrite(); ++ checkCreate(className); + return getMBeanServer().instantiate(className, loaderName); + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkCreate(className)</code>, then forward this method to the + * wrapped object. + */ + public Object instantiate(String className, ObjectName loaderName, + Object params[], String signature[]) + throws ReflectionException, MBeanException, InstanceNotFoundException { +- checkWrite(); ++ checkCreate(className); + return getMBeanServer().instantiate(className, loaderName, + params, signature); + } +@@ -579,12 +595,12 @@ + } + + /** +- * Call <code>checkWrite()</code>, then forward this method to the ++ * Call <code>checkUnregister()</code>, then forward this method to the + * wrapped object. + */ + public void unregisterMBean(ObjectName name) + throws InstanceNotFoundException, MBeanRegistrationException { +- checkWrite(); ++ checkUnregister(name); + getMBeanServer().unregisterMBean(name); + } + +--- old/src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java Mon Mar 9 18:11:03 2009 ++++ openjdk/jdk/src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java Mon Mar 9 18:11:03 2009 +@@ -31,11 +31,17 @@ + import java.security.AccessController; + import java.security.Principal; + import java.security.PrivilegedAction; +-import java.util.Collection; ++import java.util.ArrayList; ++import java.util.HashMap; + import java.util.Iterator; ++import java.util.List; ++import java.util.Map; + import java.util.Properties; + import java.util.Set; ++import java.util.StringTokenizer; ++import java.util.regex.Pattern; + import javax.management.MBeanServer; ++import javax.management.ObjectName; + import javax.security.auth.Subject; + + /** +@@ -46,7 +52,8 @@ + * not allowed; in this case the request is not forwarded to the + * wrapped object.</p> + * +- * <p>This class implements the {@link #checkRead()} and {@link #checkWrite()} ++ * <p>This class implements the {@link #checkRead()}, {@link #checkWrite()}, ++ * {@link #checkCreate(String)}, and {@link #checkUnregister(ObjectName)} + * methods based on an access level properties file containing username/access + * level pairs. The set of username/access level pairs is passed either as a + * filename which denotes a properties file on disk, or directly as an instance +@@ -56,15 +63,51 @@ + * has exactly one access level. The same access level can be shared by several + * usernames.</p> + * +- * <p>The supported access level values are <i>readonly</i> and +- * <i>readwrite</i>.</p> ++ * <p>The supported access level values are {@code readonly} and ++ * {@code readwrite}. The {@code readwrite} access level can be ++ * qualified by one or more <i>clauses</i>, where each clause looks ++ * like <code>create <i>classNamePattern</i></code> or {@code ++ * unregister}. For example:</p> ++ * ++ * <pre> ++ * monitorRole readonly ++ * controlRole readwrite \ ++ * create javax.management.timer.*,javax.management.monitor.* \ ++ * unregister ++ * </pre> ++ * ++ * <p>(The continuation lines with {@code \} come from the parser for ++ * Properties files.)</p> + */ + public class MBeanServerFileAccessController + extends MBeanServerAccessController { + +- public static final String READONLY = "readonly"; +- public static final String READWRITE = "readwrite"; ++ static final String READONLY = "readonly"; ++ static final String READWRITE = "readwrite"; + ++ static final String CREATE = "create"; ++ static final String UNREGISTER = "unregister"; ++ ++ private enum AccessType {READ, WRITE, CREATE, UNREGISTER}; ++ ++ private static class Access { ++ final boolean write; ++ final String[] createPatterns; ++ private boolean unregister; ++ ++ Access(boolean write, boolean unregister, List<String> createPatternList) { ++ this.write = write; ++ int npats = (createPatternList == null) ? 0 : createPatternList.size(); ++ if (npats == 0) ++ this.createPatterns = NO_STRINGS; ++ else ++ this.createPatterns = createPatternList.toArray(new String[npats]); ++ this.unregister = unregister; ++ } ++ ++ private final String[] NO_STRINGS = new String[0]; ++ } ++ + /** + * <p>Create a new MBeanServerAccessController that forwards all the + * MBeanServer requests to the MBeanServer set by invoking the {@link +@@ -87,8 +130,8 @@ + throws IOException { + super(); + this.accessFileName = accessFileName; +- props = propertiesFromFile(accessFileName); +- checkValues(props); ++ Properties props = propertiesFromFile(accessFileName); ++ parseProperties(props); + } + + /** +@@ -123,14 +166,14 @@ + * #setMBeanServer} method after doing access checks based on read and + * write permissions.</p> + * +- * <p>This instance is initialized from the specified properties instance. +- * This constructor makes a copy of the properties instance using its +- * <code>clone</code> method and it is the copy that is consulted to check +- * the username and access level of an incoming connection. The original +- * properties object can be modified without affecting the copy. If the +- * {@link #refresh} method is then called, the +- * <code>MBeanServerFileAccessController</code> will make a new copy of the +- * properties object at that time.