[icedtea-web] Added upstream fix for RH982558

Omair Majid omajid at fedoraproject.org
Tue Jul 23 21:58:19 UTC 2013 

commit b7550b00f1588148aa36a23225bb2466a0ce222a
Author: Omair Majid <omajid at redhat.com>
Date:   Tue Jul 23 17:55:04 2013 -0400

    Added upstream fix for RH982558

 icedtea-web.spec            |   10 +++++++++-
 rhino-pac-permissions.patch |   35 +++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletions(-)
---
diff --git a/icedtea-web.spec b/icedtea-web.spec
index bd5d43b..de56465 100644
--- a/icedtea-web.spec
+++ b/icedtea-web.spec
@@ -19,7 +19,7 @@
 
 Name:		icedtea-web
 Version:	1.4
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
 
 Group:      Applications/Internet
@@ -27,7 +27,11 @@ License:    LGPLv2+ and GPLv2 with exceptions
 URL:        http://icedtea.classpath.org/wiki/IcedTea-Web
 Source0:    http://icedtea.classpath.org/download/source/%{name}-%{version}.tar.gz
 
+# These patches are upstream, but not in a release branch
+# http://icedtea.classpath.org/hg/icedtea-web/rev/2469bedc6d63
 Patch1:		b25-appContextFix.patch
+# http://icedtea.classpath.org/hg/icedtea-web/rev/6904f82aa501
+Patch2:     rhino-pac-permissions.patch
 
 BuildRequires:  java-%{javaver}-openjdk-devel
 BuildRequires:  desktop-file-utils
@@ -79,6 +83,7 @@ This package contains Javadocs for the IcedTea-Web project.
 %setup -q
 
 %patch1 -p1
+%patch2 -p1
 
 %build
 autoreconf
@@ -150,6 +155,9 @@ exit 0
 %doc COPYING
 
 %changelog
+* Tue Jul 23 2013 Omair Majid <jvanek at redhat.com> 1.4.0-3
+- Added upstream fix for RH982558
+
 * Wed Jun 19 2013 Jiri Vanek <jvanek at redhat.com> 1.4.0-2
 - added patch1 b25-appContextFix.patch to make it run with future openjdk
 
diff --git a/rhino-pac-permissions.patch b/rhino-pac-permissions.patch
new file mode 100644
index 0000000..21d2444
--- /dev/null
+++ b/rhino-pac-permissions.patch
@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Andrew Azores <aazores at redhat.com>
+# Date 1374502410 14400
+# Node ID 6904f82aa50185e2de370c069dcdcd2e8fe507c9
+# Parent  7c75bf721d7cd342b62a2118c8de5867a60eb4f4
+Added java.vm.name read permission to fix Rhino evaluation of proxy PAC (RH982558)
+
+diff -r 7c75bf721d7c -r 6904f82aa501 netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
+--- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java    Thu Jul 18 08:53:46 2013 +0200
++++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java    Mon Jul 22 10:13:30 2013 -0400
+@@ -48,6 +48,7 @@
+ import java.security.Permissions;
+ import java.security.PrivilegedAction;
+ import java.security.ProtectionDomain;
++import java.util.PropertyPermission;
+
+ import net.sourceforge.jnlp.util.TimedHashMap;
+
+@@ -124,9 +125,15 @@
+
+         EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
+                 pacHelperFunctionContents, url);
++
++        // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
++        // isn't supposed to do very much and so doesn't require all the default permissions given by
++        // java.policy
+         Permissions p = new Permissions();
+         p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
+         p.add(new SocketPermission("*", "resolve"));
++        p.add(new PropertyPermission("java.vm.name", "read"));
++
+         ProtectionDomain pd = new ProtectionDomain(null, p);
+         AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });
+
+

More information about the scm-commits mailing list