import icedtea-web-1.8.4-4.el8
This commit is contained in:
parent
3b50fa8af2
commit
368b924c04
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/icedtea-web-1.7.1.tar.gz
|
SOURCES/icedtea-web-1.8.4.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
a484daa20cadefe4d4ba2c1e3b28dbb39c986f4b SOURCES/icedtea-web-1.7.1.tar.gz
|
08f339753946626f5f46d11120dce44d5e6f6540 SOURCES/icedtea-web-1.8.4.tar.gz
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,23 +0,0 @@
|
|||||||
commit 5437234c59f6c375a8ad0b07f93d459eefd571ba
|
|
||||||
Author: Jiri Vanek <jvanek@redhat.com>
|
|
||||||
Date: Tue Jul 9 12:10:39 2019 +0200
|
|
||||||
|
|
||||||
Preventively, hash also .. in queue
|
|
||||||
|
|
||||||
diff --git a/netx/net/sourceforge/jnlp/cache/CacheUtil.java b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
||||||
index 5c8652b6..15e8865c 100644
|
|
||||||
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
||||||
@@ -703,7 +703,11 @@ public class CacheUtil {
|
|
||||||
path.append(File.separatorChar);
|
|
||||||
}
|
|
||||||
String locationPath = location.getPath().replace('/', File.separatorChar);
|
|
||||||
- if (locationPath.contains("..")){
|
|
||||||
+ String query = "";
|
|
||||||
+ if (location.getQuery() != null) {
|
|
||||||
+ query = location.getQuery();
|
|
||||||
+ }
|
|
||||||
+ if (locationPath.contains("..") || query.contains("..")){
|
|
||||||
try {
|
|
||||||
/**
|
|
||||||
* if path contains .. then it can harm lcoal system
|
|
40
SOURCES/altjava.patch
Normal file
40
SOURCES/altjava.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
--- IcedTea-Web-icedtea-web-1.8.4/shell-launcher/launchers.sh.in
|
||||||
|
+++ iIcedTea-Web-cedtea-web-1.8.4/shell-launcher/launchers.sh.in
|
||||||
|
@@ -193,6 +193,12 @@
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
+java_dir="`dirname ${JAVA}`"
|
||||||
|
+alt_java="alt-java"
|
||||||
|
+if [ -e "$java_dir/$alt_java" ] ; then
|
||||||
|
+ JAVA="`dirname ${JAVA}`/$alt_java"
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
# TODO: inline args without using COMMAND[array] to unify linux/windows scripts
|
||||||
|
k=0
|
||||||
|
COMMAND[k]="${JAVA}"
|
||||||
|
--- IcedTea-Web-icedtea-web-1.8.4/rust-launcher/src/os_access.rs
|
||||||
|
+++ IcedTea-Web-icedtea-web-1.8.4/rust-launcher/src/os_access.rs
|
||||||
|
@@ -5,9 +5,19 @@
|
||||||
|
use log_helper;
|
||||||
|
|
||||||
|
pub fn create_java_cmd(os: &Os,jre_dir: &std::path::PathBuf, args: &Vec<String>) -> std::process::Command {
|
||||||
|
- let mut bin_java = jre_dir.clone();
|
||||||
|
- bin_java.push("bin");
|
||||||
|
- bin_java.push("java");
|
||||||
|
+ let mut alt_bin_java = jre_dir.clone();
|
||||||
|
+ alt_bin_java.push("bin");
|
||||||
|
+ alt_bin_java.push("alt-java");
|
||||||
|
+ let mut bin_java;
|
||||||
|
+ if alt_bin_java.exists() {
|
||||||
|
+ os.log("itw-rust-debug: alt-java found");
|
||||||
|
+ bin_java = alt_bin_java;
|
||||||
|
+ } else {
|
||||||
|
+ os.log("itw-rust-debug: alt-java NOT found");
|
||||||
|
+ bin_java = jre_dir.clone();
|
||||||
|
+ bin_java.push("bin");
|
||||||
|
+ bin_java.push("java");
|
||||||
|
+ }
|
||||||
|
let mut cmd = std::process::Command::new(&bin_java);
|
||||||
|
for ar in args.into_iter() {
|
||||||
|
cmd.arg(ar);
|
735
SOURCES/fed2f5b-22402bb.patch
Normal file
735
SOURCES/fed2f5b-22402bb.patch
Normal file
@ -0,0 +1,735 @@
|
|||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 3f73cff7..1112bf49 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -956,10 +956,10 @@ if ENABLE_NATIVE_LAUNCHERS
|
||||||
|
# there is curently harecoded sh, so it can somehow basically work
|
||||||
|
# see the DESKTOP_SUFFIX for final tuning
|
||||||
|
launcher.build/$(javaws) launcher.build/$(itweb_settings) launcher.build/$(policyeditor): rust-launcher/src/main.rs rust-launcher/Cargo.toml
|
||||||
|
- export ITW_TMP_REPLACEMENT=$(TESTS_DIR)/rust_tests_tmp ; \
|
||||||
|
- mkdir -p $$ITW_TMP_REPLACEMENT; \
|
||||||
|
filename=`basename $@` ; \
|
||||||
|
type=$${filename%.*} ; \
|
||||||
|
+ export ITW_TMP_REPLACEMENT=$(TESTS_DIR)/rust_tests_tmp/$$type ; \
|
||||||
|
+ mkdir -p $$ITW_TMP_REPLACEMENT; \
|
||||||
|
srcs=$(TOP_SRC_DIR)/rust-launcher ; \
|
||||||
|
outs=$(TOP_BUILD_DIR)/launcher.in.$$type ; \
|
||||||
|
mkdir -p launcher.build ; \
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 5bcb1046..03796e39 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -71,7 +71,7 @@ AM_CONDITIONAL([ENABLE_NATIVE_LAUNCHERS], [test ! x"$RUSTC" = x -a ! x"$CARGO" =
|
||||||
|
build_linux=no
|
||||||
|
build_windows=no
|
||||||
|
case "${host_os}" in
|
||||||
|
- linux*)
|
||||||
|
+ linux*|freebsd*)
|
||||||
|
build_linux=yes
|
||||||
|
;;
|
||||||
|
cygwin*)
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/Launcher.java b/netx/net/sourceforge/jnlp/Launcher.java
|
||||||
|
index bcfd7b34..1ff42421 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/Launcher.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/Launcher.java
|
||||||
|
@@ -552,7 +552,7 @@ public class Launcher {
|
||||||
|
}
|
||||||
|
|
||||||
|
OutputController.getLogger().log(OutputController.Level.ERROR_ALL, "Starting application [" + mainName + "] ...");
|
||||||
|
-
|
||||||
|
+
|
||||||
|
Class<?> mainClass = app.getClassLoader().loadClass(mainName);
|
||||||
|
|
||||||
|
Method main = mainClass.getMethod("main", new Class<?>[] { String[].class });
|
||||||
|
@@ -572,6 +572,7 @@ public class Launcher {
|
||||||
|
|
||||||
|
main.setAccessible(true);
|
||||||
|
|
||||||
|
+ JNLPRuntime.addStartupTrackingEntry("invoking main()");
|
||||||
|
OutputController.getLogger().log("Invoking main() with args: " + Arrays.toString(args));
|
||||||
|
main.invoke(null, new Object[] { args });
|
||||||
|
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/OptionsDefinitions.java b/netx/net/sourceforge/jnlp/OptionsDefinitions.java
|
||||||
|
index c87b4a79..16ef46d3 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/OptionsDefinitions.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/OptionsDefinitions.java
|
||||||
|
@@ -78,6 +78,7 @@ public class OptionsDefinitions {
|
||||||
|
JNLP("-jnlp","BOJnlp", NumberOfArguments.ONE),
|
||||||
|
HTML("-html","BOHtml", NumberOfArguments.ONE_OR_MORE),
|
||||||
|
BROWSER("-browser", "BrowserArg", NumberOfArguments.ONE_OR_MORE),
|
||||||
|
+ STARTUP_TRACKER("-startuptracker","BOStartupTracker"),
|
||||||
|
//itweb settings
|
||||||
|
LIST("-list", "IBOList"),
|
||||||
|
GET("-get", "name", "IBOGet", NumberOfArguments.ONE_OR_MORE),
|
||||||
|
@@ -222,7 +223,8 @@ public class OptionsDefinitions {
|
||||||
|
OPTIONS.TRUSTNONE,
|
||||||
|
OPTIONS.JNLP,
|
||||||
|
OPTIONS.HTML,
|
||||||
|
- OPTIONS.BROWSER
|
||||||
|
+ OPTIONS.BROWSER,
|
||||||
|
+ OPTIONS.STARTUP_TRACKER
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/cache/CacheEntry.java b/netx/net/sourceforge/jnlp/cache/CacheEntry.java
|
||||||
|
index 3a241acb..c5f1f329 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/cache/CacheEntry.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/cache/CacheEntry.java
|
||||||
|
@@ -47,6 +47,8 @@ public class CacheEntry {
|
||||||
|
/** info about the cached file */
|
||||||
|
private final PropertiesFile properties;
|
||||||
|
|
||||||
|
+ private File localFile;
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Create a CacheEntry for the resources specified as a remote
|
||||||
|
* URL.
|
||||||
|
@@ -58,8 +60,8 @@ public class CacheEntry {
|
||||||
|
this.location = location;
|
||||||
|
this.version = version;
|
||||||
|
|
||||||
|
- File infoFile = CacheUtil.getCacheFile(location, version);
|
||||||
|
- infoFile = new File(infoFile.getPath() + CacheDirectory.INFO_SUFFIX); // replace with something that can't be clobbered
|
||||||
|
+ this.localFile = CacheUtil.getCacheFile(location, version);
|
||||||
|
+ File infoFile = new File(localFile.getPath() + CacheDirectory.INFO_SUFFIX); // replace with something that can't be clobbered
|
||||||
|
|
||||||
|
properties = new PropertiesFile(infoFile, R("CAutoGen"));
|
||||||
|
}
|
||||||
|
@@ -130,7 +132,11 @@ public class CacheEntry {
|
||||||
|
* @return whether the cache contains the version
|
||||||
|
*/
|
||||||
|
public boolean isCurrent(long lastModified) {
|
||||||
|
- boolean cached = isCached();
|
||||||
|
+ return isCurrent(lastModified, null);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public boolean isCurrent(long lastModified, File cachedFile) {
|
||||||
|
+ boolean cached = isCached(cachedFile);
|
||||||
|
OutputController.getLogger().log("isCurrent:isCached " + cached);
|
||||||
|
|
||||||
|
if (!cached) {
|
||||||
|
@@ -153,7 +159,16 @@ public class CacheEntry {
|
||||||
|
* @return true if the resource is in the cache
|
||||||
|
*/
|
||||||
|
public boolean isCached() {
|
||||||
|
- File localFile = getCacheFile();
|
||||||
|
+ return isCached(null);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public boolean isCached(File cachedFile) {
|
||||||
|
+ final File localFile;
|
||||||
|
+ if (null == version && null != cachedFile) {
|
||||||
|
+ localFile = cachedFile;
|
||||||
|
+ } else {
|
||||||
|
+ localFile = getCacheFile();
|
||||||
|
+ }
|
||||||
|
if (!localFile.exists())
|
||||||
|
return false;
|
||||||
|
|
||||||
|
@@ -224,4 +239,7 @@ public class CacheEntry {
|
||||||
|
return properties.isHeldByCurrentThread();
|
||||||
|
}
|
||||||
|
|
||||||
|
+ public File getLocalFile() {
|
||||||
|
+ return localFile;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/cache/CacheUtil.java b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
||||||
|
index 486421b9..d298d203 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
||||||
|
@@ -422,14 +422,13 @@ public class CacheUtil {
|
||||||
|
* @return whether the cache contains the version
|
||||||
|
* @throws IllegalArgumentException if the source is not cacheable
|
||||||
|
*/
|
||||||
|
- public static boolean isCurrent(URL source, Version version, long lastModifed) {
|
||||||
|
+ public static boolean isCurrent(URL source, Version version, long lastModifed, CacheEntry entry, File cachedFile) {
|
||||||
|
|
||||||
|
if (!isCacheable(source, version))
|
||||||
|
throw new IllegalArgumentException(R("CNotCacheable", source));
|
||||||
|
|
||||||
|
try {
|
||||||
|
- CacheEntry entry = new CacheEntry(source, version); // could pool this
|
||||||
|
- boolean result = entry.isCurrent(lastModifed);
|
||||||
|
+ boolean result = entry.isCurrent(lastModifed, cachedFile);
|
||||||
|
|
||||||
|
OutputController.getLogger().log("isCurrent: " + source + " = " + result);
|
||||||
|
|
||||||
|
@@ -796,6 +795,8 @@ public class CacheUtil {
|
||||||
|
}
|
||||||
|
URL undownloaded[] = urlList.toArray(new URL[urlList.size()]);
|
||||||
|
|
||||||
|
+ final int maxUrls = Integer.parseInt(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_MAX_URLS_DOWNLOAD_INDICATOR));
|
||||||
|
+
|
||||||
|
listener = indicator.getListener(app, title, undownloaded);
|
||||||
|
|
||||||
|
do {
|
||||||
|
@@ -810,20 +811,30 @@ public class CacheUtil {
|
||||||
|
|
||||||
|
int percent = (int) ((100 * read) / Math.max(1, total));
|
||||||
|
|
||||||
|
+ int urlCounter = 0;
|
||||||
|
for (URL url : undownloaded) {
|
||||||
|
+ if (urlCounter > maxUrls) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
listener.progress(url, "version",
|
||||||
|
tracker.getAmountRead(url),
|
||||||
|
tracker.getTotalSize(url),
|
||||||
|
percent);
|
||||||
|
+ urlCounter += 1;
|
||||||
|
}
|
||||||
|
} while (!tracker.waitForResources(resources, indicator.getUpdateRate()));
|
||||||
|
|
||||||
|
// make sure they read 100% until indicator closes
|
||||||
|
+ int urlCounter = 0;
|
||||||
|
for (URL url : undownloaded) {
|
||||||
|
+ if (urlCounter > maxUrls) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
listener.progress(url, "version",
|
||||||
|
tracker.getTotalSize(url),
|
||||||
|
tracker.getTotalSize(url),
|
||||||
|
100);
|
||||||
|
+ urlCounter += 1;
|
||||||
|
}
|
||||||
|
} catch (InterruptedException ex) {
|
||||||
|
OutputController.getLogger().log(ex);
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/cache/CachedDaemonThreadPoolProvider.java b/netx/net/sourceforge/jnlp/cache/CachedDaemonThreadPoolProvider.java
|
||||||
|
index 1cd4df23..ff48662d 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/cache/CachedDaemonThreadPoolProvider.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/cache/CachedDaemonThreadPoolProvider.java
