[security-dev 00763]: hg: jdk7/tl/jdk: 31 new changesets

abhijit.saha at sun.com abhijit.saha at sun.com
Fri Apr 17 09:26:22 PDT 2009


Changeset: fb2ccb7c50c7
Author:    wetmore
Date:      2008-08-22 18:48 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/fb2ccb7c50c7

6497740: Limit the size of RSA public keys
Reviewed-by: andreas, valeriep, vinnie

! src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
! src/share/classes/sun/security/pkcs11/P11KeyStore.java
! src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java
! src/share/classes/sun/security/pkcs11/SunPKCS11.java
! src/share/classes/sun/security/rsa/RSAKeyFactory.java
! src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
! src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
! src/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java
! src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
! src/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
! src/windows/classes/sun/security/mscapi/RSASignature.java

Changeset: 8e51a219fc3b
Author:    weijun
Date:      2008-10-01 10:01 +0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8e51a219fc3b

6588160: jaas krb5 client leaks OS-level UDP sockets (all platforms)
Reviewed-by: jccollet, chegar

! src/share/classes/sun/security/krb5/KrbKdcReq.java
! src/share/classes/sun/security/krb5/internal/UDPClient.java

Changeset: 150a441a305d
Author:    ksrini
Date:      2008-09-04 09:43 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/150a441a305d

6733959: Insufficient checks for "Main-Class" manifest entry in JAR files
Summary: Fixes a buffer overrun problem with a very long Main-Class attribute.
Reviewed-by: darcy

! src/share/bin/emessages.h
! src/share/bin/java.c
! test/tools/launcher/MultipleJRE.sh
+ test/tools/launcher/ZipMeUp.java

Changeset: ec336f0e23f4
Author:    okutsu
Date:      2008-10-02 16:49 +0900
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ec336f0e23f4

6734167: Calendar.readObject allows elevation of privileges
Reviewed-by: peytoia

! src/share/classes/java/util/Calendar.java

Changeset: 135c5fe2ee42
Author:    bae
Date:      2008-10-02 20:37 +0400
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/135c5fe2ee42

6726779: ConvolveOp on USHORT raster can cause the JVM crash.
Reviewed-by: igor, prr

! src/share/native/sun/awt/medialib/awt_ImagingLib.c
+ test/java/awt/image/ConvolveOp/EdgeNoOpCrash.java

Changeset: 9d1033f65e4b
Author:    alanb
Date:      2008-10-09 21:12 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9d1033f65e4b

6721753: File.createTempFile produces guessable file names
Reviewed-by: sherman

! src/share/classes/java/io/File.java

Changeset: 3c567ab34788
Author:    ksrini
Date:      2008-10-17 09:43 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3c567ab34788

6755943: Java JAR Pack200 Decompression should enforce stricter header checks
Summary: Fixes a core dump when fed with a faulty pack file and related malicious take over
Reviewed-by: jrose

! make/common/shared/Defs-windows.gmk
! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
! src/share/native/com/sun/java/util/jar/pack/defines.h
! src/share/native/com/sun/java/util/jar/pack/main.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.h
! src/share/native/com/sun/java/util/jar/pack/utils.cpp
! src/share/native/com/sun/java/util/jar/pack/utils.h
+ test/tools/pack200/MemoryAllocatorTest.java

Changeset: 0291de857e51
Author:    bae
Date:      2008-12-03 13:34 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0291de857e51

6766136: corrupted gif image may cause crash in java splashscreen library.
Reviewed-by: prr, art

! src/share/native/sun/awt/splashscreen/splashscreen_gfx_impl.h
! src/share/native/sun/awt/splashscreen/splashscreen_gif.c

Changeset: dfb09d805b2d
Author:    prr
Date:      2008-12-24 15:48 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dfb09d805b2d

6652463: MediaSize constructors allow to redefine the mapping of standard MediaSizeName values
Reviewed-by: igor, jgodinez

! src/share/classes/javax/print/attribute/standard/MediaSize.java
+ test/javax/print/attribute/MediaMappingsTest.java

