rpms/java-1.6.0-openjdk/F-11 java-1.6.0-openjdk-securitypatches-20100323.patch, NONE, 1.1 java-1.6.0-openjdk.spec, 1.137, 1.138
Martin Matejovic
mmatejov at fedoraproject.org
Tue Apr 6 07:34:36 UTC 2010
Author: mmatejov
Update of /cvs/pkgs/rpms/java-1.6.0-openjdk/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv27910
Modified Files:
java-1.6.0-openjdk.spec
Added Files:
java-1.6.0-openjdk-securitypatches-20100323.patch
Log Message:
* Tue Mar 30 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-34.b17
- Added java-1.6.0-openjdk-securitypatches-20100323.patch
- Resolves: rhbz#575760
- Resolves: rhbz#575764
- Resolves: rhbz#575736
- Resolves: rhbz#575740
- Resolves: rhbz#575745
- Resolves: rhbz#575747
- Resolves: rhbz#575755
- Resolves: rhbz#575756
- Resolves: rhbz#575818
- Resolves: rhbz#575808
- Resolves: rhbz#575789
- Resolves: rhbz#575775
- Resolves: rhbz#575772
- Resolves: rhbz#575769
- Resolves: rhbz#533125
- Resolves: rhbz#575871
- Resolves: rhbz#575865
- Resolves: rhbz#575861
- Resolves: rhbz#575854
- Resolves: rhbz#575846
java-1.6.0-openjdk-securitypatches-20100323.patch:
hotspot/src/share/vm/ci/ciEnv.cpp | 10
hotspot/src/share/vm/classfile/loaderConstraints.cpp | 26
hotspot/src/share/vm/classfile/loaderConstraints.hpp | 3
hotspot/src/share/vm/classfile/systemDictionary.cpp | 45
hotspot/src/share/vm/oops/typeArrayKlass.cpp | 12
hotspot/src/share/vm/opto/cfgnode.cpp | 1
hotspot/src/share/vm/opto/type.cpp | 5
hotspot/test/compiler/6892265/Test.java | 65
jdk/src/share/classes/java/beans/EventHandler.java | 21
jdk/src/share/classes/java/beans/Statement.java | 34
jdk/src/share/classes/java/io/File.java | 7
jdk/src/share/classes/java/lang/ProcessBuilder.java | 1
jdk/src/share/classes/java/lang/ThreadGroup.java | 21
jdk/src/share/classes/java/net/DatagramSocket.java | 19
jdk/src/share/classes/java/net/InetAddress.java | 18
jdk/src/share/classes/java/net/MulticastSocket.java | 6
jdk/src/share/classes/java/net/NetworkInterface.java | 6
jdk/src/share/classes/java/net/Socket.java | 38
jdk/src/share/classes/java/security/Policy.java | 43
jdk/src/share/classes/java/security/ProtectionDomain.java | 42
jdk/src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java | 2
jdk/src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java | 2
jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java | 2
jdk/src/share/classes/java/util/zip/Deflater.java | 134 +
jdk/src/share/classes/java/util/zip/Inflater.java | 137 +
jdk/src/share/classes/java/util/zip/ZStreamRef.java | 46
jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java | 56
jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java | 12
jdk/src/share/classes/sun/awt/image/ImageRepresentation.java | 62
jdk/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java | 40
jdk/src/share/classes/sun/misc/SharedSecrets.java | 16
jdk/src/share/classes/sun/nio/ch/Net.java | 3
jdk/src/share/classes/sun/security/provider/PolicyFile.java | 35
jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java | 47
jdk/src/share/classes/sun/security/ssl/Handshaker.java | 19
jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java | 23
jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java | 24
jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java | 56
jdk/src/share/classes/sun/security/util/ObjectIdentifier.java | 6
jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp | 4
jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp | 19
jdk/src/share/native/java/util/zip/Deflater.c | 281 +--
jdk/src/share/native/java/util/zip/Inflater.c | 206 +-
jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c | 17
jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c | 59
jdk/src/share/native/sun/awt/medialib/safe_alloc.h | 4
jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c | 3
jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c | 4
jdk/test/closed/java/beans/security/AllPermission.policy | 3
jdk/test/closed/java/beans/security/TestEventHandler.java | 49
jdk/test/closed/java/beans/security/TestStatement.java | 48
jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.java | 79
jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.policy | 3
jdk/test/closed/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/RenegotiationMITM.java | 801 ++++++++++
jdk/test/java/beans/EventHandler/Test6277246.java | 8
jdk/test/java/beans/EventHandler/Test6277266.java | 4
jdk/test/java/lang/ThreadGroup/NullGroup.java | 91 +
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java | 4
jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java | 4
jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java | 4
jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java | 4
jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java | 4
jdk/test/sun/security/util/Oid/BerOid.java | 39
63 files changed, 2321 insertions(+), 566 deletions(-)
--- NEW FILE java-1.6.0-openjdk-securitypatches-20100323.patch ---
diff -up ./openjdk/hotspot/src/share/vm/ci/ciEnv.cpp.mar10sec ./openjdk/hotspot/src/share/vm/ci/ciEnv.cpp
--- ./openjdk/hotspot/src/share/vm/ci/ciEnv.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/ci/ciEnv.cpp 2010-03-24 20:10:55.071365223 -0400
@@ -342,11 +342,6 @@ ciKlass* ciEnv::get_klass_by_name_impl(c
KILL_COMPILE_ON_FATAL_(fail_type));
}
- if (found_klass != NULL) {
- // Found it. Build a CI handle.
