/hg/release/icedtea6-1.8: 3 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed Feb 9 05:24:29 PST 2011
changeset 04cd613daca9 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=04cd613daca9
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 12:36:05 2011 +0000
S4421494, CVE-2010-4476: infinite loop while parsing double literal.
2011-02-09 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add patch.
* NEWS: Updated.
* patches/security/20110209/4421494.patch: Add floating point
bug fix.
changeset c43e42301ab8 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=c43e42301ab8
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 12:37:22 2011 +0000
Bump to 1.8.6.
2011-02-09 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Update release date.
* configure.ac: Bump to 1.8.6.
changeset ee9e4603217a in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=ee9e4603217a
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 12:59:53 2011 +0000
Added tag icedtea6-1.8.6 for changeset c43e42301ab8
diffstat:
6 files changed, 121 insertions(+), 3 deletions(-)
.hgtags | 1
ChangeLog | 7 ++
Makefile.am | 3
NEWS | 5 +
configure.ac | 2
patches/security/20110209/4421494.patch | 106 +++++++++++++++++++++++++++++++
diffs (169 lines):
diff -r 6e111db7700c -r ee9e4603217a .hgtags
--- a/.hgtags Tue Feb 01 18:15:36 2011 +0000
+++ b/.hgtags Wed Feb 09 12:59:53 2011 +0000
@@ -26,3 +26,4 @@ 4f06af1897c3feff8708ff35a94df642f363d190
4f06af1897c3feff8708ff35a94df642f363d190 icedtea6-1.8.3
975f7989ae6615f5d0cbce3089291a7c8841364f icedtea6-1.8.4
e41dfe105a4113a351e90bd1ce22c81f06f3e68c icedtea6-1.8.5
+c43e42301ab86152257fc7eb9c249b2be2c1accc icedtea6-1.8.6
diff -r 6e111db7700c -r ee9e4603217a ChangeLog
--- a/ChangeLog Tue Feb 01 18:15:36 2011 +0000
+++ b/ChangeLog Wed Feb 09 12:59:53 2011 +0000
@@ -1,3 +1,10 @@ 2011-02-01 Andrew John Hughes <ahughes
+2011-02-09 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add patch.
+ * NEWS: Updated.
+ * patches/security/20110209/4421494.patch:
+ Add floating point bug fix.
+
2011-02-01 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Update for 1.8.6.
diff -r 6e111db7700c -r ee9e4603217a Makefile.am
--- a/Makefile.am Tue Feb 01 18:15:36 2011 +0000
+++ b/Makefile.am Wed Feb 09 12:59:53 2011 +0000
@@ -251,7 +251,8 @@ SECURITY_PATCHES = \
patches/security/20101012/6961084.patch \
patches/security/20101012/6963285.patch \
patches/security/20101012/6981426.patch \
- patches/security/20101012/6990437.patch
+ patches/security/20101012/6990437.patch \
+ patches/security/20110209/4421494.patch
ICEDTEA_PATCHES = \
$(SECURITY_PATCHES) \
diff -r 6e111db7700c -r ee9e4603217a NEWS
--- a/NEWS Tue Feb 01 18:15:36 2011 +0000
+++ b/NEWS Wed Feb 09 12:59:53 2011 +0000
@@ -8,7 +8,10 @@ GX - http://bugs.gentoo.org/show_bug.cg
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.8.6 (20XX-XX-XX):
+New in release 1.8.6 (2011-02-09):
+
+* Security updates
+ - S4421494, CVE-2010-4476: infinite loop while parsing double literal.
