/hg/release/icedtea6-1.8: 5 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Jan 18 06:33:35 PST 2011
changeset aa77afad613c in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=aa77afad613c
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Dec 16 22:37:25 2010 +0000
RH663680, CVE-2010-4351: JNLP SecurityManager bypass
2010-12-16 Omair Majid <omajid at redhat.com>
RH663680, CVE-2010-4351:
* NEWS: List issue.
* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
Make sure SecurityException is thrown if necessary.
changeset 975f7989ae66 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=975f7989ae66
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu Dec 16 23:46:20 2010 +0000
Bump to 1.8.4.
2010-12-16 Andrew John Hughes <ahughes at redhat.com>
* configure.ac: Bump to 1.8.4.
changeset 16ff9ccc0634 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=16ff9ccc0634
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Jan 18 14:28:55 2011 +0000
Added tag icedtea6-1.8.4 for changeset 975f7989ae66
changeset 1f604d5d30e4 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=1f604d5d30e4
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Jan 18 14:31:26 2011 +0000
Merge
changeset ddfe477c1b26 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=ddfe477c1b26
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Jan 18 14:33:22 2011 +0000
Prepare for 1.8.5.
2011-01-18 Andrew John Hughes <ahughes at redhat.com>
* configure.ac: Bump to 1.8.5pre.
* NEWS: Add 1.8.5.
diffstat:
10 files changed, 5095 insertions(+), 182 deletions(-)
.hgtags | 1
ChangeLog | 34
Makefile.am | 5
NEWS | 14
configure.ac | 2
netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java | 278
patches/fonts-rhel.patch | 146
patches/openjdk/6541476-png-iTXt-chunk.patch | 549 +
patches/openjdk/6687968-pngimagereader_mem_leak.patch | 126
patches/openjdk/6782079-png_metadata_oom.patch | 4122 ++++++++++++
diffs (truncated from 5667 to 500 lines):
diff -r 7fbd2259a4c1 -r ddfe477c1b26 .hgtags
--- a/.hgtags Thu Dec 16 19:37:17 2010 +0000
+++ b/.hgtags Tue Jan 18 14:33:22 2011 +0000
@@ -24,3 +24,4 @@ 1419166fcebf45ac187cfe2a4e1a45548cdeb5bd
1419166fcebf45ac187cfe2a4e1a45548cdeb5bd icedtea6-1.8.1
e96213dd3cd67306ded33a13319e8681728c7299 icedtea6-1.8.2
4f06af1897c3feff8708ff35a94df642f363d190 icedtea6-1.8.3
+975f7989ae6615f5d0cbce3089291a7c8841364f icedtea6-1.8.4
diff -r 7fbd2259a4c1 -r ddfe477c1b26 ChangeLog
--- a/ChangeLog Thu Dec 16 19:37:17 2010 +0000
+++ b/ChangeLog Tue Jan 18 14:33:22 2011 +0000
@@ -1,3 +1,37 @@ 2010-12-16 Andrew John Hughes <ahughes
+2011-01-18 Andrew John Hughes <ahughes at redhat.com>
+
+ * configure.ac: Bump to 1.8.5pre.
+ * NEWS: Add 1.8.5.
+
+2010-12-24 Deepak Bhole <dbhole at redhat.com>
+
+ Backport S6687968, S6541476, S6782079
+ * Makefile.am: Add missing "\" to the patch list, update to include
+ new patches.
+ * NEWS: Updated.
+ * patches/openjdk/6687968-pngimagereader_mem_leak.patch: Backport to allow
+ S6541476 fix to apply cleanly.
+ * patches/openjdk/6541476-png-iTXt-chunk.patch: Backport to fix iTXt chunk
+ handling for png images. Also addresses RH665355.
+ * patches/openjdk/6782079-png_metadata_oom.patch: Backport to fix
+ potential OOM error when reading metadata on truncated pngs.
+
+2010-12-23 Jiri Vanek <jvanek at redhat.com>
+
+ * NEWS: Updated with rh.bugzilas.
+ * patches/fonts-rhel.patch:repaired rhel 6 fonts configuration.
