IcedTea 2.5.3: Avian, JamVM, Cacao: Implement JVM_FindClassFromCaller OpenJDK 8015256: Better class accessibility
gnu.andrew at redhat.com
Mon Oct 27 14:32:47 UTC 2014
----- Original Message -----
> Den 2014-10-20 22:30, Matthias Klose skrev:
> > - Did you try to build/run these with
> > the IcedTea 2.5.3 update? At least Cacao and JamVM fail.
> I received the IcedTea 2.5.3 security update during the week and indeed
> all alternative JVM broke.
> The OpenJDK source tree revealed the following information:
> 8015256: Better class accessibility
> Summary: Improve protection domain check in forName()
> JVM_FindClassFromCaller appears to work quite similar to
> JVM_FindClassFromClassLoader with the twist that the protection domain
> that belongs to the caller class argument shall be used during the
> lookup of the class. But there is no specification or unit-test in
> OpenJDK documenting the desired effect, if someone have a specification
> or test at hand for how JVM_FindClassFromCaller "security" shall behave
> then i would like to see it.
> I spent some time yesterday looking into it and have filed patches to
> Avian, JamVM and Cacao upstream to make the JVM's compatible with the
> "security" update.
> Pull request links and commits below:
> JamVM: http://sourceforge.net/p/jamvm/mailman/message/32972760/
> CACAO JVM:
> Avian: https://github.com/ReadyTalk/avian/pull/360
I mentioned this in reply to your previous post:
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the distro-pkg-dev