# HG changeset patch # User Andrew John Hughes # Date 1328873113 0 # Node ID 08e7c18e12c15025043549e48591046902c0c6a1 # Parent f096a649346318d583ef0ef196dd921aebefef21 Add 2012/02/14 security patches. 2012-02-08 Omair Majid * NEWS: Update with security fixes. * Makefile.am (SECURITY_PATCHES): Add security patches. (SPECIAL_SECURITY_PATCH): Add new variable. (ICEDTEA_PATCHES): Add security patch that epends on backport. * patches/security/20120214/7082299.patch, * patches/security/20120214/7088367.patch, * patches/security/20120214/7110683.patch, * patches/security/20120214/7110687.patch, * patches/security/20120214/7110700.patch, * patches/security/20120214/7110704.patch, * patches/security/20120214/7112642.patch, * patches/security/20120214/7118283.patch, * patches/security/20120214/7126960.patch: New security fixes. diff -r f096a6493463 -r 08e7c18e12c1 ChangeLog --- a/ChangeLog Thu Jan 12 13:04:39 2012 +0000 +++ b/ChangeLog Fri Feb 10 11:25:13 2012 +0000 @@ -1,3 +1,20 @@ +2012-02-08 Omair Majid + + * NEWS: Update with security fixes. + * Makefile.am + (SECURITY_PATCHES): Add security patches. + (SPECIAL_SECURITY_PATCH): Add new variable. + (ICEDTEA_PATCHES): Add security patch that epends on backport. + * patches/security/20120214/7082299.patch, + * patches/security/20120214/7088367.patch, + * patches/security/20120214/7110683.patch, + * patches/security/20120214/7110687.patch, + * patches/security/20120214/7110700.patch, + * patches/security/20120214/7110704.patch, + * patches/security/20120214/7112642.patch, + * patches/security/20120214/7118283.patch, + * patches/security/20120214/7126960.patch: New security fixes. + 2012-01-12 Andrew John Hughes * NEWS: Add 1.8.13. diff -r f096a6493463 -r 08e7c18e12c1 Makefile.am --- a/Makefile.am Thu Jan 12 13:04:39 2012 +0000 +++ b/Makefile.am Fri Feb 10 11:25:13 2012 +0000 @@ -280,7 +280,15 @@ patches/security/20111018/7083012.patch \ patches/security/20111018/7096936.patch \ patches/security/20111018/7046794.patch \ - patches/security/20111018/7077466.patch + patches/security/20111018/7077466.patch \ + patches/security/20120214/7082299.patch \ + patches/security/20120214/7088367.patch \ + patches/security/20120214/7110683.patch \ + patches/security/20120214/7110687.patch \ + patches/security/20120214/7110700.patch \ + patches/security/20120214/7110704.patch \ + patches/security/20120214/7118283.patch \ + patches/security/20120214/7126960.patch ICEDTEA_PATCHES = \ $(SECURITY_PATCHES) \ diff -r f096a6493463 -r 08e7c18e12c1 NEWS --- a/NEWS Thu Jan 12 13:04:39 2012 +0000 +++ b/NEWS Fri Feb 10 11:25:13 2012 +0000 @@ -10,6 +10,17 @@ New in release 1.8.13 (XXXX-XX-XX): +* Security fixes + - S7082299: Fix in AtomicReferenceArray + - S7088367: Fix issues in java sound + - S7110683: Issues with some KeyboardFocusManager method + - S7110687: Issues with TimeZone class + - S7110700: Enhance exception throwing mechanism in ObjectStreamClass + - S7110704: Issues with some method in corba + - S7112642: Incorrect checking for graphics rendering object + - S7118283: Better input parameter checking in zip file processing + - S7126960: Add property to limit number of request headers to the HTTP Server + New in release 1.8.12 (2012-01-11): * Backports diff -r f096a6493463 -r 08e7c18e12c1 patches/security/20120214/7082299.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20120214/7082299.patch Fri Feb 10 11:25:13 2012 +0000 @@ -0,0 +1,201 @@ +# HG changeset patch +# User robm +# Date 1322691030 0 +# Node ID ee0f12b18cb8d20c3fb61e96817bde6318a29221 +# Parent dd8956e41b892ed7102e1d5668781f2c68ea9ac5 +7082299: AtomicReferenceArray should ensure that array is Object[] +Summary: java.util.concurrent.AtomicReferenceArray needs to ensure that internal array is always Object[]. +Reviewed-by: chegar, coffeys + +diff --git a/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java b/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java +--- openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java ++++ openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java +@@ -34,8 +34,9 @@ + */ + + package java.util.concurrent.atomic; ++import java.lang.reflect.Array; ++import java.util.Arrays; + import sun.misc.Unsafe; +-import java.util.