# HG changeset patch # User Andrew John Hughes # Date 1269986694 -3600 # Node ID d48a4f542e7dc9075c003e0072e0279e3bed4c79 # Parent 924928f21072769c80cd091a9268754c987e4a4f Add new security patches and fix srcdir!=builddir issues. 2009-03-30 Andrew John Hughes * patches/icedtea-systemtap.patch: Moved to HotSpot-specific patch tree. * Makefile.am: Add new security patches and add $(HSBUILD) to systemtap patch. Put copied OpenJDK files in openjdk-copy rather than a duplicate rt directory in the build tree. * NEWS: List new security patches. * patches/hotspot/default/systemtap.patch: From patches/icedtea-systemtap.patch. * patches/hotspot/original/icedtea-format.patch, * patches/hotspot/original/systemtap.patch: Added for original HotSpot build. * patches/security/20100330/6626217.patch, * patches/security/20100330/6633872.patch, * patches/security/20100330/6639665.patch, * patches/security/20100330/6736390.patch, * patches/security/20100330/6745393.patch, * patches/security/20100330/6887703.patch, * patches/security/20100330/6888149.patch, * patches/security/20100330/6892265.patch, * patches/security/20100330/6893947.patch, * patches/security/20100330/6893954.patch, * patches/security/20100330/6898622.patch, * patches/security/20100330/6898739.patch, * patches/security/20100330/6899653.patch, * patches/security/20100330/6902299.patch, * patches/security/20100330/6904691.patch, * patches/security/20100330/6909597.patch, * patches/security/20100330/6910590.patch, * patches/security/20100330/6914823.patch, * patches/security/20100330/6914866.patch, * patches/security/20100330/6932480.patch, * patches/security/20100330/hotspot/default/6894807.patch, * patches/security/20100330/hotspot/original/6894807.patch: New security and hardening patches http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html diff -r 924928f21072 -r d48a4f542e7d ChangeLog --- a/ChangeLog Thu Mar 18 18:41:04 2010 +0000 +++ b/ChangeLog Tue Mar 30 23:04:54 2010 +0100 @@ -1,3 +1,43 @@ +2009-03-30 Andrew John Hughes + + * patches/icedtea-systemtap.patch: + Moved to HotSpot-specific patch tree. + * Makefile.am: Add new security patches + and add $(HSBUILD) to systemtap patch. + Put copied OpenJDK files in openjdk-copy + rather than a duplicate rt directory + in the build tree. + * NEWS: List new security patches. + * patches/hotspot/default/systemtap.patch: + From patches/icedtea-systemtap.patch. + * patches/hotspot/original/icedtea-format.patch, + * patches/hotspot/original/systemtap.patch: + Added for original HotSpot build. + * patches/security/20100330/6626217.patch, + * patches/security/20100330/6633872.patch, + * patches/security/20100330/6639665.patch, + * patches/security/20100330/6736390.patch, + * patches/security/20100330/6745393.patch, + * patches/security/20100330/6887703.patch, + * patches/security/20100330/6888149.patch, + * patches/security/20100330/6892265.patch, + * patches/security/20100330/6893947.patch, + * patches/security/20100330/6893954.patch, + * patches/security/20100330/6898622.patch, + * patches/security/20100330/6898739.patch, + * patches/security/20100330/6899653.patch, + * patches/security/20100330/6902299.patch, + * patches/security/20100330/6904691.patch, + * patches/security/20100330/6909597.patch, + * patches/security/20100330/6910590.patch, + * patches/security/20100330/6914823.patch, + * patches/security/20100330/6914866.patch, + * patches/security/20100330/6932480.patch, + * patches/security/20100330/hotspot/default/6894807.patch, + * patches/security/20100330/hotspot/original/6894807.patch: + New security and hardening patches + http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html + 2010-03-18 Pavel Tisnovsky * patches/icedtea-jtreg-httpTest.patch: new regression test diff -r 924928f21072 -r d48a4f542e7d Makefile.am --- a/Makefile.am Thu Mar 18 18:41:04 2010 +0000 +++ b/Makefile.am Tue Mar 30 23:04:54 2010 +0100 @@ -720,7 +720,7 @@ endif if ENABLE_SYSTEMTAP -ICEDTEA_PATCHES += patches/icedtea-systemtap.patch +ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/systemtap.patch endif ICEDTEA_PATCHES += \ @@ -750,6 +750,27 @@ patches/openjdk/oj100103-debugger-socket-overflow.patch \ patches/hotspot/$(HSBUILD)/icedtea-gcc-stack-markings.patch \ patches/icedtea-jtreg-httpTest.patch \ + patches/security/20100330/6626217.patch \ + patches/security/20100330/6633872.patch \ + patches/security/20100330/6639665.patch \ + patches/security/20100330/6736390.patch \ + patches/security/20100330/6745393.patch \ + patches/security/20100330/6887703.patch \ + patches/security/20100330/6888149.patch \ + patches/security/20100330/6892265.patch \ + patches/security/20100330/6893947.patch \ + patches/security/20100330/6893954.patch \ + patches/security/20100330/hotspot/$(HSBUILD)/6894807.patch \ + patches/security/20100330/6898622.patch \ + patches/security/20100330/6898739.patch \ + patches/security/20100330/6899653.patch \ + patches/security/20100330/6902299.patch \ + patches/security/20100330/6904691.patch \ + patches/security/20100330/6909597.patch \ + patches/security/20100330/6910590.patch \ + patches/security/20100330/6914823.patch \ + patches/security/20100330/6914866.patch \ + patches/security/20100330/6932480.patch \ $(DISTRIBUTION_PATCHES) stamps/extract.stamp: stamps/download.stamp @@ -1477,9 +1498,9 @@ stamps/copy-source-files.stamp: stamps/overlay.stamp for copy_dir in $(ICEDTEA_COPY_DIRS) ; \ do \ - mkdir -p rt/$$copy_dir ; \ + mkdir -p openjdk-copy/$$copy_dir ; \ cp -pPRf openjdk/jdk/src/share/classes/$$copy_dir/*.java \ - rt/$$copy_dir ; \ + openjdk-copy/$$copy_dir ; \ done mkdir -p stamps touch stamps/copy-source-files.stamp @@ -1592,7 +1613,7 @@ # rt-closed.jar class files. rt-source-files.txt: stamps/replace-hotspot.stamp stamps/copy-source-files.stamp - find $(abs_top_srcdir)/rt $(LIVECONNECT_SRCS) -name '*.java' \ + find $(abs_top_srcdir)/rt $(LIVECONNECT_SRCS) openjdk-copy -name '*.java' \ | sort -u > $@ stamps/rt-class-files.stamp: rt-source-files.txt diff -r 924928f21072 -r d48a4f542e7d NEWS --- a/NEWS Thu Mar 18 18:41:04 2010 +0000 +++ b/NEWS Tue Mar 30 23:04:54 2010 +0100 @@ -1,10 +1,32 @@ -New in release 1.6.3 (2010-03-XX) +New in release 1.6.3 (2010-03-30) - Enable debuginfo for saproc and jsig - Add missing mkbc.c - Backport of 6822370: ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock - Increase ThreadStackSize by 512kb on 32-bit Zero platforms - Make the original HotSpot build work for normal builds and disable Zero/Shark builds with it +- Latest security updates and hardening patches: + - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299) + - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807) + - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653) + - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217) + - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) + - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390) + - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703) + - (CVE-2010-0088): Inflater/Deflater clone issues (6745393) + - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) + - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) + - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) + - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265) + - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691) + - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823) + - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866) + - (CVE-2009-3555): TLS: MITM attacks via session renegotiation + - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups + - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs + - 6910590: Application can modify command array in ProcessBuilder + - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability + - 6932480: Crash in CompilerThread/Parser. Unloaded array klass? New in release 1.6.2 (2009-11-09) - Latest security updates: diff -r 924928f21072 -r d48a4f542e7d patches/hotspot/default/systemtap.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/hotspot/default/systemtap.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,182 @@ +diff -r 945bf7540697 make/linux/makefiles/dtrace.make +--- openjdk/hotspot/make/linux/makefiles/dtrace.make Thu Jan 22 14:42:01 2009 -0800 ++++ openjdk/hotspot/make/linux/makefiles/dtrace.make Mon Feb 02 13:47:34 2009 +0100 +@@ -25,3 +25,7 @@ + # Linux does not build jvm_db + LIBJVM_DB = + ++# But it does have a Systemtap dtrace compatible sys/sdt.h ++CFLAGS += -DDTRACE_ENABLED ++ ++# It doesn't support HAVE_DTRACE_H though. +--- openjdk/hotspot/src/share/vm/prims/jni.cpp 2009-10-13 15:34:52.499809508 +0200 ++++ openjdk/hotspot/src/share/vm/prims/jni.cpp 2009-10-13 15:31:26.117823588 +0200 +@@ -1747,10 +1744,7 @@ + JNI_QUICK_ENTRY(void, jni_Set##Result##Field(JNIEnv *env, jobject obj, jfieldID fieldID, Argument value)) \ + JNIWrapper("Set" XSTR(Result) "Field"); \ + \ +- HS_DTRACE_PROBE_CDECL_N(hotspot_jni, Set##Result##Field__entry, \ +- ( JNIEnv*, jobject, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \ +- HS_DTRACE_PROBE_N(hotspot_jni, Set##Result##Field__entry, \ +- ( env, obj, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \ ++ FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID, value),DTRACE_PROBE3(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID)); \ + \ + oop o = JNIHandles::resolve_non_null(obj); \ + klassOop k = o->klass(); \ +@@ -1924,10 +1918,7 @@ + \ + JNI_ENTRY(void, jni_SetStatic##Result##Field(JNIEnv *env, jclass clazz, jfieldID fieldID, Argument value)) \ + JNIWrapper("SetStatic" XSTR(Result) "Field"); \ +- HS_DTRACE_PROBE_CDECL_N(hotspot_jni, SetStatic##Result##Field__entry,\ +- ( JNIEnv*, jclass, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \ +- HS_DTRACE_PROBE_N(hotspot_jni, SetStatic##Result##Field__entry, \ +- ( env, clazz, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \ ++ FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID, value),DTRACE_PROBE3(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID)); \ + \ + JNIid* id = jfieldIDWorkaround::from_static_jfieldID(fieldID); \ + assert(id->is_static_field_id(), "invalid static field id"); \ +@@ -2116,7 +2101,7 @@ + DT_RETURN_MARK(GetObjectArrayElement, jobject, (const jobject&)ret); + objArrayOop a = objArrayOop(JNIHandles::resolve_non_null(array)); + if (a->is_within_bounds(index)) { +- jobject ret = JNIHandles::make_local(env, a->obj_at(index)); ++ ret = JNIHandles::make_local(env, a->obj_at(index)); + return ret; + } else { + char buf[jintAsStringSize]; +@@ -2150,14 +2150,14 @@ + + #define DEFINE_NEWSCALARARRAY(Return,Allocator,Result) \ + \ +- DT_RETURN_MARK_DECL_FOR(Result, New##Result##Array, Return);\ ++ DT_RETURN_MARK_DECL(New##Result##Array, Return);\ + \ + JNI_ENTRY(Return, \ + jni_New##Result##Array(JNIEnv *env, jsize len)) \ + JNIWrapper("New" XSTR(Result) "Array"); \ + DTRACE_PROBE2(hotspot_jni, New##Result##Array__entry, env, len);\ + Return ret = NULL;\ +- DT_RETURN_MARK_FOR(Result, New##Result##Array, Return, (const Return&)ret);\ ++ DT_RETURN_MARK(New##Result##Array, Return, (const Return&)ret);\ + \ + oop obj= oopFactory::Allocator(len, CHECK_0); \ + ret = (Return) JNIHandles::make_local(env, obj); \ + +diff -r 945bf7540697 src/share/vm/utilities/dtrace.hpp +--- openjdk/hotspot/src/share/vm/utilities/dtrace.hpp Thu Jan 22 14:42:01 2009 -0800 ++++ openjdk/hotspot/src/share/vm/utilities/dtrace.hpp Mon Feb 02 13:47:34 2009 +0100 +@@ -1,5 +1,6 @@ + /* + * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2009 Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -22,14 +23,14 @@ + * + */ + +-#if defined(SOLARIS) && defined(DTRACE_ENABLED) ++#if defined(DTRACE_ENABLED) + + #include + + #define DTRACE_ONLY(x) x + #define NOT_DTRACE(x) + +-#else // ndef SOLARIS || ndef DTRACE_ENABLED ++#else // ndef DTRACE_ENABLED + + #define DTRACE_ONLY(x) + #define NOT_DTRACE(x) x +@@ -40,9 +41,16 @@ + #define DTRACE_PROBE3(a,b,c,d,e) {;} + #define DTRACE_PROBE4(a,b,c,d,e,f) {;} + #define DTRACE_PROBE5(a,b,c,d,e,f,g) {;} ++#define DTRACE_PROBE6(a,b,c,d,e,f,g,h) {;} ++#define DTRACE_PROBE7(a,b,c,d,e,f,g,h,i) {;} ++#define DTRACE_PROBE8(a,b,c,d,e,f,g,h,i,j) {;} ++#define DTRACE_PROBE9(a,b,c,d,e,f,g,h,i,j,k) {;} ++#define DTRACE_PROBE10(a,b,c,d,e,f,g,h,i,j,k,l) {;} + + #endif + ++#if defined(SOLARIS) ++// Solaris dtrace needs actual extern function decls. + #define HS_DTRACE_PROBE_FN(provider,name)\ + __dtrace_##provider##___##name + +@@ -50,6 +58,11 @@ + DTRACE_ONLY(extern "C" void HS_DTRACE_PROBE_FN(provider,name) args) + #define HS_DTRACE_PROBE_CDECL_N(provider,name,args) \ + DTRACE_ONLY(extern void HS_DTRACE_PROBE_FN(provider,name) args) ++#else ++// Systemtap dtrace compatible probes on GNU/Linux don't. ++#define HS_DTRACE_PROBE_DECL_N(provider,name,args) ++#define HS_DTRACE_PROBE_CDECL_N(provider,name,args) ++#endif + + /* Dtrace probe declarations */ + #define HS_DTRACE_PROBE_DECL(provider,name) \ +@@ -88,6 +101,8 @@ + uintptr_t,uintptr_t,uintptr_t)) + + /* Dtrace probe definitions */ ++#if defined(SOLARIS) ++// Solaris dtrace uses actual function calls. + #define HS_DTRACE_PROBE_N(provider,name, args) \ + DTRACE_ONLY(HS_DTRACE_PROBE_FN(provider,name) args) + +@@ -123,3 +138,29 @@ + HS_DTRACE_PROBE_N(provider,name,((uintptr_t)a0,(uintptr_t)a1,(uintptr_t)a2,\ + (uintptr_t)a3,(uintptr_t)a4,(uintptr_t)a5,(uintptr_t)a6,(uintptr_t)a7,\ + (uintptr_t)a8,(uintptr_t)a9)) ++#else ++// Systemtap dtrace compatible probes on GNU/Linux use direct macros. ++#define HS_DTRACE_PROBE(provider,name) HS_DTRACE_PROBE0(provider,name) ++#define HS_DTRACE_PROBE0(provider,name)\ ++ DTRACE_PROBE(provider,name) ++#define HS_DTRACE_PROBE1(provider,name,a0)\ ++ DTRACE_PROBE1(provider,name,a0) ++#define HS_DTRACE_PROBE2(provider,name,a0,a1)\ ++ DTRACE_PROBE2(provider,name,a0,a1) ++#define HS_DTRACE_PROBE3(provider,name,a0,a1,a2)\ ++ DTRACE_PROBE3(provider,name,a0,a1,a2) ++#define HS_DTRACE_PROBE4(provider,name,a0,a1,a2,a3)\ ++ DTRACE_PROBE4(provider,name,a0,a1,a2,a3) ++#define HS_DTRACE_PROBE5(provider,name,a0,a1,a2,a3,a4)\ ++ DTRACE_PROBE5(provider,name,a0,a1,a2,a3,a4) ++#define HS_DTRACE_PROBE6(provider,name,a0,a1,a2,a3,a4,a5)\ ++ DTRACE_PROBE6(provider,name,a0,a1,a2,a3,a4,a5) ++#define HS_DTRACE_PROBE7(provider,name,a0,a1,a2,a3,a4,a5,a6)\ ++ DTRACE_PROBE7(provider,name,a0,a1,a2,a3,a4,a5,a6) ++#define HS_DTRACE_PROBE8(provider,name,a0,a1,a2,a3,a4,a5,a6,a7)\ ++ DTRACE_PROBE8(provider,name,a0,a1,a2,a3,a4,a5,a6,a7) ++#define HS_DTRACE_PROBE9(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8)\ ++ DTRACE_PROBE9(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8) ++#define HS_DTRACE_PROBE10(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8)\ ++ DTRACE_PROBE10(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8) ++#endif +--- openjdk/hotspot/src/share/vm/runtime/arguments.cpp 2009-03-04 14:39:43.000000000 +0100 ++++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp 2009-03-04 22:11:37.000000000 +0100 +@@ -2272,16 +2272,16 @@ + FLAG_SET_CMDLINE(bool, DisplayVMOutputToStderr, false); + FLAG_SET_CMDLINE(bool, DisplayVMOutputToStdout, true); + } else if (match_option(option, "-XX:+ExtendedDTraceProbes", &tail)) { +-#ifdef SOLARIS ++#ifdef DTRACE_ENABLED + FLAG_SET_CMDLINE(bool, ExtendedDTraceProbes, true); + FLAG_SET_CMDLINE(bool, DTraceMethodProbes, true); + FLAG_SET_CMDLINE(bool, DTraceAllocProbes, true); + FLAG_SET_CMDLINE(bool, DTraceMonitorProbes, true); +-#else // ndef SOLARIS ++#else // ndef DTRACE_ENABLED + jio_fprintf(defaultStream::error_stream(), +- "ExtendedDTraceProbes flag is only applicable on Solaris\n"); ++ "ExtendedDTraceProbes flag is only applicable on dtrace enabled builds\n"); + return JNI_EINVAL; +-#endif // ndef SOLARIS ++#endif // ndef DTRACE_ENABLED + } else + #ifdef ASSERT + if (match_option(option, "-XX:+FullGCALot", &tail)) { diff -r 924928f21072 -r d48a4f542e7d patches/hotspot/original/icedtea-format.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/hotspot/original/icedtea-format.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,48 @@ +diff -Nru openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotspot/src/share/vm/runtime/arguments.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp 2010-03-11 14:46:20.000000000 +0000 ++++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp 2010-03-11 17:20:52.000000000 +0000 +@@ -1268,7 +1268,7 @@ + + // Feed the cache size setting into the JDK + char buffer[1024]; +- sprintf(buffer, "java.lang.Integer.IntegerCache.high=%d", AutoBoxCacheMax); ++ sprintf(buffer, "java.lang.Integer.IntegerCache.high=" INTX_FORMAT, AutoBoxCacheMax); + add_property(buffer); + } + #endif +diff -Nru openjdk.orig/hotspot/src/share/vm/runtime/safepoint.cpp openjdk/hotspot/src/share/vm/runtime/safepoint.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/safepoint.cpp 2009-04-24 08:30:57.000000000 +0100 ++++ openjdk/hotspot/src/share/vm/runtime/safepoint.cpp 2010-03-11 17:20:52.000000000 +0000 +@@ -733,7 +733,7 @@ + if (DieOnSafepointTimeout) { + char msg[1024]; + VM_Operation *op = VMThread::vm_operation(); +- sprintf(msg, "Safepoint sync time longer than %d ms detected when executing %s.", ++ sprintf(msg, "Safepoint sync time longer than " INTX_FORMAT " ms detected when executing %s.", + SafepointTimeoutDelay, + op != NULL ? op->name() : "no vm operation"); + fatal(msg); +diff -Nru openjdk.orig/hotspot/src/share/vm/runtime/synchronizer.cpp openjdk/hotspot/src/share/vm/runtime/synchronizer.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/synchronizer.cpp 2009-04-24 08:30:57.000000000 +0100 ++++ openjdk/hotspot/src/share/vm/runtime/synchronizer.cpp 2010-03-11 17:21:19.000000000 +0000 +@@ -427,7 +427,7 @@ + // asserts is that error message -- often something about negative array + // indices -- is opaque. + +-#define CTASSERT(x) { int tag[1-(2*!(x))]; printf ("Tag @%X\n", tag); } ++#define CTASSERT(x) { int tag[1-(2*!(x))]; printf ("Tag @%p\n", tag); } + + void ObjectMonitor::ctAsserts() { + CTASSERT(offset_of (ObjectMonitor, _header) == 0); +diff -Nru openjdk.orig/hotspot/src/share/vm/utilities/vmError.cpp openjdk/hotspot/src/share/vm/utilities/vmError.cpp +--- openjdk.orig/hotspot/src/share/vm/utilities/vmError.cpp 2010-03-11 14:46:19.000000000 +0000 ++++ openjdk/hotspot/src/share/vm/utilities/vmError.cpp 2010-03-11 17:20:52.000000000 +0000 +@@ -313,7 +313,7 @@ + + strncpy(buf, file, buflen); + if (len + 10 < buflen) { +- sprintf(buf + len, ":" SIZE_FORMAT, _lineno); ++ sprintf(buf + len, ":%d", _lineno); + } + st->print(" (%s)", buf); + } else { diff -r 924928f21072 -r d48a4f542e7d patches/hotspot/original/systemtap.