# HG changeset patch # User Andrew John Hughes # Date 1297277674 0 # Node ID d063b76189d8f472224aab9dc0ff89a4481825d2 # Parent 24077bd3fcd47850463d4ba4bc9bf23f9420630e Security updates from Oracle SSR. S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption S6907662, CVE-2010-4465: Swing timer-based security manager bypass S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries 2011-02-09 Andrew John Hughes * Makefile.am: Add new patches. * NEWS: Updated. * patches/icedtea-nio2.patch: Rejigged. * patches/security/20110215/6878713.patch, * patches/security/20110215/6907662.patch, * patches/security/20110215/6981922.patch, * patches/security/20110215/6983554.patch, * patches/security/20110215/6994263.patch: Security updates from Oracle SSR. diff -r 24077bd3fcd4 -r d063b76189d8 ChangeLog --- a/ChangeLog Wed Feb 09 17:58:33 2011 +0000 +++ b/ChangeLog Wed Feb 09 18:54:34 2011 +0000 @@ -1,3 +1,15 @@ +2011-02-09 Andrew John Hughes + + * Makefile.am: Add new patches. + * NEWS: Updated. + * patches/icedtea-nio2.patch: Rejigged. + * patches/security/20110215/6878713.patch, + * patches/security/20110215/6907662.patch, + * patches/security/20110215/6981922.patch, + * patches/security/20110215/6983554.patch, + * patches/security/20110215/6994263.patch: + Security updates from Oracle SSR. + 2011-02-09 Andrew John Hughes * NEWS: Add 1.7.10. diff -r 24077bd3fcd4 -r d063b76189d8 Makefile.am --- a/Makefile.am Wed Feb 09 17:58:33 2011 +0000 +++ b/Makefile.am Wed Feb 09 18:54:34 2011 +0000 @@ -261,7 +261,12 @@ patches/security/20101012/6963285.patch \ patches/security/20101012/6981426.patch \ patches/security/20101012/6990437.patch \ - patches/security/20110209/4421494.patch + patches/security/20110209/4421494.patch \ + patches/security/20110215/6878713.patch \ + patches/security/20110215/6907662.patch \ + patches/security/20110215/6981922.patch \ + patches/security/20110215/6983554.patch \ + patches/security/20110215/6994263.patch ICEDTEA_PATCHES = \ $(SECURITY_PATCHES) \ diff -r 24077bd3fcd4 -r d063b76189d8 NEWS --- a/NEWS Wed Feb 09 17:58:33 2011 +0000 +++ b/NEWS Wed Feb 09 18:54:34 2011 +0000 @@ -8,7 +8,14 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY -New in release 1.7.10 (2011-XX-XX): +New in release 1.7.10 (2011-02-15): + +* Security updates + - S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption + - S6907662, CVE-2010-4465: Swing timer-based security manager bypass + - S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation + - S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets + - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries New in release 1.7.9 (2011-02-09): diff -r 24077bd3fcd4 -r d063b76189d8 patches/icedtea-nio2.patch --- a/patches/icedtea-nio2.patch Wed Feb 09 17:58:33 2011 +0000 +++ b/patches/icedtea-nio2.patch Wed Feb 09 18:54:34 2011 +0000 @@ -1,6 +1,6 @@ diff -Nru openjdk.orig/jdk/make/docs/CORE_PKGS.gmk openjdk/jdk/make/docs/CORE_PKGS.gmk ---- openjdk.orig/jdk/make/docs/CORE_PKGS.gmk 2009-01-07 21:17:37.000000000 +0000 -+++ openjdk/jdk/make/docs/CORE_PKGS.gmk 2009-01-09 21:21:59.000000000 +0000 +--- openjdk.orig/jdk/make/docs/CORE_PKGS.gmk 2009-10-14 18:17:14.000000000 +0100 ++++ openjdk/jdk/make/docs/CORE_PKGS.gmk 2011-02-09 18:08:16.658865718 +0000 @@ -36,6 +36,7 @@ sunw.* \ com.sun.* \ @@ -10,8 +10,8 @@ org.w3c.dom.css \ org.w3c.dom.html \ diff -Nru openjdk.orig/jdk/make/docs/Makefile openjdk/jdk/make/docs/Makefile ---- openjdk.orig/jdk/make/docs/Makefile 2009-02-03 16:20:38.000000000 +0000 -+++ openjdk/jdk/make/docs/Makefile 2009-02-03 19:40:10.000000000 +0000 +--- openjdk.orig/jdk/make/docs/Makefile 2011-02-09 18:07:27.000000000 +0000 ++++ openjdk/jdk/make/docs/Makefile 2011-02-09 18:08:16.666865802 +0000 @@ -404,6 +404,29 @@ # TREEAPI_PKGS is located in NON_CORE_PKGS.gmk @@ -68,8 +68,8 @@ # List the values defined in the makefile hierarchy, to make sure everything # is set properly, and to help identify values we can use instead of making new ones. diff -Nru openjdk.orig/jdk/make/docs/NON_CORE_PKGS.gmk openjdk/jdk/make/docs/NON_CORE_PKGS.gmk ---- openjdk.orig/jdk/make/docs/NON_CORE_PKGS.gmk 2009-01-07 21:27:46.000000000 +0000 -+++ openjdk/jdk/make/docs/NON_CORE_PKGS.gmk 2009-02-03 16:28:29.000000000 +0000 +--- openjdk.orig/jdk/make/docs/NON_CORE_PKGS.gmk 2011-02-09 18:07:28.000000000 +0000 ++++ openjdk/jdk/make/docs/NON_CORE_PKGS.gmk 2011-02-09 18:08:16.666865802 +0000 @@ -65,6 +65,16 @@ HTTPSERVER_PKGS = com.sun.net.httpserver \ com.sun.net.httpserver.spi @@ -87,18 +87,18 @@ DOCLETAPI_PKGS = com.sun.javadoc TAGLETAPI_FILE = com/sun/tools/doclets/Taglet.java -@@ -89,6 +99,7 @@ - $(MGMT_PKGS) \ +@@ -94,6 +104,7 @@ + $(JAVASCRIPT_PKGS) \ $(JAAS_PKGS) \ $(JGSS_PKGS) \ + $(NIO2_PKGS) \ $(OLD_JSSE_PKGS) \ $(HTTPSERVER_PKGS) \ - $(SMARTCARDIO_PKGS) + $(SMARTCARDIO_PKGS) \ diff -Nru openjdk.orig/jdk/make/java/java/FILES_java.gmk openjdk/jdk/make/java/java/FILES_java.gmk ---- openjdk.orig/jdk/make/java/java/FILES_java.gmk 2009-01-07 21:35:50.000000000 +0000 -+++ openjdk/jdk/make/java/java/FILES_java.gmk 2009-01-12 15:24:01.000000000 +0000 -@@ -516,6 +516,13 @@ +--- openjdk.orig/jdk/make/java/java/FILES_java.gmk 2011-02-09 18:07:21.000000000 +0000 ++++ openjdk/jdk/make/java/java/FILES_java.gmk 2011-02-09 18:08:16.666865802 +0000 +@@ -517,6 +517,13 @@ sun/misc/JavaLangAccess.java \ sun/misc/JavaIOAccess.java \ sun/misc/JavaIODeleteOnExitAccess.java \ @@ -114,8 +114,8 @@ FILES_java = $(JAVA_JAVA_java) diff -Nru openjdk.orig/jdk/make/java/nio/FILES_java.gmk openjdk/jdk/make/java/nio/FILES_java.gmk ---- openjdk.orig/jdk/make/java/nio/FILES_java.gmk 2009-01-10 03:21:38.000000000 +0000 -+++ openjdk/jdk/make/java/nio/FILES_java.gmk 2009-01-19 19:13:49.000000000 +0000 +--- openjdk.orig/jdk/make/java/nio/FILES_java.gmk 2011-02-09 18:07:22.000000000 +0000 ++++ openjdk/jdk/make/java/nio/FILES_java.gmk 2011-02-09 18:08:16.666865802 +0000 @@ -75,12 +75,13 @@ sun/nio/ch/DefaultSelectorProvider.java \ sun/nio/ch/DirectBuffer.java \ @@ -315,8 +315,8 @@ FILES_java = $(FILES_src) $(FILES_gen) diff -Nru openjdk.orig/jdk/make/java/nio/Makefile openjdk/jdk/make/java/nio/Makefile ---- openjdk.orig/jdk/make/java/nio/Makefile 2009-01-10 03:22:13.000000000 +0000 -+++ openjdk/jdk/make/java/nio/Makefile 2009-01-15 16:35:28.000000000 +0000 +--- openjdk.orig/jdk/make/java/nio/Makefile 2011-02-09 18:07:22.000000000 +0000 ++++ openjdk/jdk/make/java/nio/Makefile 2011-02-09 18:08:16.666865802 +0000 @@ -40,6 +40,11 @@ SNIO_SRC = $(SHARE_SRC)/classes/sun/nio SNIO_GEN = $(GENSRCDIR)/sun/nio @@ -663,8 +663,8 @@ + .PHONY: sources diff -Nru openjdk.orig/jdk/make/java/nio/mapfile-linux openjdk/jdk/make/java/nio/mapfile-linux ---- openjdk.orig/jdk/make/java/nio/mapfile-linux 2009-01-07 22:08:47.000000000 +0000 -+++ openjdk/jdk/make/java/nio/mapfile-linux 2009-01-29 01:13:17.000000000 +0000 +--- openjdk.orig/jdk/make/java/nio/mapfile-linux 2009-10-14 18:17:15.000000000 +0100 ++++ openjdk/jdk/make/java/nio/mapfile-linux 2011-02-09 18:08:16.666865802 +0000 @@ -20,6 +20,14 @@ Java_sun_nio_ch_EPollArrayWrapper_interrupt; Java_sun_nio_ch_EPollArrayWrapper_offsetofData; @@ -781,8 +781,8 @@ local: *; diff -Nru openjdk.orig/jdk/make/java/nio/mapfile-solaris openjdk/jdk/make/java/nio/mapfile-solaris ---- openjdk.orig/jdk/make/java/nio/mapfile-solaris 2009-01-07 22:08:47.000000000 +0000 -+++ openjdk/jdk/make/java/nio/mapfile-solaris 2009-01-07 22:18:51.000000000 +0000 +--- openjdk.orig/jdk/make/java/nio/mapfile-solaris 2009-10-14 18:17:15.000000000 +0100 ++++ openjdk/jdk/make/java/nio/mapfile-solaris 2011-02-09 18:08:16.666865802 +0000 @@ -73,6 +73,75 @@ Java_sun_nio_ch_ServerSocketChannelImpl_listen; Java_sun_nio_ch_SocketChannelImpl_checkConnect; @@ -860,8 +860,8 @@ local: *; diff -Nru openjdk.orig/jdk/make/mkdemo/Makefile openjdk/jdk/make/mkdemo/Makefile ---- openjdk.orig/jdk/make/mkdemo/Makefile 2009-01-07 22:23:02.000000000 +0000 -+++ openjdk/jdk/make/mkdemo/Makefile 2009-01-07 22:23:48.000000000 +0000 +--- openjdk.orig/jdk/make/mkdemo/Makefile 2009-10-14 18:17:15.000000000 +0100 ++++ openjdk/jdk/make/mkdemo/Makefile 2011-02-09 18:08:16.666865802 +0000 @@ -31,7 +31,7 @@ PRODUCT = demos include $(BUILDDIR)/common/Defs.gmk @@ -872,8 +872,8 @@ all build:: nbproject $(SUBDIRS-loop) diff -Nru openjdk.orig/jdk/make/mksample/nio/Makefile openjdk/jdk/make/mksample/nio/Makefile ---- openjdk.orig/jdk/make/mksample/nio/Makefile 2009-01-07 22:23:19.000000000 +0000 -+++ openjdk/jdk/make/mksample/nio/Makefile 2009-01-07 22:24:06.000000000 +0000 +--- openjdk.orig/jdk/make/mksample/nio/Makefile 2009-10-14 18:17:15.000000000 +0100 ++++ openjdk/jdk/make/mksample/nio/Makefile 2011-02-09 18:08:16.666865802 +0000 @@ -31,7 +31,7 @@ PRODUCT = java include $(BUILDDIR)/common/Defs.gmk @@ -884,9 +884,9 @@ $(SUBDIRS-loop) diff -Nru openjdk.orig/jdk/src/share/classes/java/io/File.java openjdk/jdk/src/share/classes/java/io/File.java ---- openjdk.orig/jdk/src/share/classes/java/io/File.java 2009-01-12 13:32:17.000000000 +0000 -+++ openjdk/jdk/src/share/classes/java/io/File.java 2009-01-12 13:35:18.000000000 +0000 -@@ -1957,6 +1957,13 @@ +--- openjdk.orig/jdk/src/share/classes/java/io/File.java 2011-02-09 18:07:20.000000000 +0000 ++++ openjdk/jdk/src/share/classes/java/io/File.java 2011-02-09 18:08:16.666865802 +0000 +@@ -1958,6 +1958,13 @@ } } ); @@ -901,9 +901,9 @@ diff -Nru openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java openjdk/jdk/src/share/classes/java/net/NetworkInterface.java ---- openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java 2009-01-16 04:07:15.000000000 +0000 -+++ openjdk/jdk/src/share/classes/java/net/NetworkInterface.java 2009-01-19 19:12:21.000000000 +0000 -@@ -529,4 +529,15 @@ +--- openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java 2011-02-09 18:07:20.000000000 +0000 ++++ openjdk/jdk/src/share/classes/java/net/NetworkInterface.java 2011-02-09 18:08:16.666865802 +0000 +@@ -536,4 +536,15 @@ } private static native void init(); @@ -920,8 +920,8 @@ + } diff -Nru openjdk.orig/jdk/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java openjdk/jdk/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java ---- openjdk.orig/jdk/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java 2009-01-13 23:54:13.000000000 +0000 -+++ openjdk/jdk/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java 2009-01-15 01:21:36.000000000 +0000 +--- openjdk.orig/jdk/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java 2009-10-14 18:17:30.000000000 +0100 ++++ openjdk/jdk/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java 2011-02-09 18:08:16.666865802 +0000 @@ -2004,4 +2004,23 @@ } } @@ -947,8 +947,8 @@ + } diff -Nru openjdk.orig/jdk/src/share/classes/sun/misc/Unsafe.java openjdk/jdk/src/share/classes/sun/misc/Unsafe.java ---- openjdk.orig/jdk/src/share/classes/sun/misc/Unsafe.java 2009-01-19 15:44:19.000000000 +0000 -+++ openjdk/jdk/src/share/classes/sun/misc/Unsafe.java 2009-01-19 15:47:42.000000000 +0000 +--- openjdk.orig/jdk/src/share/classes/sun/misc/Unsafe.java 2009-10-14 18:17:41.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/misc/Unsafe.java 2011-02-09 18:08:16.682865972 +0000 @@ -504,9 +504,33 @@ /** * Sets all bytes in a given block of memory to a copy of another @@ -996,9 +996,9 @@ * Report the scale factor for addressing elements in the storage * allocation of a given array class. However, arrays of "narrow" types diff -Nru openjdk.orig/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java ---- openjdk.orig/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java 2009-01-16 03:10:17.000000000 +0000 -+++ openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java 2009-01-19 21:04:48.000000000 +0000 -@@ -29,10 +29,28 @@ +--- openjdk.orig/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java 2011-02-09 18:07:20.000000000 +0000 ++++ openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java 2011-02-09 18:09:30.467645679 +0000 +@@ -29,9 +29,29 @@ import java.io.IOException; import java.net.*; import java.nio.ByteBuffer; @@ -1014,7 +1014,7 @@ +import java.util.Set; + import java.lang.ref.SoftReference; - ++ +import org.classpath.icedtea.java.net.ProtocolFamily; +import org.classpath.icedtea.java.net.StandardProtocolFamily; +import org.classpath.icedtea.java.net.SocketOption; @@ -1026,10 +1026,11 @@ +import org.classpath.icedtea.java.nio.channels.spi.SelectorProvider; + +import org.classpath.icedtea.misc.SharedSecrets; ++ + import sun.net.ResourceManager; - /** - * An implementation of DatagramChannels. -@@ -53,6 +71,9 @@ + +@@ -54,6 +74,9 @@ // even after the value in the file descriptor object has been set to -1 int fdVal; @@ -1039,7 +1040,7 @@ // IDs of native threads doing reads and writes, for signalling private volatile long readerThread = 0; private volatile long writerThread = 0; -@@ -91,6 +112,9 @@ +@@ -92,6 +115,9 @@ // Our socket adaptor, if any private DatagramSocket socket = null; @@ -1049,15 +1050,17 @@ // -- End of fields protected by stateLock -@@ -98,15 +122,40 @@ - throws IOException - { +@@ -101,6 +127,8 @@ super(sp); -+ this.family = Net.isIPv6Available() ? -+ StandardProtocolFamily.INET6 : StandardProtocolFamily.INET; - this.fd = Net.socket(false); - this.fdVal = IOUtil.fdVal(fd); - this.state = ST_UNCONNECTED; + ResourceManager.beforeUdpCreate(); + try { ++ this.family = Net.isIPv6Available() ? ++ StandardProtocolFamily.INET6 : StandardProtocolFamily.INET; + this.fd = Net.socket(false); + this.fdVal = IOUtil.fdVal(fd); + this.state = ST_UNCONNECTED; +@@ -110,10 +138,33 @@ + } } + public DatagramChannelImpl(SelectorProvider sp, ProtocolFamily family) { @@ -1090,7 +1093,7 @@ this.fd = fd; this.fdVal = IOUtil.fdVal(fd); this.state = ST_UNCONNECTED; -@@ -499,7 +548,7 @@ +@@ -506,7 +557,7 @@ } } @@ -1099,15 +1102,15 @@ synchronized (readLock) { synchronized (writeLock) { synchronized (stateLock) { -@@ -515,6 +564,7 @@ +@@ -522,6 +573,7 @@ } } } -+ return this; ++ return this; } public boolean isConnected() { -@@ -704,4 +754,350 @@ +@@ -712,4 +764,350 @@ initIDs(); } @@ -1159,7 +1162,7 @@ + throw new IllegalArgumentException("Cannot set IP_MULTICAST_IF to 'null'"); + NetworkInterface interf = (NetworkInterface)value; + if (family == StandardProtocolFamily.INET6) { -+ int index = SharedSecrets.getJavaNetGetIndexAccess().getIndex(interf); ++ int index = SharedSecrets.getJavaNetGetIndexAccess().getIndex(interf); + if (index == -1) + throw new IOException("Network interface cannot be identified"); + Net.setInterface6(fd, index); @@ -1459,8 +1462,8 @@ + } diff -Nru openjdk.orig/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java openjdk/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java ---- openjdk.orig/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java 2009-01-20 13:37:15.000000000 +0000 -+++ openjdk/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java 2009-01-27 02:33:08.000000000 +0000 +--- openjdk.orig/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java 2009-10-14 18:17:41.