/hg/release/icedtea6-1.9: 3 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed Feb 9 05:24:49 PST 2011
changeset 0719a880282c in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=0719a880282c
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 10:57:48 2011 +0000
S4421494, CVE-2010-4476: infinite loop while parsing double literal.
2011-02-09 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add patch.
* NEWS: Updated.
* patches/security/20110209/4421494.patch: Add floating point
bug fix.
changeset 03258f7ff910 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=03258f7ff910
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 10:59:03 2011 +0000
Bump to 1.9.6.
2011-02-09 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Update release date.
* configure.ac: Bump to 1.9.6.
changeset 9bd3a32c627d in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=9bd3a32c627d
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Feb 09 13:24:43 2011 +0000
Added tag icedtea6-1.9.6 for changeset 03258f7ff910
diffstat:
6 files changed, 125 insertions(+), 3 deletions(-)
.hgtags | 1
ChangeLog | 12 +++
Makefile.am | 3
NEWS | 4 -
configure.ac | 2
patches/security/20110209/4421494.patch | 106 +++++++++++++++++++++++++++++++
diffs (174 lines):
diff -r 5328f1ab65e1 -r 9bd3a32c627d .hgtags
--- a/.hgtags Tue Feb 01 18:17:32 2011 +0000
+++ b/.hgtags Wed Feb 09 13:24:43 2011 +0000
@@ -25,3 +25,4 @@ 42cb6cbb7ba6fbbcdd3499ea91c283637994db98
42cb6cbb7ba6fbbcdd3499ea91c283637994db98 icedtea6-1.9.3
fdefc65b1e3f7ab140ce4da42716c2439796dfda icedtea6-1.9.4
a55e0ec59e4287f9df15f666503dbe500f1a61ea icedtea6-1.9.5
+03258f7ff9107c7e3be6931df2093b8395db89e4 icedtea6-1.9.6
diff -r 5328f1ab65e1 -r 9bd3a32c627d ChangeLog
--- a/ChangeLog Tue Feb 01 18:17:32 2011 +0000
+++ b/ChangeLog Wed Feb 09 13:24:43 2011 +0000
@@ -1,3 +1,15 @@ 2011-02-01 Andrew John Hughes <ahughes
+2011-02-09 Andrew John Hughes <ahughes at redhat.com>
+
+ * NEWS: Update release date.
+ * configure.ac: Bump to 1.9.6.
+
+2011-02-09 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add patch.
+ * NEWS: Updated.
+ * patches/security/20110209/4421494.patch:
+ Add floating point bug fix.
+
2011-02-01 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Update for 1.9.6.
diff -r 5328f1ab65e1 -r 9bd3a32c627d Makefile.am
--- a/Makefile.am Tue Feb 01 18:17:32 2011 +0000
+++ b/Makefile.am Wed Feb 09 13:24:43 2011 +0000
@@ -218,7 +218,8 @@ SECURITY_PATCHES = \
patches/security/20101012/6961084.patch \
patches/security/20101012/6963285.patch \
patches/security/20101012/6981426.patch \
- patches/security/20101012/6990437.patch
+ patches/security/20101012/6990437.patch \
+ patches/security/20110209/4421494.patch
ICEDTEA_PATCHES = \
$(SECURITY_PATCHES) \
diff -r 5328f1ab65e1 -r 9bd3a32c627d NEWS
--- a/NEWS Tue Feb 01 18:17:32 2011 +0000
+++ b/NEWS Wed Feb 09 13:24:43 2011 +0000
@@ -8,8 +8,10 @@ GX - http://bugs.gentoo.org/show_bug.cg
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.9.6 (20XX-XX-XX):
+New in release 1.9.6 (2011-02-09):
+* Security updates
+ - S4421494, CVE-2010-4476: infinite loop while parsing double literal.