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/hotspot/original/systemtap.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,154 @@ +diff -Nru ../openjdk.orig/hotspot/build/linux/makefiles/dtrace.make ../openjdk/hotspot/build/linux/makefiles/dtrace.make +--- ../openjdk.orig/hotspot/build/linux/makefiles/dtrace.make 2009-04-24 08:30:52.000000000 +0100 ++++ ../openjdk/hotspot/build/linux/makefiles/dtrace.make 2010-03-30 20:43:06.000000000 +0100 +@@ -25,3 +25,7 @@ + # Linux does not build jvm_db + LIBJVM_DB = + ++# But it does have a Systemtap dtrace compatible sys/sdt.h ++CFLAGS += -DDTRACE_ENABLED ++ ++# It doesn't support HAVE_DTRACE_H though. +diff -Nru ../openjdk.orig/hotspot/src/share/vm/prims/jni.cpp ../openjdk/hotspot/src/share/vm/prims/jni.cpp +--- ../openjdk.orig/hotspot/src/share/vm/prims/jni.cpp 2010-03-30 20:41:19.000000000 +0100 ++++ ../openjdk/hotspot/src/share/vm/prims/jni.cpp 2010-03-30 20:43:06.000000000 +0100 +@@ -1744,10 +1744,7 @@ + JNI_QUICK_ENTRY(void, jni_Set##Result##Field(JNIEnv *env, jobject obj, jfieldID fieldID, Argument value)) \ + JNIWrapper("Set" XSTR(Result) "Field"); \ + \ +- HS_DTRACE_PROBE_CDECL_N(hotspot_jni, Set##Result##Field__entry, \ +- ( JNIEnv*, jobject, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \ +- HS_DTRACE_PROBE_N(hotspot_jni, Set##Result##Field__entry, \ +- ( env, obj, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \ ++ FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID, value),DTRACE_PROBE3(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID)); \ + \ + oop o = JNIHandles::resolve_non_null(obj); \ + klassOop k = o->klass(); \ +@@ -1921,10 +1918,7 @@ + \ + JNI_ENTRY(void, jni_SetStatic##Result##Field(JNIEnv *env, jclass clazz, jfieldID fieldID, Argument value)) \ + JNIWrapper("SetStatic" XSTR(Result) "Field"); \ +- HS_DTRACE_PROBE_CDECL_N(hotspot_jni, SetStatic##Result##Field__entry,\ +- ( JNIEnv*, jclass, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \ +- HS_DTRACE_PROBE_N(hotspot_jni, SetStatic##Result##Field__entry, \ +- ( env, clazz, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \ ++ FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID, value),DTRACE_PROBE3(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID)); \ + \ + JNIid* id = jfieldIDWorkaround::from_static_jfieldID(fieldID); \ + assert(id->is_static_field_id(), "invalid static field id"); \ +@@ -2107,7 +2101,7 @@ + DT_RETURN_MARK(GetObjectArrayElement, jobject, (const jobject&)ret); + objArrayOop a = objArrayOop(JNIHandles::resolve_non_null(array)); + if (a->is_within_bounds(index)) { +- jobject ret = JNIHandles::make_local(env, a->obj_at(index)); ++ ret = JNIHandles::make_local(env, a->obj_at(index)); + return ret; + } else { + char buf[jintAsStringSize]; +@@ -2141,14 +2135,14 @@ + + #define DEFINE_NEWSCALARARRAY(Return,Allocator,Result) \ + \ +- DT_RETURN_MARK_DECL_FOR(Result, New##Result##Array, Return);\ ++ DT_RETURN_MARK_DECL(New##Result##Array, Return);\ + \ + JNI_ENTRY(Return, \ + jni_New##Result##Array(JNIEnv *env, jsize len)) \ + JNIWrapper("New" XSTR(Result) "Array"); \ + DTRACE_PROBE2(hotspot_jni, New##Result##Array__entry, env, len);\ + Return ret = NULL;\ +- DT_RETURN_MARK_FOR(Result, New##Result##Array, Return, (const Return&)ret);\ ++ DT_RETURN_MARK(New##Result##Array, Return, (const Return&)ret);\ + \ + oop obj= oopFactory::Allocator(len, CHECK_0); \ + ret = (Return) JNIHandles::make_local(env, obj); \ +diff -Nru ../openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp ../openjdk/hotspot/src/share/vm/runtime/arguments.cpp +--- ../openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp 2010-03-30 20:41:21.000000000 +0100 ++++ ../openjdk/hotspot/src/share/vm/runtime/arguments.cpp 2010-03-30 20:43:54.000000000 +0100 +@@ -2164,16 +2164,16 @@ + FLAG_SET_CMDLINE(bool, DisplayVMOutputToStderr, false); + FLAG_SET_CMDLINE(bool, DisplayVMOutputToStdout, true); + } else if (match_option(option, "-XX:+ExtendedDTraceProbes", &tail)) { +-#ifdef SOLARIS ++#ifdef DTRACE_ENABLED + FLAG_SET_CMDLINE(bool, ExtendedDTraceProbes, true); + FLAG_SET_CMDLINE(bool, DTraceMethodProbes, true); + FLAG_SET_CMDLINE(bool, DTraceAllocProbes, true); + FLAG_SET_CMDLINE(bool, DTraceMonitorProbes, true); +-#else // ndef SOLARIS ++#else // ndef DTRACE_ENABLED + jio_fprintf(defaultStream::error_stream(), +- "ExtendedDTraceProbes flag is only applicable on Solaris\n"); ++ "ExtendedDTraceProbes flag is only applicable on dtrace enabled builds\n"); + return JNI_EINVAL; +-#endif // ndef SOLARIS ++#endif // ndef DTRACE_ENABLED + } else + #ifdef ASSERT + if (match_option(option, "-XX:+FullGCALot", &tail)) { +diff -Nru ../openjdk.orig/hotspot/src/share/vm/utilities/dtrace.hpp ../openjdk/hotspot/src/share/vm/utilities/dtrace.hpp +--- ../openjdk.orig/hotspot/src/share/vm/utilities/dtrace.hpp 2009-04-24 08:30:57.000000000 +0100 ++++ ../openjdk/hotspot/src/share/vm/utilities/dtrace.hpp 2010-03-30 20:43:06.000000000 +0100 +@@ -3,6 +3,7 @@ + #endif + /* + * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2009 Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -25,14 +26,14 @@ + * + */ + +-#if defined(SOLARIS) && defined(DTRACE_ENABLED) ++#if defined(DTRACE_ENABLED) + + #include + + #define DTRACE_ONLY(x) x + #define NOT_DTRACE(x) + +-#else // ndef SOLARIS || ndef DTRACE_ENABLED ++#else // ndef DTRACE_ENABLED + + #define DTRACE_ONLY(x) + #define NOT_DTRACE(x) x +@@ -43,9 +44,16 @@ + #define DTRACE_PROBE3(a,b,c,d,e) {;} + #define DTRACE_PROBE4(a,b,c,d,e,f) {;} + #define DTRACE_PROBE5(a,b,c,d,e,f,g) {;} ++#define DTRACE_PROBE6(a,b,c,d,e,f,g,h) {;} ++#define DTRACE_PROBE7(a,b,c,d,e,f,g,h,i) {;} ++#define DTRACE_PROBE8(a,b,c,d,e,f,g,h,i,j) {;} ++#define DTRACE_PROBE9(a,b,c,d,e,f,g,h,i,j,k) {;} ++#define DTRACE_PROBE10(a,b,c,d,e,f,g,h,i,j,k,l) {;} + + #endif + ++#if defined(SOLARIS) ++// Solaris dtrace needs actual extern function decls. + #define HS_DTRACE_PROBE_FN(provider,name)\ + __dtrace_##provider##___##name + +@@ -53,6 +61,11 @@ + DTRACE_ONLY(extern "C" void HS_DTRACE_PROBE_FN(provider,name) args) + #define HS_DTRACE_PROBE_CDECL_N(provider,name,args) \ + DTRACE_ONLY(extern void HS_DTRACE_PROBE_FN(provider,name) args) ++#else ++// Systemtap dtrace compatible probes on GNU/Linux don't. ++#define HS_DTRACE_PROBE_DECL_N(provider,name,args) ++#define HS_DTRACE_PROBE_CDECL_N(provider,name,args) ++#endif + + /* Dtrace probe declarations */ + #define HS_DTRACE_PROBE_DECL(provider,name) \ +@@ -91,6 +104,8 @@ + uintptr_t,uintptr_t,uintptr_t)) + + /* Dtrace probe definitions */ ++#if defined(SOLARIS) ++// Solaris dtrace uses actual function calls. + #define HS_DTRACE_PROBE_N(provider,name, args) \ + DTRACE_ONLY(HS_DTRACE_PROBE_FN(provider,name) args) + diff -r 924928f21072 -r d48a4f542e7d patches/icedtea-systemtap.patch --- a/patches/icedtea-systemtap.patch Thu Mar 18 18:41:04 2010 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,182 +0,0 @@ -diff -r 945bf7540697 make/linux/makefiles/dtrace.make ---- openjdk/hotspot/make/linux/makefiles/dtrace.make Thu Jan 22 14:42:01 2009 -0800 -+++ openjdk/hotspot/make/linux/makefiles/dtrace.make Mon Feb 02 13:47:34 2009 +0100 -@@ -25,3 +25,7 @@ - # Linux does not build jvm_db - LIBJVM_DB = - -+# But it does have a Systemtap dtrace compatible sys/sdt.h -+CFLAGS += -DDTRACE_ENABLED -+ -+# It doesn't support HAVE_DTRACE_H though. ---- openjdk/hotspot/src/share/vm/prims/jni.cpp 2009-10-13 15:34:52.499809508 +0200 -+++ openjdk/hotspot/src/share/vm/prims/jni.cpp 2009-10-13 15:31:26.117823588 +0200 -@@ -1747,10 +1744,7 @@ - JNI_QUICK_ENTRY(void, jni_Set##Result##Field(JNIEnv *env, jobject obj, jfieldID fieldID, Argument value)) \ - JNIWrapper("Set" XSTR(Result) "Field"); \ - \ -- HS_DTRACE_PROBE_CDECL_N(hotspot_jni, Set##Result##Field__entry, \ -- ( JNIEnv*, jobject, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \ -- HS_DTRACE_PROBE_N(hotspot_jni, Set##Result##Field__entry, \ -- ( env, obj, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \ -+ FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID, value),DTRACE_PROBE3(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID)); \ - \ - oop o = JNIHandles::resolve_non_null(obj); \ - klassOop k = o->klass(); \ -@@ -1924,10 +1918,7 @@ - \ - JNI_ENTRY(void, jni_SetStatic##Result##Field(JNIEnv *env, jclass clazz, jfieldID fieldID, Argument value)) \ - JNIWrapper("SetStatic" XSTR(Result) "Field"); \ -- HS_DTRACE_PROBE_CDECL_N(hotspot_jni, SetStatic##Result##Field__entry,\ -- ( JNIEnv*, jclass, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \ -- HS_DTRACE_PROBE_N(hotspot_jni, SetStatic##Result##Field__entry, \ -- ( env, clazz, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \ -+ FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID, value),DTRACE_PROBE3(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID)); \ - \ - JNIid* id = jfieldIDWorkaround::from_static_jfieldID(fieldID); \ - assert(id->is_static_field_id(), "invalid static field id"); \ -@@ -2116,7 +2101,7 @@ - DT_RETURN_MARK(GetObjectArrayElement, jobject, (const jobject&)ret); - objArrayOop a = objArrayOop(JNIHandles::resolve_non_null(array)); - if (a->is_within_bounds(index)) { -- jobject ret = JNIHandles::make_local(env, a->obj_at(index)); -+ ret = JNIHandles::make_local(env, a->obj_at(index)); - return ret; - } else { - char buf[jintAsStringSize]; -@@ -2150,14 +2150,14 @@ - - #define DEFINE_NEWSCALARARRAY(Return,Allocator,Result) \ - \ -- DT_RETURN_MARK_DECL_FOR(Result, New##Result##Array, Return);\ -+ DT_RETURN_MARK_DECL(New##Result##Array, Return);\ - \ - JNI_ENTRY(Return, \ - jni_New##Result##Array(JNIEnv *env, jsize len)) \ - JNIWrapper("New" XSTR(Result) "Array"); \ - DTRACE_PROBE2(hotspot_jni, New##Result##Array__entry, env, len);\ - Return ret = NULL;\ -- DT_RETURN_MARK_FOR(Result, New##Result##Array, Return, (const Return&)ret);\ -+ DT_RETURN_MARK(New##Result##Array, Return, (const Return&)ret);\ - \ - oop obj= oopFactory::Allocator(len, CHECK_0); \ - ret = (Return) JNIHandles::make_local(env, obj); \ - -diff -r 945bf7540697 src/share/vm/utilities/dtrace.hpp ---- openjdk/hotspot/src/share/vm/utilities/dtrace.hpp Thu Jan 22 14:42:01 2009 -0800 -+++ openjdk/hotspot/src/share/vm/utilities/dtrace.hpp Mon Feb 02 13:47:34 2009 +0100 -@@ -1,5 +1,6 @@ - /* - * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. -+ * Copyright 2009 Red Hat, Inc. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -22,14 +23,14 @@ - * - */ - --#if defined(SOLARIS) && defined(DTRACE_ENABLED) -+#if defined(DTRACE_ENABLED) - - #include - - #define DTRACE_ONLY(x) x - #define NOT_DTRACE(x) - --#else // ndef SOLARIS || ndef DTRACE_ENABLED -+#else // ndef DTRACE_ENABLED - - #define DTRACE_ONLY(x) - #define NOT_DTRACE(x) x -@@ -40,9 +41,16 @@ - #define DTRACE_PROBE3(a,b,c,d,e) {;} - #define DTRACE_PROBE4(a,b,c,d,e,f) {;} - #define DTRACE_PROBE5(a,b,c,d,e,f,g) {;} -+#define DTRACE_PROBE6(a,b,c,d,e,f,g,h) {;} -+#define DTRACE_PROBE7(a,b,c,d,e,f,g,h,i) {;} -+#define DTRACE_PROBE8(a,b,c,d,e,f,g,h,i,j) {;} -+#define DTRACE_PROBE9(a,b,c,d,e,f,g,h,i,j,k) {;} -+#define DTRACE_PROBE10(a,b,c,d,e,f,g,h,i,j,k,l) {;} - - #endif - -+#if defined(SOLARIS) -+// Solaris dtrace needs actual extern function decls. - #define HS_DTRACE_PROBE_FN(provider,name)\ - __dtrace_##provider##___##name - -@@ -50,6 +58,11 @@ - DTRACE_ONLY(extern "C" void HS_DTRACE_PROBE_FN(provider,name) args) - #define HS_DTRACE_PROBE_CDECL_N(provider,name,args) \ - DTRACE_ONLY(extern void HS_DTRACE_PROBE_FN(provider,name) args) -+#else -+// Systemtap dtrace compatible probes on GNU/Linux don't. -+#define HS_DTRACE_PROBE_DECL_N(provider,name,args) -+#define HS_DTRACE_PROBE_CDECL_N(provider,name,args) -+#endif - - /* Dtrace probe declarations */ - #define HS_DTRACE_PROBE_DECL(provider,name) \ -@@ -88,6 +101,8 @@ - uintptr_t,uintptr_t,uintptr_t)) - - /* Dtrace probe definitions */ -+#if defined(SOLARIS) -+// Solaris dtrace uses actual function calls. - #define HS_DTRACE_PROBE_N(provider,name, args) \ - DTRACE_ONLY(HS_DTRACE_PROBE_FN(provider,name) args) - -@@ -123,3 +138,29 @@ - HS_DTRACE_PROBE_N(provider,name,((uintptr_t)a0,(uintptr_t)a1,(uintptr_t)a2,\ - (uintptr_t)a3,(uintptr_t)a4,(uintptr_t)a5,(uintptr_t)a6,(uintptr_t)a7,\ - (uintptr_t)a8,(uintptr_t)a9)) -+#else -+// Systemtap dtrace compatible probes on GNU/Linux use direct macros. -+#define HS_DTRACE_PROBE(provider,name) HS_DTRACE_PROBE0(provider,name) -+#define HS_DTRACE_PROBE0(provider,name)\ -+ DTRACE_PROBE(provider,name) -+#define HS_DTRACE_PROBE1(provider,name,a0)\ -+ DTRACE_PROBE1(provider,name,a0) -+#define HS_DTRACE_PROBE2(provider,name,a0,a1)\ -+ DTRACE_PROBE2(provider,name,a0,a1) -+#define HS_DTRACE_PROBE3(provider,name,a0,a1,a2)\ -+ DTRACE_PROBE3(provider,name,a0,a1,a2) -+#define HS_DTRACE_PROBE4(provider,name,a0,a1,a2,a3)\ -+ DTRACE_PROBE4(provider,name,a0,a1,a2,a3) -+#define HS_DTRACE_PROBE5(provider,name,a0,a1,a2,a3,a4)\ -+ DTRACE_PROBE5(provider,name,a0,a1,a2,a3,a4) -+#define HS_DTRACE_PROBE6(provider,name,a0,a1,a2,a3,a4,a5)\ -+ DTRACE_PROBE6(provider,name,a0,a1,a2,a3,a4,a5) -+#define HS_DTRACE_PROBE7(provider,name,a0,a1,a2,a3,a4,a5,a6)\ -+ DTRACE_PROBE7(provider,name,a0,a1,a2,a3,a4,a5,a6) -+#define HS_DTRACE_PROBE8(provider,name,a0,a1,a2,a3,a4,a5,a6,a7)\ -+ DTRACE_PROBE8(provider,name,a0,a1,a2,a3,a4,a5,a6,a7) -+#define HS_DTRACE_PROBE9(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8)\ -+ DTRACE_PROBE9(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8) -+#define HS_DTRACE_PROBE10(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8)\ -+ DTRACE_PROBE10(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8) -+#endif ---- openjdk/hotspot/src/share/vm/runtime/arguments.cpp 2009-03-04 14:39:43.000000000 +0100 -+++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp 2009-03-04 22:11:37.000000000 +0100 -@@ -2272,16 +2272,16 @@ - FLAG_SET_CMDLINE(bool, DisplayVMOutputToStderr, false); - FLAG_SET_CMDLINE(bool, DisplayVMOutputToStdout, true); - } else if (match_option(option, "-XX:+ExtendedDTraceProbes", &tail)) { --#ifdef SOLARIS -+#ifdef DTRACE_ENABLED - FLAG_SET_CMDLINE(bool, ExtendedDTraceProbes, true); - FLAG_SET_CMDLINE(bool, DTraceMethodProbes, true); - FLAG_SET_CMDLINE(bool, DTraceAllocProbes, true); - FLAG_SET_CMDLINE(bool, DTraceMonitorProbes, true); --#else // ndef SOLARIS -+#else // ndef DTRACE_ENABLED - jio_fprintf(defaultStream::error_stream(), -- "ExtendedDTraceProbes flag is only applicable on Solaris\n"); -+ "ExtendedDTraceProbes flag is only applicable on dtrace enabled builds\n"); - return JNI_EINVAL; --#endif // ndef SOLARIS -+#endif // ndef DTRACE_ENABLED - } else - #ifdef ASSERT - if (match_option(option, "-XX:+FullGCALot", &tail)) { diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6626217.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6626217.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,180 @@ +# HG changeset patch +# User acorn +# Date 1261523209 18000 +# Node ID 209a7a8a8f966dc4d6b45333cf4f3fa6648a6ecb +# Parent 75e095764f403b7425e30711b00cc038554a1ae9 +6626217: Fixed loader constraint array handling +Summary: Loader constraints track array elements, not arrays themselves. +Reviewed-by: dcubed, kevinw + +diff --git openjdk.orig/hotspot/src/share/vm/ci/ciEnv.cpp openjdk/hotspot/src/share/vm/ci/ciEnv.cpp +--- openjdk.orig/hotspot/src/share/vm/ci/ciEnv.cpp ++++ openjdk/hotspot/src/share/vm/ci/ciEnv.cpp +@@ -348,30 +348,6 @@ ciKlass* ciEnv::get_klass_by_name_impl(c + if (found_klass != NULL) { + // Found it. Build a CI handle. + return get_object(found_klass)->as_klass(); +- } +- +- // If we fail to find an array klass, look again for its element type. +- // The element type may be available either locally or via constraints. +- // In either case, if we can find the element type in the system dictionary, +- // we must build an array type around it. The CI requires array klasses +- // to be loaded if their element klasses are loaded, except when memory +- // is exhausted. +- if (sym->byte_at(0) == '[' && +- (sym->byte_at(1) == '[' || sym->byte_at(1) == 'L')) { +- // We have an unloaded array. +- // Build it on the fly if the element class exists. +- symbolOop elem_sym = oopFactory::new_symbol(sym->as_utf8()+1, +- sym->utf8_length()-1, +- KILL_COMPILE_ON_FATAL_(fail_type)); +- // Get element ciKlass recursively. +- ciKlass* elem_klass = +- get_klass_by_name_impl(accessing_klass, +- get_object(elem_sym)->as_symbol(), +- require_local); +- if (elem_klass != NULL && elem_klass->is_loaded()) { +- // Now make an array for it +- return ciObjArrayKlass::make_impl(elem_klass); +- } + } + + if (require_local) return NULL; +diff --git openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.cpp openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp +--- openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.cpp ++++ openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp +@@ -338,32 +338,6 @@ klassOop LoaderConstraintTable::find_con + } + + +-klassOop LoaderConstraintTable::find_constrained_elem_klass(symbolHandle name, +- symbolHandle elem_name, +- Handle loader, +- TRAPS) { +- LoaderConstraintEntry *p = *(find_loader_constraint(name, loader)); +- if (p != NULL) { +- assert(p->klass() == NULL, "Expecting null array klass"); +- +- // The array name has a constraint, but it will not have a class. Check +- // each loader for an associated elem +- for (int i = 0; i < p->num_loaders(); i++) { +- Handle no_protection_domain; +- +- klassOop k = SystemDictionary::find(elem_name, p->loader(i), no_protection_domain, THREAD); +- if (k != NULL) { +- // Return the first elem klass found. +- return k; +- } +- } +- } +- +- // No constraints, or else no klass loaded yet. +- return NULL; +-} +- +- + void LoaderConstraintTable::ensure_loader_constraint_capacity( + LoaderConstraintEntry *p, + int nfree) { +diff --git openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.hpp openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp +--- openjdk.orig/hotspot/src/share/vm/classfile/loaderConstraints.hpp ++++ openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp +@@ -67,9 +67,6 @@ public: + Handle loader2, bool is_method, TRAPS); + + klassOop find_constrained_klass(symbolHandle name, Handle loader); +- klassOop find_constrained_elem_klass(symbolHandle name, symbolHandle elem_name, +- Handle loader, TRAPS); +- + + // Class loader constraints + +diff --git openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp +--- openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp ++++ openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp +@@ -2113,9 +2113,8 @@ klassOop SystemDictionary::find_constrai + // a loader constraint that would require this loader to return the + // klass that is already loaded. + if (FieldType::is_array(class_name())) { +- // Array classes are hard because their klassOops are not kept in the +- // constraint table. The array klass may be constrained, but the elem class +- // may not be. ++ // For array classes, their klassOops are not kept in the ++ // constraint table. The element klassOops are. + jint dimension; + symbolOop object_key; + BasicType t = FieldType::get_array_info(class_name(), &dimension, +@@ -2125,8 +2124,9 @@ klassOop SystemDictionary::find_constrai + } else { + symbolHandle elem_name(THREAD, object_key); + MutexLocker mu(SystemDictionary_lock, THREAD); +- klass = constraints()->find_constrained_elem_klass(class_name, elem_name, class_loader, THREAD); ++ klass = constraints()->find_constrained_klass(elem_name, class_loader); + } ++ // If element class already loaded, allocate array klass + if (klass != NULL) { + klass = Klass::cast(klass)->array_klass_or_null(dimension); + } +@@ -2142,24 +2142,40 @@ klassOop SystemDictionary::find_constrai + + bool SystemDictionary::add_loader_constraint(symbolHandle class_name, + Handle class_loader1, +- Handle class_loader2, +- Thread* THREAD) { +- unsigned int d_hash1 = dictionary()->compute_hash(class_name, class_loader1); ++ Handle class_loader2, ++ Thread* THREAD) { ++ symbolHandle constraint_name; ++ if (!FieldType::is_array(class_name())) { ++ constraint_name = class_name; ++ } else { ++ // For array classes, their klassOops are not kept in the ++ // constraint table. The element classes are. ++ jint dimension; ++ symbolOop object_key; ++ BasicType t = FieldType::get_array_info(class_name(), &dimension, ++ &object_key, CHECK_(false)); ++ // primitive types always pass ++ if (t != T_OBJECT) { ++ return true; ++ } else { ++ constraint_name = symbolHandle(THREAD, object_key); ++ } ++ } ++ unsigned int d_hash1 = dictionary()->compute_hash(constraint_name, class_loader1); + int d_index1 = dictionary()->hash_to_index(d_hash1); + +- unsigned int d_hash2 = dictionary()->compute_hash(class_name, class_loader2); ++ unsigned int d_hash2 = dictionary()->compute_hash(constraint_name, class_loader2); + int d_index2 = dictionary()->hash_to_index(d_hash2); ++ { ++ MutexLocker mu_s(SystemDictionary_lock, THREAD); + +- { +- MutexLocker mu_s(SystemDictionary_lock, THREAD); ++ // Better never do a GC while we're holding these oops ++ No_Safepoint_Verifier nosafepoint; + +- // Better never do a GC while we're holding these oops +- No_Safepoint_Verifier nosafepoint; +- +- klassOop klass1 = find_class(d_index1, d_hash1, class_name, class_loader1); +- klassOop klass2 = find_class(d_index2, d_hash2, class_name, class_loader2); +- return constraints()->add_entry(class_name, klass1, class_loader1, +- klass2, class_loader2); ++ klassOop klass1 = find_class(d_index1, d_hash1, constraint_name, class_loader1); ++ klassOop klass2 = find_class(d_index2, d_hash2, constraint_name, class_loader2); ++ return constraints()->add_entry(constraint_name, klass1, class_loader1, ++ klass2, class_loader2); + } + } + +@@ -2191,6 +2207,7 @@ symbolOop SystemDictionary::find_resolut + // Returns the name of the type that failed a loader constraint check, or + // NULL if no constraint failed. The returned C string needs cleaning up + // with a ResourceMark in the caller ++// Arrays are not added to the loader constraint table, their elements are. + char* SystemDictionary::check_signature_loaders(symbolHandle signature, + Handle loader1, Handle loader2, + bool is_method, TRAPS) { diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6633872.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6633872.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,443 @@ +--- openjdk.orig/jdk/src/share/classes/java/security/ProtectionDomain.java Mon Mar 15 10:28:30 2010 ++++ openjdk/jdk/src/share/classes/java/security/ProtectionDomain.java Mon Mar 15 10:28:30 2010 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -25,9 +25,15 @@ + + package java.security; + ++import java.util.ArrayList; ++import java.util.Collections; + import java.util.Enumeration; + import java.util.List; +-import java.util.ArrayList; ++import java.util.Map; ++import java.util.WeakHashMap; ++import sun.misc.JavaSecurityProtectionDomainAccess; ++import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache; ++import sun.misc.SharedSecrets; + import sun.security.util.Debug; + import sun.security.util.SecurityConstants; + +@@ -72,6 +78,11 @@ + or dynamic (via a policy refresh) */ + private boolean staticPermissions; + ++ /* ++ * An object used as a key when the ProtectionDomain is stored in a Map. ++ */ ++ final Key key = new Key(); ++ + private static final Debug debug = Debug.getInstance("domain"); + + /** +@@ -238,7 +249,7 @@ + /** + * Convert a ProtectionDomain to a String. + */ +- public String toString() { ++ @Override public String toString() { + String pals = ""; + if (principals != null && principals.length > 0) { + StringBuilder palBuf = new StringBuilder("(principals "); +@@ -396,4 +407,29 @@ + + return mergedPerms; + } ++ ++ /** ++ * Used for storing ProtectionDomains as keys in a Map. ++ */ ++ final class Key {} ++ ++ static { ++ SharedSecrets.setJavaSecurityProtectionDomainAccess( ++ new JavaSecurityProtectionDomainAccess() { ++ public ProtectionDomainCache getProtectionDomainCache() { ++ return new ProtectionDomainCache() { ++ private final Map map = ++ Collections.synchronizedMap ++ (new WeakHashMap()); ++ public void put(ProtectionDomain pd, ++ PermissionCollection pc) { ++ map.put((pd == null ? null : pd.key), pc); ++ } ++ public PermissionCollection get(ProtectionDomain pd) { ++ return pd == null ? map.get(null) : map.get(pd.key); ++ } ++ }; ++ } ++ }); ++ } + } +--- openjdk.orig/jdk/src/share/classes/java/security/Policy.java Mon Mar 15 10:28:30 2010 ++++ openjdk/jdk/src/share/classes/java/security/Policy.java Mon Mar 15 10:28:30 2010 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -28,22 +28,19 @@ + + import java.io.*; + import java.lang.RuntimePermission; ++import java.lang.reflect.*; + import java.net.MalformedURLException; + import java.net.URL; + import java.util.Enumeration; + import java.util.Hashtable; +-import java.util.Vector; +-import java.util.StringTokenizer; + import java.util.PropertyPermission; +- +-import java.lang.reflect.*; +- ++import java.util.StringTokenizer; ++import java.util.Vector; + import java.util.WeakHashMap; +-import sun.security.util.Debug; + import sun.security.jca.GetInstance; ++import sun.security.util.Debug; + import sun.security.util.SecurityConstants; + +- + /** + * A Policy object is responsible for determining whether code executing + * in the Java runtime environment has permission to perform a +@@ -113,8 +110,8 @@ + + private static final Debug debug = Debug.getInstance("policy"); + +- // Cache mapping ProtectionDomain to PermissionCollection +- private WeakHashMap pdMapping; ++ // Cache mapping ProtectionDomain.Key to PermissionCollection ++ private WeakHashMap pdMapping; + + /** package private for AccessControlContext */ + static boolean isSet() +@@ -307,7 +304,7 @@ + synchronized (p) { + if (p.pdMapping == null) { + p.pdMapping = +- new WeakHashMap(); ++ new WeakHashMap(); + } + } + +@@ -323,7 +320,7 @@ + + synchronized (p.pdMapping) { + // cache of pd to permissions +- p.pdMapping.put(policyDomain, policyPerms); ++ p.pdMapping.put(policyDomain.key, policyPerms); + } + } + return; +@@ -638,7 +635,7 @@ + } + + synchronized (pdMapping) { +- pc = pdMapping.get(domain); ++ pc = pdMapping.get(domain.key); + } + + if (pc != null) { +@@ -697,7 +694,7 @@ + } + + synchronized (pdMapping) { +- pc = pdMapping.get(domain); ++ pc = pdMapping.get(domain.key); + } + + if (pc != null) { +@@ -711,7 +708,7 @@ + + synchronized (pdMapping) { + // cache it +- pdMapping.put(domain, pc); ++ pdMapping.put(domain.key, pc); + } + + return pc.implies(permission); +@@ -747,21 +744,25 @@ + this.params = params; + } + +- public String getType() { return type; } ++ @Override public String getType() { return type; } + +- public Policy.Parameters getParameters() { return params; } ++ @Override public Policy.Parameters getParameters() { return params; } + +- public Provider getProvider() { return p; } ++ @Override public Provider getProvider() { return p; } + ++ @Override + public PermissionCollection getPermissions(CodeSource codesource) { + return spi.engineGetPermissions(codesource); + } ++ @Override + public PermissionCollection getPermissions(ProtectionDomain domain) { + return spi.engineGetPermissions(domain); + } ++ @Override + public boolean implies(ProtectionDomain domain, Permission perm) { + return spi.engineImplies(domain, perm); + } ++ @Override + public void refresh() { + spi.engineRefresh(); + } +@@ -803,7 +804,7 @@ + * @exception SecurityException - if this PermissionCollection object + * has been marked readonly + */ +- public void add(Permission permission) { ++ @Override public void add(Permission permission) { + perms.add(permission); + } + +@@ -816,7 +817,7 @@ + * @return true if "permission" is implied by the permissions in + * the collection, false if not. + */ +- public boolean implies(Permission permission) { ++ @Override public boolean implies(Permission permission) { + return perms.implies(permission); + } + +@@ -826,7 +827,7 @@ + * + * @return an enumeration of all the Permissions. + */ +- public Enumeration elements() { ++ @Override public Enumeration elements() { + return perms.elements(); + } + } +--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java Mon Mar 15 10:28:31 2010 ++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java Mon Mar 15 10:28:30 2010 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2002-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -47,6 +47,7 @@ + private static JavaIODeleteOnExitAccess javaIODeleteOnExitAccess; + private static JavaNetAccess javaNetAccess; + private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; ++ private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess; + + public static JavaUtilJarAccess javaUtilJarAccess() { + if (javaUtilJarAccess == null) { +@@ -110,4 +111,16 @@ + return javaIOFileDescriptorAccess; + } + ++ public static void setJavaSecurityProtectionDomainAccess ++ (JavaSecurityProtectionDomainAccess jspda) { ++ javaSecurityProtectionDomainAccess = jspda; ++ } ++ ++ public static JavaSecurityProtectionDomainAccess ++ getJavaSecurityProtectionDomainAccess() { ++ if (javaSecurityProtectionDomainAccess == null) ++ unsafe.ensureClassInitialized(java.security.ProtectionDomain.class); ++ ++ return javaSecurityProtectionDomainAccess; ++ } + } +--- /dev/null Mon Mar 15 10:28:31 2010 ++++ openjdk/jdk/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java Mon Mar 15 10:28:31 2010 +@@ -0,0 +1,40 @@ ++/* ++ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Sun designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Sun in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, ++ * CA 95054 USA or visit www.sun.com if you need additional information or ++ * have any questions. ++ */ ++ ++package sun.misc; ++ ++import java.security.PermissionCollection; ++import java.security.ProtectionDomain; ++ ++public interface JavaSecurityProtectionDomainAccess { ++ interface ProtectionDomainCache { ++ void put(ProtectionDomain pd, PermissionCollection pc); ++ PermissionCollection get(ProtectionDomain pd); ++ } ++ /** ++ * Returns the ProtectionDomainCache. ++ */ ++ ProtectionDomainCache getProtectionDomainCache(); ++} +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/PolicyFile.java Mon Mar 15 10:28:31 2010 ++++ openjdk/jdk/src/share/classes/sun/security/provider/PolicyFile.java Mon Mar 15 10:28:31 2010 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -66,6 +66,9 @@ + import javax.sound.sampled.AudioPermission; + import javax.net.ssl.SSLPermission; + */ ++import sun.misc.JavaSecurityProtectionDomainAccess; ++import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache; ++import sun.misc.SharedSecrets; + import sun.security.util.Password; + import sun.security.util.PolicyUtil; + import sun.security.util.PropertyExpander; +@@ -1108,7 +1111,7 @@ + /** + * Refreshes the policy object by re-reading all the policy files. + */ +- public void refresh() { ++ @Override public void refresh() { + init(url); + } + +@@ -1125,9 +1128,10 @@ + * + * @see java.security.ProtectionDomain + */ ++ @Override + public boolean implies(ProtectionDomain pd, Permission p) { + PolicyInfo pi = policyInfo.get(); +- Map pdMap = pi.getPdMapping(); ++ ProtectionDomainCache pdMap = pi.getPdMapping(); + + PermissionCollection pc = pdMap.get(pd); + +@@ -1173,6 +1177,7 @@ + * @return the Permissions granted to the provided + * ProtectionDomain. + */ ++ @Override + public PermissionCollection getPermissions(ProtectionDomain domain) { + Permissions perms = new Permissions(); + +@@ -1208,6 +1213,7 @@ + * + * @return the set of permissions according to the policy. + */ ++ @Override + public PermissionCollection getPermissions(CodeSource codesource) { + return getPermissions(new Permissions(), codesource); + } +@@ -2200,7 +2206,7 @@ + return codesource; + } + +- public String toString(){ ++ @Override public String toString(){ + StringBuilder sb = new StringBuilder(); + sb.append(ResourcesMgr.getString("(")); + sb.append(getCodeSource()); +@@ -2336,7 +2342,7 @@ + * + * @return false. + */ +- public boolean implies(Permission p) { ++ @Override public boolean implies(Permission p) { + return false; + } + +@@ -2353,7 +2359,7 @@ + * type (class) name, permission name, actions, and + * certificates as this object. + */ +- public boolean equals(Object obj) { ++ @Override public boolean equals(Object obj) { + if (obj == this) + return true; + +@@ -2401,7 +2407,7 @@ + * + * @return a hash code value for this object. + */ +- public int hashCode() { ++ @Override public int hashCode() { + int hash = type.hashCode(); + if (name != null) + hash ^= name.hashCode(); +@@ -2420,7 +2426,7 @@ + * + * @return the empty string "". + */ +- public String getActions() { ++ @Override public String getActions() { + return ""; + } + +@@ -2447,7 +2453,7 @@ + * + * @return information about this SelfPermission. + */ +- public String toString() { ++ @Override public String toString() { + return "(SelfPermission " + type + " " + name + " " + actions + ")"; + } + } +@@ -2469,7 +2475,7 @@ + final Map aliasMapping; + + // Maps ProtectionDomain to PermissionCollection +- private final Map[] pdMapping; ++ private final ProtectionDomainCache[] pdMapping; + private java.util.Random random; + + PolicyInfo(int numCaches) { +@@ -2478,16 +2484,17 @@ + Collections.synchronizedList(new ArrayList(2)); + aliasMapping = Collections.synchronizedMap(new HashMap(11)); + +- pdMapping = new Map[numCaches]; ++ pdMapping = new ProtectionDomainCache[numCaches]; ++ JavaSecurityProtectionDomainAccess jspda ++ = SharedSecrets.getJavaSecurityProtectionDomainAccess(); + for (int i = 0; i < numCaches; i++) { +- pdMapping[i] = Collections.synchronizedMap +- (new WeakHashMap()); ++ pdMapping[i] = jspda.getProtectionDomainCache(); + } + if (numCaches > 1) { + random = new java.util.Random(); + } + } +- Map getPdMapping() { ++ ProtectionDomainCache getPdMapping() { + if (pdMapping.length == 1) { + return pdMapping[0]; + } else { diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6639665.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6639665.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,51 @@ +--- openjdk.orig/jdk/src/share/classes/java/lang/ThreadGroup.java Tue Nov 17 07:38:44 2009 ++++ openjdk/jdk/src/share/classes/java/lang/ThreadGroup.java Tue Nov 17 07:38:44 2009 +@@ -38,7 +38,7 @@ + */ + public + class ThreadGroup implements Thread.UncaughtExceptionHandler { +- ThreadGroup parent; ++ private final ThreadGroup parent; + String name; + int maxPriority; + boolean destroyed; +@@ -59,6 +59,7 @@ + private ThreadGroup() { // called from C code + this.name = "system"; + this.maxPriority = Thread.MAX_PRIORITY; ++ this.parent = null; + } + + /** +@@ -96,10 +97,10 @@ + * @since JDK1.0 + */ + public ThreadGroup(ThreadGroup parent, String name) { +- if (parent == null) { +- throw new NullPointerException(); +- } +- parent.checkAccess(); ++ this(checkParentAccess(parent), parent, name); ++ } ++ ++ private ThreadGroup(Void unused, ThreadGroup parent, String name) { + this.name = name; + this.maxPriority = parent.maxPriority; + this.daemon = parent.daemon; +@@ -108,6 +109,16 @@ + parent.add(this); + } + ++ /* ++ * @throws NullPointerException if the parent argument is {@code null} ++ * @throws SecurityException if the current thread cannot create a ++ * thread in the specified thread group. ++ */ ++ private static Void checkParentAccess(ThreadGroup parent) { ++ parent.checkAccess(); ++ return null; ++ } ++ + /** + * Returns the name of this thread group. + * diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6736390.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6736390.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,18 @@ +--- openjdk.orig/jdk/src/share/classes/java/io/File.java Mon Mar 15 18:39:19 2010 ++++ openjdk/jdk/src/share/classes/java/io/File.java Mon Mar 15 18:39:18 2010 +@@ -1936,11 +1936,12 @@ + private synchronized void readObject(java.io.ObjectInputStream s) + throws IOException, ClassNotFoundException + { +- s.defaultReadObject(); ++ ObjectInputStream.GetField fields = s.readFields(); ++ String pathField = (String)fields.get("path", null); + char sep = s.readChar(); // read the previous separator char + if (sep != separatorChar) +- this.path = this.path.replace(sep, separatorChar); +- this.path = fs.normalize(this.path); ++ pathField = pathField.replace(sep, separatorChar); ++ this.path = fs.normalize(pathField); + this.prefixLength = fs.prefixLength(this.path); + } + diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6745393.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6745393.