[security-dev 01060]: hg: jdk7/tl/jdk: 42 new changesets
abhijit.saha at sun.com
abhijit.saha at sun.com
Fri Aug 7 16:40:39 UTC 2009
Changeset: c43105502f46
Author: malenkov
Date: 2009-04-29 20:03 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c43105502f46
6660539: Introspector shares cache of mutable BeanInfo between AppContexts.
Reviewed-by: peterz
! src/share/classes/java/beans/Introspector.java
+ test/java/beans/Introspector/Test6660539.java
Changeset: 3aeaa5784b3a
Author: malenkov
Date: 2009-04-29 20:55 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3aeaa5784b3a
6777487: Encoder allows reading private variables with certain names
Reviewed-by: peterz
! src/share/classes/java/beans/MetaData.java
+ test/java/beans/XMLEncoder/6777487/TestBox.java
+ test/java/beans/XMLEncoder/6777487/TestCheckedCollection.java
+ test/java/beans/XMLEncoder/6777487/TestCheckedList.java
+ test/java/beans/XMLEncoder/6777487/TestCheckedMap.java
+ test/java/beans/XMLEncoder/6777487/TestCheckedRandomAccessList.java
+ test/java/beans/XMLEncoder/6777487/TestCheckedSet.java
+ test/java/beans/XMLEncoder/6777487/TestCheckedSortedMap.java
+ test/java/beans/XMLEncoder/6777487/TestCheckedSortedSet.java
+ test/java/beans/XMLEncoder/6777487/TestEncoder.java
+ test/java/beans/XMLEncoder/6777487/TestEnumMap.java
+ test/java/beans/XMLEncoder/6777487/TestEnumSet.java
Changeset: 903ce4bda292
Author: asaha
Date: 2009-04-29 11:43 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/903ce4bda292
Merge
Changeset: 5b166df43d63
Author: peterz
Date: 2009-05-05 12:07 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/5b166df43d63
6837293: Reapply fix for 6588003 to JDK7
Reviewed-by: alexp
! src/share/classes/javax/swing/text/LayoutQueue.java
Changeset: ead34d1e3c9f
Author: jccollet
Date: 2009-05-05 11:02 +0200
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ead34d1e3c9f
6801497: Proxy is assumed to be immutable but is non-final
Summary: Cloned the proxy instance when necessary
Reviewed-by: chegar
! src/share/classes/java/net/Socket.java
! src/share/classes/java/net/URL.java
Changeset: 38a0e21f345a
Author: anthony
Date: 2009-05-05 17:47 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/38a0e21f345a
6805231: Security Warning Icon is missing in Windows 2000 Prof from Jdk build 6u12
Summary: The icon becomes layered only when the fading-out effect is being performed.
Reviewed-by: art, dcherepanov
! src/windows/native/sun/windows/awt_Window.cpp
! src/windows/native/sun/windows/awt_Window.h
Changeset: e0636bb69562
Author: anthony
Date: 2009-05-05 17:56 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e0636bb69562
6818787: It is possible to reposition the security icon too far from the border of the window on X11
Summary: The constraints for the position of the icon are moved to the shared code
Reviewed-by: art, dcherepanov
! src/share/classes/java/awt/Window.java
! src/windows/native/sun/windows/awt_Window.cpp
Changeset: 4b498e41c1c2
Author: art
Date: 2009-05-06 15:17 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/4b498e41c1c2
6656586: Cursor.predefined is protected static mutable (findbugs)
Reviewed-by: hawtin, igor
! src/share/classes/java/awt/Cursor.java
+ test/java/awt/Cursor/PredefinedPrivate/PredefinedPrivate.java
Changeset: a53a57a3260c
Author: emcmanus
Date: 2009-05-07 10:44 +0200
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a53a57a3260c
6736293: OpenType checks can be bypassed through finalizer resurrection
Reviewed-by: hawtin
! src/share/classes/java/awt/Window.java
! src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java
! src/share/classes/javax/management/openmbean/OpenType.java
Changeset: 7b50813648d8
Author: bae
Date: 2009-05-08 15:38 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7b50813648d8
