[security-dev 00763]: hg: jdk7/tl/jdk: 31 new changesets
abhijit.saha at sun.com
abhijit.saha at sun.com
Fri Apr 17 16:26:22 UTC 2009
Changeset: fb2ccb7c50c7
Author: wetmore
Date: 2008-08-22 18:48 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/fb2ccb7c50c7
6497740: Limit the size of RSA public keys
Reviewed-by: andreas, valeriep, vinnie
! src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
! src/share/classes/sun/security/pkcs11/P11KeyStore.java
! src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java
! src/share/classes/sun/security/pkcs11/SunPKCS11.java
! src/share/classes/sun/security/rsa/RSAKeyFactory.java
! src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
! src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
! src/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java
! src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
! src/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
! src/windows/classes/sun/security/mscapi/RSASignature.java
Changeset: 8e51a219fc3b
Author: weijun
Date: 2008-10-01 10:01 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8e51a219fc3b
6588160: jaas krb5 client leaks OS-level UDP sockets (all platforms)
Reviewed-by: jccollet, chegar
! src/share/classes/sun/security/krb5/KrbKdcReq.java
! src/share/classes/sun/security/krb5/internal/UDPClient.java
Changeset: 150a441a305d
Author: ksrini
Date: 2008-09-04 09:43 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/150a441a305d
6733959: Insufficient checks for "Main-Class" manifest entry in JAR files
Summary: Fixes a buffer overrun problem with a very long Main-Class attribute.
Reviewed-by: darcy
! src/share/bin/emessages.h
! src/share/bin/java.c
! test/tools/launcher/MultipleJRE.sh
+ test/tools/launcher/ZipMeUp.java
Changeset: ec336f0e23f4
Author: okutsu
Date: 2008-10-02 16:49 +0900
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ec336f0e23f4
6734167: Calendar.readObject allows elevation of privileges
Reviewed-by: peytoia
! src/share/classes/java/util/Calendar.java
Changeset: 135c5fe2ee42
Author: bae
Date: 2008-10-02 20:37 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/135c5fe2ee42
6726779: ConvolveOp on USHORT raster can cause the JVM crash.
Reviewed-by: igor, prr
! src/share/native/sun/awt/medialib/awt_ImagingLib.c
+ test/java/awt/image/ConvolveOp/EdgeNoOpCrash.java
Changeset: 9d1033f65e4b
Author: alanb
Date: 2008-10-09 21:12 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9d1033f65e4b
6721753: File.createTempFile produces guessable file names
Reviewed-by: sherman
! src/share/classes/java/io/File.java
Changeset: 3c567ab34788
Author: ksrini
Date: 2008-10-17 09:43 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3c567ab34788
6755943: Java JAR Pack200 Decompression should enforce stricter header checks
Summary: Fixes a core dump when fed with a faulty pack file and related malicious take over
Reviewed-by: jrose
! make/common/shared/Defs-windows.gmk
! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
! src/share/native/com/sun/java/util/jar/pack/defines.h
! src/share/native/com/sun/java/util/jar/pack/main.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.h
! src/share/native/com/sun/java/util/jar/pack/utils.cpp
! src/share/native/com/sun/java/util/jar/pack/utils.h
+ test/tools/pack200/MemoryAllocatorTest.java
Changeset: 0291de857e51
Author: bae
Date: 2008-12-03 13:34 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0291de857e51
6766136: corrupted gif image may cause crash in java splashscreen library.
