/hg/release/icedtea6-1.7: 3 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed Feb 9 04:19:23 PST 2011
changeset e274c7313fff in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=e274c7313fff
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 11:16:33 2011 +0000
S4421494, CVE-2010-4476: infinite loop while parsing double literal.
2011-02-09 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add patch.
* NEWS: Updated.
* patches/security/20110209/4421494.patch: Add floating point
bug fix.
changeset 988c75b2751e in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=988c75b2751e
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 11:17:48 2011 +0000
Bump to 1.7.9.
2011-02-09 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Update release date.
* configure.ac: Bump to 1.7.9.
changeset e989cf4930ff in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=e989cf4930ff
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 12:12:20 2011 +0000
Added tag icedtea6-1.7.9 for changeset 988c75b2751e
diffstat:
6 files changed, 126 insertions(+), 3 deletions(-)
.hgtags | 1
ChangeLog | 12 +++
Makefile.am | 3
NEWS | 5 +
configure.ac | 2
patches/security/20110209/4421494.patch | 106 +++++++++++++++++++++++++++++++
diffs (174 lines):
diff -r d55f3f8e8d6c -r e989cf4930ff .hgtags
--- a/.hgtags Tue Feb 01 18:14:24 2011 +0000
+++ b/.hgtags Wed Feb 09 12:12:20 2011 +0000
@@ -30,3 +30,4 @@ f5667b14ce7eb0dc9b121164a28d3b3fcd516c61
f5667b14ce7eb0dc9b121164a28d3b3fcd516c61 icedtea6-1.7.6
8784e22fa2897df7373ca8869e7dab8d3af8c8c9 icedtea6-1.7.7
626c4d1e1fa47b492bb41c8438f66aacd35146ae icedtea6-1.7.8
+988c75b2751e89209b8126b7a3d6d1379aa3e56e icedtea6-1.7.9
diff -r d55f3f8e8d6c -r e989cf4930ff ChangeLog
--- a/ChangeLog Tue Feb 01 18:14:24 2011 +0000
+++ b/ChangeLog Wed Feb 09 12:12:20 2011 +0000
@@ -1,3 +1,15 @@ 2011-02-01 Andrew John Hughes <ahughes
+2011-02-09 Andrew John Hughes <ahughes at redhat.com>
+
+ * NEWS: Update release date.
+ * configure.ac: Bump to 1.7.9.
+
+2011-02-09 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add patch.
+ * NEWS: Updated.
+ * patches/security/20110209/4421494.patch:
+ Add floating point bug fix.
+
2011-02-01 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Update for 1.7.9.
diff -r d55f3f8e8d6c -r e989cf4930ff Makefile.am
--- a/Makefile.am Tue Feb 01 18:14:24 2011 +0000
+++ b/Makefile.am Wed Feb 09 12:12:20 2011 +0000
@@ -260,7 +260,8 @@ SECURITY_PATCHES = \
patches/security/20101012/6961084.patch \
patches/security/20101012/6963285.patch \
patches/security/20101012/6981426.patch \
- patches/security/20101012/6990437.patch
+ patches/security/20101012/6990437.patch \
+ patches/security/20110209/4421494.patch
ICEDTEA_PATCHES = \
$(SECURITY_PATCHES) \
diff -r d55f3f8e8d6c -r e989cf4930ff NEWS
--- a/NEWS Tue Feb 01 18:14:24 2011 +0000
+++ b/NEWS Wed Feb 09 12:12:20 2011 +0000
@@ -8,7 +8,10 @@ GX - http://bugs.gentoo.org/show_bug.cg
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.7.9 (20XX-XX-XX):
+New in release 1.7.9 (2011-02-09):
+
+* Security updates
+ - S4421494, CVE-2010-4476: infinite loop while parsing double literal.