New in release 1.8.5 (2011-02-01):
diff -r 6e111db7700c -r ee9e4603217a configure.ac
--- a/configure.ac Tue Feb 01 18:15:36 2011 +0000
+++ b/configure.ac Wed Feb 09 12:59:53 2011 +0000
@@ -1,4 +1,4 @@ AC_INIT([icedtea6],[1.8.6pre],[distro-pk
-AC_INIT([icedtea6],[1.8.6pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.8.6],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r 6e111db7700c -r ee9e4603217a patches/security/20110209/4421494.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20110209/4421494.patch Wed Feb 09 12:59:53 2011 +0000
@@ -0,0 +1,106 @@
+# HG changeset patch
+# User alanb
+# Date 1297019854 0
+# Node ID d00080320e439c339594d380f0322c865553a046
+# Parent f7afe7a5e086a6af1f23dd6304bcbe7fb2b6226a
+4421494: infinite loop while parsing double literal
+Reviewed-by: darcy, alanb
+Contributed-by: dmitry.nadezhin at oracle.com
+
+diff --git a/src/share/classes/sun/misc/FloatingDecimal.java b/src/share/classes/sun/misc/FloatingDecimal.java
+--- openjdk/jdk/src/share/classes/sun/misc/FloatingDecimal.java
++++ openjdk/jdk/src/share/classes/sun/misc/FloatingDecimal.java
+@@ -1547,7 +1547,7 @@ public class FloatingDecimal{
+ if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
+ overvalue = true; // our candidate is too big.
+ diff = bigB.sub( bigD );
+- if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
++ if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
+ // candidate is a normalized exact power of 2 and
+ // is too big. We will be subtracting.
+ // For our purposes, ulp is the ulp of the
+diff --git a/test/java/lang/Double/ParseDouble.java b/test/java/lang/Double/ParseDouble.java
+--- openjdk/jdk/test/java/lang/Double/ParseDouble.java
++++ openjdk/jdk/test/java/lang/Double/ParseDouble.java
+@@ -23,11 +23,12 @@
+
+ /*
+ * @test
+- * @bug 4160406 4705734 4707389 4826774 4895911
++ * @bug 4160406 4705734 4707389 4826774 4895911 4421494
+ * @summary Test for Double.parseDouble method and acceptance regex
+ */
+
+ import java.util.regex.*;
++import java.math.BigDecimal;
+
+ public class ParseDouble {
+
+@@ -416,7 +417,15 @@ public class ParseDouble {
+
+ "0x00100p1",
+ "0x00.100p1",
+- "0x001.100p1"
++ "0x001.100p1",
++
++ // Limits
++
++ "1.7976931348623157E308", // Double.MAX_VALUE
++ "4.9e-324", // Double.MIN_VALUE
++ "2.2250738585072014e-308", // Double.MIN_NORMAL
++
++ "2.2250738585072012e-308", // near Double.MIN_NORMAL
+ };
+
+ static String paddedBadStrings[];
+@@ -546,6 +555,42 @@ public class ParseDouble {
+
+ }
+
++ /**
++ * For each subnormal power of two, test at boundaries of
++ * region that should convert to that value.
++ */
++ private static void testSubnormalPowers() {
++ BigDecimal TWO = BigDecimal.valueOf(2);
++ // An ulp is the same for all subnormal values
++ BigDecimal ulp_BD = new BigDecimal(Double.MIN_VALUE);
++
++ System.out.println("Testing subnormal powers of two.");
++ for(int i = -1074; i <= -1022; i++) {
++ double d = Math.scalb(1.0, i);
++
++ /*
++ * The region [d - ulp/2, d + ulp/2] should round to d.
++ */
++ BigDecimal d_BD = new BigDecimal(d);
++
++ BigDecimal lowerBound = d_BD.subtract(ulp_BD.divide(TWO));
++ BigDecimal upperBound = d_BD.add(ulp_BD.divide(TWO));
++
++ double convertedLowerBound = Double.parseDouble(lowerBound.toString());
++ double convertedUpperBound = Double.parseDouble(upperBound.toString());
++
++ if (convertedLowerBound != d) {
++ System.out.printf("Exponent %d, unexpected lower bound converted to %a, not %a.%n",
++ i, convertedLowerBound, d);
++ }
++
++ if (convertedUpperBound != d) {
++ System.out.printf("Exponent %d, unexpected upper bound converted to %a, not %a.%n",
++ i, convertedUpperBound, d);
++ }
++ }
++ }
++
+ public static void main(String[] args) throws Exception {
+ rudimentaryTest();
+
+@@ -558,5 +603,7 @@ public class ParseDouble {
+ testRegex(paddedGoodStrings, false);
+ testRegex(badStrings, true);
+ testRegex(paddedBadStrings, true);
++
++ testSubnormalPowers();
+ }
+ }
More information about the distro-pkg-dev
mailing list