import icedtea-web-1.8.4-4.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:49:02 -04:00 committed by Andrew Lukoshko
parent 3b50fa8af2
commit 368b924c04
16 changed files with 877 additions and 11431 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/icedtea-web-1.7.1.tar.gz SOURCES/icedtea-web-1.8.4.tar.gz

View File

@ -1 +1 @@
a484daa20cadefe4d4ba2c1e3b28dbb39c986f4b SOURCES/icedtea-web-1.7.1.tar.gz 08f339753946626f5f46d11120dce44d5e6f6540 SOURCES/icedtea-web-1.8.4.tar.gz

File diff suppressed because it is too large Load Diff

View File

@ -1,23 +0,0 @@
commit 5437234c59f6c375a8ad0b07f93d459eefd571ba
Author: Jiri Vanek <jvanek@redhat.com>
Date: Tue Jul 9 12:10:39 2019 +0200
Preventively, hash also .. in queue
diff --git a/netx/net/sourceforge/jnlp/cache/CacheUtil.java b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
index 5c8652b6..15e8865c 100644
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
+++ b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
@@ -703,7 +703,11 @@ public class CacheUtil {
path.append(File.separatorChar);
}
String locationPath = location.getPath().replace('/', File.separatorChar);
- if (locationPath.contains("..")){
+ String query = "";
+ if (location.getQuery() != null) {
+ query = location.getQuery();
+ }
+ if (locationPath.contains("..") || query.contains("..")){
try {
/**
* if path contains .. then it can harm lcoal system

40
SOURCES/altjava.patch Normal file
View File

@ -0,0 +1,40 @@
--- IcedTea-Web-icedtea-web-1.8.4/shell-launcher/launchers.sh.in
+++ iIcedTea-Web-cedtea-web-1.8.4/shell-launcher/launchers.sh.in
@@ -193,6 +193,12 @@
shift
done
+java_dir="`dirname ${JAVA}`"
+alt_java="alt-java"
+if [ -e "$java_dir/$alt_java" ] ; then
+ JAVA="`dirname ${JAVA}`/$alt_java"
+fi
+
# TODO: inline args without using COMMAND[array] to unify linux/windows scripts
k=0
COMMAND[k]="${JAVA}"
--- IcedTea-Web-icedtea-web-1.8.4/rust-launcher/src/os_access.rs
+++ IcedTea-Web-icedtea-web-1.8.4/rust-launcher/src/os_access.rs
@@ -5,9 +5,19 @@
use log_helper;
pub fn create_java_cmd(os: &Os,jre_dir: &std::path::PathBuf, args: &Vec<String>) -> std::process::Command {
- let mut bin_java = jre_dir.clone();
- bin_java.push("bin");
- bin_java.push("java");
+ let mut alt_bin_java = jre_dir.clone();
+ alt_bin_java.push("bin");
+ alt_bin_java.push("alt-java");
+ let mut bin_java;
+ if alt_bin_java.exists() {
+ os.log("itw-rust-debug: alt-java found");
+ bin_java = alt_bin_java;
+ } else {
+ os.log("itw-rust-debug: alt-java NOT found");
+ bin_java = jre_dir.clone();
+ bin_java.push("bin");
+ bin_java.push("java");
+ }
let mut cmd = std::process::Command::new(&bin_java);
for ar in args.into_iter() {
cmd.arg(ar);