Reviewed-by: prr, art
! src/share/native/sun/awt/splashscreen/splashscreen_gfx_impl.h
! src/share/native/sun/awt/splashscreen/splashscreen_gif.c
Changeset: dfb09d805b2d
Author: prr
Date: 2008-12-24 15:48 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dfb09d805b2d
6652463: MediaSize constructors allow to redefine the mapping of standard MediaSizeName values
Reviewed-by: igor, jgodinez
! src/share/classes/javax/print/attribute/standard/MediaSize.java
+ test/javax/print/attribute/MediaMappingsTest.java
Changeset: a8ec0998704e
Author: weijun
Date: 2008-12-30 10:42 +0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a8ec0998704e
6717680: LdapCtx does not close the connection if initialization fails
Reviewed-by: vinnie, xuelei
! src/share/classes/com/sun/jndi/ldap/LdapCtx.java
Changeset: 6a4e03cc03bb
Author: prr
Date: 2009-01-05 11:28 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6a4e03cc03bb
6632886: Font.createFont can be persuaded to leak temporary files
6522586: Enforce limits on Font creation
6652929: Font.createFont(int,File) trusts File.getPath
Reviewed-by: igor
! src/share/classes/java/awt/Font.java
+ src/share/classes/sun/font/CreatedFontTracker.java
! src/share/classes/sun/font/FileFont.java
! src/share/classes/sun/font/FontManager.java
+ test/java/awt/FontClass/CreateFont/A.ttf
+ test/java/awt/FontClass/CreateFont/BigFont.java
+ test/java/awt/FontClass/CreateFont/DeleteFont.java
+ test/java/awt/FontClass/CreateFont/DeleteFont.sh
+ test/java/awt/FontClass/CreateFont/bigfont.html
+ test/java/awt/FontClass/CreateFont/fileaccess/FontFile.java
Changeset: 392c4225d636
Author: ksrini
Date: 2009-02-18 14:14 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/392c4225d636
6792554: Java JAR Pack200 header checks are insufficent
Summary: Added several checks to ensure that the values read from the headers are consistent
Reviewed-by: jrose
! src/share/native/com/sun/java/util/jar/pack/bands.cpp
! src/share/native/com/sun/java/util/jar/pack/coding.cpp
! src/share/native/com/sun/java/util/jar/pack/defines.h
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
- test/tools/pack200/MemoryAllocatorTest.java
Changeset: 7f4cf1eb7586
Author: bae
Date: 2009-02-20 13:48 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7f4cf1eb7586
6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8]
Reviewed-by: prr
! src/share/native/sun/awt/splashscreen/splashscreen_gif.c
! src/share/native/sun/awt/splashscreen/splashscreen_impl.h
! src/share/native/sun/awt/splashscreen/splashscreen_png.c
Changeset: dedf9366f289
Author: prr
Date: 2009-03-03 16:10 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dedf9366f289
2163516: Font.createFont can be persuaded to leak temporary files
Reviewed-by: igor
! src/share/classes/sun/font/FontManager.java
! src/share/classes/sun/font/TrueTypeFont.java
! src/share/classes/sun/font/Type1Font.java
! test/java/awt/FontClass/CreateFont/DeleteFont.java
Changeset: 7f6c1ce75629
Author: bae
Date: 2009-03-05 19:36 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7f6c1ce75629
6804998: JRE GIF Decoding Heap Corruption [V-y6g5jlm8e1]
Reviewed-by: prr
! src/share/classes/sun/awt/image/GifImageDecoder.java
! src/share/native/sun/awt/image/gif/gifdecoder.c
Changeset: 51f13571014c
Author: bae
Date: 2009-03-06 12:40 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/51f13571014c
6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp]
Reviewed-by: prr
! src/share/native/sun/awt/giflib/dgif_lib.c
Changeset: 2e34ef54a93a
Author: michaelm
Date: 2009-03-10 03:18 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2e34ef54a93a
6630639: lightweight HttpServer leaks file descriptors on no-data connections
Summary: not cleaning up no-data connections properly
Reviewed-by: chegar
! src/share/classes/sun/net/httpserver/Request.java
! src/share/classes/sun/net/httpserver/ServerImpl.java
Changeset: 21e38c573956
Author: dfuchs
Date: 2009-03-09 21:49 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/21e38c573956
6656633: getNotificationInfo methods static mutable
Reviewed-by: emcmanus, jfdenise
