Hello community,
here is the log from the commit of package icedtea-web for openSUSE:Factory checked in at 2011-11-14 13:59:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/icedtea-web (Old)
and /work/SRC/openSUSE:Factory/.icedtea-web.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "icedtea-web", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/icedtea-web/icedtea-web.changes 2011-10-25 16:02:03.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.icedtea-web.new/icedtea-web.changes 2011-11-14 13:59:11.000000000 +0100
@@ -1,0 +2,8 @@
+Mon Nov 14 10:19:16 UTC 2011 - mvyskocil@suse.cz
+
+- update to 1.1.4 (fixes bnc#729870)
+ - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and
+ suffix domain SOP bypass
+ - PR778: Jar download and server certificate verification deadlock
+
+-------------------------------------------------------------------
Old:
----
icedtea-web-1.1.3.tar.gz
New:
----
icedtea-web-1.1.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ icedtea-web.spec ++++++
--- /var/tmp/diff_new_pack.GzyDPw/_old 2011-11-14 13:59:14.000000000 +0100
+++ /var/tmp/diff_new_pack.GzyDPw/_new 2011-11-14 13:59:14.000000000 +0100
@@ -53,7 +53,7 @@
%define pluginname IcedTeaPlugin.so
Name: icedtea-web
-Version: 1.1.3
+Version: 1.1.4
Release: 1
Summary: Java Web Start and plugin implementation
Group: Development/Languages/Java
++++++ icedtea-web-1.1.3.tar.gz -> icedtea-web-1.1.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/ChangeLog new/icedtea-web-1.1.4/ChangeLog
--- old/icedtea-web-1.1.3/ChangeLog 2011-09-28 22:18:24.000000000 +0200
+++ new/icedtea-web-1.1.4/ChangeLog 2011-10-28 20:44:41.000000000 +0200
@@ -1,3 +1,27 @@
+2011-10-28 Deepak Bhole
+
+ * NEWS: Prepare to release 1.1.4
+ * configure.ac: Same
+
+2011-10-28 Deepak Bhole
+ RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and
+ suffix domain SOP bypass
+ * NEWS: Updated
+ * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+ (checkPermission): Remove special case for SocketPermission.
+
+2011-10-27 Deepak Bhole
+
+ PR778: Jar download and server certificate verification deadlock
+ * NEWS: Updated
+ * netx/net/sourceforge/jnlp/GuiLaunchHandler.java (launchInitialized):
+ Moved as much code as possible out of the invokeLater block.
+
+2011-09-28 Deepak Bhole
+
+ * NEWS: Prepare for 1.1.4
+ * configure.ac: Same
+
2011-09-28 Deepak Bhole
* NEWS: Prepare to release 1.1.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/NEWS new/icedtea-web-1.1.4/NEWS
--- old/icedtea-web-1.1.3/NEWS 2011-09-28 22:18:39.000000000 +0200
+++ new/icedtea-web-1.1.4/NEWS 2011-10-28 20:43:16.000000000 +0200
@@ -8,6 +8,12 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release 1.1.4 (2011-11-08):
+* Security updates:
+ - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass
+* Common
+ - PR778: Jar download and server certificate verification deadlock
+
New in release 1.1.3 (2011-09-28):
* Plugin
- PR782: Support building against npapi-sdk as well
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/configure new/icedtea-web-1.1.4/configure
--- old/icedtea-web-1.1.3/configure 2011-09-28 22:18:57.000000000 +0200
+++ new/icedtea-web-1.1.4/configure 2011-10-28 21:59:27.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for icedtea-web 1.1.3.
+# Generated by GNU Autoconf 2.68 for icedtea-web 1.1.4.
#
# Report bugs to .
#
@@ -559,8 +559,8 @@
# Identity of this package.
PACKAGE_NAME='icedtea-web'
PACKAGE_TARNAME='icedtea-web'
-PACKAGE_VERSION='1.1.3'
-PACKAGE_STRING='icedtea-web 1.1.3'
+PACKAGE_VERSION='1.1.4'
+PACKAGE_STRING='icedtea-web 1.1.4'
PACKAGE_BUGREPORT='distro-pkg-dev@openjdk.java.net'
PACKAGE_URL='http://icedtea.classpath.org/wiki/IcedTea-Web'
@@ -1302,7 +1302,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures icedtea-web 1.1.3 to adapt to many kinds of systems.