6656625: ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are mutable static (findbugs)
Reviewed-by: prr
! src/share/classes/com/sun/imageio/plugins/bmp/BMPImageReaderSpi.java
! src/share/classes/com/sun/imageio/plugins/bmp/BMPImageWriterSpi.java
! src/share/classes/com/sun/imageio/plugins/gif/GIFImageReaderSpi.java
! src/share/classes/com/sun/imageio/plugins/gif/GIFImageWriterSpi.java
! src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReaderSpi.java
! src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriterSpi.java
! src/share/classes/com/sun/imageio/plugins/png/PNGImageReaderSpi.java
! src/share/classes/com/sun/imageio/plugins/png/PNGImageWriterSpi.java
! src/share/classes/com/sun/imageio/plugins/wbmp/WBMPImageReaderSpi.java
! src/share/classes/com/sun/imageio/plugins/wbmp/WBMPImageWriterSpi.java
! src/share/classes/javax/imageio/spi/ImageReaderSpi.java
! src/share/classes/javax/imageio/spi/ImageWriterSpi.java
Changeset: c6ea5b6c3a8d
Author: bae
Date: 2009-05-08 15:57 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c6ea5b6c3a8d
6657133: Mutable statics in imageio plugins (findbugs)
Reviewed-by: prr
! src/share/classes/com/sun/imageio/stream/StreamCloser.java
! src/share/classes/javax/imageio/plugins/bmp/BMPImageWriteParam.java
! src/share/classes/javax/imageio/stream/FileCacheImageInputStream.java
! src/share/classes/javax/imageio/stream/FileCacheImageOutputStream.java
! src/share/lib/security/java.security
! src/share/lib/security/java.security-solaris
! src/share/lib/security/java.security-windows
Changeset: 597377f1ee71
Author: bae
Date: 2009-05-08 16:15 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/597377f1ee71
6823373: [ZDI-CAN-460] Java Web Start JPEG header parsing needs more scruity
Reviewed-by: igor
! src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c
Changeset: 3de7b0daf355
Author: chegar
Date: 2009-05-12 16:32 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3de7b0daf355
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
Reviewed-by: jccollet, hawtin
! make/sun/net/FILES_java.gmk
! src/share/classes/java/net/Socket.java
! src/share/classes/java/net/SocksSocketImpl.java
! src/share/classes/java/net/URL.java
+ src/share/classes/sun/net/ApplicationProxy.java
! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
Changeset: 05200aff312e
Author: amenkov
Date: 2009-05-13 13:52 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/05200aff312e
6657625: RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs)
Reviewed-by: hawtin
! src/share/classes/com/sun/media/sound/StandardMidiFileWriter.java
Changeset: d09b81d1eb85
Author: amenkov
Date: 2009-05-13 14:32 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d09b81d1eb85
6738524: JDK13Services allows read access to system properties from untrusted code
Reviewed-by: hawtin
! src/share/classes/com/sun/media/sound/JDK13Services.java
Changeset: 43ed4f9a781a
Author: amenkov
Date: 2009-05-13 14:32 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/43ed4f9a781a
6777448: JDK13Services.getProviders creates instances with full privileges [hawtin, alexp]
Reviewed-by: hawtin, alexp
! src/share/classes/com/sun/media/sound/JSSecurityManager.java
Changeset: ae62878e6eef
Author: asaha
Date: 2009-05-07 13:18 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ae62878e6eef
Merge
! src/share/classes/java/awt/Window.java
- src/share/native/sun/java2d/pipe/RenderBuffer.c
! src/windows/native/sun/windows/awt_Window.cpp
! src/windows/native/sun/windows/awt_Window.h
- test/com/sun/awt/Translucency/TranslucentJAppletTest/TranslucentJAppletTest.java
- test/com/sun/awt/Translucency/TranslucentShapedFrameTest/TSFrame.java
- test/com/sun/awt/Translucency/TranslucentShapedFrameTest/TranslucentShapedFrameTest.form
