From af5a48d4a72c431e7d549bb8280f6ccc2ded5012 Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Fri, 24 Jan 2014 13:38:19 -0500
Subject: [PATCH] Adapt more patches from java-1.7.0-openjdk

---
 1015432.patch                   | 23 +++++++++++++++++++
 PStack-808293.patch             | 40 +++++++++++++++++++++++++++++++++
 java-1.8.0-openjdk.spec         | 11 +++++++++
 java-atk-wrapper-security.patch | 28 +++++++++++++++++++++++
 4 files changed, 102 insertions(+)
 create mode 100644 1015432.patch
 create mode 100644 PStack-808293.patch
 create mode 100644 java-atk-wrapper-security.patch

diff --git a/1015432.patch b/1015432.patch
new file mode 100644
index 0000000..c8323e8
--- /dev/null
+++ b/1015432.patch
@@ -0,0 +1,23 @@
+--- jdk8/hotspot/src/os/linux/vm/os_linux.cpp	Wed Oct 23 15:44:12 2013 -0700
++++ jdk8/hotspot/src/os/linux/vm/os_linux.cpp	Thu Dec 19 16:03:33 2013 +0000
+@@ -4797,9 +4797,19 @@ 
+   // size.  Add a page for compiler2 recursion in main thread.
+   // Add in 2*BytesPerWord times page size to account for VM stack during
+   // class initialization depending on 32 or 64 bit VM.
++
++
+   os::Linux::min_stack_allowed = MAX2(os::Linux::min_stack_allowed,
+             (size_t)(StackYellowPages+StackRedPages+StackShadowPages) * Linux::page_size() +
+-                    (2*BytesPerWord COMPILER2_PRESENT(+1)) * Linux::vm_default_page_size());
++                    (2*BytesPerWord COMPILER2_PRESENT(+1)) 
++                       * 
++#ifdef PPC
++                      NOT_ZERO ( Linux::vm_default_page_size() ) 
++                       ZERO_ONLY ( Linux::page_size() )
++#else                   
++                       ( Linux::vm_default_page_size() )
++#endif
++                     );
+ 
+   size_t threadStackSizeInBytes = ThreadStackSize * K;
+   if (threadStackSizeInBytes != 0 &&
diff --git a/PStack-808293.patch b/PStack-808293.patch
new file mode 100644
index 0000000..eb8b8a0
--- /dev/null
+++ b/PStack-808293.patch
@@ -0,0 +1,40 @@
+--- jdk8/hotspot/agent/src/share/classes/sun/jvm/hotspot/tools/PStack.java	2012-04-06 02:26:33.322164601 +0200
++++ jdk8/hotspot/agent/src/share/classes/sun/jvm/hotspot/tools/PStack.java	2012-04-06 02:26:57.958514071 +0200
+@@ -1,5 +1,6 @@
+ /*
+  * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2012, Red Hat Inc.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -84,7 +85,8 @@
+                out.print("----------------- ");
+                out.print(th);
+                out.println(" -----------------");
+-               while (f != null) {
++               int maxStack = 256;
++               while (f != null && maxStack-- > 0) {
+                   ClosestSymbol sym = f.closestSymbolToPC();
+                   Address pc = f.pc();
+                   out.print(pc + "\t");
+@@ -158,10 +160,19 @@
+                          }
+                       }
+                   }
++                  Address oldPC = f.pc();
++                  Address oldFP = f.localVariableBase();
+                   f = f.sender(th);
++                  if (f != null
++                      && oldPC.equals(f.pc())
++                      && oldFP.equals(f.localVariableBase())) {
++                      // We didn't make any progress
++                      f = null;
++                  }
+                }
+             } catch (Exception exp) {
+-               exp.printStackTrace();
++               // exp.printStackTrace();
++               out.println("bad stack: " + exp);
+                // continue, may be we can do a better job for other threads
+             }
+             if (concurrentLocks) {
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 9b8aaf7..34e0737 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -168,6 +168,7 @@ Source12: remove-intree-libraries.sh
 # Ensure we aren't using the limited crypto policy
 Source13: TestCryptoLevel.java
 
+
 Source100: config.guess
 Source101: config.sub
 
@@ -176,6 +177,13 @@ Source101: config.sub
 # Ignore AWTError when assistive technologies are loaded 
 Patch1:   %{name}-accessible-toolkit.patch
 
+# RHBZ 1015432
+Patch2: 1015432.patch
+# Restrict access to java-atk-wrapper classes
+Patch3: java-atk-wrapper-security.patch
+# RHBZ 808293
+Patch4: PStack-808293.patch
+
 #
 # OpenJDK specific patches
 #
@@ -365,6 +373,9 @@ sh %{SOURCE12}
 
 
 %patch1
+%patch2
+%patch3
+%patch4
 
 # Type fixes for s390
 %ifarch s390 s390x
diff --git a/java-atk-wrapper-security.patch b/java-atk-wrapper-security.patch
new file mode 100644
index 0000000..8ef9a48
--- /dev/null
+++ b/java-atk-wrapper-security.patch
@@ -0,0 +1,28 @@
+--- jdk8/jdk/src/share/lib/security/java.security-linux.orig
++++ jdk8/jdk/src/share/lib/security/java.security-linux
+@@ -154,9 +154,11 @@
+                org.jcp.xml.dsig.internal.,\
+                jdk.internal.,\
+                jdk.nashorn.internal.,\
+-               jdk.nashorn.tools.
++               jdk.nashorn.tools,\
++               org.GNOME.Accessibility.,\
++               org.GNOME.Bonobo.
+ 
+ 
+ #
+ # List of comma-separated packages that start with or equal this string
+ # will cause a security exception to be thrown when
+@@ -192,9 +194,11 @@
+                    org.jcp.xml.dsig.internal.,\
+                    jdk.internal.,\
+                    jdk.nashorn.internal.,\
+-                   jdk.nashorn.tools.
++                   jdk.nashorn.tools.,\
++                   org.GNOME.Accessibility.,\
++                   org.GNOME.Bonobo.
+ 
+ 
+ #
+ # Determines whether this properties file can be appended to
+ # or overridden on the command line via -Djava.security.properties