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java 2011-02-09 18:08:16.682865972 +0000 @@ -32,8 +32,15 @@ import java.io.IOException; import java.nio.ByteBuffer; @@ -1510,8 +1513,8 @@ ensureOpen(); int rv = -1; diff -Nru openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java openjdk/jdk/src/share/classes/sun/nio/ch/Net.java ---- openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java 2009-01-15 17:37:33.000000000 +0000 -+++ openjdk/jdk/src/share/classes/sun/nio/ch/Net.java 2009-02-01 00:35:31.000000000 +0000 +--- openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java 2011-02-09 18:07:20.000000000 +0000 ++++ openjdk/jdk/src/share/classes/sun/nio/ch/Net.java 2011-02-09 18:10:11.680081053 +0000 @@ -30,6 +30,15 @@ import java.net.*; import java.nio.channels.*; @@ -1528,13 +1531,13 @@ class Net { // package-private -@@ -108,16 +117,24 @@ +@@ -111,16 +120,24 @@ // -- Socket operations -- + static native boolean isIPv6Available0(); + - static FileDescriptor socket(boolean stream) { + static FileDescriptor socket(boolean stream) throws IOException { - return IOUtil.newFD(socket0(stream, false)); + return socket(UNSPEC, stream); + } @@ -1556,7 +1559,7 @@ static native void bind(FileDescriptor fd, InetAddress addr, int port) throws IOException; -@@ -179,4 +196,314 @@ +@@ -182,4 +199,314 @@ initIDs(); } @@ -1872,8 +1875,8 @@ + } diff -Nru openjdk.orig/jdk/src/share/classes/sun/nio/ch/SelectorProviderImpl.java openjdk/jdk/src/share/classes/sun/nio/ch/SelectorProviderImpl.java ---- openjdk.orig/jdk/src/share/classes/sun/nio/ch/SelectorProviderImpl.java 2009-01-16 03:01:03.000000000 +0000 -+++ openjdk/jdk/src/share/classes/sun/nio/ch/SelectorProviderImpl.java 2009-01-16 03:56:55.000000000 +0000 +--- openjdk.orig/jdk/src/share/classes/sun/nio/ch/SelectorProviderImpl.java 2009-10-14 18:17:42.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/nio/ch/SelectorProviderImpl.java 2011-02-09 18:08:16.682865972 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2001 Sun Microsystems, Inc. All Rights Reserved. @@ -1920,8 +1923,8 @@ - } diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/util/SecurityConstants.java openjdk/jdk/src/share/classes/sun/security/util/SecurityConstants.java ---- openjdk.orig/jdk/src/share/classes/sun/security/util/SecurityConstants.java 2009-01-12 17:45:26.000000000 +0000 -+++ openjdk/jdk/src/share/classes/sun/security/util/SecurityConstants.java 2009-01-12 17:45:39.000000000 +0000 +--- openjdk.orig/jdk/src/share/classes/sun/security/util/SecurityConstants.java 2009-10-14 18:17:47.000000000 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/util/SecurityConstants.java 2011-02-09 18:08:16.682865972 +0000 @@ -52,6 +52,7 @@ public static final String FILE_EXECUTE_ACTION = "execute"; public static final String FILE_READ_ACTION = "read"; @@ -1931,8 +1934,8 @@ public static final String SOCKET_RESOLVE_ACTION = "resolve"; public static final String SOCKET_CONNECT_ACTION = "connect"; diff -Nru openjdk.orig/jdk/src/solaris/classes/sun/nio/ch/FileDispatcher.java openjdk/jdk/src/solaris/classes/sun/nio/ch/FileDispatcher.java ---- openjdk.orig/jdk/src/solaris/classes/sun/nio/ch/FileDispatcher.java 2009-01-19 22:33:37.000000000 +0000 -+++ openjdk/jdk/src/solaris/classes/sun/nio/ch/FileDispatcher.java 2009-01-19 22:33:01.000000000 +0000 +--- openjdk.orig/jdk/src/solaris/classes/sun/nio/ch/FileDispatcher.java 2009-10-14 18:17:57.000000000 +0100 ++++ openjdk/jdk/src/solaris/classes/sun/nio/ch/FileDispatcher.java 2011-02-09 18:08:16.682865972 +0000 @@ -35,6 +35,11 @@ class FileDispatcher extends NativeDispatcher { @@ -1994,8 +1997,8 @@ + } diff -Nru openjdk.orig/jdk/src/solaris/classes/sun/nio/ch/InheritedChannel.java openjdk/jdk/src/solaris/classes/sun/nio/ch/InheritedChannel.java ---- openjdk.orig/jdk/src/solaris/classes/sun/nio/ch/InheritedChannel.java 2009-01-19 13:29:01.000000000 +0000 -+++ openjdk/jdk/src/solaris/classes/sun/nio/ch/InheritedChannel.java 2009-01-19 13:29:27.000000000 +0000 +--- openjdk.orig/jdk/src/solaris/classes/sun/nio/ch/InheritedChannel.java 2009-10-14 18:17:57.000000000 +0100 ++++ openjdk/jdk/src/solaris/classes/sun/nio/ch/InheritedChannel.java 2011-02-09 18:08:16.682865972 +0000 @@ -34,7 +34,8 @@ import java.nio.channels.SocketChannel; import java.nio.channels.ServerSocketChannel; @@ -2007,8 +2010,8 @@ class InheritedChannel { diff -Nru openjdk.orig/jdk/src/solaris/native/sun/nio/ch/Net.c openjdk/jdk/src/solaris/native/sun/nio/ch/Net.c ---- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/Net.c 2009-01-26 20:51:08.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/sun/nio/ch/Net.c 2009-02-01 01:24:41.000000000 +0000 +--- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/Net.c 2009-10-14 18:17:59.000000000 +0100 ++++ openjdk/jdk/src/solaris/native/sun/nio/ch/Net.c 2011-02-09 18:08:16.682865972 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Sun Microsystems, Inc. All Rights Reserved. @@ -2691,8 +2694,8 @@ /* Declared in nio_util.h */ diff -Nru openjdk.orig/jdk/src/solaris/native/sun/nio/ch/nio_util.h openjdk/jdk/src/solaris/native/sun/nio/ch/nio_util.h ---- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/nio_util.h 2009-01-26 22:44:30.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/sun/nio/ch/nio_util.h 2009-01-26 22:44:22.000000000 +0000 +--- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/nio_util.h 2009-10-14 18:17:59.000000000 +0100 ++++ openjdk/jdk/src/solaris/native/sun/nio/ch/nio_util.h 2011-02-09 18:08:16.682865972 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2002 Sun Microsystems, Inc. All Rights Reserved. @@ -2717,8 +2720,8 @@ /* NIO utility procedures */ diff -Nru openjdk.orig/jdk/src/windows/classes/sun/nio/ch/FileDispatcher.java openjdk/jdk/src/windows/classes/sun/nio/ch/FileDispatcher.java ---- openjdk.orig/jdk/src/windows/classes/sun/nio/ch/FileDispatcher.java 2009-01-19 22:35:32.000000000 +0000 -+++ openjdk/jdk/src/windows/classes/sun/nio/ch/FileDispatcher.java 2009-01-19 22:37:37.000000000 +0000 +--- openjdk.orig/jdk/src/windows/classes/sun/nio/ch/FileDispatcher.java 2009-10-14 18:18:00.000000000 +0100 ++++ openjdk/jdk/src/windows/classes/sun/nio/ch/FileDispatcher.java 2011-02-09 18:08:16.682865972 +0000 @@ -36,6 +36,11 @@ class FileDispatcher extends NativeDispatcher { diff -r 24077bd3fcd4 -r d063b76189d8 patches/security/20110215/6878713.