Changeset: a8ec0998704e
Author:    weijun
Date:      2008-12-30 10:42 +0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a8ec0998704e

6717680: LdapCtx does not close the connection if initialization fails
Reviewed-by: vinnie, xuelei

! src/share/classes/com/sun/jndi/ldap/LdapCtx.java

Changeset: 6a4e03cc03bb
Author:    prr
Date:      2009-01-05 11:28 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6a4e03cc03bb

6632886: Font.createFont can be persuaded to leak temporary files
6522586: Enforce limits on Font creation
6652929: Font.createFont(int,File) trusts File.getPath
Reviewed-by: igor

! src/share/classes/java/awt/Font.java
+ src/share/classes/sun/font/CreatedFontTracker.java
! src/share/classes/sun/font/FileFont.java
! src/share/classes/sun/font/FontManager.java
+ test/java/awt/FontClass/CreateFont/A.ttf
+ test/java/awt/FontClass/CreateFont/BigFont.java
+ test/java/awt/FontClass/CreateFont/DeleteFont.java
+ test/java/awt/FontClass/CreateFont/DeleteFont.sh
+ test/java/awt/FontClass/CreateFont/bigfont.html
+ test/java/awt/FontClass/CreateFont/fileaccess/FontFile.java

Changeset: 392c4225d636
Author:    ksrini
Date:      2009-02-18 14:14 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/392c4225d636

6792554: Java JAR Pack200 header checks are insufficent
Summary: Added several checks to ensure that the values read from the headers are consistent
Reviewed-by: jrose

! src/share/native/com/sun/java/util/jar/pack/bands.cpp
! src/share/native/com/sun/java/util/jar/pack/coding.cpp
! src/share/native/com/sun/java/util/jar/pack/defines.h
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
- test/tools/pack200/MemoryAllocatorTest.java

Changeset: 7f4cf1eb7586
Author:    bae
Date:      2009-02-20 13:48 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7f4cf1eb7586

6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8]
Reviewed-by: prr

! src/share/native/sun/awt/splashscreen/splashscreen_gif.c
! src/share/native/sun/awt/splashscreen/splashscreen_impl.h
! src/share/native/sun/awt/splashscreen/splashscreen_png.c

Changeset: dedf9366f289
Author:    prr
Date:      2009-03-03 16:10 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dedf9366f289

2163516: Font.createFont can be persuaded to leak temporary files
Reviewed-by: igor

! src/share/classes/sun/font/FontManager.java
! src/share/classes/sun/font/TrueTypeFont.java
! src/share/classes/sun/font/Type1Font.java
! test/java/awt/FontClass/CreateFont/DeleteFont.java

Changeset: 7f6c1ce75629
Author:    bae
Date:      2009-03-05 19:36 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7f6c1ce75629

6804998: JRE GIF Decoding Heap Corruption [V-y6g5jlm8e1]
Reviewed-by: prr

! src/share/classes/sun/awt/image/GifImageDecoder.java
! src/share/native/sun/awt/image/gif/gifdecoder.c

Changeset: 51f13571014c
Author:    bae
Date:      2009-03-06 12:40 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/51f13571014c

6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp]
Reviewed-by: prr

! src/share/native/sun/awt/giflib/dgif_lib.c

Changeset: 2e34ef54a93a
Author:    michaelm
Date:      2009-03-10 03:18 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2e34ef54a93a

6630639: lightweight HttpServer leaks file descriptors on no-data connections
Summary: not cleaning up no-data connections properly
Reviewed-by: chegar

! src/share/classes/sun/net/httpserver/Request.java
! src/share/classes/sun/net/httpserver/ServerImpl.java

Changeset: 21e38c573956
Author:    dfuchs
Date:      2009-03-09 21:49 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/21e38c573956

6656633: getNotificationInfo methods static mutable
Reviewed-by: emcmanus, jfdenise