+\`configure' configures icedtea-web 1.1.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1372,7 +1372,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of icedtea-web 1.1.3:";;
+ short | recursive ) echo "Configuration of icedtea-web 1.1.4:";;
esac
cat <<\_ACEOF
@@ -1498,7 +1498,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-icedtea-web configure 1.1.3
+icedtea-web configure 1.1.4
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -1637,7 +1637,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by icedtea-web $as_me 1.1.3, which was
+It was created by icedtea-web $as_me 1.1.4, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -2452,7 +2452,7 @@
# Define the identity of the package.
PACKAGE='icedtea-web'
- VERSION='1.1.3'
+ VERSION='1.1.4'
cat >>confdefs.h <<_ACEOF
@@ -8592,7 +8592,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by icedtea-web $as_me 1.1.3, which was
+This file was extended by icedtea-web $as_me 1.1.4, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -8650,7 +8650,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-icedtea-web config.status 1.1.3
+icedtea-web config.status 1.1.4
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/configure.ac new/icedtea-web-1.1.4/configure.ac
--- old/icedtea-web-1.1.3/configure.ac 2011-09-28 21:56:31.000000000 +0200
+++ new/icedtea-web-1.1.4/configure.ac 2011-10-28 20:43:02.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT([icedtea-web],[1.1.3],[distro-pkg-dev@openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
+AC_INIT([icedtea-web],[1.1.4],[distro-pkg-dev@openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile netx.manifest])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/GuiLaunchHandler.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java
--- old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/GuiLaunchHandler.java 2011-08-31 20:17:30.000000000 +0200
+++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java 2011-10-28 17:23:21.000000000 +0200
@@ -37,6 +37,7 @@
package net.sourceforge.jnlp;
+import java.lang.reflect.InvocationTargetException;
import java.net.URL;
import javax.swing.SwingUtilities;
@@ -87,19 +88,38 @@
@Override
public void launchInitialized(final JNLPFile file) {
+
+ final int preferredWidth = 500;
+ final int preferredHeight = 400;
+
+ final URL splashImageURL = file.getInformation().getIconLocation(
+ IconDesc.SPLASH, preferredWidth, preferredHeight);
+
+ if (splashImageURL != null) {
+ final ResourceTracker resourceTracker = new ResourceTracker(true);
+ resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy);
+
+ try {
+ SwingUtilities.invokeAndWait(new Runnable() {
+ @Override
+ public void run() {
+ splashScreen = new JNLPSplashScreen(resourceTracker, null, null);
+ }
+ });
+ } catch (InterruptedException ie) {
+ // Wait till splash screen is created
+ while (splashScreen == null);
+ } catch (InvocationTargetException ite) {
+ ite.printStackTrace();
+ }
+
+ splashScreen.setSplashImageURL(splashImageURL);
+ }
+
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
- final int preferredWidth = 500;
- final int preferredHeight = 400;
-
- URL splashImageURL = file.getInformation().getIconLocation(
- IconDesc.SPLASH, preferredWidth, preferredHeight);
if (splashImageURL != null) {
- ResourceTracker resourceTracker = new ResourceTracker(true);
- resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy);
- splashScreen = new JNLPSplashScreen(resourceTracker, null, null);
- splashScreen.setSplashImageURL(splashImageURL);
if (splashScreen.isSplashScreenValid()) {
splashScreen.setVisible(true);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej
--- old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej 1970-01-01 01:00:00.000000000 +0100
+++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej 2011-10-28 00:25:42.000000000 +0200
@@ -0,0 +1,52 @@
+--- GuiLaunchHandler.java
++++ GuiLaunchHandler.java
+@@ -95,20 +96,40 @@
+
+ @Override
