diff options
| author | Greg Lewis <glewis@FreeBSD.org> | 2012-08-30 05:32:57 +0000 |
|---|---|---|
| committer | Greg Lewis <glewis@FreeBSD.org> | 2012-08-30 05:32:57 +0000 |
| commit | a553b8d75353bb1f6c5237f86aaf27b35662e2ee (patch) | |
| tree | 348216e94809ea44bcdd8c17a89cb3bae8b460e8 /java | |
| parent | - Fix rc script status and restart/shutdown (diff) | |
. Commit a fix for CVE-2012-4681.
Obtained from: Mark Wielaard <mjw@redhat.com> via rea@
Notes
Notes:
svn path=/head/; revision=303360
Diffstat (limited to 'java')
| -rw-r--r-- | java/openjdk7/Makefile | 1 | ||||
| -rw-r--r-- | java/openjdk7/files/patch-CVE-2012-4681 | 63 |
2 files changed, 64 insertions, 0 deletions
diff --git a/java/openjdk7/Makefile b/java/openjdk7/Makefile index 489d8087fbc7..8c896a251354 100644 --- a/java/openjdk7/Makefile +++ b/java/openjdk7/Makefile @@ -7,6 +7,7 @@ PORTNAME= openjdk PORTVERSION= ${JDK_MAJOR_VERSION}.${PORT_MINOR_VERSION}.${PORT_BUILD_NUMBER} +PORTREVISION= 1 CATEGORIES= java devel MASTER_SITES= http://download.java.net/openjdk/jdk${JDK_MAJOR_VERSION}u${JDK_MINOR_VERSION}/promoted/b${JDK_BUILD_NUMBER}/ \ http://download.java.net/jaxp/1.4.5/:jaxp \ diff --git a/java/openjdk7/files/patch-CVE-2012-4681 b/java/openjdk7/files/patch-CVE-2012-4681 new file mode 100644 index 000000000000..b355c932e4e2 --- /dev/null +++ b/java/openjdk7/files/patch-CVE-2012-4681 @@ -0,0 +1,63 @@ +--- jdk/src/share/classes/com/sun/beans/finder/ConstructorFinder.java Mon Jun 27 13:21:34 2011 -0700 ++++ jdk/src/share/classes/com/sun/beans/finder/ConstructorFinder.java Wed Aug 29 09:52:11 2012 +0200 +@@ -29,6 +29,8 @@ + import java.lang.reflect.Constructor; + import java.lang.reflect.Modifier; + ++import sun.reflect.misc.ReflectUtil; ++ + /** + * This utility class provides {@code static} methods + * to find a public constructor with specified parameter types +@@ -61,7 +63,8 @@ + if (Modifier.isAbstract(type.getModifiers())) { + throw new NoSuchMethodException("Abstract class cannot be instantiated"); + } +- if (!Modifier.isPublic(type.getModifiers())) { ++ if (!ReflectUtil.isPackageAccessible(type) ++ || !Modifier.isPublic(type.getModifiers())) { + throw new NoSuchMethodException("Class is not accessible"); + } + PrimitiveWrapperMap.replacePrimitivesWithWrappers(args); +--- jdk/src/share/classes/com/sun/beans/finder/FieldFinder.java Mon Jun 27 13:21:34 2011 -0700 ++++ jdk/src/share/classes/com/sun/beans/finder/FieldFinder.java Wed Aug 29 09:52:11 2012 +0200 +@@ -27,6 +27,8 @@ + import java.lang.reflect.Field; + import java.lang.reflect.Modifier; + ++import sun.reflect.misc.ReflectUtil; ++ + /** + * This utility class provides {@code static} methods + * to find a public field with specified name +@@ -56,7 +58,8 @@ + if (!Modifier.isPublic(field.getModifiers())) { + throw new NoSuchFieldException("Field '" + name + "' is not public"); + } +- if (!Modifier.isPublic(field.getDeclaringClass().getModifiers())) { ++ if (!ReflectUtil.isPackageAccessible(field.getDeclaringClass()) || ++ !Modifier.isPublic(field.getDeclaringClass().getModifiers())) { + throw new NoSuchFieldException("Field '" + name + "' is not accessible"); + } + return field; +--- jdk/src/share/classes/com/sun/beans/finder/MethodFinder.java Mon Jun 27 13:21:34 2011 -0700 ++++ jdk/src/share/classes/com/sun/beans/finder/MethodFinder.java Wed Aug 29 09:52:11 2012 +0200 +@@ -33,6 +33,8 @@ + import java.lang.reflect.Type; + import java.util.Arrays; + ++import sun.reflect.misc.ReflectUtil; ++ + /** + * This utility class provides {@code static} methods + * to find a public method with specified name and parameter types +@@ -120,7 +122,8 @@ + */ + public static Method findAccessibleMethod(Method method) throws NoSuchMethodException { + Class<?> type = method.getDeclaringClass(); +- if (Modifier.isPublic(type.getModifiers())) { ++ if (ReflectUtil.isPackageAccessible(type) ++ && Modifier.isPublic(type.getModifiers())) { + return method; + } + if (Modifier.isStatic(method.getModifiers())) { |