# HG changeset patch # User Andrew John Hughes # Date 1421890059 0 # Node ID 45ac6cd7aae24018863df47697bb9f84ea718f13 # Parent 885a6e1730a8faa2762a2e677f57e1277901105f PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3 2014-10-29 Andrew John Hughes * Makefile.am: (ICEDTEA_PATCHES): Add new patch for CACAO builds. * NEWS: Updated. * patches/cacao/pr2032.patch: Implement JVM_FindClassFromCaller as same as JVM_FindClassFromClassLoader for now. diff -r 885a6e1730a8 -r 45ac6cd7aae2 ChangeLog --- a/ChangeLog Thu Jan 22 00:51:01 2015 +0000 +++ b/ChangeLog Thu Jan 22 01:27:39 2015 +0000 @@ -1,3 +1,13 @@ +2014-10-29 Andrew John Hughes + + * Makefile.am: + (ICEDTEA_PATCHES): Add new patch for CACAO + builds. + * NEWS: Updated. + * patches/cacao/pr2032.patch: + Implement JVM_FindClassFromCaller as same + as JVM_FindClassFromClassLoader for now. + 2011-08-15 Pavel Tisnovsky PR2171: JamVM builds with executable stack, diff -r 885a6e1730a8 -r 45ac6cd7aae2 Makefile.am --- a/Makefile.am Thu Jan 22 00:51:01 2015 +0000 +++ b/Makefile.am Thu Jan 22 01:27:39 2015 +0000 @@ -255,7 +255,8 @@ ICEDTEA_PATCHES += \ patches/cacao/launcher.patch \ patches/cacao/memory.patch \ - patches/cacao/armhf.patch + patches/cacao/armhf.patch \ + patches/cacao/pr2032.patch else if USING_CACAO ICEDTEA_PATCHES += \ diff -r 885a6e1730a8 -r 45ac6cd7aae2 NEWS --- a/NEWS Thu Jan 22 00:51:01 2015 +0000 +++ b/NEWS Thu Jan 22 01:27:39 2015 +0000 @@ -110,6 +110,8 @@ - PR2124: Synchronise elliptic curves in sun.security.ec.NamedCurve with those listed by NSS - PR2135: Race condition in SunEC provider with system NSS - PR2161: RHEL 6 has a version of GIO which meets the version criteria, but has no g_settings_* +* CACAO + - PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3 * JamVM - PR2050: JamVM lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3 - PR2171: JamVM builds with executable stack, causing failures on SELinux & PaX kernels diff -r 885a6e1730a8 -r 45ac6cd7aae2 patches/cacao/pr2032.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/cacao/pr2032.patch Thu Jan 22 01:27:39 2015 +0000 @@ -0,0 +1,75 @@ +# HG changeset patch +# User Xerxes RĂ„nby +# Date 1414362363 -3600 +# Node ID ec6bd33b3e927738d1353e6e639e76f74d55635f +# Parent ea3c9a40d975430d1e9dcb598bf25b4bd7aec4ca +OpenJDK: Implement JVM_FindClassFromCaller + +8015256: Better class accessibility +Summary: Improve protection domain check in forName() + +* contrib/mapfile-vers-product: Export said function. +* src/native/vm/openjdk/jvm.cpp (JVM_FindClassFromCaller): Implement it. + +diff --git a/contrib/mapfile-vers-product b/contrib/mapfile-vers-product +--- cacao/cacao/contrib/mapfile-vers-product ++++ cacao/cacao/contrib/mapfile-vers-product +@@ -87,6 +87,7 @@ + JVM_Exit; + JVM_FillInStackTrace; + JVM_FindClassFromBootLoader; ++ JVM_FindClassFromCaller; + JVM_FindClassFromClass; + JVM_FindClassFromClassLoader; + JVM_FindLibraryEntry; +--- cacao/cacao/src/native/vm/openjdk/jvm.cpp.orig 2014-10-29 16:40:30.732305204 +0000 ++++ cacao/cacao/src/native/vm/openjdk/jvm.cpp 2014-10-29 16:44:06.643292016 +0000 +@@ -684,6 +684,48 @@ + } + + ++/* JVM_FindClassFromCaller ++ * Find a class from a given class loader. Throws ClassNotFoundException. ++ * name: name of class ++ * init: whether initialization is done ++ * loader: class loader to look up the class. ++ * This may not be the same as the caller's class loader. ++ * caller: initiating class. The initiating class may be null when a security ++ * manager is not installed. ++ * ++ * Find a class with this name in this loader, ++ * using the caller's "protection domain". ++ */ ++ ++jclass JVM_FindClassFromCaller(JNIEnv* env, const char* name, jboolean init, jobject loader, jclass caller) ++{ ++ classinfo *c; ++ utf *u; ++ classloader_t *cl; ++ ++ TRACEJVMCALLS(("JVM_FindClassFromCaller(name=%s, init=%d, loader=%p, caller=%p)", name, init, loader, caller)); ++ ++ u = utf_new_char(name); ++ cl = loader_hashtable_classloader_add((java_handle_t *) loader); ++ ++ /* XXX The caller's protection domain should be used during ++ the load_class_from_classloader but there is no specification or ++ unit-test in OpenJDK documenting the desired effect */ ++ ++ c = load_class_from_classloader(u, cl); ++ ++ if (c == NULL) ++ return NULL; ++ ++ if (init) ++ if (!(c->state & CLASS_INITIALIZED)) ++ if (!initialize_class(c)) ++ return NULL; ++ ++ return (jclass) LLNI_classinfo_wrap(c); ++} ++ ++ + /* JVM_FindClassFromClassLoader */ + + jclass JVM_FindClassFromClassLoader(JNIEnv* env, const char* name, jboolean init, jobject loader, jboolean throwError)