View File

@ -0,0 +1,735 @@
diff --git a/Makefile.am b/Makefile.am
index 3f73cff7..1112bf49 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -956,10 +956,10 @@ if ENABLE_NATIVE_LAUNCHERS
# there is curently harecoded sh, so it can somehow basically work
# see the DESKTOP_SUFFIX for final tuning
launcher.build/$(javaws) launcher.build/$(itweb_settings) launcher.build/$(policyeditor): rust-launcher/src/main.rs rust-launcher/Cargo.toml
- export ITW_TMP_REPLACEMENT=$(TESTS_DIR)/rust_tests_tmp ; \
- mkdir -p $$ITW_TMP_REPLACEMENT; \
filename=`basename $@` ; \
type=$${filename%.*} ; \
+ export ITW_TMP_REPLACEMENT=$(TESTS_DIR)/rust_tests_tmp/$$type ; \
+ mkdir -p $$ITW_TMP_REPLACEMENT; \
srcs=$(TOP_SRC_DIR)/rust-launcher ; \
outs=$(TOP_BUILD_DIR)/launcher.in.$$type ; \
mkdir -p launcher.build ; \
diff --git a/configure.ac b/configure.ac
index 5bcb1046..03796e39 100644
--- a/configure.ac
+++ b/configure.ac
@@ -71,7 +71,7 @@ AM_CONDITIONAL([ENABLE_NATIVE_LAUNCHERS], [test ! x"$RUSTC" = x -a ! x"$CARGO" =
build_linux=no
build_windows=no
case "${host_os}" in
- linux*)
+ linux*|freebsd*)
build_linux=yes
;;
cygwin*)
diff --git a/netx/net/sourceforge/jnlp/Launcher.java b/netx/net/sourceforge/jnlp/Launcher.java
index bcfd7b34..1ff42421 100644
--- a/netx/net/sourceforge/jnlp/Launcher.java
+++ b/netx/net/sourceforge/jnlp/Launcher.java
@@ -552,7 +552,7 @@ public class Launcher {
}
OutputController.getLogger().log(OutputController.Level.ERROR_ALL, "Starting application [" + mainName + "] ...");
-
+
Class<?> mainClass = app.getClassLoader().loadClass(mainName);
Method main = mainClass.getMethod("main", new Class<?>[] { String[].class });
@@ -572,6 +572,7 @@ public class Launcher {
main.setAccessible(true);
+ JNLPRuntime.addStartupTrackingEntry("invoking main()");
OutputController.getLogger().log("Invoking main() with args: " + Arrays.toString(args));
main.invoke(null, new Object[] { args });
diff --git a/netx/net/sourceforge/jnlp/OptionsDefinitions.java b/netx/net/sourceforge/jnlp/OptionsDefinitions.java
index c87b4a79..16ef46d3 100644
--- a/netx/net/sourceforge/jnlp/OptionsDefinitions.java
+++ b/netx/net/sourceforge/jnlp/OptionsDefinitions.java
@@ -78,6 +78,7 @@ public class OptionsDefinitions {
JNLP("-jnlp","BOJnlp", NumberOfArguments.ONE),
HTML("-html","BOHtml", NumberOfArguments.ONE_OR_MORE),
BROWSER("-browser", "BrowserArg", NumberOfArguments.ONE_OR_MORE),
+ STARTUP_TRACKER("-startuptracker","BOStartupTracker"),
//itweb settings
LIST("-list", "IBOList"),
GET("-get", "name", "IBOGet", NumberOfArguments.ONE_OR_MORE),
@@ -222,7 +223,8 @@ public class OptionsDefinitions {
OPTIONS.TRUSTNONE,
OPTIONS.JNLP,
OPTIONS.HTML,
- OPTIONS.BROWSER
+ OPTIONS.BROWSER,
+ OPTIONS.STARTUP_TRACKER
});
}
diff --git a/netx/net/sourceforge/jnlp/cache/CacheEntry.java b/netx/net/sourceforge/jnlp/cache/CacheEntry.java
index 3a241acb..c5f1f329 100644
--- a/netx/net/sourceforge/jnlp/cache/CacheEntry.java
+++ b/netx/net/sourceforge/jnlp/cache/CacheEntry.java
@@ -47,6 +47,8 @@ public class CacheEntry {
/** info about the cached file */
private final PropertiesFile properties;
+ private File localFile;
+
/**
* Create a CacheEntry for the resources specified as a remote
* URL.
@@ -58,8 +60,8 @@ public class CacheEntry {
this.location = location;
this.version = version;
- File infoFile = CacheUtil.getCacheFile(location, version);
- infoFile = new File(infoFile.getPath() + CacheDirectory.INFO_SUFFIX); // replace with something that can't be clobbered
+ this.localFile = CacheUtil.getCacheFile(location, version);
+ File infoFile = new File(localFile.getPath() + CacheDirectory.INFO_SUFFIX); // replace with something that can't be clobbered
properties = new PropertiesFile(infoFile, R("CAutoGen"));
}
@@ -130,7 +132,11 @@ public class CacheEntry {
* @return whether the cache contains the version
*/
public boolean isCurrent(long lastModified) {
- boolean cached = isCached();
+ return isCurrent(lastModified, null);
+ }
+
+ public boolean isCurrent(long lastModified, File cachedFile) {
+ boolean cached = isCached(cachedFile);
OutputController.getLogger().log("isCurrent:isCached " + cached);
if (!cached) {
@@ -153,7 +159,16 @@ public class CacheEntry {
* @return true if the resource is in the cache
*/
public boolean isCached() {
- File localFile = getCacheFile();
+ return isCached(null);
+ }
+
+ public boolean isCached(File cachedFile) {
+ final File localFile;
+ if (null == version && null != cachedFile) {
+ localFile = cachedFile;
+ } else {
+ localFile = getCacheFile();
+ }
if (!localFile.exists())
return false;
@@ -224,4 +239,7 @@ public class CacheEntry {
return properties.isHeldByCurrentThread();
}
+ public File getLocalFile() {
+ return localFile;
+ }
}
diff --git a/netx/net/sourceforge/jnlp/cache/CacheUtil.java b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
index 486421b9..d298d203 100644
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
+++ b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
@@ -422,14 +422,13 @@ public class CacheUtil {
* @return whether the cache contains the version
* @throws IllegalArgumentException if the source is not cacheable
*/
- public static boolean isCurrent(URL source, Version version, long lastModifed) {
+ public static boolean isCurrent(URL source, Version version, long lastModifed, CacheEntry entry, File cachedFile) {
if (!isCacheable(source, version))
throw new IllegalArgumentException(R("CNotCacheable", source));
try {
- CacheEntry entry = new CacheEntry(source, version); // could pool this
- boolean result = entry.isCurrent(lastModifed);
+ boolean result = entry.isCurrent(lastModifed, cachedFile);
OutputController.getLogger().log("isCurrent: " + source + " = " + result);
@@ -796,6 +795,8 @@ public class CacheUtil {
}
URL undownloaded[] = urlList.toArray(new URL[urlList.size()]);
+ final int maxUrls = Integer.parseInt(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_MAX_URLS_DOWNLOAD_INDICATOR));
+
listener = indicator.getListener(app, title, undownloaded);
do {
@@ -810,20 +811,30 @@ public class CacheUtil {
int percent = (int) ((100 * read) / Math.max(1, total));
+ int urlCounter = 0;
for (URL url : undownloaded) {
+ if (urlCounter > maxUrls) {
+ break;
+ }
listener.progress(url, "version",
tracker.getAmountRead(url),
tracker.getTotalSize(url),
percent);
+ urlCounter += 1;
}
} while (!tracker.waitForResources(resources, indicator.getUpdateRate()));
// make sure they read 100% until indicator closes
+ int urlCounter = 0;
for (URL url : undownloaded) {
+ if (urlCounter > maxUrls) {
+ break;
+ }
listener.progress(url, "version",
tracker.getTotalSize(url),
tracker.getTotalSize(url),
100);
+ urlCounter += 1;
}
} catch (InterruptedException ex) {
OutputController.getLogger().log(ex);
diff --git a/netx/net/sourceforge/jnlp/cache/CachedDaemonThreadPoolProvider.java b/netx/net/sourceforge/jnlp/cache/CachedDaemonThreadPoolProvider.java
index 1cd4df23..ff48662d 100644
--- a/netx/net/sourceforge/jnlp/cache/CachedDaemonThreadPoolProvider.java
+++ b/netx/net/sourceforge/jnlp/cache/CachedDaemonThreadPoolProvider.java
@@ -36,9 +36,14 @@
exception statement from your version. */
package net.sourceforge.jnlp.cache;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+
import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
+import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
public class CachedDaemonThreadPoolProvider {
@@ -81,6 +86,19 @@ public class CachedDaemonThreadPoolProvider {
}
}
- public static final ExecutorService DAEMON_THREAD_POOL = Executors.newCachedThreadPool(new DaemonThreadFactory());
+ public static synchronized ExecutorService getThreadPool() {
+ if (null == DAEMON_THREAD_POOL) {
+ final int nThreads = Integer.parseInt(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_BACKGROUND_THREADS_COUNT));
+ ThreadPoolExecutor pool = new ThreadPoolExecutor(nThreads, nThreads,
+ 60L, TimeUnit.SECONDS,
+ new LinkedBlockingQueue<Runnable>(),
+ new DaemonThreadFactory());
+ pool.allowCoreThreadTimeOut(true);
+ DAEMON_THREAD_POOL = pool;
+ }
+ return DAEMON_THREAD_POOL;
+ }
+
+ private static ExecutorService DAEMON_THREAD_POOL = null;
}
diff --git a/netx/net/sourceforge/jnlp/cache/ResourceDownloader.java b/netx/net/sourceforge/jnlp/cache/ResourceDownloader.java
index 643b46fd..e0a123bb 100644
--- a/netx/net/sourceforge/jnlp/cache/ResourceDownloader.java
+++ b/netx/net/sourceforge/jnlp/cache/ResourceDownloader.java
@@ -153,7 +153,12 @@ public class ResourceDownloader implements Runnable {
URLConnection connection = ConnectionFactory.getConnectionFactory().openConnection(location.URL); // this won't change so should be okay not-synchronized
connection.addRequestProperty("Accept-Encoding", "pack200-gzip, gzip");
- File localFile = CacheUtil.getCacheFile(resource.getLocation(), resource.getDownloadVersion());
+ File localFile = null;
+ if (resource.getRequestVersion() == resource.getDownloadVersion()) {
+ localFile = entry.getLocalFile();
+ } else {
+ localFile = CacheUtil.getCacheFile(resource.getLocation(), resource.getDownloadVersion());
+ }
Long size = location.length;
if (size == null) {
size = connection.getContentLengthLong();
@@ -162,7 +167,7 @@ public class ResourceDownloader implements Runnable {
if (lm == null) {
lm = connection.getLastModified();
}
- boolean current = CacheUtil.isCurrent(resource.getLocation(), resource.getRequestVersion(), lm) && resource.getUpdatePolicy() != UpdatePolicy.FORCE;
+ boolean current = CacheUtil.isCurrent(resource.getLocation(), resource.getRequestVersion(), lm, entry, localFile) && resource.getUpdatePolicy() != UpdatePolicy.FORCE;
if (!current) {
if (entry.isCached()) {
entry.markForDelete();
diff --git a/netx/net/sourceforge/jnlp/cache/ResourceTracker.java b/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
index f4ad69be..972a10cf 100644
--- a/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
+++ b/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
@@ -28,10 +28,7 @@ import static net.sourceforge.jnlp.cache.Resource.Status.PROCESSING;
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.EnumSet;
-import java.util.List;
+import java.util.*;
import net.sourceforge.jnlp.DownloadOptions;
import net.sourceforge.jnlp.Version;
@@ -105,6 +102,7 @@ public class ResourceTracker {
/** the resources known about by this resource tracker */
private final List<Resource> resources = new ArrayList<>();
+ private final HashMap<String, Resource> resourcesMap = new HashMap<>();
/** download listeners for this tracker */
private final List<DownloadListener> listeners = new ArrayList<>();
@@ -155,6 +153,7 @@ public class ResourceTracker {
return;
resource.addTracker(this);
resources.add(resource);
+ resourcesMap.put(location.toString(), resource);
}
if (options == null) {
@@ -190,6 +189,7 @@ public class ResourceTracker {
if (resource != null) {
resources.remove(resource);
+ resourcesMap.remove(location.toString());
resource.removeTracker(this);
}
@@ -508,7 +508,7 @@ public class ResourceTracker {
* @param resource resource to be download
*/
protected void startDownloadThread(Resource resource) {
- CachedDaemonThreadPoolProvider.DAEMON_THREAD_POOL.execute(new ResourceDownloader(resource, lock));
+ CachedDaemonThreadPoolProvider.getThreadPool().execute(new ResourceDownloader(resource, lock));
}
static Resource selectByFilter(Collection<Resource> source, Filter<Resource> filter) {
@@ -569,6 +569,12 @@ public class ResourceTracker {
*/
private Resource getResource(URL location) {
synchronized (resources) {
+ if (null != location) {
+ Resource res = resourcesMap.get(location.toString());
+ if (null != res && UrlUtils.urlEquals(res.getLocation(), location)) {
+ return res;
+ }
+ }
for (Resource resource : resources) {
if (UrlUtils.urlEquals(resource.getLocation(), location))
return resource;
diff --git a/netx/net/sourceforge/jnlp/config/Defaults.java b/netx/net/sourceforge/jnlp/config/Defaults.java
index 8e316e4f..78f9b3e6 100644
--- a/netx/net/sourceforge/jnlp/config/Defaults.java
+++ b/netx/net/sourceforge/jnlp/config/Defaults.java
@@ -466,6 +466,21 @@ public class Defaults {
BasicValueValidators.getRangedIntegerValidator(0, 1000),
String.valueOf(10)// treshold when applet is considered as too small
},
+ {
+ DeploymentConfiguration.KEY_ENABLE_CACHE_FSYNC,
+ BasicValueValidators.getBooleanValidator(),
+ String.valueOf(false)
+ },
+ {
+ DeploymentConfiguration.KEY_BACKGROUND_THREADS_COUNT,
+ BasicValueValidators.getRangedIntegerValidator(1, 16),
+ String.valueOf(3)
+ },
+ {
+ DeploymentConfiguration.KEY_MAX_URLS_DOWNLOAD_INDICATOR,
+ BasicValueValidators.getRangedIntegerValidator(1, 1024),
+ String.valueOf(16)
+ },
//**************
//* Native (rust) only - beggin
//**************
diff --git a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
index de7425e3..84f77075 100644
--- a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
+++ b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
@@ -250,7 +250,10 @@ public final class DeploymentConfiguration {
public static final String KEY_SMALL_SIZE_OVERRIDE_TRESHOLD = "deployment.small.size.treshold";