New in release 1.7.8 (2011-02-01):
diff -r d55f3f8e8d6c -r e989cf4930ff configure.ac
--- a/configure.ac Tue Feb 01 18:14:24 2011 +0000
+++ b/configure.ac Wed Feb 09 12:12:20 2011 +0000
@@ -1,4 +1,4 @@ AC_INIT([icedtea6], [1.7.9pre], [distro-
-AC_INIT([icedtea6], [1.7.9pre], [distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6], [1.7.9], [distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r d55f3f8e8d6c -r e989cf4930ff patches/security/20110209/4421494.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20110209/4421494.patch Wed Feb 09 12:12:20 2011 +0000
@@ -0,0 +1,106 @@
+# HG changeset patch
+# User alanb
+# Date 1297019854 0
+# Node ID d00080320e439c339594d380f0322c865553a046
+# Parent f7afe7a5e086a6af1f23dd6304bcbe7fb2b6226a
+4421494: infinite loop while parsing double literal
+Reviewed-by: darcy, alanb
+Contributed-by: dmitry.nadezhin at oracle.com
+
+diff --git a/src/share/classes/sun/misc/FloatingDecimal.java b/src/share/classes/sun/misc/FloatingDecimal.java
+--- openjdk/jdk/src/share/classes/sun/misc/FloatingDecimal.java
++++ openjdk/jdk/src/share/classes/sun/misc/FloatingDecimal.java
+@@ -1547,7 +1547,7 @@ public class FloatingDecimal{
+ if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
+ overvalue = true; // our candidate is too big.
+ diff = bigB.sub( bigD );
+- if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
++ if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
+ // candidate is a normalized exact power of 2 and
+ // is too big. We will be subtracting.
+ // For our purposes, ulp is the ulp of the
+diff --git a/test/java/lang/Double/ParseDouble.java b/test/java/lang/Double/ParseDouble.java
+--- openjdk/jdk/test/java/lang/Double/ParseDouble.java
++++ openjdk/jdk/test/java/lang/Double/ParseDouble.java
+@@ -23,11 +23,12 @@
+
+ /*
+ * @test
+- * @bug 4160406 4705734 4707389 4826774 4895911
++ * @bug 4160406 4705734 4707389 4826774 4895911 4421494
+ * @summary Test for Double.parseDouble method and acceptance regex
+ */
+
+ import java.util.regex.*;
++import java.math.BigDecimal;
+
+ public class ParseDouble {
+
+@@ -416,7 +417,15 @@ public class ParseDouble {
+
+ "0x00100p1",
+ "0x00.100p1",
+- "0x001.100p1"
++ "0x001.100p1",
++
++ // Limits
++
++ "1.7976931348623157E308", // Double.MAX_VALUE
++ "4.9e-324", // Double.MIN_VALUE
++ "2.2250738585072014e-308", // Double.MIN_NORMAL
++
++ "2.2250738585072012e-308", // near Double.MIN_NORMAL
+ };
+
+ static String paddedBadStrings[];
+@@ -546,6 +555,42 @@ public class ParseDouble {
+
+ }
+
++ /**
++ * For each subnormal power of two, test at boundaries of
++ * region that should convert to that value.
++ */
++ private static void testSubnormalPowers() {
++ BigDecimal TWO = BigDecimal.valueOf(2);
++ // An ulp is the same for all subnormal values
++ BigDecimal ulp_BD = new BigDecimal(Double.MIN_VALUE);
++
++ System.out.println("Testing subnormal powers of two.");
++ for(int i = -1074; i <= -1022; i++) {
++ double d = Math.scalb(1.0, i);
++
++ /*
++ * The region [d - ulp/2, d + ulp/2] should round to d.
++ */
++ BigDecimal d_BD = new BigDecimal(d);
++
++ BigDecimal lowerBound = d_BD.subtract(ulp_BD.divide(TWO));
++ BigDecimal upperBound = d_BD.add(ulp_BD.divide(TWO));
++
++ double convertedLowerBound = Double.parseDouble(lowerBound.toString());
++ double convertedUpperBound = Double.parseDouble(upperBound.toString());
++
++ if (convertedLowerBound != d) {
++ System.out.printf("Exponent %d, unexpected lower bound converted to %a, not %a.%n",
++ i, convertedLowerBound, d);
++ }
++
++ if (convertedUpperBound != d) {
++ System.out.printf("Exponent %d, unexpected upper bound converted to %a, not %a.%n",
++ i, convertedUpperBound, d);
++ }
++ }
++ }
++
+ public static void main(String[] args) throws Exception {
+ rudimentaryTest();
+
+@@ -558,5 +603,7 @@ public class ParseDouble {
+ testRegex(paddedGoodStrings, false);
+ testRegex(badStrings, true);
+ testRegex(paddedBadStrings, true);
++
++ testSubnormalPowers();
+ }
+ }
More information about the distro-pkg-dev
mailing list