Mercurial > hg > release > icedtea7-2.5

changeset 2770:45ac6cd7aae2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3 2014-10-29 Andrew John Hughes <gnu.andrew@redhat.com> * Makefile.am: (ICEDTEA_PATCHES): Add new patch for CACAO builds. * NEWS: Updated. * patches/cacao/pr2032.patch: Implement JVM_FindClassFromCaller as same as JVM_FindClassFromClassLoader for now.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Thu, 22 Jan 2015 01:27:39 +0000
parents 885a6e1730a8
children 20d321ef9d8c
files ChangeLog Makefile.am NEWS patches/cacao/pr2032.patch
diffstat 4 files changed, 89 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Jan 22 00:51:01 2015 +0000
+++ b/ChangeLog	Thu Jan 22 01:27:39 2015 +0000
@@ -1,3 +1,13 @@
+2014-10-29  Andrew John Hughes  <gnu.andrew@redhat.com>
+
+	* Makefile.am:
+	(ICEDTEA_PATCHES): Add new patch for CACAO
+	builds.
+	* NEWS: Updated.
+	* patches/cacao/pr2032.patch:
+	Implement JVM_FindClassFromCaller as same
+	as JVM_FindClassFromClassLoader for now.
+
 2011-08-15  Pavel Tisnovsky  <ptisnovs@redhat.com>
 
 	PR2171: JamVM builds with executable stack,
--- a/Makefile.am	Thu Jan 22 00:51:01 2015 +0000
+++ b/Makefile.am	Thu Jan 22 01:27:39 2015 +0000
@@ -255,7 +255,8 @@
 ICEDTEA_PATCHES += \
 	patches/cacao/launcher.patch \
 	patches/cacao/memory.patch \
-	patches/cacao/armhf.patch
+	patches/cacao/armhf.patch \
+	patches/cacao/pr2032.patch
 else
 if USING_CACAO
 ICEDTEA_PATCHES += \
--- a/NEWS	Thu Jan 22 00:51:01 2015 +0000
+++ b/NEWS	Thu Jan 22 01:27:39 2015 +0000
@@ -110,6 +110,8 @@
   - PR2124: Synchronise elliptic curves in sun.security.ec.NamedCurve with those listed by NSS
   - PR2135: Race condition in SunEC provider with system NSS
   - PR2161: RHEL 6 has a version of GIO which meets the version criteria, but has no g_settings_*
+* CACAO
+  - PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
 * JamVM
   - PR2050: JamVM lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
   - PR2171: JamVM builds with executable stack, causing failures on SELinux & PaX kernels
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/cacao/pr2032.patch	Thu Jan 22 01:27:39 2015 +0000
@@ -0,0 +1,75 @@
+# HG changeset patch
+# User Xerxes RĂ„nby <xerxes@gudinna.com>
+# Date 1414362363 -3600
+# Node ID ec6bd33b3e927738d1353e6e639e76f74d55635f
+# Parent  ea3c9a40d975430d1e9dcb598bf25b4bd7aec4ca
+OpenJDK: Implement JVM_FindClassFromCaller
+
+8015256: Better class accessibility
+Summary: Improve protection domain check in forName()
+
+* contrib/mapfile-vers-product: Export said function.
+* src/native/vm/openjdk/jvm.cpp (JVM_FindClassFromCaller): Implement it.
+
+diff --git a/contrib/mapfile-vers-product b/contrib/mapfile-vers-product
+--- cacao/cacao/contrib/mapfile-vers-product
++++ cacao/cacao/contrib/mapfile-vers-product
+@@ -87,6 +87,7 @@
+                 JVM_Exit;
+                 JVM_FillInStackTrace;
+                 JVM_FindClassFromBootLoader;
++                JVM_FindClassFromCaller;
+                 JVM_FindClassFromClass;
+                 JVM_FindClassFromClassLoader;
+                 JVM_FindLibraryEntry;
+--- cacao/cacao/src/native/vm/openjdk/jvm.cpp.orig	2014-10-29 16:40:30.732305204 +0000
++++ cacao/cacao/src/native/vm/openjdk/jvm.cpp	2014-10-29 16:44:06.643292016 +0000
+@@ -684,6 +684,48 @@
+ }
+ 
+ 
++/* JVM_FindClassFromCaller
++ * Find a class from a given class loader.  Throws ClassNotFoundException.
++ *  name:   name of class
++ *  init:   whether initialization is done
++ *  loader: class loader to look up the class.
++ *          This may not be the same as the caller's class loader.
++ *  caller: initiating class. The initiating class may be null when a security
++ *          manager is not installed.
++ *
++ * Find a class with this name in this loader,
++ * using the caller's "protection domain".
++ */
++
++jclass JVM_FindClassFromCaller(JNIEnv* env, const char* name, jboolean init, jobject loader, jclass caller)
++{
++	classinfo     *c;
++	utf           *u;
++	classloader_t *cl;
++
++	TRACEJVMCALLS(("JVM_FindClassFromCaller(name=%s, init=%d, loader=%p, caller=%p)", name, init, loader, caller));
++
++	u  = utf_new_char(name);
++	cl = loader_hashtable_classloader_add((java_handle_t *) loader);
++
++	/* XXX The caller's protection domain should be used during
++	   the load_class_from_classloader but there is no specification or
++	   unit-test in OpenJDK documenting the desired effect */
++
++	c = load_class_from_classloader(u, cl);
++
++	if (c == NULL)
++		return NULL;
++
++	if (init)
++		if (!(c->state & CLASS_INITIALIZED))
++			if (!initialize_class(c))
++				return NULL;
++
++	return (jclass) LLNI_classinfo_wrap(c);
++}
++
++
+ /* JVM_FindClassFromClassLoader */
+ 
+ jclass JVM_FindClassFromClassLoader(JNIEnv* env, const char* name, jboolean init, jobject loader, jboolean throwError)