public static final String KEY_SMALL_SIZE_OVERRIDE_WIDTH = "deployment.small.size.override.width";
public static final String KEY_SMALL_SIZE_OVERRIDE_HEIGHT = "deployment.small.size.override.height";
-
+ public static final String KEY_ENABLE_CACHE_FSYNC = "deployment.enable.cache.fsync";
+ public static final String KEY_BACKGROUND_THREADS_COUNT = "deployment.background.threads.count";
+ public static final String KEY_MAX_URLS_DOWNLOAD_INDICATOR = "deployment.max.urls.download.indicator";
+
public static final String TRANSFER_TITLE = "Legacy configuration and cache found. Those will be now transported to new locations";
private ConfigurationException loadingException = null;
diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties
index 773f134b..0e87bce3 100644
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties
@@ -357,6 +357,7 @@ BXoffline = Prevent ITW network connection. Only cache will be used. Applicati
BOHelp1 = Prints out information about supported command and basic usage.
BOHelp2 = Prints out information about supported command and basic usage. Can also take an parameter, and then it prints detailed help for this command.
BOTrustnone = Instead of asking user, will foretold all answers as no.
+BOStartupTracker = Enable startup time tracker
# Itweb-settings boot commands
IBOList=Shows a list of all the IcedTea-Web settings and their current values.
diff --git a/netx/net/sourceforge/jnlp/runtime/Boot.java b/netx/net/sourceforge/jnlp/runtime/Boot.java
index 7317b989..a9990909 100644
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java
@@ -107,6 +107,10 @@ public final class Boot implements PrivilegedAction<Void> {
optionParser = new OptionParser(argsIn, OptionsDefinitions.getJavaWsOptions());
+ if (optionParser.hasOption(OptionsDefinitions.OPTIONS.STARTUP_TRACKER)) {
+ JNLPRuntime.initStartupTracker();
+ }
+
if (optionParser.hasOption(OptionsDefinitions.OPTIONS.VERBOSE)) {
JNLPRuntime.setDebug(true);
}
diff --git a/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java b/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java
index 9746f5d0..811d132e 100644
--- a/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java
+++ b/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java
@@ -43,6 +43,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.security.AccessController;
@@ -103,9 +104,11 @@ final class CachedJarFileCallback implements URLJarFileCallBack {
if (UrlUtils.isLocalFile(localUrl)) {
// if it is known to us, just return the cached file
- JarFile returnFile = new JarFile(localUrl.getPath());
+ JarFile returnFile=null;
try {
+ localUrl.toURI().getPath();
+ returnFile = new JarFile(localUrl.toURI().getPath());
// Blank out the class-path because:
// 1) Web Start does not support it
@@ -117,6 +120,8 @@ final class CachedJarFileCallback implements URLJarFileCallBack {
} catch (NullPointerException npe) {
// Discard NPE here. Maybe there was no manifest, maybe there were no attributes, etc.
+ } catch (URISyntaxException e) {
+ // should not happen as localUrl was built using localFile.toURI().toURL(), see JNLPClassLoader.activateJars(List<JARDesc>)
}
return returnFile;
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index 3785707a..77576fdd 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -709,7 +709,9 @@ public class JNLPClassLoader extends URLClassLoader {
fillInPartJars(initialJars); // add in each initial part's lazy jars
}
+ JNLPRuntime.addStartupTrackingEntry("JARs download enter");
waitForJars(initialJars); //download the jars first.
+ JNLPRuntime.addStartupTrackingEntry("JARs download complete");
//A ZipException will propagate later on if the jar is invalid and not checked here
if (shouldFilterInvalidJars()) {
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
index 295744db..919f78fd 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
@@ -170,6 +170,7 @@ public class JNLPRuntime {
private static Boolean onlineDetected = null;
+ private static long startupTrackerMoment = 0;
/**
* Header is not checked and so eg
@@ -891,6 +892,19 @@ public class JNLPRuntime {
JNLPRuntime.ignoreHeaders = ignoreHeaders;
}
+ // may only be called from Boot
+ public static void initStartupTracker() {
+ startupTrackerMoment = System.currentTimeMillis();
+ }
+
+ public static void addStartupTrackingEntry(String message) {
+ if (startupTrackerMoment > 0) {
+ long time = (System.currentTimeMillis() - startupTrackerMoment)/1000;
+ String msg = "Startup tracker: seconds elapsed: [" + time + "], message: [" + message + "]";
+ OutputController.getLogger().log(OutputController.Level.ERROR_ALL, msg);
+ }
+ }
+
private static boolean isPluginDebug() {
if (pluginDebug == null) {
try {
diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
index eb26dc69..7fd5d92f 100644
--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
@@ -39,15 +39,18 @@ import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.Vector;
+import java.util.concurrent.Callable;
+import java.util.concurrent.Future;
import java.util.jar.JarEntry;
import java.util.regex.Pattern;
import net.sourceforge.jnlp.JARDesc;
import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.LaunchException;
+import net.sourceforge.jnlp.cache.CachedDaemonThreadPoolProvider;
import net.sourceforge.jnlp.cache.ResourceTracker;
import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.security.AppVerifier;
import net.sourceforge.jnlp.security.CertVerifier;
import net.sourceforge.jnlp.security.CertificateUtils;
@@ -226,37 +229,36 @@ public class JarCertVerifier implements CertVerifier {
private void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
throws Exception {
+ List<String> filesToVerify = new ArrayList<>();
for (JARDesc jar : jars) {
+ File jarFile = tracker.getCacheFile(jar.getLocation());
- try {
-
- File jarFile = tracker.getCacheFile(jar.getLocation());
-
- // some sort of resource download/cache error. Nothing to add
- // in that case ... but don't fail here
- if (jarFile == null) {
- continue;
- }
+ // some sort of resource download/cache error. Nothing to add
+ // in that case ... but don't fail here
+ if (jarFile == null) {
+ continue;
+ }
- String localFile = jarFile.getAbsolutePath();
- if (verifiedJars.contains(localFile)
- || unverifiedJars.contains(localFile)) {
- continue;
- }
+ String localFile = jarFile.getAbsolutePath();
+ if (verifiedJars.contains(localFile)
+ || unverifiedJars.contains(localFile)) {
+ continue;
+ }
- VerifyResult result = verifyJar(localFile);
+ filesToVerify.add(localFile);
+ }
- if (result == VerifyResult.UNSIGNED) {
- unverifiedJars.add(localFile);
- } else if (result == VerifyResult.SIGNED_NOT_OK) {
- verifiedJars.add(localFile);
- } else if (result == VerifyResult.SIGNED_OK) {
- verifiedJars.add(localFile);
- }
- } catch (Exception e) {
- // We may catch exceptions from using verifyJar()
- // or from checkTrustedCerts
- throw e;
+ List<VerifiedJarFile> verified = verifyJarsParallel(filesToVerify);
+
+ for (VerifiedJarFile vjf : verified) {
+ VerifyResult result = verifyJarEntryCerts(vjf.file, vjf.hasManifest, vjf.entriesVec);
+ String localFile = vjf.file;
+ if (result == VerifyResult.UNSIGNED) {
+ unverifiedJars.add(localFile);
+ } else if (result == VerifyResult.SIGNED_NOT_OK) {
+ verifiedJars.add(localFile);
+ } else if (result == VerifyResult.SIGNED_OK) {
+ verifiedJars.add(localFile);
}
}
@@ -264,6 +266,31 @@ public class JarCertVerifier implements CertVerifier {
checkTrustedCerts(certPath);
}
+ private List<VerifiedJarFile> verifyJarsParallel(List<String> files) throws Exception {
+ JNLPRuntime.addStartupTrackingEntry("JARs verification enter");
+ List<Callable<VerifiedJarFile>> callables = new ArrayList<>(files.size());
+ for (final String fi : files) {
+ callables.add(new Callable<VerifiedJarFile>() {
+ @Override
+ public VerifiedJarFile call() throws Exception {
+ return verifyJar(fi);
+ }
+ });
+ }
+ List<Future<VerifiedJarFile>> futures = CachedDaemonThreadPoolProvider.getThreadPool().invokeAll(callables);
+ List<VerifiedJarFile> results = new ArrayList<>(files.size());
+ try {
+ for (Future<VerifiedJarFile> fu : futures) {
+ results.add(fu.get());
+ }
+ } catch (Exception e) {
+ OutputController.getLogger().log(OutputController.Level.ERROR_ALL, e);
+ throw e;
+ }
+ JNLPRuntime.addStartupTrackingEntry("JARs verification complete");
+ return results;
+ }
+
/**
* Checks through all the jar entries of jarName for signers, storing all the common ones in the certs hash map.
*
@@ -273,15 +300,15 @@ public class JarCertVerifier implements CertVerifier {
* @throws Exception
* Will be thrown if there are any problems with the jar.
*/
- private VerifyResult verifyJar(String jarName) throws Exception {
+ private VerifiedJarFile verifyJar(String jarName) throws Exception {
try (JarFile jarFile = new JarFile(jarName, true)) {
- Vector<JarEntry> entriesVec = new Vector<JarEntry>();
+ List<JarEntry> entriesVec = new ArrayList<>();
byte[] buffer = new byte[8192];
Enumeration<JarEntry> entries = jarFile.entries();
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
- entriesVec.addElement(je);
+ entriesVec.add(je);
InputStream is = jarFile.getInputStream(je);
try {
@@ -295,8 +322,7 @@ public class JarCertVerifier implements CertVerifier {
}
}
}
- return verifyJarEntryCerts(jarName, jarFile.getManifest() != null,
- entriesVec);
+ return new VerifiedJarFile(jarName, null != jarFile.getManifest(), entriesVec);
} catch (Exception e) {
OutputController.getLogger().log(OutputController.Level.ERROR_ALL, e);
@@ -318,7 +344,7 @@ public class JarCertVerifier implements CertVerifier {
* Will be thrown if there are issues with entries.
*/
VerifyResult verifyJarEntryCerts(String jarName, boolean jarHasManifest,
- Vector<JarEntry> entries) throws Exception {
+ List<JarEntry> entries) throws Exception {
// Contains number of entries the cert with this CertPath has signed.
Map<CertPath, Integer> jarSignCount = new HashMap<>();
int numSignableEntriesInJar = 0;
@@ -629,4 +655,16 @@ public class JarCertVerifier implements CertVerifier {
}
return sum;
}
+
+ private static class VerifiedJarFile {
+ final String file;
+ final boolean hasManifest;
+ private final List<JarEntry> entriesVec;
+
+ private VerifiedJarFile(String file, boolean hasManifest, List<JarEntry> entriesVec) {
+ this.file = file;
+ this.hasManifest = hasManifest;
+ this.entriesVec = entriesVec;
+ }
+ }
}
diff --git a/netx/net/sourceforge/jnlp/util/PropertiesFile.java b/netx/net/sourceforge/jnlp/util/PropertiesFile.java
index 2f0918f6..c399ef20 100644
--- a/netx/net/sourceforge/jnlp/util/PropertiesFile.java
+++ b/netx/net/sourceforge/jnlp/util/PropertiesFile.java
@@ -23,6 +23,8 @@ import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.util.lockingfile.LockedFile;
import net.sourceforge.jnlp.util.logging.OutputController;
@@ -168,7 +170,9 @@ public class PropertiesFile extends Properties {
store(s, header);
// fsync()
- s.getChannel().force(true);
+ if (Boolean.parseBoolean(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_CACHE_FSYNC))) {
+ s.getChannel().force(true);
+ }
lastStore = file.lastModified();
} finally {
if (s != null) s.close();
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/CachedJarFileCallbackTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/CachedJarFileCallbackTest.java
new file mode 100644
index 00000000..bc564db5
--- /dev/null
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/CachedJarFileCallbackTest.java
@@ -0,0 +1,55 @@
+package net.sourceforge.jnlp.runtime;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import java.util.jar.JarFile;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import net.sourceforge.jnlp.util.FileTestUtils;
+import net.sourceforge.jnlp.util.FileUtils;
+
+public class CachedJarFileCallbackTest {
+ private File tempDirectory;
+
+ @Before
+ public void before() throws IOException {
+ tempDirectory = FileTestUtils.createTempDirectory();
+ }
+
+ @After
+ public void after() throws IOException {
+ FileUtils.recursiveDelete(tempDirectory, tempDirectory.getParentFile());
+ }
+
+ @Test
+ public void testRetrieve() throws Exception {
+ List<String> names = Arrays.asList("test1.0.jar", "test@1.0.jar");
+
+ for (String name: names) {
+ // URL-encode the filename
+ name = URLEncoder.encode(name, StandardCharsets.UTF_8.name());
+ // create temp jar file
+ File jarFile = new File(tempDirectory, name);
+ FileTestUtils.createJarWithContents(jarFile /* no contents */);
+
+ // JNLPClassLoader.activateJars uses toUri().toURL() to get the local file URL
+ URL localUrl = jarFile.toURI().toURL();
+ URL remoteUrl = new URL("http://localhost/" + name);
+ // add jar to cache
+ CachedJarFileCallback cachedJarFileCallback = CachedJarFileCallback.getInstance();
+ cachedJarFileCallback.addMapping(remoteUrl, localUrl);
+ // retrieve from cache (throws exception if file not found)
+ try (JarFile fromCacheJarFile = cachedJarFileCallback.retrieve(remoteUrl)) {
+ // nothing to do, we just wanted to make sure that the local file existed
+ }
+ }
+ }
+}