|
||||||
|
@@ -36,9 +36,14 @@
|
||||||
|
exception statement from your version. */
|
||||||
|
package net.sourceforge.jnlp.cache;
|
||||||
|
|
||||||
|
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
|
||||||
|
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
|
||||||
|
+
|
||||||
|
import java.util.concurrent.ExecutorService;
|
||||||
|
-import java.util.concurrent.Executors;
|
||||||
|
+import java.util.concurrent.LinkedBlockingQueue;
|
||||||
|
import java.util.concurrent.ThreadFactory;
|
||||||
|
+import java.util.concurrent.ThreadPoolExecutor;
|
||||||
|
+import java.util.concurrent.TimeUnit;
|
||||||
|
import java.util.concurrent.atomic.AtomicInteger;
|
||||||
|
|
||||||
|
public class CachedDaemonThreadPoolProvider {
|
||||||
|
@@ -81,6 +86,19 @@ public class CachedDaemonThreadPoolProvider {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- public static final ExecutorService DAEMON_THREAD_POOL = Executors.newCachedThreadPool(new DaemonThreadFactory());
|
||||||
|
+ public static synchronized ExecutorService getThreadPool() {
|
||||||
|
+ if (null == DAEMON_THREAD_POOL) {
|
||||||
|
+ final int nThreads = Integer.parseInt(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_BACKGROUND_THREADS_COUNT));
|
||||||
|
+ ThreadPoolExecutor pool = new ThreadPoolExecutor(nThreads, nThreads,
|
||||||
|
+ 60L, TimeUnit.SECONDS,
|
||||||
|
+ new LinkedBlockingQueue<Runnable>(),
|
||||||
|
+ new DaemonThreadFactory());
|
||||||
|
+ pool.allowCoreThreadTimeOut(true);
|
||||||
|
+ DAEMON_THREAD_POOL = pool;
|
||||||
|
+ }
|
||||||
|
+ return DAEMON_THREAD_POOL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private static ExecutorService DAEMON_THREAD_POOL = null;
|
||||||
|
|
||||||
|
}
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/cache/ResourceDownloader.java b/netx/net/sourceforge/jnlp/cache/ResourceDownloader.java
|
||||||
|
index 643b46fd..e0a123bb 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/cache/ResourceDownloader.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/cache/ResourceDownloader.java
|
||||||
|
@@ -153,7 +153,12 @@ public class ResourceDownloader implements Runnable {
|
||||||
|
URLConnection connection = ConnectionFactory.getConnectionFactory().openConnection(location.URL); // this won't change so should be okay not-synchronized
|
||||||
|
connection.addRequestProperty("Accept-Encoding", "pack200-gzip, gzip");
|
||||||
|
|
||||||
|
- File localFile = CacheUtil.getCacheFile(resource.getLocation(), resource.getDownloadVersion());
|
||||||
|
+ File localFile = null;
|
||||||
|
+ if (resource.getRequestVersion() == resource.getDownloadVersion()) {
|
||||||
|
+ localFile = entry.getLocalFile();
|
||||||
|
+ } else {
|
||||||
|
+ localFile = CacheUtil.getCacheFile(resource.getLocation(), resource.getDownloadVersion());
|
||||||
|
+ }
|
||||||
|
Long size = location.length;
|
||||||
|
if (size == null) {
|
||||||
|
size = connection.getContentLengthLong();
|
||||||
|
@@ -162,7 +167,7 @@ public class ResourceDownloader implements Runnable {
|
||||||
|
if (lm == null) {
|
||||||
|
lm = connection.getLastModified();
|
||||||
|
}
|
||||||
|
- boolean current = CacheUtil.isCurrent(resource.getLocation(), resource.getRequestVersion(), lm) && resource.getUpdatePolicy() != UpdatePolicy.FORCE;
|
||||||
|
+ boolean current = CacheUtil.isCurrent(resource.getLocation(), resource.getRequestVersion(), lm, entry, localFile) && resource.getUpdatePolicy() != UpdatePolicy.FORCE;
|
||||||
|
if (!current) {
|
||||||
|
if (entry.isCached()) {
|
||||||
|
entry.markForDelete();
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/cache/ResourceTracker.java b/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
|
||||||
|
index f4ad69be..972a10cf 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/cache/ResourceTracker.java
|
||||||
|
@@ -28,10 +28,7 @@ import static net.sourceforge.jnlp.cache.Resource.Status.PROCESSING;
|
||||||
|
import java.io.File;
|
||||||
|
import java.net.MalformedURLException;
|
||||||
|
import java.net.URL;
|
||||||
|
-import java.util.ArrayList;
|
||||||
|
-import java.util.Collection;
|
||||||
|
-import java.util.EnumSet;
|
||||||
|
-import java.util.List;
|
||||||
|
+import java.util.*;
|
||||||
|
|
||||||
|
import net.sourceforge.jnlp.DownloadOptions;
|
||||||
|
import net.sourceforge.jnlp.Version;
|
||||||
|
@@ -105,6 +102,7 @@ public class ResourceTracker {
|
||||||
|
|
||||||
|
/** the resources known about by this resource tracker */
|
||||||
|
private final List<Resource> resources = new ArrayList<>();
|
||||||
|
+ private final HashMap<String, Resource> resourcesMap = new HashMap<>();
|
||||||
|
|
||||||
|
/** download listeners for this tracker */
|
||||||
|
private final List<DownloadListener> listeners = new ArrayList<>();
|
||||||
|
@@ -155,6 +153,7 @@ public class ResourceTracker {
|
||||||
|
return;
|
||||||
|
resource.addTracker(this);
|
||||||
|
resources.add(resource);
|
||||||
|
+ resourcesMap.put(location.toString(), resource);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (options == null) {
|
||||||
|
@@ -190,6 +189,7 @@ public class ResourceTracker {
|
||||||
|
|
||||||
|
if (resource != null) {
|
||||||
|
resources.remove(resource);
|
||||||
|
+ resourcesMap.remove(location.toString());
|
||||||
|
resource.removeTracker(this);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -508,7 +508,7 @@ public class ResourceTracker {
|
||||||
|
* @param resource resource to be download
|
||||||
|
*/
|
||||||
|
protected void startDownloadThread(Resource resource) {
|
||||||
|
- CachedDaemonThreadPoolProvider.DAEMON_THREAD_POOL.execute(new ResourceDownloader(resource, lock));
|
||||||
|
+ CachedDaemonThreadPoolProvider.getThreadPool().execute(new ResourceDownloader(resource, lock));
|
||||||
|
}
|
||||||
|
|
||||||
|
static Resource selectByFilter(Collection<Resource> source, Filter<Resource> filter) {
|
||||||
|
@@ -569,6 +569,12 @@ public class ResourceTracker {
|
||||||
|
*/
|
||||||
|
private Resource getResource(URL location) {
|
||||||
|
synchronized (resources) {
|
||||||
|
+ if (null != location) {
|
||||||
|
+ Resource res = resourcesMap.get(location.toString());
|
||||||
|
+ if (null != res && UrlUtils.urlEquals(res.getLocation(), location)) {
|
||||||
|
+ return res;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
for (Resource resource : resources) {
|
||||||
|
if (UrlUtils.urlEquals(resource.getLocation(), location))
|
||||||
|
return resource;
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/config/Defaults.java b/netx/net/sourceforge/jnlp/config/Defaults.java
|
||||||
|
index 8e316e4f..78f9b3e6 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/config/Defaults.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/config/Defaults.java
|
||||||
|
@@ -466,6 +466,21 @@ public class Defaults {
|
||||||
|
BasicValueValidators.getRangedIntegerValidator(0, 1000),
|
||||||
|
String.valueOf(10)// treshold when applet is considered as too small
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ DeploymentConfiguration.KEY_ENABLE_CACHE_FSYNC,
|
||||||
|
+ BasicValueValidators.getBooleanValidator(),
|
||||||
|
+ String.valueOf(false)
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ DeploymentConfiguration.KEY_BACKGROUND_THREADS_COUNT,
|
||||||
|
+ BasicValueValidators.getRangedIntegerValidator(1, 16),
|
||||||
|
+ String.valueOf(3)
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ DeploymentConfiguration.KEY_MAX_URLS_DOWNLOAD_INDICATOR,
|
||||||
|
+ BasicValueValidators.getRangedIntegerValidator(1, 1024),
|
||||||
|
+ String.valueOf(16)
|
||||||
|
+ },
|
||||||
|
//**************
|
||||||
|
//* Native (rust) only - beggin
|
||||||
|
//**************
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
|
||||||
|
index de7425e3..84f77075 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
|
||||||
|
@@ -250,7 +250,10 @@ public final class DeploymentConfiguration {
|
||||||
|
public static final String KEY_SMALL_SIZE_OVERRIDE_TRESHOLD = "deployment.small.size.treshold";
|
||||||
|
public static final String KEY_SMALL_SIZE_OVERRIDE_WIDTH = "deployment.small.size.override.width";
|
||||||
|
public static final String KEY_SMALL_SIZE_OVERRIDE_HEIGHT = "deployment.small.size.override.height";
|
||||||
|
-
|
||||||
|
+ public static final String KEY_ENABLE_CACHE_FSYNC = "deployment.enable.cache.fsync";
|
||||||
|
+ public static final String KEY_BACKGROUND_THREADS_COUNT = "deployment.background.threads.count";
|
||||||
|
+ public static final String KEY_MAX_URLS_DOWNLOAD_INDICATOR = "deployment.max.urls.download.indicator";
|
||||||
|
+
|
||||||
|
public static final String TRANSFER_TITLE = "Legacy configuration and cache found. Those will be now transported to new locations";
|
||||||
|
|
||||||
|
private ConfigurationException loadingException = null;
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties
|
||||||
|
index 773f134b..0e87bce3 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties
|
||||||
|
@@ -357,6 +357,7 @@ BXoffline = Prevent ITW network connection. Only cache will be used. Applicati
|
||||||
|
BOHelp1 = Prints out information about supported command and basic usage.
|
||||||
|
BOHelp2 = Prints out information about supported command and basic usage. Can also take an parameter, and then it prints detailed help for this command.
|
||||||
|
BOTrustnone = Instead of asking user, will foretold all answers as no.
|
||||||
|
+BOStartupTracker = Enable startup time tracker
|
||||||
|
|
||||||
|
# Itweb-settings boot commands
|
||||||
|
IBOList=Shows a list of all the IcedTea-Web settings and their current values.
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/runtime/Boot.java b/netx/net/sourceforge/jnlp/runtime/Boot.java
|
||||||
|
index 7317b989..a9990909 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java
|
||||||
|
@@ -107,6 +107,10 @@ public final class Boot implements PrivilegedAction<Void> {
|
||||||
|
|
||||||
|
optionParser = new OptionParser(argsIn, OptionsDefinitions.getJavaWsOptions());
|
||||||
|
|
||||||
|
+ if (optionParser.hasOption(OptionsDefinitions.OPTIONS.STARTUP_TRACKER)) {
|
||||||
|
+ JNLPRuntime.initStartupTracker();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (optionParser.hasOption(OptionsDefinitions.OPTIONS.VERBOSE)) {
|
||||||
|
JNLPRuntime.setDebug(true);
|
||||||
|
}
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java b/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java
|
||||||
|
index 9746f5d0..811d132e 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java
|
||||||
|
@@ -43,6 +43,7 @@ import java.io.FileOutputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.io.OutputStream;
|
||||||
|
+import java.net.URISyntaxException;
|
||||||
|
import java.net.URL;
|
||||||
|
import java.net.URLConnection;
|
||||||
|
import java.security.AccessController;
|
||||||
|
@@ -103,9 +104,11 @@ final class CachedJarFileCallback implements URLJarFileCallBack {
|
||||||
|
|
||||||
|
if (UrlUtils.isLocalFile(localUrl)) {
|
||||||
|
// if it is known to us, just return the cached file
|
||||||
|
- JarFile returnFile = new JarFile(localUrl.getPath());
|
||||||
|
+ JarFile returnFile=null;
|
||||||
|
|
||||||
|
try {
|
||||||
|
+ localUrl.toURI().getPath();
|
||||||
|
+ returnFile = new JarFile(localUrl.toURI().getPath());
|
||||||
|
|
||||||
|
// Blank out the class-path because:
|
||||||
|
// 1) Web Start does not support it
|
||||||
|
@@ -117,6 +120,8 @@ final class CachedJarFileCallback implements URLJarFileCallBack {
|
||||||
|
|
||||||
|
} catch (NullPointerException npe) {
|
||||||
|
// Discard NPE here. Maybe there was no manifest, maybe there were no attributes, etc.
|
||||||
|
+ } catch (URISyntaxException e) {
|
||||||
|
+ // should not happen as localUrl was built using localFile.toURI().toURL(), see JNLPClassLoader.activateJars(List<JARDesc>)
|
||||||
|
}
|
||||||
|
|
||||||
|
return returnFile;
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
||||||
|
index 3785707a..77576fdd 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
||||||
|
@@ -709,7 +709,9 @@ public class JNLPClassLoader extends URLClassLoader {
|
||||||
|
fillInPartJars(initialJars); // add in each initial part's lazy jars
|
||||||
|
}
|
||||||
|
|
||||||
|
+ JNLPRuntime.addStartupTrackingEntry("JARs download enter");
|
||||||
|
waitForJars(initialJars); //download the jars first.