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,1233 @@ +--- openjdk.orig/jdk/src/share/classes/java/util/zip/Deflater.java Tue Nov 24 12:11:14 2009 ++++ openjdk/jdk/src/share/classes/java/util/zip/Deflater.java Tue Nov 24 12:11:13 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -71,7 +71,8 @@ + */ + public + class Deflater { +- private long strm; ++ ++ private final ZStreamRef zsRef; + private byte[] buf = new byte[0]; + private int off, len; + private int level, strategy; +@@ -137,7 +138,7 @@ + public Deflater(int level, boolean nowrap) { + this.level = level; + this.strategy = DEFAULT_STRATEGY; +- strm = init(level, DEFAULT_STRATEGY, nowrap); ++ this.zsRef = new ZStreamRef(init(level, DEFAULT_STRATEGY, nowrap)); + } + + /** +@@ -165,7 +166,7 @@ + * @param len the length of the data + * @see Deflater#needsInput + */ +- public synchronized void setInput(byte[] b, int off, int len) { ++ public void setInput(byte[] b, int off, int len) { + if (b== null) { + throw new NullPointerException(); + } +@@ -172,9 +173,11 @@ + if (off < 0 || len < 0 || off > b.length - len) { + throw new ArrayIndexOutOfBoundsException(); + } +- this.buf = b; +- this.off = off; +- this.len = len; ++ synchronized (zsRef) { ++ this.buf = b; ++ this.off = off; ++ this.len = len; ++ } + } + + /** +@@ -199,14 +202,17 @@ + * @see Inflater#inflate + * @see Inflater#getAdler + */ +- public synchronized void setDictionary(byte[] b, int off, int len) { +- if (strm == 0 || b == null) { ++ public void setDictionary(byte[] b, int off, int len) { ++ if (b == null) { + throw new NullPointerException(); + } + if (off < 0 || len < 0 || off > b.length - len) { + throw new ArrayIndexOutOfBoundsException(); + } +- setDictionary(strm, b, off, len); ++ synchronized (zsRef) { ++ ensureOpen(); ++ setDictionary(zsRef.address(), b, off, len); ++ } + } + + /** +@@ -229,7 +235,7 @@ + * @exception IllegalArgumentException if the compression strategy is + * invalid + */ +- public synchronized void setStrategy(int strategy) { ++ public void setStrategy(int strategy) { + switch (strategy) { + case DEFAULT_STRATEGY: + case FILTERED: +@@ -238,9 +244,11 @@ + default: + throw new IllegalArgumentException(); + } +- if (this.strategy != strategy) { +- this.strategy = strategy; +- setParams = true; ++ synchronized (zsRef) { ++ if (this.strategy != strategy) { ++ this.strategy = strategy; ++ setParams = true; ++ } + } + } + +@@ -249,13 +257,15 @@ + * @param level the new compression level (0-9) + * @exception IllegalArgumentException if the compression level is invalid + */ +- public synchronized void setLevel(int level) { ++ public void setLevel(int level) { + if ((level < 0 || level > 9) && level != DEFAULT_COMPRESSION) { + throw new IllegalArgumentException("invalid compression level"); + } +- if (this.level != level) { +- this.level = level; +- setParams = true; ++ synchronized (zsRef) { ++ if (this.level != level) { ++ this.level = level; ++ setParams = true; ++ } + } + } + +@@ -273,8 +283,10 @@ + * When called, indicates that compression should end with the current + * contents of the input buffer. + */ +- public synchronized void finish() { +- finish = true; ++ public void finish() { ++ synchronized (zsRef) { ++ finish = true; ++ } + } + + /** +@@ -283,8 +295,10 @@ + * @return true if the end of the compressed data output stream has + * been reached + */ +- public synchronized boolean finished() { +- return finished; ++ public boolean finished() { ++ synchronized (zsRef) { ++ return finished; ++ } + } + + /** +@@ -297,7 +311,7 @@ + * @param len the maximum number of bytes of compressed data + * @return the actual number of bytes of compressed data + */ +- public synchronized int deflate(byte[] b, int off, int len) { ++ public int deflate(byte[] b, int off, int len) { + if (b == null) { + throw new NullPointerException(); + } +@@ -304,7 +318,9 @@ + if (off < 0 || len < 0 || off > b.length - len) { + throw new ArrayIndexOutOfBoundsException(); + } +- return deflateBytes(b, off, len); ++ synchronized (zsRef) { ++ return deflateBytes(zsRef.address(), b, off, len); ++ } + } + + /** +@@ -323,9 +339,11 @@ + * Returns the ADLER-32 value of the uncompressed data. + * @return the ADLER-32 value of the uncompressed data + */ +- public synchronized int getAdler() { +- ensureOpen(); +- return getAdler(strm); ++ public int getAdler() { ++ synchronized (zsRef) { ++ ensureOpen(); ++ return getAdler(zsRef.address()); ++ } + } + + /** +@@ -347,9 +365,11 @@ + * @return the total (non-negative) number of uncompressed bytes input so far + * @since 1.5 + */ +- public synchronized long getBytesRead() { +- ensureOpen(); +- return getBytesRead(strm); ++ public long getBytesRead() { ++ synchronized (zsRef) { ++ ensureOpen(); ++ return getBytesRead(zsRef.address()); ++ } + } + + /** +@@ -371,9 +391,11 @@ + * @return the total (non-negative) number of compressed bytes output so far + * @since 1.5 + */ +- public synchronized long getBytesWritten() { +- ensureOpen(); +- return getBytesWritten(strm); ++ public long getBytesWritten() { ++ synchronized (zsRef) { ++ ensureOpen(); ++ return getBytesWritten(zsRef.address()); ++ } + } + + /** +@@ -380,12 +402,14 @@ + * Resets deflater so that a new set of input data can be processed. + * Keeps current compression level and strategy settings. + */ +- public synchronized void reset() { +- ensureOpen(); +- reset(strm); +- finish = false; +- finished = false; +- off = len = 0; ++ public void reset() { ++ synchronized (zsRef) { ++ ensureOpen(); ++ reset(zsRef.address()); ++ finish = false; ++ finished = false; ++ off = len = 0; ++ } + } + + /** +@@ -395,11 +419,14 @@ + * finalize() method. Once this method is called, the behavior + * of the Deflater object is undefined. + */ +- public synchronized void end() { +- if (strm != 0) { +- end(strm); +- strm = 0; +- buf = null; ++ public void end() { ++ synchronized (zsRef) { ++ long addr = zsRef.address(); ++ zsRef.clear(); ++ if (addr != 0) { ++ end(addr); ++ buf = null; ++ } + } + } + +@@ -411,18 +438,19 @@ + } + + private void ensureOpen() { +- if (strm == 0) +- throw new NullPointerException(); ++ assert Thread.holdsLock(zsRef); ++ if (zsRef.address() == 0) ++ throw new NullPointerException("Deflater has been closed"); + } + + private static native void initIDs(); + private native static long init(int level, int strategy, boolean nowrap); +- private native static void setDictionary(long strm, byte[] b, int off, ++ private native static void setDictionary(long addr, byte[] b, int off, + int len); +- private native int deflateBytes(byte[] b, int off, int len); +- private native static int getAdler(long strm); +- private native static long getBytesRead(long strm); +- private native static long getBytesWritten(long strm); +- private native static void reset(long strm); +- private native static void end(long strm); ++ private native int deflateBytes(long addr, byte[] b, int off, int len); ++ private native static int getAdler(long addr); ++ private native static long getBytesRead(long addr); ++ private native static long getBytesWritten(long addr); ++ private native static void reset(long addr); ++ private native static void end(long addr); + } +--- openjdk.orig/jdk/src/share/classes/java/util/zip/Inflater.java Tue Nov 24 12:11:26 2009 ++++ openjdk/jdk/src/share/classes/java/util/zip/Inflater.java Tue Nov 24 12:11:25 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -72,12 +72,14 @@ + */ + public + class Inflater { +- private long strm; +- private byte[] buf = new byte[0]; ++ private final ZStreamRef zsRef; ++ private byte[] buf = emptyBuf; + private int off, len; + private boolean finished; + private boolean needDict; + ++ private static byte[] emptyBuf = new byte[0]; ++ + static { + /* Zip library is loaded from System.initializeSystemClass */ + initIDs(); +@@ -95,7 +97,7 @@ + * @param nowrap if true then support GZIP compatible compression + */ + public Inflater(boolean nowrap) { +- strm = init(nowrap); ++ zsRef = new ZStreamRef(init(nowrap)); + } + + /** +@@ -114,7 +116,7 @@ + * @param len the length of the input data + * @see Inflater#needsInput + */ +- public synchronized void setInput(byte[] b, int off, int len) { ++ public void setInput(byte[] b, int off, int len) { + if (b == null) { + throw new NullPointerException(); + } +@@ -121,9 +123,11 @@ + if (off < 0 || len < 0 || off > b.length - len) { + throw new ArrayIndexOutOfBoundsException(); + } +- this.buf = b; +- this.off = off; +- this.len = len; ++ synchronized (zsRef) { ++ this.buf = b; ++ this.off = off; ++ this.len = len; ++ } + } + + /** +@@ -148,15 +152,18 @@ + * @see Inflater#needsDictionary + * @see Inflater#getAdler + */ +- public synchronized void setDictionary(byte[] b, int off, int len) { +- if (strm == 0 || b == null) { ++ public void setDictionary(byte[] b, int off, int len) { ++ if (b == null) { + throw new NullPointerException(); + } + if (off < 0 || len < 0 || off > b.length - len) { + throw new ArrayIndexOutOfBoundsException(); + } +- setDictionary(strm, b, off, len); +- needDict = false; ++ synchronized (zsRef) { ++ ensureOpen(); ++ setDictionary(zsRef.address(), b, off, len); ++ needDict = false; ++ } + } + + /** +@@ -178,8 +185,10 @@ + * buffer after decompression has finished. + * @return the total number of bytes remaining in the input buffer + */ +- public synchronized int getRemaining() { +- return len; ++ public int getRemaining() { ++ synchronized (zsRef) { ++ return len; ++ } + } + + /** +@@ -188,8 +197,10 @@ + * to provide more input. + * @return true if no data remains in the input buffer + */ +- public synchronized boolean needsInput() { +- return len <= 0; ++ public boolean needsInput() { ++ synchronized (zsRef) { ++ return len <= 0; ++ } + } + + /** +@@ -197,8 +208,10 @@ + * @return true if a preset dictionary is needed for decompression + * @see Inflater#setDictionary + */ +- public synchronized boolean needsDictionary() { +- return needDict; ++ public boolean needsDictionary() { ++ synchronized (zsRef) { ++ return needDict; ++ } + } + + /** +@@ -207,8 +220,10 @@ + * @return true if the end of the compressed data stream has been + * reached + */ +- public synchronized boolean finished() { +- return finished; ++ public boolean finished() { ++ synchronized (zsRef) { ++ return finished; ++ } + } + + /** +@@ -226,7 +241,7 @@ + * @see Inflater#needsInput + * @see Inflater#needsDictionary + */ +- public synchronized int inflate(byte[] b, int off, int len) ++ public int inflate(byte[] b, int off, int len) + throws DataFormatException + { + if (b == null) { +@@ -235,7 +250,10 @@ + if (off < 0 || len < 0 || off > b.length - len) { + throw new ArrayIndexOutOfBoundsException(); + } +- return inflateBytes(b, off, len); ++ synchronized (zsRef) { ++ ensureOpen(); ++ return inflateBytes(zsRef.address(), b, off, len); ++ } + } + + /** +@@ -259,9 +277,11 @@ + * Returns the ADLER-32 value of the uncompressed data. + * @return the ADLER-32 value of the uncompressed data + */ +- public synchronized int getAdler() { +- ensureOpen(); +- return getAdler(strm); ++ public int getAdler() { ++ synchronized (zsRef) { ++ ensureOpen(); ++ return getAdler(zsRef.address()); ++ } + } + + /** +@@ -283,9 +303,11 @@ + * @return the total (non-negative) number of compressed bytes input so far + * @since 1.5 + */ +- public synchronized long getBytesRead() { +- ensureOpen(); +- return getBytesRead(strm); ++ public long getBytesRead() { ++ synchronized (zsRef) { ++ ensureOpen(); ++ return getBytesRead(zsRef.address()); ++ } + } + + /** +@@ -307,20 +329,25 @@ + * @return the total (non-negative) number of uncompressed bytes output so far + * @since 1.5 + */ +- public synchronized long getBytesWritten() { +- ensureOpen(); +- return getBytesWritten(strm); ++ public long getBytesWritten() { ++ synchronized (zsRef) { ++ ensureOpen(); ++ return getBytesWritten(zsRef.address()); ++ } + } + + /** + * Resets inflater so that a new set of input data can be processed. + */ +- public synchronized void reset() { +- ensureOpen(); +- reset(strm); +- finished = false; +- needDict = false; +- off = len = 0; ++ public void reset() { ++ synchronized (zsRef) { ++ ensureOpen(); ++ reset(zsRef.address()); ++ buf = emptyBuf; ++ finished = false; ++ needDict = false; ++ off = len = 0; ++ } + } + + /** +@@ -330,11 +357,14 @@ + * method. Once this method is called, the behavior of the Inflater + * object is undefined. + */ +- public synchronized void end() { +- if (strm != 0) { +- end(strm); +- strm = 0; +- buf = null; ++ public void end() { ++ synchronized (zsRef) { ++ long addr = zsRef.address(); ++ zsRef.clear(); ++ if (addr != 0) { ++ end(addr); ++ buf = null; ++ } + } + } + +@@ -346,19 +376,24 @@ + } + + private void ensureOpen () { +- if (strm == 0) +- throw new NullPointerException(); ++ assert Thread.holdsLock(zsRef); ++ if (zsRef.address() == 0) ++ throw new NullPointerException("Inflater has been closed"); + } + ++ private static class NativeStrm { ++ long strm; ++ } ++ + private native static void initIDs(); + private native static long init(boolean nowrap); +- private native static void setDictionary(long strm, byte[] b, int off, ++ private native static void setDictionary(long addr, byte[] b, int off, + int len); +- private native int inflateBytes(byte[] b, int off, int len) ++ private native int inflateBytes(long addr, byte[] b, int off, int len) + throws DataFormatException; +- private native static int getAdler(long strm); +- private native static long getBytesRead(long strm); +- private native static long getBytesWritten(long strm); +- private native static void reset(long strm); +- private native static void end(long strm); ++ private native static int getAdler(long addr); ++ private native static long getBytesRead(long addr); ++ private native static long getBytesWritten(long addr); ++ private native static void reset(long addr); ++ private native static void end(long addr); + } +--- /dev/null Tue Nov 24 12:11:34 2009 ++++ openjdk/jdk/src/share/classes/java/util/zip/ZStreamRef.java Tue Nov 24 12:11:33 2009 +@@ -0,0 +1,46 @@ ++/* ++ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Sun designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Sun in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, ++ * CA 95054 USA or visit www.sun.com if you need additional information or ++ * have any questions. ++ */ ++ ++package java.util.zip; ++ ++/** ++ * A reference to the native zlib's z_stream structure. ++ */ ++ ++class ZStreamRef { ++ ++ private long address; ++ ZStreamRef (long address) { ++ this.address = address; ++ } ++ ++ long address() { ++ return address; ++ } ++ ++ void clear() { ++ address = 0; ++ } ++} +--- openjdk.orig/jdk/src/share/native/java/util/zip/Deflater.c Tue Nov 24 12:11:38 2009 ++++ openjdk/jdk/src/share/native/java/util/zip/Deflater.c Tue Nov 24 12:11:37 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -38,7 +38,6 @@ + + #define DEF_MEM_LEVEL 8 + +-static jfieldID strmID; + static jfieldID levelID; + static jfieldID strategyID; + static jfieldID setParamsID; +@@ -49,7 +48,6 @@ + JNIEXPORT void JNICALL + Java_java_util_zip_Deflater_initIDs(JNIEnv *env, jclass cls) + { +- strmID = (*env)->GetFieldID(env, cls, "strm", "J"); + levelID = (*env)->GetFieldID(env, cls, "level", "I"); + strategyID = (*env)->GetFieldID(env, cls, "strategy", "I"); + setParamsID = (*env)->GetFieldID(env, cls, "setParams", "Z"); +@@ -62,40 +60,40 @@ + + JNIEXPORT jlong JNICALL + Java_java_util_zip_Deflater_init(JNIEnv *env, jclass cls, jint level, +- jint strategy, jboolean nowrap) ++ jint strategy, jboolean nowrap) + { + z_stream *strm = calloc(1, sizeof(z_stream)); + + if (strm == 0) { +- JNU_ThrowOutOfMemoryError(env, 0); +- return jlong_zero; ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return jlong_zero; + } else { +- char *msg; +- switch (deflateInit2(strm, level, Z_DEFLATED, +- nowrap ? -MAX_WBITS : MAX_WBITS, +- DEF_MEM_LEVEL, strategy)) { +- case Z_OK: +- return ptr_to_jlong(strm); +- case Z_MEM_ERROR: +- free(strm); +- JNU_ThrowOutOfMemoryError(env, 0); +- return jlong_zero; +- case Z_STREAM_ERROR: +- free(strm); +- JNU_ThrowIllegalArgumentException(env, 0); +- return jlong_zero; +- default: +- msg = strm->msg; +- free(strm); +- JNU_ThrowInternalError(env, msg); +- return jlong_zero; +- } ++ char *msg; ++ switch (deflateInit2(strm, level, Z_DEFLATED, ++ nowrap ? -MAX_WBITS : MAX_WBITS, ++ DEF_MEM_LEVEL, strategy)) { ++ case Z_OK: ++ return ptr_to_jlong(strm); ++ case Z_MEM_ERROR: ++ free(strm); ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return jlong_zero; ++ case Z_STREAM_ERROR: ++ free(strm); ++ JNU_ThrowIllegalArgumentException(env, 0); ++ return jlong_zero; ++ default: ++ msg = strm->msg; ++ free(strm); ++ JNU_ThrowInternalError(env, msg); ++ return jlong_zero; ++ } + } + } + + JNIEXPORT void JNICALL +-Java_java_util_zip_Deflater_setDictionary(JNIEnv *env, jclass cls, jlong strm, +- jarray b, jint off, jint len) ++Java_java_util_zip_Deflater_setDictionary(JNIEnv *env, jclass cls, jlong addr, ++ jarray b, jint off, jint len) + { + Bytef *buf = (*env)->GetPrimitiveArrayCritical(env, b, 0); + int res; +@@ -102,156 +100,155 @@ + if (buf == 0) {/* out of memory */ + return; + } +- res = deflateSetDictionary((z_stream *)jlong_to_ptr(strm), buf + off, len); ++ res = deflateSetDictionary((z_stream *)jlong_to_ptr(addr), buf + off, len); + (*env)->ReleasePrimitiveArrayCritical(env, b, buf, 0); + switch (res) { + case Z_OK: +- break; ++ break; + case Z_STREAM_ERROR: +- JNU_ThrowIllegalArgumentException(env, 0); +- break; ++ JNU_ThrowIllegalArgumentException(env, 0); ++ break; + default: +- JNU_ThrowInternalError(env, ((z_stream *)jlong_to_ptr(strm))->msg); +- break; ++ JNU_ThrowInternalError(env, ((z_stream *)jlong_to_ptr(addr))->msg); ++ break; + } + } + + JNIEXPORT jint JNICALL +-Java_java_util_zip_Deflater_deflateBytes(JNIEnv *env, jobject this, +- jarray b, jint off, jint len) ++Java_java_util_zip_Deflater_deflateBytes(JNIEnv *env, jobject this, jlong addr, ++ jarray b, jint off, jint len) + { +- z_stream *strm = jlong_to_ptr((*env)->GetLongField(env, this, strmID)); ++ z_stream *strm = jlong_to_ptr(addr); + +- if (strm == 0) { +- JNU_ThrowNullPointerException(env, 0); +- return 0; +- } else { +- jarray this_buf = (*env)->GetObjectField(env, this, bufID); +- jint this_off = (*env)->GetIntField(env, this, offID); +- jint this_len = (*env)->GetIntField(env, this, lenID); +- jbyte *in_buf; +- jbyte *out_buf; +- int res; +- if ((*env)->GetBooleanField(env, this, setParamsID)) { +- int level = (*env)->GetIntField(env, this, levelID); +- int strategy = (*env)->GetIntField(env, this, strategyID); ++ jarray this_buf = (*env)->GetObjectField(env, this, bufID); ++ jint this_off = (*env)->GetIntField(env, this, offID); ++ jint this_len = (*env)->GetIntField(env, this, lenID); ++ jbyte *in_buf; ++ jbyte *out_buf; ++ int res; ++ if ((*env)->GetBooleanField(env, this, setParamsID)) { ++ int level = (*env)->GetIntField(env, this, levelID); ++ int strategy = (*env)->GetIntField(env, this, strategyID); + +- in_buf = (jbyte *) malloc(this_len); +- if (in_buf == 0) { +- return 0; +- } +- (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf); ++ in_buf = (jbyte *) malloc(this_len); ++ if (in_buf == 0) { ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return 0; ++ } ++ (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf); + +- out_buf = (jbyte *) malloc(len); +- if (out_buf == 0) { +- free(in_buf); +- return 0; +- } ++ out_buf = (jbyte *) malloc(len); ++ if (out_buf == 0) { ++ free(in_buf); ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return 0; ++ } + +- strm->next_in = (Bytef *) in_buf; +- strm->next_out = (Bytef *) out_buf; +- strm->avail_in = this_len; +- strm->avail_out = len; +- res = deflateParams(strm, level, strategy); ++ strm->next_in = (Bytef *) in_buf; ++ strm->next_out = (Bytef *) out_buf; ++ strm->avail_in = this_len; ++ strm->avail_out = len; ++ res = deflateParams(strm, level, strategy); + +- if (res == Z_OK) { +- (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf); +- } +- free(out_buf); +- free(in_buf); ++ if (res == Z_OK) { ++ (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf); ++ } ++ free(out_buf); ++ free(in_buf); + +- switch (res) { +- case Z_OK: +- (*env)->SetBooleanField(env, this, setParamsID, JNI_FALSE); +- this_off += this_len - strm->avail_in; +- (*env)->SetIntField(env, this, offID, this_off); +- (*env)->SetIntField(env, this, lenID, strm->avail_in); +- return len - strm->avail_out; +- case Z_BUF_ERROR: +- (*env)->SetBooleanField(env, this, setParamsID, JNI_FALSE); +- return 0; +- default: +- JNU_ThrowInternalError(env, strm->msg); +- return 0; +- } +- } else { +- jboolean finish = (*env)->GetBooleanField(env, this, finishID); ++ switch (res) { ++ case Z_OK: ++ (*env)->SetBooleanField(env, this, setParamsID, JNI_FALSE); ++ this_off += this_len - strm->avail_in; ++ (*env)->SetIntField(env, this, offID, this_off); ++ (*env)->SetIntField(env, this, lenID, strm->avail_in); ++ return len - strm->avail_out; ++ case Z_BUF_ERROR: ++ (*env)->SetBooleanField(env, this, setParamsID, JNI_FALSE); ++ return 0; ++ default: ++ JNU_ThrowInternalError(env, strm->msg); ++ return 0; ++ } ++ } else { ++ jboolean finish = (*env)->GetBooleanField(env, this, finishID); + +- in_buf = (jbyte *) malloc(this_len); +- if (in_buf == 0) { +- return 0; +- } +- (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf); ++ in_buf = (jbyte *) malloc(this_len); ++ if (in_buf == 0) { ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return 0; ++ } ++ (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf); + +- out_buf = (jbyte *) malloc(len); +- if (out_buf == 0) { +- free(in_buf); +- return 0; +- } ++ out_buf = (jbyte *) malloc(len); ++ if (out_buf == 0) { ++ free(in_buf); ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return 0; ++ } + +- strm->next_in = (Bytef *) in_buf; +- strm->next_out = (Bytef *) out_buf; +- strm->avail_in = this_len; +- strm->avail_out = len; +- res = deflate(strm, finish ? Z_FINISH : Z_NO_FLUSH); ++ strm->next_in = (Bytef *) in_buf; ++ strm->next_out = (Bytef *) out_buf; ++ strm->avail_in = this_len; ++ strm->avail_out = len; ++ res = deflate(strm, finish ? Z_FINISH : Z_NO_FLUSH); + +- if (res == Z_STREAM_END || res == Z_OK) { +- (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf); +- } +- free(out_buf); +- free(in_buf); ++ if (res == Z_STREAM_END || res == Z_OK) { ++ (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf); ++ } ++ free(out_buf); ++ free(in_buf); + +- switch (res) { +- case Z_STREAM_END: +- (*env)->SetBooleanField(env, this, finishedID, JNI_TRUE); +- /* fall through */ +- case Z_OK: +- this_off += this_len - strm->avail_in; +- (*env)->SetIntField(env, this, offID, this_off); +- (*env)->SetIntField(env, this, lenID, strm->avail_in); +- return len - strm->avail_out; +- case Z_BUF_ERROR: +- return 0; +- default: +- JNU_ThrowInternalError(env, strm->msg); +- return 0; +- } +- } ++ switch (res) { ++ case Z_STREAM_END: ++ (*env)->SetBooleanField(env, this, finishedID, JNI_TRUE); ++ /* fall through */ ++ case Z_OK: ++ this_off += this_len - strm->avail_in; ++ (*env)->SetIntField(env, this, offID, this_off); ++ (*env)->SetIntField(env, this, lenID, strm->avail_in); ++ return len - strm->avail_out; ++ case Z_BUF_ERROR: ++ return 0; ++ default: ++ JNU_ThrowInternalError(env, strm->msg); ++ return 0; ++ } + } + } + + JNIEXPORT jint JNICALL +-Java_java_util_zip_Deflater_getAdler(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Deflater_getAdler(JNIEnv *env, jclass cls, jlong addr) + { +- return ((z_stream *)jlong_to_ptr(strm))->adler; ++ return ((z_stream *)jlong_to_ptr(addr))->adler; + } + + JNIEXPORT jlong JNICALL +-Java_java_util_zip_Deflater_getBytesRead(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Deflater_getBytesRead(JNIEnv *env, jclass cls, jlong addr) + { +- return ((z_stream *)jlong_to_ptr(strm))->total_in; ++ return ((z_stream *)jlong_to_ptr(addr))->total_in; + } + + JNIEXPORT jlong JNICALL +-Java_java_util_zip_Deflater_getBytesWritten(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Deflater_getBytesWritten(JNIEnv *env, jclass cls, jlong addr) + { +- return ((z_stream *)jlong_to_ptr(strm))->total_out; ++ return ((z_stream *)jlong_to_ptr(addr))->total_out; + } + + JNIEXPORT void JNICALL +-Java_java_util_zip_Deflater_reset(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Deflater_reset(JNIEnv *env, jclass cls, jlong addr) + { +- if (deflateReset((z_stream *)jlong_to_ptr(strm)) != Z_OK) { +- JNU_ThrowInternalError(env, 0); ++ if (deflateReset((z_stream *)jlong_to_ptr(addr)) != Z_OK) { ++ JNU_ThrowInternalError(env, 0); + } + } + + JNIEXPORT void JNICALL +-Java_java_util_zip_Deflater_end(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Deflater_end(JNIEnv *env, jclass cls, jlong addr) + { +- if (deflateEnd((z_stream *)jlong_to_ptr(strm)) == Z_STREAM_ERROR) { +- JNU_ThrowInternalError(env, 0); ++ if (deflateEnd((z_stream *)jlong_to_ptr(addr)) == Z_STREAM_ERROR) { ++ JNU_ThrowInternalError(env, 0); + } else { +- free((z_stream *)jlong_to_ptr(strm)); ++ free((z_stream *)jlong_to_ptr(addr)); + } + } +--- openjdk.orig/jdk/src/share/native/java/util/zip/Inflater.c Tue Nov 24 12:11:47 2009 ++++ openjdk/jdk/src/share/native/java/util/zip/Inflater.c Tue Nov 24 12:11:45 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -39,9 +39,8 @@ + #include "java_util_zip_Inflater.h" + + #define ThrowDataFormatException(env, msg) \ +- JNU_ThrowByName(env, "java/util/zip/DataFormatException", msg) ++ JNU_ThrowByName(env, "java/util/zip/DataFormatException", msg) + +-static jfieldID strmID; + static jfieldID needDictID; + static jfieldID finishedID; + static jfieldID bufID, offID, lenID; +@@ -49,7 +48,6 @@ + JNIEXPORT void JNICALL + Java_java_util_zip_Inflater_initIDs(JNIEnv *env, jclass cls) + { +- strmID = (*env)->GetFieldID(env, cls, "strm", "J"); + needDictID = (*env)->GetFieldID(env, cls, "needDict", "Z"); + finishedID = (*env)->GetFieldID(env, cls, "finished", "Z"); + bufID = (*env)->GetFieldID(env, cls, "buf", "[B"); +@@ -63,153 +61,151 @@ + z_stream *strm = calloc(1, sizeof(z_stream)); + + if (strm == 0) { +- JNU_ThrowOutOfMemoryError(env, 0); +- return jlong_zero; ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return jlong_zero; + } else { +- char *msg; +- switch (inflateInit2(strm, nowrap ? -MAX_WBITS : MAX_WBITS)) { +- case Z_OK: +- return ptr_to_jlong(strm); +- case Z_MEM_ERROR: +- free(strm); +- JNU_ThrowOutOfMemoryError(env, 0); +- return jlong_zero; +- default: +- msg = strm->msg; +- free(strm); +- JNU_ThrowInternalError(env, msg); +- return jlong_zero; +- } ++ char *msg; ++ switch (inflateInit2(strm, nowrap ? -MAX_WBITS : MAX_WBITS)) { ++ case Z_OK: ++ return ptr_to_jlong(strm); ++ case Z_MEM_ERROR: ++ free(strm); ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return jlong_zero; ++ default: ++ msg = strm->msg; ++ free(strm); ++ JNU_ThrowInternalError(env, msg); ++ return jlong_zero; ++ } + } + } + + JNIEXPORT void JNICALL +-Java_java_util_zip_Inflater_setDictionary(JNIEnv *env, jclass cls, jlong strm, +- jarray b, jint off, jint len) ++Java_java_util_zip_Inflater_setDictionary(JNIEnv *env, jclass cls, jlong addr, ++ jarray b, jint off, jint len) + { + Bytef *buf = (*env)->GetPrimitiveArrayCritical(env, b, 0); + int res; + if (buf == 0) /* out of memory */ + return; +- res = inflateSetDictionary(jlong_to_ptr(strm), buf + off, len); ++ res = inflateSetDictionary(jlong_to_ptr(addr), buf + off, len); + (*env)->ReleasePrimitiveArrayCritical(env, b, buf, 0); + switch (res) { + case Z_OK: +- break; ++ break; + case Z_STREAM_ERROR: + case Z_DATA_ERROR: +- JNU_ThrowIllegalArgumentException(env, ((z_stream *)jlong_to_ptr(strm))->msg); +- break; ++ JNU_ThrowIllegalArgumentException(env, ((z_stream *)jlong_to_ptr(addr))->msg); ++ break; + default: +- JNU_ThrowInternalError(env, ((z_stream *)jlong_to_ptr(strm))->msg); +- break; ++ JNU_ThrowInternalError(env, ((z_stream *)jlong_to_ptr(addr))->msg); ++ break; + } + } + + JNIEXPORT jint JNICALL +-Java_java_util_zip_Inflater_inflateBytes(JNIEnv *env, jobject this, +- jarray b, jint off, jint len) ++Java_java_util_zip_Inflater_inflateBytes(JNIEnv *env, jobject this, jlong addr, ++ jarray b, jint off, jint len) + { +- z_stream *strm = jlong_to_ptr((*env)->GetLongField(env, this, strmID)); ++ z_stream *strm = jlong_to_ptr(addr); + +- if (strm == 0) { +- JNU_ThrowNullPointerException(env, 0); +- return 0; +- } else { +- jarray this_buf = (jarray)(*env)->GetObjectField(env, this, bufID); +- jint this_off = (*env)->GetIntField(env, this, offID); +- jint this_len = (*env)->GetIntField(env, this, lenID); +- jbyte *in_buf; +- jbyte *out_buf; +- int ret; ++ jarray this_buf = (jarray)(*env)->GetObjectField(env, this, bufID); ++ jint this_off = (*env)->GetIntField(env, this, offID); ++ jint this_len = (*env)->GetIntField(env, this, lenID); ++ jbyte *in_buf; ++ jbyte *out_buf; ++ int ret; + +- in_buf = (jbyte *) malloc(this_len); +- if (in_buf == 0) { +- return 0; +- } +- (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf); ++ in_buf = (jbyte *) malloc(this_len); ++ if (in_buf == 0) { ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return 0; ++ } ++ (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf); + +- out_buf = (jbyte *) malloc(len); +- if (out_buf == 0) { +- free(in_buf); +- return 0; +- } ++ out_buf = (jbyte *) malloc(len); ++ if (out_buf == 0) { ++ free(in_buf); ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return 0; ++ } + +- strm->next_in = (Bytef *) in_buf; +- strm->next_out = (Bytef *) out_buf; +- strm->avail_in = this_len; +- strm->avail_out = len; +- ret = inflate(strm, Z_PARTIAL_FLUSH); ++ strm->next_in = (Bytef *) in_buf; ++ strm->next_out = (Bytef *) out_buf; ++ strm->avail_in = this_len; ++ strm->avail_out = len; ++ ret = inflate(strm, Z_PARTIAL_FLUSH); + +- if (ret == Z_STREAM_END || ret == Z_OK) { +- (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf); +- } +- free(out_buf); +- free(in_buf); ++ if (ret == Z_STREAM_END || ret == Z_OK) { ++ (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf); ++ } ++ free(out_buf); ++ free(in_buf); + +- switch (ret) { +- case Z_STREAM_END: +- (*env)->SetBooleanField(env, this, finishedID, JNI_TRUE); +- /* fall through */ +- case Z_OK: +- this_off += this_len - strm->avail_in; +- (*env)->SetIntField(env, this, offID, this_off); +- (*env)->SetIntField(env, this, lenID, strm->avail_in); +- return len - strm->avail_out; +- case Z_NEED_DICT: +- (*env)->SetBooleanField(env, this, needDictID, JNI_TRUE); +- /* Might have consumed some input here! */ +- this_off += this_len - strm->avail_in; +- (*env)->SetIntField(env, this, offID, this_off); +- (*env)->SetIntField(env, this, lenID, strm->avail_in); +- return 0; +- case Z_BUF_ERROR: +- return 0; +- case Z_DATA_ERROR: +- ThrowDataFormatException(env, strm->msg); +- return 0; +- case Z_MEM_ERROR: +- JNU_ThrowOutOfMemoryError(env, 0); +- return 0; +- default: +- JNU_ThrowInternalError(env, strm->msg); +- return 0; +- } ++ switch (ret) { ++ case Z_STREAM_END: ++ (*env)->SetBooleanField(env, this, finishedID, JNI_TRUE); ++ /* fall through */ ++ case Z_OK: ++ this_off += this_len - strm->avail_in; ++ (*env)->SetIntField(env, this, offID, this_off); ++ (*env)->SetIntField(env, this, lenID, strm->avail_in); ++ return len - strm->avail_out; ++ case Z_NEED_DICT: ++ (*env)->SetBooleanField(env, this, needDictID, JNI_TRUE); ++ /* Might have consumed some input here! */ ++ this_off += this_len - strm->avail_in; ++ (*env)->SetIntField(env, this, offID, this_off); ++ (*env)->SetIntField(env, this, lenID, strm->avail_in); ++ return 0; ++ case Z_BUF_ERROR: ++ return 0; ++ case Z_DATA_ERROR: ++ ThrowDataFormatException(env, strm->msg); ++ return 0; ++ case Z_MEM_ERROR: ++ JNU_ThrowOutOfMemoryError(env, 0); ++ return 0; ++ default: ++ JNU_ThrowInternalError(env, strm->msg); ++ return 0; + } + } + + JNIEXPORT jint JNICALL +-Java_java_util_zip_Inflater_getAdler(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Inflater_getAdler(JNIEnv *env, jclass cls, jlong addr) + { +- return ((z_stream *)jlong_to_ptr(strm))->adler; ++ return ((z_stream *)jlong_to_ptr(addr))->adler; + } + + JNIEXPORT jlong JNICALL +-Java_java_util_zip_Inflater_getBytesRead(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Inflater_getBytesRead(JNIEnv *env, jclass cls, jlong addr) + { +- return ((z_stream *)jlong_to_ptr(strm))->total_in; ++ return ((z_stream *)jlong_to_ptr(addr))->total_in; + } + + JNIEXPORT jlong JNICALL +-Java_java_util_zip_Inflater_getBytesWritten(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Inflater_getBytesWritten(JNIEnv *env, jclass cls, jlong addr) + { +- return ((z_stream *)jlong_to_ptr(strm))->total_out; ++ return ((z_stream *)jlong_to_ptr(addr))->total_out; + } + + JNIEXPORT void JNICALL +-Java_java_util_zip_Inflater_reset(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Inflater_reset(JNIEnv *env, jclass cls, jlong addr) + { +- if (inflateReset(jlong_to_ptr(strm)) != Z_OK) { +- JNU_ThrowInternalError(env, 0); ++ if (inflateReset(jlong_to_ptr(addr)) != Z_OK) { ++ JNU_ThrowInternalError(env, 0); + } + } + + JNIEXPORT void JNICALL +-Java_java_util_zip_Inflater_end(JNIEnv *env, jclass cls, jlong strm) ++Java_java_util_zip_Inflater_end(JNIEnv *env, jclass cls, jlong addr) + { +- if (inflateEnd(jlong_to_ptr(strm)) == Z_STREAM_ERROR) { +- JNU_ThrowInternalError(env, 0); ++ if (inflateEnd(jlong_to_ptr(addr)) == Z_STREAM_ERROR) { ++ JNU_ThrowInternalError(env, 0); + } else { +- free(jlong_to_ptr(strm)); ++ free(jlong_to_ptr(addr)); + } + } ++ diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6887703.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6887703.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,28 @@ +--- openjdk.orig/jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java Fri Mar 5 12:31:35 2010 ++++ openjdk/jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java Fri Mar 5 12:31:33 2010 +@@ -57,6 +57,7 @@ + import sun.awt.SunToolkit; + import sun.awt.datatransfer.DataTransferer; + import sun.awt.datatransfer.ToolkitThreadBlockedHandler; ++import sun.security.util.SecurityConstants; + + /** + *

+@@ -216,6 +217,17 @@ + throws UnsupportedFlavorException, IOException, + InvalidDnDOperationException + { ++ SecurityManager sm = System.getSecurityManager(); ++ try { ++ if (!dropComplete && sm != null) { ++ sm.checkSystemClipboardAccess(); ++ } ++ } catch (Exception e) { ++ Thread currentThread = Thread.currentThread(); ++ currentThread.getUncaughtExceptionHandler().uncaughtException(currentThread, e); ++ return null; ++ } ++ + Long lFormat = null; + Transferable localTransferable = local; + diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6888149.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6888149.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,33 @@ +--- openjdk.orig/jdk/src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java Tue Nov 17 14:10:36 2009 ++++ openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java Tue Nov 17 14:10:35 2009 +@@ -57,7 +57,7 @@ + private long rawIndex(int i) { + if (i < 0 || i >= array.length) + throw new IndexOutOfBoundsException("index " + i); +- return base + i * scale; ++ return base + (long) i * scale; + } + + /** +--- openjdk.orig/jdk/src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java Tue Nov 17 14:10:38 2009 ++++ openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java Tue Nov 17 14:10:37 2009 +@@ -56,7 +56,7 @@ + private long rawIndex(int i) { + if (i < 0 || i >= array.length) + throw new IndexOutOfBoundsException("index " + i); +- return base + i * scale; ++ return base + (long) i * scale; + } + + /** +--- openjdk.orig/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java Tue Nov 17 14:10:40 2009 ++++ openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java Tue Nov 17 14:10:39 2009 +@@ -57,7 +57,7 @@ + private long rawIndex(int i) { + if (i < 0 || i >= array.length) + throw new IndexOutOfBoundsException("index " + i); +- return base + i * scale; ++ return base + (long) i * scale; + } + + /** diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6892265.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6892265.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,35 @@ +# HG changeset patch +# User kvn +# Date 1259879213 28800 +# Node ID 75e095764f403b7425e30711b00cc038554a1ae9 +# Parent 324e583cecd8d5886f99f759a19fd2776793c053 +6892265: System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes +Summary: Use size_t type cast to widen int values in typeArrayKlass::copy_array(). +Reviewed-by: never, jcoomes + +diff --gitopenjdk.orig/hotspot/src/share/vm/oops/typeArrayKlass.cpp openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp +---openjdk.orig/hotspot/src/share/vm/oops/typeArrayKlass.cpp ++++ openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp +@@ -124,16 +124,16 @@ void typeArrayKlass::copy_array(arrayOop + || (((unsigned int) length + (unsigned int) dst_pos) > (unsigned int) d->length()) ) { + THROW(vmSymbols::java_lang_ArrayIndexOutOfBoundsException()); + } ++ // Check zero copy ++ if (length == 0) ++ return; + + // This is an attempt to make the copy_array fast. +- // NB: memmove takes care of overlapping memory segments. +- // Potential problem: memmove is not guaranteed to be word atomic +- // Revisit in Merlin + int l2es = log2_element_size(); + int ihs = array_header_in_bytes() / wordSize; +- char* src = (char*) ((oop*)s + ihs) + (src_pos << l2es); +- char* dst = (char*) ((oop*)d + ihs) + (dst_pos << l2es); +- memmove(dst, src, length << l2es); ++ char* src = (char*) ((oop*)s + ihs) + ((size_t)src_pos << l2es); ++ char* dst = (char*) ((oop*)d + ihs) + ((size_t)dst_pos << l2es); ++ Copy::conjoint_memory_atomic(src, dst, (size_t)length << l2es); + } + + diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6893947.