View File

@ -1,91 +0,0 @@
diff -r b64b383a4561 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon May 14 17:11:41 2018 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Wed May 23 10:35:17 2018 +0200
@@ -19,6 +19,9 @@
import static net.sourceforge.jnlp.runtime.Translator.R;
import java.awt.EventQueue;
+import java.awt.GraphicsEnvironment;
+import static java.awt.GraphicsEnvironment.isHeadless;
+import java.awt.HeadlessException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -741,8 +744,10 @@
}
if (!headless) {
try {
- new JWindow().getOwner();
- } catch (Exception ex) {
+ if (GraphicsEnvironment.isHeadless()) {
+ throw new HeadlessException();
+ }
+ } catch (HeadlessException ex) {
headless = true;
OutputController.getLogger().log(ex);
OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("HEADLESS_MISSCONFIGURED"));
diff -r 0b0da6841278 -r 348532e210c0 netx/net/sourceforge/jnlp/config/Defaults.java
--- a/netx/net/sourceforge/jnlp/config/Defaults.java Mon May 28 12:01:56 2018 +0200
+++ b/netx/net/sourceforge/jnlp/config/Defaults.java Mon May 28 12:29:35 2018 +0200
@@ -412,6 +412,11 @@
BasicValueValidators.getRangedIntegerValidator(0, 10000),
String.valueOf(500)
},
+ {
+ DeploymentConfiguration.IGNORE_HEADLESS_CHECK,
+ BasicValueValidators.getBooleanValidator(),
+ String.valueOf(false)
+ },
//JVM arguments for plugin
{
DeploymentConfiguration.KEY_PLUGIN_JVM_ARGUMENTS,
diff -r 0b0da6841278 -r 348532e210c0 netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
--- a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java Mon May 28 12:01:56 2018 +0200
+++ b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java Mon May 28 12:29:35 2018 +0200
@@ -222,6 +222,8 @@
public static final String KEY_BROWSER_PATH = "deployment.browser.path";
public static final String KEY_UPDATE_TIMEOUT = "deployment.javaws.update.timeout";
+
+ public static final String IGNORE_HEADLESS_CHECK = "deployment.headless.ignore";
/*
* JVM arguments for plugin
diff -r 0b0da6841278 -r 348532e210c0 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon May 28 12:01:56 2018 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon May 28 12:29:35 2018 +0200
@@ -739,18 +739,24 @@
//if (GraphicsEnvironment.isHeadless()) // jdk1.4+ only
// headless = true;
try {
- if ("true".equalsIgnoreCase(System.getProperty("java.awt.headless"))){
+ if ("true".equalsIgnoreCase(System.getProperty("java.awt.headless"))) {
headless = true;
}
if (!headless) {
- try {
- if (GraphicsEnvironment.isHeadless()) {
- throw new HeadlessException();
+ boolean noCheck = Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.IGNORE_HEADLESS_CHECK));
+ if (noCheck) {
+ headless = false;
+ OutputController.getLogger().log(DeploymentConfiguration.IGNORE_HEADLESS_CHECK + " set to " + noCheck + ". Avoding headless check.");
+ } else {
+ try {
+ if (GraphicsEnvironment.isHeadless()) {
+ throw new HeadlessException();
+ }
+ } catch (HeadlessException ex) {
+ headless = true;
+ OutputController.getLogger().log(ex);
+ OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("HEADLESS_MISSCONFIGURED"));
}
- } catch (HeadlessException ex) {
- headless = true;
- OutputController.getLogger().log(ex);
- OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("HEADLESS_MISSCONFIGURED"));
}
}
} catch (SecurityException ex) {

View File

@ -1,29 +0,0 @@
commit 78cf73473dda5ceee3eecda5169621f36b93c3db
Author: Jiri Vanek <jvanek@redhat.com>
Date: Tue Jun 18 15:37:47 2019 +0200
Fixed bug when relative path (..) could leak up (even out of cache)
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/j1.jar b/tests/netx/unit/net/sourceforge/jnlp/runtime/j1.jar
new file mode 100644
index 0000000000000000000000000000000000000000..080383629e9349101b25ad3b33b9950f456c4e8e
GIT binary patch
literal 940
zcmWIWW@Zs#VBp|jI8$@gj{yjnKm-tQGO#fCx`sIFdiuHP|2xINz|0VUqL}B}?nD=$
zLRTOL8i7#k>*(j{<{BKL=j-;__snS@Z(Y5MyxzK6=gyqp9At3C_`%a6JuhD!Pv48B
zt5`TAUPvC1mXy-W_#v*U_I!z!#dC4dC*rEp7_Mf2D*9N&h-B+wpcBjVOyp!385rgO
zF%QsIkJOx;d_%qDoW$bd+yGzi!wv$qm(}j7^={j?tnS+b#|}B3rtMwgjy58qN^v%-
zr7NR9DH;m?;ru6Kt5NZR{m0@XH$ya>z8h@*d~f#5?Z5wi{>l1)gISt)i*Ct=OD@;l
z_*XNnbC`d@B5b9WA4h5a`?iERY2}kH$gK>Co8qbR`L#ipq~WB1r7io)t!K6QFO+Y8
zd4#_!X6fXGd0U#-oH_o<C$sQ%%(23<iUm{oSY|P0^Ih9`@b^1yuY}77#kNV#$mE>+
z^UmoEt>Z`SH7e?KQVyAIp2S(6=9KzR)LP?4JI`drh1(g_I@n{6=G^}(w(~fj&p(CQ
zEQPnz7azUaU|eYS-QHn+&BOAdoDhYFthyHUm+r0--Ec49^|kwnXP%k`HyjN1b(^+I
z_w;^f+%a%4>;;D6o#rRf3Bb_H24Zdo8CWQ0C6*<IhHx@4Z@tSCJEv4AwzPtqfsy3}
zGXn!lJ5Z^%hVQA9K4Bi`JazQKK6soxdD1*&#j{620U8Y+BGXl-F|6G5=Zr|}og-&#
zdLK+$bY@S9t*veAkwssU&SotLQs7vpqvv_{>S=x5i`opQrayU-sgc^?8+>UCo7T#w
ztDZ6eqneRP1eBO?q(`6=kN`^RMAwR*IuZJGflRnoq_m1`0=ATfFkvx}iJb00I^~!_
tc>r7JN`N&2lPklL#+N_}suL2{tdOuq3+DiDRyL3>79ivRYUu-KN&w$EG4%id
literal 0
HcmV?d00001

