[security-dev 01755]: hg: jdk7/tl/jdk: 30 new changesets

abhijit.saha at sun.com abhijit.saha at sun.com
Mon Apr 5 23:17:13 UTC 2010


Changeset: d3309aae68ef
Author:    dl
Date:      2009-10-06 12:20 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d3309aae68ef

6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
Summary: Avoid integer overflow by using long arithmetic
Reviewed-by: martin, dholmes

! src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java

Changeset: 08f57141c305
Author:    asaha
Date:      2009-11-20 14:24 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/08f57141c305

Merge

- test/sun/tools/native2ascii/test2

Changeset: b1e8f41ed755
Author:    chegar
Date:      2009-11-23 12:40 +0000
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b1e8f41ed755

6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
Reviewed-by: alanb, hawtin

! src/share/classes/java/lang/ThreadGroup.java

Changeset: e943f6b0b0e9
Author:    alanb
Date:      2009-11-25 10:02 +0000
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e943f6b0b0e9

6736390: File TOCTOU deserialization vulnerability
Reviewed-by: hawtin

! src/share/classes/java/io/File.java

Changeset: ff9c2f53594e
Author:    sherman
Date:      2009-11-25 11:29 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ff9c2f53594e

6745393: Inflater/Deflater clone issue
Summary: To use explicit lobk object.
Reviewed-by: alanb

! src/share/classes/java/util/zip/Deflater.java
! src/share/classes/java/util/zip/Inflater.java
! src/share/native/java/util/zip/Deflater.c
! src/share/native/java/util/zip/Inflater.c

Changeset: d893f890b4dd
Author:    sherman
Date:      2009-11-25 12:51 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d893f890b4dd

6904925: Changeset for 6745393 for jdk7 ssr forest was incomplete
Summary: To add, commit and push back the ZStreamRef.java
Reviewed-by: alanb

+ src/share/classes/java/util/zip/ZStreamRef.java

Changeset: df3091222715
Author:    mchung
Date:      2009-11-25 09:09 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/df3091222715

6893947: Deserialization of RMIConnectionImpl objects should enforce stricter checks [ZDI-CAN-588]
Summary: narrow the doPrivileged block to only set context ClassLoader
Reviewed-by: hawtin, emcmanus

! src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java

Changeset: bc309e9233ce
Author:    mchung
Date:      2009-11-25 11:19 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bc309e9233ce

Merge


Changeset: 621edf6b03fc
Author:    mchung
Date:      2009-11-25 16:02 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/621edf6b03fc

Merge


Changeset: 338c8775f0a3
Author:    asaha
Date:      2009-11-26 07:17 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/338c8775f0a3

Merge


Changeset: f0b63b6d9709
Author:    asaha
Date:      2009-12-01 08:55 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f0b63b6d9709

Merge

- test/tools/launcher/SolarisDataModel.sh
- test/tools/launcher/SolarisRunpath.sh
- test/tools/launcher/libraryCaller.c
- test/tools/launcher/libraryCaller.h
- test/tools/launcher/libraryCaller.java

Changeset: 121fa73c7185
Author:    michaelm
Date:      2009-12-02 12:17 +0000
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/121fa73c7185

6893954: Subclasses of InetAddress may incorrectly interpret network addresses
Summary: runtime type checks and deserialization check
Reviewed-by: chegar, alanb, jccollet

! src/share/classes/java/net/DatagramSocket.java
! src/share/classes/java/net/InetAddress.java
! src/share/classes/java/net/MulticastSocket.java
! src/share/classes/java/net/NetworkInterface.java
! src/share/classes/java/net/Socket.java
! src/share/classes/sun/nio/ch/Net.java

Changeset: edaa7e2efd63
Author:    asaha
Date:      2009-12-04 10:23 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/edaa7e2efd63

Merge

- make/tools/CharsetMapping/DoubleByte-X.java
- make/tools/CharsetMapping/SingleByte-X.java
- src/share/classes/sun/util/CoreResourceBundleControl-XLocales.java
- src/share/classes/sun/util/LocaleDataMetaInfo-XLocales.java
- test/java/util/Formatter/Basic-X.java

Changeset: 3598d6eb087c
Author:    xuelei
Date:      2009-12-07 21:16 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3598d6eb087c

6898739: TLS renegotiation issue
Summary: the interim fix disables TLS/SSL renegotiation
Reviewed-by: mullan, chegar, wetmore

! src/share/classes/sun/security/ssl/ClientHandshaker.java
! src/share/classes/sun/security/ssl/Handshaker.java
! src/share/classes/sun/security/ssl/SSLEngineImpl.java
! src/share/classes/sun/security/ssl/SSLSocketImpl.java
! src/share/classes/sun/security/ssl/ServerHandshaker.java
! test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java

Changeset: 91a4840fa9b4
Author:    mullan
Date:      2009-12-08 15:58 -0500
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/91a4840fa9b4

6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
Reviewed-by: hawtin

! src/share/classes/java/security/Policy.java
! src/share/classes/java/security/ProtectionDomain.java
+ src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
! src/share/classes/sun/misc/SharedSecrets.java
! src/share/classes/sun/security/provider/PolicyFile.java

Changeset: 7a60d100ffa5
Author:    mullan
Date:      2009-12-18 09:09 -0500
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7a60d100ffa5

6904162: Add new VeriSign root CA certificates to JRE and remove some old/unused ones
Reviewed-by: asaha

- test/lib/security/cacerts/VerifyCACerts.java

Changeset: 3dabb7d5be98
Author:    malenkov
Date:      2009-12-22 17:56 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3dabb7d5be98

