[icedtea-web] Couple of minor enhancement patches

Dr Andrew John Hughes ahughes at redhat.com
Thu Feb 10 00:19:13 PST 2011 

On 18:25 Wed 09 Feb     , Deepak Bhole wrote:
> Hi,
> 
> I would like to add these patches to 1.0 and HEAD. Any objections?
> 
> The package access one restricts access to net.sourceforge.jnlp.*
> classes as a pre-emptive measure to thwart potential security issues. I
> tested it with various JNLP services and found no issues.
> 
> ChangeLog:
> 
> * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
>   Restrict access to net.sourceforge.jnlp.* classes by untrusted
>   classes.
> 

The setProperty line needs splitting onto two lines.  Otherwise, ok.

> 
> The latter adds an encoding entry to the desktop files.
> ChangeLog:
> 
> * itweb-settings.desktop.in: Added UTF-8 encoding for the file.
> * javaws.desktop.in: Same.
> 

I'll wait on your response to Omair's post.

> 
> I will commit the patches separately.
> 
> Cheers,
> Deepak

> diff -r 06940cdcfef8 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java	Thu Jan 20 11:06:41 2011 -0500
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java	Wed Feb 02 13:09:29 2011 -0500
> @@ -222,6 +222,9 @@
>          Authenticator.setDefault(new JNLPAuthenticator());
>          ProxySelector.setDefault(new JNLPProxySelector());
>  
> +        // Restrict access to netx classes
> +        Security.setProperty("package.access", Security.getProperty("package.access")+",net.sourceforge.jnlp");
> +
>          initialized = true;
>  
>      }

> diff -up ./itweb-settings.desktop.in.sav ./itweb-settings.desktop.in
> --- ./itweb-settings.desktop.in.sav	2011-02-04 15:19:48.120684952 +0100
> +++ ./itweb-settings.desktop.in	2011-02-04 15:20:26.743684949 +0100
> @@ -6,3 +6,4 @@ Icon=javaws
>  Terminal=false
>  Type=Application
>  Categories=Settings;
> +Encoding=UTF-8
> diff -up ./javaws.desktop.in.sav ./javaws.desktop.in
> --- ./javaws.desktop.in.sav	2011-02-04 15:19:54.201684943 +0100
> +++ ./javaws.desktop.in	2011-02-04 15:20:14.118684930 +0100
> @@ -8,3 +8,4 @@ Type=Application
>  NoDisplay=true
>  Categories=Network;WebBrowser;
>  MimeType=application/x-java-jnlp-file;
> +Encoding=UTF-8


-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D  0698 0713 C3ED F586 2A37

More information about the distro-pkg-dev mailing list