! src/share/classes/javax/management/monitor/CounterMonitor.java
! src/share/classes/javax/management/monitor/GaugeMonitor.java
! src/share/classes/javax/management/monitor/StringMonitor.java
Changeset: ea88236be621
Author: dfuchs
Date: 2009-03-10 12:28 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ea88236be621
Merge
Changeset: 8cdfcdea53cb
Author: dfuchs
Date: 2009-03-09 22:17 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8cdfcdea53cb
6691246: Thread context class loader can be set using JMX remote ClientNotifForwarded
Reviewed-by: emcmanus
! src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java
Changeset: 09b17f679cbd
Author: dfuchs
Date: 2009-03-10 12:36 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/09b17f679cbd
Merge
Changeset: 13dfb2c46091
Author: dfuchs
Date: 2009-03-09 22:34 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/13dfb2c46091
6610888: Potential use of cleared of incorrect acc in JMX Monitor
Reviewed-by: emcmanus
! src/share/classes/javax/management/monitor/Monitor.java
Changeset: de520a184ddb
Author: dfuchs
Date: 2009-03-10 12:47 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/de520a184ddb
Merge
Changeset: 8062f8c51a88
Author: dfuchs
Date: 2009-03-09 22:49 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8062f8c51a88
6610896: JMX Monitor handles thread groups incorrectly
Reviewed-by: emcmanus
! src/share/classes/javax/management/monitor/Monitor.java
Changeset: e1d79edaf7a0
Author: dfuchs
Date: 2009-03-10 12:55 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e1d79edaf7a0
Merge
! src/share/classes/javax/management/monitor/Monitor.java
Changeset: 3265fb461090
Author: dfuchs
Date: 2009-03-09 23:50 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3265fb461090
6721651: Security problem with out-of-the-box management
Reviewed-by: emcmanus, lmalvent
! src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java
! src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
! src/share/lib/management/jmxremote.access
Changeset: 6ed878e5a5d4
Author: dfuchs
Date: 2009-03-10 14:29 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6ed878e5a5d4
Merge
Changeset: 255dcd4f19b6
Author: vinnie
Date: 2009-03-10 18:43 +0000
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/255dcd4f19b6
6737315: LDAP serialized data vulnerability
Reviewed-by: alanb
! src/share/classes/com/sun/jndi/ldap/VersionHelper12.java
Changeset: e51956c74e5c
Author: asaha
Date: 2009-04-16 21:08 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e51956c74e5c
Merge
! make/common/shared/Defs-windows.gmk
! src/share/bin/emessages.h
! src/share/bin/java.c
! src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java
! src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
! src/share/classes/java/awt/Font.java
! src/share/classes/java/io/File.java
! src/share/classes/java/util/Calendar.java
! src/share/classes/javax/management/monitor/CounterMonitor.java
! src/share/classes/javax/management/monitor/GaugeMonitor.java
! src/share/classes/javax/management/monitor/Monitor.java
! src/share/classes/sun/font/FontManager.java
! src/share/classes/sun/font/TrueTypeFont.java
! src/share/classes/sun/font/Type1Font.java
! src/share/classes/sun/net/httpserver/Request.java
! src/share/classes/sun/net/httpserver/ServerImpl.java
! src/share/native/com/sun/java/util/jar/pack/bands.cpp
! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
! src/share/native/com/sun/java/util/jar/pack/coding.cpp
! src/share/native/com/sun/java/util/jar/pack/defines.h
! src/share/native/com/sun/java/util/jar/pack/main.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.h
! src/share/native/com/sun/java/util/jar/pack/utils.cpp
! src/share/native/com/sun/java/util/jar/pack/utils.h
Changeset: 16c5e63f32d2
Author: asaha
Date: 2009-04-16 22:47 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/16c5e63f32d2
Merge
- src/share/native/java/util/zip/ZipEntry.c
Changeset: a498d2817bef
Author: asaha
Date: 2009-04-17 09:21 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a498d2817bef
Merge
More information about the security-dev
mailing list