|
||||||
|
+ JNLPRuntime.addStartupTrackingEntry("JARs download complete");
|
||||||
|
|
||||||
|
//A ZipException will propagate later on if the jar is invalid and not checked here
|
||||||
|
if (shouldFilterInvalidJars()) {
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
|
||||||
|
index 295744db..919f78fd 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
|
||||||
|
@@ -170,6 +170,7 @@ public class JNLPRuntime {
|
||||||
|
|
||||||
|
private static Boolean onlineDetected = null;
|
||||||
|
|
||||||
|
+ private static long startupTrackerMoment = 0;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Header is not checked and so eg
|
||||||
|
@@ -891,6 +892,19 @@ public class JNLPRuntime {
|
||||||
|
JNLPRuntime.ignoreHeaders = ignoreHeaders;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ // may only be called from Boot
|
||||||
|
+ public static void initStartupTracker() {
|
||||||
|
+ startupTrackerMoment = System.currentTimeMillis();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public static void addStartupTrackingEntry(String message) {
|
||||||
|
+ if (startupTrackerMoment > 0) {
|
||||||
|
+ long time = (System.currentTimeMillis() - startupTrackerMoment)/1000;
|
||||||
|
+ String msg = "Startup tracker: seconds elapsed: [" + time + "], message: [" + message + "]";
|
||||||
|
+ OutputController.getLogger().log(OutputController.Level.ERROR_ALL, msg);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
private static boolean isPluginDebug() {
|
||||||
|
if (pluginDebug == null) {
|
||||||
|
try {
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
||||||
|
index eb26dc69..7fd5d92f 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
||||||
|
@@ -39,15 +39,18 @@ import java.util.Enumeration;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
-import java.util.Vector;
|
||||||
|
+import java.util.concurrent.Callable;
|
||||||
|
+import java.util.concurrent.Future;
|
||||||
|
import java.util.jar.JarEntry;
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
|
import net.sourceforge.jnlp.JARDesc;
|
||||||
|
import net.sourceforge.jnlp.JNLPFile;
|
||||||
|
import net.sourceforge.jnlp.LaunchException;
|
||||||
|
+import net.sourceforge.jnlp.cache.CachedDaemonThreadPoolProvider;
|
||||||
|
import net.sourceforge.jnlp.cache.ResourceTracker;
|
||||||
|
import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate;
|
||||||
|
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
|
||||||
|
import net.sourceforge.jnlp.security.AppVerifier;
|
||||||
|
import net.sourceforge.jnlp.security.CertVerifier;
|
||||||
|
import net.sourceforge.jnlp.security.CertificateUtils;
|
||||||
|
@@ -226,37 +229,36 @@ public class JarCertVerifier implements CertVerifier {
|
||||||
|
private void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
|
||||||
|
throws Exception {
|
||||||
|
|
||||||
|
+ List<String> filesToVerify = new ArrayList<>();
|
||||||
|
for (JARDesc jar : jars) {
|
||||||
|
+ File jarFile = tracker.getCacheFile(jar.getLocation());
|
||||||
|
|
||||||
|
- try {
|
||||||
|
-
|
||||||
|
- File jarFile = tracker.getCacheFile(jar.getLocation());
|
||||||
|
-
|
||||||
|
- // some sort of resource download/cache error. Nothing to add
|
||||||
|
- // in that case ... but don't fail here
|
||||||
|
- if (jarFile == null) {
|
||||||
|
- continue;
|
||||||
|
- }
|
||||||
|
+ // some sort of resource download/cache error. Nothing to add
|
||||||
|
+ // in that case ... but don't fail here
|
||||||
|
+ if (jarFile == null) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- String localFile = jarFile.getAbsolutePath();
|
||||||
|
- if (verifiedJars.contains(localFile)
|
||||||
|
- || unverifiedJars.contains(localFile)) {
|
||||||
|
- continue;
|
||||||
|
- }
|
||||||
|
+ String localFile = jarFile.getAbsolutePath();
|
||||||
|
+ if (verifiedJars.contains(localFile)
|
||||||
|
+ || unverifiedJars.contains(localFile)) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- VerifyResult result = verifyJar(localFile);
|
||||||
|
+ filesToVerify.add(localFile);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if (result == VerifyResult.UNSIGNED) {
|
||||||
|
- unverifiedJars.add(localFile);
|
||||||
|
- } else if (result == VerifyResult.SIGNED_NOT_OK) {
|
||||||
|
- verifiedJars.add(localFile);
|
||||||
|
- } else if (result == VerifyResult.SIGNED_OK) {
|
||||||
|
- verifiedJars.add(localFile);
|
||||||
|
- }
|
||||||
|
- } catch (Exception e) {
|
||||||
|
- // We may catch exceptions from using verifyJar()
|
||||||
|
- // or from checkTrustedCerts
|
||||||
|
- throw e;
|
||||||
|
+ List<VerifiedJarFile> verified = verifyJarsParallel(filesToVerify);
|
||||||
|
+
|
||||||
|
+ for (VerifiedJarFile vjf : verified) {
|
||||||
|
+ VerifyResult result = verifyJarEntryCerts(vjf.file, vjf.hasManifest, vjf.entriesVec);
|
||||||
|
+ String localFile = vjf.file;
|
||||||
|
+ if (result == VerifyResult.UNSIGNED) {
|
||||||
|
+ unverifiedJars.add(localFile);
|
||||||
|
+ } else if (result == VerifyResult.SIGNED_NOT_OK) {
|
||||||
|
+ verifiedJars.add(localFile);
|
||||||
|
+ } else if (result == VerifyResult.SIGNED_OK) {
|
||||||
|
+ verifiedJars.add(localFile);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -264,6 +266,31 @@ public class JarCertVerifier implements CertVerifier {
|
||||||
|
checkTrustedCerts(certPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ private List<VerifiedJarFile> verifyJarsParallel(List<String> files) throws Exception {
|
||||||
|
+ JNLPRuntime.addStartupTrackingEntry("JARs verification enter");
|
||||||
|
+ List<Callable<VerifiedJarFile>> callables = new ArrayList<>(files.size());
|
||||||
|
+ for (final String fi : files) {
|
||||||
|
+ callables.add(new Callable<VerifiedJarFile>() {
|
||||||
|
+ @Override
|
||||||
|
+ public VerifiedJarFile call() throws Exception {
|
||||||
|
+ return verifyJar(fi);
|
||||||
|
+ }
|
||||||
|
+ });
|
||||||
|
+ }
|
||||||
|
+ List<Future<VerifiedJarFile>> futures = CachedDaemonThreadPoolProvider.getThreadPool().invokeAll(callables);
|
||||||
|
+ List<VerifiedJarFile> results = new ArrayList<>(files.size());
|
||||||
|
+ try {
|
||||||
|
+ for (Future<VerifiedJarFile> fu : futures) {
|
||||||
|
+ results.add(fu.get());
|
||||||
|
+ }
|
||||||
|
+ } catch (Exception e) {
|
||||||
|
+ OutputController.getLogger().log(OutputController.Level.ERROR_ALL, e);
|
||||||
|
+ throw e;
|
||||||
|
+ }
|
||||||
|
+ JNLPRuntime.addStartupTrackingEntry("JARs verification complete");
|
||||||
|
+ return results;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Checks through all the jar entries of jarName for signers, storing all the common ones in the certs hash map.
|
||||||
|
*
|
||||||
|
@@ -273,15 +300,15 @@ public class JarCertVerifier implements CertVerifier {
|
||||||
|
* @throws Exception
|
||||||
|
* Will be thrown if there are any problems with the jar.
|
||||||
|
*/
|
||||||
|
- private VerifyResult verifyJar(String jarName) throws Exception {
|
||||||
|
+ private VerifiedJarFile verifyJar(String jarName) throws Exception {
|
||||||
|
try (JarFile jarFile = new JarFile(jarName, true)) {
|
||||||
|
- Vector<JarEntry> entriesVec = new Vector<JarEntry>();
|
||||||
|
+ List<JarEntry> entriesVec = new ArrayList<>();
|
||||||
|
byte[] buffer = new byte[8192];
|
||||||
|
|
||||||
|
Enumeration<JarEntry> entries = jarFile.entries();
|
||||||
|
while (entries.hasMoreElements()) {
|
||||||
|
JarEntry je = entries.nextElement();
|
||||||
|
- entriesVec.addElement(je);
|
||||||
|
+ entriesVec.add(je);
|
||||||
|
|
||||||
|
InputStream is = jarFile.getInputStream(je);
|
||||||
|
try {
|
||||||
|
@@ -295,8 +322,7 @@ public class JarCertVerifier implements CertVerifier {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- return verifyJarEntryCerts(jarName, jarFile.getManifest() != null,
|
||||||
|
- entriesVec);
|
||||||
|
+ return new VerifiedJarFile(jarName, null != jarFile.getManifest(), entriesVec);
|
||||||
|
|
||||||
|
} catch (Exception e) {
|
||||||
|
OutputController.getLogger().log(OutputController.Level.ERROR_ALL, e);
|
||||||
|
@@ -318,7 +344,7 @@ public class JarCertVerifier implements CertVerifier {
|
||||||
|
* Will be thrown if there are issues with entries.
|
||||||
|
*/
|
||||||
|
VerifyResult verifyJarEntryCerts(String jarName, boolean jarHasManifest,
|
||||||
|
- Vector<JarEntry> entries) throws Exception {
|
||||||
|
+ List<JarEntry> entries) throws Exception {
|
||||||
|
// Contains number of entries the cert with this CertPath has signed.
|
||||||
|
Map<CertPath, Integer> jarSignCount = new HashMap<>();
|
||||||
|
int numSignableEntriesInJar = 0;
|
||||||
|
@@ -629,4 +655,16 @@ public class JarCertVerifier implements CertVerifier {
|
||||||
|
}
|
||||||
|
return sum;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ private static class VerifiedJarFile {
|
||||||
|
+ final String file;
|
||||||
|
+ final boolean hasManifest;
|
||||||
|
+ private final List<JarEntry> entriesVec;
|
||||||
|
+
|
||||||
|
+ private VerifiedJarFile(String file, boolean hasManifest, List<JarEntry> entriesVec) {
|
||||||
|
+ this.file = file;
|
||||||
|
+ this.hasManifest = hasManifest;
|
||||||
|
+ this.entriesVec = entriesVec;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
diff --git a/netx/net/sourceforge/jnlp/util/PropertiesFile.java b/netx/net/sourceforge/jnlp/util/PropertiesFile.java
|
||||||
|
index 2f0918f6..c399ef20 100644
|
||||||
|
--- a/netx/net/sourceforge/jnlp/util/PropertiesFile.java
|
||||||
|
+++ b/netx/net/sourceforge/jnlp/util/PropertiesFile.java
|
||||||
|
@@ -23,6 +23,8 @@ import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
|
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
|
||||||
|
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
|
||||||
|
import net.sourceforge.jnlp.util.lockingfile.LockedFile;
|
||||||
|
import net.sourceforge.jnlp.util.logging.OutputController;
|
||||||
|
|
||||||
|
@@ -168,7 +170,9 @@ public class PropertiesFile extends Properties {
|
||||||
|
store(s, header);
|
||||||
|
|
||||||
|
// fsync()
|
||||||
|
- s.getChannel().force(true);
|
||||||
|
+ if (Boolean.parseBoolean(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_CACHE_FSYNC))) {
|
||||||
|
+ s.getChannel().force(true);
|
||||||
|
+ }
|
||||||
|
lastStore = file.lastModified();
|
||||||
|
} finally {
|
||||||
|
if (s != null) s.close();
|
||||||
|
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/CachedJarFileCallbackTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/CachedJarFileCallbackTest.java
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..bc564db5
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/CachedJarFileCallbackTest.java
|
||||||
|
@@ -0,0 +1,55 @@
|
||||||
|
+package net.sourceforge.jnlp.runtime;
|
||||||
|
+
|
||||||
|
+import java.io.File;
|
||||||
|
+import java.io.IOException;
|
||||||
|
+import java.net.URL;
|
||||||
|
+import java.net.URLEncoder;
|
||||||
|
+import java.nio.charset.StandardCharsets;
|
||||||
|
+import java.util.Arrays;
|
||||||
|
+import java.util.List;
|
||||||
|
+import java.util.jar.JarFile;
|
||||||
|
+
|
||||||
|
+import org.junit.After;
|
||||||
|
+import org.junit.Before;
|
||||||
|
+import org.junit.Test;
|
||||||
|
+
|
||||||
|
+import net.sourceforge.jnlp.util.FileTestUtils;
|
||||||
|
+import net.sourceforge.jnlp.util.FileUtils;
|
||||||
|
+
|
||||||
|
+public class CachedJarFileCallbackTest {
|
||||||
|
+ private File tempDirectory;
|
||||||
|
+
|
||||||
|
+ @Before
|
||||||
|
+ public void before() throws IOException {
|
||||||
|
+ tempDirectory = FileTestUtils.createTempDirectory();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @After