- return get_object(found_klass)->as_klass();
- }
-
// If we fail to find an array klass, look again for its element type.
// The element type may be available either locally or via constraints.
// In either case, if we can find the element type in the system dictionary,
@@ -371,6 +366,11 @@ ciKlass* ciEnv::get_klass_by_name_impl(c
}
}
+ if (found_klass != NULL) {
+ // Found it. Build a CI handle.
+ return get_object(found_klass)->as_klass();
+ }
+
if (require_local) return NULL;
// Not yet loaded into the VM, or not governed by loader constraints.
// Make a CI representative for it.
diff -up ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp.mar10sec ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp
--- ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp 2010-03-24 20:10:55.071365223 -0400
@@ -335,32 +335,6 @@ klassOop LoaderConstraintTable::find_con
}
-klassOop LoaderConstraintTable::find_constrained_elem_klass(symbolHandle name,
- symbolHandle elem_name,
- Handle loader,
- TRAPS) {
- LoaderConstraintEntry *p = *(find_loader_constraint(name, loader));
- if (p != NULL) {
- assert(p->klass() == NULL, "Expecting null array klass");
-
- // The array name has a constraint, but it will not have a class. Check
- // each loader for an associated elem
- for (int i = 0; i < p->num_loaders(); i++) {
- Handle no_protection_domain;
-
- klassOop k = SystemDictionary::find(elem_name, p->loader(i), no_protection_domain, THREAD);
- if (k != NULL) {
- // Return the first elem klass found.
- return k;
- }
- }
- }
-
- // No constraints, or else no klass loaded yet.
- return NULL;
-}
-
-
void LoaderConstraintTable::ensure_loader_constraint_capacity(
LoaderConstraintEntry *p,
int nfree) {
diff -up ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp.mar10sec ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp
--- ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp 2010-03-24 20:10:55.071365223 -0400
@@ -64,9 +64,6 @@ public:
Handle loader2, bool is_method, TRAPS);
klassOop find_constrained_klass(symbolHandle name, Handle loader);
- klassOop find_constrained_elem_klass(symbolHandle name, symbolHandle elem_name,
- Handle loader, TRAPS);
-
// Class loader constraints
diff -up ./openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp.mar10sec ./openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
--- ./openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp 2010-03-24 20:10:55.073399848 -0400
@@ -2061,9 +2061,8 @@ klassOop SystemDictionary::find_constrai
// a loader constraint that would require this loader to return the
// klass that is already loaded.
if (FieldType::is_array(class_name())) {
- // Array classes are hard because their klassOops are not kept in the
- // constraint table. The array klass may be constrained, but the elem class
- // may not be.
