[security-dev 01755]: hg: jdk7/tl/jdk: 30 new changesets
abhijit.saha at sun.com
abhijit.saha at sun.com
Mon Apr 5 16:17:13 PDT 2010
Changeset: d3309aae68ef
Author: dl
Date: 2009-10-06 12:20 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d3309aae68ef
6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
Summary: Avoid integer overflow by using long arithmetic
Reviewed-by: martin, dholmes
! src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
Changeset: 08f57141c305
Author: asaha
Date: 2009-11-20 14:24 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/08f57141c305
Merge
- test/sun/tools/native2ascii/test2
Changeset: b1e8f41ed755
Author: chegar
Date: 2009-11-23 12:40 +0000
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b1e8f41ed755
6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
Reviewed-by: alanb, hawtin
! src/share/classes/java/lang/ThreadGroup.java
Changeset: e943f6b0b0e9
Author: alanb
Date: 2009-11-25 10:02 +0000
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e943f6b0b0e9
6736390: File TOCTOU deserialization vulnerability
Reviewed-by: hawtin
! src/share/classes/java/io/File.java
Changeset: ff9c2f53594e
Author: sherman
Date: 2009-11-25 11:29 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ff9c2f53594e
6745393: Inflater/Deflater clone issue
Summary: To use explicit lobk object.
Reviewed-by: alanb
! src/share/classes/java/util/zip/Deflater.java
! src/share/classes/java/util/zip/Inflater.java
! src/share/native/java/util/zip/Deflater.c
! src/share/native/java/util/zip/Inflater.c
Changeset: d893f890b4dd
Author: sherman
Date: 2009-11-25 12:51 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d893f890b4dd
6904925: Changeset for 6745393 for jdk7 ssr forest was incomplete
Summary: To add, commit and push back the ZStreamRef.java
Reviewed-by: alanb
+ src/share/classes/java/util/zip/ZStreamRef.java
Changeset: df3091222715
Author: mchung
Date: 2009-11-25 09:09 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/df3091222715
6893947: Deserialization of RMIConnectionImpl objects should enforce stricter checks [ZDI-CAN-588]
Summary: narrow the doPrivileged block to only set context ClassLoader
Reviewed-by: hawtin, emcmanus
! src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
Changeset: bc309e9233ce
Author: mchung
Date: 2009-11-25 11:19 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bc309e9233ce
Merge
Changeset: 621edf6b03fc
Author: mchung
Date: 2009-11-25 16:02 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/621edf6b03fc
Merge
Changeset: 338c8775f0a3
Author: asaha
Date: 2009-11-26 07:17 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/338c8775f0a3
Merge
Changeset: f0b63b6d9709
Author: asaha
Date: 2009-12-01 08:55 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f0b63b6d9709
Merge
- test/tools/launcher/SolarisDataModel.sh
- test/tools/launcher/SolarisRunpath.sh
- test/tools/launcher/libraryCaller.c
- test/tools/launcher/libraryCaller.h
- test/tools/launcher/libraryCaller.java
Changeset: 121fa73c7185
Author: michaelm
Date: 2009-12-02 12:17 +0000
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/121fa73c7185
6893954: Subclasses of InetAddress may incorrectly interpret network addresses
Summary: runtime type checks and deserialization check
Reviewed-by: chegar, alanb, jccollet
! src/share/classes/java/net/DatagramSocket.java
! src/share/classes/java/net/InetAddress.java
! src/share/classes/java/net/MulticastSocket.java
! src/share/classes/java/net/NetworkInterface.java
! src/share/classes/java/net/Socket.java
! src/share/classes/sun/nio/ch/Net.java
Changeset: edaa7e2efd63
Author: asaha
Date: 2009-12-04 10:23 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/edaa7e2efd63
Merge
- make/tools/CharsetMapping/DoubleByte-X.java
- make/tools/CharsetMapping/SingleByte-X.java
- src/share/classes/sun/util/CoreResourceBundleControl-XLocales.java
- src/share/classes/sun/util/LocaleDataMetaInfo-XLocales.java
- test/java/util/Formatter/Basic-X.java
Changeset: 3598d6eb087c
Author: xuelei
Date: 2009-12-07 21:16 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3598d6eb087c
6898739: TLS renegotiation issue
Summary: the interim fix disables TLS/SSL renegotiation
Reviewed-by: mullan, chegar, wetmore
! src/share/classes/sun/security/ssl/ClientHandshaker.java
! src/share/classes/sun/security/ssl/Handshaker.java
! src/share/classes/sun/security/ssl/SSLEngineImpl.java
! src/share/classes/sun/security/ssl/SSLSocketImpl.java
! src/share/classes/sun/security/ssl/ServerHandshaker.java
! test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java
Changeset: 91a4840fa9b4
Author: mullan
Date: 2009-12-08 15:58 -0500
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/91a4840fa9b4
6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
Reviewed-by: hawtin
! src/share/classes/java/security/Policy.java
! src/share/classes/java/security/ProtectionDomain.java
+ src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
! src/share/classes/sun/misc/SharedSecrets.java
! src/share/classes/sun/security/provider/PolicyFile.java
Changeset: 7a60d100ffa5
Author: mullan
Date: 2009-12-18 09:09 -0500
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7a60d100ffa5
6904162: Add new VeriSign root CA certificates to JRE and remove some old/unused ones
Reviewed-by: asaha