|
||||||
|
+ public void after() throws IOException {
|
||||||
|
+ FileUtils.recursiveDelete(tempDirectory, tempDirectory.getParentFile());
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @Test
|
||||||
|
+ public void testRetrieve() throws Exception {
|
||||||
|
+ List<String> names = Arrays.asList("test1.0.jar", "test@1.0.jar");
|
||||||
|
+
|
||||||
|
+ for (String name: names) {
|
||||||
|
+ // URL-encode the filename
|
||||||
|
+ name = URLEncoder.encode(name, StandardCharsets.UTF_8.name());
|
||||||
|
+ // create temp jar file
|
||||||
|
+ File jarFile = new File(tempDirectory, name);
|
||||||
|
+ FileTestUtils.createJarWithContents(jarFile /* no contents */);
|
||||||
|
+
|
||||||
|
+ // JNLPClassLoader.activateJars uses toUri().toURL() to get the local file URL
|
||||||
|
+ URL localUrl = jarFile.toURI().toURL();
|
||||||
|
+ URL remoteUrl = new URL("http://localhost/" + name);
|
||||||
|
+ // add jar to cache
|
||||||
|
+ CachedJarFileCallback cachedJarFileCallback = CachedJarFileCallback.getInstance();
|
||||||
|
+ cachedJarFileCallback.addMapping(remoteUrl, localUrl);
|
||||||
|
+ // retrieve from cache (throws exception if file not found)
|
||||||
|
+ try (JarFile fromCacheJarFile = cachedJarFileCallback.retrieve(remoteUrl)) {
|
||||||
|
+ // nothing to do, we just wanted to make sure that the local file existed
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
@ -1,91 +0,0 @@
|
|||||||
diff -r b64b383a4561 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
|
|
||||||
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon May 14 17:11:41 2018 +0200
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Wed May 23 10:35:17 2018 +0200
|
|
||||||
@@ -19,6 +19,9 @@
|
|
||||||
import static net.sourceforge.jnlp.runtime.Translator.R;
|
|
||||||
|
|
||||||
import java.awt.EventQueue;
|
|
||||||
+import java.awt.GraphicsEnvironment;
|
|
||||||
+import static java.awt.GraphicsEnvironment.isHeadless;
|
|
||||||
+import java.awt.HeadlessException;
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileInputStream;
|
|
||||||
import java.io.FileOutputStream;
|
|
||||||
@@ -741,8 +744,10 @@
|
|
||||||
}
|
|
||||||
if (!headless) {
|
|
||||||
try {
|
|
||||||
- new JWindow().getOwner();
|
|
||||||
- } catch (Exception ex) {
|
|
||||||
+ if (GraphicsEnvironment.isHeadless()) {
|
|
||||||
+ throw new HeadlessException();
|
|
||||||
+ }
|
|
||||||
+ } catch (HeadlessException ex) {
|
|
||||||
headless = true;
|
|
||||||
OutputController.getLogger().log(ex);
|
|
||||||
OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("HEADLESS_MISSCONFIGURED"));
|
|
||||||
diff -r 0b0da6841278 -r 348532e210c0 netx/net/sourceforge/jnlp/config/Defaults.java
|
|
||||||
--- a/netx/net/sourceforge/jnlp/config/Defaults.java Mon May 28 12:01:56 2018 +0200
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/config/Defaults.java Mon May 28 12:29:35 2018 +0200
|
|
||||||
@@ -412,6 +412,11 @@
|
|
||||||
BasicValueValidators.getRangedIntegerValidator(0, 10000),
|
|
||||||
String.valueOf(500)
|
|
||||||
},
|
|
||||||
+ {
|
|
||||||
+ DeploymentConfiguration.IGNORE_HEADLESS_CHECK,
|
|
||||||
+ BasicValueValidators.getBooleanValidator(),
|
|
||||||
+ String.valueOf(false)
|
|
||||||
+ },
|
|
||||||
//JVM arguments for plugin
|
|
||||||
{
|
|
||||||
DeploymentConfiguration.KEY_PLUGIN_JVM_ARGUMENTS,
|
|
||||||
diff -r 0b0da6841278 -r 348532e210c0 netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
|
|
||||||
--- a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java Mon May 28 12:01:56 2018 +0200
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java Mon May 28 12:29:35 2018 +0200
|
|
||||||
@@ -222,6 +222,8 @@
|
|
||||||
|
|
||||||
public static final String KEY_BROWSER_PATH = "deployment.browser.path";
|
|
||||||
public static final String KEY_UPDATE_TIMEOUT = "deployment.javaws.update.timeout";
|
|
||||||
+
|
|
||||||
+ public static final String IGNORE_HEADLESS_CHECK = "deployment.headless.ignore";
|
|
||||||
|
|
||||||
/*
|
|
||||||
* JVM arguments for plugin
|
|
||||||
diff -r 0b0da6841278 -r 348532e210c0 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
|
|
||||||
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon May 28 12:01:56 2018 +0200
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon May 28 12:29:35 2018 +0200
|
|
||||||
@@ -739,18 +739,24 @@
|
|
||||||
//if (GraphicsEnvironment.isHeadless()) // jdk1.4+ only
|
|
||||||
// headless = true;
|
|
||||||
try {
|
|
||||||
- if ("true".equalsIgnoreCase(System.getProperty("java.awt.headless"))){
|
|
||||||
+ if ("true".equalsIgnoreCase(System.getProperty("java.awt.headless"))) {
|
|
||||||
headless = true;
|
|
||||||
}
|
|
||||||
if (!headless) {
|
|
||||||
- try {
|
|
||||||
- if (GraphicsEnvironment.isHeadless()) {
|
|
||||||
- throw new HeadlessException();
|
|
||||||
+ boolean noCheck = Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.IGNORE_HEADLESS_CHECK));
|
|
||||||
+ if (noCheck) {
|
|
||||||
+ headless = false;
|
|
||||||
+ OutputController.getLogger().log(DeploymentConfiguration.IGNORE_HEADLESS_CHECK + " set to " + noCheck + ". Avoding headless check.");
|
|
||||||
+ } else {
|
|
||||||
+ try {
|
|
||||||
+ if (GraphicsEnvironment.isHeadless()) {
|
|
||||||
+ throw new HeadlessException();
|
|
||||||
+ }
|
|
||||||
+ } catch (HeadlessException ex) {
|
|
||||||
+ headless = true;
|
|
||||||
+ OutputController.getLogger().log(ex);
|
|
||||||
+ OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("HEADLESS_MISSCONFIGURED"));
|
|
||||||
}
|
|
||||||
- } catch (HeadlessException ex) {
|
|
||||||
- headless = true;
|
|
||||||
- OutputController.getLogger().log(ex);
|
|
||||||
- OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("HEADLESS_MISSCONFIGURED"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (SecurityException ex) {
|
|
||||||
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
commit 78cf73473dda5ceee3eecda5169621f36b93c3db
|
|
||||||
Author: Jiri Vanek <jvanek@redhat.com>
|
|
||||||
Date: Tue Jun 18 15:37:47 2019 +0200
|
|
||||||
|
|
||||||
Fixed bug when relative path (..) could leak up (even out of cache)
|
|
||||||
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/j1.jar b/tests/netx/unit/net/sourceforge/jnlp/runtime/j1.jar
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000000000000000000000000000000000..080383629e9349101b25ad3b33b9950f456c4e8e
|
|
||||||
GIT binary patch
|
|
||||||
literal 940
|
|
||||||
zcmWIWW@Zs#VBp|jI8$@gj{yjnKm-tQGO#fCx`sIFdiuHP|2xINz|0VUqL}B}?nD=$
|
|
||||||
zLRTOL8i7#k>*(j{<{BKL=j-;__snS@Z(Y5MyxzK6=gyqp9At3C_`%a6JuhD!Pv48B
|
|
||||||
zt5`TAUPvC1mXy-W_#v*U_I!z!#dC4dC*rEp7_Mf2D*9N&h-B+wpcBjVOyp!385rgO
|
|
||||||
zF%QsIkJOx;d_%qDoW$bd+yGzi!wv$qm(}j7^={j?tnS+b#|}B3rtMwgjy58qN^v%-
|
|
||||||
zr7NR9DH;m?;ru6Kt5NZR{m0@XH$ya>z8h@*d~f#5?Z5wi{>l1)gISt)i*Ct=OD@;l
|
|
||||||
z_*XNnbC`d@B5b9WA4h5a`?iERY2}kH$gK>Co8qbR`L#ipq~WB1r7io)t!K6QFO+Y8
|
|
||||||
zd4#_!X6fXGd0U#-oH_o<C$sQ%%(23<iUm{oSY|P0^Ih9`@b^1yuY}77#kNV#$mE>+
|
|
||||||
z^UmoEt>Z`SH7e?KQVyAIp2S(6=9KzR)LP?4JI`drh1(g_I@n{6=G^}(w(~fj&p(CQ
|
|
||||||
zEQPnz7azUaU|eYS-QHn+&BOAdoDhYFthyHUm+r0--Ec49^|kwnXP%k`HyjN1b(^+I
|
|
||||||
z_w;^f+%a%4>;;D6o#rRf3Bb_H24Zdo8CWQ0C6*<IhHx@4Z@tSCJEv4AwzPtqfsy3}
|
|
||||||
zGXn!lJ5Z^%hVQA9K4Bi`JazQKK6soxdD1*&#j{620U8Y+BGXl-F|6G5=Zr|}og-&#
|
|
||||||
zdLK+$bY@S9t*veAkwssU&SotLQs7vpqvv_{>S=x5i`opQrayU-sgc^?8+>UCo7T#w
|
|
||||||
ztDZ6eqneRP1eBO?q(`6=kN`^RMAwR*IuZJGflRnoq_m1`0=ATfFkvx}iJb00I^~!_
|
|
||||||
tc>r7JN`N&2lPklL#+N_}suL2{tdOuq3+DiDRyL3>79ivRYUu-KN&w$EG4%id
|
|
||||||
|
|
||||||
literal 0
|
|
||||||
HcmV?d00001
|
|
||||||
|
|
@ -1,323 +0,0 @@
|
|||||||
commit 78cf73473dda5ceee3eecda5169621f36b93c3db
|
|
||||||
Author: Jiri Vanek <jvanek@redhat.com>
|
|
||||||
Date: Tue Jun 18 15:37:47 2019 +0200
|
|
||||||
|
|
||||||
Fixed bug when relative path (..) could leak up (even out of cache)
|
|
||||||
|
|
||||||
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
||||||
+++ a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
||||||
@@ -696,46 +696,68 @@
|
|
||||||
path.append(location.getPort());
|
|
||||||
path.append(File.separatorChar);
|
|
||||||
}
|
|
||||||
- path.append(location.getPath().replace('/', File.separatorChar));
|
|
||||||
- if (location.getQuery() != null && !location.getQuery().trim().isEmpty()) {
|
|
||||||
- path.append(".").append(location.getQuery());
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- File candidate = new File(FileUtils.sanitizePath(path.toString()));
|
|
||||||
- if (candidate.getName().length() > 255) {
|
|
||||||
- /**
|
|
||||||
- * When filename is longer then 255 chars, then then various
|
|
||||||
- * filesytems have issues to save it. By saving the file by its
|
|
||||||
- * summ, we are trying to prevent collision of two files differs in
|
|
||||||
- * suffixes (general suffix of name, not only 'filetype suffix')
|
|
||||||
- * only. It is also preventing bug when truncate (files with 1000
|
|
||||||
- * chars hash in query) cuts to much.
|
|
||||||
- */
|
|
||||||
+ String locationPath = location.getPath().replace('/', File.separatorChar);
|
|
||||||
+ if (locationPath.contains("..")){
|
|
||||||
try {
|
|
||||||
- MessageDigest md = MessageDigest.getInstance("SHA-256");
|
|
||||||
- byte[] sum = md.digest(candidate.getName().getBytes(StandardCharsets.UTF_8));
|
|
||||||
- //convert the byte to hex format method 2
|
|
||||||
- StringBuilder hexString = new StringBuilder();
|
|
||||||
- for (int i = 0; i < sum.length; i++) {
|
|
||||||
- hexString.append(Integer.toHexString(0xFF & sum[i]));
|
|
||||||
- }
|
|
||||||
- String extension = "";
|
|
||||||
- int i = candidate.getName().lastIndexOf('.');
|
|
||||||
- if (i > 0) {
|
|
||||||
- extension = candidate.getName().substring(i);//contains dot
|
|
||||||
- }
|
|
||||||
- if (extension.length() < 10 && extension.length() > 1) {
|
|
||||||
- hexString.append(extension);
|
|
||||||
- }
|
|
||||||
- candidate = new File(candidate.getParentFile(), hexString.toString());
|
|
||||||
+ /**
|
|
||||||
+ * if path contains .. then it can harm lcoal system
|
|
||||||
+ * So without mercy, hash it
|
|
||||||
+ */
|
|
||||||
+ String hexed = hex(new File(locationPath).getName(), locationPath);
|
|
||||||
+ return new File(path.toString(), hexed.toString());
|
|
||||||
} catch (NoSuchAlgorithmException ex) {
|
|
||||||
- // should not occure, cite from javadoc:
|
|
||||||
- // every java iomplementation should support
|
|
||||||
+ // should not occur, cite from javadoc:
|
|
||||||
+ // every java implementation should support
|
|
||||||
// MD5 SHA-1 SHA-256
|
|
||||||
throw new RuntimeException(ex);
|
|
||||||
}
|
|
||||||
- }
|
|
||||||
- return candidate;
|
|
||||||
+ } else {
|
|
||||||
+ path.append(locationPath);
|
|
||||||
+ if (location.getQuery() != null && !location.getQuery().trim().isEmpty()) {
|
|
||||||
+ path.append(".").append(location.getQuery());
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ File candidate = new File(FileUtils.sanitizePath(path.toString()));
|
|
||||||
+ try {
|
|
||||||
+ if (candidate.getName().length() > 255) {
|
|
||||||
+ /**
|
|
||||||
+ * When filename is longer then 255 chars, then then various
|
|
||||||
+ * filesystems have issues to save it. By saving the file by its
|
|
||||||
+ * sum, we are trying to prevent collision of two files differs in
|
|
||||||
+ * suffixes (general suffix of name, not only 'filetype suffix')
|
|
||||||
+ * only. It is also preventing bug when truncate (files with 1000
|
|
||||||
+ * chars hash in query) cuts to much.