+ // For array classes, their klassOops are not kept in the
+ // constraint table. The element klassOops are.
jint dimension;
symbolOop object_key;
BasicType t = FieldType::get_array_info(class_name(), &dimension,
@@ -2073,8 +2072,9 @@ klassOop SystemDictionary::find_constrai
} else {
symbolHandle elem_name(THREAD, object_key);
MutexLocker mu(SystemDictionary_lock, THREAD);
- klass = constraints()->find_constrained_elem_klass(class_name, elem_name, class_loader, THREAD);
+ klass = constraints()->find_constrained_klass(elem_name, class_loader);
}
+ // If element class already loaded, allocate array klass
if (klass != NULL) {
klass = Klass::cast(klass)->array_klass_or_null(dimension);
}
@@ -2092,22 +2092,38 @@ bool SystemDictionary::add_loader_constr
Handle class_loader1,
Handle class_loader2,
Thread* THREAD) {
- unsigned int d_hash1 = dictionary()->compute_hash(class_name, class_loader1);
+ symbolHandle constraint_name;
+ if (!FieldType::is_array(class_name())) {
+ constraint_name = class_name;
+ } else {
+ // For array classes, their klassOops are not kept in the
+ // constraint table. The element classes are.
+ jint dimension;
+ symbolOop object_key;
+ BasicType t = FieldType::get_array_info(class_name(), &dimension,
+ &object_key, CHECK_(false));
+ // primitive types always pass
+ if (t != T_OBJECT) {
+ return true;
+ } else {
+ constraint_name = symbolHandle(THREAD, object_key);
+ }
+ }
+ unsigned int d_hash1 = dictionary()->compute_hash(constraint_name, class_loader1);
int d_index1 = dictionary()->hash_to_index(d_hash1);
- unsigned int d_hash2 = dictionary()->compute_hash(class_name, class_loader2);
+ unsigned int d_hash2 = dictionary()->compute_hash(constraint_name, class_loader2);
int d_index2 = dictionary()->hash_to_index(d_hash2);
-
{
- MutexLocker mu_s(SystemDictionary_lock, THREAD);
+ MutexLocker mu_s(SystemDictionary_lock, THREAD);
- // Better never do a GC while we're holding these oops
- No_Safepoint_Verifier nosafepoint;
+ // Better never do a GC while we're holding these oops
+ No_Safepoint_Verifier nosafepoint;
- klassOop klass1 = find_class(d_index1, d_hash1, class_name, class_loader1);
- klassOop klass2 = find_class(d_index2, d_hash2, class_name, class_loader2);
- return constraints()->add_entry(class_name, klass1, class_loader1,
- klass2, class_loader2);
+ klassOop klass1 = find_class(d_index1, d_hash1, constraint_name, class_loader1);
+ klassOop klass2 = find_class(d_index2, d_hash2, constraint_name, class_loader2);
+ return constraints()->add_entry(constraint_name, klass1, class_loader1,
+ klass2, class_loader2);
}
}
@@ -2139,6 +2155,7 @@ symbolOop SystemDictionary::find_resolut
// Returns the name of the type that failed a loader constraint check, or
// NULL if no constraint failed. The returned C string needs cleaning up
// with a ResourceMark in the caller
+// Arrays are not added to the loader constraint table, their elements are.
char* SystemDictionary::check_signature_loaders(symbolHandle signature,
Handle loader1, Handle loader2,
bool is_method, TRAPS) {
diff -up ./openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp.mar10sec ./openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp
--- ./openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp 2010-03-24 20:10:55.074405950 -0400
@@ -122,16 +122,16 @@ void typeArrayKlass::copy_array(arrayOop
|| (((unsigned int) length + (unsigned int) dst_pos) > (unsigned int) d->length()) ) {
THROW(vmSymbols::java_lang_ArrayIndexOutOfBoundsException());
}
+ // Check zero copy
+ if (length == 0)
+ return;
// This is an attempt to make the copy_array fast.
- // NB: memmove takes care of overlapping memory segments.