+ public void launchInitialized(final JNLPFile file) {
++
++ int preferredWidth = 500;
++ int preferredHeight = 400;
++
++ final URL splashImageURL = file.getInformation().getIconLocation(
++ IconDesc.SPLASH, preferredWidth, preferredHeight);
++
++ if (splashImageURL != null) {
++ final ResourceTracker resourceTracker = new ResourceTracker(true);
++ resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy);
++ synchronized(mutex) {
++ try {
++ SwingUtilities.invokeAndWait(new Runnable() {
++ @Override
++ public void run() {
++ splashScreen = new JNLPSplashScreen(resourceTracker, null, null);
++ }
++ });
++ } catch (InterruptedException ie) {
++ // Wait till splash screen is created
++ while (splashScreen == null);
++ } catch (InvocationTargetException ite) {
++ ite.printStackTrace();
++ }
++
++ splashScreen.setSplashImageURL(splashImageURL);
++ }
++ }
++
+ SwingUtilities.invokeLater(new Runnable() {
+ @Override
+ public void run() {
+- final int preferredWidth = 500;
+- final int preferredHeight = 400;
+-
+- URL splashImageURL = file.getInformation().getIconLocation(
+- IconDesc.SPLASH, preferredWidth, preferredHeight);
+ if (splashImageURL != null) {
+- ResourceTracker resourceTracker = new ResourceTracker(true);
+- resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy);
+ synchronized(mutex) {
+- splashScreen = new JNLPSplashScreen(resourceTracker, null, null);
+- splashScreen.setSplashImageURL(splashImageURL);
+ if (splashScreen.isSplashScreenValid()) {
+ splashScreen.setVisible(true);
+ }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
--- old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java 2011-08-31 20:17:31.000000000 +0200
+++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java 2011-10-28 20:42:53.000000000 +0200
@@ -281,75 +281,7 @@
// }
// }
- try {
- super.checkPermission(perm);
- } catch (SecurityException se) {
-
- //This section is a special case for dealing with SocketPermissions.
- if (JNLPRuntime.isDebug())
- System.err.println("Requesting permission: " + perm.toString());
-
- //Change this SocketPermission's action to connect and accept
- //(and resolve). This is to avoid asking for connect permission
- //on every address resolve.
- Permission tmpPerm = null;
- if (perm instanceof SocketPermission) {
- tmpPerm = new SocketPermission(perm.getName(),
- SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
-
- // before proceeding, check if we are trying to connect to same origin
- ApplicationInstance app = getApplication();
- JNLPFile file = app.getJNLPFile();
-
- String srcHost = file.getSourceLocation().getAuthority();
- String destHost = name;
-
- // host = abc.xyz.com or abc.xyz.com:<port>
- if (destHost.indexOf(':') >= 0)
- destHost = destHost.substring(0, destHost.indexOf(':'));
-
- // host = abc.xyz.com
- String[] hostComponents = destHost.split("\\.");
-
- int length = hostComponents.length;
- if (length >= 2) {
-
- // address is in xxx.xxx.xxx format
- destHost = hostComponents[length - 2] + "." + hostComponents[length - 1];
-
- // host = xyz.com i.e. origin
- boolean isDestHostName = false;
-
- // make sure that it is not an ip address
- try {
- Integer.parseInt(hostComponents[length - 1]);
- } catch (NumberFormatException e) {
- isDestHostName = true;
- }
-
- if (isDestHostName) {
- // okay, destination is hostname. Now figure out if it is a subset of origin
- if (srcHost.endsWith(destHost)) {
- addPermission(tmpPerm);
- return;
- }
- }
- }
- } else {
- tmpPerm = perm;
- }
-
- if (tmpPerm != null) {
- //askPermission will only prompt the user on SocketPermission
- //meaning we're denying all other SecurityExceptions that may arise.
- if (askPermission(tmpPerm)) {
- addPermission(tmpPerm);
- //return quietly.
- } else {
- throw se;
- }
- }
- }
+ super.checkPermission(perm);
} catch (SecurityException ex) {
if (JNLPRuntime.isDebug()) {
System.out.println("Denying permission: " + perm);
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org