+
+2010-12-16 Andrew John Hughes <ahughes at redhat.com>
+
+ * configure.ac: Bump to 1.8.4.
+
+2010-12-16 Omair Majid <omajid at redhat.com>
+
+ RH663680, CVE-2010-4351:
+ * NEWS: List issue.
+ * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
+ Make sure SecurityException is thrown if necessary.
+
2010-12-16 Andrew John Hughes <ahughes at redhat.com>
* NEWS: Fix issue placement.
diff -r 7fbd2259a4c1 -r ddfe477c1b26 Makefile.am
--- a/Makefile.am Thu Dec 16 19:37:17 2010 +0000
+++ b/Makefile.am Tue Jan 18 14:33:22 2011 +0000
@@ -360,7 +360,10 @@ ICEDTEA_PATCHES = \
patches/openjdk/6438179-systray_check.patch \
patches/openjdk/4356282-opentype.patch \
patches/openjdk/6954424-opentype_javadoc.patch \
- patches/openjdk/6795356-proxylazyvalue-leak.patch
+ patches/openjdk/6795356-proxylazyvalue-leak.patch \
+ patches/openjdk/6687968-pngimagereader_mem_leak.patch \
+ patches/openjdk/6541476-png-iTXt-chunk.patch \
+ patches/openjdk/6782079-png_metadata_oom.patch
if WITH_ALT_HSBUILD
ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/openjdk-6886353-ignore_deoptimizealot.patch \
diff -r 7fbd2259a4c1 -r ddfe477c1b26 NEWS
--- a/NEWS Thu Dec 16 19:37:17 2010 +0000
+++ b/NEWS Tue Jan 18 14:33:22 2011 +0000
@@ -8,7 +8,19 @@ GX - http://bugs.gentoo.org/show_bug.cg
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.8.4 (201X-XX-XX):
+New in release 1.8.5 (2011-XX-XX):
+
+* Backports
+ - S6687968: PNGImageReader leaks native memory through an Inflater
+ - S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk
+ - S6782079: PNG: reading metadata may cause OOM on truncated images
+* Fixes
+ - RH647157,RH582455: Update fontconfig files for rhel 6
+
+New in release 1.8.4 (2011-01-12):
+
+* Security updates
+ - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
* Backports
- S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
- S4356282: RFE: JDK should support OpenType/CFF fonts
diff -r 7fbd2259a4c1 -r ddfe477c1b26 configure.ac
--- a/configure.ac Thu Dec 16 19:37:17 2010 +0000
+++ b/configure.ac Tue Jan 18 14:33:22 2011 +0000
@@ -1,4 +1,4 @@ AC_INIT([icedtea6],[1.8.4pre],[distro-pk
-AC_INIT([icedtea6],[1.8.4pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.8.5pre],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r 7fbd2259a4c1 -r ddfe477c1b26 netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Thu Dec 16 19:37:17 2010 +0000
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Tue Jan 18 14:33:22 2011 +0000
@@ -188,21 +188,21 @@ class JNLPSecurityManager extends Securi
* Return the current Application, or null.
*/
protected ApplicationInstance getApplication(Class stack[], int maxDepth) {
- if (maxDepth <= 0)
- maxDepth = stack.length;
+ if (maxDepth <= 0)
+ maxDepth = stack.length;
- // this needs to be tightened up
- for (int i=0; i < stack.length && i < maxDepth; i++) {
- if (stack[i].getClassLoader() instanceof JNLPClassLoader) {
- JNLPClassLoader loader = (JNLPClassLoader) stack[i].getClassLoader();
+ // this needs to be tightened up
+ for (int i=0; i < stack.length && i < maxDepth; i++) {
+ if (stack[i].getClassLoader() instanceof JNLPClassLoader) {
+ JNLPClassLoader loader = (JNLPClassLoader) stack[i].getClassLoader();
- if (loader != null && loader.getApplication() != null) {
- return loader.getApplication();
- }
- }
- }
+ if (loader != null && loader.getApplication() != null) {
+ return loader.getApplication();
+ }
+ }
+ }
- return null;
+ return null;
}
/**
@@ -227,17 +227,17 @@ class JNLPSecurityManager extends Securi
// Enable this manually -- it'll produce too much output for -verbose
// otherwise.