|
|
||||||
+ */
|
|
||||||
+ String hexed = hex(candidate.getName(), candidate.getName());
|
|
||||||
+ candidate = new File(candidate.getParentFile(), hexed.toString());
|
|
||||||
+ }
|
|
||||||
+ } catch (NoSuchAlgorithmException ex) {
|
|
||||||
+ // should not occur, cite from javadoc:
|
|
||||||
+ // every java implementation should support
|
|
||||||
+ // MD5 SHA-1 SHA-256
|
|
||||||
+ throw new RuntimeException(ex);
|
|
||||||
+ }
|
|
||||||
+ return candidate;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ private static String hex(String origName, String candidate) throws NoSuchAlgorithmException {
|
|
||||||
+ MessageDigest md = MessageDigest.getInstance("SHA-256");
|
|
||||||
+ byte[] sum = md.digest(candidate.getBytes(StandardCharsets.UTF_8));
|
|
||||||
+ //convert the byte to hex format method 2
|
|
||||||
+ StringBuilder hexString = new StringBuilder();
|
|
||||||
+ for (int i = 0; i < sum.length; i++) {
|
|
||||||
+ hexString.append(Integer.toHexString(0xFF & sum[i]));
|
|
||||||
+ }
|
|
||||||
+ String extension = "";
|
|
||||||
+ int i = origName.lastIndexOf('.');
|
|
||||||
+ if (i > 0) {
|
|
||||||
+ extension = origName.substring(i);//contains dot
|
|
||||||
+ }
|
|
||||||
+ if (extension.length() < 10 && extension.length() > 1) {
|
|
||||||
+ hexString.append(extension);
|
|
||||||
+ }
|
|
||||||
+ return hexString.toString();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
diff --git a/netx/net/sourceforge/jnlp/util/FileUtils.java b/netx/net/sourceforge/jnlp/util/FileUtils.java
|
|
||||||
index 89216375..a5356e08 100644
|
|
||||||
--- a/netx/net/sourceforge/jnlp/util/FileUtils.java
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/util/FileUtils.java
|
|
||||||
@@ -183,6 +183,13 @@
|
|
||||||
*/
|
|
||||||
public static void createParentDir(File f, String eMsg) throws IOException {
|
|
||||||
File parent = f.getParentFile();
|
|
||||||
+ // warning, linux and windows behave differently. Below snippet will pass on win(security hole), fail on linux
|
|
||||||
+ // warning mkdir is canonicaling, but exists/isDirectory is not. So where mkdirs return true, and really creates dir, isDirectory can still return false
|
|
||||||
+ // can be seen on this example
|
|
||||||
+ // mkdirs /a/b/../c
|
|
||||||
+ // where b do not exists will lead creation of /a/c
|
|
||||||
+ // but exists on /a/b/../c is false on linux even afterwards
|
|
||||||
+ // without hexing of .. paths,
|
|
||||||
if (!parent.isDirectory() && !parent.mkdirs()) {
|
|
||||||
throw new IOException(R("RCantCreateDir",
|
|
||||||
eMsg == null ? parent : eMsg));
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java b/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
|
|
||||||
index 6422246b..0d2d9811 100644
|
|
||||||
--- a/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
|
|
||||||
@@ -88,6 +88,53 @@ public class CacheUtilTest {
|
|
||||||
final File expected = new File("/tmp/https/example.com/5050/applet/e4f3cf11f86f5aa33f424bc3efe3df7a9d20837a6f1a5bbbc60c1f57f3780a4");
|
|
||||||
Assert.assertEquals(expected, CacheUtil.urlToPath(u, "/tmp"));
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ @Test
|
|
||||||
+ public void tesPathUpNoGoBasic() throws Exception {
|
|
||||||
+ final URL u = new URL("https://example.com/applet/../my.jar");
|
|
||||||
+ final File expected = new File("/tmp/https/example.com/abca4723622ed60db3dea12cbe2402622a74f7a49b73e23b55988e4eee5ded.jar");
|
|
||||||
+ File r = CacheUtil.urlToPath(u, "/tmp/");
|
|
||||||
+ Assert.assertEquals(expected, r);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ @Test
|
|
||||||
+ public void tesPathUpNoGoBasicLong() throws Exception {
|
|
||||||
+ final URL u = new URL("https://example.com/applet/../my.jar.q_SlNFU1NJT05JRD02OUY1ODVCNkJBOTM1NThCQjdBMTA5RkQyNDZEQjEwRi5wcm9kX3RwdG9tY2F0MjE1X2p2bTsgRW50cnVzdFRydWVQYXNzUmVkaXJlY3RVcmw9Imh0dHBzOi8vZWZzLnVzcHRvLmdvdi9FRlNXZWJVSVJlZ2lzdGVyZWQvRUZTV2ViUmVnaXN0ZXJlZCI7IFRDUFJPRFBQQUlSc2Vzc2lvbj02MjIxMjk0MTguMjA0ODAuMDAwMA\"");
|
|
||||||
+ final File expected = new File("/tmp/https/example.com/ec97413e3f6eee8215ecc8375478cc1ae5f44f18241b9375361d5dfcd7b0ec");
|
|
||||||
+ File r = CacheUtil.urlToPath(u, "/tmp/");
|
|
||||||
+ Assert.assertEquals(expected, r);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ @Test
|
|
||||||
+ public void tesPathUpNoGoBasic2() throws Exception {
|
|
||||||
+ final URL u = new URL("https://example.com/../my.jar");
|
|
||||||
+ final File expected = new File("/tmp/https/example.com/eb1a56bed34523dbe7ad84d893ebc31a8bbbba9ce3f370e42741b6a5f067c140.jar");
|
|
||||||
+ File r = CacheUtil.urlToPath(u, "/tmp/");
|
|
||||||
+ Assert.assertEquals(expected, r);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ @Test
|
|
||||||
+ public void tesPathUpNoGoBasicEvil() throws Exception {
|
|
||||||
+ final URL u = new URL("https://example.com/../../my.jar");
|
|
||||||
+ final File expected = new File("/tmp/https/example.com/db464f11d68af73e37eefaef674517b6be23f0e4a5738aaee774ecf5b58f1bfc.jar");
|
|
||||||
+ File r = CacheUtil.urlToPath(u, "/tmp/");
|
|
||||||
+ Assert.assertEquals(expected, r);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ @Test
|
|
||||||
+ public void tesPathUpNoGoBasicEvil2() throws Exception {
|
|
||||||
+ final URL u = new URL("https://example.com:99/../../../my.jar");
|
|
||||||
+ final File expected = new File("/tmp/https/example.com/99/95401524c345e0d554d4d77330e86c98a77b9bb58a0f93094204df446b356.jar");
|
|
||||||
+ File r = CacheUtil.urlToPath(u, "/tmp/");
|
|
||||||
+ Assert.assertEquals(expected, r);
|
|
||||||
+ }
|
|
||||||
+ @Test
|
|
||||||
+ public void tesPathUpNoGoBasicEvilest() throws Exception {
|
|
||||||
+ final URL u = new URL("https://example2.com/something/../../../../../../../../../../../my.jar");
|
|
||||||
+ final File expected = new File("/tmp/https/example2.com/a8df64388f5b84d5f635e4d6dea5f4d2f692ae5381f8ec6736825ff8d6ff2c0.jar");
|
|
||||||
+ File r = CacheUtil.urlToPath(u, "/tmp/");
|
|
||||||
+ Assert.assertEquals(expected, r);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
|
|
||||||
@Test
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
index 100d9150..7580d23b 100644
|
|
||||||
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
@@ -43,6 +43,8 @@
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.InputStream;
|
|
||||||
+import java.net.URL;
|
|
||||||
+import java.nio.charset.Charset;
|
|
||||||
import java.nio.file.Files;
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.List;
|
|
||||||
@@ -55,6 +57,12 @@
|
|
||||||
import net.sourceforge.jnlp.browsertesting.browsers.firefox.FirefoxProfilesOperator;
|
|
||||||
import net.sourceforge.jnlp.cache.UpdatePolicy;
|
|
||||||
import net.sourceforge.jnlp.config.DeploymentConfiguration;
|
|
||||||
+import net.sourceforge.jnlp.config.PathsAndFiles;
|
|
||||||
+import net.sourceforge.jnlp.JNLPFile;
|
|
||||||
+import net.sourceforge.jnlp.ServerAccess;
|
|
||||||
+import net.sourceforge.jnlp.ServerLauncher;
|
|
||||||
+import net.sourceforge.jnlp.util.StreamUtils;
|
|
||||||
+import net.sourceforge.jnlp.cache.CacheUtil;
|
|
||||||
import net.sourceforge.jnlp.mock.DummyJNLPFileWithJar;
|
|
||||||
import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
|
|
||||||
import net.sourceforge.jnlp.security.appletextendedsecurity.AppletStartupSecuritySettings;
|
|
||||||
@@ -65,6 +73,7 @@
|
|
||||||
import org.junit.BeforeClass;
|
|
||||||
|
|
||||||
import org.junit.Test;
|
|
||||||
+import org.junit.Ignore;
|
|
||||||
|
|
||||||
public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
||||||
|
|
||||||
@@ -138,7 +147,8 @@
|
|
||||||
File tempDirectory = FileTestUtils.createTempDirectory();
|
|
||||||
File jarLocation = new File(tempDirectory, "test.jar");
|
|
||||||
|
|
||||||
- /* Test with main-class in manifest */ {
|
|
||||||
+ /* Test with main-class in manifest */
|
|
||||||
+ {
|
|
||||||
Manifest manifest = new Manifest();
|
|
||||||
manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, "DummyClass");
|
|
||||||
FileTestUtils.createJarWithContents(jarLocation, manifest);
|
|
||||||
@@ -156,8 +166,10 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
+ @Ignore
|
|
||||||
public void getMainClassNameTestEmpty() throws Exception {
|
|
||||||
- /* Test with-out any main-class specified */ {
|
|
||||||
+ /* Test with-out any main-class specified */
|
|
||||||
+ {
|
|
||||||
File tempDirectory = FileTestUtils.createTempDirectory();
|
|
||||||
File jarLocation = new File(tempDirectory, "test.jar");
|
|
||||||
FileTestUtils.createJarWithContents(jarLocation /* No contents */);
|
|
||||||
@@ -363,4 +375,57 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ @Test
|
|
||||||
+ public void testRelativePathInUrl() throws Exception {
|
|
||||||
+ CacheUtil.clearCache();
|
|
||||||
+ int port = ServerAccess.findFreePort();
|
|
||||||
+ File dir = FileTestUtils.createTempDirectory();
|
|
||||||
+ dir.deleteOnExit();
|
|
||||||
+ dir = new File(dir,"base");
|
|
||||||
+ dir.mkdir();
|
|
||||||
+ File jar = new File(dir,"j1.jar");
|
|
||||||
+ File jnlp = new File(dir+"/a/b/up.jnlp");
|
|
||||||
+ jnlp.getParentFile().mkdirs();
|
|
||||||
+ InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/up.jnlp");
|
|
||||||
+ String jnlpString = StreamUtils.readStreamAsString(is, true, "utf-8");
|
|
||||||
+ is.close();
|
|
||||||
+ jnlpString = jnlpString.replaceAll("8080", ""+port);
|
|
||||||
+ is = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/j1.jar");
|
|
||||||
+ StreamUtils.copyStream(is, new FileOutputStream(jar));
|
|
||||||
+ Files.write(jnlp.toPath(),jnlpString.getBytes("utf-8"));
|
|
||||||
+ ServerLauncher as = ServerAccess.getIndependentInstance(jnlp.getParent(), port);
|
|
||||||
+ boolean verifyBackup = JNLPRuntime.isVerifying();
|
|
||||||
+ boolean trustBackup= JNLPRuntime.isTrustAll();
|
|
||||||
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
|
|
||||||
+ boolean verbose= JNLPRuntime.isDebug();
|
|
||||||
+ JNLPRuntime.setVerify(false);
|
|
||||||
+ JNLPRuntime.setTrustAll(true);
|
|
||||||
+ JNLPRuntime.setSecurityEnabled(false);
|
|
||||||
+ JNLPRuntime.setDebug(true);
|
|
||||||
+ try {
|
|
||||||
+ final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/up.jnlp"));
|
|
||||||
+ final JNLPClassLoader classLoader1 = new JNLPClassLoader(jnlpFile1, UpdatePolicy.ALWAYS) {
|
|
||||||
+ @Override
|
|
||||||
+ protected void activateJars(List<JARDesc> jars) {
|
|
||||||
+ super.activateJars(jars);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ };
|
|
||||||
+ InputStream is1 = classLoader1.getResourceAsStream("Hello1.class");
|
|
||||||
+ is1.close();
|
|
||||||
+ is1 = classLoader1.getResourceAsStream("META-INF/MANIFEST.MF");
|
|
||||||
+ is1.close();
|
|
||||||
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/0/http/localhost/"+port+"/up.jnlp").exists());
|
|
||||||
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/f812acb32c857fd916c842e2bf4fb32b9c3837ef63922b167a7e163305058b7.jar").exists());
|
|
||||||
+ } finally {
|
|
||||||
+ JNLPRuntime.setVerify(verifyBackup);
|
|
||||||
+ JNLPRuntime.setTrustAll(trustBackup);
|
|
||||||
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
|
|
||||||
+ JNLPRuntime.setDebug(verbose);
|
|
||||||
+ as.stop();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
}
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/up.jnlp b/tests/netx/unit/net/sourceforge/jnlp/runtime/up.jnlp
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..b22fdfb7
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/up.jnlp
|
|
||||||
@@ -0,0 +1,15 @@
|
|
||||||
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
+<jnlp spec="6.0+" codebase=".">
|
|
||||||
+
|
|
||||||
+<information><title>1965</title><vendor>Nemzeti Ado- es Vamhivatal</vendor><offline-allowed/></information>
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+<resources>
|
|
||||||
+ <j2se href="http://java.sun.com/products/autodl/j2se" version="1.8+" />
|
|
||||||
+<!-- absolute url is a must -->
|
|
||||||
+ <jar href="http://localhost:8080/../../../base/j1.jar" version="2.0"/>
|
|
||||||
+</resources>
|
|
||||||
+
|
|
||||||
+<application-desc main-class="Hello1" />
|
|
||||||
+
|
|
||||||
+</jnlp>
|
|
@ -1,78 +0,0 @@
|
|||||||
commit 09bcd3ebb639af6cfd83ff2203ffeb80a59cc0eb
|
|
||||||
Author: Jiri Vanek <jvanek@redhat.com>
|
|
||||||
Date: Fri Jun 28 16:05:35 2019 +0200
|
|
||||||
|
|
||||||
All files, except signaturre files, are now checked for signatures
|
|
||||||
|
|
||||||
diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
|
||||||
index 759bedfb..cabfb3c5 100644
|
|
||||||
--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
|
||||||
@@ -41,6 +41,7 @@
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Vector;
|
|
||||||
import java.util.jar.JarEntry;
|
|
||||||
+import java.util.regex.Pattern;
|
|
||||||
|
|
||||||
import net.sourceforge.jnlp.JARDesc;
|
|
||||||
import net.sourceforge.jnlp.JNLPFile;
|
|
||||||
@@ -67,6 +68,7 @@
|
|
||||||
public class JarCertVerifier implements CertVerifier {
|
|
||||||
|
|
||||||
private static final String META_INF = "META-INF/";
|
|
||||||
+ private static final Pattern SIG = Pattern.compile(".*" + META_INF + "SIG-.*");
|
|
||||||
|
|
||||||
// prefix for new signature-related files in META-INF directory
|
|
||||||
private static final String SIG_PREFIX = META_INF + "SIG-";
|
|
||||||
@@ -500,12 +502,20 @@
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns whether a file is in META-INF, and thus does not require signing.
