Backporting 6675802 and 6691503 to OpenJDK6

Joe Darcy joe.darcy at oracle.com
Tue Sep 7 09:39:44 PDT 2010 

Omair Majid wrote:
> On 09/07/2010 10:48 AM, Dr Andrew John Hughes wrote:
>> On 10:10 Tue 07 Sep     , Omair Majid wrote:
>>> Hi,
>>>
>>> On 08/27/2010 02:46 PM, Joe Darcy wrote:
>>>> Hello.
>>>>
>>>> Omair Majid wrote:
>>>>> Hi,
>>>>>
>>>>> I would like permission to backport the following two changesets from
>>>>> OpenJDK7 to OpenJDK6:
>>>>>
>>>>> changeset: 190:dd66920b2d51
>>>>> user: mlapshin
>>>>> date: Fri Apr 18 18:21:02 2008 +0400
>>>>> summary: 6675802: Regression: heavyweight popups cause
>>>>> SecurityExceptions in applets
>>>>>
>>>>> changeset: 191:40414219305f
>>>>> user: mlapshin
>>>>> date: Wed Apr 23 18:06:34 2008 +0400
>>>>> summary: 6691503: Malicious applet can show always-on-top popup menu
>>>>> which has whole screen size
>>>>>
>>>>> Together, the changesets allow heavyweight popups to display when
>>>>> using applets.
>>>>>
>>>>> Thanks,
>>>>> Omair
>>>>>
>>>>
>>>> Approved to be backported if the merges are clean and if the new files
>>>> include the rebranded Oracle copyrights.
>>>>
>>>
>>> Sorry about the delay, but I was a bit busy with other stuff. The
>>> changes to src/share/classes/javax/swing/Popup.java are clean but the
>>> new test files will need to be modified to include the updated 
>>> copyright
>>> headers. Is it still OK to backport with the additional modifications?
>>> Also, given that mlapshin is responsible for the actual code changes,
>>> what is the best way to credit him for this patch?
>>>
>>> Thanks,
>>> Omair
>>
>> The updated headers should already be in the current OpenJDK7 version 
>> of the files
>> so you can just copy it over, once imported into OpenJDK6.
>>
>> For accreditation, I keep the same user as the original commit.  This 
>> happens automatically
>> in unchanged cases where you can do hg export x | hg import -, but in 
>> cases like this
>> (and these copyright changes will now produce a lot of them, sigh) 
>> you can use --user for the
>> commit.
>
> Thanks. I have pushed the changesets as follows:
>
> Changeset: 13ad7a024dfc
> Author:    mlapshin
> Date:      2008-04-18 18:21 +0400
> URL:       http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/13ad7a024dfc
>
> 6675802: Regression: heavyweight popups cause SecurityExceptions in 
> applets
> Summary: The problem code in Popup class is surrounded by 
> AccessController.doPrivileged()
> Reviewed-by: alexp
>
> ! src/share/classes/javax/swing/Popup.java
> + test/javax/swing/JPopupMenu/6675802/bug6675802.java
>
> Changeset: e091dd1776d0
> Author:    mlapshin
> Date:      2008-04-23 18:06 +0400
> URL:       http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/e091dd1776d0
>
> 6691503: Malicious applet can show always-on-top popup menu which has 
> whole screen size
> Summary: The fix for 6675802 is replaced by a try-catch clause that 
> catches SequrityExceptions for applets.
> Reviewed-by: alexp
>
> ! src/share/classes/javax/swing/Popup.java
> + test/javax/swing/JPopupMenu/6691503/bug6691503.java
>
> Cheers,
> Omair
>
>

Thanks,

-Joe

More information about the jdk6-dev mailing list