</p> ++ * <p>This instance is initialized from the specified properties ++ * instance. This constructor makes a copy of the properties ++ * instance and it is the copy that is consulted to check the ++ * username and access level of an incoming connection. The ++ * original properties object can be modified without affecting ++ * the copy. If the {@link #refresh} method is then called, the ++ * <code>MBeanServerFileAccessController</code> will make a new ++ * copy of the properties object at that time.</p> + * + * @param accessFileProps properties list containing the username/access + * level entries. +@@ -145,8 +188,7 @@ + if (accessFileProps == null) + throw new IllegalArgumentException("Null properties"); + originalProps = accessFileProps; +- props = (Properties) accessFileProps.clone(); +- checkValues(props); ++ parseProperties(accessFileProps); + } + + /** +@@ -155,14 +197,14 @@ + * #setMBeanServer} method after doing access checks based on read and + * write permissions.</p> + * +- * <p>This instance is initialized from the specified properties instance. +- * This constructor makes a copy of the properties instance using its +- * <code>clone</code> method and it is the copy that is consulted to check +- * the username and access level of an incoming connection. The original +- * properties object can be modified without affecting the copy. If the +- * {@link #refresh} method is then called, the +- * <code>MBeanServerFileAccessController</code> will make a new copy of the +- * properties object at that time.</p> ++ * <p>This instance is initialized from the specified properties ++ * instance. This constructor makes a copy of the properties ++ * instance and it is the copy that is consulted to check the ++ * username and access level of an incoming connection. The ++ * original properties object can be modified without affecting ++ * the copy. If the {@link #refresh} method is then called, the ++ * <code>MBeanServerFileAccessController</code> will make a new ++ * copy of the properties object at that time.</p> + * + * @param accessFileProps properties list containing the username/access + * level entries. +@@ -184,8 +226,9 @@ + * Check if the caller can do read operations. This method does + * nothing if so, otherwise throws SecurityException. + */ ++ @Override + public void checkRead() { +- checkAccessLevel(READONLY); ++ checkAccess(AccessType.READ, null); + } + + /** +@@ -192,11 +235,30 @@ + * Check if the caller can do write operations. This method does + * nothing if so, otherwise throws SecurityException. + */ ++ @Override + public void checkWrite() { +- checkAccessLevel(READWRITE); ++ checkAccess(AccessType.WRITE, null); + } + + /** ++ * Check if the caller can create MBeans or instances of the given class. ++ * This method does nothing if so, otherwise throws SecurityException. ++ */ ++ @Override ++ public void checkCreate(String className) { ++ checkAccess(AccessType.CREATE, className); ++ } ++ ++ /** ++ * Check if the caller can do unregister operations. This method does ++ * nothing if so, otherwise throws SecurityException. ++ */ ++ @Override ++ public void checkUnregister(ObjectName name) { ++ checkAccess(AccessType.UNREGISTER, null); ++ } ++ ++ /** + * <p>Refresh the set of username/access level entries.</p> + * + * <p>If this instance was created using the +@@ -218,14 +280,13 @@ + * @exception IllegalArgumentException if any of the supplied access + * level values differs from "readonly" or "readwrite". + */ +- public void refresh() throws IOException { +- synchronized (props) { +- if (accessFileName == null) +- props = (Properties) originalProps.clone(); +- else +- props = propertiesFromFile(accessFileName); +- checkValues(props); +- } ++ public synchronized void refresh() throws IOException { ++ Properties props; ++ if (accessFileName == null) ++ props = (Properties) originalProps; ++ else ++ props = propertiesFromFile(accessFileName); ++ parseProperties(props); + } + + private static Properties propertiesFromFile(String fname) +@@ -233,11 +294,13 @@ + FileInputStream fin = new FileInputStream(fname); + Properties p = new Properties(); + p.load(fin); ++ // Properties.load does a buffered read so we don't need to wrap ++ // the FileInputStream in a BufferedInputStream. + fin.close(); + return p; + } + +- private void checkAccessLevel(String accessLevel) { ++ private synchronized void checkAccess(AccessType requiredAccess, String arg) { + final AccessControlContext acc = AccessController.getContext(); + final Subject s = + AccessController.doPrivileged(new PrivilegedAction<Subject>() { +@@ -247,39 +310,234 @@ + }); + if (s == null) return; /* security has not been enabled */ + final Set principals = s.getPrincipals(); ++ String newPropertyValue = null; + for (Iterator i = principals.iterator(); i.hasNext(); ) { + final Principal p = (Principal) i.next(); +- String grantedAccessLevel; +- synchronized (props) { +- grantedAccessLevel = props.getProperty(p.getName()); +- } +- if (grantedAccessLevel != null) { +- if (accessLevel.equals(READONLY) && +- (grantedAccessLevel.equals(READONLY) || +- grantedAccessLevel.equals(READWRITE))) ++ Access access = accessMap.get(p.getName()); ++ if (access != null) { ++ boolean ok; ++ switch (requiredAccess) { ++ case READ: ++ ok = true; // all access entries imply read ++ break; ++ case WRITE: ++ ok = access.write; ++ break; ++ case UNREGISTER: ++ ok = access.unregister; ++ if (!ok && access.write) ++ newPropertyValue = "unregister"; ++ break; ++ case CREATE: ++ ok = checkCreateAccess(access, arg); ++ if (!ok && access.write) ++ newPropertyValue = "create " + arg; ++ break; ++ default: ++ throw new AssertionError(); ++ } ++ if (ok) + return; +- if (accessLevel.equals(READWRITE) && +- grantedAccessLevel.equals(READWRITE)) +- return; + } + } +- throw new SecurityException("Access denied! Invalid access level for " + +- "requested MBeanServer operation."); ++ SecurityException se = new SecurityException("Access denied! Invalid " + ++ "access level for requested MBeanServer operation."); ++ // Add some more information to help people with deployments that ++ // worked before we required explicit create clauses. We're not giving ++ // any information to the bad guys, other than that the access control ++ // is based on a file, which they could have worked out from the stack ++ // trace anyway. ++ if (newPropertyValue != null) { ++ SecurityException se2 = new SecurityException("Access property " + ++ "for this identity should be similar to: " + READWRITE + ++ " " + newPropertyValue); ++ se.initCause(se2); ++ } ++ throw se; + } + +- private void checkValues(Properties props) { +- Collection c = props.values(); +- for (Iterator i = c.iterator(); i.hasNext(); ) { +- final String accessLevel = (String) i.next(); +- if (!accessLevel.equals(READONLY) && +- !accessLevel.equals(READWRITE)) { +- throw new IllegalArgumentException( +- "Syntax error in access level entry [" + accessLevel + "]"); ++ private static boolean checkCreateAccess(Access access, String className) { ++ for (String classNamePattern : access.createPatterns) { ++ if (classNameMatch(classNamePattern, className)) ++ return true; ++ } ++ return false; ++ } ++ ++ private static boolean classNameMatch(String pattern, String className) { ++ // We studiously avoided regexes when parsing the properties file, ++ // because that is done whenever the VM is started with the ++ // appropriate -Dcom.sun.management options, even if nobody ever ++ // creates an MBean. We don't want to incur the overhead of loading ++ // all the regex code whenever those options are specified, but if we ++ // get as far as here then the VM is already running and somebody is ++ // doing the very unusual operation of remotely creating an MBean. ++ // Because that operation is so unusual, we don't try to optimize ++ // by hand-matching or by caching compiled Pattern objects. ++ StringBuilder sb = new StringBuilder(); ++ StringTokenizer stok = new StringTokenizer(pattern, "*", true); ++ while (stok.hasMoreTokens()) { ++ String tok = stok.nextToken(); ++ if (tok.equals("*")) ++ sb.append("[^.]*"); ++ else ++ sb.append(Pattern.quote(tok)); ++ } ++ return className.matches(sb.toString()); ++ } ++ ++ private void parseProperties(Properties props) { ++ this.accessMap = new HashMap<String, Access>(); ++ for (Map.Entry<Object, Object> entry : props.entrySet()) { ++ String identity = (String) entry.getKey(); ++ String accessString = (String) entry.getValue(); ++ Access access = Parser.parseAccess(identity, accessString); ++ accessMap.put(identity, access); ++ } ++ } ++ ++ private static class Parser { ++ private final static int EOS = -1; // pseudo-codepoint "end of string" ++ static { ++ assert !Character.isWhitespace(EOS); ++ } ++ ++ private final String identity; // just for better error messages ++ private final String s; // the string we're parsing ++ private final int len; // s.length() ++ private int i; ++ private int c; ++ // At any point, either c is s.codePointAt(i), or i == len and ++ // c is EOS. We use int rather than char because it is conceivable ++ // (if unlikely) that a classname in a create clause might contain ++ // "supplementary characters", the ones that don't fit in the original ++ // 16 bits for Unicode. ++ ++ private Parser(String identity, String s) { ++ this.identity = identity; ++ this.s = s; ++ this.len = s.length(); ++ this.i = 0; ++ if (i < len) ++ this.c = s.codePointAt(i); ++ else ++ this.c = EOS; ++ } ++ ++ static Access parseAccess(String identity, String s) { ++ return new Parser(identity, s).parseAccess(); ++ } ++ ++ private Access parseAccess() { ++ skipSpace(); ++ String type = parseWord(); ++ Access access; ++ if (type.equals(READONLY)) ++ access = new Access(false, false, null); ++ else if (type.equals(READWRITE)) ++ access = parseReadWrite(); ++ else { ++ throw syntax("Expected " + READONLY + " or " + READWRITE + ++ ": " + type); + } ++ if (c != EOS) ++ throw syntax("Extra text at end of line"); ++ return access; + } ++ ++ private Access parseReadWrite() { ++ List<String> createClasses = new ArrayList<String>(); ++ boolean unregister = false; ++ while (true) { ++ skipSpace(); ++ if (c == EOS) ++ break; ++ String type = parseWord(); ++ if (type.equals(UNREGISTER)) ++ unregister = true; ++ else if (type.equals(CREATE)) ++ parseCreate(createClasses); ++ else ++ throw syntax("Unrecognized keyword " + type); ++ } ++ return new Access(true, unregister, createClasses); ++ } ++ ++ private void parseCreate(List<String> createClasses) { ++ while (true) { ++ skipSpace(); ++ createClasses.add(parseClassName()); ++ skipSpace(); ++ if (c == ',') ++ next(); ++ else ++ break; ++ } ++ } ++ ++ private String parseClassName() { ++ // We don't check that classname components begin with suitable ++ // characters (so we accept 1.2.3 for example). This means that ++ // there are only two states, which we can call dotOK and !dotOK ++ // according as a dot (.) is legal or not. Initially we're in ++ // !dotOK since a classname can't start with a dot; after a dot ++ // we're in !dotOK again; and after any other characters we're in ++ // dotOK. The classname is only accepted if we end in dotOK, ++ // so we reject an empty name or a name that ends with a dot. ++ final int start = i; ++ boolean dotOK = false; ++ while (true) { ++ if (c == '.') { ++ if (!dotOK) ++ throw syntax("Bad . in class name"); ++ dotOK = false; ++ } else if (c == '*' || Character.isJavaIdentifierPart(c)) ++ dotOK = true; ++ else ++ break; ++ next(); ++ } ++ String className = s.substring(start, i); ++ if (!dotOK) ++ throw syntax("Bad class name " + className); ++ return className; ++ } ++ ++ // Advance c and i to the next character, unless already at EOS. ++ private void next() { ++ if (c != EOS) { ++ i += Character.charCount(c); ++ if (i < len) ++ c = s.codePointAt(i); ++ else ++ c = EOS; ++ } ++ } ++ ++ private void skipSpace() { ++ while (Character.isWhitespace(c)) ++ next(); ++ } ++ ++ private String parseWord() { ++ skipSpace(); ++ if (c == EOS) ++ throw syntax("Expected word at end of line"); ++ final int start = i; ++ while (c != EOS && !Character.isWhitespace(c)) ++ next(); ++ String word = s.substring(start, i); ++ skipSpace(); ++ return word; ++ } ++ ++ private IllegalArgumentException syntax(String msg) { ++ return new IllegalArgumentException( ++ msg + " [" + identity + " " + s + "]"); ++ } + } + +- private Properties props; ++ private Map<String, Access> accessMap; + private Properties originalProps; + private String accessFileName; + } +--- old/src/share/lib/management/jmxremote.access Mon Mar 9 18:11:05 2009 ++++ openjdk/jdk/src/share/lib/management/jmxremote.access Mon Mar 9 18:11:05 2009 +@@ -8,7 +8,7 @@ + # passwords. To be functional, a role must have an entry in + # both the password and the access files. + # +-# Default location of this file is $JRE/lib/management/jmxremote.access ++# The default location of this file is $JRE/lib/management/jmxremote.access + # You can specify an alternate location by specifying a property in + # the management config file $JRE/lib/management/management.properties + # (See that file for details) +@@ -16,7 +16,7 @@ + # The file format for password and access files is syntactically the same + # as the Properties file format. The syntax is described in the Javadoc + # for java.util.Properties.load. +-# Typical access file has multiple lines, where each line is blank, ++# A typical access file has multiple lines, where each line is blank, + # a comment (like this one), or an access control entry. + # + # An access control entry consists of a role name, and an +@@ -29,11 +29,39 @@ + # role can read measurements but cannot perform any action + # that changes the environment of the running program. + # "readwrite" grants access to read and write attributes of MBeans, +-# to invoke operations on them, and to create or remove them. +-# This access should be granted to only trusted clients, +-# since they can potentially interfere with the smooth +-# operation of a running program ++# to invoke operations on them, and optionally ++# to create or remove them. This access should be granted ++# only to trusted clients, since they can potentially ++# interfere with the smooth operation of a running program. + # ++# The "readwrite" access level can optionally be followed by the "create" and/or ++# "unregister" keywords. The "unregister" keyword grants access to unregister ++# (delete) MBeans. The "create" keyword grants access to create MBeans of a ++# particular class or of any class matching a particular pattern. Access ++# should only be granted to create MBeans of known and trusted classes. ++# ++# For example, the following entry would grant readwrite access ++# to "controlRole", as well as access to create MBeans of the class ++# javax.management.monitor.CounterMonitor and to unregister any MBean: ++# controlRole readwrite \ ++# create javax.management.monitor.CounterMonitorMBean \ ++# unregister ++# or equivalently: ++# controlRole readwrite unregister create javax.management.monitor.CounterMBean ++# ++# The following entry would grant readwrite access as well as access to create ++# MBeans of any class in the packages javax.management.monitor and ++# javax.management.timer: ++# controlRole readwrite \ ++# create javax.management.monitor.*,javax.management.timer.