View File

@ -1,323 +0,0 @@
commit 78cf73473dda5ceee3eecda5169621f36b93c3db
Author: Jiri Vanek <jvanek@redhat.com>
Date: Tue Jun 18 15:37:47 2019 +0200
Fixed bug when relative path (..) could leak up (even out of cache)
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
+++ a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
@@ -696,46 +696,68 @@
path.append(location.getPort());
path.append(File.separatorChar);
}
- path.append(location.getPath().replace('/', File.separatorChar));
- if (location.getQuery() != null && !location.getQuery().trim().isEmpty()) {
- path.append(".").append(location.getQuery());
- }
-
- File candidate = new File(FileUtils.sanitizePath(path.toString()));
- if (candidate.getName().length() > 255) {
- /**
- * When filename is longer then 255 chars, then then various
- * filesytems have issues to save it. By saving the file by its
- * summ, we are trying to prevent collision of two files differs in
- * suffixes (general suffix of name, not only 'filetype suffix')
- * only. It is also preventing bug when truncate (files with 1000
- * chars hash in query) cuts to much.
- */
+ String locationPath = location.getPath().replace('/', File.separatorChar);
+ if (locationPath.contains("..")){
try {
- MessageDigest md = MessageDigest.getInstance("SHA-256");
- byte[] sum = md.digest(candidate.getName().getBytes(StandardCharsets.UTF_8));
- //convert the byte to hex format method 2
- StringBuilder hexString = new StringBuilder();
- for (int i = 0; i < sum.length; i++) {
- hexString.append(Integer.toHexString(0xFF & sum[i]));
- }
- String extension = "";
- int i = candidate.getName().lastIndexOf('.');
- if (i > 0) {
- extension = candidate.getName().substring(i);//contains dot
- }
- if (extension.length() < 10 && extension.length() > 1) {
- hexString.append(extension);
- }
- candidate = new File(candidate.getParentFile(), hexString.toString());
+ /**
+ * if path contains .. then it can harm lcoal system
+ * So without mercy, hash it
+ */
+ String hexed = hex(new File(locationPath).getName(), locationPath);
+ return new File(path.toString(), hexed.toString());
} catch (NoSuchAlgorithmException ex) {
- // should not occure, cite from javadoc:
- // every java iomplementation should support
+ // should not occur, cite from javadoc:
+ // every java implementation should support
// MD5 SHA-1 SHA-256
throw new RuntimeException(ex);
}
- }
- return candidate;
+ } else {
+ path.append(locationPath);
+ if (location.getQuery() != null && !location.getQuery().trim().isEmpty()) {
+ path.append(".").append(location.getQuery());
+ }
+
+ File candidate = new File(FileUtils.sanitizePath(path.toString()));
+ try {
+ if (candidate.getName().length() > 255) {
+ /**
+ * When filename is longer then 255 chars, then then various
+ * filesystems have issues to save it. By saving the file by its
+ * sum, we are trying to prevent collision of two files differs in
+ * suffixes (general suffix of name, not only 'filetype suffix')
+ * only. It is also preventing bug when truncate (files with 1000
+ * chars hash in query) cuts to much.
+ */
+ String hexed = hex(candidate.getName(), candidate.getName());
+ candidate = new File(candidate.getParentFile(), hexed.toString());
+ }
+ } catch (NoSuchAlgorithmException ex) {
+ // should not occur, cite from javadoc:
+ // every java implementation should support
+ // MD5 SHA-1 SHA-256
+ throw new RuntimeException(ex);
+ }
+ return candidate;
+ }
+ }
+
+ private static String hex(String origName, String candidate) throws NoSuchAlgorithmException {
+ MessageDigest md = MessageDigest.getInstance("SHA-256");
+ byte[] sum = md.digest(candidate.getBytes(StandardCharsets.UTF_8));
+ //convert the byte to hex format method 2
+ StringBuilder hexString = new StringBuilder();
+ for (int i = 0; i < sum.length; i++) {
+ hexString.append(Integer.toHexString(0xFF & sum[i]));
+ }
+ String extension = "";
+ int i = origName.lastIndexOf('.');
+ if (i > 0) {
+ extension = origName.substring(i);//contains dot
+ }
+ if (extension.length() < 10 && extension.length() > 1) {
+ hexString.append(extension);
+ }
+ return hexString.toString();
}
/**
diff --git a/netx/net/sourceforge/jnlp/util/FileUtils.java b/netx/net/sourceforge/jnlp/util/FileUtils.java
index 89216375..a5356e08 100644
--- a/netx/net/sourceforge/jnlp/util/FileUtils.java
+++ b/netx/net/sourceforge/jnlp/util/FileUtils.java
@@ -183,6 +183,13 @@
*/
public static void createParentDir(File f, String eMsg) throws IOException {
File parent = f.getParentFile();
+ // warning, linux and windows behave differently. Below snippet will pass on win(security hole), fail on linux
+ // warning mkdir is canonicaling, but exists/isDirectory is not. So where mkdirs return true, and really creates dir, isDirectory can still return false
+ // can be seen on this example
+ // mkdirs /a/b/../c
+ // where b do not exists will lead creation of /a/c
+ // but exists on /a/b/../c is false on linux even afterwards
+ // without hexing of .. paths,
if (!parent.isDirectory() && !parent.mkdirs()) {
throw new IOException(R("RCantCreateDir",
eMsg == null ? parent : eMsg));
diff --git a/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java b/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
index 6422246b..0d2d9811 100644
--- a/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
+++ b/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
@@ -88,6 +88,53 @@ public class CacheUtilTest {
final File expected = new File("/tmp/https/example.com/5050/applet/e4f3cf11f86f5aa33f424bc3efe3df7a9d20837a6f1a5bbbc60c1f57f3780a4");
Assert.assertEquals(expected, CacheUtil.urlToPath(u, "/tmp"));
}
+
+ @Test
+ public void tesPathUpNoGoBasic() throws Exception {
+ final URL u = new URL("https://example.com/applet/../my.jar");
+ final File expected = new File("/tmp/https/example.com/abca4723622ed60db3dea12cbe2402622a74f7a49b73e23b55988e4eee5ded.jar");
+ File r = CacheUtil.urlToPath(u, "/tmp/");
+ Assert.assertEquals(expected, r);
+ }
+
+ @Test
+ public void tesPathUpNoGoBasicLong() throws Exception {
+ final URL u = new URL("https://example.com/applet/../my.jar.q_SlNFU1NJT05JRD02OUY1ODVCNkJBOTM1NThCQjdBMTA5RkQyNDZEQjEwRi5wcm9kX3RwdG9tY2F0MjE1X2p2bTsgRW50cnVzdFRydWVQYXNzUmVkaXJlY3RVcmw9Imh0dHBzOi8vZWZzLnVzcHRvLmdvdi9FRlNXZWJVSVJlZ2lzdGVyZWQvRUZTV2ViUmVnaXN0ZXJlZCI7IFRDUFJPRFBQQUlSc2Vzc2lvbj02MjIxMjk0MTguMjA0ODAuMDAwMA\"");
+ final File expected = new File("/tmp/https/example.com/ec97413e3f6eee8215ecc8375478cc1ae5f44f18241b9375361d5dfcd7b0ec");
+ File r = CacheUtil.urlToPath(u, "/tmp/");
+ Assert.assertEquals(expected, r);
+ }
+
+ @Test
+ public void tesPathUpNoGoBasic2() throws Exception {
+ final URL u = new URL("https://example.com/../my.jar");
+ final File expected = new File("/tmp/https/example.com/eb1a56bed34523dbe7ad84d893ebc31a8bbbba9ce3f370e42741b6a5f067c140.jar");
+ File r = CacheUtil.urlToPath(u, "/tmp/");
+ Assert.assertEquals(expected, r);
+ }
+
+ @Test
+ public void tesPathUpNoGoBasicEvil() throws Exception {
+ final URL u = new URL("https://example.com/../../my.jar");
+ final File expected = new File("/tmp/https/example.com/db464f11d68af73e37eefaef674517b6be23f0e4a5738aaee774ecf5b58f1bfc.jar");
+ File r = CacheUtil.urlToPath(u, "/tmp/");
+ Assert.assertEquals(expected, r);
+ }
+
+ @Test
+ public void tesPathUpNoGoBasicEvil2() throws Exception {
+ final URL u = new URL("https://example.com:99/../../../my.jar");
+ final File expected = new File("/tmp/https/example.com/99/95401524c345e0d554d4d77330e86c98a77b9bb58a0f93094204df446b356.jar");
+ File r = CacheUtil.urlToPath(u, "/tmp/");
+ Assert.assertEquals(expected, r);
+ }
+ @Test
+ public void tesPathUpNoGoBasicEvilest() throws Exception {
+ final URL u = new URL("https://example2.com/something/../../../../../../../../../../../my.jar");
+ final File expected = new File("/tmp/https/example2.com/a8df64388f5b84d5f635e4d6dea5f4d2f692ae5381f8ec6736825ff8d6ff2c0.jar");
+ File r = CacheUtil.urlToPath(u, "/tmp/");
+ Assert.assertEquals(expected, r);
+ }
@Test
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
index 100d9150..7580d23b 100644
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
@@ -43,6 +43,8 @@
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
+import java.net.URL;
+import java.nio.charset.Charset;
import java.nio.file.Files;
import java.util.Arrays;
import java.util.List;
@@ -55,6 +57,12 @@
import net.sourceforge.jnlp.browsertesting.browsers.firefox.FirefoxProfilesOperator;
import net.sourceforge.jnlp.cache.UpdatePolicy;
import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.config.PathsAndFiles;
+import net.sourceforge.jnlp.JNLPFile;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.ServerLauncher;
+import net.sourceforge.jnlp.util.StreamUtils;
+import net.sourceforge.jnlp.cache.CacheUtil;
import net.sourceforge.jnlp.mock.DummyJNLPFileWithJar;
import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
import net.sourceforge.jnlp.security.appletextendedsecurity.AppletStartupSecuritySettings;
@@ -65,6 +73,7 @@
import org.junit.BeforeClass;
import org.junit.Test;
+import org.junit.Ignore;
public class JNLPClassLoaderTest extends NoStdOutErrTest {
@@ -138,7 +147,8 @@
File tempDirectory = FileTestUtils.createTempDirectory();
File jarLocation = new File(tempDirectory, "test.jar");
- /* Test with main-class in manifest */ {
+ /* Test with main-class in manifest */
+ {
Manifest manifest = new Manifest();
manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, "DummyClass");
FileTestUtils.createJarWithContents(jarLocation, manifest);
@@ -156,8 +166,10 @@
}
@Test
+ @Ignore
public void getMainClassNameTestEmpty() throws Exception {
- /* Test with-out any main-class specified */ {
+ /* Test with-out any main-class specified */
+ {
File tempDirectory = FileTestUtils.createTempDirectory();
File jarLocation = new File(tempDirectory, "test.jar");
FileTestUtils.createJarWithContents(jarLocation /* No contents */);
@@ -363,4 +375,57 @@
}
}
+
+ @Test
+ public void testRelativePathInUrl() throws Exception {
+ CacheUtil.clearCache();
+ int port = ServerAccess.findFreePort();
+ File dir = FileTestUtils.createTempDirectory();
+ dir.deleteOnExit();
+ dir = new File(dir,"base");
+ dir.mkdir();
+ File jar = new File(dir,"j1.jar");
+ File jnlp = new File(dir+"/a/b/up.jnlp");
+ jnlp.getParentFile().mkdirs();
+ InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/up.jnlp");
+ String jnlpString = StreamUtils.readStreamAsString(is, true, "utf-8");
+ is.close();
+ jnlpString = jnlpString.replaceAll("8080", ""+port);
+ is = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/j1.jar");
+ StreamUtils.copyStream(is, new FileOutputStream(jar));
+ Files.write(jnlp.toPath(),jnlpString.getBytes("utf-8"));
+ ServerLauncher as = ServerAccess.getIndependentInstance(jnlp.getParent(), port);
+ boolean verifyBackup = JNLPRuntime.isVerifying();
+ boolean trustBackup= JNLPRuntime.isTrustAll();
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
+ boolean verbose= JNLPRuntime.isDebug();
+ JNLPRuntime.setVerify(false);
+ JNLPRuntime.setTrustAll(true);
+ JNLPRuntime.setSecurityEnabled(false);
+ JNLPRuntime.setDebug(true);
+ try {
+ final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/up.jnlp"));
+ final JNLPClassLoader classLoader1 = new JNLPClassLoader(jnlpFile1, UpdatePolicy.ALWAYS) {
+ @Override
+ protected void activateJars(List<JARDesc> jars) {
+ super.activateJars(jars);
+ }
+
+ };
+ InputStream is1 = classLoader1.getResourceAsStream("Hello1.class");
+ is1.close();
+ is1 = classLoader1.getResourceAsStream("META-INF/MANIFEST.MF");
+ is1.close();
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/0/http/localhost/"+port+"/up.jnlp").exists());
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/f812acb32c857fd916c842e2bf4fb32b9c3837ef63922b167a7e163305058b7.jar").exists());
+ } finally {
+ JNLPRuntime.setVerify(verifyBackup);
+ JNLPRuntime.setTrustAll(trustBackup);
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
+ JNLPRuntime.setDebug(verbose);
+ as.stop();
+ }
+
+ }
+
}
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/up.jnlp b/tests/netx/unit/net/sourceforge/jnlp/runtime/up.jnlp
new file mode 100644
index 00000000..b22fdfb7
--- /dev/null
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/up.jnlp
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<jnlp spec="6.0+" codebase=".">
+
+<information><title>1965</title><vendor>Nemzeti Ado- es Vamhivatal</vendor><offline-allowed/></information>
+
+
+<resources>
+ <j2se href="http://java.sun.com/products/autodl/j2se" version="1.8+" />
+<!-- absolute url is a must -->
+ <jar href="http://localhost:8080/../../../base/j1.jar" version="2.0"/>
+</resources>
+
+<application-desc main-class="Hello1" />
+
+</jnlp>

View File

@ -1,78 +0,0 @@
commit 09bcd3ebb639af6cfd83ff2203ffeb80a59cc0eb
Author: Jiri Vanek <jvanek@redhat.com>
Date: Fri Jun 28 16:05:35 2019 +0200
All files, except signaturre files, are now checked for signatures
diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
index 759bedfb..cabfb3c5 100644
--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
@@ -41,6 +41,7 @@
import java.util.Map;
import java.util.Vector;
import java.util.jar.JarEntry;
+import java.util.regex.Pattern;
import net.sourceforge.jnlp.JARDesc;
import net.sourceforge.jnlp.JNLPFile;
@@ -67,6 +68,7 @@
public class JarCertVerifier implements CertVerifier {
private static final String META_INF = "META-INF/";
+ private static final Pattern SIG = Pattern.compile(".*" + META_INF + "SIG-.*");
// prefix for new signature-related files in META-INF directory
private static final String SIG_PREFIX = META_INF + "SIG-";
@@ -500,12 +502,20 @@
/**
* Returns whether a file is in META-INF, and thus does not require signing.
- *
+ * <p>
* Signature-related files under META-INF include: . META-INF/MANIFEST.MF . META-INF/SIG-* . META-INF/*.SF . META-INF/*.DSA . META-INF/*.RSA
*/
static boolean isMetaInfFile(String name) {
- String ucName = name.toUpperCase();
- return ucName.startsWith(META_INF);
+ if (name.endsWith("class")) {
+ return false;
+ }
+ return name.startsWith(META_INF) && (
+ name.endsWith(".MF") ||
+ name.endsWith(".SF") ||
+ name.endsWith(".DSA") ||
+ name.endsWith(".RSA") ||
+ SIG.matcher(name).matches()
+ );
}
/**
diff --git a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
index 4661fb87..44253e08 100644
--- a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
+++ b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
@@ -58,9 +58,22 @@ public class JarCertVerifierTest {
@Test
public void testIsMetaInfFile() {
final String METAINF = "META-INF";
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.MF"));
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.SF"));
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.DSA"));
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.RSA"));
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/SIG-blah.blah"));
+
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.MF.class"));
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.SF.class"));
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.DSA.class"));
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.RSA.class"));
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/SIG-blah.blah.class"));
+
assertFalse(JarCertVerifier.isMetaInfFile("some_dir/" + METAINF + "/filename"));
assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "filename"));
- assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
}
class JarCertVerifierEntry extends JarEntry {

