[icedtea-web] Couple of minor enhancement patches

Deepak Bhole dbhole at redhat.com
Thu Feb 10 08:14:47 PST 2011 

* Dr Andrew John Hughes <ahughes at redhat.com> [2011-02-10 03:19]:
> On 18:25 Wed 09 Feb     , Deepak Bhole wrote:
> > Hi,
> > 
> > I would like to add these patches to 1.0 and HEAD. Any objections?
> > 
> > The package access one restricts access to net.sourceforge.jnlp.*
> > classes as a pre-emptive measure to thwart potential security issues. I
> > tested it with various JNLP services and found no issues.
> > 
> > ChangeLog:
> > 
> > * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
> >   Restrict access to net.sourceforge.jnlp.* classes by untrusted
> >   classes.
> > 
> 
> The setProperty line needs splitting onto two lines.  Otherwise, ok.
>

Will do.
 
> > 
> > The latter adds an encoding entry to the desktop files.
> > ChangeLog:
> > 
> > * itweb-settings.desktop.in: Added UTF-8 encoding for the file.
> > * javaws.desktop.in: Same.
> > 
> 
> I'll wait on your response to Omair's post.
>

Just responded to it.. I don't think we should add it to IcedTea. I
added it because one of the checking tools complained that it was
missing. The tool needs updating for the new standards. IcedTea-Web
should stick to the latest standard IMO, so this patch should be
skipped.

Thanks,
Deepak

> > 
> > I will commit the patches separately.
> > 
> > Cheers,
> > Deepak
> 
> > diff -r 06940cdcfef8 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
> > --- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java	Thu Jan 20 11:06:41 2011 -0500
> > +++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java	Wed Feb 02 13:09:29 2011 -0500
> > @@ -222,6 +222,9 @@
> >          Authenticator.setDefault(new JNLPAuthenticator());
> >          ProxySelector.setDefault(new JNLPProxySelector());
> >  
> > +        // Restrict access to netx classes
> > +        Security.setProperty("package.access", Security.getProperty("package.access")+",net.sourceforge.jnlp");
> > +
> >          initialized = true;
> >  
> >      }
> 
> > diff -up ./itweb-settings.desktop.in.sav ./itweb-settings.desktop.in
> > --- ./itweb-settings.desktop.in.sav	2011-02-04 15:19:48.120684952 +0100
> > +++ ./itweb-settings.desktop.in	2011-02-04 15:20:26.743684949 +0100
> > @@ -6,3 +6,4 @@ Icon=javaws
> >  Terminal=false
> >  Type=Application
> >  Categories=Settings;
> > +Encoding=UTF-8
> > diff -up ./javaws.desktop.in.sav ./javaws.desktop.in
> > --- ./javaws.desktop.in.sav	2011-02-04 15:19:54.201684943 +0100
> > +++ ./javaws.desktop.in	2011-02-04 15:20:14.118684930 +0100
> > @@ -8,3 +8,4 @@ Type=Application
> >  NoDisplay=true
> >  Categories=Network;WebBrowser;
> >  MimeType=application/x-java-jnlp-file;
> > +Encoding=UTF-8
> 
> 
> -- 
> Andrew :)
> 
> Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
> 
> Support Free Java!
> Contribute to GNU Classpath and IcedTea
> http://www.gnu.org/software/classpath
> http://icedtea.classpath.org
> PGP Key: F5862A37 (https://keys.indymedia.org/)
> Fingerprint = EA30 D855 D50F 90CD F54D  0698 0713 C3ED F586 2A37

More information about the distro-pkg-dev mailing list