- // if (true)
- // System.out.println("Checking permission: " + perm.toString());
+ // if (true)
+ // System.out.println("Checking permission: " + perm.toString());
- if (!JNLPRuntime.isWebstartApplication() &&
- ("setPolicy".equals(name) || "setSecurityManager".equals(name)))
+ if (!JNLPRuntime.isWebstartApplication() &&
+ ("setPolicy".equals(name) || "setSecurityManager".equals(name)))
throw new SecurityException(R("RCantReplaceSM"));
try {
// deny all permissions to stopped applications
- // The call to getApplication() below might not work if an
- // application hasn't been fully initialized yet.
+ // The call to getApplication() below might not work if an
+ // application hasn't been fully initialized yet.
// if (JNLPRuntime.isDebug()) {
// if (!"getClassLoader".equals(name)) {
// ApplicationInstance app = getApplication();
@@ -245,95 +245,97 @@ class JNLPSecurityManager extends Securi
// throw new SecurityException(R("RDenyStopped"));
// }
// }
-
- try {
- super.checkPermission(perm);
- } catch (SecurityException se) {
- //This section is a special case for dealing with SocketPermissions.
- if (JNLPRuntime.isDebug())
- System.err.println("Requesting permission: " + perm.toString());
+ try {
+ super.checkPermission(perm);
+ } catch (SecurityException se) {
- //Change this SocketPermission's action to connect and accept
- //(and resolve). This is to avoid asking for connect permission
- //on every address resolve.
- Permission tmpPerm = null;
- if (perm instanceof SocketPermission) {
- tmpPerm = new SocketPermission(perm.getName(),
- SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
-
- // before proceeding, check if we are trying to connect to same origin
- ApplicationInstance app = getApplication();
- JNLPFile file = app.getJNLPFile();
+ //This section is a special case for dealing with SocketPermissions.
+ if (JNLPRuntime.isDebug())
+ System.err.println("Requesting permission: " + perm.toString());
- String srcHost = file.getSourceLocation().getAuthority();
- String destHost = name;
-
- // host = abc.xyz.com or abc.xyz.com:<port>
- if (destHost.indexOf(':') >= 0)
- destHost = destHost.substring(0, destHost.indexOf(':'));
-
- // host = abc.xyz.com
- String[] hostComponents = destHost.split("\\.");
-
- int length = hostComponents.length;
- if (length >= 2) {
-
- // address is in xxx.xxx.xxx format
- destHost = hostComponents[length -2] + "." + hostComponents[length -1];
-
- // host = xyz.com i.e. origin
- boolean isDestHostName = false;
+ //Change this SocketPermission's action to connect and accept
+ //(and resolve). This is to avoid asking for connect permission
+ //on every address resolve.
+ Permission tmpPerm = null;
+ if (perm instanceof SocketPermission) {
+ tmpPerm = new SocketPermission(perm.getName(),
+ SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
- // make sure that it is not an ip address
- try {
- Integer.parseInt(hostComponents[length -1]);
- } catch (NumberFormatException e) {
- isDestHostName = true;
- }
+ // before proceeding, check if we are trying to connect to same origin
+ ApplicationInstance app = getApplication();
+ JNLPFile file = app.getJNLPFile();
- if (isDestHostName) {
- // okay, destination is hostname. Now figure out if it is a subset of origin
- if (srcHost.endsWith(destHost)) {
- addPermission(tmpPerm);
- return;
- }
- }
- }
+ String srcHost = file.getSourceLocation().getAuthority();
+ String destHost = name;
- } else if (perm instanceof SecurityPermission) {
+ // host = abc.xyz.com or abc.xyz.com:<port>
+ if (destHost.indexOf(':') >= 0)
+ destHost = destHost.substring(0, destHost.indexOf(':'));
- // JCE's initialization requires putProviderProperty permission
- if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
- if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
- return;
- }
- }
+ // host = abc.xyz.com
+ String[] hostComponents = destHost.split("\\.");
- } else if (perm instanceof RuntimePermission) {
+ int length = hostComponents.length;
+ if (length >= 2) {
- // KeyGenerator's init method requires internal spec access
- if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
- if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
- return;
- }
- }
+ // address is in xxx.xxx.xxx format
+ destHost = hostComponents[length -2] + "." + hostComponents[length -1];
- } else {
- tmpPerm = perm;
- }
+ // host = xyz.com i.e. origin
+ boolean isDestHostName = false;
- if (tmpPerm != null) {
- //askPermission will only prompt the user on SocketPermission
- //meaning we're denying all other SecurityExceptions that may arise.