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6893947.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,86 @@ +--- openjdk.orig/jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Mon Nov 30 08:24:30 2009 ++++ openjdk/jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Mon Nov 30 08:24:30 2009 +@@ -1264,6 +1264,7 @@ + * + * @return a String representation of this object. + **/ ++ @Override + public String toString() { + return super.toString() + ": connectionId=" + connectionId; + } +@@ -1517,6 +1518,21 @@ + } + } + ++ private static class SetCcl implements PrivilegedExceptionAction { ++ private final ClassLoader classLoader; ++ ++ SetCcl(ClassLoader classLoader) { ++ this.classLoader = classLoader; ++ } ++ ++ public ClassLoader run() { ++ Thread currentThread = Thread.currentThread(); ++ ClassLoader old = currentThread.getContextClassLoader(); ++ currentThread.setContextClassLoader(classLoader); ++ return old; ++ } ++ } ++ + private static T unwrap(final MarshalledObject mo, + final ClassLoader cl, + final Class wrappedClass) +@@ -1525,22 +1541,14 @@ + return null; + } + try { +- return AccessController.doPrivileged( +- new PrivilegedExceptionAction() { +- public T run() +- throws IOException { +- final ClassLoader old = +- Thread.currentThread().getContextClassLoader(); +- Thread.currentThread().setContextClassLoader(cl); +- try { +- return wrappedClass.cast(mo.get()); +- } catch (ClassNotFoundException cnfe) { +- throw new UnmarshalException(cnfe.toString(), cnfe); +- } finally { +- Thread.currentThread().setContextClassLoader(old); +- } +- } +- }); ++ final ClassLoader old = AccessController.doPrivileged(new SetCcl(cl)); ++ try { ++ return wrappedClass.cast(mo.get()); ++ } catch (ClassNotFoundException cnfe) { ++ throw new UnmarshalException(cnfe.toString(), cnfe); ++ } finally { ++ AccessController.doPrivileged(new SetCcl(old)); ++ } + } catch (PrivilegedActionException pe) { + Exception e = extractException(pe); + if (e instanceof IOException) { +@@ -1564,14 +1572,14 @@ + return null; + } + try { +- return AccessController.doPrivileged( +- new PrivilegedExceptionAction() { +- public T run() +- throws IOException { +- return unwrap(mo, new OrderClassLoaders(cl1, cl2), +- wrappedClass); +- } +- }); ++ ClassLoader orderCL = AccessController.doPrivileged( ++ new PrivilegedExceptionAction() { ++ public ClassLoader run() throws Exception { ++ return new OrderClassLoaders(cl1, cl2); ++ } ++ } ++ ); ++ return unwrap(mo, orderCL, wrappedClass); + } catch (PrivilegedActionException pe) { + Exception e = extractException(pe); + if (e instanceof IOException) { diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6893954.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6893954.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,248 @@ +diff -Nru openjdk.orig/jdk/src/share/classes/java/net/DatagramSocket.java openjdk/jdk/src/share/classes/java/net/DatagramSocket.java +--- openjdk.orig/jdk/src/share/classes/java/net/DatagramSocket.java 2009-04-24 08:34:06.000000000 +0100 ++++ openjdk/jdk/src/share/classes/java/net/DatagramSocket.java 2010-03-30 20:52:25.000000000 +0100 +@@ -117,6 +117,7 @@ + if (address == null) { + throw new IllegalArgumentException("connect: null address"); + } ++ checkAddress (address, "connect"); + if (isClosed()) + return; + SecurityManager security = System.getSecurityManager(); +@@ -361,13 +362,15 @@ + InetSocketAddress epoint = (InetSocketAddress) addr; + if (epoint.isUnresolved()) + throw new SocketException("Unresolved address"); ++ InetAddress iaddr = epoint.getAddress(); ++ int port = epoint.getPort(); ++ checkAddress(iaddr, "bind"); + SecurityManager sec = System.getSecurityManager(); + if (sec != null) { +- sec.checkListen(epoint.getPort()); ++ sec.checkListen(port); + } + try { +- getImpl().bind(epoint.getPort(), +- epoint.getAddress()); ++ getImpl().bind(port, iaddr); + } catch (SocketException e) { + getImpl().close(); + throw e; +@@ -375,6 +378,15 @@ + bound = true; + } + ++ void checkAddress (InetAddress addr, String op) { ++ if (addr == null) { ++ return; ++ } ++ if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) { ++ throw new IllegalArgumentException(op + ": invalid address type"); ++ } ++ } ++ + /** + * Connects the socket to a remote address for this socket. When a + * socket is connected to a remote address, packets may only be +@@ -580,6 +592,7 @@ + synchronized (p) { + if (isClosed()) + throw new SocketException("Socket is closed"); ++ checkAddress (p.getAddress(), "send"); + if (connectState == ST_NOT_CONNECTED) { + // check the address is ok wiht the security manager on every send. + SecurityManager security = System.getSecurityManager(); +diff -Nru openjdk.orig/jdk/src/share/classes/java/net/InetAddress.java openjdk/jdk/src/share/classes/java/net/InetAddress.java +--- openjdk.orig/jdk/src/share/classes/java/net/InetAddress.java 2009-04-24 08:34:06.000000000 +0100 ++++ openjdk/jdk/src/share/classes/java/net/InetAddress.java 2010-03-30 20:52:25.000000000 +0100 +@@ -35,6 +35,7 @@ + import java.security.AccessController; + import java.io.ObjectStreamException; + import java.io.IOException; ++import java.io.ObjectInputStream; + import sun.security.action.*; + import sun.net.InetAddressCachePolicy; + import sun.net.util.IPAddressUtil; +@@ -1491,6 +1492,23 @@ + + return impl; + } ++ ++ private void readObjectNoData (ObjectInputStream s) throws ++ IOException, ClassNotFoundException { ++ if (getClass().getClassLoader() != null) { ++ throw new SecurityException ("invalid address type"); ++ } ++ } ++ ++ private void readObject (ObjectInputStream s) throws ++ IOException, ClassNotFoundException { ++ s.defaultReadObject (); ++ if (getClass().getClassLoader() != null) { ++ hostName = null; ++ address = 0; ++ throw new SecurityException ("invalid address type"); ++ } ++ } + } + + /* +diff -Nru openjdk.orig/jdk/src/share/classes/java/net/MulticastSocket.java openjdk/jdk/src/share/classes/java/net/MulticastSocket.java +--- openjdk.orig/jdk/src/share/classes/java/net/MulticastSocket.java 2009-04-24 08:34:06.000000000 +0100 ++++ openjdk/jdk/src/share/classes/java/net/MulticastSocket.java 2010-03-30 20:52:25.000000000 +0100 +@@ -287,6 +287,7 @@ + throw new SocketException("Socket is closed"); + } + ++ checkAddress(mcastaddr, "joinGroup"); + SecurityManager security = System.getSecurityManager(); + if (security != null) { + security.checkMulticast(mcastaddr); +@@ -321,6 +322,7 @@ + throw new SocketException("Socket is closed"); + } + ++ checkAddress(mcastaddr, "leaveGroup"); + SecurityManager security = System.getSecurityManager(); + if (security != null) { + security.checkMulticast(mcastaddr); +@@ -368,6 +370,7 @@ + if (oldImpl) + throw new UnsupportedOperationException(); + ++ checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "joinGroup"); + SecurityManager security = System.getSecurityManager(); + if (security != null) { + security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress()); +@@ -414,6 +417,7 @@ + if (oldImpl) + throw new UnsupportedOperationException(); + ++ checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "leaveGroup"); + SecurityManager security = System.getSecurityManager(); + if (security != null) { + security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress()); +@@ -439,6 +443,7 @@ + if (isClosed()) { + throw new SocketException("Socket is closed"); + } ++ checkAddress(inf, "setInterface"); + synchronized (infLock) { + getImpl().setOption(SocketOptions.IP_MULTICAST_IF, inf); + infAddress = inf; +@@ -630,6 +635,7 @@ + throws IOException { + if (isClosed()) + throw new SocketException("Socket is closed"); ++ checkAddress(p.getAddress(), "send"); + synchronized(ttlLock) { + synchronized(p) { + if (connectState == ST_NOT_CONNECTED) { +diff -Nru openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java openjdk/jdk/src/share/classes/java/net/NetworkInterface.java +--- openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java 2010-03-30 20:51:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/java/net/NetworkInterface.java 2010-03-30 20:52:25.000000000 +0100 +@@ -278,8 +278,12 @@ + * If the specified address is null. + */ + public static NetworkInterface getByInetAddress(InetAddress addr) throws SocketException { +- if (addr == null) ++ if (addr == null) { + throw new NullPointerException(); ++ } ++ if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) { ++ throw new IllegalArgumentException ("invalid address type"); ++ } + return getByInetAddress0(addr); + } + +diff -Nru openjdk.orig/jdk/src/share/classes/java/net/Socket.java openjdk/jdk/src/share/classes/java/net/Socket.java +--- openjdk.orig/jdk/src/share/classes/java/net/Socket.java 2010-03-30 20:50:59.000000000 +0100 ++++ openjdk/jdk/src/share/classes/java/net/Socket.java 2010-03-30 20:53:20.000000000 +0100 +@@ -122,6 +122,9 @@ + if (p.type() == Proxy.Type.SOCKS) { + SecurityManager security = System.getSecurityManager(); + InetSocketAddress epoint = (InetSocketAddress) p.address(); ++ if (epoint.getAddress() != null) { ++ checkAddress (epoint.getAddress(), "Socket"); ++ } + if (security != null) { + if (epoint.isUnresolved()) + epoint = new InetSocketAddress(epoint.getHostName(), epoint.getPort()); +@@ -526,15 +529,16 @@ + throw new IllegalArgumentException("Unsupported address type"); + + InetSocketAddress epoint = (InetSocketAddress) endpoint; ++ InetAddress addr = epoint.getAddress (); ++ int port = epoint.getPort(); ++ checkAddress(addr, "connect"); + + SecurityManager security = System.getSecurityManager(); + if (security != null) { + if (epoint.isUnresolved()) +- security.checkConnect(epoint.getHostName(), +- epoint.getPort()); ++ security.checkConnect(epoint.getHostName(), port); + else +- security.checkConnect(epoint.getAddress().getHostAddress(), +- epoint.getPort()); ++ security.checkConnect(addr.getHostAddress(), port); + } + if (!created) + createImpl(true); +@@ -542,10 +546,9 @@ + impl.connect(epoint, timeout); + else if (timeout == 0) { + if (epoint.isUnresolved()) +- impl.connect(epoint.getAddress().getHostName(), +- epoint.getPort()); ++ impl.connect(addr.getHostName(), port); + else +- impl.connect(epoint.getAddress(), epoint.getPort()); ++ impl.connect(addr, port); + } else + throw new UnsupportedOperationException("SocketImpl.connect(addr, timeout)"); + connected = true; +@@ -582,14 +585,25 @@ + InetSocketAddress epoint = (InetSocketAddress) bindpoint; + if (epoint != null && epoint.isUnresolved()) + throw new SocketException("Unresolved address"); +- if (bindpoint == null) +- getImpl().bind(InetAddress.anyLocalAddress(), 0); +- else +- getImpl().bind(epoint.getAddress(), +- epoint.getPort()); ++ if (epoint == null) { ++ epoint = new InetSocketAddress(0); ++ } ++ InetAddress addr = epoint.getAddress(); ++ int port = epoint.getPort(); ++ checkAddress (addr, "bind"); ++ getImpl().bind (addr, port); + bound = true; + } + ++ private void checkAddress (InetAddress addr, String op) { ++ if (addr == null) { ++ return; ++ } ++ if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) { ++ throw new IllegalArgumentException(op + ": invalid address type"); ++ } ++ } ++ + /** + * set the flags after an accept() call. + */ +diff -Nru openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java openjdk/jdk/src/share/classes/sun/nio/ch/Net.java +--- openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java 2010-03-30 20:51:15.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/nio/ch/Net.java 2010-03-30 20:52:25.000000000 +0100 +@@ -55,6 +55,9 @@ + InetSocketAddress isa = (InetSocketAddress)sa; + if (isa.isUnresolved()) + throw new UnresolvedAddressException(); // ## needs arg ++ InetAddress addr = isa.getAddress(); ++ if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) ++ throw new IllegalArgumentException("Invalid address type"); + return isa; + } + diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6898622.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6898622.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,20 @@ +--- openjdk.orig/jdk/src/share/classes/sun/security/util/ObjectIdentifier.java Mon Nov 23 19:00:45 2009 ++++ openjdk/jdk/src/share/classes/sun/security/util/ObjectIdentifier.java Mon Nov 23 19:00:44 2009 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -323,6 +323,10 @@ + for (i = 0, retval = 0; i < 4; i++) { + retval <<= 7; + tmp = in.getByte (); ++ if (i == 0 && tmp == 0x80) { // First byte is 0x80, BER ++ throw new IOException ("ObjectIdentifier() -- " + ++ "sub component starts with 0x80"); ++ } + retval |= (tmp & 0x07f); + if ((tmp & 0x080) == 0) + return retval; diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6898739.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6898739.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,437 @@ +diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java openjdk/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java 2009-04-24 08:34:23.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java 2010-03-30 21:08:50.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -96,13 +96,17 @@ + * Constructors + */ + ClientHandshaker(SSLSocketImpl socket, SSLContextImpl context, +- ProtocolList enabledProtocols) { ++ ProtocolList enabledProtocols, ++ ProtocolVersion activeProtocolVersion) { + super(socket, context, enabledProtocols, true, true); ++ this.activeProtocolVersion = activeProtocolVersion; + } + + ClientHandshaker(SSLEngineImpl engine, SSLContextImpl context, +- ProtocolList enabledProtocols) { ++ ProtocolList enabledProtocols, ++ ProtocolVersion activeProtocolVersion) { + super(engine, context, enabledProtocols, true, true); ++ this.activeProtocolVersion = activeProtocolVersion; + } + + /* +@@ -250,7 +254,42 @@ + // sent the "client hello" but the server's not seen it. + // + if (state < HandshakeMessage.ht_client_hello) { +- kickstart(); ++ if (!renegotiable) { // renegotiation is not allowed. ++ if (activeProtocolVersion.v >= ProtocolVersion.TLS10.v) { ++ // response with a no_negotiation warning, ++ warningSE(Alerts.alert_no_negotiation); ++ ++ // invalidate the handshake so that the caller can ++ // dispose this object. ++ invalidated = true; ++ ++ // If there is still unread block in the handshake ++ // input stream, it would be truncated with the disposal ++ // and the next handshake message will become incomplete. ++ // ++ // However, according to SSL/TLS specifications, no more ++ // handshake message could immediately follow ClientHello ++ // or HelloRequest. But in case of any improper messages, ++ // we'd better check to ensure there is no remaining bytes ++ // in the handshake input stream. ++ if (input.available() > 0) { ++ fatalSE(Alerts.alert_unexpected_message, ++ "HelloRequest followed by an unexpected " + ++ "handshake message"); ++ } ++ ++ } else { ++ // For SSLv3, send the handshake_failure fatal error. ++ // Note that SSLv3 does not define a no_negotiation alert ++ // like TLSv1. However we cannot ignore the message ++ // simply, otherwise the other side was waiting for a ++ // response that would never come. ++ fatalSE(Alerts.alert_handshake_failure, ++ "renegotiation is not allowed"); ++ } ++ } else { ++ kickstart(); ++ } + } + } + +diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/ssl/Handshaker.java openjdk/jdk/src/share/classes/sun/security/ssl/Handshaker.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/Handshaker.java 2010-03-30 21:05:58.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/ssl/Handshaker.java 2010-03-30 21:08:50.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -61,9 +61,12 @@ + */ + abstract class Handshaker { + +- // current protocol version ++ // protocol version being established using this Handshaker + ProtocolVersion protocolVersion; + ++ // the currently active protocol version during a renegotiation ++ ProtocolVersion activeProtocolVersion; ++ + // list of enabled protocols + ProtocolList enabledProtocols; + +@@ -125,6 +128,13 @@ + /* Class and subclass dynamic debugging support */ + static final Debug debug = Debug.getInstance("ssl"); + ++ // By default, disable the unsafe legacy session renegotiation ++ static final boolean renegotiable = Debug.getBooleanProperty( ++ "sun.security.ssl.allowUnsafeRenegotiation", false); ++ ++ // need to dispose the object when it is invalidated ++ boolean invalidated; ++ + Handshaker(SSLSocketImpl c, SSLContextImpl context, + ProtocolList enabledProtocols, boolean needCertVerify, + boolean isClient) { +@@ -145,6 +155,7 @@ + this.sslContext = context; + this.isClient = isClient; + enableNewSession = true; ++ invalidated = false; + + setCipherSuite(CipherSuite.C_NULL); + +@@ -490,7 +501,9 @@ + */ + void processLoop() throws IOException { + +- while (input.available() > 0) { ++ // need to read off 4 bytes at least to get the handshake ++ // message type and length. ++ while (input.available() >= 4) { + byte messageType; + int messageLen; + +diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java openjdk/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java 2009-04-24 08:34:24.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java 2010-03-30 21:08:50.