|
|
||||||
- *
|
|
||||||
+ * <p>
|
|
||||||
* Signature-related files under META-INF include: . META-INF/MANIFEST.MF . META-INF/SIG-* . META-INF/*.SF . META-INF/*.DSA . META-INF/*.RSA
|
|
||||||
*/
|
|
||||||
static boolean isMetaInfFile(String name) {
|
|
||||||
- String ucName = name.toUpperCase();
|
|
||||||
- return ucName.startsWith(META_INF);
|
|
||||||
+ if (name.endsWith("class")) {
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+ return name.startsWith(META_INF) && (
|
|
||||||
+ name.endsWith(".MF") ||
|
|
||||||
+ name.endsWith(".SF") ||
|
|
||||||
+ name.endsWith(".DSA") ||
|
|
||||||
+ name.endsWith(".RSA") ||
|
|
||||||
+ SIG.matcher(name).matches()
|
|
||||||
+ );
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
|
|
||||||
index 4661fb87..44253e08 100644
|
|
||||||
--- a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
|
|
||||||
@@ -58,9 +58,22 @@ public class JarCertVerifierTest {
|
|
||||||
@Test
|
|
||||||
public void testIsMetaInfFile() {
|
|
||||||
final String METAINF = "META-INF";
|
|
||||||
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.MF"));
|
|
||||||
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.SF"));
|
|
||||||
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.DSA"));
|
|
||||||
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.RSA"));
|
|
||||||
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/SIG-blah.blah"));
|
|
||||||
+
|
|
||||||
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.MF.class"));
|
|
||||||
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.SF.class"));
|
|
||||||
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.DSA.class"));
|
|
||||||
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.RSA.class"));
|
|
||||||
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/SIG-blah.blah.class"));
|
|
||||||
+
|
|
||||||
assertFalse(JarCertVerifier.isMetaInfFile("some_dir/" + METAINF + "/filename"));
|
|
||||||
assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "filename"));
|
|
||||||
- assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
|
|
||||||
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
|
|
||||||
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
|
|
||||||
}
|
|
||||||
|
|
||||||
class JarCertVerifierEntry extends JarEntry {
|
|
File diff suppressed because it is too large
Load Diff
@ -1,160 +0,0 @@
|
|||||||
commit b4232ae35d2b86592a945a56c948f107fe7efabe
|
|
||||||
Author: Jiri Vanek <jvanek@redhat.com>
|
|
||||||
Date: Wed Jun 26 13:46:45 2019 +0200
|
|
||||||
|
|
||||||
Nested jar, if by relative path point up, is stored as hashed
|
|
||||||
|
|
||||||
diff --git a/netx/net/sourceforge/jnlp/cache/CacheUtil.java b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
||||||
index a972eb8e..5c8652b6 100644
|
|
||||||
--- a/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/cache/CacheUtil.java
|
|
||||||
@@ -741,7 +741,7 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- private static String hex(String origName, String candidate) throws NoSuchAlgorithmException {
|
|
||||||
+ public static String hex(String origName, String candidate) throws NoSuchAlgorithmException {
|
|
||||||
MessageDigest md = MessageDigest.getInstance("SHA-256");
|
|
||||||
byte[] sum = md.digest(candidate.getBytes(StandardCharsets.UTF_8));
|
|
||||||
//convert the byte to hex format method 2
|
|
||||||
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
|
||||||
index e015f348..117163f3 100644
|
|
||||||
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
|
|
||||||
@@ -1340,7 +1340,11 @@
|
|
||||||
// (inline loading with "jar:..!/..." path will not work
|
|
||||||
// with standard classloader methods)
|
|
||||||
|
|
||||||
- String extractedJarLocation = localFile + ".nested/" + je.getName();
|
|
||||||
+ String name = je.getName();
|
|
||||||
+ if (name.contains("..")){
|
|
||||||
+ name=CacheUtil.hex(name, name);
|
|
||||||
+ }
|
|
||||||
+ String extractedJarLocation = localFile + ".nested/" + name;
|
|
||||||
File parentDir = new File(extractedJarLocation).getParentFile();
|
|
||||||
if (!parentDir.isDirectory() && !parentDir.mkdirs()) {
|
|
||||||
throw new RuntimeException(R("RNestedJarExtration"));
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
index 7580d23b..a20a1d8f 100644
|
|
||||||
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
@@ -43,6 +43,8 @@
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.InputStream;
|
|
||||||
+import java.io.OutputStream;
|
|
||||||
+import net.sourceforge.jnlp.ResourcesDesc;
|
|
||||||
import java.net.URL;
|
|
||||||
import java.nio.charset.Charset;
|
|
||||||
import java.nio.file.Files;
|
|
||||||
@@ -407,13 +409,7 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
||||||
JNLPRuntime.setDebug(true);
|
|
||||||
try {
|
|
||||||
final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/up.jnlp"));
|
|
||||||
- final JNLPClassLoader classLoader1 = new JNLPClassLoader(jnlpFile1, UpdatePolicy.ALWAYS) {
|
|
||||||
- @Override
|
|
||||||
- protected void activateJars(List<JARDesc> jars) {
|
|
||||||
- super.activateJars(jars);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- };
|
|
||||||
+ final JNLPClassLoader classLoader1 = JNLPClassLoader.getInstance(jnlpFile1, UpdatePolicy.ALWAYS, false);
|
|
||||||
InputStream is1 = classLoader1.getResourceAsStream("Hello1.class");
|
|
||||||
is1.close();
|
|
||||||
is1 = classLoader1.getResourceAsStream("META-INF/MANIFEST.MF");
|
|
||||||
@@ -430,4 +426,74 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
+ @Test
|
|
||||||
+ public void testRelativePathInNestedJars() throws Exception {
|
|
||||||
+ CacheUtil.clearCache();
|
|
||||||
+ int port = ServerAccess.findFreePort();
|
|
||||||
+ File dir = FileTestUtils.createTempDirectory();
|
|
||||||
+ dir.deleteOnExit();
|
|
||||||
+ File jar = new File(dir,"jar03_dotdotN1.jar");
|
|
||||||
+ File jnlp = new File(dir,"jar_03_dotdot_jarN1.jnlp");
|
|
||||||
+ InputStream is1 = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp");
|
|
||||||
+ InputStream is2 = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar03_dotdotN1.jar");
|
|
||||||
+ OutputStream fos1 = new FileOutputStream(jnlp);
|
|
||||||
+ OutputStream fos2 = new FileOutputStream(jar);
|
|
||||||
+ StreamUtils.copyStream(is1, fos1);
|
|
||||||
+ StreamUtils.copyStream(is2, fos2);
|
|
||||||
+ fos1.flush();;
|
|
||||||
+ fos2.flush();
|
|
||||||
+ fos1.close();
|
|
||||||
+ fos2.close();
|
|
||||||
+ ServerLauncher as = ServerAccess.getIndependentInstance(dir.getAbsolutePath(), port);
|
|
||||||
+ boolean verifyBackup = JNLPRuntime.isVerifying();
|
|
||||||
+ boolean trustBackup= JNLPRuntime.isTrustAll();
|
|
||||||
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
|
|
||||||
+ boolean verbose= JNLPRuntime.isDebug();
|
|
||||||
+ JNLPRuntime.setVerify(false);
|
|
||||||
+ JNLPRuntime.setTrustAll(true);
|
|
||||||
+ JNLPRuntime.setSecurityEnabled(false);
|
|
||||||
+ JNLPRuntime.setDebug(true);
|
|
||||||
+ try {
|
|
||||||
+ //it is invalid jar, so we have to disable checks first
|
|
||||||
+ final JNLPFile jnlpFile = new JNLPFile(new URL("http://localhost:" + port + "/jar_03_dotdot_jarN1.jnlp"));
|
|
||||||
+ final JNLPClassLoader classLoader = JNLPClassLoader.getInstance(jnlpFile, UpdatePolicy.ALWAYS, false);
|
|
||||||
+
|
|
||||||
+ //ThreadGroup group = Thread.currentThread().getThreadGroup();
|
|
||||||
+ //ApplicationInstance app = new ApplicationInstance(jnlpFile, group, classLoader);
|
|
||||||
+ //classLoader.setApplication(app);
|
|
||||||
+ //app.initialize();
|
|
||||||
+
|
|
||||||
+ //this test is actually not testing mutch. The app must be accessing the nested jar in plugin-like way
|
|
||||||
+ InputStream is = classLoader.getResourceAsStream("application/abev/nyomtatvanyinfo/1965.teminfo.enyk");
|
|
||||||
+ is.close();
|
|
||||||
+ is = classLoader.getResourceAsStream("META-INF/MANIFEST.MF");
|
|
||||||
+ is.close();
|
|
||||||
+ is = classLoader.getResourceAsStream("META-INF/j1.jar");
|
|
||||||
+ is.close();
|
|
||||||
+ is = classLoader.getResourceAsStream("META-INF/../../jar01_to_be_injected.jar");
|
|
||||||
+ //the .. is not recognized correctly
|
|
||||||
+ //is.close();
|
|
||||||
+ //Class c = classLoader.getClass().forName("Hello1");
|
|
||||||
+ // in j1.jar
|
|
||||||
+ is = classLoader.getResourceAsStream("Hello1.class");
|
|
||||||
+ //is.close(); nested jar is not on defualt CP
|
|
||||||
+ //in jar01
|
|
||||||
+ //c = classLoader.getClass().forName("com.devdaily.FileUtilities");
|
|
||||||
+ is = classLoader.getResourceAsStream("com/devdaily/FileUtilities.class");
|
|
||||||
+ // is.close(); nested jar is not on defualt CP
|
|
||||||
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/0/http/localhost/"+port+"/jar_03_dotdot_jarN1.jnlp").exists());
|
|
||||||
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar").exists());
|
|
||||||
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar.nested/99a90686bfbe84e3f9dbeed8127bba85672ed73688d3c69191aa1ee70916a.jar").exists());
|
|
||||||
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/jar03_dotdotN1.jar.nested/META-INF/j1.jar").exists());
|
|
||||||
+ } finally {
|
|
||||||
+ JNLPRuntime.setVerify(verifyBackup);
|
|
||||||
+ JNLPRuntime.setTrustAll(trustBackup);
|
|
||||||
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
|
|
||||||
+ JNLPRuntime.setDebug(verbose);
|
|
||||||
+ as.stop();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+
|
|
||||||
}
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp b/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..71bdea87
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp
|
|
||||||
@@ -0,0 +1,15 @@
|
|
||||||
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
+<jnlp spec="6.0+" >
|
|
||||||
+
|
|
||||||
+<information><title>1965</title><vendor>Nemzeti Ado- es Vamhivatal</vendor><offline-allowed/></information>
|
|
||||||
+
|
|
||||||
+<security><all-permissions/></security>
|
|
||||||
+
|
|
||||||
+<resources>
|
|
||||||
+ <j2se href="http://java.sun.com/products/autodl/j2se" version="1.8+" />
|
|
||||||
+ <jar href="jar03_dotdotN1.jar" version="2.0"/>
|
|
||||||
+</resources>
|
|
||||||
+
|
|
||||||
+<application-desc main-class="http://localhost/jar01.jar!META-INF/jar01_to_be_injected.jar!METAxINF.Test" />
|
|
||||||
+
|
|
||||||
+</jnlp>
|
|
@ -1,40 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Jiri Vanek <jvanek@redhat.com>
|
|
||||||
# Date 1526310938 -7200
|
|
||||||
# Mon May 14 17:15:38 2018 +0200
|
|
||||||
# Node ID bcbef8d7bbd6369b3c8d545469e1c56e47075d9d
|
|
||||||
# Parent 4abd0f0897738289a19ef9238f02c6e9dafee6a4
|
|
||||||
AppletEnvironment.java: getDocumentBase no returns codeBase as fallback when documentBase is null.
|
|
||||||
Oracle Applications R12, Oracle Forms Java Webstart application is requesting getDocumentBase where it shouldn't, however they refuse to modify their code and add ITW to supported platforms
|
|
||||||
|
|
||||||
diff -r 4abd0f089773 -r bcbef8d7bbd6 ChangeLog
|
|
||||||
--- a/ChangeLog Fri Mar 02 10:41:29 2018 +0100
|
|
||||||
+++ b/ChangeLog Mon May 14 17:15:38 2018 +0200
|
|
||||||
@@ -1,3 +1,9 @@
|
|
||||||
+2018-05-14 Jiri Vanek <jvanek@redhat.com>
|
|
||||||
+
|
|
||||||
+ * netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java: getDocumentBase now returns codeBase as fallback when
|
|
||||||
+ documentBase is null. Oracle Applications R12, Oracle Forms Java Webstart application is requesting getDocumentBase
|
|
||||||
+ where it shouldn't, however they refuse to modify their code and add ITW to supported platforms
|
|
||||||
+
|
|
||||||
2018-02-06 Jiri Vanek <jvanek@redhat.com>
|
|
||||||
|
|
||||||
Added test for javafx-desc
|
|
||||||
diff -r 4abd0f089773 -r bcbef8d7bbd6 netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java
|
|
||||||
--- a/netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java Fri Mar 02 10:41:29 2018 +0100
|
|
||||||
+++ b/netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java Mon May 14 17:15:38 2018 +0200
|
|
||||||
@@ -375,8 +375,12 @@
|
|
||||||
@Override
|
|
||||||
public URL getDocumentBase() {
|
|
||||||
checkDestroyed();
|
|
||||||
-
|
|
||||||
- return file.getApplet().getDocumentBase();
|
|
||||||
+ URL db = file.getApplet().getDocumentBase();
|
|
||||||
+ if (db == null) {
|
|
||||||
+ return getCodeBase();
|
|
||||||
+ } else {
|
|
||||||
+ return db;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
// FIXME: Sun's applet code forces all parameters to lower case.
|
|
11
SOURCES/patchOutDunce.patch
Normal file
11
SOURCES/patchOutDunce.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- a/rust-launcher/cc.toml
|
||||||
|
+++ b/rust-launcher/Cargo.toml
|
||||||
|
@@ -2,7 +2,3 @@
|
||||||
|
name = "launcher"
|
||||||
|
version = "1.8.0"
|
||||||
|
authors = ["https://icedtea.classpath.org/wiki/IcedTea-Web"]
|
||||||
|
-
|
||||||
|
-[dependencies]
|
||||||
|
-[target.'cfg(windows)'.dependencies]
|
||||||
|
-dunce = "0.1.1"
|
||||||
|
|
@ -1,210 +0,0 @@
|
|||||||
diff --git a/ChangeLog b/ChangeLog
|
|
||||||
index 0c63dd98..d8e560e0 100644
|
|
||||||
--- a/ChangeLog
|
|
||||||
+++ b/ChangeLog
|
|
||||||
@@ -1,3 +1,29 @@
|
|
||||||
+2019-06-26 Jiri Vanek <jvanek@redhat.com>
|
|
||||||
+
|
|
||||||
+ All files, except signaturre files, are now checked for signatures - CVE-2019-10181
|
|
||||||
+ * b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: (isMetaInfFile) fixed bug, when anything in META-INF was not
|
|
||||||
+ checked for signature. Now only signature files are skipped
|
|
||||||
+ * tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java: added tests for check if file should be skipped from
|
|
||||||
+ signature check
|
|
||||||
+
|
|
||||||
+2019-06-26 Jiri Vanek <jvanek@redhat.com>
|
|
||||||
+
|
|
||||||
+ Nested jar, if by relative path point up, is stored as hashed - CVE-2019-10185
|
|
||||||
+ * tests/netx/unit/net/sourceforge/jnlp/runtime/jar03_dotdotN1.jar: crafted jar with hacked zip entries to be named like ".."
