From owner-svn-ports-head@FreeBSD.ORG Thu Aug 30 05:32:58 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A1598106566C; Thu, 30 Aug 2012 05:32:58 +0000 (UTC) (envelope-from glewis@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 8AC6F8FC17; Thu, 30 Aug 2012 05:32:58 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7U5WwH0079180; Thu, 30 Aug 2012 05:32:58 GMT (envelope-from glewis@svn.freebsd.org) Received: (from glewis@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7U5Ww7H079176; Thu, 30 Aug 2012 05:32:58 GMT (envelope-from glewis@svn.freebsd.org) Message-Id: <201208300532.q7U5Ww7H079176@svn.freebsd.org> From: Greg Lewis Date: Thu, 30 Aug 2012 05:32:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r303360 - in head/java/openjdk7: . files X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2012 05:32:58 -0000 Author: glewis Date: Thu Aug 30 05:32:57 2012 New Revision: 303360 URL: http://svn.freebsd.org/changeset/ports/303360 Log: . Commit a fix for CVE-2012-4681. Obtained from: Mark Wielaard via rea@ Added: head/java/openjdk7/files/patch-CVE-2012-4681 (contents, props changed) Modified: head/java/openjdk7/Makefile Modified: head/java/openjdk7/Makefile ============================================================================== --- head/java/openjdk7/Makefile Thu Aug 30 03:08:13 2012 (r303359) +++ head/java/openjdk7/Makefile Thu Aug 30 05:32:57 2012 (r303360) @@ -7,6 +7,7 @@ PORTNAME= openjdk PORTVERSION= ${JDK_MAJOR_VERSION}.${PORT_MINOR_VERSION}.${PORT_BUILD_NUMBER} +PORTREVISION= 1 CATEGORIES= java devel MASTER_SITES= http://download.java.net/openjdk/jdk${JDK_MAJOR_VERSION}u${JDK_MINOR_VERSION}/promoted/b${JDK_BUILD_NUMBER}/ \ http://download.java.net/jaxp/1.4.5/:jaxp \ Added: head/java/openjdk7/files/patch-CVE-2012-4681 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/java/openjdk7/files/patch-CVE-2012-4681 Thu Aug 30 05:32:57 2012 (r303360) @@ -0,0 +1,63 @@ +--- jdk/src/share/classes/com/sun/beans/finder/ConstructorFinder.java Mon Jun 27 13:21:34 2011 -0700 ++++ jdk/src/share/classes/com/sun/beans/finder/ConstructorFinder.java Wed Aug 29 09:52:11 2012 +0200 +@@ -29,6 +29,8 @@ + import java.lang.reflect.Constructor; + import java.lang.reflect.Modifier; + ++import sun.reflect.misc.ReflectUtil; ++ + /** + * This utility class provides {@code static} methods + * to find a public constructor with specified parameter types +@@ -61,7 +63,8 @@ + if (Modifier.isAbstract(type.getModifiers())) { + throw new NoSuchMethodException("Abstract class cannot be instantiated"); + } +- if (!Modifier.isPublic(type.getModifiers())) { ++ if (!ReflectUtil.isPackageAccessible(type) ++ || !Modifier.isPublic(type.getModifiers())) { + throw new NoSuchMethodException("Class is not accessible"); + } + PrimitiveWrapperMap.replacePrimitivesWithWrappers(args); +--- jdk/src/share/classes/com/sun/beans/finder/FieldFinder.java Mon Jun 27 13:21:34 2011 -0700 ++++ jdk/src/share/classes/com/sun/beans/finder/FieldFinder.java Wed Aug 29 09:52:11 2012 +0200 +@@ -27,6 +27,8 @@ + import java.lang.reflect.Field; + import java.lang.reflect.Modifier; + ++import sun.reflect.misc.ReflectUtil; ++ + /** + * This utility class provides {@code static} methods + * to find a public field with specified name +@@ -56,7 +58,8 @@ + if (!Modifier.isPublic(field.getModifiers())) { + throw new NoSuchFieldException("Field '" + name + "' is not public"); + } +- if (!Modifier.isPublic(field.getDeclaringClass().getModifiers())) { ++ if (!ReflectUtil.isPackageAccessible(field.getDeclaringClass()) || ++ !Modifier.isPublic(field.getDeclaringClass().getModifiers())) { + throw new NoSuchFieldException("Field '" + name + "' is not accessible"); + } + return field; +--- jdk/src/share/classes/com/sun/beans/finder/MethodFinder.java Mon Jun 27 13:21:34 2011 -0700 ++++ jdk/src/share/classes/com/sun/beans/finder/MethodFinder.java Wed Aug 29 09:52:11 2012 +0200 +@@ -33,6 +33,8 @@ + import java.lang.reflect.Type; + import java.util.Arrays; + ++import sun.reflect.misc.ReflectUtil; ++ + /** + * This utility class provides {@code static} methods + * to find a public method with specified name and parameter types +@@ -120,7 +122,8 @@ + */ + public static Method findAccessibleMethod(Method method) throws NoSuchMethodException { + Class type = method.getDeclaringClass(); +- if (Modifier.isPublic(type.getModifiers())) { ++ if (ReflectUtil.isPackageAccessible(type) ++ && Modifier.isPublic(type.getModifiers())) { + return method; + } + if (Modifier.isStatic(method.getModifiers())) {