Backport JPopupMenu fixes to release branches.
Omair Majid
omajid at redhat.com
Wed Feb 23 12:50:33 PST 2011
On 02/23/2011 03:14 PM, Denis Lila wrote:
>> > It might be a good idea to update the copyright (Sun -> Oracle).
> Done.
> Also, I noticed that the old patches I posted were bad because
> they were against some very old clones of the release branches.
> I fixed that.
>
> Ok to push now?
>
Some comments inline.
> hgexport1.7.patch
>
> diff -r 6a127ad66978 -r d780d2efc830 patches/openjdk/6691503-malicious-applet-always-on-top.patch
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch Wed Feb 23 14:00:24 2011 -0500
> @@ -0,0 +1,173 @@
> +diff -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400
> ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Feb 23 13:50:58 2011 -0500
> +@@ -1,12 +1,12 @@
> + /*
> +- * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
> ++ * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved.
> + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> + *
> + * This code is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License version 2 only, as
> +- * published by the Free Software Foundation. Sun designates this
> ++ * published by the Free Software Foundation. Oracle designates this
> + * particular file as subject to the "Classpath" exception as provided
> +- * by Sun in the LICENSE file that accompanied this code.
> ++ * by Oracle in the LICENSE file that accompanied this code.
> + *
> + * This code is distributed in the hope that it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> +@@ -18,9 +18,9 @@
> + * 2 along with this work; if not, write to the Free Software Foundation,
> + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> + *
> +- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
> +- * CA 95054 USA or visitwww.sun.com if you need additional information or
> +- * have any questions.
> ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
> ++ * or visitwww.oracle.com if you need additional information or have any
> ++ * questions.
> + */
> +
> + package javax.swing;
Normally we only fix copyrights in new files; not files being modified.
Also, you are not doing this for 1.9. Any particular reason why?
>
>
> hgexport1.8.patch
>
>
> diff -r 326f7589d7e8 -r 934d7afe1f52 NEWS
> --- a/NEWS Tue Feb 15 23:02:33 2011 +0000
> +++ b/NEWS Wed Feb 23 14:11:39 2011 -0500
> @@ -10,6 +10,10 @@
>
> New in release 1.8.8 (20XX-XX-XX):
>
> +* Backports
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> +
> New in release 1.8.7 (2011-02-15):
>
> * Security updates
> @@ -21,6 +25,8 @@
> - S6985453, CVE-2010-4471: Java2D font-related system property leak
> - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
> - RH677332, CVE-2011-0706: Multiple signers privilege escalation
> + - S6675802: Regression: heavyweight popups cause SecurityExceptions in applets
> + - S6691503: Malicious applet can show always-on-top popup menu which has whole screen size
> * Bug fixes
> - RH676659: Pass -export-dynamic flag to linker using -Wl, as option in gcc 4.6+ is broken
> - Fix latent JAXP bug caused by missing import
You are listing the same bugs twice in the NEWS file. I dont think
that's right.
Rest looks fine to me.
Cheers,
OMair
More information about the distro-pkg-dev
mailing list