*; + + /** + * An array of object references in which elements may be updated +@@ -49,15 +50,37 @@ public class AtomicReferenceArray imp + public class AtomicReferenceArray implements java.io.Serializable { + private static final long serialVersionUID = -6209656149925076980L; + +- private static final Unsafe unsafe = Unsafe.getUnsafe(); +- private static final int base = unsafe.arrayBaseOffset(Object[].class); +- private static final int scale = unsafe.arrayIndexScale(Object[].class); +- private final Object[] array; ++ private static final Unsafe unsafe; ++ private static final int base; ++ private static final int shift; ++ private static final long arrayFieldOffset; ++ private final Object[] array; // must have exact type Object[] + +- private long rawIndex(int i) { ++ static { ++ int scale; ++ try { ++ unsafe = Unsafe.getUnsafe(); ++ arrayFieldOffset = unsafe.objectFieldOffset ++ (AtomicReferenceArray.class.getDeclaredField("array")); ++ base = unsafe.arrayBaseOffset(Object[].class); ++ scale = unsafe.arrayIndexScale(Object[].class); ++ } catch (Exception e) { ++ throw new Error(e); ++ } ++ if ((scale & (scale - 1)) != 0) ++ throw new Error("data type scale not a power of two"); ++ shift = 31 - Integer.numberOfLeadingZeros(scale); ++ } ++ ++ private long checkedByteOffset(int i) { + if (i < 0 || i >= array.length) + throw new IndexOutOfBoundsException("index " + i); +- return base + (long) i * scale; ++ ++ return byteOffset(i); ++ } ++ ++ private static long byteOffset(int i) { ++ return ((long) i << shift) + base; + } + + /** +@@ -66,9 +89,6 @@ public class AtomicReferenceArray imp + */ + public AtomicReferenceArray(int length) { + array = new Object[length]; +- // must perform at least one volatile write to conform to JMM +- if (length > 0) +- unsafe.putObjectVolatile(array, rawIndex(0), null); + } + + /** +@@ -79,18 +99,8 @@ public class AtomicReferenceArray imp + * @throws NullPointerException if array is null + */ + public AtomicReferenceArray(E[] array) { +- if (array == null) +- throw new NullPointerException(); +- int length = array.length; +- this.array = new Object[length]; +- if (length > 0) { +- int last = length-1; +- for (int i = 0; i < last; ++i) +- this.array[i] = array[i]; +- // Do the last write as volatile +- E e = array[last]; +- unsafe.putObjectVolatile(this.array, rawIndex(last), e); +- } ++ // Visibility guaranteed by final field guarantees ++ this.array = Arrays.copyOf(array, array.length, Object[].class); + } + + /** +@@ -109,7 +119,11 @@ public class AtomicReferenceArray imp + * @return the current value + */ + public final E get(int i) { +- return (E) unsafe.getObjectVolatile(array, rawIndex(i)); ++ return getRaw(checkedByteOffset(i)); ++ } ++ ++ private E getRaw(long offset) { ++ return (E) unsafe.getObjectVolatile(array, offset); + } + + /** +@@ -119,7 +133,7 @@ public class AtomicReferenceArray imp + * @param newValue the new value + */ + public final void set(int i, E newValue) { +- unsafe.putObjectVolatile(array, rawIndex(i), newValue); ++ unsafe.putObjectVolatile(array, checkedByteOffset(i), newValue); + } + + /** +@@ -130,7 +144,7 @@ public class AtomicReferenceArray imp + * @since 1.6 + */ + public final void lazySet(int i, E newValue) { +- unsafe.putOrderedObject(array, rawIndex(i), newValue); ++ unsafe.putOrderedObject(array, checkedByteOffset(i), newValue); + } + + +@@ -143,9 +157,10 @@ public class AtomicReferenceArray imp + * @return the previous value + */ + public final E getAndSet(int i, E newValue) { ++ long offset = checkedByteOffset(i); + while (true) { +- E current = get(i); +- if (compareAndSet(i, current, newValue)) ++ E current = getRaw(offset); ++ if (compareAndSetRaw(offset, current, newValue)) + return current; + } + } +@@ -153,6 +168,7 @@ public class AtomicReferenceArray imp + /** + * Atomically sets the element at position {@code i} to the given + * updated value if the current value {@code ==} the expected value. ++ * + * @param i the index + * @param expect the expected value + * @param update the new value +@@ -160,8 +176,11 @@ public class AtomicReferenceArray imp + * the actual value was not equal to the expected value. + */ + public final boolean compareAndSet(int i, E expect, E update) { +- return unsafe.compareAndSwapObject(array, rawIndex(i), +- expect, update); ++ return compareAndSetRaw(checkedByteOffset(i), expect, update); ++ } ++ ++ private boolean compareAndSetRaw(long offset, E expect, E update) { ++ return unsafe.compareAndSwapObject(array, offset, expect, update); + } + + /** +@@ -186,9 +205,33 @@ public class AtomicReferenceArray imp + * @return the String representation of the current values of array. + */ + public String toString() { +- if (array.length > 0) // force volatile read +- get(0); +- return Arrays.toString(array); ++ int iMax = array.length - 1; ++ if (iMax == -1) ++ return "[]"; ++ ++ StringBuilder b = new StringBuilder(); ++ b.append('['); ++ for (int i = 0; ; i++) { ++ b.append(getRaw(byteOffset(i))); ++ if (i == iMax) ++ return b.append(']').toString(); ++ b.append(',').append(' '); ++ } ++ } ++ ++ /** ++ * Reconstitutes the instance from a stream (that is, deserializes it). ++ * @param s the stream ++ */ ++ private void readObject(java.io.ObjectInputStream s) ++ throws java.io.IOException, ClassNotFoundException { ++ // Note: This must be changed if any additional fields are defined ++ Object a = s.readFields().get("array", null); ++ if (a == null || !a.getClass().isArray()) ++ throw new java.io.InvalidObjectException("Not array type"); ++ if (a.getClass() != Object[].class) ++ a = Arrays.copyOf((Object[])a, Array.getLength(a), Object[].class); ++ unsafe.putObjectVolatile(this, arrayFieldOffset, a); + } + + } diff -r f096a6493463 -r 08e7c18e12c1 patches/security/20120214/7088367.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20120214/7088367.patch Fri Feb 10 11:25:13 2012 +0000 @@ -0,0 +1,45 @@ +# HG changeset patch +# User amenkov +# Date 1319622989 -14400 +# Node ID b34a3ed0c8f2f6b9121d38ed330430d913f8a385 +# Parent cdc68d7a17dd412402b100dc427abbe0a90cf2ab +7088367: JavaSound security issue (12865443) +Reviewed-by: denis + +diff --git a/src/share/classes/com/sun/media/sound/DirectAudioDevice.java b/src/share/classes/com/sun/media/sound/DirectAudioDevice.java +--- openjdk/jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java ++++ openjdk/jdk/src/share/classes/com/sun/media/sound/DirectAudioDevice.java +@@ -771,7 +771,7 @@ class DirectAudioDevice extends Abstract + if (off < 0) { + throw new ArrayIndexOutOfBoundsException(off); + } +- if (off + len > b.length) { ++ if ((long)off + (long)len > (long)b.length) { + throw new ArrayIndexOutOfBoundsException(b.length); + } + +@@ -1000,7 +1000,7 @@ class DirectAudioDevice extends Abstract + if (off < 0) { + throw new ArrayIndexOutOfBoundsException(off); + } +- if (off + len > b.length) { ++ if ((long)off + (long)len > (long)b.length) { + throw new ArrayIndexOutOfBoundsException(b.length); + } + if (!isActive() && doIO) { +diff --git a/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java b/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java +--- openjdk/jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java ++++ openjdk/jdk/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java +@@ -130,6 +130,12 @@ public class SoftMixingSourceDataLine ex + if (len % framesize != 0) + throw new IllegalArgumentException( + "Number of bytes does not represent an integral number of sample frames."); ++ if (off < 0) { ++ throw new ArrayIndexOutOfBoundsException(off); ++ } ++ if ((long)off + (long)len > (long)b.length) { ++ throw new ArrayIndexOutOfBoundsException(b.length); ++ } + + byte[] buff = cycling_buffer; + int buff_len = cycling_buffer.length; diff -r f096a6493463 -r 08e7c18e12c1 patches/security/20120214/7110683.