[Jamvm-general] IcedTea 2.5.3: Avian, JamVM, Cacao: Implement JVM_FindClassFromCaller OpenJDK 8015256: Better class accessibility

[Xerxes R. <xe...@za...>]

Den 2014-10-20 22:30, Matthias Klose skrev:
>
>   - Did you try to build/run these with
>     the IcedTea 2.5.3 update? At least Cacao and JamVM fail.
>
>

I received the IcedTea 2.5.3 security update during the week and indeed 
all alternative JVM broke.
http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-for-openjdk-7-released/

The OpenJDK source tree revealed the following information:
8015256: Better class accessibility
Summary: Improve protection domain check in forName()
http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/61d1e75e0a58
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/16cd2826a58f

JVM_FindClassFromCaller appears to work quite similar to 
JVM_FindClassFromClassLoader with the twist that the protection domain 
that belongs to the caller class argument shall be used during the 
lookup of the class. But there is no specification or unit-test in 
OpenJDK documenting the desired effect, if someone have a specification 
or test at hand for how JVM_FindClassFromCaller "security" shall behave 
then i would like to see it.



I spent some time yesterday looking into it and have filed patches to 
Avian, JamVM and Cacao upstream to make the JVM's compatible with the 
"security" update.
Pull request links and commits below:

JamVM: http://sourceforge.net/p/jamvm/mailman/message/32972760/
https://github.com/xranby/jamvm/commit/81f280b4fad847bc393ee4732c23aae9adccb327

CACAO JVM: 
https://bitbucket.org/cacaovm/cacao-staging/pull-request/147/implement-jvm_findclassfromcaller-openjdk/
https://bitbucket.org/xranby/cacao-staging/commits/ec6bd33b3e927738d1353e6e639e76f74d55635f

Avian: https://github.com/ReadyTalk/avian/pull/360
https://github.com/xranby/avian/commit/2e5990a6b0c35934b99a0a776762fab8f643599b

Cheers
Xerxes