6904691: Java Applet Trusted Methods Chaining Privilege Escalation Vulnerability
Reviewed-by: hawtin, peterz

! src/share/classes/java/beans/EventHandler.java
! src/share/classes/java/beans/Statement.java
! test/java/beans/EventHandler/Test6277246.java
! test/java/beans/EventHandler/Test6277266.java

Changeset: c80b6350de63
Author:    michaelm
Date:      2010-01-12 12:13 +0000
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c80b6350de63

6910590: Application can modify command array, in ProcessBuilder
Summary: clone array returned by List.toArray()
Reviewed-by: chegar, alanb

! src/share/classes/java/lang/ProcessBuilder.java

Changeset: 0667ab707c48
Author:    bae
Date:      2010-02-17 12:49 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0667ab707c48

6914866: Sun JRE ImagingLib arbitrary code execution vulnerability
Reviewed-by: prr, hawtin

! src/share/native/sun/awt/medialib/awt_ImagingLib.c
! src/share/native/sun/awt/medialib/safe_alloc.h

Changeset: 494aea51f26f
Author:    bae
Date:      2010-02-17 13:10 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/494aea51f26f

6914823: Java AWT Library Invalid Index Vulnerability
Reviewed-by: flar, hawtin

! src/share/classes/sun/awt/image/ImageRepresentation.java

Changeset: 45ead4a2c48b
Author:    bae
Date:      2010-02-17 13:32 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/45ead4a2c48b

6909597: Sun Java Runtime Environment JPEGImageReader stepX Integer Overflow Vulnerability
Reviewed-by: igor

! src/share/native/sun/awt/image/jpeg/imageioJPEG.c

Changeset: 1ff19af7b735
Author:    bae
Date:      2010-02-19 22:30 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1ff19af7b735

6899653: Sun Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability
Reviewed-by: prr, hawtin

! src/share/native/sun/java2d/cmm/lcms/cmsio1.c
! src/share/native/sun/java2d/cmm/lcms/cmsxform.c

Changeset: cda01c4b091c
Author:    ksrini
Date:      2010-02-22 14:33 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/cda01c4b091c

6902299: Java JAR "unpack200" must verify input parameters
Summary: Added several checks for addition of values before memory allocation
Reviewed-by: asaha

! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp

Changeset: 7a6b3cc68e92
Author:    denis
Date:      2010-02-26 03:54 -0800
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7a6b3cc68e92

6887703: Unsigned applet can retrieve the dragged information before drop action occur
Reviewed-by: uta

! src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java

Changeset: c5c6f8fa92ae
Author:    denis
Date:      2010-03-06 03:37 +0300
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c5c6f8fa92ae

6932659: JTreg test files were missed in push of 6887703
Reviewed-by: uta

! test/java/awt/regtesthelpers/process/ProcessCommunicator.java

Changeset: 2805db6e6ff6
Author:    asaha
Date:      2010-03-24 14:16 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2805db6e6ff6

Merge

- make/java/redist/FILES.gmk
- make/java/text/FILES_java.gmk
- make/sun/nio/FILES_java.gmk
! src/share/classes/java/beans/Statement.java
! src/share/classes/java/util/zip/Deflater.java
- src/share/classes/javax/swing/plaf/synth/DefaultMenuLayout.java
- src/share/classes/sun/awt/ComponentAccessor.java
- src/share/classes/sun/awt/WindowAccessor.java
- src/share/classes/sun/dyn/util/BytecodeSignature.java
- src/share/classes/sun/security/provider/IdentityDatabase.java
! src/share/classes/sun/security/provider/PolicyFile.java
- src/share/classes/sun/security/provider/SystemIdentity.java
- src/share/classes/sun/security/provider/SystemSigner.java
- src/share/classes/sun/security/x509/X500Signer.java
- src/share/classes/sun/security/x509/X509Cert.java
- src/share/classes/sun/swing/plaf/synth/SynthUI.java
- src/share/classes/sun/tools/jar/JarVerifierStream.java
- src/solaris/classes/sun/nio/ch/SctpSocketDispatcher.java
! test/java/awt/regtesthelpers/process/ProcessCommunicator.java
- test/java/net/Socket/FDClose.java

Changeset: 1dccfa00dc64
Author:    asaha
Date:      2010-03-24 17:32 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1dccfa00dc64

Merge

! src/share/classes/sun/security/ssl/SSLSocketImpl.java

Changeset: 6ec14b5ede77
Author:    asaha
Date:      2010-03-25 07:12 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6ec14b5ede77

Merge


Changeset: 3ef9b3446677
Author:    asaha
Date:      2010-03-29 07:17 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3ef9b3446677

Merge


Changeset: a9fdd143a58e
Author:    asaha
Date:      2010-04-05 16:11 -0700
URL:       http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a9fdd143a58e

Merge

- make/tools/src/build/tools/charsetmapping/CharsetMapping.java
- make/tools/src/build/tools/charsetmapping/GenerateDBCS.java
- make/tools/src/build/tools/charsetmapping/GenerateEUC_TW.java
- make/tools/src/build/tools/charsetmapping/GenerateMapping.java
- make/tools/src/build/tools/charsetmapping/GenerateSBCS.java
- src/share/classes/sun/io/ByteToCharHKSCS.java
- src/share/classes/sun/io/ByteToCharHKSCS_2001.java
- src/share/classes/sun/io/CharToByteHKSCS.java
- src/share/classes/sun/io/CharToByteHKSCS_2001.java
- src/share/classes/sun/nio/cs/ext/Big5.java
- src/share/classes/sun/nio/cs/ext/HKSCS_2001.java




More information about the security-dev mailing list