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20110215/6878713.patch Wed Feb 09 18:54:34 2011 +0000 @@ -0,0 +1,143 @@ +# HG changeset patch +# User kamg +# Date 1296505046 18000 +# Node ID a6f5011d46a97d3e710aaed5c8ea85af04236c28 +# Parent 2c8e1acf0433db897eb3bc8f6e1276b2c84769b7 +6878713: Verifier heap corruption, relating to backward jsrs +Summary: Added overflow detection in arena Amalloc methods +Reviewed-by: coleenp, phh + +diff --git a/src/share/vm/memory/allocation.cpp b/src/share/vm/memory/allocation.cpp +--- openjdk/hotspot/src/share/vm/memory/allocation.cpp ++++ openjdk/hotspot/src/share/vm/memory/allocation.cpp +@@ -377,6 +377,9 @@ size_t Arena::used() const { + return sum; // Return total consumed space. + } + ++void Arena::signal_out_of_memory(size_t sz, const char* whence) const { ++ vm_exit_out_of_memory(sz, whence); ++} + + // Grow a new Chunk + void* Arena::grow( size_t x ) { +@@ -386,8 +389,9 @@ void* Arena::grow( size_t x ) { + Chunk *k = _chunk; // Get filled-up chunk address + _chunk = new (len) Chunk(len); + +- if (_chunk == NULL) +- vm_exit_out_of_memory(len * Chunk::aligned_overhead_size(), "Arena::grow"); ++ if (_chunk == NULL) { ++ signal_out_of_memory(len * Chunk::aligned_overhead_size(), "Arena::grow"); ++ } + + if (k) k->set_next(_chunk); // Append new chunk to end of linked list + else _first = _chunk; +@@ -484,6 +488,7 @@ void* Arena::malloc(size_t size) { + // for debugging with UseMallocOnly + void* Arena::internal_malloc_4(size_t x) { + assert( (x&(sizeof(char*)-1)) == 0, "misaligned size" ); ++ check_for_overflow(x, "Arena::internal_malloc_4"); + if (_hwm + x > _max) { + return grow(x); + } else { +diff --git a/src/share/vm/memory/allocation.hpp b/src/share/vm/memory/allocation.hpp +--- openjdk/hotspot/src/share/vm/memory/allocation.hpp ++++ openjdk/hotspot/src/share/vm/memory/allocation.hpp +@@ -194,6 +194,15 @@ protected: + friend class AllocStats; + debug_only(void* malloc(size_t size);) + debug_only(void* internal_malloc_4(size_t x);) ++ ++ void signal_out_of_memory(size_t request, const char* whence) const; ++ ++ void check_for_overflow(size_t request, const char* whence) const { ++ if (UINTPTR_MAX - request < (uintptr_t)_hwm) { ++ signal_out_of_memory(request, whence); ++ } ++ } ++ + public: + Arena(); + Arena(size_t init_size); +@@ -207,6 +216,7 @@ protected: + assert(is_power_of_2(ARENA_AMALLOC_ALIGNMENT) , "should be a power of 2"); + x = ARENA_ALIGN(x); + debug_only(if (UseMallocOnly) return malloc(x);) ++ check_for_overflow(x, "Arena::Amalloc"); + NOT_PRODUCT(_bytes_allocated += x); + if (_hwm + x > _max) { + return grow(x); +@@ -220,6 +230,7 @@ protected: + void *Amalloc_4(size_t x) { + assert( (x&(sizeof(char*)-1)) == 0, "misaligned size" ); + debug_only(if (UseMallocOnly) return malloc(x);) ++ check_for_overflow(x, "Arena::Amalloc_4"); + NOT_PRODUCT(_bytes_allocated += x); + if (_hwm + x > _max) { + return grow(x); +@@ -240,6 +251,7 @@ protected: + size_t delta = (((size_t)_hwm + DALIGN_M1) & ~DALIGN_M1) - (size_t)_hwm; + x += delta; + #endif ++ check_for_overflow(x, "Arena::Amalloc_D"); + NOT_PRODUCT(_bytes_allocated += x); + if (_hwm + x > _max) { + return grow(x); // grow() returns a result aligned >= 8 bytes. +diff --git a/src/share/vm/utilities/globalDefinitions_gcc.hpp b/src/share/vm/utilities/globalDefinitions_gcc.hpp +--- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp ++++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_gcc.hpp +@@ -72,6 +72,7 @@ + # endif + + #ifdef LINUX ++#define __STDC_LIMIT_MACROS + #include + #include + #include +diff --git a/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp b/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp +--- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp ++++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_sparcWorks.hpp +@@ -141,6 +141,17 @@ typedef unsigned int uintptr_ + // If this gets an error, figure out a symbol XXX that implies the + // prior definition of intptr_t, and add "&& !defined(XXX)" above. + #endif ++#endif ++ ++// On solaris 8, UINTPTR_MAX is defined as empty. ++// Everywhere else it's an actual value. ++#if UINTPTR_MAX - 1 == -1 ++#undef UINTPTR_MAX ++#ifdef _LP64 ++#define UINTPTR_MAX UINT64_MAX ++#else ++#define UINTPTR_MAX UINT32_MAX ++#endif /* ifdef _LP64 */ + #endif + + // Additional Java basic types +diff --git a/src/share/vm/utilities/globalDefinitions_visCPP.hpp b/src/share/vm/utilities/globalDefinitions_visCPP.hpp +--- openjdk/hotspot/src/share/vm/utilities/globalDefinitions_visCPP.hpp ++++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions_visCPP.hpp +@@ -36,6 +36,7 @@ + # include // for va_list + # include + # include ++# include + // Need this on windows to get the math constants (e.g., M_PI). + #define _USE_MATH_DEFINES + # include +@@ -92,6 +93,14 @@ typedef signed __int64 ssize_t; + #else + typedef signed int intptr_t; + typedef signed int ssize_t; ++#endif ++ ++#ifndef UINTPTR_MAX ++#ifdef _WIN64 ++#define UINTPTR_MAX _UI64_MAX ++#else ++#define UINTPTR_MAX _UI32_MAX ++#endif + #endif + + //---------------------------------------------------------------------------------------------------- diff -r 24077bd3fcd4 -r d063b76189d8 patches/security/20110215/6907662.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20110215/6907662.patch Wed Feb 09 18:54:34 2011 +0000 @@ -0,0 +1,758 @@ +--- openjdk/jdk/src/share/classes/java/awt/AWTEvent.java 2011-01-26 18:38:27.502360608 +0300 ++++ openjdk/jdk/src/share/classes/java/awt/AWTEvent.java 2011-01-26 18:38:27.078362272 +0300 +@@ -33,6 +33,12 @@ + import java.util.logging.Logger; + import java.util.logging.Level; + ++import java.security.AccessControlContext; ++import java.security.AccessController; ++import java.io.ObjectInputStream; ++import java.io.IOException; ++import sun.awt.AWTAccessor; ++ + /** + * The root event class for all AWT events. + * This class and its subclasses supercede the original +@@ -97,10 +103,33 @@ + */ + protected boolean consumed = false; + ++ /* ++ * The event's AccessControlContext. ++ */ ++ private transient volatile AccessControlContext acc = ++ AccessController.getContext(); ++ ++ /* ++ * Returns the acc this event was constructed with. ++ */ ++ final AccessControlContext getAccessControlContext() { ++ if (acc == null) { ++ throw new SecurityException("AWTEvent is missing AccessControlContext"); ++ } ++ return acc; ++ } ++ + transient boolean focusManagerIsDispatching = false; + transient boolean isPosted; + + /** ++ * Indicates whether this AWTEvent was generated by the system as ++ * opposed to by user code. ++ */ ++ private transient boolean isSystemGenerated; ++ ++ ++ /** + * The event mask for selecting component events. + */ + public final static long COMPONENT_EVENT_MASK = 0x01; +@@ -230,6 +259,19 @@ + if (!GraphicsEnvironment.isHeadless()) { + initIDs(); + } ++ AWTAccessor.setAWTEventAccessor(new AWTAccessor.AWTEventAccessor() { ++ public void setSystemGenerated(AWTEvent ev) { ++ ev.isSystemGenerated = true; ++ } ++ ++ public boolean isSystemGenerated(AWTEvent ev) { ++ return ev.isSystemGenerated; ++ } ++ ++ public AccessControlContext getAccessControlContext(AWTEvent ev) { ++ return ev.getAccessControlContext(); ++ } ++ }); + } + + private static synchronized Field get_InputEvent_CanAccessSystemClipboard() { +@@ -564,4 +606,11 @@ + } + } + } ++ ++ private void readObject(ObjectInputStream in) ++ throws ClassNotFoundException, IOException ++ { ++ this.acc = AccessController.getContext(); ++ in.defaultReadObject(); ++ } + } // class AWTEvent +--- openjdk/jdk/src/share/classes/java/awt/Component.java 2011-01-26 18:38:28.678359148 +0300 ++++ openjdk/jdk/src/share/classes/java/awt/Component.java 2011-01-26 18:38:28.166361875 +0300 +@@ -58,9 +58,11 @@ + import java.lang.reflect.Method; + import java.security.AccessController; + import java.security.PrivilegedAction; ++import java.security.AccessControlContext; + import javax.accessibility.