File diff suppressed because it is too large Load Diff

View File

@ -1,160 +0,0 @@
commit b4232ae35d2b86592a945a56c948f107fe7efabe
Author: Jiri Vanek <jvanek@redhat.com>
Date: Wed Jun 26 13:46:45 2019 +0200
Nested jar, if by relative path point up, is stored as hashed
diff --git a/netx/net/sourceforge/jnlp/cache/CacheUtil.java b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
index a972eb8e..5c8652b6 100644
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
+++ b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
@@ -741,7 +741,7 @@
}
}
- private static String hex(String origName, String candidate) throws NoSuchAlgorithmException {
+ public static String hex(String origName, String candidate) throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] sum = md.digest(candidate.getBytes(StandardCharsets.UTF_8));
//convert the byte to hex format method 2
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index e015f348..117163f3 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -1340,7 +1340,11 @@
// (inline loading with "jar:..!/..." path will not work
// with standard classloader methods)
- String extractedJarLocation = localFile + ".nested/" + je.getName();
+ String name = je.getName();
+ if (name.contains("..")){
+ name=CacheUtil.hex(name, name);
+ }
+ String extractedJarLocation = localFile + ".nested/" + name;
File parentDir = new File(extractedJarLocation).getParentFile();
if (!parentDir.isDirectory() && !parentDir.mkdirs()) {
throw new RuntimeException(R("RNestedJarExtration"));
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
index 7580d23b..a20a1d8f 100644
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
@@ -43,6 +43,8 @@
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
+import java.io.OutputStream;
+import net.sourceforge.jnlp.ResourcesDesc;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.file.Files;
@@ -407,13 +409,7 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
JNLPRuntime.setDebug(true);
try {
final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/up.jnlp"));
- final JNLPClassLoader classLoader1 = new JNLPClassLoader(jnlpFile1, UpdatePolicy.ALWAYS) {
- @Override
- protected void activateJars(List<JARDesc> jars) {
- super.activateJars(jars);
- }
-
- };
+ final JNLPClassLoader classLoader1 = JNLPClassLoader.getInstance(jnlpFile1, UpdatePolicy.ALWAYS, false);
InputStream is1 = classLoader1.getResourceAsStream("Hello1.class");
is1.close();
is1 = classLoader1.getResourceAsStream("META-INF/MANIFEST.MF");
@@ -430,4 +426,74 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
}
+ @Test
+ public void testRelativePathInNestedJars() throws Exception {
+ CacheUtil.clearCache();
+ int port = ServerAccess.findFreePort();
+ File dir = FileTestUtils.createTempDirectory();
+ dir.deleteOnExit();
+ File jar = new File(dir,"jar03_dotdotN1.jar");
+ File jnlp = new File(dir,"jar_03_dotdot_jarN1.jnlp");
+ InputStream is1 = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp");
+ InputStream is2 = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar03_dotdotN1.jar");
+ OutputStream fos1 = new FileOutputStream(jnlp);
+ OutputStream fos2 = new FileOutputStream(jar);
+ StreamUtils.copyStream(is1, fos1);
+ StreamUtils.copyStream(is2, fos2);
+ fos1.flush();;
+ fos2.flush();
+ fos1.close();
+ fos2.close();
+ ServerLauncher as = ServerAccess.getIndependentInstance(dir.getAbsolutePath(), port);
+ boolean verifyBackup = JNLPRuntime.isVerifying();
+ boolean trustBackup= JNLPRuntime.isTrustAll();
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
+ boolean verbose= JNLPRuntime.isDebug();
+ JNLPRuntime.setVerify(false);
+ JNLPRuntime.setTrustAll(true);
+ JNLPRuntime.setSecurityEnabled(false);
+ JNLPRuntime.setDebug(true);
+ try {
+ //it is invalid jar, so we have to disable checks first
+ final JNLPFile jnlpFile = new JNLPFile(new URL("http://localhost:" + port + "/jar_03_dotdot_jarN1.jnlp"));
+ final JNLPClassLoader classLoader = JNLPClassLoader.getInstance(jnlpFile, UpdatePolicy.ALWAYS, false);
+
+ //ThreadGroup group = Thread.currentThread().getThreadGroup();
+ //ApplicationInstance app = new ApplicationInstance(jnlpFile, group, classLoader);
+ //classLoader.setApplication(app);
+ //app.initialize();
+
+ //this test is actually not testing mutch. The app must be accessing the nested jar in plugin-like way
+ InputStream is = classLoader.getResourceAsStream("application/abev/nyomtatvanyinfo/1965.teminfo.enyk");
+ is.close();
+ is = classLoader.getResourceAsStream("META-INF/MANIFEST.MF");
+ is.close();
+ is = classLoader.getResourceAsStream("META-INF/j1.jar");
+ is.close();
+ is = classLoader.getResourceAsStream("META-INF/../../jar01_to_be_injected.jar");
+ //the .. is not recognized correctly
+ //is.close();
+ //Class c = classLoader.getClass().forName("Hello1");
+ // in j1.jar
+ is = classLoader.getResourceAsStream("Hello1.class");
+ //is.close(); nested jar is not on defualt CP
+ //in jar01
+ //c = classLoader.getClass().forName("com.devdaily.FileUtilities");
+ is = classLoader.getResourceAsStream("com/devdaily/FileUtilities.class");
+ // is.close(); nested jar is not on defualt CP
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/0/http/localhost/"+port+"/jar_03_dotdot_jarN1.jnlp").exists());
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar").exists());
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar.nested/99a90686bfbe84e3f9dbeed8127bba85672ed73688d3c69191aa1ee70916a.jar").exists());
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar.nested/META-INF/j1.jar").exists());
+ } finally {
+ JNLPRuntime.setVerify(verifyBackup);
+ JNLPRuntime.setTrustAll(trustBackup);
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
+ JNLPRuntime.setDebug(verbose);
+ as.stop();
+ }
+
+ }
+
+
}
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp b/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp
new file mode 100644
index 00000000..71bdea87
--- /dev/null
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<jnlp spec="6.0+" >
+
+<information><title>1965</title><vendor>Nemzeti Ado- es Vamhivatal</vendor><offline-allowed/></information>
+
+<security><all-permissions/></security>
+
+<resources>
+ <j2se href="http://java.sun.com/products/autodl/j2se" version="1.8+" />
+ <jar href="jar03_dotdotN1.jar" version="2.0"/>
+</resources>
+
+<application-desc main-class="http://localhost/jar01.jar!META-INF/jar01_to_be_injected.jar!METAxINF.Test" />
+
+</jnlp>

View File

@ -1,40 +0,0 @@
# HG changeset patch
# User Jiri Vanek <jvanek@redhat.com>
# Date 1526310938 -7200
# Mon May 14 17:15:38 2018 +0200
# Node ID bcbef8d7bbd6369b3c8d545469e1c56e47075d9d
# Parent 4abd0f0897738289a19ef9238f02c6e9dafee6a4
AppletEnvironment.java: getDocumentBase no returns codeBase as fallback when documentBase is null.
Oracle Applications R12, Oracle Forms Java Webstart application is requesting getDocumentBase where it shouldn't, however they refuse to modify their code and add ITW to supported platforms
diff -r 4abd0f089773 -r bcbef8d7bbd6 ChangeLog
--- a/ChangeLog Fri Mar 02 10:41:29 2018 +0100
+++ b/ChangeLog Mon May 14 17:15:38 2018 +0200
@@ -1,3 +1,9 @@
+2018-05-14 Jiri Vanek <jvanek@redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java: getDocumentBase now returns codeBase as fallback when
+ documentBase is null. Oracle Applications R12, Oracle Forms Java Webstart application is requesting getDocumentBase
+ where it shouldn't, however they refuse to modify their code and add ITW to supported platforms
+
2018-02-06 Jiri Vanek <jvanek@redhat.com>
Added test for javafx-desc
diff -r 4abd0f089773 -r bcbef8d7bbd6 netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java
--- a/netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java Fri Mar 02 10:41:29 2018 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java Mon May 14 17:15:38 2018 +0200
@@ -375,8 +375,12 @@
@Override
public URL getDocumentBase() {
checkDestroyed();
-
- return file.getApplet().getDocumentBase();
+ URL db = file.getApplet().getDocumentBase();
+ if (db == null) {
+ return getCodeBase();
+ } else {
+ return db;
+ }
}
// FIXME: Sun's applet code forces all parameters to lower case.

View File

@ -0,0 +1,11 @@
--- a/rust-launcher/cc.toml
+++ b/rust-launcher/Cargo.toml
@@ -2,7 +2,3 @@
name = "launcher"
version = "1.8.0"
authors = ["https://icedtea.classpath.org/wiki/IcedTea-Web"]
-
-[dependencies]
-[target.'cfg(windows)'.dependencies]
-dunce = "0.1.1"