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20120214/7110683.patch Fri Feb 10 11:25:13 2012 +0000 @@ -0,0 +1,170 @@ +# HG changeset patch +# User skoppar +# Date 1324575564 28800 +# Node ID e05eb7bee1ce0a44f3e414454e44cd49d77ba9de +# Parent bfaa99d5bef813217cdbc6eddcdd511cf53327e7 +7110683: Issues with some KeyboardFocusManager method +7116384: backout the unallowed changes in the KeyboardFocusManager.java javadoc +Reviewed-by: ant + +diff --git a/src/share/classes/java/awt/KeyboardFocusManager.java b/src/share/classes/java/awt/KeyboardFocusManager.java +--- openjdk/jdk/src/share/classes/java/awt/KeyboardFocusManager.java ++++ openjdk/jdk/src/share/classes/java/awt/KeyboardFocusManager.java +@@ -1,5 +1,5 @@ + /* +- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved. ++ * Copyright 2000-2011 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -476,14 +476,8 @@ public abstract class KeyboardFocusManag + */ + protected Component getGlobalFocusOwner() throws SecurityException { + synchronized (KeyboardFocusManager.class) { +- if (this == getCurrentKeyboardFocusManager()) { +- return focusOwner; +- } else { +- if (focusLog.isLoggable(Level.FINER)) { +- focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); +- } +- throw new SecurityException(notPrivileged); +- } ++ checkCurrentKFMSecurity(); ++ return focusOwner; + } + } + +@@ -517,6 +511,7 @@ public abstract class KeyboardFocusManag + + if (focusOwner == null || focusOwner.isFocusable()) { + synchronized (KeyboardFocusManager.class) { ++ checkCurrentKFMSecurity(); + oldFocusOwner = getFocusOwner(); + + try { +@@ -566,6 +561,10 @@ public abstract class KeyboardFocusManag + * @see java.awt.event.FocusEvent#FOCUS_LOST + */ + public void clearGlobalFocusOwner() { ++ synchronized (KeyboardFocusManager.class) { ++ checkCurrentKFMSecurity(); ++ } ++ + if (!GraphicsEnvironment.isHeadless()) { + // Toolkit must be fully initialized, otherwise + // _clearGlobalFocusOwner will crash or throw an exception +@@ -645,14 +644,8 @@ public abstract class KeyboardFocusManag + throws SecurityException + { + synchronized (KeyboardFocusManager.class) { +- if (this == getCurrentKeyboardFocusManager()) { +- return permanentFocusOwner; +- } else { +- if (focusLog.isLoggable(Level.FINER)) { +- focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); +- } +- throw new SecurityException(notPrivileged); +- } ++ checkCurrentKFMSecurity(); ++ return permanentFocusOwner; + } + } + +@@ -688,6 +681,7 @@ public abstract class KeyboardFocusManag + + if (permanentFocusOwner == null || permanentFocusOwner.isFocusable()) { + synchronized (KeyboardFocusManager.class) { ++ checkCurrentKFMSecurity(); + oldPermanentFocusOwner = getPermanentFocusOwner(); + + try { +@@ -753,14 +747,8 @@ public abstract class KeyboardFocusManag + */ + protected Window getGlobalFocusedWindow() throws SecurityException { + synchronized (KeyboardFocusManager.class) { +- if (this == getCurrentKeyboardFocusManager()) { +- return focusedWindow; +- } else { +- if (focusLog.isLoggable(Level.FINER)) { +- focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); +- } +- throw new SecurityException(notPrivileged); +- } ++ checkCurrentKFMSecurity(); ++ return focusedWindow; + } + } + +@@ -791,6 +779,7 @@ public abstract class KeyboardFocusManag + + if (focusedWindow == null || focusedWindow.isFocusableWindow()) { + synchronized (KeyboardFocusManager.class) { ++ checkCurrentKFMSecurity(); + oldFocusedWindow = getFocusedWindow(); + + try { +@@ -857,14 +846,8 @@ public