*; + import java.util.logging.*; + import java.applet.Applet; ++import sun.awt.AWTAccessor; + + import sun.security.action.GetPropertyAction; + import sun.awt.AppContext; +@@ -451,6 +453,12 @@ + static final Object LOCK = new AWTTreeLock(); + static class AWTTreeLock {} + ++ /* ++ * The component's AccessControlContext. ++ */ ++ private transient volatile AccessControlContext acc = ++ AccessController.getContext(); ++ + /** + * Minimum size. + * (This field perhaps should have been transient). +@@ -641,6 +649,16 @@ + return changeSupportLock; + } + ++ /* ++ * Returns the acc this component was constructed with. ++ */ ++ final AccessControlContext getAccessControlContext() { ++ if (acc == null) { ++ throw new SecurityException("Component is missing AccessControlContext"); ++ } ++ return acc; ++ } ++ + boolean isPacked = false; + + /** +@@ -778,6 +796,16 @@ + } + } + ++ static { ++ AWTAccessor.setComponentAccessor(new AWTAccessor.ComponentAccessor() { ++ public AccessControlContext getAccessControlContext(Component comp) { ++ return comp.getAccessControlContext(); ++ } ++ ++ }); ++ } ++ ++ + /** + * Constructs a new component. Class Component can be + * extended directly to create a lightweight component that does not +@@ -8317,6 +8345,8 @@ + { + changeSupportLock = new Object(); + ++ acc = AccessController.getContext(); ++ + s.defaultReadObject(); + + appContext = AppContext.getAppContext(); +--- openjdk/jdk/src/share/classes/java/awt/EventDispatchThread.java 2011-01-26 18:38:30.086359974 +0300 ++++ openjdk/jdk/src/share/classes/java/awt/EventDispatchThread.java 2011-01-26 18:38:29.658361680 +0300 +@@ -284,10 +284,7 @@ + // Threads in the AppContext + + } +- // Can get and throw only unchecked exceptions +- catch (RuntimeException e) { +- processException(e, modalFiltersCount > 0); +- } catch (Error e) { ++ catch (Throwable e) { + processException(e, modalFiltersCount > 0); + } + return true; +--- openjdk/jdk/src/share/classes/java/awt/EventQueue.java 2011-01-26 18:38:31.062358938 +0300 ++++ openjdk/jdk/src/share/classes/java/awt/EventQueue.java 2011-01-26 18:38:30.658361787 +0300 +@@ -43,6 +43,12 @@ + import sun.awt.PeerEvent; + import sun.awt.SunToolkit; + ++import java.security.AccessControlContext; ++import java.security.ProtectionDomain; ++ ++import sun.misc.SharedSecrets; ++import sun.misc.JavaSecurityAccess; ++ + /** + * EventQueue is a platform-independent class + * that queues events, both from the underlying peer classes +@@ -554,6 +560,9 @@ + return null; + } + ++ private static final JavaSecurityAccess javaSecurityAccess = ++ SharedSecrets.getJavaSecurityAccess(); ++ + /** + * Dispatches an event. The manner in which the event is + * dispatched depends upon the type of the event and the +@@ -592,13 +601,49 @@ + * @throws NullPointerException if event is null + * @since 1.2 + */ +- protected void dispatchEvent(AWTEvent event) { ++ protected void dispatchEvent(final AWTEvent event) { ++ final Object src = event.getSource(); ++ final PrivilegedAction action = new PrivilegedAction() { ++ public Void run() { ++ dispatchEventImpl(event, src); ++ return null; ++ } ++ }; ++ ++ final AccessControlContext stack = AccessController.getContext(); ++ final AccessControlContext srcAcc = getAccessControlContextFrom(src); ++ final AccessControlContext eventAcc = event.getAccessControlContext(); ++ if (srcAcc == null) { ++ javaSecurityAccess.doIntersectionPrivilege(action, stack, eventAcc); ++ } else { ++ javaSecurityAccess.doIntersectionPrivilege( ++ new PrivilegedAction() { ++ public Void run() { ++ javaSecurityAccess.doIntersectionPrivilege(action, eventAcc); ++ return null; ++ } ++ }, stack, srcAcc); ++ } ++ } ++ ++ private static AccessControlContext getAccessControlContextFrom(Object src) { ++ return src instanceof Component ? ++ ((Component)src).getAccessControlContext() : ++ src instanceof MenuComponent ? ++ ((MenuComponent)src).getAccessControlContext() : ++ src instanceof TrayIcon ? ++ ((TrayIcon)src).getAccessControlContext() : ++ null; ++ } ++ ++ /** ++ * Called from dispatchEvent() under a correct AccessControlContext ++ */ ++ private void dispatchEventImpl(final AWTEvent event, final Object src) { + event.isPosted = true; +- Object src = event.getSource(); + if (event instanceof ActiveEvent) { + // This could become the sole method of dispatching in time. + setCurrentEventAndMostRecentTimeImpl(event); +- + ((ActiveEvent)event).dispatch(); + } else if (src instanceof Component) { + ((Component)src).dispatchEvent(event); +--- openjdk/jdk/src/share/classes/java/awt/MenuComponent.java 2011-01-26 18:38:32.326360585 +0300 ++++ openjdk/jdk/src/share/classes/java/awt/MenuComponent.java 2011-01-26 18:38:31.821360242 +0300 +@@ -32,6 +32,9 @@ + import sun.awt.SunToolkit; + import javax.accessibility.*; + ++import java.security.AccessControlContext; ++import java.security.AccessController; ++ + /** + * The abstract class MenuComponent is the superclass + * of all menu-related components. In this respect, the class +@@ -99,6 +102,23 @@ + boolean newEventsOnly = false; + + /* ++ * The menu's AccessControlContext. ++ */ ++ private transient volatile AccessControlContext acc = ++ AccessController.getContext(); ++ ++ /* ++ * Returns the acc this menu component was constructed with. ++ */ ++ final AccessControlContext getAccessControlContext() { ++ if (acc == null) { ++ throw new SecurityException( ++ "MenuComponent is missing AccessControlContext"); ++ } ++ return acc; ++ } ++ ++ /* + * Internal constants for serialization. + */ + final static String actionListenerK = Component.actionListenerK; +@@ -385,6 +405,9 @@ + throws ClassNotFoundException, IOException, HeadlessException + { + GraphicsEnvironment.checkHeadless(); ++ ++ acc = AccessController.getContext(); ++ + s.defaultReadObject(); + + appContext = AppContext.getAppContext(); +--- openjdk/jdk/src/share/classes/java/awt/TrayIcon.java 2011-01-26 18:38:33.458362899 +0300 ++++ openjdk/jdk/src/share/classes/java/awt/TrayIcon.java 2011-01-26 18:38:33.014361521 +0300 +@@ -39,6 +39,8 @@ + import sun.awt.AppContext; + import sun.awt.SunToolkit; + import java.util.EventObject; ++import java.security.AccessControlContext; ++import java.security.AccessController; + + /** + * A TrayIcon object represents a tray icon that can be +@@ -89,6 +91,7 @@ + * @author Anton Tarasov + */ + public class TrayIcon { ++ + private Image image; + private String tooltip; + private PopupMenu popup; +@@ -102,6 +105,24 @@ + transient MouseMotionListener mouseMotionListener; + transient ActionListener actionListener; + ++ /* ++ * The tray icon's AccessControlContext. ++ * ++ * Unlike the acc in Component, this field is made final ++ * because TrayIcon is not serializable. ++ */ ++ private final AccessControlContext acc = AccessController.getContext(); ++ ++ /* ++ * Returns the acc this tray icon was constructed with. ++ */ ++ final AccessControlContext getAccessControlContext() { ++ if (acc == null) { ++ throw new SecurityException("TrayIcon is missing AccessControlContext"); ++ } ++ return acc; ++ } ++ + static { + Toolkit.loadLibraries(); + if (!GraphicsEnvironment.isHeadless()) { +--- openjdk/jdk/src/share/classes/java/security/AccessControlContext.java 2011-01-26 18:38:34.693361438 +0300 ++++ openjdk/jdk/src/share/classes/java/security/AccessControlContext.java 2011-01-26 18:38:34.218359986 +0300 +@@ -29,6 +29,9 @@ + import java.util.List; + import sun.security.util.Debug; + import sun.security.util.SecurityConstants; ++import sun.misc.JavaSecurityAccess; ++import sun.misc.SharedSecrets; ++ + + /** + * An AccessControlContext is used to make system resource access decisions +@@ -87,6 +90,36 @@ + private static boolean debugInit = false; + private static Debug debug = null; + ++ static { ++ // Set up JavaSecurityAccess in SharedSecrets ++ SharedSecrets.setJavaSecurityAccess( ++ new JavaSecurityAccess() { ++ public T doIntersectionPrivilege( ++ PrivilegedAction action, ++ final AccessControlContext stack, ++ final AccessControlContext context) ++ { ++ if (action == null) { ++ throw new NullPointerException(); ++ } ++ return AccessController.doPrivileged( ++ action, ++ new AccessControlContext( ++ stack.getContext(), context).optimize() ++ ); ++ } ++ ++ public T doIntersectionPrivilege( ++ PrivilegedAction action, ++ AccessControlContext context) ++ { ++ return doIntersectionPrivilege(action, ++ AccessController.getContext(), context); ++ } ++ } ++ ); ++ } ++ + static Debug getDebug() + { + if (debugInit) +@@ -194,6 +227,24 @@ + } + + /** ++ * Constructor for JavaSecurityAccess.doIntersectionPrivilege() ++ */ ++ AccessControlContext(ProtectionDomain[] context, ++ AccessControlContext privilegedContext) ++ { ++ this.context = context; ++ this.privilegedContext = privilegedContext; ++ this.isPrivileged = true; ++ } ++ ++ /** ++ * Returns this context's context. ++ */ ++ ProtectionDomain[] getContext() { ++ return context; ++ } ++ ++ /** + * Returns true if this context is privileged. + */ + boolean isPrivileged() +--- openjdk/jdk/src/share/classes/javax/swing/Timer.java 2011-01-26 18:38:35.702358958 +0300 ++++ openjdk/jdk/src/share/classes/javax/swing/Timer.java 2011-01-26 18:38:35.290359835 +0300 +@@ -35,6 +35,10 @@ + import java.awt.*; + import java.awt.event.*; + import java.io.Serializable; ++import java.io.*; ++import java.security.AccessControlContext; ++import java.security.AccessController; ++import java.security.PrivilegedAction; + import javax.swing.event.EventListenerList; + + +@@ -174,6 +178,23 @@ + + private transient final Lock lock = new ReentrantLock(); + ++ /* ++ * The timer's AccessControlContext. ++ */ ++ private transient volatile AccessControlContext acc = ++ AccessController.getContext(); ++ ++ /** ++ * Returns the acc this timer was constructed with. ++ */ ++ final AccessControlContext getAccessControlContext() { ++ if (acc == null) { ++ throw new SecurityException( ++ "Timer is missing AccessControlContext"); ++ } ++ return acc; ++ } ++ + // This field is maintained by TimerQueue. + // eventQueued can also be reset by the TimerQueue, but will only ever + // happen in applet case when TimerQueues thread is destroyed. +@@ -191,7 +212,7 @@ + * + * @param delay milliseconds for the initial and between-event delay + * @param listener an initial listener; can be null +- * ++ + * @see #addActionListener + * @see #setInitialDelay + * @see #setRepeats +@@ -208,7 +229,6 @@ + } + } + +- + /** + * DoPostEvent is a runnable class that fires actionEvents to + * the listeners on the EventDispatchThread, via invokeLater. +@@ -589,7 +609,12 @@ + + void post() { + if (notify.compareAndSet(false, true) || !coalesce) { +- SwingUtilities.invokeLater(doPostEvent); ++ AccessController.doPrivileged(new PrivilegedAction() { ++ public Void run() { ++ SwingUtilities.invokeLater(doPostEvent); ++ return null; ++ } ++ }, getAccessControlContext()); + } + } + +@@ -611,4 +636,11 @@ + timer.actionCommand = actionCommand; + return timer; + } ++ ++ private void readObject(ObjectInputStream in) ++ throws ClassNotFoundException, IOException ++ { ++ this.acc = AccessController.getContext(); ++ in.defaultReadObject(); ++ } + } +--- openjdk/jdk/src/share/classes/javax/swing/TransferHandler.java 2011-01-26 18:38:36.678359115 +0300 ++++ openjdk/jdk/src/share/classes/javax/swing/TransferHandler.java 2011-01-26 18:38:36.270359956 +0300 +@@ -41,6 +41,16 @@ + import sun.awt.AppContext; + import sun.swing.*; + ++import java.security.AccessController; ++import java.security.PrivilegedAction; ++ ++import java.security.AccessControlContext; ++import java.security.ProtectionDomain; ++import sun.misc.SharedSecrets; ++import sun.misc.JavaSecurityAccess; ++ ++import sun.awt.AWTAccessor; ++ + /** + * This class is used to handle the transfer of a Transferable + * to and from Swing components. The Transferable is used to +@@ -1640,7 +1650,37 @@ + return true; + } + +- public void actionPerformed(ActionEvent e) { ++ private static final JavaSecurityAccess javaSecurityAccess = ++ SharedSecrets.getJavaSecurityAccess(); ++ ++ public void actionPerformed(final ActionEvent e) { ++ final Object src = e.getSource(); ++ ++ final PrivilegedAction action = new PrivilegedAction() { ++ public Void run() { ++ actionPerformedImpl(e); ++ return null; ++ } ++ }; ++ ++ final AccessControlContext stack = AccessController.getContext(); ++ final AccessControlContext srcAcc = AWTAccessor.getComponentAccessor().getAccessControlContext((Component)src); ++ final AccessControlContext eventAcc = AWTAccessor.getAWTEventAccessor().getAccessControlContext(e); ++ ++ if (srcAcc == null) { ++ javaSecurityAccess.doIntersectionPrivilege(action, stack, eventAcc); ++ } else { ++ javaSecurityAccess.doIntersectionPrivilege( ++ new PrivilegedAction() { ++ public Void run() { ++ javaSecurityAccess.doIntersectionPrivilege(action, eventAcc); ++ return null; ++ } ++ }, stack, srcAcc); ++ } ++ } ++ ++ private void actionPerformedImpl(ActionEvent e) { + Object src = e.getSource(); + if (src instanceof JComponent) { + JComponent c = (JComponent) src; +--- openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java 