View File

@ -1,210 +0,0 @@
diff --git a/ChangeLog b/ChangeLog
index 0c63dd98..d8e560e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,29 @@
+2019-06-26 Jiri Vanek <jvanek@redhat.com>
+
+ All files, except signaturre files, are now checked for signatures - CVE-2019-10181
+ * b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: (isMetaInfFile) fixed bug, when anything in META-INF was not
+ checked for signature. Now only signature files are skipped
+ * tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java: added tests for check if file should be skipped from
+ signature check
+
+2019-06-26 Jiri Vanek <jvanek@redhat.com>
+
+ Nested jar, if by relative path point up, is stored as hashed - CVE-2019-10185
+ * tests/netx/unit/net/sourceforge/jnlp/runtime/jar03_dotdotN1.jar: crafted jar with hacked zip entries to be named like ".."
+ * tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp: jnlp to call jar03_dotdotN1.jar
+ * netx/net/sourceforge/jnlp/cache/CacheUtil.jsava: (hex) made public to be reused in JNLPClassLoader
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: if nested jar contains .. in path, is extracted as hashed
+
+2019-06-26 Jiri Vanek <jvanek@redhat.com>
+
+ Fixed bug when relative path (..) could leak up (even out of cache) - CVE-2019-10182
+ * netx/net/sourceforge/jnlp/cache/CacheUtil.java: if path or query contains .. is saved to cache via its hash
+ * netx/net/sourceforge/jnlp/util/FileUtils.java: added warning about different behavior on win/linux
+ * tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java: added tests for hashing
+ * tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java: added test for .. in path. Added test
+ that verifies encoded .. (%2E%2E) do not leak from cahce
+ * tests/netx/unit/net/sourceforge/jnlp/runtime/up.jnlp: example jnlp with .. full url
+
2018-05-14 Jiri Vanek <jvanek@redhat.com>
* netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java: getDocumentBase now returns codeBase as fallback when
diff --git a/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java b/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
index 6b0cd256..5dbf2d69 100644
--- a/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
+++ b/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
@@ -135,6 +135,14 @@ public class CacheUtilTest {
File r = CacheUtil.urlToPath(u, "/tmp/");
Assert.assertEquals(expected, r);
}
+
+ @Test
+ public void testQueryGotHAshedToo() throws Exception {
+ final URL u = new URL("https://example2.com/something/my.jar?../../harm");
+ final File expected = new File("/tmp/https/example2.com/2844b3c690ea355159ed61de6e727f2e9169ab55bf58b8fa3f4b64f6a25bd7.jar");
+ File r = CacheUtil.urlToPath(u, "/tmp/");
+ Assert.assertEquals(expected, r);
+ }
@Test
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
index 2b28fb93..d86786ab 100644
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
@@ -405,6 +405,8 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
JNLPRuntime.setTrustAll(true);
JNLPRuntime.setSecurityEnabled(false);
JNLPRuntime.setDebug(true);
+ String manifestAttsBackup = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, "NONE");
try {
final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/up.jnlp"));
final JNLPClassLoader classLoader1 = JNLPClassLoader.getInstance(jnlpFile1, UpdatePolicy.ALWAYS, false);
@@ -419,6 +421,7 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
JNLPRuntime.setTrustAll(trustBackup);
JNLPRuntime.setSecurityEnabled(securityBAckup);
JNLPRuntime.setDebug(verbose);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, manifestAttsBackup);
as.stop();
}
@@ -451,6 +454,11 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
JNLPRuntime.setTrustAll(true);
JNLPRuntime.setSecurityEnabled(false);
JNLPRuntime.setDebug(true);
+ //fix of "All files, except signaturre files, are now checked for signatures" make this actually correctly failing ahead of time
+ String ignoreBackup = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES, "true");
+ String manifestAttsBackup = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, "NONE");
try {
//it is invalid jar, so we have to disable checks first
final JNLPFile jnlpFile = new JNLPFile(new URL("http://localhost:" + port + "/jar_03_dotdot_jarN1.jnlp"));
@@ -488,10 +496,102 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
JNLPRuntime.setTrustAll(trustBackup);
JNLPRuntime.setSecurityEnabled(securityBAckup);
JNLPRuntime.setDebug(verbose);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES, ignoreBackup);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, manifestAttsBackup);
as.stop();
}
}
+ @Test(expected = Exception.class)
+ public void testDifferentSignatureInManifestMf() throws Exception {
+ CacheUtil.clearCache();
+ int port = ServerAccess.findFreePort();
+ File dir = FileTestUtils.createTempDirectory();
+ dir.deleteOnExit();
+ File jar = new File(dir,"jar03_dotdotN1.jar");
+ File jnlp = new File(dir,"jar_03_dotdot_jarN1.jnlp");
+ InputStream is1 = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp");
+ InputStream is2 = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar03_dotdotN1.jar");
+ OutputStream fos1 = new FileOutputStream(jnlp);
+ OutputStream fos2 = new FileOutputStream(jar);
+ StreamUtils.copyStream(is1, fos1);
+ StreamUtils.copyStream(is2, fos2);
+ fos1.flush();;
+ fos2.flush();
+ fos1.close();
+ fos2.close();
+ ServerLauncher as = ServerAccess.getIndependentInstance(dir.getAbsolutePath(), port);
+ boolean verifyBackup = JNLPRuntime.isVerifying();
+ boolean trustBackup= JNLPRuntime.isTrustAll();
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
+ boolean verbose= JNLPRuntime.isDebug();
+ JNLPRuntime.setVerify(false);
+ JNLPRuntime.setTrustAll(true);
+ JNLPRuntime.setSecurityEnabled(false);
+ JNLPRuntime.setDebug(true);
+ String ignoreBackup = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES, "false");
+ try {
+ //it is invalid jar, so we have to disable checks first
+ final JNLPFile jnlpFile = new JNLPFile(new URL("http://localhost:" + port + "/jar_03_dotdot_jarN1.jnlp"));
+ final JNLPClassLoader classLoader = JNLPClassLoader.getInstance(jnlpFile, UpdatePolicy.ALWAYS, false);
+ } finally {
+ JNLPRuntime.setVerify(verifyBackup);
+ JNLPRuntime.setTrustAll(trustBackup);
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
+ JNLPRuntime.setDebug(verbose);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES, ignoreBackup);
+ as.stop();
+ }
+
+ }
+
+ @Test
+ public void testEncodedPathIsNotDecodedForCache() throws Exception {
+ CacheUtil.clearCache();
+ int port = ServerAccess.findFreePort();
+ File dir = FileTestUtils.createTempDirectory();
+ dir.deleteOnExit();
+ dir = new File(dir,"base");
+ dir.mkdir();
+ File jar = new File(dir,"j1.jar");
+ File jnlp = new File(dir+"/a/b/upEncoded.jnlp");
+ jnlp.getParentFile().mkdirs();
+ InputStream is = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/upEncoded.jnlp");
+ String jnlpString = StreamUtils.readStreamAsString(is, true, "utf-8");
+ is.close();
+ jnlpString = jnlpString.replaceAll("8080", ""+port);
+ is = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/j1.jar");
+ StreamUtils.copyStream(is, new FileOutputStream(jar));
+ Files.write(jnlp.toPath(),jnlpString.getBytes("utf-8"));
+ ServerLauncher as = ServerAccess.getIndependentInstance(jnlp.getParent(), port);
+ boolean verifyBackup = JNLPRuntime.isVerifying();
+ boolean trustBackup= JNLPRuntime.isTrustAll();
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
+ boolean verbose= JNLPRuntime.isDebug();
+ JNLPRuntime.setVerify(false);
+ JNLPRuntime.setTrustAll(true);
+ JNLPRuntime.setSecurityEnabled(false);
+ JNLPRuntime.setDebug(true);
+ try {
+ final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/upEncoded.jnlp"));
+ final JNLPClassLoader classLoader1 = JNLPClassLoader.getInstance(jnlpFile1, UpdatePolicy.ALWAYS, false);
+ InputStream is1 = classLoader1.getResourceAsStream("Hello1.class");
+ is1.close();
+ is1 = classLoader1.getResourceAsStream("META-INF/MANIFEST.MF");
+ is1.close();
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/0/http/localhost/"+port+"/upEncoded.jnlp").exists());
+ //be aware; if decoding ever come in play here, thios will leak out of cache folder. Thus harm user system. See fix for " Fixed bug when relative path (..) could leak up (even out of cache)"
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/%2E%2E/%2E%2E/%2E%2E/base").exists());
+ } finally {
+ JNLPRuntime.setVerify(verifyBackup);
+ JNLPRuntime.setTrustAll(trustBackup);
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
+ JNLPRuntime.setDebug(verbose);
+ as.stop();
+ }
+
+ }
}
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/upEncoded.jnlp b/tests/netx/unit/net/sourceforge/jnlp/runtime/upEncoded.jnlp
new file mode 100644
index 00000000..f0658bbc
--- /dev/null
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/upEncoded.jnlp
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<jnlp spec="6.0+" codebase=".">
+
+ <information><title>1965</title><vendor>Nemzeti Ado- es Vamhivatal</vendor><offline-allowed/></information>
+
+
+ <resources>
+ <j2se href="http://java.sun.com/products/autodl/j2se" version="1.8+" />
+ <!-- absolute url is a must -->
+ <jar href="http://localhost:8080/%2E%2E/%2E%2E/%2E%2E/base/j1.jar" version="2.0"/>
+ </resources>
+
+ <application-desc main-class="Hello1" />
+
+</jnlp>

