[icedtea-web] Couple of minor enhancement patches
Deepak Bhole
dbhole at redhat.com
Wed Feb 9 15:25:59 PST 2011
Hi,
I would like to add these patches to 1.0 and HEAD. Any objections?
The package access one restricts access to net.sourceforge.jnlp.*
classes as a pre-emptive measure to thwart potential security issues. I
tested it with various JNLP services and found no issues.
ChangeLog:
* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
Restrict access to net.sourceforge.jnlp.* classes by untrusted
classes.
The latter adds an encoding entry to the desktop files.
ChangeLog:
* itweb-settings.desktop.in: Added UTF-8 encoding for the file.
* javaws.desktop.in: Same.
I will commit the patches separately.
Cheers,
Deepak
-------------- next part --------------
diff -r 06940cdcfef8 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Thu Jan 20 11:06:41 2011 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Wed Feb 02 13:09:29 2011 -0500
@@ -222,6 +222,9 @@
Authenticator.setDefault(new JNLPAuthenticator());
ProxySelector.setDefault(new JNLPProxySelector());
+ // Restrict access to netx classes
+ Security.setProperty("package.access", Security.getProperty("package.access")+",net.sourceforge.jnlp");
+
initialized = true;
}
-------------- next part --------------
diff -up ./itweb-settings.desktop.in.sav ./itweb-settings.desktop.in
--- ./itweb-settings.desktop.in.sav 2011-02-04 15:19:48.120684952 +0100
+++ ./itweb-settings.desktop.in 2011-02-04 15:20:26.743684949 +0100
@@ -6,3 +6,4 @@ Icon=javaws
Terminal=false
Type=Application
Categories=Settings;
+Encoding=UTF-8
diff -up ./javaws.desktop.in.sav ./javaws.desktop.in
--- ./javaws.desktop.in.sav 2011-02-04 15:19:54.201684943 +0100
+++ ./javaws.desktop.in 2011-02-04 15:20:14.118684930 +0100
@@ -8,3 +8,4 @@ Type=Application
NoDisplay=true
Categories=Network;WebBrowser;
MimeType=application/x-java-jnlp-file;
+Encoding=UTF-8
More information about the distro-pkg-dev
mailing list