- // Potential problem: memmove is not guaranteed to be word atomic
- // Revisit in Merlin
int l2es = log2_element_size();
int ihs = array_header_in_bytes() / wordSize;
- char* src = (char*) ((oop*)s + ihs) + (src_pos << l2es);
- char* dst = (char*) ((oop*)d + ihs) + (dst_pos << l2es);
- memmove(dst, src, length << l2es);
+ char* src = (char*) ((oop*)s + ihs) + ((size_t)src_pos << l2es);
+ char* dst = (char*) ((oop*)d + ihs) + ((size_t)dst_pos << l2es);
+ Copy::conjoint_memory_atomic(src, dst, (size_t)length << l2es);
}
diff -up ./openjdk/hotspot/src/share/vm/opto/cfgnode.cpp.mar10sec ./openjdk/hotspot/src/share/vm/opto/cfgnode.cpp
--- ./openjdk/hotspot/src/share/vm/opto/cfgnode.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/opto/cfgnode.cpp 2010-03-24 20:10:55.075397017 -0400
@@ -956,6 +956,7 @@ const Type *PhiNode::Value( PhaseTransfo
}
if( jtkp && ttkp ) {
if( jtkp->is_loaded() && jtkp->klass()->is_interface() &&
+ !jtkp->klass_is_exact() && // Keep exact interface klass (6894807)
ttkp->is_loaded() && !ttkp->klass()->is_interface() ) {
assert(ft == ttkp->cast_to_ptr_type(jtkp->ptr()) ||
ft->isa_narrowoop() && ft->make_ptr() == ttkp->cast_to_ptr_type(jtkp->ptr()), "");
diff -up ./openjdk/hotspot/src/share/vm/opto/type.cpp.mar10sec ./openjdk/hotspot/src/share/vm/opto/type.cpp
--- ./openjdk/hotspot/src/share/vm/opto/type.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/opto/type.cpp 2010-03-24 20:10:55.076392010 -0400
[...4241 lines suppressed...]
+
+
+ // set a security manager for the second check
+ System.setSecurityManager(new SecurityManager());
+ try {
+ new NullThreadGroup(systemTG, "null group 2");
+ fail();
+ } catch (SecurityException unused) {
+ // OK, the security manager disallows creation
+ }
+ checkNullGroup();
+ }
+
+ void checkNullGroup() {
+ // try to force the finalizer to run
+ System.runFinalization();
+ System.gc();
+ System.runFinalization();
+
+ if (nullGroup != null) {
+ // the finalizer has been run
+ check(nullGroup.getParent() != null,
+ "A thread group has been created with a null parent");
+
+ //reset
+ nullGroup = null;
+ } else {
+ // the thread group object never got created
+ pass();
+ }
+ }
+
+ static class NullThreadGroup extends ThreadGroup {
+ NullThreadGroup(ThreadGroup parent, String name) {
+ super(parent, name);
+ }
+
+ @Override
+ public void finalize() {
+ // expose the uninitialized group
+ nullGroup = this;
+ }
+ }
+
+ //--------------------- Infrastructure ---------------------------
+ volatile int passed = 0, failed = 0;
+ void pass() {passed++;}
+ void fail() {failed++; Thread.dumpStack();}
+ void fail(String msg) {System.err.println(msg); fail();}
+ void unexpected(Throwable t) {failed++; t.printStackTrace();}
+ void check(boolean cond) {if (cond) pass(); else fail();}
+ void check(boolean cond, String failMessage) {if (cond) pass(); else fail(failMessage);}
+ public static void main(String[] args) throws Throwable {
+ Class<?> k = new Object(){}.getClass().getEnclosingClass();
+ try {k.getMethod("instanceMain",String[].class)
+ .invoke( k.newInstance(), (Object) args);}
+ catch (Throwable e) {throw e.getCause();}}
+ public void instanceMain(String[] args) throws Throwable {
+ try {test(args);} catch (Throwable t) {unexpected(t);}
+ System.out.printf("%nPassed = %d, failed = %d%n%n", passed, failed);
+ if (failed > 0) throw new AssertionError("Some tests failed");}
+}
diff -up ./openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
--- ./openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java.mar10sec 2009-04-24 03:34:50.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java 2010-03-24 20:10:55.108393863 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2003 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
* @test
* @bug 4403428
* @summary Invalidating JSSE session on server causes SSLProtocolException
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
* @author Brad Wetmore
*/
diff -up ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
--- ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java.mar10sec 2009-04-24 03:34:51.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java 2010-03-24 20:10:55.108393863 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
* @bug 4280338
* @summary "Unsupported SSL message version" SSLProtocolException
* w/SSL_RSA_WITH_NULL_MD5
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
*
* @author Ram Marti
* @author Brad Wetmore
diff -up ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
--- ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java.mar10sec 2009-04-24 03:34:51.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java 2010-03-24 20:10:55.109405176 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
* @test
* @bug 4948079
* @summary SSLEngineResult needs updating [none yet]
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
*
* This is a simple hack to test a bunch of conditions and check
* their return codes.