- test/lib/security/cacerts/VerifyCACerts.java
Changeset: 3dabb7d5be98
Author: malenkov
Date: 2009-12-22 17:56 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3dabb7d5be98
6904691: Java Applet Trusted Methods Chaining Privilege Escalation Vulnerability
Reviewed-by: hawtin, peterz
! src/share/classes/java/beans/EventHandler.java
! src/share/classes/java/beans/Statement.java
! test/java/beans/EventHandler/Test6277246.java
! test/java/beans/EventHandler/Test6277266.java
Changeset: c80b6350de63
Author: michaelm
Date: 2010-01-12 12:13 +0000
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c80b6350de63
6910590: Application can modify command array, in ProcessBuilder
Summary: clone array returned by List.toArray()
Reviewed-by: chegar, alanb
! src/share/classes/java/lang/ProcessBuilder.java
Changeset: 0667ab707c48
Author: bae
Date: 2010-02-17 12:49 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0667ab707c48
6914866: Sun JRE ImagingLib arbitrary code execution vulnerability
Reviewed-by: prr, hawtin
! src/share/native/sun/awt/medialib/awt_ImagingLib.c
! src/share/native/sun/awt/medialib/safe_alloc.h
Changeset: 494aea51f26f
Author: bae
Date: 2010-02-17 13:10 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/494aea51f26f
6914823: Java AWT Library Invalid Index Vulnerability
Reviewed-by: flar, hawtin
! src/share/classes/sun/awt/image/ImageRepresentation.java
Changeset: 45ead4a2c48b
Author: bae
Date: 2010-02-17 13:32 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/45ead4a2c48b
6909597: Sun Java Runtime Environment JPEGImageReader stepX Integer Overflow Vulnerability
Reviewed-by: igor
! src/share/native/sun/awt/image/jpeg/imageioJPEG.c
Changeset: 1ff19af7b735
Author: bae
Date: 2010-02-19 22:30 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1ff19af7b735
6899653: Sun Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability
Reviewed-by: prr, hawtin
! src/share/native/sun/java2d/cmm/lcms/cmsio1.c
! src/share/native/sun/java2d/cmm/lcms/cmsxform.c
Changeset: cda01c4b091c
Author: ksrini
Date: 2010-02-22 14:33 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/cda01c4b091c
6902299: Java JAR "unpack200" must verify input parameters
Summary: Added several checks for addition of values before memory allocation
Reviewed-by: asaha
! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
Changeset: 7a6b3cc68e92
Author: denis
Date: 2010-02-26 03:54 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7a6b3cc68e92
6887703: Unsigned applet can retrieve the dragged information before drop action occur
Reviewed-by: uta
! src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java
Changeset: c5c6f8fa92ae
Author: denis
Date: 2010-03-06 03:37 +0300
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c5c6f8fa92ae
6932659: JTreg test files were missed in push of 6887703
Reviewed-by: uta
! test/java/awt/regtesthelpers/process/ProcessCommunicator.java
Changeset: 2805db6e6ff6
Author: asaha
Date: 2010-03-24 14:16 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2805db6e6ff6
Merge
- make/java/redist/FILES.gmk
- make/java/text/FILES_java.gmk
- make/sun/nio/FILES_java.gmk
! src/share/classes/java/beans/Statement.java
! src/share/classes/java/util/zip/Deflater.java
- src/share/classes/javax/swing/plaf/synth/DefaultMenuLayout.java
- src/share/classes/sun/awt/ComponentAccessor.java
- src/share/classes/sun/awt/WindowAccessor.java
- src/share/classes/sun/dyn/util/BytecodeSignature.java
- src/share/classes/sun/security/provider/IdentityDatabase.java
! src/share/classes/sun/security/provider/PolicyFile.java
- src/share/classes/sun/security/provider/SystemIdentity.java
- src/share/classes/sun/security/provider/SystemSigner.java
- src/share/classes/sun/security/x509/X500Signer.java
- src/share/classes/sun/security/x509/X509Cert.java
- src/share/classes/sun/swing/plaf/synth/SynthUI.java
- src/share/classes/sun/tools/jar/JarVerifierStream.java
- src/solaris/classes/sun/nio/ch/SctpSocketDispatcher.java
! test/java/awt/regtesthelpers/process/ProcessCommunicator.java
- test/java/net/Socket/FDClose.java
Changeset: 1dccfa00dc64
Author: asaha
Date: 2010-03-24 17:32 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1dccfa00dc64
Merge
! src/share/classes/sun/security/ssl/SSLSocketImpl.java
Changeset: 6ec14b5ede77
Author: asaha
Date: 2010-03-25 07:12 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6ec14b5ede77
Merge
Changeset: 3ef9b3446677
Author: asaha
Date: 2010-03-29 07:17 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3ef9b3446677
Merge
Changeset: a9fdd143a58e
Author: asaha
Date: 2010-04-05 16:11 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a9fdd143a58e
Merge
- make/tools/src/build/tools/charsetmapping/CharsetMapping.java
- make/tools/src/build/tools/charsetmapping/GenerateDBCS.java
- make/tools/src/build/tools/charsetmapping/GenerateEUC_TW.java
- make/tools/src/build/tools/charsetmapping/GenerateMapping.java
- make/tools/src/build/tools/charsetmapping/GenerateSBCS.java
- src/share/classes/sun/io/ByteToCharHKSCS.java
- src/share/classes/sun/io/ByteToCharHKSCS_2001.java
- src/share/classes/sun/io/CharToByteHKSCS.java
- src/share/classes/sun/io/CharToByteHKSCS_2001.java
- src/share/classes/sun/nio/cs/ext/Big5.java
- src/share/classes/sun/nio/cs/ext/HKSCS_2001.java
More information about the security-dev
mailing list