abstract class KeyboardFocusManag + */ + protected Window getGlobalActiveWindow() throws SecurityException { + synchronized (KeyboardFocusManager.class) { +- if (this == getCurrentKeyboardFocusManager()) { +- return activeWindow; +- } else { +- if (focusLog.isLoggable(Level.FINER)) { +- focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); +- } +- throw new SecurityException(notPrivileged); +- } ++ checkCurrentKFMSecurity(); ++ return activeWindow; + } + } + +@@ -893,6 +876,7 @@ public abstract class KeyboardFocusManag + protected void setGlobalActiveWindow(Window activeWindow) { + Window oldActiveWindow; + synchronized (KeyboardFocusManager.class) { ++ checkCurrentKFMSecurity(); + oldActiveWindow = getActiveWindow(); + if (focusLog.isLoggable(Level.FINER)) { + focusLog.log(Level.FINER, "Setting global active window to " + activeWindow + ", old active " + oldActiveWindow); +@@ -1187,14 +1171,8 @@ public abstract class KeyboardFocusManag + throws SecurityException + { + synchronized (KeyboardFocusManager.class) { +- if (this == getCurrentKeyboardFocusManager()) { +- return currentFocusCycleRoot; +- } else { +- if (focusLog.isLoggable(Level.FINER)) { +- focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager()); +- } +- throw new SecurityException(notPrivileged); +- } ++ checkCurrentKFMSecurity(); ++ return currentFocusCycleRoot; + } + } + +@@ -1218,6 +1196,7 @@ public abstract class KeyboardFocusManag + Container oldFocusCycleRoot; + + synchronized (KeyboardFocusManager.class) { ++ checkCurrentKFMSecurity(); + oldFocusCycleRoot = getCurrentFocusCycleRoot(); + currentFocusCycleRoot = newFocusCycleRoot; + } +@@ -3102,4 +3081,14 @@ public abstract class KeyboardFocusManag + : null; + } + } ++ ++ private void checkCurrentKFMSecurity() { ++ if (this != getCurrentKeyboardFocusManager()) { ++ if (focusLog.isLoggable(Level.FINER)) { ++ focusLog.finer("This manager is " + this + ++ ", current is " + getCurrentKeyboardFocusManager()); ++ } ++ throw new SecurityException(notPrivileged); ++ } ++ } + } diff -r f096a6493463 -r 08e7c18e12c1 patches/security/20120214/7110687.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20120214/7110687.patch Fri Feb 10 11:25:13 2012 +0000 @@ -0,0 +1,214 @@ +# HG changeset patch +# User coffeys +# Date 1321351078 0 +# Node ID dd8956e41b892ed7102e1d5668781f2c68ea9ac5 +# Parent e11df26be5fc2c18af5601afc3793f9abc3e2c45 +7110687: (tz) java.util.TimeZone.setDefault() should be controlled by a security manager +Reviewed-by: okutsu + +diff --git a/make/java/java/FILES_java.gmk b/make/java/java/FILES_java.gmk +@@ -448,6 +448,7 @@ JAVA_JAVA_java = \ + sun/misc/MessageUtils.java \ + sun/misc/GC.java \ + sun/misc/Service.java \ ++ sun/misc/JavaAWTAccess.java \ + sun/misc/JavaLangAccess.java \ + sun/misc/JavaIOAccess.java \ + sun/misc/JavaIODeleteOnExitAccess.java \ +diff --git a/src/share/classes/java/util/TimeZone.java b/src/share/classes/java/util/TimeZone.java +--- openjdk/jdk/src/share/classes/java/util/TimeZone.java ++++ openjdk/jdk/src/share/classes/java/util/TimeZone.java +@@ -43,6 +43,8 @@ import java.security.AccessController; + import java.security.AccessController; + import java.security.PrivilegedAction; + import java.util.concurrent.ConcurrentHashMap; ++import sun.misc.SharedSecrets; ++import sun.misc.JavaAWTAccess; + import sun.security.action.GetPropertyAction; + import sun.util.TimeZoneNameUtility; + import sun.util.calendar.ZoneInfo; +@@ -542,7 +544,7 @@ abstract public class TimeZone implement + * method doesn't create a clone. + */ + static TimeZone getDefaultRef() { +- TimeZone defaultZone = defaultZoneTL.get(); ++ TimeZone defaultZone = getDefaultInAppContext(); + if (defaultZone == null) { + defaultZone = defaultTimeZone; + if (defaultZone == null) { +@@ -633,10 +635,53 @@ abstract public class TimeZone implement + if (hasPermission()) { + synchronized (TimeZone.class) { + defaultTimeZone = zone; +- defaultZoneTL.set(null); ++ setDefaultInAppContext(null); + } + } else { +- defaultZoneTL.set(zone); ++ setDefaultInAppContext(zone); ++ } ++ } ++ ++ /** ++ * Returns the default TimeZone in an AppContext if any AppContext ++ * has ever used. null is returned if any AppContext hasn't been ++ * used or if the AppContext doesn't have the default TimeZone. ++ */ ++ private synchronized static TimeZone getDefaultInAppContext() { ++ javaAWTAccess = SharedSecrets.getJavaAWTAccess(); ++ if (javaAWTAccess == null) { ++ return mainAppContextDefault; ++ } else { ++ if (!javaAWTAccess.isDisposed()) { ++ TimeZone tz = (TimeZone) ++ javaAWTAccess.get(TimeZone.class); ++ if (tz == null && javaAWTAccess.isMainAppContext()) { ++ return mainAppContextDefault; ++ } else { ++ return tz; ++ } ++ } ++ } ++ return null; ++ } ++ ++ /** ++ * Sets the default TimeZone in the AppContext to the given ++ * tz. null is handled special: do nothing if any AppContext ++ * hasn't been used, remove the default TimeZone in the ++ * AppContext otherwise. ++ */ ++ private synchronized static void setDefaultInAppContext(TimeZone tz) { ++ javaAWTAccess = SharedSecrets.getJavaAWTAccess(); ++ if (javaAWTAccess == null) { ++ mainAppContextDefault = tz; ++ } else { ++ if (!javaAWTAccess.isDisposed()) { ++ javaAWTAccess.put(TimeZone.class, tz); ++ if (javaAWTAccess.isMainAppContext()) { ++ mainAppContextDefault = null; ++ } ++ } + } + } + +@@ -687,11 +732,23 @@ abstract public class TimeZone implement + */ + private String ID; + private static volatile TimeZone defaultTimeZone; +- private static final InheritableThreadLocal defaultZoneTL +- = new InheritableThreadLocal(); + + static final String GMT_ID = "GMT"; + private static final int GMT_ID_LENGTH = 3; ++ ++ /* ++ * Provides access implementation-private methods without using reflection ++ * ++ * Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't ++ * been loaded. If so, it implies that AWTSecurityManager is not our ++ * SecurityManager and we can use a local static variable. ++ * This works around a build time issue. ++ */ ++ private static JavaAWTAccess javaAWTAccess; ++ ++ // a static TimeZone we can reference if no AppContext is in place ++ private static TimeZone mainAppContextDefault; ++ + + /** + * Parses a custom time zone identifier and returns a corresponding zone. +diff --git a/src/share/classes/sun/awt/AppContext.java b/src/share/classes/sun/awt/AppContext.java +--- openjdk/jdk/src/share/classes/sun/awt/AppContext.java ++++ openjdk/jdk/src/share/classes/sun/awt/AppContext.java +@@ -767,6 +767,27 @@ public final class AppContext { + } + return changeSupport.getPropertyChangeListeners(propertyName); + } ++ ++ // Set up JavaAWTAccess in SharedSecrets ++ static { ++ sun.misc.SharedSecrets.setJavaAWTAccess(new sun.misc.JavaAWTAccess() { ++ public Object get(Object key) { ++ return getAppContext().get(key); ++ } ++ public void put(Object key, Object value) { ++ getAppContext().put(key, value); ++ } ++ public void remove(Object key) { ++ getAppContext().remove(key); ++ } ++ public boolean isDisposed() { ++ return getAppContext().isDisposed(); ++ } ++ public boolean isMainAppContext() { ++ return (numAppContexts == 1); ++ } ++ }); ++ } + } + + final class MostRecentThreadAppContext { +diff --git a/src/share/classes/sun/misc/JavaAWTAccess.java b/src/share/classes/sun/misc/JavaAWTAccess.