Mercurial > hg > release > icedtea6-1.6
view patches/security/20100330/6904691.patch @ 1723:d48a4f542e7d
Add new security patches and fix srcdir!=builddir issues.
2009-03-30 Andrew John Hughes <ahughes@redhat.com>
* patches/icedtea-systemtap.patch:
Moved to HotSpot-specific patch tree.
* Makefile.am: Add new security patches
and add $(HSBUILD) to systemtap patch.
Put copied OpenJDK files in openjdk-copy
rather than a duplicate rt directory
in the build tree.
* NEWS: List new security patches.
* patches/hotspot/default/systemtap.patch:
From patches/icedtea-systemtap.patch.
* patches/hotspot/original/icedtea-format.patch,
* patches/hotspot/original/systemtap.patch:
Added for original HotSpot build.
* patches/security/20100330/6626217.patch,
* patches/security/20100330/6633872.patch,
* patches/security/20100330/6639665.patch,
* patches/security/20100330/6736390.patch,
* patches/security/20100330/6745393.patch,
* patches/security/20100330/6887703.patch,
* patches/security/20100330/6888149.patch,
* patches/security/20100330/6892265.patch,
* patches/security/20100330/6893947.patch,
* patches/security/20100330/6893954.patch,
* patches/security/20100330/6898622.patch,
* patches/security/20100330/6898739.patch,
* patches/security/20100330/6899653.patch,
* patches/security/20100330/6902299.patch,
* patches/security/20100330/6904691.patch,
* patches/security/20100330/6909597.patch,
* patches/security/20100330/6910590.patch,
* patches/security/20100330/6914823.patch,
* patches/security/20100330/6914866.patch,
* patches/security/20100330/6932480.patch,
* patches/security/20100330/hotspot/default/6894807.patch,
* patches/security/20100330/hotspot/original/6894807.patch:
New security and hardening patches
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Tue, 30 Mar 2010 23:04:54 +0100 |
| parents | |
| children |
line wrap: on
line source
--- openjdk.orig/jdk/src/share/classes/java/beans/EventHandler.java 2009-12-18 16:45:11.534864100 +0300 +++ openjdk/jdk/src/share/classes/java/beans/EventHandler.java 2009-12-18 16:45:10.832864100 +0300 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,7 +32,6 @@ import java.security.AccessController; import java.security.PrivilegedAction; -import java.util.EventObject; import sun.reflect.misc.MethodUtil; /** @@ -279,9 +278,9 @@ public class EventHandler implements InvocationHandler { private Object target; private String action; - private String eventPropertyName; - private String listenerMethodName; - private AccessControlContext acc; + private final String eventPropertyName; + private final String listenerMethodName; + private final AccessControlContext acc = AccessController.getContext(); /** * Creates a new <code>EventHandler</code> object; @@ -309,7 +308,6 @@ * @see #getListenerMethodName */ public EventHandler(Object target, String action, String eventPropertyName, String listenerMethodName) { - this.acc = AccessController.getContext(); this.target = target; this.action = action; if (target == null) { @@ -421,7 +419,11 @@ * @see EventHandler */ public Object invoke(final Object proxy, final Method method, final Object[] arguments) { - return AccessController.doPrivileged(new PrivilegedAction() { + AccessControlContext acc = this.acc; + if (acc == null && null != System.getSecurityManager()) { + throw new SecurityException("AccessControlContext is not set"); + } + return AccessController.doPrivileged(new PrivilegedAction<Object>() { public Object run() { return invokeInternal(proxy, method, arguments); } @@ -481,7 +483,10 @@ throw new RuntimeException(ex); } catch (InvocationTargetException ex) { - throw new RuntimeException(ex.getTargetException()); + Throwable th = ex.getTargetException(); + throw (th instanceof RuntimeException) + ? (RuntimeException) th + : new RuntimeException(th); } } return null; --- openjdk.orig/jdk/src/share/classes/java/beans/Statement.java 2009-12-18 16:45:17.431864100 +0300 +++ openjdk/jdk/src/share/classes/java/beans/Statement.java 2009-12-18 16:45:16.779864100 +0300 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,10 @@ import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import com.sun.beans.finder.ClassFinder; import sun.reflect.misc.MethodUtil; @@ -61,9 +65,10 @@ } }; - Object target; - String methodName; - Object[] arguments; + private final AccessControlContext acc = AccessController.getContext(); + private final Object target; + private final String methodName; + private final Object[] arguments; /** * Creates a new <code>Statement</code> object with a <code>target</code>, @@ -141,6 +146,27 @@ } Object invoke() throws Exception { + AccessControlContext acc = this.acc; + if (acc == null && null != System.getSecurityManager()) { + throw new SecurityException("AccessControlContext is not set"); + } + try { + return AccessController.doPrivileged( + new PrivilegedExceptionAction<Object>() { + public Object run() + throws Exception { + return invokeInternal(); + } + }, + acc + ); + } + catch (PrivilegedActionException exception) { + throw exception.getException(); + } + } + + private Object invokeInternal() throws Exception { Object target = getTarget(); String methodName = getMethodName(); --- openjdk.orig/jdk/test/java/beans/EventHandler/Test6277246.java 2009-12-18 16:45:23.345864100 +0300 +++ openjdk/jdk/test/java/beans/EventHandler/Test6277246.java 2009-12-18 16:45:22.586864100 +0300 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -49,10 +49,10 @@ catch (NoSuchMethodException exception) { throw new Error("unexpected exception", exception); } + catch (SecurityException exception) { + // expected security exception + } catch (RuntimeException exception) { - if (exception.getCause() instanceof SecurityException) { - return; // expected security exception - } throw new Error("unexpected exception", exception); } } --- openjdk.orig/jdk/test/java/beans/EventHandler/Test6277266.java 2009-12-18 16:45:29.225864100 +0300 +++ openjdk/jdk/test/java/beans/EventHandler/Test6277266.java 2009-12-18 16:45:28.557864100 +0300 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -51,7 +51,7 @@ ); throw new Error("SecurityException expected"); } catch (InvocationTargetException exception) { - if (exception.getCause().getCause() instanceof SecurityException){ + if (exception.getCause() instanceof SecurityException){ return; // expected security exception } throw new Error("unexpected exception", exception);