View File

@ -1,3 +1,6 @@
#can rust have debuginfo? Verify and fix! Likely issue in Makefile of itw.
%global debug_package %{nil}
# Version of java # Version of java
%define javaver 1.8.0 %define javaver 1.8.0
@ -16,26 +19,17 @@
%define preffered_java java-%{javaver}-openjdk %define preffered_java java-%{javaver}-openjdk
Name: icedtea-web Name: icedtea-web
Version: 1.7.1 Version: 1.8.4
Release: 17%{?dist} Release: 4%{?dist}
Summary: Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation Summary: Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
# will become arched again with rust on board
BuildArch: noarch
Group: Applications/Internet Group: Applications/Internet
License: LGPLv2+ and GPLv2 with exceptions License: LGPLv2+ and GPLv2 with exceptions
URL: http://icedtea.classpath.org/wiki/IcedTea-Web URL: http://icedtea.classpath.org/wiki/IcedTea-Web
Source0: http://icedtea.classpath.org/download/source/%{name}-%{version}.tar.gz Source0: http://icedtea.classpath.org/download/source/%{name}-%{version}.tar.gz
Patch9: 1473-1480.patch Patch0: patchOutDunce.patch
Patch8: oracleForms.patch Patch1: altjava.patch
Patch7: headlessCheckSoftening_rhbz1581598.patch Patch2: fed2f5b-22402bb.patch
Patch1: issue1.patch
Patch2: issue2.patch
Patch3: issue3.patch
Patch4: PreventiveleQueue.patch
Patch11: issue1-bin.patch
Patch33: issue3-bin.patch
Patch5: testTuning.patch
BuildRequires: javapackages-tools BuildRequires: javapackages-tools
#for deprecated add_maven_depmap, see https://www.spinics.net/lists/fedora-devel/msg233211.html #for deprecated add_maven_depmap, see https://www.spinics.net/lists/fedora-devel/msg233211.html
@ -45,8 +39,7 @@ BuildRequires: desktop-file-utils
BuildRequires: glib2-devel BuildRequires: glib2-devel
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: gcc BuildRequires: cargo
BuildRequires: gcc-c++
BuildRequires: junit BuildRequires: junit
BuildRequires: hamcrest BuildRequires: hamcrest
BuildRequires: libappstream-glib BuildRequires: libappstream-glib
@ -63,33 +56,28 @@ Recommends: bash-completion
Requires(post): javapackages-tools Requires(post): javapackages-tools
Requires(postun): javapackages-tools Requires(postun): javapackages-tools
# For the mozilla plugin dir
Requires: mozilla-filesystem%{?_isa}
# When itw builds against it, it have to be also in runtime # When itw builds against it, it have to be also in runtime
Requires: tagsoup Requires: tagsoup
# Post requires alternatives to install tool alternatives. # Post requires alternatives to install tool alternatives.
Requires(post): %{_sbindir}/alternatives Requires(post): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch
Requires(post): chkconfig >= 1.7
# jnlp protocols support # jnlp protocols support
Requires(post): GConf2 Requires(post): GConf2
# Postun requires alternatives to uninstall tool alternatives. # Postun requires alternatives to uninstall tool alternatives.
Requires(postun): %{_sbindir}/alternatives Requires(postun): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch
Requires(postun): chkconfig >= 1.7
# jnlp protocols support # jnlp protocols support
Requires(postun): GConf2 Requires(postun): GConf2
# Standard JPackage plugin provides. # Standard JPackage plugin provides.
Provides: java-plugin = 1:%{javaver} Provides: java-plugin = 1:%{javaver}
Provides: javaws = 1:%{javaver} Provides: javaws = 1:%{javaver}
Provides: %{preffered_java}-javaws = 1:%{version}
Provides: %{preffered_java}-plugin = 1:%{version} Provides: %{preffered_java}-plugin = 1:%{version}
%description %description
The IcedTea-Web project provides a Java web browser plugin, an implementation The IcedTea-Web project provides a an implementation of Java Web Start
of Java Web Start (originally based on the Netx project) and a settings tool to (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start manage deployment settings for the aforementioned plugin and Web Start
implementations. implementations.
@ -112,24 +100,19 @@ BuildArch: noarch
%description devel %description devel
This package contains ziped sources of the IcedTea-Web project. This package contains ziped sources of the IcedTea-Web project.
%package nativelaunchers
Summary: native launchers of icedtea-web
Group: Applications/Internet
Requires: %{name} = %{version}-%{release}
%description nativelaunchers
This package contains native launchers for faster starup
%prep %prep
%setup -q %setup -q -n IcedTea-Web-%{name}-%{version}
%patch9 -p1 %patch0 -p1
%patch8 -p1
%patch7 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
if [ -e ../.git ] ; then
mv ../.git ../ggit
fi
git apply --no-index --binary -v %{PATCH11}
git apply --no-index --binary -v %{PATCH33}
if [ -e ../ggit ] ; then
mv ../ggit ../.git
fi
%build %build
autoreconf -vfi autoreconf -vfi
@ -142,7 +125,11 @@ CXXFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS" \
--libdir=%{_libdir} \ --libdir=%{_libdir} \
--program-suffix=%{binsuffix} \ --program-suffix=%{binsuffix} \
--disable-native-plugin \ --disable-native-plugin \
--with-itw-libs=DISTRIBUTION \
--with-modularjdk-file=%{_sysconfdir}/java/%{name} \
--enable-shell-launchers \
--prefix=%{_prefix} --prefix=%{_prefix}
make %{?_smp_mflags} make %{?_smp_mflags}
%install %install
@ -160,6 +147,12 @@ mv $RPM_BUILD_ROOT/%{_mandir}/man1/javaws.1 $RPM_BUILD_ROOT/%{_mandir}/man1/java
# Install desktop files. # Install desktop files.
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps} install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps}
# patch desktops to use the legacy sh laucnhers
sed "s/.itweb /.itweb.sh /" -i javaws.desktop #there is javaws... %u
sed "s/.itweb$/.itweb.sh/" -i itweb-settings.desktop
sed "s/.itweb$/.itweb.sh/" -i policyeditor.desktop
desktop-file-install --vendor ''\ desktop-file-install --vendor ''\
--dir $RPM_BUILD_ROOT%{_datadir}/applications javaws.desktop --dir $RPM_BUILD_ROOT%{_datadir}/applications javaws.desktop
desktop-file-install --vendor ''\ desktop-file-install --vendor ''\
@ -175,7 +168,8 @@ DESTDIR=%{buildroot} appstream-util install metadata/%{name}-javaws.appdata.xml
# maven fragments generation # maven fragments generation
mkdir -p $RPM_BUILD_ROOT%{_javadir} mkdir -p $RPM_BUILD_ROOT%{_javadir}
pushd $RPM_BUILD_ROOT%{_javadir} pushd $RPM_BUILD_ROOT%{_javadir}
ln -s ../%{name}/netx.jar %{name}.jar ln -s ../%{name}/javaws.jar ../%{name}/netx.jar # backward copatinlity needed?
ln -s ../%{name}/javaws.jar %{name}.jar
ln -s ../%{name}/plugin.jar %{name}-plugin.jar ln -s ../%{name}/plugin.jar %{name}-plugin.jar
popd popd
mkdir -p $RPM_BUILD_ROOT/%{_mavenpomdir} mkdir -p $RPM_BUILD_ROOT/%{_mavenpomdir}
@ -185,39 +179,57 @@ cp metadata/%{name}-plugin.pom $RPM_BUILD_ROOT/%{_mavenpomdir}/%{name}-plugin.p
%add_maven_depmap %{name}.pom %{name}.jar %add_maven_depmap %{name}.pom %{name}.jar
%add_maven_depmap %{name}-plugin.pom %{name}-plugin.jar %add_maven_depmap %{name}-plugin.pom %{name}-plugin.jar
cp netx.build/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/netx.src.zip cp netx.build/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/netx.src.zip # backward copatinlity needed?
cp netx.build/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/javaws.src.zip
cp liveconnect/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin.src.zip cp liveconnect/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin.src.zip
%find_lang %{name} --all-name --with-man %find_lang %{name} --all-name --with-man
%check %check
make check #make check
appstream-util validate $RPM_BUILD_ROOT/%{_datadir}/appdata/*.xml || : #appstream-util validate $RPM_BUILD_ROOT/%{_datadir}/appdata/*.xml || :
%post %post nativelaunchers
PRIORITY=%{priority}
let PRIORITY=PRIORITY-1
alternatives \ alternatives \
--install %{_bindir}/javaws javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix} %{priority} --family %{preffered_java}.%{_arch} \ --install %{_bindir}/javaws javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix} $PRIORITY --family %{preffered_java}.%{_arch} \
--slave %{_bindir}/itweb-settings itweb-settings %{_prefix}/bin/itweb-settings%{binsuffix} \ --slave %{_bindir}/itweb-settings itweb-settings %{_prefix}/bin/itweb-settings%{binsuffix} \
--slave %{_bindir}/policyeditor policyeditor %{_prefix}/bin/policyeditor%{binsuffix} \ --slave %{_bindir}/policyeditor policyeditor %{_prefix}/bin/policyeditor%{binsuffix} \
--slave %{_bindir}/ControlPanel ControlPanel %{_prefix}/bin/itweb-settings%{binsuffix} \ --slave %{_bindir}/ControlPanel ControlPanel %{_prefix}/bin/itweb-settings%{binsuffix} \
--slave %{_mandir}/man1/javaws.1.gz javaws.1.gz %{_mandir}/man1/javaws%{binsuffix}.1.gz \ --slave %{_mandir}/man1/javaws.1.gz javaws.1.gz %{_mandir}/man1/javaws%{binsuffix}.1.gz \
--slave %{_mandir}/man1/ControlPanel.1.gz ControlPanel.1.gz %{_mandir}/man1/itweb-settings.1.gz --slave %{_mandir}/man1/ControlPanel.1.gz ControlPanel.1.gz %{_mandir}/man1/itweb-settings.1.gz
%post
PRIORITY=%{priority}
alternatives \
--install %{_bindir}/javaws javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix}.sh $PRIORITY --family %{preffered_java}.%{_arch} \
--slave %{_bindir}/itweb-settings itweb-settings %{_prefix}/bin/itweb-settings%{binsuffix}.sh \
--slave %{_bindir}/policyeditor policyeditor %{_prefix}/bin/policyeditor%{binsuffix}.sh \
--slave %{_bindir}/ControlPanel ControlPanel %{_prefix}/bin/itweb-settings%{binsuffix}.sh \
--slave %{_mandir}/man1/javaws.1.gz javaws.1.gz %{_mandir}/man1/javaws%{binsuffix}.1.gz \
--slave %{_mandir}/man1/ControlPanel.1.gz ControlPanel.1.gz %{_mandir}/man1/itweb-settings.1.gz
gconftool-2 -s %{jnlphandler}/command '%{_bindir}/javaws %s' --type String &> /dev/null || :
gconftool-2 -s %{jnlphandler}/command '%{_prefix}/bin/javaws%{binsuffix} %s' --type String &> /dev/null || :
gconftool-2 -s %{jnlphandler}/enabled --type Boolean true &> /dev/null || : gconftool-2 -s %{jnlphandler}/enabled --type Boolean true &> /dev/null || :
gconftool-2 -s %{jnlpshandler}/command '%{_prefix}/bin/javaws%{binsuffix} %s' --type String &> /dev/null || : gconftool-2 -s %{jnlpshandler}/command '%{_bindir}/javaws %s' --type String &> /dev/null || :
gconftool-2 -s %{jnlpshandler}/enabled --type Boolean true &> /dev/null || : gconftool-2 -s %{jnlpshandler}/enabled --type Boolean true &> /dev/null || :
%posttrans %posttrans
update-desktop-database &> /dev/null || : update-desktop-database &> /dev/null || :
exit 0 exit 0
%postun nativelaunchers
if [ $1 -eq 0 ]
then
alternatives --remove javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix}
fi
exit 0
%postun %postun
update-desktop-database &> /dev/null || : update-desktop-database &> /dev/null || :
if [ $1 -eq 0 ] if [ $1 -eq 0 ]
then then
alternatives --remove javaws %{_prefix}/bin/javaws%{binsuffix} alternatives --remove javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix}.sh
gconftool-2 -u %{jnlphandler}/command &> /dev/null || : gconftool-2 -u %{jnlphandler}/command &> /dev/null || :
gconftool-2 -u %{jnlphandler}/enabled &> /dev/null || : gconftool-2 -u %{jnlphandler}/enabled &> /dev/null || :
gconftool-2 -u %{jnlpshandler}/command &> /dev/null || : gconftool-2 -u %{jnlpshandler}/command &> /dev/null || :
@ -225,9 +237,18 @@ then
fi fi
exit 0 exit 0
%files nativelaunchers
%{_prefix}/bin/javaws.itweb
%{_prefix}/bin/itweb-settings.itweb
%{_prefix}/bin/policyeditor.itweb
%license COPYING
%files -f .mfiles -f %{name}.lang %files -f .mfiles -f %{name}.lang
%{_sysconfdir}/bash_completion.d/* %{_sysconfdir}/bash_completion.d/*
%{_prefix}/bin/* %config(noreplace) %{_sysconfdir}/java/%{name}/itw-modularjdk.args
%{_prefix}/bin/javaws.itweb.sh
%{_prefix}/bin/itweb-settings.itweb.sh
%{_prefix}/bin/policyeditor.itweb.sh
%{_datadir}/applications/* %{_datadir}/applications/*
%dir %{_datadir}/%{name} %dir %{_datadir}/%{name}
%{_datadir}/%{name}/*.jar %{_datadir}/%{name}/*.jar
@ -247,6 +268,24 @@ exit 0
%license COPYING %license COPYING
%changelog %changelog
* Mon Nov 30 2020 - Jiri Vanek <jvanek@redhat.com> -1.8.4-4
- added patch2, fed2f5b-22402bb.patch containing important fixes from future 1.8.5
- Resolves: rhbz#1900043
* Fri Nov 27 2020 - Jiri Vanek <jvanek@redhat.com> -1.8.4-2
- added native launchers, via separate subpackage, but efectively changed main package to arched one
- removed policyeditor man page, it was link to itself
- Resolves: rhbz#1900043
* Fri Nov 27 2020 - Jiri Vanek <jvanek@redhat.com> -1.8.4-1
- rebased to itw 1.8, ommiting native launchers
- Resolves: rhbz#1900043
* Fri Nov 20 2020 Jiri Vanek <jvanek@redhat.com> 1.7.1-18
- patched to use alt-java if available
- Added Patch6, altjava.patch
- Resolves: rhbz#1888633
* Thu Jul 18 2019 Jiri Vanek <jvanek@redhat.com> 1.7.1-16 * Thu Jul 18 2019 Jiri Vanek <jvanek@redhat.com> 1.7.1-16
- Added Patch5, testTuning.patch to make tests pass inclean envirnment - Added Patch5, testTuning.patch to make tests pass inclean envirnment
- Resolves: rhbz#1724958 - Resolves: rhbz#1724958