- if (askPermission(tmpPerm)) {
- addPermission(tmpPerm);
- //return quietly.
- } else {
- throw se;
- }
- }
- }
+ // make sure that it is not an ip address
+ try {
+ Integer.parseInt(hostComponents[length -1]);
+ } catch (NumberFormatException e) {
+ isDestHostName = true;
+ }
+
+ if (isDestHostName) {
+ // okay, destination is hostname. Now figure out if it is a subset of origin
+ if (srcHost.endsWith(destHost)) {
+ addPermission(tmpPerm);
+ return;
+ }
+ }
+ }
+
+ } else if (perm instanceof SecurityPermission) {
+ tmpPerm = perm;
+
+ // JCE's initialization requires putProviderProperty permission
+ if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
+ if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
+ return;
+ }
+ }
+
+ } else if (perm instanceof RuntimePermission) {
+ tmpPerm = perm;
+
+ // KeyGenerator's init method requires internal spec access
+ if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
+ if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
+ return;
+ }
+ }
+
+ } else {
+ tmpPerm = perm;
+ }
+
+ if (tmpPerm != null) {
+ //askPermission will only prompt the user on SocketPermission
+ //meaning we're denying all other SecurityExceptions that may arise.
+ if (askPermission(tmpPerm)) {
+ addPermission(tmpPerm);
+ //return quietly.
+ } else {
+ throw se;
+ }
+ }
+ }
}
catch (SecurityException ex) {
if (JNLPRuntime.isDebug()) {
@@ -343,18 +345,18 @@ class JNLPSecurityManager extends Securi
}
}
- /**
- * Returns weather the given class and method are in the current stack,
+ /**
+ * Returns weather the given class and method are in the current stack,
* and whether or not everything upto then is trusted
- *
+ *
* @param className The name of the class to look for in the stack
* @param methodName The name of the method for the given class to look for in the stack
* @return Weather or not class::method() are in the chain, and everything upto there is trusted
*/
private boolean inTrustedCallChain(String className, String methodName) {
-
+
StackTraceElement[] stack = Thread.currentThread().getStackTrace();
-
+
for (int i=0; i < stack.length; i++) {
// Everything up to the desired class/method must be trusted
@@ -367,49 +369,49 @@ class JNLPSecurityManager extends Securi
return true;
}
}
-
+
return false;
}
-
+
/**
* Asks the user whether or not to grant permission.
* @param perm the permission to be granted
* @return true if the permission was granted, false otherwise.
*/
- private boolean askPermission(Permission perm) {
-
- ApplicationInstance app = getApplication();
- if (app != null && !app.isSigned()) {
- if (perm instanceof SocketPermission
- && ServiceUtil.checkAccess(SecurityWarningDialog.AccessType.NETWORK, perm.getName())) {
- return true;
- }
- }
+ private boolean askPermission(Permission perm) {
- return false;
+ ApplicationInstance app = getApplication();
+ if (app != null && !app.isSigned()) {
+ if (perm instanceof SocketPermission
+ && ServiceUtil.checkAccess(SecurityWarningDialog.AccessType.NETWORK, perm.getName())) {
+ return true;
+ }
+ }
+
+ return false;
}
/**
* Adds a permission to the JNLPClassLoader.
