Backport JPopupMenu fixes to release branches.

Wed Feb 23 12:54:53 PST 2011

> Normally we only fix copyrights in new files; not files being
> modified.

Ok, I can fix this.

> Also, you are not doing this for 1.9. Any particular reason why?

Because the 1.9 copyrights are already Oracle copyrights.

> You are listing the same bugs twice in the NEWS file. I dont think
> that's right.

You're right, thanks for catching this.

Regards,
Denis.

----- Original Message -----
> On 02/23/2011 03:14 PM, Denis Lila wrote:
> >> >  It might be a good idea to update the copyright (Sun -> Oracle).
> > Done.
> > Also, I noticed that the old patches I posted were bad because
> > they were against some very old clones of the release branches.
> > I fixed that.
> >
> > Ok to push now?
> >
> 

> 
> 
> > hgexport1.7.patch
> >
> 
> > diff -r 6a127ad66978 -r d780d2efc830
> > patches/openjdk/6691503-malicious-applet-always-on-top.patch
> > --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> > +++ b/patches/openjdk/6691503-malicious-applet-always-on-top.patch
> > Wed Feb 23 14:00:24 2011 -0500
> > @@ -0,0 +1,173 @@
> > +diff -r dd66920b2d51 src/share/classes/javax/swing/Popup.java
> > +--- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri
> > Apr 18 18:21:02 2008 +0400
> > ++++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Feb 23
> > 13:50:58 2011 -0500
> > +@@ -1,12 +1,12 @@
> > + /*
> > +- * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
> > ++ * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All
> > rights reserved.
> > + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> > + *
> > + * This code is free software; you can redistribute it and/or
> > modify it
> > + * under the terms of the GNU General Public License version 2
> > only, as
> > +- * published by the Free Software Foundation. Sun designates this
> > ++ * published by the Free Software Foundation. Oracle designates
> > this
> > + * particular file as subject to the "Classpath" exception as
> > provided
> > +- * by Sun in the LICENSE file that accompanied this code.
> > ++ * by Oracle in the LICENSE file that accompanied this code.
> > + *
> > + * This code is distributed in the hope that it will be useful, but
> > WITHOUT
> > + * ANY WARRANTY; without even the implied warranty of
> > MERCHANTABILITY or
> > +@@ -18,9 +18,9 @@
> > + * 2 along with this work; if not, write to the Free Software
> > Foundation,
> > + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
> > + *
> > +- * Please contact Sun Microsystems, Inc., 4150 Network Circle,
> > Santa Clara,
> > +- * CA 95054 USA or visitwww.sun.com if you need additional
> > information or
> > +- * have any questions.
> > ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA
> > 94065 USA
> > ++ * or visitwww.oracle.com if you need additional information or
> > have any
> > ++ * questions.
> > + */
> > +
> > + package javax.swing;
> 

> 
> >
> >
> > hgexport1.8.patch
> >
> >
> 
> > diff -r 326f7589d7e8 -r 934d7afe1f52 NEWS
> > --- a/NEWS Tue Feb 15 23:02:33 2011 +0000
> > +++ b/NEWS Wed Feb 23 14:11:39 2011 -0500
> > @@ -10,6 +10,10 @@
> >
> >   New in release 1.8.8 (20XX-XX-XX):
> >
> > +* Backports
> > + - S6675802: Regression: heavyweight popups cause
> > SecurityExceptions in applets
> > + - S6691503: Malicious applet can show always-on-top popup menu
> > which has whole screen size
> > +
> >   New in release 1.8.7 (2011-02-15):
> >
> >   * Security updates
> > @@ -21,6 +25,8 @@
> >     - S6985453, CVE-2010-4471: Java2D font-related system property
> >     leak
> >     - S6927050, CVE-2010-4470: JAXP untrusted component state
> >     manipulation
> >     - RH677332, CVE-2011-0706: Multiple signers privilege escalation
> > + - S6675802: Regression: heavyweight popups cause
> > SecurityExceptions in applets
> > + - S6691503: Malicious applet can show always-on-top popup menu
> > which has whole screen size
> >   * Bug fixes
> >     - RH676659: Pass -export-dynamic flag to linker using -Wl, as
> >     option in gcc 4.6+ is broken
> >     - Fix latent JAXP bug caused by missing import
> 

> 
> Rest looks fine to me.
> 
> Cheers,
> OMair