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/src/share/classes/sun/misc/JavaAWTAccess.java +@@ -0,0 +1,32 @@ ++/* ++ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.misc; ++ ++public interface JavaAWTAccess { ++ public Object get(Object key); ++ public void put(Object key, Object value); ++ public void remove(Object key); ++ public boolean isDisposed(); ++ public boolean isMainAppContext(); ++} +diff --git a/src/share/classes/sun/misc/SharedSecrets.java b/src/share/classes/sun/misc/SharedSecrets.java +--- openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java ++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java +@@ -52,6 +52,7 @@ public class SharedSecrets { + private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; + private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess; + private static JavaSecurityAccess javaSecurityAccess; ++ private static JavaAWTAccess javaAWTAccess; + + public static JavaUtilJarAccess javaUtilJarAccess() { + if (javaUtilJarAccess == null) { +@@ -138,4 +139,14 @@ public class SharedSecrets { + } + return javaSecurityAccess; + } ++ ++ public static void setJavaAWTAccess(JavaAWTAccess jaa) { ++ javaAWTAccess = jaa; ++ } ++ ++ public static JavaAWTAccess getJavaAWTAccess() { ++ // this may return null in which case calling code needs to ++ // provision for. ++ return javaAWTAccess; ++ } + } diff -r f096a6493463 -r 08e7c18e12c1 patches/security/20120214/7110700.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20120214/7110700.patch Fri Feb 10 11:25:13 2012 +0000 @@ -0,0 +1,35 @@ +# HG changeset patch +# User dmeetry +# Date 1325175900 -14400 +# Node ID 3c11966c3da3ec95c80008e4a4cc2ae4ab0e59fc +# Parent e05eb7bee1ce0a44f3e414454e44cd49d77ba9de +7110700: Enhance exception throwing mechanism in ObjectStreamClass +Reviewed-by: smarks + +diff --git a/src/share/classes/java/io/ObjectStreamClass.java b/src/share/classes/java/io/ObjectStreamClass.java +--- openjdk/jdk/src/share/classes/java/io/ObjectStreamClass.java ++++ openjdk/jdk/src/share/classes/java/io/ObjectStreamClass.java +@@ -730,7 +730,6 @@ public class ObjectStreamClass implement + InvalidClassException ice = + new InvalidClassException(deserializeEx.classname, + deserializeEx.getMessage()); +- ice.initCause(deserializeEx); + throw ice; + } + } +@@ -745,7 +744,6 @@ public class ObjectStreamClass implement + InvalidClassException ice = + new InvalidClassException(serializeEx.classname, + serializeEx.getMessage()); +- ice.initCause(serializeEx); + throw ice; + } + } +@@ -762,7 +760,6 @@ public class ObjectStreamClass implement + InvalidClassException ice = + new InvalidClassException(defaultSerializeEx.classname, + defaultSerializeEx.getMessage()); +- ice.initCause(defaultSerializeEx); + throw ice; + } + } diff -r f096a6493463 -r 08e7c18e12c1 patches/security/20120214/7110704.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20120214/7110704.patch Fri Feb 10 11:25:13 2012 +0000 @@ -0,0 +1,42 @@ +# HG changeset patch +# User coffeys +# Date 1321351683 0 +# Node ID c971de26dc9c900ff5a5ecb799dcc84cf9769ef0 +# Parent 23f471142a033a47b6b60506c2749f9caad0a4f8 +7110704: Issues with some method in corba +Reviewed-by: dmeetry + +diff --git a/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyFactoryImpl.java b/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyFactoryImpl.java +--- openjdk/corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyFactoryImpl.java ++++ openjdk/corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyFactoryImpl.java +@@ -82,6 +82,6 @@ public class DynAnyFactoryImpl + private String[] __ids = { "IDL:omg.org/DynamicAny/DynAnyFactory:1.0" }; + + public String[] _ids() { +- return __ids; ++ return (String[])__ids.clone(); + } + } +diff --git a/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyImpl.java b/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyImpl.java +--- openjdk/corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyImpl.java ++++ openjdk/corba/src/share/classes/com/sun/corba/se/impl/dynamicany/DynAnyImpl.java +@@ -195,6 +195,6 @@ abstract class DynAnyImpl extends org.om + private String[] __ids = { "IDL:omg.org/DynamicAny/DynAny:1.0" }; + + public String[] _ids() { +- return __ids; ++ return (String[])__ids.clone(); + } + } +diff --git a/src/share/classes/com/sun/org/omg/SendingContext/_CodeBaseImplBase.java b/src/share/classes/com/sun/org/omg/SendingContext/_CodeBaseImplBase.java +--- openjdk/corba/src/share/classes/com/sun/org/omg/SendingContext/_CodeBaseImplBase.java ++++ openjdk/corba/src/share/classes/com/sun/org/omg/SendingContext/_CodeBaseImplBase.java +@@ -138,7 +138,7 @@ public abstract class _CodeBaseImplBase + + public String[] _ids () + { +- return __ids; ++ return (String[])__ids.clone(); + } + + diff -r f096a6493463 -r 08e7c18e12c1 patches/security/20120214/7118283.