* @param perm the permission to add to the JNLPClassLoader
*/
- private void addPermission(Permission perm) {
- if (JNLPRuntime.getApplication().getClassLoader() instanceof JNLPClassLoader) {
+ private void addPermission(Permission perm) {
+ if (JNLPRuntime.getApplication().getClassLoader() instanceof JNLPClassLoader) {
- JNLPClassLoader cl = (JNLPClassLoader) JNLPRuntime.getApplication().getClassLoader();
- cl.addPermission(perm);
- if (JNLPRuntime.isDebug()) {
- if (cl.getPermissions(null).implies(perm))
- System.err.println("Added permission: " + perm.toString());
- else
- System.err.println("Unable to add permission: " + perm.toString());
- }
- } else {
- if (JNLPRuntime.isDebug())
- System.err.println("Unable to add permission: " + perm + ", classloader not JNLP.");
- }
+ JNLPClassLoader cl = (JNLPClassLoader) JNLPRuntime.getApplication().getClassLoader();
+ cl.addPermission(perm);
+ if (JNLPRuntime.isDebug()) {
+ if (cl.getPermissions(null).implies(perm))
+ System.err.println("Added permission: " + perm.toString());
+ else
+ System.err.println("Unable to add permission: " + perm.toString());
+ }
+ } else {
+ if (JNLPRuntime.isDebug())
+ System.err.println("Unable to add permission: " + perm + ", classloader not JNLP.");
+ }
}
-
+
/**
* Checks whether the window can be displayed without an applet
* warning banner, and adds the window to the list of windows to
@@ -418,7 +420,7 @@ class JNLPSecurityManager extends Securi
public boolean checkTopLevelWindow(Object window) {
ApplicationInstance app = getApplication();
- // remember window -> application mapping for focus, close on exit
+ // remember window -> application mapping for focus, close on exit
if (app != null && window instanceof Window) {
Window w = (Window) window;
@@ -439,7 +441,7 @@ class JNLPSecurityManager extends Securi
// todo: set awt.appletWarning to custom message
// todo: logo on with glass pane on JFrame/JWindow?
-
+
return super.checkTopLevelWindow(window);
}
@@ -458,16 +460,16 @@ class JNLPSecurityManager extends Securi
*/
public void checkExit(int status) {
- // applets are not allowed to exit, but the plugin main class (primordial loader) is
+ // applets are not allowed to exit, but the plugin main class (primordial loader) is
Class stack[] = getClassContext();
if (!exitAllowed) {
- for (int i=0; i < stack.length; i++)
- if (stack[i].getClassLoader() != null)
- throw new AccessControlException("Applets may not call System.exit()");
+ for (int i=0; i < stack.length; i++)
+ if (stack[i].getClassLoader() != null)
+ throw new AccessControlException("Applets may not call System.exit()");
}
- super.checkExit(status);
-
+ super.checkExit(status);
+
boolean realCall = (stack[1] == Runtime.class);
if (isExitClass(stack)) // either exitClass called or no exitClass set
@@ -498,9 +500,9 @@ class JNLPSecurityManager extends Securi
}
protected void disableExit() {
- exitAllowed = false;
+ exitAllowed = false;
}
-
+
}
diff -r 7fbd2259a4c1 -r ddfe477c1b26 patches/fonts-rhel.patch
--- a/patches/fonts-rhel.patch Thu Dec 16 19:37:17 2010 +0000
+++ b/patches/fonts-rhel.patch Tue Jan 18 14:33:22 2011 +0000
@@ -11,10 +11,9 @@ diff -Nru openjdk.orig/jdk/make/sun/awt/
else
FONTCONFIGS_SRC = $(CLOSED_SRC)/solaris/classes/sun/awt/fontconfigs
-diff -Nru openjdk.orig/jdk/src/solaris/classes/sun/awt/fontconfigs/linux.fontconfig.RedHat.6.0.properties openjdk/jdk/src/solaris/classes/sun/awt/fontconfigs/linux.fontconfig.RedHat.6.0.properties
---- openjdk.orig/jdk/src/solaris/classes/sun/awt/fontconfigs/linux.fontconfig.RedHat.6.0.properties 1970-01-01 01:00:00.000000000 +0100
-+++ openjdk/jdk/src/solaris/classes/sun/awt/fontconfigs/linux.fontconfig.RedHat.6.0.properties 2010-08-12 22:52:55.716852554 +0100
-@@ -0,0 +1,376 @@
+--- /dev/null 2010-12-20 09:26:08.850062021 +0100
More information about the distro-pkg-dev
mailing list