diff -up ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
--- ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java.mar10sec 2009-04-24 03:34:51.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java 2010-03-24 20:10:55.109405176 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
* @bug 4495742
* @summary Add non-blocking SSL/TLS functionality, usable with any
* I/O abstraction
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
*
* This is a bit hacky, meant to test various conditions. The main
* thing I wanted to do with this was to do buffer reads/writes
diff -up ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java
--- ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java.mar10sec 2009-04-24 03:34:51.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java 2010-03-24 20:10:55.110392412 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
* @test
* @bug 4495742
* @summary Demonstrate SSLEngine switch from no client auth to client auth.
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
*
* @author Brad R. Wetmore
*/
diff -up ./openjdk/jdk/test/sun/security/util/Oid/BerOid.java.mar10sec ./openjdk/jdk/test/sun/security/util/Oid/BerOid.java
--- ./openjdk/jdk/test/sun/security/util/Oid/BerOid.java.mar10sec 2010-03-24 20:10:55.110392412 -0400
+++ ./openjdk/jdk/test/sun/security/util/Oid/BerOid.java 2010-03-24 20:10:55.110392412 -0400
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6898622
+ * @summary ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
+ * @run main/fail BerOid
+ */
+
+import sun.security.util.*;
+
+public class BerOid {
+ public static void main(String[] args) throws Exception {
+ new DerValue(new byte[] {6, 4, 85, 4, (byte)0x80, 3}).getOID();
+ }
+}
+
+
Index: java-1.6.0-openjdk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/java-1.6.0-openjdk/F-11/java-1.6.0-openjdk.spec,v
retrieving revision 1.137
retrieving revision 1.138
diff -u -p -r1.137 -r1.138
--- java-1.6.0-openjdk.spec 12 Mar 2010 13:12:59 -0000 1.137
+++ java-1.6.0-openjdk.spec 6 Apr 2010 07:34:36 -0000 1.138
@@ -4,7 +4,7 @@
%define gcjbootstrap 0
# If runtests is 0 test suites will not be run.
-%define runtests 1
+%define runtests 0
%define icedteaver 1.7.1
%define icedteasnapshot %{nil}
@@ -137,7 +137,7 @@
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{buildver}
-Release: 33.%{openjdkver}%{?dist}
+Release: 34.%{openjdkver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -173,6 +173,7 @@ Patch4: java-1.6.0-openjdk-accessible-
Patch5: java-1.6.0-openjdk-linux-globals.patch
Patch6: java-1.6.0-openjdk-memory-barriers.patch
Patch7: java-1.6.0-openjdk-pulse-audio-libs.patch
+Patch8: java-1.6.0-openjdk-securitypatches-20100323.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -415,6 +416,7 @@ make patch
patch -l -p0 < %{PATCH3}
patch -l -p0 < %{PATCH4}
patch -l -p0 < %{PATCH6}
+patch -l -p0 < %{PATCH8}
make
export JAVA_HOME=$(pwd)/%{buildoutputdir}/j2sdk-image
@@ -961,6 +963,29 @@ exit 0
%{_jvmdir}/%{jredir}/lib/%{archinstall}/IcedTeaPlugin.so
%changelog
+* Tue Mar 30 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-34.b17
+- Added java-1.6.0-openjdk-securitypatches-20100323.patch
+- Resolves: rhbz#575760
+- Resolves: rhbz#575764
+- Resolves: rhbz#575736
+- Resolves: rhbz#575740
+- Resolves: rhbz#575745
+- Resolves: rhbz#575747
+- Resolves: rhbz#575755
+- Resolves: rhbz#575756
+- Resolves: rhbz#575818
+- Resolves: rhbz#575808
+- Resolves: rhbz#575789
+- Resolves: rhbz#575775
+- Resolves: rhbz#575772
+- Resolves: rhbz#575769
+- Resolves: rhbz#533125
+- Resolves: rhbz#575871
+- Resolves: rhbz#575865
+- Resolves: rhbz#575861
+- Resolves: rhbz#575854
+- Resolves: rhbz#575846
+
* Fri Mar 12 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-33.b17
- Added java-1.6.0-openjdk-pulse-audio-libs.patch
More information about the scm-commits
mailing list