2011-01-26 18:38:37.918360769 +0300 ++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java 2011-01-26 18:38:37.421362526 +0300 +@@ -31,6 +31,8 @@ + import java.io.FileDescriptor; + import java.security.ProtectionDomain; + ++import java.security.AccessController; ++ + /** A repository of "shared secrets", which are a mechanism for + calling implementation-private methods in another package without + using reflection. A package-private class implements a public +@@ -49,6 +51,7 @@ + private static JavaNetAccess javaNetAccess; + private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; + private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess; ++ private static JavaSecurityAccess javaSecurityAccess; + + public static JavaUtilJarAccess javaUtilJarAccess() { + if (javaUtilJarAccess == null) { +@@ -124,4 +127,15 @@ + + return javaSecurityProtectionDomainAccess; + } ++ ++ public static void setJavaSecurityAccess(JavaSecurityAccess jsa) { ++ javaSecurityAccess = jsa; ++ } ++ ++ public static JavaSecurityAccess getJavaSecurityAccess() { ++ if (javaSecurityAccess == null) { ++ unsafe.ensureClassInitialized(AccessController.class); ++ } ++ return javaSecurityAccess; ++ } + } +--- /dev/null 2011-01-25 15:27:47.225362334 +0300 ++++ openjdk/jdk/src/share/classes/sun/awt/AWTAccessor.java 2011-01-26 18:38:38.506361467 +0300 +@@ -0,0 +1,132 @@ ++/* ++ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.awt; ++ ++import java.awt.*; ++import java.awt.event.InputEvent; ++import java.awt.geom.Point2D; ++import java.awt.image.BufferedImage; ++ ++import sun.misc.Unsafe; ++import java.awt.peer.ComponentPeer; ++ ++import java.security.AccessController; ++import java.security.AccessControlContext; ++ ++/** ++ * The AWTAccessor utility class. ++ * The main purpose of this class is to enable accessing ++ * private and package-private fields of classes from ++ * different classes/packages. See sun.misc.SharedSecretes ++ * for another example. ++ */ ++public final class AWTAccessor { ++ ++ private static final Unsafe unsafe = Unsafe.getUnsafe(); ++ ++ /* ++ * We don't need any objects of this class. ++ * It's rather a collection of static methods ++ * and interfaces. ++ */ ++ private AWTAccessor() { ++ } ++ ++ /* ++ * An interface of accessor for the java.awt.Component class. ++ */ ++ public interface ComponentAccessor { ++ /* ++ * Returns the acc this component was constructed with. ++ */ ++ AccessControlContext getAccessControlContext(Component comp); ++ } ++ ++ /* ++ * An accessor for the AWTEvent class. ++ */ ++ public interface AWTEventAccessor { ++ /** ++ * Sets the flag on this AWTEvent indicating that it was ++ * generated by the system. ++ */ ++ void setSystemGenerated(AWTEvent ev); ++ ++ /** ++ * Indicates whether this AWTEvent was generated by the system. ++ */ ++ boolean isSystemGenerated(AWTEvent ev); ++ ++ ++ /* ++ * Returns the acc this event was constructed with. ++ */ ++ AccessControlContext getAccessControlContext(AWTEvent ev); ++ ++ } ++ ++ /* ++ * Accessor instances are initialized in the static initializers of ++ * corresponding AWT classes by using setters defined below. ++ */ ++ private static ComponentAccessor componentAccessor; ++ private static AWTEventAccessor awtEventAccessor; ++ ++ /* ++ * Set an accessor object for the java.awt.Component class. ++ */ ++ public static void setComponentAccessor(ComponentAccessor ca) { ++ componentAccessor = ca; ++ } ++ ++ /* ++ * Retrieve the accessor object for the java.awt.Component class. ++ */ ++ public static ComponentAccessor getComponentAccessor() { ++ if (componentAccessor == null) { ++ unsafe.ensureClassInitialized(Component.class); ++ } ++ ++ return componentAccessor; ++ } ++ ++ /* ++ * Set an accessor object for the java.awt.AWTEvent class. ++ */ ++ public static void setAWTEventAccessor(AWTEventAccessor aea) { ++ awtEventAccessor = aea; ++ } ++ ++ /* ++ * Retrieve the accessor object for the java.awt.AWTEvent class. ++ */ ++ public static AWTEventAccessor getAWTEventAccessor() { ++ if (awtEventAccessor == null) { ++ unsafe.ensureClassInitialized(AWTEvent.class); ++ } ++ return awtEventAccessor; ++ } ++} +--- /dev/null 2011-01-25 15:27:47.225362334 +0300 ++++ openjdk/jdk/src/share/classes/sun/misc/JavaSecurityAccess.java 2011-01-26 18:38:39.446362054 +0300 +@@ -0,0 +1,40 @@ ++/* ++ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.misc; ++ ++import java.security.AccessControlContext; ++import java.security.PrivilegedAction; ++ ++public interface JavaSecurityAccess { ++ ++ T doIntersectionPrivilege(PrivilegedAction action, ++ AccessControlContext stack, ++ AccessControlContext context); ++ ++ T doIntersectionPrivilege(PrivilegedAction action, ++ AccessControlContext context); ++ ++} diff -r 24077bd3fcd4 -r d063b76189d8 patches/security/20110215/6981922.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20110215/6981922.patch Wed Feb 09 18:54:34 2011 +0000 @@ -0,0 +1,245 @@ +# HG changeset patch +# User michaelm +# Date 1296485276 28800 +# Node ID 1da22d47056eebecb9aec43c8d79c0f9f54ff04b +# Parent 0933d8b8547a6c657b4d4f636ac6b94e70bb2e40 +6981922: DNS cache poisoning by untrusted applets +Reviewed-by: chegar + +diff --git a/make/sun/net/FILES_java.gmk b/make/sun/net/FILES_java.gmk +--- openjdk/jdk/make/sun/net/FILES_java.gmk ++++ openjdk/jdk/make/sun/net/FILES_java.gmk +@@ -34,6 +34,7 @@ FILES_java = \ + sun/net/ProgressEvent.java \ + sun/net/ProgressListener.java \ + sun/net/ProgressMeteringPolicy.java \ ++ sun/net/ResourceManager.java \ + sun/net/TelnetInputStream.java \ + sun/net/TelnetOutputStream.java \ + sun/net/TelnetProtocolException.java \ +diff --git a/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java b/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java +--- openjdk/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java ++++ openjdk/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java +@@ -28,6 +28,7 @@ import java.io.IOException; + import java.io.IOException; + import java.io.InterruptedIOException; + import java.util.Enumeration; ++import sun.net.ResourceManager; + + /** + * Abstract datagram and multicast socket implementation base class. +@@ -65,8 +66,15 @@ abstract class AbstractPlainDatagramSock + * Creates a datagram socket + */ + protected synchronized void create() throws SocketException { ++ ResourceManager.beforeUdpCreate(); + fd = new FileDescriptor(); +- datagramSocketCreate(); ++ try { ++ datagramSocketCreate(); ++ } catch (SocketException ioe) { ++ ResourceManager.afterUdpClose(); ++ fd = null; ++ throw ioe; ++ } + } + + /** +@@ -211,6 +219,7 @@ abstract class AbstractPlainDatagramSock + protected void close() { + if (fd != null) { + datagramSocketClose(); ++ ResourceManager.afterUdpClose(); + fd = null; + } + } +diff --git a/src/share/classes/java/net/AbstractPlainSocketImpl.java b/src/share/classes/java/net/AbstractPlainSocketImpl.java +--- openjdk/jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java ++++ openjdk/jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java +@@ -33,6 +33,7 @@ import java.io.ByteArrayOutputStream; + import java.io.ByteArrayOutputStream; + + import sun.net.ConnectionResetException; ++import sun.net.ResourceManager; + + /** + * Default Socket Implementation. This implementation does +@@ -69,6 +70,10 @@ abstract class AbstractPlainSocketImpl e + private int resetState; + private Object resetLock = new Object(); + ++ /* whether this Socket is a stream (TCP) socket or not (UDP) ++ */ ++ private boolean stream; ++ + /** + * Load net library into runtime. + */ +@@ -83,7 +88,19 @@ abstract class AbstractPlainSocketImpl e + */ + protected synchronized void create(boolean stream) throws IOException { + fd = new FileDescriptor(); +- socketCreate(stream); ++ this.stream = stream; ++ if (!stream) { ++ ResourceManager.beforeUdpCreate(); ++ try { ++ socketCreate(false); ++ } catch (IOException ioe) { ++ ResourceManager.afterUdpClose(); ++ fd = null; ++ throw ioe; ++ } ++ } else { ++ socketCreate(true); ++ } + if (socket != null) + socket.setCreated(); + if (serverSocket != null) +@@ -458,6 +475,9 @@ abstract class AbstractPlainSocketImpl e + protected void close() throws IOException { + synchronized(fdLock) { + if (fd != null) { ++ if (!stream) { ++ ResourceManager.afterUdpClose(); ++ } + if (fdUseCount == 0) { + if (closePending) { + return; +diff --git a/src/share/classes/sun/net/ResourceManager.java b/src/share/classes/sun/net/ResourceManager.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/src/share/classes/sun/net/ResourceManager.java +@@ -0,0 +1,82 @@ ++/* ++ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.net; ++ ++import java.net.SocketException; ++import java.util.concurrent.atomic.AtomicInteger; ++import sun.security.action.GetPropertyAction; ++ ++/** ++ * Manages count of total number of UDP sockets and ensures ++ * that exception is thrown if we try to create more than the ++ * configured limit. ++ * ++ * This functionality could be put in NetHooks some time in future. ++ */ ++ ++public class ResourceManager { ++ ++ /* default maximum number of udp sockets per VM ++ * when a security manager is enabled. ++ * The default is 1024 which is high enough to be useful ++ * but low enough to be well below the maximum number ++ * of port numbers actually available on all OSes for ++ * such sockets (5000 on some versions of windows) ++ */ ++ ++ private static final int DEFAULT_MAX_SOCKETS = 1024; ++ private static final int maxSockets; ++ private static final AtomicInteger numSockets; ++ ++ static { ++ String prop = java.security.AccessController.doPrivileged( ++ new GetPropertyAction("sun.net.maxDatagramSockets") ++ ); ++ int defmax = DEFAULT_MAX_SOCKETS; ++ try { ++ if (prop != null) { ++ defmax = Integer.parseInt(prop); ++ } ++ } catch (NumberFormatException e) {} ++ maxSockets = defmax; ++ numSockets = new AtomicInteger(0); ++ } ++ ++ public static void beforeUdpCreate() throws SocketException { ++ if (System.getSecurityManager() != null) { ++ if (numSockets.incrementAndGet() > maxSockets) { ++ numSockets.decrementAndGet(); ++ throw new SocketException("maximum number of DatagramSockets reached"); ++ } ++ } ++ } ++ ++ public static void afterUdpClose() { ++ if (System.getSecurityManager() != null) { ++ numSockets.decrementAndGet(); ++ } ++ } ++} +diff --git a/src/share/classes/sun/nio/ch/DatagramChannelImpl.java b/src/share/classes/sun/nio/ch/DatagramChannelImpl.java +--- openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java ++++ openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java +@@ -32,6 +32,7 @@ import java.nio.channels.*; + import java.nio.channels.*; + import java.nio.channels.spi.*; + import java.lang.ref.SoftReference; ++import sun.net.ResourceManager; + + + /** +@@ -98,9 +99,15 @@ class DatagramChannelImpl + throws IOException + { + super(sp); +- this.fd = Net.socket(false); +- this.fdVal = IOUtil.fdVal(fd); +- this.state = ST_UNCONNECTED; ++ ResourceManager.beforeUdpCreate(); ++ try { ++ this.fd = Net.socket(false); ++ this.fdVal = IOUtil.fdVal(fd); ++ this.state = ST_UNCONNECTED; ++ } catch (IOException ioe) { ++ ResourceManager.afterUdpClose(); ++ throw ioe; ++ } + } + + public DatagramChannelImpl(SelectorProvider sp, FileDescriptor fd) +@@ -587,6 +594,7 @@ class DatagramChannelImpl + protected void implCloseSelectableChannel() throws IOException { + synchronized (stateLock) { + nd.preClose(fd); ++ ResourceManager.afterUdpClose(); + long th; + if ((th = readerThread) != 0) + NativeThread.signal(th); +diff --git a/src/share/classes/sun/nio/ch/Net.java b/src/share/classes/sun/nio/ch/Net.java +--- openjdk/jdk/src/share/classes/sun/nio/ch/Net.java ++++ openjdk/jdk/src/share/classes/sun/nio/ch/Net.java +@@ -111,7 +111,7 @@ class Net { + + // -- Socket operations -- + +- static FileDescriptor socket(boolean stream) { ++ static FileDescriptor socket(boolean stream) throws IOException { + return IOUtil.newFD(socket0(stream, false)); + } + diff -r 24077bd3fcd4 -r d063b76189d8 patches/security/20110215/6983554.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20110215/6983554.patch Wed Feb 09 18:54:34 2011 +0000 @@ -0,0 +1,20 @@ +# HG changeset patch +# User ksrini +# Date 1288026697 25200 +# Node ID 547ec9b43edde622a08cc9bae0f4e2efae861796 +# Parent 9216ec4e4c1443fe854872630aa8b3726523c0c9 +6983554: (launcher) Fix empty user's LD_LIBRARY_PATH environment variable in the launcher +Reviewed-by: darcy, ohair, asaha + +diff --git a/src/solaris/bin/java_md.c b/src/solaris/bin/java_md.c +--- openjdk/jdk/src/solaris/bin/java_md.c ++++ openjdk/jdk/src/solaris/bin/java_md.c +@@ -484,7 +484,7 @@ CreateExecutionEnvironment(int *_argcp, + * LD_LIBRARY_PATH. Note that this prevents any possible infinite + * loop of execv() because we test for the prefix, above. + */ +- if (runpath != 0) { ++ if (runpath != 0 && (runpath[0] != '\0')) { + strcat(new_runpath, ":"); + strcat(new_runpath, runpath); + } diff -r 24077bd3fcd4 -r d063b76189d8 patches/security/20110215/6994263.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20110215/6994263.patch Wed Feb 09 18:54:34 2011 +0000 @@ -0,0 +1,33 @@ +--- openjdk/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Nov 1 13:25:19 2010 ++++ openjdk/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Nov 1 13:25:18 2010 +@@ -247,6 +247,8 @@ + + if (!_alreadyInitialized) { + _transformHash = new HashMap(10); ++ // make sure builtin algorithms are all registered first ++ com.sun.org.apache.xml.internal.security.Init.init(); + _alreadyInitialized = true; + } + } +@@ -274,19 +276,13 @@ + "algorithm.alreadyRegistered", exArgs); + } + +- ClassLoader cl = (ClassLoader) AccessController.doPrivileged( +- new PrivilegedAction() { +- public Object run() { +- return Thread.currentThread().getContextClassLoader(); +- } +- }); ++ ClassLoader cl = Thread.currentThread().getContextClassLoader(); + + try { + Transform._transformHash.put + (algorithmURI, Class.forName(implementingClass, true, cl)); + } catch (ClassNotFoundException e) { +- // TODO Auto-generated catch block +- e.printStackTrace(); ++ throw new RuntimeException(e); + } + } + }