- test/com/sun/awt/Translucency/TranslucentShapedFrameTest/TranslucentShapedFrameTest.java
Changeset: bf002235470d
Author: asaha
Date: 2009-06-12 10:54 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bf002235470d
Merge
Changeset: 8156e661d016
Author: asaha
Date: 2009-06-12 12:26 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8156e661d016
Merge
! src/share/classes/java/awt/Window.java
! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
- src/share/classes/sun/nio/cs/ext/DBCSDecoderMapping.java
- src/share/classes/sun/nio/cs/ext/DBCS_IBM_ASCII_Decoder.java
- src/share/classes/sun/nio/cs/ext/DBCS_IBM_ASCII_Encoder.java
- src/share/classes/sun/nio/cs/ext/DBCS_IBM_EBCDIC_Decoder.java
- src/share/classes/sun/nio/cs/ext/DBCS_IBM_EBCDIC_Encoder.java
- src/share/classes/sun/nio/cs/ext/DBCS_ONLY_IBM_EBCDIC_Decoder.java
- src/share/classes/sun/nio/cs/ext/IBM1381.java
- src/share/classes/sun/nio/cs/ext/IBM1383.java
- src/share/classes/sun/nio/cs/ext/IBM930.java
- src/share/classes/sun/nio/cs/ext/IBM933.java
- src/share/classes/sun/nio/cs/ext/IBM935.java
- src/share/classes/sun/nio/cs/ext/IBM937.java
- src/share/classes/sun/nio/cs/ext/IBM939.java
- src/share/classes/sun/nio/cs/ext/IBM942.java
- src/share/classes/sun/nio/cs/ext/IBM943.java
- src/share/classes/sun/nio/cs/ext/IBM948.java
- src/share/classes/sun/nio/cs/ext/IBM949.java
- src/share/classes/sun/nio/cs/ext/IBM950.java
- src/share/classes/sun/nio/cs/ext/IBM970.java
- src/share/classes/sun/nio/cs/ext/SimpleEUCDecoder.java
! src/windows/native/sun/windows/awt_Window.cpp
! src/windows/native/sun/windows/awt_Window.h
Changeset: f2d65a92ffb2
Author: malenkov
Date: 2009-06-18 14:08 +0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f2d65a92ffb2
6660049: Synth Region.uiToRegionMap/lowerCaseNameMap are mutable statics
Reviewed-by: hawtin
! src/share/classes/javax/swing/plaf/synth/Region.java
+ test/javax/swing/plaf/synth/Test6660049.java
Changeset: a209372d6de8
Author: asaha
Date: 2009-06-17 13:12 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a209372d6de8
Merge
Changeset: 2f126d8c369d
Author: asaha
Date: 2009-06-18 22:45 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2f126d8c369d
Merge
Changeset: 94bd5497a0d3
Author: asaha
Date: 2009-06-18 22:53 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/94bd5497a0d3
Merge
Changeset: 75fe05d49f44
Author: asaha
Date: 2009-06-22 13:36 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/75fe05d49f44
6656610: AccessibleResourceBundle.getContents exposes mutable static (findbugs)
Reviewed-by: hawtin
! src/share/classes/javax/accessibility/AccessibleResourceBundle.java
Changeset: ffb8e36b668c
Author: mullan
Date: 2009-06-23 13:54 -0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ffb8e36b668c
6824440: XML Signature HMAC issue
Reviewed-by: asaha
! src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
! src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java
+ test/com/sun/org/apache/xml/internal/security/TruncateHMAC.java
+ test/com/sun/org/apache/xml/internal/security/signature-enveloping-hmac-sha1-trunclen-0-attack.xml
+ test/com/sun/org/apache/xml/internal/security/signature-enveloping-hmac-sha1-trunclen-8-attack.xml
! test/javax/xml/crypto/dsig/GenerationTests.java
! test/javax/xml/crypto/dsig/ValidationTests.java
+ test/javax/xml/crypto/dsig/data/signature-enveloping-hmac-sha1-trunclen-0-attack.xml
+ test/javax/xml/crypto/dsig/data/signature-enveloping-hmac-sha1-trunclen-8-attack.xml
Changeset: 7352778840c7
Author: ksrini
Date: 2009-06-22 07:23 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7352778840c7
6830335: Java JAR Pack200 Decompression Integer Overflow Vulnerability
Summary: Fixes a potential vulnerability in the unpack200 logic, by adding extra checks, a back-port.