* \ ++# unregister ++# ++# The \ character is defined in the Properties file syntax to allow continuation ++# lines as shown here. A * in a class pattern matches a sequence of characters ++# other than dot (.), so javax.management.monitor.* matches ++# javax.management.monitor.CounterMonitor but not ++# javax.management.monitor.foo.Bar. ++# + # A given role should have at most one entry in this file. If a role + # has no entry, it has no access. + # If multiple entries are found for the same role name, then the last +@@ -42,7 +70,10 @@ + # + # Default access control entries: + # o The "monitorRole" role has readonly access. +-# o The "controlRole" role has readwrite access. ++# o The "controlRole" role has readwrite access and can create the standard ++# Timer and Monitor MBeans defined by the JMX API. + + monitorRole readonly +-controlRole readwrite ++controlRole readwrite \ ++ create javax.management.monitor.*,javax.management.timer.* \ ++ unregister
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6737315.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,44 @@ +--- old/./src/share/classes/com/sun/jndi/ldap/VersionHelper12.java Tue Mar 10 17:35:37 2009 ++++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/VersionHelper12.java Tue Mar 10 17:35:36 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1999 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -33,12 +33,33 @@ + + final class VersionHelper12 extends VersionHelper { + ++ // System property to control whether classes may be loaded from an ++ // arbitrary URL code base. ++ private static final String TRUST_URL_CODEBASE_PROPERTY = ++ "com.sun.jndi.ldap.object.trustURLCodebase"; ++ ++ // Determine whether classes may be loaded from an arbitrary URL code base. ++ private static final String trustURLCodebase = ++ AccessController.doPrivileged( ++ new PrivilegedAction<String>() { ++ public String run() { ++ return System.getProperty(TRUST_URL_CODEBASE_PROPERTY, ++ "false"); ++ } ++ } ++ ); ++ + VersionHelper12() {} // Disallow external from creating one of these. + + ClassLoader getURLClassLoader(String[] url) + throws MalformedURLException { + ClassLoader parent = getContextClassLoader(); +- if (url != null) { ++ /* ++ * Classes may only be loaded from an arbitrary URL code base when ++ * the system property com.sun.jndi.ldap.object.trustURLCodebase ++ * has been set to "true". ++ */ ++ if (url != null && "true".equalsIgnoreCase(trustURLCodebase)) { + return URLClassLoader.newInstance(getUrlArray(url), parent); + } else { + return parent;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6792554.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,415 @@ +--- old/src/share/native/com/sun/java/util/jar/pack/bands.cpp Tue Mar 3 22:19:24 2009 ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bands.cpp Tue Mar 3 22:19:23 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2002-2005 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -94,6 +94,7 @@ + assert(!valc->isMalloc); + } + xvs.init(u->rp, u->rplimit, valc); ++ CHECK; + int X = xvs.getInt(); + if (valc->S() != 0) { + assert(valc->min <= -256); +@@ -117,6 +118,7 @@ + byte XB_byte = (byte) XB; + byte* XB_ptr = &XB_byte; + cm.init(u->rp, u->rplimit, XB_ptr, 0, defc, length, null); ++ CHECK; + } else { + NOT_PRODUCT(byte* meta_rp0 = u->meta_rp); + assert(u->meta_rp != null); +@@ -215,8 +217,19 @@ + if (length == 0) return 0; + if (total_memo > 0) return total_memo-1; + int total = getInt(); ++ // overflow checks require that none of the addends are <0, ++ // and that the partial sums never overflow (wrap negative) ++ if (total < 0) { ++ abort("overflow detected"); ++ return 0; ++ } + for (int k = length-1; k > 0; k--) { +- total += vs[0].getInt(); ++ int prev_total = total; ++ total += vs[0].getInt(); ++ if (total < prev_total) { ++ abort("overflow detected"); ++ return 0; ++ } + } + rewind(); + total_memo = total+1; +--- old/src/share/native/com/sun/java/util/jar/pack/coding.cpp Tue Mar 3 22:19:29 2009 ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/coding.cpp Tue Mar 3 22:19:27 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2002-2005 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -809,6 +809,7 @@ + } + band_rp = vs.rp; + } ++ CHECK; + + // Get an accurate upper limit now. + vs0.rplimit = band_rp; +--- old/src/share/native/com/sun/java/util/jar/pack/defines.h Tue Mar 3 22:19:33 2009 ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/defines.h Tue Mar 3 22:19:31 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2001-2008 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -155,6 +155,8 @@ + #define CHECK_NULL_(y,p) _CHECK_DO((p)==null, return y) + #define CHECK_NULL_0(p) _CHECK_DO((p)==null, return 0) + ++#define CHECK_COUNT(t) if (t < 0){abort("bad value count");} CHECK ++ + #define STR_TRUE "true" + #define STR_FALSE "false" + +--- old/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Tue Mar 3 22:19:37 2009 ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Tue Mar 3 22:19:35 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2001-2008 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -504,15 +504,40 @@ + enum { + MAGIC_BYTES = 4, + AH_LENGTH_0 = 3, //minver, majver, options are outside of archive_size ++ AH_LENGTH_0_MAX = AH_LENGTH_0 + 1, // options might have 2 bytes + AH_LENGTH = 26, //maximum archive header length (w/ all fields) + // Length contributions from optional header fields: + AH_FILE_HEADER_LEN = 5, // sizehi/lo/next/modtime/files ++ AH_ARCHIVE_SIZE_LEN = 2, // sizehi/lo only; part of AH_FILE_HEADER_LEN + AH_CP_NUMBER_LEN = 4, // int/float/long/double + AH_SPECIAL_FORMAT_LEN = 2, // layouts/band-headers + AH_LENGTH_MIN = AH_LENGTH + -(AH_FILE_HEADER_LEN+AH_SPECIAL_FORMAT_LEN+AH_CP_NUMBER_LEN), ++ ARCHIVE_SIZE_MIN = AH_LENGTH_MIN - (AH_LENGTH_0 + AH_ARCHIVE_SIZE_LEN), + FIRST_READ = MAGIC_BYTES + AH_LENGTH_MIN + }; ++ ++ ++ assert(AH_LENGTH_MIN == 15); // # of UNSIGNED5 fields required after archive_magic ++ assert(ARCHIVE_SIZE_MIN == 10); // # of UNSIGNED5 fields required after archive_size ++ // An absolute minimum null archive is magic[4], {minver,majver,options}[3], ++ // archive_size[0], cp_counts[8], class_counts[4], for a total of 19 bytes. ++ // (Note that archive_size is optional; it may be 0..10 bytes in length.) ++ // The first read must capture everything up through the options field. ++ // This happens to work even if {minver,majver,options} is a pathological ++ // 15 bytes long. Legal pack files limit those three fields to 1+1+2 bytes. ++ assert(FIRST_READ >= MAGIC_BYTES + AH_LENGTH_0 * B_MAX); ++ ++ // Up through archive_size, the largest possible archive header is ++ // magic[4], {minver,majver,options}[4], archive_size[10]. ++ // (Note only the low 12 bits of options are allowed to be non-zero.) ++ // In order to parse archive_size, we need at least this many bytes ++ // in the first read. Of course, if archive_size_hi is more than ++ // a byte, we probably will fail to allocate the buffer, since it ++ // will be many gigabytes long. This is a practical, not an ++ // architectural limit to Pack200 archive sizes. ++ assert(FIRST_READ >= MAGIC_BYTES + AH_LENGTH_0_MAX + 2*B_MAX); ++ + bool foreign_buf = (read_input_fn == null); + byte initbuf[FIRST_READ + C_SLOP + 200]; // 200 is for JAR I/O + if (foreign_buf) { +@@ -528,7 +553,7 @@ + // There is no way to tell the caller that we used only part of them. + // Therefore, the caller must use only a bare minimum of read-ahead. + if (inbytes.len > FIRST_READ) { +- abort("too much pushback"); ++ abort("too much read-ahead"); + return; + } + input.set(initbuf, sizeof(initbuf)); +@@ -538,7 +563,7 @@ + rplimit += inbytes.len; + bytes_read += inbytes.len; + } +- // Read only 19 bytes, which is certain to contain #archive_size fields, ++ // Read only 19 bytes, which is certain to contain #archive_options fields, + // but is certain not to overflow past the archive_header. + input.b.len = FIRST_READ; + if (!ensure_input(FIRST_READ)) +@@ -611,8 +636,8 @@ + if ((archive_options & ~OPTION_LIMIT) != 0) { + fprintf(errstrm, "Warning: Illegal archive options 0x%x\n", + archive_options); +- // Do not abort. If the format really changes, version numbers will bump. +- //abort("illegal archive options"); ++ abort("illegal archive options"); ++ return; + } + + if ((archive_options & AO_HAVE_FILE_HEADERS) != 0) { +@@ -643,8 +668,17 @@ + return; + } + } else if (archive_size != 0) { ++ if (archive_size < ARCHIVE_SIZE_MIN) { ++ abort("impossible archive size"); // bad input data ++ return; ++ } ++ if (archive_size < header_size_1) { ++ abort("too much read-ahead"); // somehow we pre-fetched too much? ++ return; ++ } + input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), + (size_t) header_size_0 + archive_size); ++ CHECK; + assert(input.limit()[0] == 0); + // Move all the bytes we read initially into the real buffer. + input.b.copyFrom(initbuf, header_size); +@@ -659,6 +693,7 @@ + rp = rplimit = input.base(); + // Set up input buffer as if we already read the header: + input.b.copyFrom(initbuf, header_size); ++ CHECK; + rplimit += header_size; + while (ensure_input(input.limit() - rp)) { + size_t dataSoFar = input_remaining(); +@@ -694,8 +729,10 @@ + + if ((archive_options & AO_HAVE_FILE_HEADERS) != 0) { + archive_next_count = hdr.getInt(); ++ CHECK_COUNT(archive_next_count); + archive_modtime = hdr.getInt(); + file_count = hdr.getInt(); ++ CHECK_COUNT(file_count); + hdrVals += 3; + } else { + hdrValsSkipped += 3; +@@ -703,7 +740,9 @@ + + if ((archive_options & AO_HAVE_SPECIAL_FORMATS) != 0) { + band_headers_size = hdr.getInt(); ++ CHECK_COUNT(band_headers_size); + attr_definition_count = hdr.getInt(); ++ CHECK_COUNT(attr_definition_count); + hdrVals += 2; + } else { + hdrValsSkipped += 2; +@@ -723,13 +762,16 @@ + } + } + cp_counts[k] = hdr.getInt(); ++ CHECK_COUNT(cp_counts[k]); + hdrVals += 1; + } + + ic_count = hdr.getInt(); ++ CHECK_COUNT(ic_count); + default_class_minver = hdr.getInt(); + default_class_majver = hdr.getInt(); + class_count = hdr.getInt(); ++ CHECK_COUNT(class_count); + hdrVals += 4; + + // done with archive_header +@@ -783,7 +825,6 @@ + bytes::of(band_headers.limit(), C_SLOP).clear(_meta_error); + } + +- + void unpacker::finish() { + if (verbose >= 1) { + fprintf(errstrm, +@@ -2089,13 +2130,14 @@ + + field_descr.readData(field_count); + read_attrs(ATTR_CONTEXT_FIELD, field_count); ++ CHECK; + + method_descr.readData(method_count); + read_attrs(ATTR_CONTEXT_METHOD, method_count); +- + CHECK; + + read_attrs(ATTR_CONTEXT_CLASS, class_count); ++ CHECK; + + read_code_headers(); + +@@ -2122,10 +2164,12 @@ + assert(endsWith(xxx_flags_hi.name, "_flags_hi")); + if (haveLongFlags) + xxx_flags_hi.readData(obj_count); ++ CHECK; + + band& xxx_flags_lo = ad.xxx_flags_lo(); + assert(endsWith(xxx_flags_lo.name, "_flags_lo")); + xxx_flags_lo.readData(obj_count); ++ CHECK; + + // pre-scan flags, counting occurrences of each index bit + julong indexMask = ad.flagIndexMask(); // which flag bits are index bits? +@@ -2148,11 +2192,13 @@ + assert(endsWith(xxx_attr_count.name, "_attr_count")); + // There is one count element for each 1<<16 bit set in flags: + xxx_attr_count.readData(ad.predefCount(X_ATTR_OVERFLOW)); ++ CHECK; + + band& xxx_attr_indexes = ad.xxx_attr_indexes(); + assert(endsWith(xxx_attr_indexes.name, "_attr_indexes")); + int overflowIndexCount = xxx_attr_count.getIntTotal(); + xxx_attr_indexes.readData(overflowIndexCount); ++ CHECK; + // pre-scan attr indexes, counting occurrences of each value + for (i = 0; i < overflowIndexCount; i++) { + idx = xxx_attr_indexes.getInt(); +@@ -2183,6 +2229,7 @@ + } + } + ad.xxx_attr_calls().readData(backwardCounts); ++ CHECK; + + // Read built-in bands. + // Mostly, these are hand-coded equivalents to readBandData(). +@@ -2191,13 +2238,16 @@ + + count = ad.predefCount(CLASS_ATTR_SourceFile); + class_SourceFile_RUN.readData(count); ++ CHECK; + + count = ad.predefCount(CLASS_ATTR_EnclosingMethod); + class_EnclosingMethod_RC.readData(count); + class_EnclosingMethod_RDN.readData(count); ++ CHECK; + + count = ad.predefCount(X_ATTR_Signature); + class_Signature_RS.readData(count); ++ CHECK; + + ad.readBandData(X_ATTR_RuntimeVisibleAnnotations); + ad.readBandData(X_ATTR_RuntimeInvisibleAnnotations); +@@ -2204,17 +2254,22 @@ + + count = ad.predefCount(CLASS_ATTR_InnerClasses); + class_InnerClasses_N.readData(count); ++ CHECK; ++ + count = class_InnerClasses_N.getIntTotal(); + class_InnerClasses_RC.readData(count); + class_InnerClasses_F.readData(count); ++ CHECK; + // Drop remaining columns wherever flags are zero: + count -= class_InnerClasses_F.getIntCount(0); + class_InnerClasses_outer_RCN.readData(count); + class_InnerClasses_name_RUN.readData(count); ++ CHECK; + + count = ad.predefCount(CLASS_ATTR_ClassFile_version); + class_ClassFile_version_minor_H.readData(count); + class_ClassFile_version_major_H.readData(count); ++ CHECK; + break; + + case ATTR_CONTEXT_FIELD: +@@ -2221,12 +2276,15 @@ + + count = ad.predefCount(FIELD_ATTR_ConstantValue); + field_ConstantValue_KQ.readData(count); ++ CHECK; + + count = ad.predefCount(X_ATTR_Signature); + field_Signature_RS.readData(count); ++ CHECK; + + ad.readBandData(X_ATTR_RuntimeVisibleAnnotations); + ad.readBandData(X_ATTR_RuntimeInvisibleAnnotations); ++ CHECK; + break; + + case ATTR_CONTEXT_METHOD: +@@ -2238,9 +2296,11 @@ + method_Exceptions_N.readData(count); + count = method_Exceptions_N.getIntTotal(); + method_Exceptions_RC.readData(count); ++ CHECK; + + count = ad.predefCount(X_ATTR_Signature); + method_Signature_RS.readData(count); ++ CHECK; + + ad.readBandData(X_ATTR_RuntimeVisibleAnnotations); + ad.readBandData(X_ATTR_RuntimeInvisibleAnnotations); +@@ -2247,6 +2307,7 @@ + ad.readBandData(METHOD_ATTR_RuntimeVisibleParameterAnnotations); + ad.readBandData(METHOD_ATTR_RuntimeInvisibleParameterAnnotations); + ad.readBandData(METHOD_ATTR_AnnotationDefault); ++ CHECK; + break; + + case ATTR_CONTEXT_CODE: +@@ -2258,8 +2319,10 @@ + return; + } + code_StackMapTable_N.readData(count); ++ CHECK; + count = code_StackMapTable_N.getIntTotal(); + code_StackMapTable_frame_T.readData(count); ++ CHECK; + // the rest of it depends in a complicated way on frame tags + { + int fat_frame_count = 0; +@@ -2293,18 +2356,23 @@ + // deal completely with fat frames: + offset_count += fat_frame_count; + code_StackMapTable_local_N.readData(fat_frame_count); ++ CHECK; + type_count += code_StackMapTable_local_N.getIntTotal(); + code_StackMapTable_stack_N.readData(fat_frame_count); + type_count += code_StackMapTable_stack_N.getIntTotal(); ++ CHECK; + // read the rest: + code_StackMapTable_offset.readData(offset_count); + code_StackMapTable_T.readData(type_count); ++ CHECK; + // (7) [RCH] + count = code_StackMapTable_T.getIntCount(7); + code_StackMapTable_RC.readData(count); ++ CHECK; + // (8) [PH] + count = code_StackMapTable_T.getIntCount(8); + code_StackMapTable_P.readData(count); ++ CHECK; + } + + count = ad.predefCount(CODE_ATTR_LineNumberTable); +@@ -2626,7 +2694,9 @@ + code_max_na_locals.readData(); + code_handler_count.readData(); + totalHandlerCount += code_handler_count.getIntTotal(); ++ CHECK; + ++ + // Read handler specifications. + // Cf. PackageReader.readCodeHandlers. + code_handler_start_P.readData(totalHandlerCount); +@@ -2633,8 +2703,10 @@ + code_handler_end_PO.readData(totalHandlerCount); + code_handler_catch_PO.readData(totalHandlerCount); + code_handler_class_RCN.readData(totalHandlerCount); ++ CHECK; + + read_attrs(ATTR_CONTEXT_CODE, totalFlagsCount); ++ CHECK; + } + + static inline bool is_in_range(uint n, uint min, uint max) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6804996.