/hg/release/icedtea-web-1.4: 5 new changesets

jvanek at icedtea.classpath.org jvanek at icedtea.classpath.org
Mon Sep 16 01:46:06 PDT 2013 

changeset 82e007d8b05a in /hg/release/icedtea-web-1.4
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.4?cmd=changeset;node=82e007d8b05a
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Sep 16 10:10:13 2013 +0200

	CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet


changeset 26d15dff70b2 in /hg/release/icedtea-web-1.4
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.4?cmd=changeset;node=26d15dff70b2
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Sep 16 10:12:28 2013 +0200

	Mentioned tmp. files clean up


changeset a56022978972 in /hg/release/icedtea-web-1.4
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.4?cmd=changeset;node=a56022978972
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Sep 16 10:35:49 2013 +0200

	Makefile.am: (EXTRA_DIST) added  netx-dist-tests-whitelist NEW_LINE_IFS to enable reproducers tests from dst. tarball.


changeset 517457d5f605 in /hg/release/icedtea-web-1.4
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.4?cmd=changeset;node=517457d5f605
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Sep 16 10:42:43 2013 +0200

	Prepared for 1.4.1 release


changeset 0ada01b1cdc3 in /hg/release/icedtea-web-1.4
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.4?cmd=changeset;node=0ada01b1cdc3
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Sep 16 10:45:37 2013 +0200

	Added tag icedtea-web-1.4.1 for changeset 517457d5f605


diffstat:

 .hgtags                                           |   1 +
 ChangeLog                                         |  12 ++++++++++++
 Makefile.am                                       |   2 +-
 NEWS                                              |   3 +++
 configure.ac                                      |   2 +-
 plugin/icedteanp/IcedTeaScriptablePluginObject.cc |  18 +++---------------
 6 files changed, 21 insertions(+), 17 deletions(-)

diffs (108 lines):

diff -r 508f65fc1135 -r 0ada01b1cdc3 .hgtags
--- a/.hgtags	Wed Sep 11 00:00:00 2013 +0200
+++ b/.hgtags	Mon Sep 16 10:45:37 2013 +0200
@@ -7,3 +7,4 @@
 0000000000000000000000000000000000000000 icedtea-web-1.4
 0000000000000000000000000000000000000000 icedtea-web-1.4
 7417aafce17fc2d1d11895b190a8f9a09abf228d icedtea-web-1.4
+517457d5f6051fb4b9eec08664966edd294fce54 icedtea-web-1.4.1
diff -r 508f65fc1135 -r 0ada01b1cdc3 ChangeLog
--- a/ChangeLog	Wed Sep 11 00:00:00 2013 +0200
+++ b/ChangeLog	Mon Sep 16 10:45:37 2013 +0200
@@ -1,3 +1,15 @@
+2013-09-16  Jiri Vanek  <jvanek at redhat.com> 
+
+	* Makefile.am: (EXTRA_DIST) added  netx-dist-tests-whitelist NEW_LINE_IFS
+	to enable reproducers tests from dst. tarball. 
+
+2013-09-16  Deepak Bhole <dbhole at redhat.com>
+
+	CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event
+	attached to applet
+	* plugin/icedteanp/IcedTeaScriptablePluginObject.cc: Removed unnecessary
+	heap allocations.
+
 2013-09-11  Jacob Wisor  <gitne at gmx.de>
 
 	* netx/net/sourceforge/jnlp/controlpanel/TemporaryInternetFilesPanel.java:
diff -r 508f65fc1135 -r 0ada01b1cdc3 Makefile.am
--- a/Makefile.am	Wed Sep 11 00:00:00 2013 +0200
+++ b/Makefile.am	Mon Sep 16 10:45:37 2013 +0200
@@ -185,7 +185,7 @@
 export PLUGIN_VERSION = IcedTea-Web $(FULL_VERSION)
 
 export EXTRA_DIST = $(top_srcdir)/netx $(top_srcdir)/plugin javaws.png javaws.desktop.in extra launcher \
- itweb-settings.desktop.in $(top_srcdir)/tests
+ itweb-settings.desktop.in $(top_srcdir)/tests netx-dist-tests-whitelist NEW_LINE_IFS
 
 # reproducers `D`shortcuts
 export DTEST_SERVER=-Dtest.server.dir=$(REPRODUCERS_TESTS_SERVER_DEPLOYDIR)
diff -r 508f65fc1135 -r 0ada01b1cdc3 NEWS
--- a/NEWS	Wed Sep 11 00:00:00 2013 +0200
+++ b/NEWS	Mon Sep 16 10:45:37 2013 +0200
@@ -9,11 +9,14 @@
 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
 New in release 1.4.1 (2013-XX-YY):
+* Improved and cleaned Temporary internet files panel
 * NetX
   - PR1465 - java.io.FileNotFoundException while trying to download a JAR file
   - PR1473 - javaws should not depend on name of local file
 * Plugin
   - PR854: Resizing an applet several times causes 100% CPU load
+* Security Updates
+  - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
 
 New in release 1.4 (2013-05-02):
 * Added cs localization
diff -r 508f65fc1135 -r 0ada01b1cdc3 configure.ac
--- a/configure.ac	Wed Sep 11 00:00:00 2013 +0200
+++ b/configure.ac	Mon Sep 16 10:45:37 2013 +0200
@@ -1,4 +1,4 @@
-AC_INIT([icedtea-web],[1.4.1pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
+AC_INIT([icedtea-web],[1.4.1],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
 AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
 AC_CONFIG_FILES([Makefile netx.manifest])
 
diff -r 508f65fc1135 -r 0ada01b1cdc3 plugin/icedteanp/IcedTeaScriptablePluginObject.cc
--- a/plugin/icedteanp/IcedTeaScriptablePluginObject.cc	Wed Sep 11 00:00:00 2013 +0200
+++ b/plugin/icedteanp/IcedTeaScriptablePluginObject.cc	Mon Sep 16 10:45:37 2013 +0200
@@ -591,10 +591,7 @@
 
     if (java_result->error_occurred)
     {
-        // error message must be allocated on heap
-        char* error_msg = (char*) malloc(java_result->error_msg->length()*sizeof(char));
-        strcpy(error_msg, java_result->error_msg->c_str());
-        browser_functions.setexception(npobj, error_msg);
+        browser_functions.setexception(npobj, java_result->error_msg->c_str());
         return false;
     }
 
@@ -853,11 +850,7 @@
         createJavaObjectFromVariant(instance, args[i], &id);
         if (id == "0")
         {
-            // error message must be allocated on heap
-            char* error_msg = (char*) malloc(1024*sizeof(char));
-            strcpy(error_msg, "Unable to create argument on Java side");
-
-            browser_functions.setexception(npobj, error_msg);
+            browser_functions.setexception(npobj, "Unable to create argument on Java side");
             return false;
         }
 
@@ -871,12 +864,7 @@
 
     if (java_result->error_occurred)
     {
-        // error message must be allocated on heap
-        int length = java_result->error_msg->length();
-        char* error_msg = (char*) malloc((length+1)*sizeof(char));
-        strcpy(error_msg, java_result->error_msg->c_str());
-
-        browser_functions.setexception(npobj, error_msg);
+        browser_functions.setexception(npobj, java_result->error_msg->c_str());
         return false;
     }

More information about the distro-pkg-dev mailing list