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -74,6 +74,9 @@ + // flag to check for clientCertificateVerify message + private boolean needClientVerify = false; + ++ // indicate a renegotiation handshaking ++ private boolean isRenegotiation = false; ++ + /* + * For exportable ciphersuites using non-exportable key sizes, we use + * ephemeral RSA keys. We could also do anonymous RSA in the same way +@@ -101,20 +104,28 @@ + * Constructor ... use the keys found in the auth context. + */ + ServerHandshaker(SSLSocketImpl socket, SSLContextImpl context, +- ProtocolList enabledProtocols, byte clientAuth) { ++ ProtocolList enabledProtocols, byte clientAuth, ++ boolean isRenegotiation, ProtocolVersion activeProtocolVersion) { ++ + super(socket, context, enabledProtocols, + (clientAuth != SSLEngineImpl.clauth_none), false); + doClientAuth = clientAuth; ++ this.isRenegotiation = isRenegotiation; ++ this.activeProtocolVersion = activeProtocolVersion; + } + + /* + * Constructor ... use the keys found in the auth context. + */ + ServerHandshaker(SSLEngineImpl engine, SSLContextImpl context, +- ProtocolList enabledProtocols, byte clientAuth) { ++ ProtocolList enabledProtocols, byte clientAuth, ++ boolean isRenegotiation, ProtocolVersion activeProtocolVersion) { ++ + super(engine, context, enabledProtocols, + (clientAuth != SSLEngineImpl.clauth_none), false); + doClientAuth = clientAuth; ++ this.isRenegotiation = isRenegotiation; ++ this.activeProtocolVersion = activeProtocolVersion; + } + + /* +@@ -262,6 +273,45 @@ + if (debug != null && Debug.isOn("handshake")) { + mesg.print(System.out); + } ++ ++ // if it is a renegotiation request and renegotiation is not allowed ++ if (isRenegotiation && !renegotiable) { ++ if (activeProtocolVersion.v >= ProtocolVersion.TLS10.v) { ++ // response with a no_negotiation warning, ++ warningSE(Alerts.alert_no_negotiation); ++ ++ // invalidate the handshake so that the caller can ++ // dispose this object. ++ invalidated = true; ++ ++ // If there is still unread block in the handshake ++ // input stream, it would be truncated with the disposal ++ // and the next handshake message will become incomplete. ++ // ++ // However, according to SSL/TLS specifications, no more ++ // handshake message could immediately follow ClientHello ++ // or HelloRequest. But in case of any improper messages, ++ // we'd better check to ensure there is no remaining bytes ++ // in the handshake input stream. ++ if (input.available() > 0) { ++ fatalSE(Alerts.alert_unexpected_message, ++ "ClientHello followed by an unexpected " + ++ "handshake message"); ++ ++ } ++ ++ return; ++ } else { ++ // For SSLv3, send the handshake_failure fatal error. ++ // Note that SSLv3 does not define a no_negotiation alert ++ // like TLSv1. However we cannot ignore the message ++ // simply, otherwise the other side was waiting for a ++ // response that would never come. ++ fatalSE(Alerts.alert_handshake_failure, ++ "renegotiation is not allowed"); ++ } ++ } ++ + /* + * Always make sure this entire record has been digested before we + * start emitting output, to ensure correct digesting order. +diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java 2009-04-24 08:34:24.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java 2010-03-30 21:08:50.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -433,11 +433,12 @@ + connectionState = cs_RENEGOTIATE; + } + if (roleIsServer) { +- handshaker = new ServerHandshaker +- (this, sslContext, enabledProtocols, doClientAuth); ++ handshaker = new ServerHandshaker(this, sslContext, ++ enabledProtocols, doClientAuth, ++ connectionState == cs_RENEGOTIATE, protocolVersion); + } else { +- handshaker = new ClientHandshaker +- (this, sslContext, enabledProtocols); ++ handshaker = new ClientHandshaker(this, sslContext, ++ enabledProtocols, protocolVersion); + } + handshaker.enabledCipherSuites = enabledCipherSuites; + handshaker.setEnableSessionCreation(enableSessionCreation); +@@ -622,6 +623,10 @@ + break; + + case cs_DATA: ++ if (!Handshaker.renegotiable) { ++ throw new SSLHandshakeException("renegotiation is not allowed"); ++ } ++ + // initialize the handshaker, move to cs_RENEGOTIATE + initHandshaker(); + break; +@@ -949,7 +954,13 @@ + handshaker.process_record(inputRecord, expectingFinished); + expectingFinished = false; + +- if (handshaker.isDone()) { ++ if (handshaker.invalidated) { ++ handshaker = null; ++ // if state is cs_RENEGOTIATE, revert it to cs_DATA ++ if (connectionState == cs_RENEGOTIATE) { ++ connectionState = cs_DATA; ++ } ++ } else if (handshaker.isDone()) { + sess = handshaker.getSession(); + if (!writer.hasOutboundData()) { + hsStatus = HandshakeStatus.FINISHED; +diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java 2009-04-24 08:34:24.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java 2010-03-30 21:09:09.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1996-2008 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -904,7 +904,13 @@ + handshaker.process_record(r, expectingFinished); + expectingFinished = false; + +- if (handshaker.isDone()) { ++ if (handshaker.invalidated) { ++ handshaker = null; ++ // if state is cs_RENEGOTIATE, revert it to cs_DATA ++ if (connectionState == cs_RENEGOTIATE) { ++ connectionState = cs_DATA; ++ } ++ } else if (handshaker.isDone()) { + sess = handshaker.getSession(); + handshaker = null; + connectionState = cs_DATA; +@@ -922,6 +928,7 @@ + t.start(); + } + } ++ + if (needAppData || connectionState != cs_DATA) { + continue; + } else { +@@ -1080,11 +1087,12 @@ + connectionState = cs_RENEGOTIATE; + } + if (roleIsServer) { +- handshaker = new ServerHandshaker +- (this, sslContext, enabledProtocols, doClientAuth); ++ handshaker = new ServerHandshaker(this, sslContext, ++ enabledProtocols, doClientAuth, ++ connectionState == cs_RENEGOTIATE, protocolVersion); + } else { +- handshaker = new ClientHandshaker +- (this, sslContext, enabledProtocols); ++ handshaker = new ClientHandshaker(this, sslContext, ++ enabledProtocols, protocolVersion); + } + handshaker.enabledCipherSuites = enabledCipherSuites; + handshaker.setEnableSessionCreation(enableSessionCreation); +@@ -1189,6 +1197,10 @@ + break; + + case cs_DATA: ++ if (!Handshaker.renegotiable) { ++ throw new SSLHandshakeException("renegotiation is not allowed"); ++ } ++ + // initialize the handshaker, move to cs_RENEGOTIATE + initHandshaker(); + break; +diff -Nru openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java +--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java 2009-04-24 08:34:50.000000000 +0100 ++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java 2010-03-30 21:08:50.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2001-2003 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -25,6 +25,8 @@ + * @test + * @bug 4403428 + * @summary Invalidating JSSE session on server causes SSLProtocolException ++ * @ignore incompatible with disabled unsafe renegotiation (6898739), please ++ * reenable when safe renegotiation is implemented. + * @author Brad Wetmore + */ + +diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java +--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java 2009-04-24 08:34:51.000000000 +0100 ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java 2010-03-30 21:08:51.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2001-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -26,6 +26,8 @@ + * @bug 4280338 + * @summary "Unsupported SSL message version" SSLProtocolException + * w/SSL_RSA_WITH_NULL_MD5 ++ * @ignore incompatible with disabled unsafe renegotiation (6898739), please ++ * reenable when safe renegotiation is implemented. + * + * @author Ram Marti + * @author Brad Wetmore +diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java +--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java 2009-04-24 08:34:51.000000000 +0100 ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java 2010-03-30 21:08:51.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -25,6 +25,8 @@ + * @test + * @bug 4948079 + * @summary SSLEngineResult needs updating [none yet] ++ * @ignore incompatible with disabled unsafe renegotiation (6898739), please ++ * reenable when safe renegotiation is implemented. + * + * This is a simple hack to test a bunch of conditions and check + * their return codes. +diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java +--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java 2009-04-24 08:34:51.000000000 +0100 ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java 2010-03-30 21:08:51.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -26,6 +26,8 @@ + * @bug 4495742 + * @summary Add non-blocking SSL/TLS functionality, usable with any + * I/O abstraction ++ * @ignore incompatible with disabled unsafe renegotiation (6898739), please ++ * reenable when safe renegotiation is implemented. + * + * This is a bit hacky, meant to test various conditions. The main + * thing I wanted to do with this was to do buffer reads/writes +diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java +--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java 2009-04-24 08:34:51.000000000 +0100 ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java 2010-03-30 21:08:51.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -25,6 +25,8 @@ + * @test + * @bug 4495742 + * @summary Demonstrate SSLEngine switch from no client auth to client auth. ++ * @ignore incompatible with disabled unsafe renegotiation (6898739), please ++ * reenable when safe renegotiation is implemented. + * + * @author Brad R. Wetmore + */ diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6899653.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6899653.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,27 @@ +diff -Nru openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c +--- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c 2009-04-24 08:34:31.000000000 +0100 ++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c 2010-03-30 21:21:47.000000000 +0100 +@@ -1433,6 +1433,9 @@ + + // If is in memory, the LUT is already there, so throw a copy + if (Icc -> TagPtrs[n]) { ++ if (!_cmsValidateLUT((LPLUT) Icc ->TagPtrs[n])) { ++ return NULL; ++ } + + return cmsDupLUT((LPLUT) Icc ->TagPtrs[n]); + } +diff -Nru openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c +--- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c 2010-03-30 21:18:36.000000000 +0100 ++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c 2010-03-30 21:21:13.000000000 +0100 +@@ -1982,6 +1982,10 @@ + goto ErrorCleanup; + } + ++ if (Transforms[i] == NULL) { ++ cmsSignalError(LCMS_ERRC_ABORTED, "cmsCreateMultiprofileTransform: unable to create transform"); ++ goto ErrorCleanup; ++ } + CurrentColorSpace = ColorSpaceOut; + + } diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6902299.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6902299.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,104 @@ +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp Tue Feb 16 13:34:13 2010 ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp Tue Feb 16 13:34:12 2010 +@@ -40,7 +40,7 @@ + + void bytes::malloc(size_t len_) { + len = len_; +- ptr = NEW(byte, len_+1); // add trailing zero byte always ++ ptr = NEW(byte, add_size(len_, 1)); // add trailing zero byte always + if (ptr == null) { + // set ptr to some victim memory, to ease escape + set(dummy, sizeof(dummy)-1); +@@ -56,7 +56,7 @@ + return; + } + byte* oldptr = ptr; +- ptr = (len_ >= PSIZE_MAX) ? null : (byte*)::realloc(ptr, len_+1); ++ ptr = (len_ >= PSIZE_MAX) ? null : (byte*)::realloc(ptr, add_size(len_, 1)); + if (ptr != null) { + mtrace('r', oldptr, 0); + mtrace('m', ptr, len_+1); +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Tue Feb 16 13:34:15 2010 ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Tue Feb 16 13:34:14 2010 +@@ -488,7 +488,7 @@ + + maybe_inline + void unpacker::saveTo(bytes& b, byte* ptr, size_t len) { +- b.ptr = U_NEW(byte, len+1); ++ b.ptr = U_NEW(byte, add_size(len,1)); + if (aborting()) { + b.len = 0; + return; +@@ -675,7 +675,7 @@ + if (archive_size < header_size_1) { + abort("too much read-ahead"); // somehow we pre-fetched too much? + return; +- } ++ } + input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), + (size_t) header_size_0 + archive_size); + CHECK; +@@ -1129,7 +1129,7 @@ + *fillp = 0; // bigbuf must contain a well-formed Utf8 string + int length = fillp - bigbuf.ptr; + bytes& value = cpMap[i].value.b; +- value.set(U_NEW(byte, length+1), length); ++ value.set(U_NEW(byte, add_size(length,1)), length); + value.copyFrom(bigbuf.ptr, length); + CHECK; + // Index all Utf8 strings +@@ -1601,7 +1601,7 @@ + return no_bands; + } else { + int nb = bs_limit - bs_base; +- band** res = U_NEW(band*, nb+1); ++ band** res = U_NEW(band*, add_size(nb, 1)); + CHECK_(no_bands); + for (int i = 0; i < nb; i++) { + band* b = (band*) band_stack.get(bs_base + i); +@@ -1710,7 +1710,7 @@ + } + // save away the case labels + int ntags = band_stack.length() - case_base; +- int* tags = U_NEW(int, 1+ntags); ++ int* tags = U_NEW(int, add_size(ntags, 1)); + CHECK_(lp); + k_case.le_casetags = tags; + *tags++ = ntags; +@@ -3115,8 +3115,8 @@ + int* field_counts = T_NEW(int, nclasses); + int* method_counts = T_NEW(int, nclasses); + cpindex* all_indexes = U_NEW(cpindex, nclasses*2); +- entry** field_ix = U_NEW(entry*, nfields+nclasses); +- entry** method_ix = U_NEW(entry*, nmethods+nclasses); ++ entry** field_ix = U_NEW(entry*, add_size(nfields, nclasses)); ++ entry** method_ix = U_NEW(entry*, add_size(nmethods, nclasses)); + + for (j = 0; j < nfields; j++) { + entry& f = fields[j]; +@@ -4104,7 +4104,7 @@ + } + const char* suffix = ".java"; + int len = prefix.len + strlen(suffix); +- bytes name; name.set(T_NEW(byte, len + 1), len); ++ bytes name; name.set(T_NEW(byte, add_size(len, 1)), len); + name.strcat(prefix).strcat(suffix); + ref = cp.ensureUtf8(name); + } +@@ -4619,7 +4619,7 @@ + bytes& prefix = cur_class->ref(0)->value.b; + const char* suffix = ".class"; + int len = prefix.len + strlen(suffix); +- bytes name; name.set(T_NEW(byte, len + 1), len); ++ bytes name; name.set(T_NEW(byte, add_size(len, 1)), len); + cur_file.name = name.strcat(prefix).strcat(suffix).strval(); + } + } else { +@@ -4686,6 +4686,7 @@ + input.ensureSize(fleft); + } + rplimit = rp = input.base(); ++ CHECK; + input.setLimit(rp + fleft); + if (!ensure_input(fleft)) + abort("EOF reading resource file"); diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6904691.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6904691.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,166 @@ +--- openjdk.orig/jdk/src/share/classes/java/beans/EventHandler.java 2009-12-18 16:45:11.534864100 +0300 ++++ openjdk/jdk/src/share/classes/java/beans/EventHandler.java 2009-12-18 16:45:10.832864100 +0300 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -32,7 +32,6 @@ + import java.security.AccessController; + import java.security.PrivilegedAction; + +-import java.util.EventObject; + import sun.reflect.misc.MethodUtil; + + /** +@@ -279,9 +278,9 @@ + public class EventHandler implements InvocationHandler { + private Object target; + private String action; +- private String eventPropertyName; +- private String listenerMethodName; +- private AccessControlContext acc; ++ private final String eventPropertyName; ++ private final String listenerMethodName; ++ private final AccessControlContext acc = AccessController.getContext(); + + /** + * Creates a new EventHandler object; +@@ -309,7 +308,6 @@ + * @see #getListenerMethodName + */ + public EventHandler(Object target, String action, String eventPropertyName, String listenerMethodName) { +- this.acc = AccessController.getContext(); + this.target = target; + this.action = action; + if (target == null) { +@@ -421,7 +419,11 @@ + * @see EventHandler + */ + public Object invoke(final Object proxy, final Method method, final Object[] arguments) { +- return AccessController.doPrivileged(new PrivilegedAction() { ++ AccessControlContext acc = this.acc; ++ if (acc == null && null != System.getSecurityManager()) { ++ throw new SecurityException("AccessControlContext is not set"); ++ } ++ return AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + return invokeInternal(proxy, method, arguments); + } +@@ -481,7 +483,10 @@ + throw new RuntimeException(ex); + } + catch (InvocationTargetException ex) { +- throw new RuntimeException(ex.getTargetException()); ++ Throwable th = ex.getTargetException(); ++ throw (th instanceof RuntimeException) ++ ? (RuntimeException) th ++ : new RuntimeException(th); + } + } + return null; +--- openjdk.orig/jdk/src/share/classes/java/beans/Statement.java 2009-12-18 16:45:17.431864100 +0300 ++++ openjdk/jdk/src/share/classes/java/beans/Statement.java 2009-12-18 16:45:16.779864100 +0300 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -29,6 +29,10 @@ + import java.lang.reflect.Constructor; + import java.lang.reflect.InvocationTargetException; + import java.lang.reflect.Method; ++import java.security.AccessControlContext; ++import java.security.AccessController; ++import java.security.PrivilegedActionException; ++import java.security.PrivilegedExceptionAction; + + import com.sun.beans.finder.ClassFinder; + import sun.reflect.misc.MethodUtil; +@@ -61,9 +65,10 @@ + } + }; + +- Object target; +- String methodName; +- Object[] arguments; ++ private final AccessControlContext acc = AccessController.getContext(); ++ private final Object target; ++ private final String methodName; ++ private final Object[] arguments; + + /** + * Creates a new Statement object with a target, +@@ -141,6 +146,27 @@ + } + + Object invoke() throws Exception { ++ AccessControlContext acc = this.acc; ++ if (acc == null && null != System.getSecurityManager()) { ++ throw new SecurityException("AccessControlContext is not set"); ++ } ++ try { ++ return AccessController.doPrivileged( ++ new PrivilegedExceptionAction() { ++ public Object run() ++ throws Exception { ++ return invokeInternal(); ++ } ++ }, ++ acc ++ ); ++ } ++ catch (PrivilegedActionException exception) { ++ throw exception.getException(); ++ } ++ } ++ ++ private Object invokeInternal() throws Exception { + Object target = getTarget(); + String methodName = getMethodName(); + +--- openjdk.orig/jdk/test/java/beans/EventHandler/Test6277246.java 2009-12-18 16:45:23.345864100 +0300 ++++ openjdk/jdk/test/java/beans/EventHandler/Test6277246.java 2009-12-18 16:45:22.586864100 +0300 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -49,10 +49,10 @@ + catch (NoSuchMethodException exception) { + throw new Error("unexpected exception", exception); + } ++ catch (SecurityException exception) { ++ // expected security exception ++ } + catch (RuntimeException exception) { +- if (exception.getCause() instanceof SecurityException) { +- return; // expected security exception +- } + throw new Error("unexpected exception", exception); + } + } +--- openjdk.orig/jdk/test/java/beans/EventHandler/Test6277266.java 2009-12-18 16:45:29.225864100 +0300 ++++ openjdk/jdk/test/java/beans/EventHandler/Test6277266.java 2009-12-18 16:45:28.557864100 +0300 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -51,7 +51,7 @@ + ); + throw new Error("SecurityException expected"); + } catch (InvocationTargetException exception) { +- if (exception.getCause().getCause() instanceof SecurityException){ ++ if (exception.getCause() instanceof SecurityException){ + return; // expected security exception + } + throw new Error("unexpected exception", exception); diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6909597.