! src/share/classes/javax/management/monitor/CounterMonitor.java
! src/share/classes/javax/management/monitor/GaugeMonitor.java
! src/share/classes/javax/management/monitor/StringMonitor.java

Changeset: ea88236be621
Author:    dfuchs
Date:      2009-03-10 12:28 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ea88236be621

Merge


Changeset: 8cdfcdea53cb
Author:    dfuchs
Date:      2009-03-09 22:17 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8cdfcdea53cb

6691246: Thread context class loader can be set using JMX remote ClientNotifForwarded
Reviewed-by: emcmanus

! src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java

Changeset: 09b17f679cbd
Author:    dfuchs
Date:      2009-03-10 12:36 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/09b17f679cbd

Merge


Changeset: 13dfb2c46091
Author:    dfuchs
Date:      2009-03-09 22:34 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/13dfb2c46091

6610888: Potential use of cleared of incorrect acc in JMX Monitor
Reviewed-by: emcmanus

! src/share/classes/javax/management/monitor/Monitor.java

Changeset: de520a184ddb
Author:    dfuchs
Date:      2009-03-10 12:47 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/de520a184ddb

Merge


Changeset: 8062f8c51a88
Author:    dfuchs
Date:      2009-03-09 22:49 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8062f8c51a88

6610896: JMX Monitor handles thread groups incorrectly
Reviewed-by: emcmanus

! src/share/classes/javax/management/monitor/Monitor.java

Changeset: e1d79edaf7a0
Author:    dfuchs
Date:      2009-03-10 12:55 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e1d79edaf7a0

Merge

! src/share/classes/javax/management/monitor/Monitor.java

Changeset: 3265fb461090
Author:    dfuchs
Date:      2009-03-09 23:50 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3265fb461090

6721651: Security problem with out-of-the-box management
Reviewed-by: emcmanus, lmalvent

! src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java
! src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
! src/share/lib/management/jmxremote.access

Changeset: 6ed878e5a5d4
Author:    dfuchs
Date:      2009-03-10 14:29 +0100
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6ed878e5a5d4

Merge


Changeset: 255dcd4f19b6
Author:    vinnie
Date:      2009-03-10 18:43 +0000
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/255dcd4f19b6

6737315: LDAP serialized data vulnerability
Reviewed-by: alanb

! src/share/classes/com/sun/jndi/ldap/VersionHelper12.java

Changeset: e51956c74e5c
Author:    asaha
Date:      2009-04-16 21:08 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e51956c74e5c

Merge

! make/common/shared/Defs-windows.gmk
! src/share/bin/emessages.h
! src/share/bin/java.c
! src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java
! src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
! src/share/classes/java/awt/Font.java
! src/share/classes/java/io/File.java
! src/share/classes/java/util/Calendar.java
! src/share/classes/javax/management/monitor/CounterMonitor.java
! src/share/classes/javax/management/monitor/GaugeMonitor.java
! src/share/classes/javax/management/monitor/Monitor.java
! src/share/classes/sun/font/FontManager.java
! src/share/classes/sun/font/TrueTypeFont.java
! src/share/classes/sun/font/Type1Font.java
! src/share/classes/sun/net/httpserver/Request.java
! src/share/classes/sun/net/httpserver/ServerImpl.java
! src/share/native/com/sun/java/util/jar/pack/bands.cpp
! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
! src/share/native/com/sun/java/util/jar/pack/coding.cpp
! src/share/native/com/sun/java/util/jar/pack/defines.h
! src/share/native/com/sun/java/util/jar/pack/main.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.h
! src/share/native/com/sun/java/util/jar/pack/utils.cpp
! src/share/native/com/sun/java/util/jar/pack/utils.h

Changeset: 16c5e63f32d2
Author:    asaha
Date:      2009-04-16 22:47 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/16c5e63f32d2

Merge

- src/share/native/java/util/zip/ZipEntry.c

Changeset: a498d2817bef
Author:    asaha
Date:      2009-04-17 09:21 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a498d2817bef

Merge





More information about the security-dev mailing list