Add multiple security patches and improvements from IcedTea6 1.12.6.

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023941.html

Obtained from:	IcedTea Project
PR:		ports/180541

1 files changed, 78 insertions, 0 deletions

diff --git a/java/openjdk6/files/icedtea/security/20130618/8006611-improve_scripting.patch b/java/openjdk6/files/icedtea/security/20130618/8006611-improve_scripting.patch
new file mode 100644
index 000000000000..831c3512020f
--- /dev/null
+++ b/java/openjdk6/files/icedtea/security/20130618/8006611-improve_scripting.patch
@@ -0,0 +1,78 @@
+# HG changeset patch
+# User sundar
+# Date 1365156565 -19800
+# Node ID 1d5eff0bd9b504b7191279bfc6a417f6a2e2251f
+# Parent  5c9fbf7443a24076a6545cb043102cb2527f62ca
+8006611: Improve scripting
+Reviewed-by: mchung, jdn
+
+diff --git a/src/share/classes/javax/script/ScriptEngineManager.java b/src/share/classes/javax/script/ScriptEngineManager.java
+--- jdk/src/share/classes/javax/script/ScriptEngineManager.java
++++ jdk/src/share/classes/javax/script/ScriptEngineManager.java
+@@ -30,8 +30,6 @@
+ import java.security.*;
+ import sun.misc.Service;
+ import sun.misc.ServiceConfigurationError;
+-import sun.reflect.Reflection;
+-import sun.security.util.SecurityConstants;
+ 
+ /**
+  * The <code>ScriptEngineManager</code> implements a discovery and instantiation
+@@ -64,13 +62,7 @@
+      */
+     public ScriptEngineManager() {
+         ClassLoader ctxtLoader = Thread.currentThread().getContextClassLoader();
+-        if (canCallerAccessLoader(ctxtLoader)) {
+-            if (DEBUG) System.out.println("using " + ctxtLoader);
+-            init(ctxtLoader);
+-        } else {
+-            if (DEBUG) System.out.println("using bootstrap loader");
+-            init(null);
+-        }
++        init(ctxtLoader);
+     }
+ 
+     /**
+@@ -418,42 +410,4 @@
+ 
+     /** Global bindings associated with script engines created by this manager. */
+     private Bindings globalScope;
+-
+-    private boolean canCallerAccessLoader(ClassLoader loader) {
+-        SecurityManager sm = System.getSecurityManager();
+-        if (sm != null) {
+-            ClassLoader callerLoader = getCallerClassLoader();
+-            if (callerLoader != null) {
+-                if (loader != callerLoader || !isAncestor(loader, callerLoader)) {
+-                    try {
+-                        sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
+-                    } catch (SecurityException exp) {
+-                        if (DEBUG) exp.printStackTrace();
+-                        return false;
+-                    }
+-                } // else fallthru..
+-            } // else fallthru..
+-        } // else fallthru..
+-
+-        return true;
+-    }
+-
+-    // Note that this code is same as ClassLoader.getCallerClassLoader().
+-    // But, that method is package private and hence we can't call here.
+-    private ClassLoader getCallerClassLoader() {
+-        Class caller = Reflection.getCallerClass(3);
+-        if (caller == null) {
+-            return null;
+-        }
+-        return caller.getClassLoader();
+-    }
+-
+-    // is cl1 ancestor of cl2?
+-    private boolean isAncestor(ClassLoader cl1, ClassLoader cl2) {
+-        do {
+-            cl2 = cl2.getParent();
+-            if (cl1 == cl2) return true;
+-        } while (cl2 != null);
+-        return false;
+-    }
+ }