New in release 1.9.5 (2011-02-01):
diff -r 5328f1ab65e1 -r 9bd3a32c627d configure.ac
--- a/configure.ac Tue Feb 01 18:17:32 2011 +0000
+++ b/configure.ac Wed Feb 09 13:24:43 2011 +0000
@@ -1,4 +1,4 @@ AC_INIT([icedtea6],[1.9.6pre],[distro-pk
-AC_INIT([icedtea6],[1.9.6pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.9.6],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r 5328f1ab65e1 -r 9bd3a32c627d patches/security/20110209/4421494.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/security/20110209/4421494.patch Wed Feb 09 13:24:43 2011 +0000
@@ -0,0 +1,106 @@
+# HG changeset patch
+# User alanb
+# Date 1297019854 0
+# Node ID d00080320e439c339594d380f0322c865553a046
+# Parent f7afe7a5e086a6af1f23dd6304bcbe7fb2b6226a
+4421494: infinite loop while parsing double literal
+Reviewed-by: darcy, alanb
+Contributed-by: dmitry.nadezhin at oracle.com
+
+diff --git a/src/share/classes/sun/misc/FloatingDecimal.java b/src/share/classes/sun/misc/FloatingDecimal.java
+--- openjdk/jdk/src/share/classes/sun/misc/FloatingDecimal.java
++++ openjdk/jdk/src/share/classes/sun/misc/FloatingDecimal.java
+@@ -1547,7 +1547,7 @@ public class FloatingDecimal{
+ if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
+ overvalue = true; // our candidate is too big.
+ diff = bigB.sub( bigD );
+- if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
++ if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
+ // candidate is a normalized exact power of 2 and
+ // is too big. We will be subtracting.
+ // For our purposes, ulp is the ulp of the
+diff --git a/test/java/lang/Double/ParseDouble.java b/test/java/lang/Double/ParseDouble.java
+--- openjdk/jdk/test/java/lang/Double/ParseDouble.java
++++ openjdk/jdk/test/java/lang/Double/ParseDouble.java
+@@ -23,11 +23,12 @@
+
+ /*
+ * @test
+- * @bug 4160406 4705734 4707389 4826774 4895911
++ * @bug 4160406 4705734 4707389 4826774 4895911 4421494
+ * @summary Test for Double.parseDouble method and acceptance regex
+ */
+
+ import java.util.regex.*;
++import java.math.BigDecimal;
+
+ public class ParseDouble {
+
+@@ -416,7 +417,15 @@ public class ParseDouble {
+
+ "0x00100p1",
+ "0x00.100p1",
+- "0x001.100p1"
++ "0x001.100p1",
++
++ // Limits
++
++ "1.7976931348623157E308", // Double.MAX_VALUE
++ "4.9e-324", // Double.MIN_VALUE
++ "2.2250738585072014e-308", // Double.MIN_NORMAL
++
++ "2.2250738585072012e-308", // near Double.MIN_NORMAL
+ };
+
+ static String paddedBadStrings[];
+@@ -546,6 +555,42 @@ public class ParseDouble {
+
+ }
+
++ /**
++ * For each subnormal power of two, test at boundaries of
++ * region that should convert to that value.
++ */
++ private static void testSubnormalPowers() {
++ BigDecimal TWO = BigDecimal.valueOf(2);
++ // An ulp is the same for all subnormal values
++ BigDecimal ulp_BD = new BigDecimal(Double.MIN_VALUE);
++
++ System.out.println("Testing subnormal powers of two.");
++ for(int i = -1074; i <= -1022; i++) {
++ double d = Math.scalb(1.0, i);
++
++ /*
++ * The region [d - ulp/2, d + ulp/2] should round to d.
++ */
++ BigDecimal d_BD = new BigDecimal(d);
++
++ BigDecimal lowerBound = d_BD.subtract(ulp_BD.divide(TWO));
++ BigDecimal upperBound = d_BD.add(ulp_BD.divide(TWO));
++
++ double convertedLowerBound = Double.parseDouble(lowerBound.toString());
++ double convertedUpperBound = Double.parseDouble(upperBound.toString());
++
++ if (convertedLowerBound != d) {
++ System.out.printf("Exponent %d, unexpected lower bound converted to %a, not %a.%n",
++ i, convertedLowerBound, d);
++ }
++
++ if (convertedUpperBound != d) {
++ System.out.printf("Exponent %d, unexpected upper bound converted to %a, not %a.%n",
++ i, convertedUpperBound, d);
++ }
++ }
++ }
++
+ public static void main(String[] args) throws Exception {
+ rudimentaryTest();
+
+@@ -558,5 +603,7 @@ public class ParseDouble {
+ testRegex(paddedGoodStrings, false);
+ testRegex(badStrings, true);
+ testRegex(paddedBadStrings, true);
++
++ testSubnormalPowers();
+ }
+ }
More information about the distro-pkg-dev
mailing list