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,75 @@ +--- old/src/share/native/sun/awt/splashscreen/splashscreen_gif.c Thu Mar 5 16:18:35 2009 ++++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_gif.c Thu Mar 5 16:18:34 2009 +@@ -53,10 +53,6 @@ + // convert libungif samples to our ones + #define MAKE_QUAD_GIF(c,a) MAKE_QUAD((c).Red, (c).Green, (c).Blue, (a)) + +-#define SAFE_TO_ALLOC(c, sz) \ +- (((c) > 0) && ((sz) > 0) && \ +- ((0xffffffffu / ((unsigned int)(c))) > (unsigned int)(sz))) +- + /* stdio FILE* and memory input functions for libungif */ + int + SplashStreamGifInputFunc(GifFileType * gif, GifByteType * buf, int n) +--- old/src/share/native/sun/awt/splashscreen/splashscreen_impl.h Thu Mar 5 16:18:38 2009 ++++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_impl.h Thu Mar 5 16:18:37 2009 +@@ -155,6 +155,10 @@ + + void SplashInitFrameShape(Splash * splash, int imageIndex); + ++#define SAFE_TO_ALLOC(c, sz) \ ++ (((c) > 0) && ((sz) > 0) && \ ++ ((0xffffffffu / ((unsigned int)(c))) > (unsigned int)(sz))) ++ + #define dbgprintf printf + + #endif +--- old/src/share/native/sun/awt/splashscreen/splashscreen_png.c Thu Mar 5 16:18:41 2009 ++++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c Thu Mar 5 16:18:40 2009 +@@ -103,9 +103,17 @@ + + rowbytes = png_get_rowbytes(png_ptr, info_ptr); + ++ if (!SAFE_TO_ALLOC(rowbytes, height)) { ++ goto done; ++ } ++ + if ((image_data = (unsigned char *) malloc(rowbytes * height)) == NULL) { + goto done; + } ++ ++ if (!SAFE_TO_ALLOC(height, sizeof(png_bytep))) { ++ goto done; ++ } + if ((row_pointers = (png_bytepp) malloc(height * sizeof(png_bytep))) + == NULL) { + goto done; +@@ -121,13 +129,28 @@ + splash->width = width; + splash->height = height; + ++ if (!SAFE_TO_ALLOC(splash->width, splash->imageFormat.depthBytes)) { ++ goto done; ++ } + stride = splash->width * splash->imageFormat.depthBytes; + ++ if (!SAFE_TO_ALLOC(splash->height, stride)) { ++ goto done; ++ } + splash->frameCount = 1; + splash->frames = (SplashImage *) + malloc(sizeof(SplashImage) * splash->frameCount); ++ ++ if (splash->frames == NULL) { ++ goto done; ++ } ++ + splash->loopCount = 1; + splash->frames[0].bitmapBits = malloc(stride * splash->height); ++ if (splash->frames[0].bitmapBits == NULL) { ++ free(splash->frames); ++ goto done; ++ } + splash->frames[0].delay = 0; + + /* FIXME: sort out the real format */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6804997.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,31 @@ +--- old/src/share/native/sun/awt/giflib/dgif_lib.c Thu Mar 5 16:33:17 2009 ++++ openjdk/jdk/src/share/native/sun/awt/giflib/dgif_lib.c Thu Mar 5 16:33:16 2009 +@@ -722,6 +722,10 @@ + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + + READ(GifFile, &CodeSize, 1); /* Read Code size from file. */ ++ if (CodeSize >= 12) { ++ /* Invalid initial code size: report failure */ ++ return GIF_ERROR; ++ } + BitsPerPixel = CodeSize; + + Private->Buf[0] = 0; /* Input Buffer empty. */ +@@ -964,10 +968,13 @@ + + /* If code cannot fit into RunningBits bits, must raise its size. Note + * however that codes above 4095 are used for special signaling. */ +- if (++Private->RunningCode > Private->MaxCode1 && +- Private->RunningBits < LZ_BITS) { +- Private->MaxCode1 <<= 1; +- Private->RunningBits++; ++ if (++Private->RunningCode > Private->MaxCode1) { ++ if (Private->RunningBits < LZ_BITS) { ++ Private->MaxCode1 <<= 1; ++ Private->RunningBits++; ++ } else { ++ Private->RunningCode = Private->MaxCode1; ++ } + } + return GIF_OK; + }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/icedtea-6804998.patch Tue Mar 24 14:15:51 2009 +0000 @@ -0,0 +1,35 @@ +--- old/src/share/classes/sun/awt/image/GifImageDecoder.java Thu Mar 5 17:00:25 2009 ++++ openjdk/jdk/src/share/classes/sun/awt/image/GifImageDecoder.java Thu Mar 5 17:00:24 2009 +@@ -585,9 +585,16 @@ + System.out.print("Reading a " + width + " by " + height + " " + + (interlace ? "" : "non-") + "interlaced image..."); + } +- ++ int initCodeSize = ExtractByte(block, 9); ++ if (initCodeSize >= 12) { ++ if (verbose) { ++ System.out.println("Invalid initial code size: " + ++ initCodeSize); ++ } ++ return false; ++ } + boolean ret = parseImage(x, y, width, height, +- interlace, ExtractByte(block, 9), ++ interlace, initCodeSize, + block, rasline, model); + + if (!ret) { +--- old/src/share/native/sun/awt/image/gif/gifdecoder.c Thu Mar 5 17:00:28 2009 ++++ openjdk/jdk/src/share/native/sun/awt/image/gif/gifdecoder.c Thu Mar 5 17:00:27 2009 +@@ -191,6 +191,11 @@ + int passht = passinc; + int len; + ++ /* We have verified the initial code size on the java layer. ++ * Here we just check bounds for particular indexes. */ ++ if (freeCode >= 4096 || maxCode >= 4096) { ++ return 0; ++ } + if (blockh == 0 || raslineh == 0 + || prefixh == 0 || suffixh == 0 + || outCodeh == 0)