[icedtea-web] Added upstream fix for RH982558
Omair Majid
omajid at fedoraproject.org
Tue Jul 23 21:58:19 UTC 2013
commit b7550b00f1588148aa36a23225bb2466a0ce222a
Author: Omair Majid <omajid at redhat.com>
Date: Tue Jul 23 17:55:04 2013 -0400
Added upstream fix for RH982558
icedtea-web.spec | 10 +++++++++-
rhino-pac-permissions.patch | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletions(-)
---
diff --git a/icedtea-web.spec b/icedtea-web.spec
index bd5d43b..de56465 100644
--- a/icedtea-web.spec
+++ b/icedtea-web.spec
@@ -19,7 +19,7 @@
Name: icedtea-web
Version: 1.4
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
Group: Applications/Internet
@@ -27,7 +27,11 @@ License: LGPLv2+ and GPLv2 with exceptions
URL: http://icedtea.classpath.org/wiki/IcedTea-Web
Source0: http://icedtea.classpath.org/download/source/%{name}-%{version}.tar.gz
+# These patches are upstream, but not in a release branch
+# http://icedtea.classpath.org/hg/icedtea-web/rev/2469bedc6d63
Patch1: b25-appContextFix.patch
+# http://icedtea.classpath.org/hg/icedtea-web/rev/6904f82aa501
+Patch2: rhino-pac-permissions.patch
BuildRequires: java-%{javaver}-openjdk-devel
BuildRequires: desktop-file-utils
@@ -79,6 +83,7 @@ This package contains Javadocs for the IcedTea-Web project.
%setup -q
%patch1 -p1
+%patch2 -p1
%build
autoreconf
@@ -150,6 +155,9 @@ exit 0
%doc COPYING
%changelog
+* Tue Jul 23 2013 Omair Majid <jvanek at redhat.com> 1.4.0-3
+- Added upstream fix for RH982558
+
* Wed Jun 19 2013 Jiri Vanek <jvanek at redhat.com> 1.4.0-2
- added patch1 b25-appContextFix.patch to make it run with future openjdk
diff --git a/rhino-pac-permissions.patch b/rhino-pac-permissions.patch
new file mode 100644
index 0000000..21d2444
--- /dev/null
+++ b/rhino-pac-permissions.patch
@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Andrew Azores <aazores at redhat.com>
+# Date 1374502410 14400
+# Node ID 6904f82aa50185e2de370c069dcdcd2e8fe507c9
+# Parent 7c75bf721d7cd342b62a2118c8de5867a60eb4f4
+Added java.vm.name read permission to fix Rhino evaluation of proxy PAC (RH982558)
+
+diff -r 7c75bf721d7c -r 6904f82aa501 netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
+--- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java Thu Jul 18 08:53:46 2013 +0200
++++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java Mon Jul 22 10:13:30 2013 -0400
+@@ -48,6 +48,7 @@
+ import java.security.Permissions;
+ import java.security.PrivilegedAction;
+ import java.security.ProtectionDomain;
++import java.util.PropertyPermission;
+
+ import net.sourceforge.jnlp.util.TimedHashMap;
+
+@@ -124,9 +125,15 @@
+
+ EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
+ pacHelperFunctionContents, url);
++
++ // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
++ // isn't supposed to do very much and so doesn't require all the default permissions given by
++ // java.policy
+ Permissions p = new Permissions();
+ p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
+ p.add(new SocketPermission("*", "resolve"));
++ p.add(new PropertyPermission("java.vm.name", "read"));
++
+ ProtectionDomain pd = new ProtectionDomain(null, p);
+ AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });
+
+
More information about the scm-commits
mailing list