This provides a fix for the security vulnerability reported in
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1876

    The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6,
    7, and 8, and Oracle Java JDK, does not securely create temporary files when a
    log file cannot be opened, which allows local users to overwrite arbitrary
    files via a symlink attack on /tmp/unpack.log.

Rather than trying to open a /tmp/unpack.log file, this fix comments
out that segment and goes to the fallback options which include
redirecting error to /dev/null, or failing that, redirecting to stderr.

Upstream-Status: Pending

Signed-off-by: Amy Fong <amy.fong@windriver.com>

Index: openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
===================================================================
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
@@ -4757,6 +4757,15 @@
     return;
   } else {
     char log_file_name[PATH_MAX+100];
+#if 0
+/*
+The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6,
+7, and 8, and Oracle Java JDK, does not securely create temporary files when a
+log file cannot be opened, which allows local users to overwrite arbitrary
+files via a symlink attack on /tmp/unpack.log.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1876
+*/
     char tmpdir[PATH_MAX];
 #ifdef WIN32
     int n = GetTempPath(PATH_MAX,tmpdir); //API returns with trailing '\'
@@ -4781,6 +4790,7 @@
       log_file = errstrm_name = saveStr(log_file_name);
       return ;
     }
+#endif
 #ifndef WIN32
     sprintf(log_file_name, "/dev/null");
     // On windows most likely it will fail.