Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Aug 2012 05:32:58 +0000 (UTC)
From:      Greg Lewis <glewis@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r303360 - in head/java/openjdk7: . files
Message-ID:  <201208300532.q7U5Ww7H079176@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: glewis
Date: Thu Aug 30 05:32:57 2012
New Revision: 303360
URL: http://svn.freebsd.org/changeset/ports/303360

Log:
  . Commit a fix for CVE-2012-4681.
  
  Obtained from:	Mark Wielaard <mjw@redhat.com> via rea@

Added:
  head/java/openjdk7/files/patch-CVE-2012-4681   (contents, props changed)
Modified:
  head/java/openjdk7/Makefile

Modified: head/java/openjdk7/Makefile
==============================================================================
--- head/java/openjdk7/Makefile	Thu Aug 30 03:08:13 2012	(r303359)
+++ head/java/openjdk7/Makefile	Thu Aug 30 05:32:57 2012	(r303360)
@@ -7,6 +7,7 @@
 
 PORTNAME=	openjdk
 PORTVERSION=	${JDK_MAJOR_VERSION}.${PORT_MINOR_VERSION}.${PORT_BUILD_NUMBER}
+PORTREVISION=	1
 CATEGORIES=	java devel
 MASTER_SITES=	http://download.java.net/openjdk/jdk${JDK_MAJOR_VERSION}u${JDK_MINOR_VERSION}/promoted/b${JDK_BUILD_NUMBER}/ \
 		http://download.java.net/jaxp/1.4.5/:jaxp \

Added: head/java/openjdk7/files/patch-CVE-2012-4681
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/java/openjdk7/files/patch-CVE-2012-4681	Thu Aug 30 05:32:57 2012	(r303360)
@@ -0,0 +1,63 @@
+--- jdk/src/share/classes/com/sun/beans/finder/ConstructorFinder.java	Mon Jun 27 13:21:34 2011 -0700
++++ jdk/src/share/classes/com/sun/beans/finder/ConstructorFinder.java	Wed Aug 29 09:52:11 2012 +0200
+@@ -29,6 +29,8 @@
+ import java.lang.reflect.Constructor;
+ import java.lang.reflect.Modifier;
+ 
++import sun.reflect.misc.ReflectUtil;
++
+ /**
+  * This utility class provides {@code static} methods
+  * to find a public constructor with specified parameter types
+@@ -61,7 +63,8 @@
+         if (Modifier.isAbstract(type.getModifiers())) {
+             throw new NoSuchMethodException("Abstract class cannot be instantiated");
+         }
+-        if (!Modifier.isPublic(type.getModifiers())) {
++        if (!ReflectUtil.isPackageAccessible(type)
++	    || !Modifier.isPublic(type.getModifiers())) {
+             throw new NoSuchMethodException("Class is not accessible");
+         }
+         PrimitiveWrapperMap.replacePrimitivesWithWrappers(args);
+--- jdk/src/share/classes/com/sun/beans/finder/FieldFinder.java	Mon Jun 27 13:21:34 2011 -0700
++++ jdk/src/share/classes/com/sun/beans/finder/FieldFinder.java	Wed Aug 29 09:52:11 2012 +0200
+@@ -27,6 +27,8 @@
+ import java.lang.reflect.Field;
+ import java.lang.reflect.Modifier;
+ 
++import sun.reflect.misc.ReflectUtil;
++
+ /**
+  * This utility class provides {@code static} methods
+  * to find a public field with specified name
+@@ -56,7 +58,8 @@
+         if (!Modifier.isPublic(field.getModifiers())) {
+             throw new NoSuchFieldException("Field '" + name + "' is not public");
+         }
+-        if (!Modifier.isPublic(field.getDeclaringClass().getModifiers())) {
++        if (!ReflectUtil.isPackageAccessible(field.getDeclaringClass()) ||
++	    !Modifier.isPublic(field.getDeclaringClass().getModifiers())) {
+             throw new NoSuchFieldException("Field '" + name + "' is not accessible");
+         }
+         return field;
+--- jdk/src/share/classes/com/sun/beans/finder/MethodFinder.java	Mon Jun 27 13:21:34 2011 -0700
++++ jdk/src/share/classes/com/sun/beans/finder/MethodFinder.java	Wed Aug 29 09:52:11 2012 +0200
+@@ -33,6 +33,8 @@
+ import java.lang.reflect.Type;
+ import java.util.Arrays;
+ 
++import sun.reflect.misc.ReflectUtil;
++
+ /**
+  * This utility class provides {@code static} methods
+  * to find a public method with specified name and parameter types
+@@ -120,7 +122,8 @@
+      */
+     public static Method findAccessibleMethod(Method method) throws NoSuchMethodException {
+         Class<?> type = method.getDeclaringClass();
+-        if (Modifier.isPublic(type.getModifiers())) {
++        if (ReflectUtil.isPackageAccessible(type)
++	    && Modifier.isPublic(type.getModifiers())) {
+             return method;
+         }
+         if (Modifier.isStatic(method.getModifiers())) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208300532.q7U5Ww7H079176>