Backport JPopupMenu fixes to release branches.

Omair Majid omajid at redhat.com
Wed Feb 23 12:50:33 PST 2011 

On 02/23/2011 03:14 PM, Denis Lila wrote:
>> >  It might be a good idea to update the copyright (Sun ->  Oracle).
> Done.
> Also, I noticed that the old patches I posted were bad because
> they were against some very old clones of the release branches.
> I fixed that.
>
> Ok to push now?
>

Some comments inline.


> hgexport1.7.patch
>

> diff -r 6a127ad66978 -r d780d2efc830 patches/openjdk/6691503-malicious-applet-always-on-top.patch
> --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch	Wed Feb 23 14:00:24 2011 -0500
> @@ -0,0 +1,173 @@
> +diff -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java	Fri Apr 18 18:21:02 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java	Wed Feb 23 13:50:58 2011 -0500
> +@@ -1,12 +1,12 @@
> + /*
> +- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
> ++ * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved.
> +  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> +  *
> +  * This code is free software; you can redistribute it and/or modify it
> +  * under the terms of the GNU General Public License version 2 only, as
> +- * published by the Free Software Foundation.  Sun designates this
> ++ * published by the Free Software Foundation.  Oracle designates this
> +  * particular file as subject to the "Classpath" exception as provided
> +- * by Sun in the LICENSE file that accompanied this code.
> ++ * by Oracle in the LICENSE file that accompanied this code.
> +  *
> +  * This code is distributed in the hope that it will be useful, but WITHOUT
> +  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> +@@ -18,9 +18,9 @@
> +  * 2 along with this work; if not, write to the Free Software Foundation,
> +  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> +  *
> +- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> +- * CA 95054 USA or visitwww.sun.com  if you need additional information or
> +- * have any questions.
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visitwww.oracle.com  if you need additional information or have any
> ++ * questions.
> +  */
> +
> + package javax.swing;

Normally we only fix copyrights in new files; not files being modified. 
Also, you are not doing this for 1.9. Any particular reason why?

>
>
> hgexport1.8.patch
>
>

> diff -r 326f7589d7e8 -r 934d7afe1f52 NEWS
> --- a/NEWS	Tue Feb 15 23:02:33 2011 +0000
> +++ b/NEWS	Wed Feb 23 14:11:39 2011 -0500
> @@ -10,6 +10,10 @@
>
>   New in release 1.8.8 (20XX-XX-XX):
>
> +* Backports
> +  - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> +  - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +
>   New in release 1.8.7 (2011-02-15):
>
>   * Security updates
> @@ -21,6 +25,8 @@
>     - S6985453, CVE-2010-4471: Java2D font-related system property leak
>     - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
>     - RH677332, CVE-2011-0706: Multiple signers privilege escalation
> +  - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> +  - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
>   * Bug fixes
>     - RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken
>     - Fix latent JAXP bug caused by missing import

You are listing the same bugs twice in the NEWS file. I dont think 
that's right.

Rest looks fine to me.

Cheers,
OMair

More information about the distro-pkg-dev mailing list