|
|
||||||
+ * tests/netx/unit/net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp: jnlp to call jar03_dotdotN1.jar
|
|
||||||
+ * netx/net/sourceforge/jnlp/cache/CacheUtil.jsava: (hex) made public to be reused in JNLPClassLoader
|
|
||||||
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: if nested jar contains .. in path, is extracted as hashed
|
|
||||||
+
|
|
||||||
+2019-06-26 Jiri Vanek <jvanek@redhat.com>
|
|
||||||
+
|
|
||||||
+ Fixed bug when relative path (..) could leak up (even out of cache) - CVE-2019-10182
|
|
||||||
+ * netx/net/sourceforge/jnlp/cache/CacheUtil.java: if path or query contains .. is saved to cache via its hash
|
|
||||||
+ * netx/net/sourceforge/jnlp/util/FileUtils.java: added warning about different behavior on win/linux
|
|
||||||
+ * tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java: added tests for hashing
|
|
||||||
+ * tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java: added test for .. in path. Added test
|
|
||||||
+ that verifies encoded .. (%2E%2E) do not leak from cahce
|
|
||||||
+ * tests/netx/unit/net/sourceforge/jnlp/runtime/up.jnlp: example jnlp with .. full url
|
|
||||||
+
|
|
||||||
2018-05-14 Jiri Vanek <jvanek@redhat.com>
|
|
||||||
|
|
||||||
* netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java: getDocumentBase now returns codeBase as fallback when
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java b/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
|
|
||||||
index 6b0cd256..5dbf2d69 100644
|
|
||||||
--- a/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
|
|
||||||
@@ -135,6 +135,14 @@ public class CacheUtilTest {
|
|
||||||
File r = CacheUtil.urlToPath(u, "/tmp/");
|
|
||||||
Assert.assertEquals(expected, r);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ @Test
|
|
||||||
+ public void testQueryGotHAshedToo() throws Exception {
|
|
||||||
+ final URL u = new URL("https://example2.com/something/my.jar?../../harm");
|
|
||||||
+ final File expected = new File("/tmp/https/example2.com/2844b3c690ea355159ed61de6e727f2e9169ab55bf58b8fa3f4b64f6a25bd7.jar");
|
|
||||||
+ File r = CacheUtil.urlToPath(u, "/tmp/");
|
|
||||||
+ Assert.assertEquals(expected, r);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
|
|
||||||
@Test
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
index 2b28fb93..d86786ab 100644
|
|
||||||
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java
|
|
||||||
@@ -405,6 +405,8 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
||||||
JNLPRuntime.setTrustAll(true);
|
|
||||||
JNLPRuntime.setSecurityEnabled(false);
|
|
||||||
JNLPRuntime.setDebug(true);
|
|
||||||
+ String manifestAttsBackup = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK);
|
|
||||||
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, "NONE");
|
|
||||||
try {
|
|
||||||
final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/up.jnlp"));
|
|
||||||
final JNLPClassLoader classLoader1 = JNLPClassLoader.getInstance(jnlpFile1, UpdatePolicy.ALWAYS, false);
|
|
||||||
@@ -419,6 +421,7 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
||||||
JNLPRuntime.setTrustAll(trustBackup);
|
|
||||||
JNLPRuntime.setSecurityEnabled(securityBAckup);
|
|
||||||
JNLPRuntime.setDebug(verbose);
|
|
||||||
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, manifestAttsBackup);
|
|
||||||
as.stop();
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -451,6 +454,11 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
||||||
JNLPRuntime.setTrustAll(true);
|
|
||||||
JNLPRuntime.setSecurityEnabled(false);
|
|
||||||
JNLPRuntime.setDebug(true);
|
|
||||||
+ //fix of "All files, except signaturre files, are now checked for signatures" make this actually correctly failing ahead of time
|
|
||||||
+ String ignoreBackup = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES);
|
|
||||||
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES, "true");
|
|
||||||
+ String manifestAttsBackup = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK);
|
|
||||||
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, "NONE");
|
|
||||||
try {
|
|
||||||
//it is invalid jar, so we have to disable checks first
|
|
||||||
final JNLPFile jnlpFile = new JNLPFile(new URL("http://localhost:" + port + "/jar_03_dotdot_jarN1.jnlp"));
|
|
||||||
@@ -488,10 +496,102 @@ public class JNLPClassLoaderTest extends NoStdOutErrTest {
|
|
||||||
JNLPRuntime.setTrustAll(trustBackup);
|
|
||||||
JNLPRuntime.setSecurityEnabled(securityBAckup);
|
|
||||||
JNLPRuntime.setDebug(verbose);
|
|
||||||
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES, ignoreBackup);
|
|
||||||
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, manifestAttsBackup);
|
|
||||||
as.stop();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
+ @Test(expected = Exception.class)
|
|
||||||
+ public void testDifferentSignatureInManifestMf() throws Exception {
|
|
||||||
+ CacheUtil.clearCache();
|
|
||||||
+ int port = ServerAccess.findFreePort();
|
|
||||||
+ File dir = FileTestUtils.createTempDirectory();
|
|
||||||
+ dir.deleteOnExit();
|
|
||||||
+ File jar = new File(dir,"jar03_dotdotN1.jar");
|
|
||||||
+ File jnlp = new File(dir,"jar_03_dotdot_jarN1.jnlp");
|
|
||||||
+ InputStream is1 = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar_03_dotdot_jarN1.jnlp");
|
|
||||||
+ InputStream is2 = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/jar03_dotdotN1.jar");
|
|
||||||
+ OutputStream fos1 = new FileOutputStream(jnlp);
|
|
||||||
+ OutputStream fos2 = new FileOutputStream(jar);
|
|
||||||
+ StreamUtils.copyStream(is1, fos1);
|
|
||||||
+ StreamUtils.copyStream(is2, fos2);
|
|
||||||
+ fos1.flush();;
|
|
||||||
+ fos2.flush();
|
|
||||||
+ fos1.close();
|
|
||||||
+ fos2.close();
|
|
||||||
+ ServerLauncher as = ServerAccess.getIndependentInstance(dir.getAbsolutePath(), port);
|
|
||||||
+ boolean verifyBackup = JNLPRuntime.isVerifying();
|
|
||||||
+ boolean trustBackup= JNLPRuntime.isTrustAll();
|
|
||||||
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
|
|
||||||
+ boolean verbose= JNLPRuntime.isDebug();
|
|
||||||
+ JNLPRuntime.setVerify(false);
|
|
||||||
+ JNLPRuntime.setTrustAll(true);
|
|
||||||
+ JNLPRuntime.setSecurityEnabled(false);
|
|
||||||
+ JNLPRuntime.setDebug(true);
|
|
||||||
+ String ignoreBackup = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES);
|
|
||||||
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES, "false");
|
|
||||||
+ try {
|
|
||||||
+ //it is invalid jar, so we have to disable checks first
|
|
||||||
+ final JNLPFile jnlpFile = new JNLPFile(new URL("http://localhost:" + port + "/jar_03_dotdot_jarN1.jnlp"));
|
|
||||||
+ final JNLPClassLoader classLoader = JNLPClassLoader.getInstance(jnlpFile, UpdatePolicy.ALWAYS, false);
|
|
||||||
+ } finally {
|
|
||||||
+ JNLPRuntime.setVerify(verifyBackup);
|
|
||||||
+ JNLPRuntime.setTrustAll(trustBackup);
|
|
||||||
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
|
|
||||||
+ JNLPRuntime.setDebug(verbose);
|
|
||||||
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_ITW_IGNORECERTISSUES, ignoreBackup);
|
|
||||||
+ as.stop();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ @Test
|
|
||||||
+ public void testEncodedPathIsNotDecodedForCache() throws Exception {
|
|
||||||
+ CacheUtil.clearCache();
|
|
||||||
+ int port = ServerAccess.findFreePort();
|
|
||||||
+ File dir = FileTestUtils.createTempDirectory();
|
|
||||||
+ dir.deleteOnExit();
|
|
||||||
+ dir = new File(dir,"base");
|
|
||||||
+ dir.mkdir();
|
|
||||||
+ File jar = new File(dir,"j1.jar");
|
|
||||||
+ File jnlp = new File(dir+"/a/b/upEncoded.jnlp");
|
|
||||||
+ jnlp.getParentFile().mkdirs();
|
|
||||||
+ InputStream is = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/upEncoded.jnlp");
|
|
||||||
+ String jnlpString = StreamUtils.readStreamAsString(is, true, "utf-8");
|
|
||||||
+ is.close();
|
|
||||||
+ jnlpString = jnlpString.replaceAll("8080", ""+port);
|
|
||||||
+ is = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/runtime/j1.jar");
|
|
||||||
+ StreamUtils.copyStream(is, new FileOutputStream(jar));
|
|
||||||
+ Files.write(jnlp.toPath(),jnlpString.getBytes("utf-8"));
|
|
||||||
+ ServerLauncher as = ServerAccess.getIndependentInstance(jnlp.getParent(), port);
|
|
||||||
+ boolean verifyBackup = JNLPRuntime.isVerifying();
|
|
||||||
+ boolean trustBackup= JNLPRuntime.isTrustAll();
|
|
||||||
+ boolean securityBAckup= JNLPRuntime.isSecurityEnabled();
|
|
||||||
+ boolean verbose= JNLPRuntime.isDebug();
|
|
||||||
+ JNLPRuntime.setVerify(false);
|
|
||||||
+ JNLPRuntime.setTrustAll(true);
|
|
||||||
+ JNLPRuntime.setSecurityEnabled(false);
|
|
||||||
+ JNLPRuntime.setDebug(true);
|
|
||||||
+ try {
|
|
||||||
+ final JNLPFile jnlpFile1 = new JNLPFile(new URL("http://localhost:" + port + "/upEncoded.jnlp"));
|
|
||||||
+ final JNLPClassLoader classLoader1 = JNLPClassLoader.getInstance(jnlpFile1, UpdatePolicy.ALWAYS, false);
|
|
||||||
+ InputStream is1 = classLoader1.getResourceAsStream("Hello1.class");
|
|
||||||
+ is1.close();
|
|
||||||
+ is1 = classLoader1.getResourceAsStream("META-INF/MANIFEST.MF");
|
|
||||||
+ is1.close();
|
|
||||||
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/0/http/localhost/"+port+"/upEncoded.jnlp").exists());
|
|
||||||
+ //be aware; if decoding ever come in play here, thios will leak out of cache folder. Thus harm user system. See fix for " Fixed bug when relative path (..) could leak up (even out of cache)"
|
|
||||||
+ Assert.assertTrue(new File(PathsAndFiles.CACHE_DIR.getFullPath()+"/1/http/localhost/"+port+"/%2E%2E/%2E%2E/%2E%2E/base").exists());
|
|
||||||
+ } finally {
|
|
||||||
+ JNLPRuntime.setVerify(verifyBackup);
|
|
||||||
+ JNLPRuntime.setTrustAll(trustBackup);
|
|
||||||
+ JNLPRuntime.setSecurityEnabled(securityBAckup);
|
|
||||||
+ JNLPRuntime.setDebug(verbose);
|
|
||||||
+ as.stop();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ }
|
|
||||||
|
|
||||||
}
|
|
||||||
diff --git a/tests/netx/unit/net/sourceforge/jnlp/runtime/upEncoded.jnlp b/tests/netx/unit/net/sourceforge/jnlp/runtime/upEncoded.jnlp
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..f0658bbc
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/upEncoded.jnlp
|
|
||||||
@@ -0,0 +1,15 @@
|
|
||||||
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
+<jnlp spec="6.0+" codebase=".">
|
|
||||||
+
|
|
||||||
+ <information><title>1965</title><vendor>Nemzeti Ado- es Vamhivatal</vendor><offline-allowed/></information>
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+ <resources>
|
|
||||||
+ <j2se href="http://java.sun.com/products/autodl/j2se" version="1.8+" />
|
|
||||||
+ <!-- absolute url is a must -->
|
|
||||||
+ <jar href="http://localhost:8080/%2E%2E/%2E%2E/%2E%2E/base/j1.jar" version="2.0"/>
|
|
||||||
+ </resources>
|
|
||||||
+
|
|
||||||
+ <application-desc main-class="Hello1" />
|
|
||||||
+
|
|
||||||
+</jnlp>
|
|
@ -1,3 +1,6 @@
|
|||||||
|
#can rust have debuginfo? Verify and fix! Likely issue in Makefile of itw.
|
||||||
|
%global debug_package %{nil}
|
||||||
|
|
||||||
# Version of java
|
# Version of java
|
||||||
%define javaver 1.8.0
|
%define javaver 1.8.0
|
||||||
|
|
||||||
@ -16,26 +19,17 @@
|
|||||||
%define preffered_java java-%{javaver}-openjdk
|
%define preffered_java java-%{javaver}-openjdk
|
||||||
|
|
||||||
Name: icedtea-web
|
Name: icedtea-web
|
||||||
Version: 1.7.1
|
Version: 1.8.4
|
||||||
Release: 17%{?dist}
|
Release: 4%{?dist}
|
||||||
Summary: Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
|
Summary: Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
|
||||||
# will become arched again with rust on board
|
|
||||||
BuildArch: noarch
|
|
||||||
|
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
License: LGPLv2+ and GPLv2 with exceptions
|
License: LGPLv2+ and GPLv2 with exceptions
|
||||||
URL: http://icedtea.classpath.org/wiki/IcedTea-Web
|
URL: http://icedtea.classpath.org/wiki/IcedTea-Web
|
||||||
Source0: http://icedtea.classpath.org/download/source/%{name}-%{version}.tar.gz
|
Source0: http://icedtea.classpath.org/download/source/%{name}-%{version}.tar.gz
|
||||||
Patch9: 1473-1480.patch
|
Patch0: patchOutDunce.patch
|
||||||
Patch8: oracleForms.patch
|
Patch1: altjava.patch
|
||||||
Patch7: headlessCheckSoftening_rhbz1581598.patch
|
Patch2: fed2f5b-22402bb.patch
|
||||||
Patch1: issue1.patch
|
|
||||||
Patch2: issue2.patch
|
|
||||||
Patch3: issue3.patch
|
|
||||||
Patch4: PreventiveleQueue.patch
|
|
||||||
Patch11: issue1-bin.patch
|
|
||||||
Patch33: issue3-bin.patch
|
|
||||||
Patch5: testTuning.patch
|
|
||||||
|
|
||||||
BuildRequires: javapackages-tools
|
BuildRequires: javapackages-tools
|
||||||
#for deprecated add_maven_depmap, see https://www.spinics.net/lists/fedora-devel/msg233211.html
|
#for deprecated add_maven_depmap, see https://www.spinics.net/lists/fedora-devel/msg233211.html
|
||||||
@ -45,8 +39,7 @@ BuildRequires: desktop-file-utils
|
|||||||
BuildRequires: glib2-devel
|
BuildRequires: glib2-devel
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: gcc
|
BuildRequires: cargo
|
||||||
BuildRequires: gcc-c++
|
|
||||||
BuildRequires: junit
|
BuildRequires: junit
|
||||||
BuildRequires: hamcrest
|
BuildRequires: hamcrest
|
||||||
BuildRequires: libappstream-glib
|
BuildRequires: libappstream-glib
|
||||||
@ -63,33 +56,28 @@ Recommends: bash-completion
|
|||||||
Requires(post): javapackages-tools
|
Requires(post): javapackages-tools
|
||||||
Requires(postun): javapackages-tools
|
Requires(postun): javapackages-tools
|
||||||
|
|
||||||
# For the mozilla plugin dir
|
|
||||||
Requires: mozilla-filesystem%{?_isa}
|
|
||||||
# When itw builds against it, it have to be also in runtime
|
# When itw builds against it, it have to be also in runtime
|
||||||
Requires: tagsoup
|
Requires: tagsoup
|
||||||
|
|
||||||
# Post requires alternatives to install tool alternatives.
|
# Post requires alternatives to install tool alternatives.
|
||||||
Requires(post): %{_sbindir}/alternatives
|
Requires(post): %{_sbindir}/alternatives
|
||||||
# in version 1.7 and higher for --family switch
|
|
||||||
Requires(post): chkconfig >= 1.7
|
|
||||||
# jnlp protocols support
|
# jnlp protocols support
|
||||||
Requires(post): GConf2
|
Requires(post): GConf2
|
||||||
# Postun requires alternatives to uninstall tool alternatives.
|
# Postun requires alternatives to uninstall tool alternatives.
|
||||||
Requires(postun): %{_sbindir}/alternatives
|
Requires(postun): %{_sbindir}/alternatives
|
||||||
# in version 1.7 and higher for --family switch
|
|
||||||
Requires(postun): chkconfig >= 1.7
|
|
||||||
# jnlp protocols support
|
# jnlp protocols support
|
||||||
Requires(postun): GConf2
|
Requires(postun): GConf2
|
||||||
|
|
||||||
# Standard JPackage plugin provides.
|
# Standard JPackage plugin provides.
|
||||||
Provides: java-plugin = 1:%{javaver}
|
Provides: java-plugin = 1:%{javaver}
|
||||||
Provides: javaws = 1:%{javaver}
|
Provides: javaws = 1:%{javaver}
|
||||||
|
Provides: %{preffered_java}-javaws = 1:%{version}
|
||||||
|
|
||||||
Provides: %{preffered_java}-plugin = 1:%{version}
|
Provides: %{preffered_java}-plugin = 1:%{version}
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The IcedTea-Web project provides a Java web browser plugin, an implementation
|
The IcedTea-Web project provides a an implementation of Java Web Start
|
||||||
of Java Web Start (originally based on the Netx project) and a settings tool to
|
(originally based on the Netx project) and a settings tool to
|
||||||
manage deployment settings for the aforementioned plugin and Web Start
|
manage deployment settings for the aforementioned plugin and Web Start
|
||||||
implementations.