Reviewed-by: asaha
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
Changeset: 043280e1fc76
Author: asaha
Date: 2009-07-01 09:59 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/043280e1fc76
Merge
! make/sun/net/FILES_java.gmk
! src/share/classes/java/net/SocksSocketImpl.java
- src/share/classes/java/nio/file/DirectoryStreamFilters.java
- src/share/classes/java/nio/file/FileAction.java
- src/share/classes/java/nio/file/spi/AbstractPath.java
- src/share/classes/sun/io/ByteToCharMS932DB.java
- src/share/classes/sun/io/CharToByteMS932DB.java
! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
- src/share/classes/sun/nio/cs/ext/EUC_CN.java
- src/share/classes/sun/nio/cs/ext/EUC_KR.java
- src/share/classes/sun/nio/cs/ext/GBK.java
- src/share/classes/sun/nio/cs/ext/Johab.java
- src/share/classes/sun/nio/cs/ext/MS932.java
- src/share/classes/sun/nio/cs/ext/MS932DB.java
- src/share/classes/sun/nio/cs/ext/MS936.java
- src/share/classes/sun/nio/cs/ext/MS949.java
- src/share/classes/sun/nio/cs/ext/MS950.java
- src/share/classes/sun/nio/fs/AbstractFileStoreSpaceAttributeView.java
- src/share/classes/sun/nio/fs/MimeType.java
- test/java/nio/file/DirectoryStream/Filters.java
- test/java/nio/file/Files/content_type.sh
- test/java/nio/file/Path/temporary_files.sh
- test/java/nio/file/attribute/Attributes/Basic.java
Changeset: 46e4a2e56801
Author: asaha
Date: 2009-07-06 11:42 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/46e4a2e56801
Merge
! src/share/classes/com/sun/imageio/plugins/wbmp/WBMPImageReaderSpi.java
! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
- src/share/native/sun/font/bidi/cmemory.h
- src/share/native/sun/font/bidi/jbidi.c
- src/share/native/sun/font/bidi/jbidi.h
- src/share/native/sun/font/bidi/ubidi.c
- src/share/native/sun/font/bidi/ubidi.h
- src/share/native/sun/font/bidi/ubidiimp.h
- src/share/native/sun/font/bidi/ubidiln.c
- src/share/native/sun/font/bidi/uchardir.c
- src/share/native/sun/font/bidi/uchardir.h
- src/share/native/sun/font/bidi/utypes.h
Changeset: e2726b43d1cc
Author: mullan
Date: 2009-07-08 16:57 -0400
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e2726b43d1cc
6858484: If an invalid HMAC XML Signature is validated, all subsequent valid HMAC signatures are invalid
Reviewed-by: asaha
! src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
! test/com/sun/org/apache/xml/internal/security/TruncateHMAC.java
+ test/com/sun/org/apache/xml/internal/security/signature-enveloping-hmac-sha1.xml
Changeset: 78a1ffa5a675
Author: asaha
Date: 2009-07-08 14:24 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/78a1ffa5a675
Merge
Changeset: 9b15d9813292
Author: asaha
Date: 2009-07-08 14:27 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9b15d9813292
Merge
Changeset: 537d8716d8cd
Author: asaha
Date: 2009-07-13 08:05 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/537d8716d8cd
Merge
Changeset: 599a7f770842
Author: asaha
Date: 2009-07-15 10:46 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/599a7f770842
Merge
Changeset: 97a5d7c6fbfb
Author: vinnie
Date: 2009-07-17 20:29 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/97a5d7c6fbfb
6657619: DnsContext.debug is public static mutable (findbugs)
Reviewed-by: alanb
! src/share/classes/com/sun/jndi/dns/DnsContext.java
+ test/com/sun/jndi/dns/CheckAccess.java
Changeset: df7d8ae860cf
Author: vinnie
Date: 2009-07-17 20:43 +0100
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/df7d8ae860cf
6657695: AbstractSaslImpl.logger is a static mutable (findbugs)
Reviewed-by: alanb
! src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java
+ test/com/sun/security/sasl/util/CheckAccess.java
Changeset: 83d1885b22d6
Author: asaha
Date: 2009-07-21 13:02 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/83d1885b22d6
Merge
! src/share/classes/java/awt/Window.java
! src/share/classes/java/beans/MetaData.java
- src/share/classes/sun/swing/AccessibleMethod.java
Changeset: 14c81c80a7f3
Author: asaha
Date: 2009-07-21 13:06 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/14c81c80a7f3
Merge
Changeset: baec332a0ff4
Author: asaha
Date: 2009-07-27 22:28 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/baec332a0ff4
Merge
Changeset: ebc7d26588b8
Author: asaha
Date: 2009-08-04 08:01 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ebc7d26588b8
Merge
! src/share/classes/java/awt/Window.java
! src/share/classes/java/beans/Introspector.java
! src/share/classes/java/beans/MetaData.java
- test/java/util/concurrent/ConcurrentLinkedQueue/ConcurrentQueueLoops.java
- test/java/util/concurrent/ConcurrentLinkedQueue/LoopHelpers.java
Changeset: 6fe590dcc49c
Author: asaha
Date: 2009-08-05 14:16 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6fe590dcc49c
Merge
Changeset: c223ce2294c1
Author: asaha
Date: 2009-08-06 22:37 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c223ce2294c1
Merge
- src/share/classes/com/sun/crypto/provider/JarVerifier.java
- src/share/classes/javax/swing/plaf/basic/DesktopIconMover.java
- src/share/classes/sun/security/pkcs11/JarVerifier.java
- src/windows/classes/sun/security/mscapi/JarVerifier.java
Changeset: 1774d87963ad
Author: asaha
Date: 2009-08-07 09:21 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1774d87963ad
Merge
! make/sun/net/FILES_java.gmk
More information about the security-dev
mailing list