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20120214/7118283.patch Fri Feb 10 11:25:13 2012 +0000 @@ -0,0 +1,20 @@ +# HG changeset patch +# User asaha +# Date 1323826839 28800 +# Node ID 71ca2b40fdc9fd542d565ccd9f2f14861556a417 +# Parent ee0f12b18cb8d20c3fb61e96817bde6318a29221 +7118283: Better input parameter checking in zip file processing +Reviewed-by: sherman + +diff --git a/src/share/native/java/util/zip/zip_util.c b/src/share/native/java/util/zip/zip_util.c +--- openjdk/jdk/src/share/native/java/util/zip/zip_util.c ++++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c +@@ -450,7 +450,7 @@ countCENHeaders(unsigned char *beg, unsi + { + jint count = 0; + ptrdiff_t i; +- for (i = 0; i + CENHDR < end - beg; i += CENSIZE(beg + i)) ++ for (i = 0; i + CENHDR <= end - beg; i += CENSIZE(beg + i)) + count++; + return count; + } diff -r f096a6493463 -r 08e7c18e12c1 patches/security/20120214/7126960.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/security/20120214/7126960.patch Fri Feb 10 11:25:13 2012 +0000 @@ -0,0 +1,68 @@ +# HG changeset patch +# User coffeys +# Date 1326712887 0 +# Node ID 2d8dead332cbe169d486ecc70239475ebe3a77f7 +# Parent a224904d42db1f54139257221e9b545bd1c90b2e +7126960: Add property to limit number of request headers to the HTTP Server +Reviewed-by: chegar + +diff --git a/src/share/classes/sun/net/httpserver/Request.java b/src/share/classes/sun/net/httpserver/Request.java +--- openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java ++++ openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java +@@ -190,6 +190,13 @@ class Request { + v = new String(); + else + v = String.copyValueOf(s, keyend, len - keyend); ++ ++ if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) { ++ throw new IOException("Maximum number of request headers (" + ++ "sun.net.httpserver.maxReqHeaders) exceeded, " + ++ ServerConfig.getMaxReqHeaders() + "."); ++ } ++ + hdrs.add (k,v); + } + return hdrs; +diff --git a/src/share/classes/sun/net/httpserver/ServerConfig.java b/src/share/classes/sun/net/httpserver/ServerConfig.java +--- openjdk/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java ++++ openjdk/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java +@@ -45,6 +45,8 @@ class ServerConfig { + static long defaultIdleInterval = 300 ; // 5 min + static long defaultSelCacheTimeout = 120 ; // seconds + static int defaultMaxIdleConnections = 200 ; ++ static int defaultMaxReqHeaders = 200 ; ++ + + static long defaultDrainAmount = 64 * 1024; + +@@ -54,6 +56,9 @@ class ServerConfig { + static long selCacheTimeout; + static long drainAmount; // max # of bytes to drain from an inputstream + static int maxIdleConnections; ++ // The maximum number of request headers allowable ++ private static int maxReqHeaders; ++ + static boolean debug = false; + + static { +@@ -93,6 +98,11 @@ class ServerConfig { + "sun.net.httpserver.drainAmount", + defaultDrainAmount))).longValue(); + ++ maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged( ++ new sun.security.action.GetIntegerAction( ++ "sun.net.httpserver.maxReqHeaders", ++ defaultMaxReqHeaders))).intValue(); ++ + debug = ((Boolean)java.security.AccessController.doPrivileged( + new sun.security.action.GetBooleanAction( + "sun.net.httpserver.debug"))).booleanValue(); +@@ -129,4 +139,8 @@ class ServerConfig { + static long getDrainAmount () { + return drainAmount; + } ++ ++ static int getMaxReqHeaders() { ++ return maxReqHeaders; ++ } + }