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6909597.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,74 @@ +--- openjdk.orig/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c 2009-12-23 19:18:23.132000000 +0300 ++++ openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c 2009-12-23 19:18:22.515000000 +0300 +@@ -258,6 +258,7 @@ + + typedef struct pixelBufferStruct { + jobject hpixelObject; // Usually a DataBuffer bank as a byte array ++ unsigned int byteBufferLength; + union pixptr { + INT32 *ip; // Pinned buffer pointer, as 32-bit ints + unsigned char *bp; // Pinned buffer pointer, as bytes +@@ -270,6 +271,7 @@ + */ + static void initPixelBuffer(pixelBufferPtr pb) { + pb->hpixelObject = NULL; ++ pb->byteBufferLength = 0; + pb->buf.ip = NULL; + } + +@@ -279,13 +281,13 @@ + */ + static int setPixelBuffer(JNIEnv *env, pixelBufferPtr pb, jobject obj) { + pb->hpixelObject = (*env)->NewGlobalRef(env, obj); +- + if (pb->hpixelObject == NULL) { + JNU_ThrowByName( env, + "java/lang/OutOfMemoryError", + "Setting Pixel Buffer"); + return NOT_OK; + } ++ pb->byteBufferLength = (*env)->GetArrayLength(env, pb->hpixelObject); + return OK; + } + +@@ -302,6 +304,7 @@ + unpinPixelBuffer(env, pb); + (*env)->DeleteGlobalRef(env, pb->hpixelObject); + pb->hpixelObject = NULL; ++ pb->byteBufferLength = 0; + } + } + +@@ -1806,6 +1809,7 @@ + boolean orderedBands = TRUE; + imageIODataPtr data = (imageIODataPtr) ptr; + j_decompress_ptr cinfo; ++ unsigned int numBytes; + + /* verify the inputs */ + +@@ -2030,15 +2034,22 @@ + // scanline buffer into the raster. + in = scanLinePtr + (sourceXStart * cinfo->num_components); + if (pixelLimit > in) { +- memcpy(out, in, pixelLimit - in); ++ numBytes = pixelLimit - in; ++ if (numBytes > data->pixelBuf.byteBufferLength) { ++ numBytes = data->pixelBuf.byteBufferLength; ++ } ++ memcpy(out, in, numBytes); + } + } else { ++ numBytes = numBands; + for (in = scanLinePtr+sourceXStart*cinfo->num_components; +- in < pixelLimit; ++ in < pixelLimit && ++ numBytes <= data->pixelBuf.byteBufferLength; + in += pixelStride) { + for (i = 0; i < numBands; i++) { + *out++ = *(in+bands[i]); + } ++ numBytes += numBands; + } + } + diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6910590.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6910590.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,10 @@ +--- openjdk.orig/jdk/src/share/classes/java/lang/ProcessBuilder.java Tue Jan 12 12:31:35 2010 ++++ openjdk/jdk/src/share/classes/java/lang/ProcessBuilder.java Tue Jan 12 12:31:34 2010 +@@ -451,6 +451,7 @@ + // Must convert to array first -- a malicious user-supplied + // list might try to circumvent the security check. + String[] cmdarray = command.toArray(new String[command.size()]); ++ cmdarray = cmdarray.clone(); + for (String arg : cmdarray) + if (arg == null) + throw new NullPointerException(); diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6914823.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6914823.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,80 @@ +--- openjdk.orig/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java 2010-02-17 13:30:02.571000000 +0300 ++++ openjdk/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java 2010-02-17 13:30:02.197000000 +0300 +@@ -333,10 +333,10 @@ + hints = h; + } + +- public native void setICMpixels(int x, int y, int w, int h, int[] lut, ++ private native void setICMpixels(int x, int y, int w, int h, int[] lut, + byte[] pix, int off, int scansize, + IntegerComponentRaster ict); +- public native int setDiffICM(int x, int y, int w, int h, int[] lut, ++ private native int setDiffICM(int x, int y, int w, int h, int[] lut, + int transPix, int numLut, IndexColorModel icm, + byte[] pix, int off, int scansize, + ByteComponentRaster bct, int chanOff); +@@ -361,6 +361,64 @@ + } + createBufferedImage(); + } ++ ++ if (w <= 0 || h <= 0) { ++ return; ++ } ++ ++ int biWidth = biRaster.getWidth(); ++ int biHeight = biRaster.getHeight(); ++ ++ int x1 = x+w; // Overflow protection below ++ int y1 = y+h; // Overflow protection below ++ if (x < 0) { ++ off -= x; ++ x = 0; ++ } else if (x1 < 0) { ++ x1 = biWidth; // Must be overflow ++ } ++ if (y < 0) { ++ off -= y*scansize; ++ y = 0; ++ } else if (y1 < 0) { ++ y1 = biHeight; // Must be overflow ++ } ++ if (x1 > biWidth) { ++ x1 = biWidth; ++ } ++ if (y1 > biHeight) { ++ y1 = biHeight; ++ } ++ if (x >= x1 || y >= y1) { ++ return; ++ } ++ // x,y,x1,y1 are all >= 0, so w,h must be >= 0 ++ w = x1-x; ++ h = y1-y; ++ // off is first pixel read so it must be in bounds ++ if (off < 0 || off >= pix.length) { ++ // They overflowed their own array ++ throw new ArrayIndexOutOfBoundsException("Data offset out of bounds."); ++ } ++ // pix.length and off are >= 0 so remainder >= 0 ++ int remainder = pix.length - off; ++ if (remainder < w) { ++ // They overflowed their own array ++ throw new ArrayIndexOutOfBoundsException("Data array is too short."); ++ } ++ int num; ++ if (scansize < 0) { ++ num = (off / -scansize) + 1; ++ } else if (scansize > 0) { ++ num = ((remainder-w) / scansize) + 1; ++ } else { ++ num = h; ++ } ++ if (h > num) { ++ // They overflowed their own array. ++ throw new ArrayIndexOutOfBoundsException("Data array is too short."); ++ } ++ + if (isSameCM && (cmodel != model) && (srcLUT != null) && + (model instanceof IndexColorModel) && + (biRaster instanceof ByteComponentRaster)) diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6914866.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6914866.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,118 @@ +--- openjdk.orig/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c 2010-02-17 13:09:00.023000000 +0300 ++++ openjdk/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c 2010-02-17 13:08:58.601000000 +0300 +@@ -2216,7 +2216,8 @@ + int dataType = BYTE_DATA_TYPE; + int width; + int height; +- int size = rasterP->width * rasterP->height * rasterP->numBands; ++ int dataSize; ++ int offset; + + *dataPP = NULL; + +@@ -2269,6 +2270,22 @@ + #endif + switch (rasterP->type) { + case sun_awt_image_IntegerComponentRaster_TYPE_INT_8BIT_SAMPLES: ++ if (!((rasterP->chanOffsets[0] == 0 || SAFE_TO_ALLOC_2(rasterP->chanOffsets[0], 4)) && ++ SAFE_TO_ALLOC_2(width, 4) && ++ SAFE_TO_ALLOC_3(height, rasterP->scanlineStride, 4))) ++ { ++ return -1; ++ } ++ offset = 4 * rasterP->chanOffsets[0]; ++ dataSize = 4 * (*env)->GetArrayLength(env, rasterP->jdata); ++ ++ if (offset < 0 || offset >= dataSize || ++ width > rasterP->scanlineStride || ++ height * rasterP->scanlineStride * 4 > dataSize - offset) ++ { ++ // raster data buffer is too short ++ return -1; ++ } + dataP = (void *) (*env)->GetPrimitiveArrayCritical(env, rasterP->jdata, + NULL); + if (dataP == NULL) { +@@ -2277,11 +2294,25 @@ + *mlibImagePP = (*sMlibSysFns.createStructFP)(MLIB_BYTE, 4, + width, height, + rasterP->scanlineStride*4, +- (unsigned char *)dataP +- + rasterP->chanOffsets[0]*4); ++ (unsigned char *)dataP + offset); + *dataPP = dataP; + return 0; + case sun_awt_image_IntegerComponentRaster_TYPE_BYTE_SAMPLES: ++ if (!(SAFE_TO_ALLOC_2(width, rasterP->numBands) && ++ SAFE_TO_ALLOC_2(height, rasterP->scanlineStride))) ++ { ++ return -1; ++ } ++ offset = rasterP->chanOffsets[0]; ++ dataSize = (*env)->GetArrayLength(env, rasterP->jdata); ++ ++ if (offset < 0 || offset >= dataSize || ++ width * rasterP->numBands > rasterP->scanlineStride || ++ height * rasterP->scanlineStride > dataSize - offset) ++ { ++ // raster data buffer is too short ++ return -1; ++ } + dataP = (void *) (*env)->GetPrimitiveArrayCritical(env, rasterP->jdata, + NULL); + if (dataP == NULL) { +@@ -2290,11 +2321,26 @@ + *mlibImagePP = (*sMlibSysFns.createStructFP)(MLIB_BYTE, rasterP->numBands, + width, height, + rasterP->scanlineStride, +- (unsigned char *)dataP +- + rasterP->chanOffsets[0]); ++ (unsigned char *)dataP + offset); + *dataPP = dataP; + return 0; + case sun_awt_image_IntegerComponentRaster_TYPE_USHORT_SAMPLES: ++ if (!((rasterP->chanOffsets[0] == 0 || SAFE_TO_ALLOC_2(rasterP->chanOffsets[0], 2)) && ++ SAFE_TO_ALLOC_3(width, rasterP->numBands, 2) && ++ SAFE_TO_ALLOC_3(height, rasterP->scanlineStride, 2))) ++ { ++ return -1; ++ } ++ offset = rasterP->chanOffsets[0] * 2; ++ dataSize = 2 * (*env)->GetArrayLength(env, rasterP->jdata); ++ ++ if (offset < 0 || offset >= dataSize || ++ width * rasterP->numBands > rasterP->scanlineStride || ++ height * rasterP->scanlineStride * 2 > dataSize - offset) ++ { ++ // raster data buffer is too short ++ return -1; ++ } + dataP = (void *) (*env)->GetPrimitiveArrayCritical(env, rasterP->jdata, + NULL); + if (dataP == NULL) { +@@ -2304,8 +2350,7 @@ + rasterP->numBands, + width, height, + rasterP->scanlineStride*2, +- (unsigned char *)dataP +- + rasterP->chanOffsets[0]*2); ++ (unsigned char *)dataP + offset); + *dataPP = dataP; + return 0; + +--- openjdk.orig/jdk/src/share/native/sun/awt/medialib/safe_alloc.h 2010-02-17 13:09:12.672000000 +0300 ++++ openjdk/jdk/src/share/native/sun/awt/medialib/safe_alloc.h 2010-02-17 13:09:11.501000000 +0300 +@@ -35,11 +35,11 @@ + */ + #define SAFE_TO_ALLOC_2(c, sz) \ + (((c) > 0) && ((sz) > 0) && \ +- ((0xffffffffu / ((juint)(c))) > (sz))) ++ ((0xffffffffu / ((juint)(c))) > ((juint)(sz)))) + + #define SAFE_TO_ALLOC_3(w, h, sz) \ + (((w) > 0) && ((h) > 0) && ((sz) > 0) && \ +- (((0xffffffffu / ((juint)(w))) / ((juint)(h))) > (sz))) ++ (((0xffffffffu / ((juint)(w))) / ((juint)(h))) > ((juint)(sz)))) + + + #endif // __SAFE_ALLOC_H__ diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/6932480.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/6932480.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,43 @@ +# HG changeset patch +# User acorn +# Date 1268677738 14400 +# Node ID 77940ab6c3558ccc1b859a2e28cb0db440d9f5b6 +# Parent 9d4986fcac2a07806ffed8a33184da149f76719b +6932480: Crash in CompilerThread/Parser. Unloaded array klass? +Summary: Restore code deleted in 6626217 +Reviewed-by: asaha, kevinw + +diff --git openjdk.orig/hotspot/src/share/vm/ci/ciEnv.cpp openjdk/hotspot/src/share/vm/ci/ciEnv.cpp +--- openjdk.orig/hotspot/src/share/vm/ci/ciEnv.cpp ++++ openjdk/hotspot/src/share/vm/ci/ciEnv.cpp +@@ -343,6 +343,30 @@ ciKlass* ciEnv::get_klass_by_name_impl(c + found_klass = + SystemDictionary::find_instance_or_array_klass(sym, loader, domain, + KILL_COMPILE_ON_FATAL_(fail_type)); ++ } ++ ++ // If we fail to find an array klass, look again for its element type. ++ // The element type may be available either locally or via constraints. ++ // In either case, if we can find the element type in the system dictionary, ++ // we must build an array type around it. The CI requires array klasses ++ // to be loaded if their element klasses are loaded, except when memory ++ // is exhausted. ++ if (sym->byte_at(0) == '[' && ++ (sym->byte_at(1) == '[' || sym->byte_at(1) == 'L')) { ++ // We have an unloaded array. ++ // Build it on the fly if the element class exists. ++ symbolOop elem_sym = oopFactory::new_symbol(sym->as_utf8()+1, ++ sym->utf8_length()-1, ++ KILL_COMPILE_ON_FATAL_(fail_type)); ++ // Get element ciKlass recursively. ++ ciKlass* elem_klass = ++ get_klass_by_name_impl(accessing_klass, ++ get_object(elem_sym)->as_symbol(), ++ require_local); ++ if (elem_klass != NULL && elem_klass->is_loaded()) { ++ // Now make an array for it ++ return ciObjArrayKlass::make_impl(elem_klass); ++ } + } + + if (found_klass != NULL) { diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/hotspot/default/6894807.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/hotspot/default/6894807.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,27 @@ +diff -Nru openjdk.orig/hotspot/src/share/vm/opto/cfgnode.cpp openjdk/hotspot/src/share/vm/opto/cfgnode.cpp +--- openjdk.orig/hotspot/src/share/vm/opto/cfgnode.cpp 2009-05-15 00:36:38.000000000 +0100 ++++ openjdk/hotspot/src/share/vm/opto/cfgnode.cpp 2010-03-30 21:03:55.000000000 +0100 +@@ -956,6 +956,7 @@ + } + if( jtkp && ttkp ) { + if( jtkp->is_loaded() && jtkp->klass()->is_interface() && ++ !jtkp->klass_is_exact() && // Keep exact interface klass (6894807) + ttkp->is_loaded() && !ttkp->klass()->is_interface() ) { + assert(ft == ttkp->cast_to_ptr_type(jtkp->ptr()) || + ft->isa_narrowoop() && ft->make_ptr() == ttkp->cast_to_ptr_type(jtkp->ptr()), ""); +diff -Nru openjdk.orig/hotspot/src/share/vm/opto/type.cpp openjdk/hotspot/src/share/vm/opto/type.cpp +--- openjdk.orig/hotspot/src/share/vm/opto/type.cpp 2009-05-15 00:36:38.000000000 +0100 ++++ openjdk/hotspot/src/share/vm/opto/type.cpp 2010-03-30 21:02:58.000000000 +0100 +@@ -2501,10 +2501,12 @@ + ftip->is_loaded() && ftip->klass()->is_interface() && + ktip->is_loaded() && !ktip->klass()->is_interface()) { + // Happens in a CTW of rt.jar, 320-341, no extra flags ++ assert(!ftip->klass_is_exact(), "interface could not be exact"); + return ktip->cast_to_ptr_type(ftip->ptr()); + } + if (ftkp != NULL && ktkp != NULL && + ftkp->is_loaded() && ftkp->klass()->is_interface() && ++ !ftkp->klass_is_exact() && // Keep exact interface klass + ktkp->is_loaded() && !ktkp->klass()->is_interface()) { + // Happens in a CTW of rt.jar, 320-341, no extra flags + return ktkp->cast_to_ptr_type(ftkp->ptr()); diff -r 924928f21072 -r d48a4f542e7d patches/security/20100330/hotspot/original/6894807.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20100330/hotspot/original/6894807.patch Tue Mar 30 23:04:54 2010 +0100 @@ -0,0 +1,115 @@ +# HG changeset patch +# User kvn +# Date 1265943511 28800 +# Node ID 9d4986fcac2a07806ffed8a33184da149f76719b +# Parent 209a7a8a8f966dc4d6b45333cf4f3fa6648a6ecb +6894807: No ClassCastException for HashAttributeSet constructors if run with -Xcomp +Summary: Return interface klass type if it is exact. +Reviewed-by: never + +diff --git openjdk.orig/hotspot/src/share/vm/opto/cfgnode.cpp openjdk/hotspot/src/share/vm/opto/cfgnode.cpp +--- openjdk.orig/hotspot/src/share/vm/opto/cfgnode.cpp ++++ openjdk/hotspot/src/share/vm/opto/cfgnode.cpp +@@ -797,9 +797,16 @@ const Type *PhiNode::Value( PhaseTransfo + // lattice, we must tread carefully around phis which implicitly + // convert the one to the other. + const TypeInstPtr* ttip = _type->isa_instptr(); ++ const TypeKlassPtr* ttkp = _type->isa_klassptr(); ++ + bool is_intf = false; + if (ttip != NULL) { + ciKlass* k = ttip->klass(); ++ if (k->is_loaded() && k->is_interface()) ++ is_intf = true; ++ } ++ if (ttkp != NULL) { ++ ciKlass* k = ttkp->klass(); + if (k->is_loaded() && k->is_interface()) + is_intf = true; + } +@@ -859,6 +866,8 @@ const Type *PhiNode::Value( PhaseTransfo + // uplift the type. + if( !t->empty() && ttip && ttip->is_loaded() && ttip->klass()->is_interface() ) + { assert(ft == _type, ""); } // Uplift to interface ++ else if( !t->empty() && ttkp && ttkp->is_loaded() && ttkp->klass()->is_interface() ) ++ { assert(ft == _type, ""); } // Uplift to interface + // Otherwise it's something stupid like non-overlapping int ranges + // found on dying counted loops. + else +@@ -873,12 +882,23 @@ const Type *PhiNode::Value( PhaseTransfo + // join report an interface back out. This isn't possible but happens + // because the type system doesn't interact well with interfaces. + const TypeInstPtr *jtip = jt->isa_instptr(); ++ const TypeKlassPtr *jtkp = jt->isa_klassptr(); ++ + if( jtip && ttip ) { + if( jtip->is_loaded() && jtip->klass()->is_interface() && + ttip->is_loaded() && !ttip->klass()->is_interface() ) + // Happens in a CTW of rt.jar, 320-341, no extra flags + { assert(ft == ttip->cast_to_ptr_type(jtip->ptr()), ""); jt = ft; } + } ++ if( jtkp && ttkp ) { ++ if( jtkp->is_loaded() && jtkp->klass()->is_interface() && ++ !jtkp->klass_is_exact() && // Keep exact interface klass (6894807) ++ ttkp->is_loaded() && !ttkp->klass()->is_interface() ) { ++ assert(ft == ttkp->cast_to_ptr_type(jtkp->ptr()), ""); ++ jt = ft; ++ } ++ } ++ + if (jt != ft && jt->base() == ft->base()) { + if (jt->isa_int() && + jt->is_int()->_lo == ft->is_int()->_lo && +diff --git openjdk.orig/hotspot/src/share/vm/opto/type.cpp openjdk/hotspot/src/share/vm/opto/type.cpp +--- openjdk.orig/hotspot/src/share/vm/opto/type.cpp ++++ openjdk/hotspot/src/share/vm/opto/type.cpp +@@ -2357,6 +2357,8 @@ const Type *TypeOopPtr::filter( const Ty + const Type* ft = join(kills); + const TypeInstPtr* ftip = ft->isa_instptr(); + const TypeInstPtr* ktip = kills->isa_instptr(); ++ const TypeKlassPtr* ftkp = ft->isa_klassptr(); ++ const TypeKlassPtr* ktkp = kills->isa_klassptr(); + + if (ft->empty()) { + // Check for evil case of 'this' being a class and 'kills' expecting an +@@ -2369,6 +2371,8 @@ const Type *TypeOopPtr::filter( const Ty + // into a Phi which "knows" it's an Interface type we'll have to + // uplift the type. + if (!empty() && ktip != NULL && ktip->is_loaded() && ktip->klass()->is_interface()) ++ return kills; // Uplift to interface ++ if (!empty() && ktkp != NULL && ktkp->klass()->is_loaded() && ktkp->klass()->is_interface()) + return kills; // Uplift to interface + + return Type::TOP; // Canonical empty value +@@ -2383,9 +2387,18 @@ const Type *TypeOopPtr::filter( const Ty + ftip->is_loaded() && ftip->klass()->is_interface() && + ktip->is_loaded() && !ktip->klass()->is_interface()) { + // Happens in a CTW of rt.jar, 320-341, no extra flags ++ assert(!ftip->klass_is_exact(), "interface could not be exact"); + return ktip->cast_to_ptr_type(ftip->ptr()); + } +- ++ // Interface klass type could be exact in opposite to interface type, ++ // return it here instead of incorrect Constant ptr J/L/Object (6894807). ++ if (ftkp != NULL && ktkp != NULL && ++ ftkp->is_loaded() && ftkp->klass()->is_interface() && ++ !ftkp->klass_is_exact() && // Keep exact interface klass ++ ktkp->is_loaded() && !ktkp->klass()->is_interface()) { ++ return ktkp->cast_to_ptr_type(ftkp->ptr()); ++ } ++ + return ft; + } + +diff --git openjdk.orig/hotspot/src/share/vm/opto/type.hpp openjdk/hotspot/src/share/vm/opto/type.hpp +--- openjdk.orig/hotspot/src/share/vm/opto/type.hpp ++++ openjdk/hotspot/src/share/vm/opto/type.hpp +@@ -858,6 +858,8 @@ public: + public: + ciSymbol* name() const { return _klass->name(); } + ++ bool is_loaded() const { return _klass->is_loaded(); } ++ + // ptr to klass 'k' + static const TypeKlassPtr *make( ciKlass* k ) { return make( TypePtr::Constant, k, 0); } + // ptr to klass 'k' with offset diff -r 924928f21072 -r d48a4f542e7d patches/security/icedtea-6862968.patch diff -r 924928f21072 -r d48a4f542e7d patches/security/icedtea-6872357.patch diff -r 924928f21072 -r d48a4f542e7d patches/security/icedtea-6874643.patch