Backport JPopupMenu fixes to release branches.
Denis Lila
dlila at redhat.com
Wed Feb 23 12:54:53 PST 2011
> Normally we only fix copyrights in new files; not files being
> modified.
Ok, I can fix this.
> Also, you are not doing this for 1.9. Any particular reason why?
Because the 1.9 copyrights are already Oracle copyrights.
> You are listing the same bugs twice in the NEWS file. I dont think
> that's right.
You're right, thanks for catching this.
Regards,
Denis.
----- Original Message -----
> On 02/23/2011 03:14 PM, Denis Lila wrote:
> >> > It might be a good idea to update the copyright (Sun -> Oracle).
> > Done.
> > Also, I noticed that the old patches I posted were bad because
> > they were against some very old clones of the release branches.
> > I fixed that.
> >
> > Ok to push now?
> >
>
>
>
> > hgexport1.7.patch
> >
>
> > diff -r 6a127ad66978 -r d780d2efc830
> > patches/openjdk/6691503-malicious-applet-always-on-top.patch
> > --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> > +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch
> > Wed Feb 23 14:00:24 2011 -0500
> > @@ -0,0 +1,173 @@
> > +diff -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> > +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri
> > Apr 18 18:21:02 2008 +0400
> > ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Feb 23
> > 13:50:58 2011 -0500
> > +@@ -1,12 +1,12 @@
> > + /*
> > +- * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
> > ++ * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All
> > rights reserved.
> > + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> > + *
> > + * This code is free software; you can redistribute it and/or
> > modify it
> > + * under the terms of the GNU General Public License version 2
> > only, as
> > +- * published by the Free Software Foundation. Sun designates this
> > ++ * published by the Free Software Foundation. Oracle designates
> > this
> > + * particular file as subject to the "Classpath" exception as
> > provided
> > +- * by Sun in the LICENSE file that accompanied this code.
> > ++ * by Oracle in the LICENSE file that accompanied this code.
> > + *
> > + * This code is distributed in the hope that it will be useful, but
> > WITHOUT
> > + * ANY WARRANTY; without even the implied warranty of
> > MERCHANTABILITY or
> > +@@ -18,9 +18,9 @@
> > + * 2 along with this work; if not, write to the Free Software
> > Foundation,
> > + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> > + *
> > +- * Please contact Sun Microsystems, Inc., 4150 Network Circle,
> > Santa Clara,
> > +- * CA 95054 USA or visitwww.sun.com if you need additional
> > information or
> > +- * have any questions.
> > ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA
> > 94065 USA
> > ++ * or visitwww.oracle.com if you need additional information or
> > have any
> > ++ * questions.
> > + */
> > +
> > + package javax.swing;
>
>
> >
> >
> > hgexport1.8.patch
> >
> >
>
> > diff -r 326f7589d7e8 -r 934d7afe1f52 NEWS
> > --- a/NEWS Tue Feb 15 23:02:33 2011 +0000
> > +++ b/NEWS Wed Feb 23 14:11:39 2011 -0500
> > @@ -10,6 +10,10 @@
> >
> > New in release 1.8.8 (20XX-XX-XX):
> >
> > +* Backports
> > + - S6675802: Regression: heavyweight popups cause
> > SecurityExceptions in applets
> > + - S6691503: Malicious applet can show always-on-top popup menu
> > which has whole screen size
> > +
> > New in release 1.8.7 (2011-02-15):
> >
> > * Security updates
> > @@ -21,6 +25,8 @@
> > - S6985453, CVE-2010-4471: Java2D font-related system property
> > leak
> > - S6927050, CVE-2010-4470: JAXP untrusted component state
> > manipulation
> > - RH677332, CVE-2011-0706: Multiple signers privilege escalation
> > + - S6675802: Regression: heavyweight popups cause
> > SecurityExceptions in applets
> > + - S6691503: Malicious applet can show always-on-top popup menu
> > which has whole screen size
> > * Bug fixes
> > - RH676659: Pass -export-dynamic flag to linker using -Wl, as
> > option in gcc 4.6+ is broken
> > - Fix latent JAXP bug caused by missing import
>
>
> Rest looks fine to me.
>
> Cheers,
> OMair
More information about the distro-pkg-dev
mailing list