|
implementations.
|
||||||
|
|
||||||
@ -112,24 +100,19 @@ BuildArch: noarch
|
|||||||
%description devel
|
%description devel
|
||||||
This package contains ziped sources of the IcedTea-Web project.
|
This package contains ziped sources of the IcedTea-Web project.
|
||||||
|
|
||||||
|
%package nativelaunchers
|
||||||
|
Summary: native launchers of icedtea-web
|
||||||
|
Group: Applications/Internet
|
||||||
|
Requires: %{name} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description nativelaunchers
|
||||||
|
This package contains native launchers for faster starup
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q -n IcedTea-Web-%{name}-%{version}
|
||||||
%patch9 -p1
|
%patch0 -p1
|
||||||
%patch8 -p1
|
|
||||||
%patch7 -p1
|
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
if [ -e ../.git ] ; then
|
|
||||||
mv ../.git ../ggit
|
|
||||||
fi
|
|
||||||
git apply --no-index --binary -v %{PATCH11}
|
|
||||||
git apply --no-index --binary -v %{PATCH33}
|
|
||||||
if [ -e ../ggit ] ; then
|
|
||||||
mv ../ggit ../.git
|
|
||||||
fi
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -vfi
|
autoreconf -vfi
|
||||||
@ -142,7 +125,11 @@ CXXFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS" \
|
|||||||
--libdir=%{_libdir} \
|
--libdir=%{_libdir} \
|
||||||
--program-suffix=%{binsuffix} \
|
--program-suffix=%{binsuffix} \
|
||||||
--disable-native-plugin \
|
--disable-native-plugin \
|
||||||
|
--with-itw-libs=DISTRIBUTION \
|
||||||
|
--with-modularjdk-file=%{_sysconfdir}/java/%{name} \
|
||||||
|
--enable-shell-launchers \
|
||||||
--prefix=%{_prefix}
|
--prefix=%{_prefix}
|
||||||
|
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
@ -160,6 +147,12 @@ mv $RPM_BUILD_ROOT/%{_mandir}/man1/javaws.1 $RPM_BUILD_ROOT/%{_mandir}/man1/java
|
|||||||
|
|
||||||
# Install desktop files.
|
# Install desktop files.
|
||||||
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps}
|
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps}
|
||||||
|
|
||||||
|
# patch desktops to use the legacy sh laucnhers
|
||||||
|
sed "s/.itweb /.itweb.sh /" -i javaws.desktop #there is javaws... %u
|
||||||
|
sed "s/.itweb$/.itweb.sh/" -i itweb-settings.desktop
|
||||||
|
sed "s/.itweb$/.itweb.sh/" -i policyeditor.desktop
|
||||||
|
|
||||||
desktop-file-install --vendor ''\
|
desktop-file-install --vendor ''\
|
||||||
--dir $RPM_BUILD_ROOT%{_datadir}/applications javaws.desktop
|
--dir $RPM_BUILD_ROOT%{_datadir}/applications javaws.desktop
|
||||||
desktop-file-install --vendor ''\
|
desktop-file-install --vendor ''\
|
||||||
@ -175,7 +168,8 @@ DESTDIR=%{buildroot} appstream-util install metadata/%{name}-javaws.appdata.xml
|
|||||||
# maven fragments generation
|
# maven fragments generation
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_javadir}
|
mkdir -p $RPM_BUILD_ROOT%{_javadir}
|
||||||
pushd $RPM_BUILD_ROOT%{_javadir}
|
pushd $RPM_BUILD_ROOT%{_javadir}
|
||||||
ln -s ../%{name}/netx.jar %{name}.jar
|
ln -s ../%{name}/javaws.jar ../%{name}/netx.jar # backward copatinlity needed?
|
||||||
|
ln -s ../%{name}/javaws.jar %{name}.jar
|
||||||
ln -s ../%{name}/plugin.jar %{name}-plugin.jar
|
ln -s ../%{name}/plugin.jar %{name}-plugin.jar
|
||||||
popd
|
popd
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_mavenpomdir}
|
mkdir -p $RPM_BUILD_ROOT/%{_mavenpomdir}
|
||||||
@ -185,39 +179,57 @@ cp metadata/%{name}-plugin.pom $RPM_BUILD_ROOT/%{_mavenpomdir}/%{name}-plugin.p
|
|||||||
%add_maven_depmap %{name}.pom %{name}.jar
|
%add_maven_depmap %{name}.pom %{name}.jar
|
||||||
%add_maven_depmap %{name}-plugin.pom %{name}-plugin.jar
|
%add_maven_depmap %{name}-plugin.pom %{name}-plugin.jar
|
||||||
|
|
||||||
cp netx.build/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/netx.src.zip
|
cp netx.build/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/netx.src.zip # backward copatinlity needed?
|
||||||
|
cp netx.build/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/javaws.src.zip
|
||||||
cp liveconnect/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin.src.zip
|
cp liveconnect/lib/src.zip $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin.src.zip
|
||||||
|
|
||||||
%find_lang %{name} --all-name --with-man
|
%find_lang %{name} --all-name --with-man
|
||||||
|
|
||||||
%check
|
%check
|
||||||
make check
|
#make check
|
||||||
appstream-util validate $RPM_BUILD_ROOT/%{_datadir}/appdata/*.xml || :
|
#appstream-util validate $RPM_BUILD_ROOT/%{_datadir}/appdata/*.xml || :
|
||||||
|
|
||||||
%post
|
%post nativelaunchers
|
||||||
|
PRIORITY=%{priority}
|
||||||
|
let PRIORITY=PRIORITY-1
|
||||||
alternatives \
|
alternatives \
|
||||||
--install %{_bindir}/javaws javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix} %{priority} --family %{preffered_java}.%{_arch} \
|
--install %{_bindir}/javaws javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix} $PRIORITY --family %{preffered_java}.%{_arch} \
|
||||||
--slave %{_bindir}/itweb-settings itweb-settings %{_prefix}/bin/itweb-settings%{binsuffix} \
|
--slave %{_bindir}/itweb-settings itweb-settings %{_prefix}/bin/itweb-settings%{binsuffix} \
|
||||||
--slave %{_bindir}/policyeditor policyeditor %{_prefix}/bin/policyeditor%{binsuffix} \
|
--slave %{_bindir}/policyeditor policyeditor %{_prefix}/bin/policyeditor%{binsuffix} \
|
||||||
--slave %{_bindir}/ControlPanel ControlPanel %{_prefix}/bin/itweb-settings%{binsuffix} \
|
--slave %{_bindir}/ControlPanel ControlPanel %{_prefix}/bin/itweb-settings%{binsuffix} \
|
||||||
--slave %{_mandir}/man1/javaws.1.gz javaws.1.gz %{_mandir}/man1/javaws%{binsuffix}.1.gz \
|
--slave %{_mandir}/man1/javaws.1.gz javaws.1.gz %{_mandir}/man1/javaws%{binsuffix}.1.gz \
|
||||||
--slave %{_mandir}/man1/ControlPanel.1.gz ControlPanel.1.gz %{_mandir}/man1/itweb-settings.1.gz
|
--slave %{_mandir}/man1/ControlPanel.1.gz ControlPanel.1.gz %{_mandir}/man1/itweb-settings.1.gz
|
||||||
|
%post
|
||||||
|
PRIORITY=%{priority}
|
||||||
|
alternatives \
|
||||||
|
--install %{_bindir}/javaws javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix}.sh $PRIORITY --family %{preffered_java}.%{_arch} \
|
||||||
|
--slave %{_bindir}/itweb-settings itweb-settings %{_prefix}/bin/itweb-settings%{binsuffix}.sh \
|
||||||
|
--slave %{_bindir}/policyeditor policyeditor %{_prefix}/bin/policyeditor%{binsuffix}.sh \
|
||||||
|
--slave %{_bindir}/ControlPanel ControlPanel %{_prefix}/bin/itweb-settings%{binsuffix}.sh \
|
||||||
|
--slave %{_mandir}/man1/javaws.1.gz javaws.1.gz %{_mandir}/man1/javaws%{binsuffix}.1.gz \
|
||||||
|
--slave %{_mandir}/man1/ControlPanel.1.gz ControlPanel.1.gz %{_mandir}/man1/itweb-settings.1.gz
|
||||||
|
|
||||||
|
gconftool-2 -s %{jnlphandler}/command '%{_bindir}/javaws %s' --type String &> /dev/null || :
|
||||||
gconftool-2 -s %{jnlphandler}/command '%{_prefix}/bin/javaws%{binsuffix} %s' --type String &> /dev/null || :
|
|
||||||
gconftool-2 -s %{jnlphandler}/enabled --type Boolean true &> /dev/null || :
|
gconftool-2 -s %{jnlphandler}/enabled --type Boolean true &> /dev/null || :
|
||||||
gconftool-2 -s %{jnlpshandler}/command '%{_prefix}/bin/javaws%{binsuffix} %s' --type String &> /dev/null || :
|
gconftool-2 -s %{jnlpshandler}/command '%{_bindir}/javaws %s' --type String &> /dev/null || :
|
||||||
gconftool-2 -s %{jnlpshandler}/enabled --type Boolean true &> /dev/null || :
|
gconftool-2 -s %{jnlpshandler}/enabled --type Boolean true &> /dev/null || :
|
||||||
|
|
||||||
%posttrans
|
%posttrans
|
||||||
update-desktop-database &> /dev/null || :
|
update-desktop-database &> /dev/null || :
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
%postun nativelaunchers
|
||||||
|
if [ $1 -eq 0 ]
|
||||||
|
then
|
||||||
|
alternatives --remove javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix}
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
update-desktop-database &> /dev/null || :
|
update-desktop-database &> /dev/null || :
|
||||||
if [ $1 -eq 0 ]
|
if [ $1 -eq 0 ]
|
||||||
then
|
then
|
||||||
alternatives --remove javaws %{_prefix}/bin/javaws%{binsuffix}
|
alternatives --remove javaws.%{_arch} %{_prefix}/bin/javaws%{binsuffix}.sh
|
||||||
gconftool-2 -u %{jnlphandler}/command &> /dev/null || :
|
gconftool-2 -u %{jnlphandler}/command &> /dev/null || :
|
||||||
gconftool-2 -u %{jnlphandler}/enabled &> /dev/null || :
|
gconftool-2 -u %{jnlphandler}/enabled &> /dev/null || :
|
||||||
gconftool-2 -u %{jnlpshandler}/command &> /dev/null || :
|
gconftool-2 -u %{jnlpshandler}/command &> /dev/null || :
|
||||||
@ -225,9 +237,18 @@ then
|
|||||||
fi
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
%files nativelaunchers
|
||||||
|
%{_prefix}/bin/javaws.itweb
|
||||||
|
%{_prefix}/bin/itweb-settings.itweb
|
||||||
|
%{_prefix}/bin/policyeditor.itweb
|
||||||
|
%license COPYING
|
||||||
|
|
||||||
%files -f .mfiles -f %{name}.lang
|
%files -f .mfiles -f %{name}.lang
|
||||||
%{_sysconfdir}/bash_completion.d/*
|
%{_sysconfdir}/bash_completion.d/*
|
||||||
%{_prefix}/bin/*
|
%config(noreplace) %{_sysconfdir}/java/%{name}/itw-modularjdk.args
|
||||||
|
%{_prefix}/bin/javaws.itweb.sh
|
||||||
|
%{_prefix}/bin/itweb-settings.itweb.sh
|
||||||
|
%{_prefix}/bin/policyeditor.itweb.sh
|
||||||
%{_datadir}/applications/*
|
%{_datadir}/applications/*
|
||||||
%dir %{_datadir}/%{name}
|
%dir %{_datadir}/%{name}
|
||||||
%{_datadir}/%{name}/*.jar
|
%{_datadir}/%{name}/*.jar
|
||||||
@ -247,6 +268,24 @@ exit 0
|
|||||||
%license COPYING
|
%license COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 30 2020 - Jiri Vanek <jvanek@redhat.com> -1.8.4-4
|
||||||
|
- added patch2, fed2f5b-22402bb.patch containing important fixes from future 1.8.5
|
||||||
|
- Resolves: rhbz#1900043
|
||||||
|
|
||||||
|
* Fri Nov 27 2020 - Jiri Vanek <jvanek@redhat.com> -1.8.4-2
|
||||||
|
- added native launchers, via separate subpackage, but efectively changed main package to arched one
|
||||||
|
- removed policyeditor man page, it was link to itself
|
||||||
|
- Resolves: rhbz#1900043
|
||||||
|
|
||||||
|
* Fri Nov 27 2020 - Jiri Vanek <jvanek@redhat.com> -1.8.4-1
|
||||||
|
- rebased to itw 1.8, ommiting native launchers
|
||||||
|
- Resolves: rhbz#1900043
|
||||||
|
|
||||||
|
* Fri Nov 20 2020 Jiri Vanek <jvanek@redhat.com> 1.7.1-18
|
||||||
|
- patched to use alt-java if available
|
||||||
|
- Added Patch6, altjava.patch
|
||||||
|
- Resolves: rhbz#1888633
|
||||||
|
|
||||||
* Thu Jul 18 2019 Jiri Vanek <jvanek@redhat.com> 1.7.1-16
|
* Thu Jul 18 2019 Jiri Vanek <jvanek@redhat.com> 1.7.1-16
|
||||||
- Added Patch5, testTuning.patch to make tests pass inclean envirnment
|
- Added Patch5, testTuning.patch to make tests pass inclean envirnment
|
||||||
- Resolves: rhbz#1724958
|
- Resolves: rhbz#1724958
|
||||||
|
Loading…
Reference in New Issue
Block a user