Mercurial > hg > release > icedtea7-2.5
changeset 2770:45ac6cd7aae2
PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
2014-10-29 Andrew John Hughes <gnu.andrew@redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patch for CACAO
builds.
* NEWS: Updated.
* patches/cacao/pr2032.patch:
Implement JVM_FindClassFromCaller as same
as JVM_FindClassFromClassLoader for now.
author | Andrew John Hughes <gnu_andrew@member.fsf.org> |
---|---|
date | Thu, 22 Jan 2015 01:27:39 +0000 |
parents | 885a6e1730a8 |
children | 20d321ef9d8c |
files | ChangeLog Makefile.am NEWS patches/cacao/pr2032.patch |
diffstat | 4 files changed, 89 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Jan 22 00:51:01 2015 +0000 +++ b/ChangeLog Thu Jan 22 01:27:39 2015 +0000 @@ -1,3 +1,13 @@ +2014-10-29 Andrew John Hughes <gnu.andrew@redhat.com> + + * Makefile.am: + (ICEDTEA_PATCHES): Add new patch for CACAO + builds. + * NEWS: Updated. + * patches/cacao/pr2032.patch: + Implement JVM_FindClassFromCaller as same + as JVM_FindClassFromClassLoader for now. + 2011-08-15 Pavel Tisnovsky <ptisnovs@redhat.com> PR2171: JamVM builds with executable stack,
--- a/Makefile.am Thu Jan 22 00:51:01 2015 +0000 +++ b/Makefile.am Thu Jan 22 01:27:39 2015 +0000 @@ -255,7 +255,8 @@ ICEDTEA_PATCHES += \ patches/cacao/launcher.patch \ patches/cacao/memory.patch \ - patches/cacao/armhf.patch + patches/cacao/armhf.patch \ + patches/cacao/pr2032.patch else if USING_CACAO ICEDTEA_PATCHES += \
--- a/NEWS Thu Jan 22 00:51:01 2015 +0000 +++ b/NEWS Thu Jan 22 01:27:39 2015 +0000 @@ -110,6 +110,8 @@ - PR2124: Synchronise elliptic curves in sun.security.ec.NamedCurve with those listed by NSS - PR2135: Race condition in SunEC provider with system NSS - PR2161: RHEL 6 has a version of GIO which meets the version criteria, but has no g_settings_* +* CACAO + - PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3 * JamVM - PR2050: JamVM lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3 - PR2171: JamVM builds with executable stack, causing failures on SELinux & PaX kernels
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/cacao/pr2032.patch Thu Jan 22 01:27:39 2015 +0000 @@ -0,0 +1,75 @@ +# HG changeset patch +# User Xerxes RĂ„nby <xerxes@gudinna.com> +# Date 1414362363 -3600 +# Node ID ec6bd33b3e927738d1353e6e639e76f74d55635f +# Parent ea3c9a40d975430d1e9dcb598bf25b4bd7aec4ca +OpenJDK: Implement JVM_FindClassFromCaller + +8015256: Better class accessibility +Summary: Improve protection domain check in forName() + +* contrib/mapfile-vers-product: Export said function. +* src/native/vm/openjdk/jvm.cpp (JVM_FindClassFromCaller): Implement it. + +diff --git a/contrib/mapfile-vers-product b/contrib/mapfile-vers-product +--- cacao/cacao/contrib/mapfile-vers-product ++++ cacao/cacao/contrib/mapfile-vers-product +@@ -87,6 +87,7 @@ + JVM_Exit; + JVM_FillInStackTrace; + JVM_FindClassFromBootLoader; ++ JVM_FindClassFromCaller; + JVM_FindClassFromClass; + JVM_FindClassFromClassLoader; + JVM_FindLibraryEntry; +--- cacao/cacao/src/native/vm/openjdk/jvm.cpp.orig 2014-10-29 16:40:30.732305204 +0000 ++++ cacao/cacao/src/native/vm/openjdk/jvm.cpp 2014-10-29 16:44:06.643292016 +0000 +@@ -684,6 +684,48 @@ + } + + ++/* JVM_FindClassFromCaller ++ * Find a class from a given class loader. Throws ClassNotFoundException. ++ * name: name of class ++ * init: whether initialization is done ++ * loader: class loader to look up the class. ++ * This may not be the same as the caller's class loader. ++ * caller: initiating class. The initiating class may be null when a security ++ * manager is not installed. ++ * ++ * Find a class with this name in this loader, ++ * using the caller's "protection domain". ++ */ ++ ++jclass JVM_FindClassFromCaller(JNIEnv* env, const char* name, jboolean init, jobject loader, jclass caller) ++{ ++ classinfo *c; ++ utf *u; ++ classloader_t *cl; ++ ++ TRACEJVMCALLS(("JVM_FindClassFromCaller(name=%s, init=%d, loader=%p, caller=%p)", name, init, loader, caller)); ++ ++ u = utf_new_char(name); ++ cl = loader_hashtable_classloader_add((java_handle_t *) loader); ++ ++ /* XXX The caller's protection domain should be used during ++ the load_class_from_classloader but there is no specification or ++ unit-test in OpenJDK documenting the desired effect */ ++ ++ c = load_class_from_classloader(u, cl); ++ ++ if (c == NULL) ++ return NULL; ++ ++ if (init) ++ if (!(c->state & CLASS_INITIALIZED)) ++ if (!initialize_class(c)) ++ return NULL; ++ ++ return (jclass) LLNI_classinfo_wrap(c); ++} ++ ++ + /* JVM_FindClassFromClassLoader */ + + jclass JVM_FindClassFromClassLoader(JNIEnv* env, const char* name, jboolean init, jobject loader, jboolean throwError)