Hello community, here is the log from the commit of package icedtea-web for openSUSE:11.3 checked in at Mon Nov 14 17:02:04 CET 2011. -------- --- old-versions/11.3/UPDATES/all/icedtea-web/icedtea-web.changes 2011-07-20 15:19:15.000000000 +0200 +++ 11.3/icedtea-web/icedtea-web.changes 2011-11-14 11:24:53.000000000 +0100 @@ -1,0 +2,50 @@ +Mon Nov 14 10:19:16 UTC 2011 - mvyskocil@suse.cz + +- update to 1.1.4 (fixes bnc#729870) + - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and + suffix domain SOP bypass + - PR778: Jar download and server certificate verification deadlock + +------------------------------------------------------------------- +Mon Oct 24 09:14:10 UTC 2011 - mvyskocil@suse.cz + +- update to 1.1.3: + - PR782: Support building against npapi-sdk as well + * drop the added patch + - PR794: IcedTea-Web does not work if a Web Start app jar has a + Class-Path element in the manifest +- icedtea-web-npapi-sdk-r5.patch for build with npapi-sdk we have + in openSUSE + +------------------------------------------------------------------- +Mon Oct 10 11:19:41 UTC 2011 - gber@opensuse.org + +- fix icedtea-web-suse-desktop-files.patch, itweb-settings is a + desktop setting and should not show up twice in two unrelated + top-level menus; also add a trailing semicolon + +------------------------------------------------------------------- +Thu Sep 15 08:33:59 UTC 2011 - mvyskocil@suse.cz + +- Build with a npapi-sdk and xulrunner-devel from openSUSE 12.1 + +------------------------------------------------------------------- +Tue Sep 6 06:50:15 UTC 2011 - cfarrell@suse.com + +- license update: GPL-2.0-with-classpath-exception + SPDX syntax. See http://spdx.org/licenses + +------------------------------------------------------------------- +Fri Sep 2 09:36:00 UTC 2011 - mvyskocil@suse.cz + +- update to 1.1.2 + * PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow + * RH718693: MindTerm SSH Applet doesn’t work + * PR768: Signed applets/Web Start apps don’t work with OpenJDK7 and up + * PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7 + * RH734081: Javaws cannot use proxy settings from Firefox + * New (--with-jre-home=) option to allow use with only JRE installed +- use a common jre location libdir/jvm/jre instead of openjdk6 +- obsoleted CVE patches + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 Old: ---- icedtea-web-1.1-CVE-2011-2513.patch icedtea-web-1.1-CVE-2011-2514.patch icedtea-web-1.1.tar.gz New: ---- icedtea-web-1.1.4.tar.gz icedtea-web-npapi-sdk-r5.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icedtea-web.spec ++++++ --- /var/tmp/diff_new_pack.EaqdJA/_old 2011-11-14 17:01:33.000000000 +0100 +++ /var/tmp/diff_new_pack.EaqdJA/_new 2011-11-14 17:01:33.000000000 +0100 @@ -29,6 +29,11 @@ %define xulrunner_ver 192 %endif +%define with_npapisdk 0 +%if 0%{?suse_version} > 1140 +%define with_npapisdk 1 +%endif + %ifarch %{ix86} %define archinstall i386 %endif @@ -43,17 +48,16 @@ %define javaplugin javaplugin %define pluginsdir %{_libdir}/browser-plugins -%define jredir jre-%{javaver}-openjdk %define sdkdir java-%{javaver}-openjdk-%{javaver} %define pluginpath %{_libdir} %define pluginname IcedTeaPlugin.so Name: icedtea-web -Version: 1.1 -Release: 0.<RELEASE6> +Version: 1.1.4 +Release: 0.<RELEASE2> Summary: Java Web Start and plugin implementation Group: Development/Languages/Java -License: GPLv2 ; - with the OpenJDK Assembly Exception and the GNU Classpath Exception +License: GPL-2.0-with-classpath-exception Url: http://icedtea.classpath.org Source0: http://icedtea.classpath.org/download/source/%{name}-%{version}.tar.gz Patch0: icedtea-web-1.0.2-no-return-in-nonvoid-function.patch @@ -61,9 +65,7 @@ # https://bugzilla.mozilla.org/show_bug.cgi?id=582130 # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=622 Patch1: icedtea-web-1.1-moonlight-symbol-clash.patch -#PATCH-FIX-UPSTREAM: bnc#704309 -Patch2: icedtea-web-1.1-CVE-2011-2513.patch -Patch3: icedtea-web-1.1-CVE-2011-2514.patch +Patch2: icedtea-web-npapi-sdk-r5.patch Patch1000: icedtea-web-suse-desktop-files.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: java-1_6_0-openjdk-devel @@ -72,8 +74,15 @@ # IcedTeaPlugin build requirements. BuildRequires: glib2-devel BuildRequires: gtk2-devel +%if %{with_npapisdk} +BuildRequires: pkgconfig(npapi-sdk) +#FIXME: use after deprecation of mozilla-xulrunner* packages from Factory +#BuildRequires: pkgconfig(libxul) +BuildRequires: xulrunner-devel +%else BuildRequires: mozilla-nspr-devel BuildRequires: mozilla-xulrunner%{xulrunner_ver}-devel +%endif %if %defined suse_version BuildRequires: fdupes BuildRequires: procps @@ -115,16 +124,16 @@ %setup -q %patch0 -p1 %patch1 -p1 +%if %{with_npapisdk} %patch2 -p1 -%patch3 -p1 +%endif %patch1000 -p1 %build -#XXX: This disallows usage of openjdk 7 %{configure} \ --with-jdk-home=%{_jvmdir}/%{sdkdir} \ - --with-java=%{jvmdir}/%{jredir}/bin/java \ + --with-jre-home=%{_jvmdir}/jre/ \ --docdir=%{_javadocdir}/%{name} \ --with-pkgversion=suse-%{release}-%{_arch} ++++++ icedtea-web-1.1.tar.gz -> icedtea-web-1.1.4.tar.gz ++++++ ++++ 2015 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/AUTHORS new/icedtea-web-1.1.4/AUTHORS --- old/icedtea-web-1.1/AUTHORS 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/AUTHORS 2011-09-13 22:24:39.000000000 +0200 @@ -3,10 +3,12 @@ Lillian Angel <langel@redhat.com> Deepak Bhole <dbhole@redhat.com> +Ricardo Martín Camarero <rickyepoderi@yahoo.es> Thomas Fitzsimmons <fitzsim@redhat.com> Mark Greenwood <mark@dcs.shef.ac.uk> Andrew John Hughes <gnu_andrew@member.fsf.org, ahughes@redhat.com> Matthias Klose <doko@ubuntu.com> +Michał Górny < mgorny@gentoo.org > Francis Kung <fkung@redhat.com> DJ Lucas <dj@lucasit.com> Omair Majid <omajid@redhat.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/ChangeLog new/icedtea-web-1.1.4/ChangeLog --- old/icedtea-web-1.1/ChangeLog 2011-06-08 23:59:06.000000000 +0200 +++ new/icedtea-web-1.1.4/ChangeLog 2011-10-28 20:44:41.000000000 +0200 @@ -1,3 +1,166 @@ +2011-10-28 Deepak Bhole <dbhole@redhat.com> + + * NEWS: Prepare to release 1.1.4 + * configure.ac: Same + +2011-10-28 Deepak Bhole <dbhole@redhat.com> + RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and + suffix domain SOP bypass + * NEWS: Updated + * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java + (checkPermission): Remove special case for SocketPermission. + +2011-10-27 Deepak Bhole <dbhole@redhat.com> + + PR778: Jar download and server certificate verification deadlock + * NEWS: Updated + * netx/net/sourceforge/jnlp/GuiLaunchHandler.java (launchInitialized): + Moved as much code as possible out of the invokeLater block. + +2011-09-28 Deepak Bhole <dbhole@redhat.com> + + * NEWS: Prepare for 1.1.4 + * configure.ac: Same + +2011-09-28 Deepak Bhole <dbhole@redhat.com> + + * NEWS: Prepare to release 1.1.3 + * configure.ac: Same + +2011-09-28 Deepak Bhole <dbhole@redhat.com> + + PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path + element in the manifest. + * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java + (retrieve): Blank out the Class-Path elements in manifest. + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java + (activateJars): Only load Class-Path elements if this is an applet. + (addNewJar): Add the right permissions for the cached jar file and verify + signatures. + +2011-09-23 Omair Majid <omajid@redhat.com> + + RH738814: Access denied at ssl handshake + * netx/net/sourceforge/jnlp/security/SecurityDialogs.java + (showCertWarningDialog): Add a javadoc comment. + * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java + (askUser): Wrap the call to showCertWarningDialog in a doPrivileged + block. + +2011-09-13 Deepak Bhole <dbhole@redhat.com> + + PR782: Support building against npapi-sdk as well + Patch from Michał Górny < mgorny at gentoo dot org > + * acinclude.m4: Build against npapi-sdk. + +2011-08-31 Deepak Bhole <dbhole@redhat.com> + + * NEWS: Prepare for 1.1.3 + * configure.ac: Same + +2011-08-31 Deepak Bhole <dbhole@redhat.com> + + * NEWS: Prepare for 1.1.2 + * configure.ac: Same + +2011-08-29 Deepak Bhole <dbhole@redhat.com> + + RH734081: Javaws cannot use proxy settings from Firefox + Based on patch from Lukas Zachar <lzachar at redhat dot com> + * netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java + (find): Only process Profile sections. Do not throw an exception if a + Default= line is not found since it is not guaranteed to exist. + +2011-08-24 Deepak Bhole <dbhole@redhat.com> + + RH718693: MindTerm SSH Applet doesn't work + * plugin/icedteanp/java/netscape/security/PrivilegeManager.java: New + file. Stub class, not needed with IcedTea-Web. + +2011-08-23 Deepak Bhole <dbhole@redhat.com> + + PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7 + * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java + (checkServerTrusted): Account for a null hostname that the + overloaded implementation may pass. + +2011-08-23 Omair Majid <omajid@redhat.com> + + * Makefile.am: Remove JRE. Replace uses with SYSTEM_JRE_DIR instead. Also + replace uses of SYSTEM_JDK_DIR/jre with SYSTEM_JRE_DIR. + * acinclude.m4 + (IT_CHECK_FOR_JRE): New macro. + (IT_FIND_JAVA): Require IT_CHECK_FOR_JRE. Use java binary from within the + JRE. + +2011-08-03 Deepak Bhole <dbhole@redhat.com> + + PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up + * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): Put entry in + cert hashtable only if the entry is expected to be signed. + +2011-07-21 Deepak Bhole <dbhole@redhat.com> + + PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow + Patch from: Ricardo Martín Camarero (Ricky) <rickyepoderi at yahoo dot es> + * plugin/icedteanp/java/sun/applet/PluginStreamHandler.java + (readPair): New function. + (handleMessage): Use readPair to incrementally tokenize message, rather + than using String.split(). + +2011-07-20 Deepak Bhole <dbhole@redhat.com> + + * configure.ac: Prepare for 1.1.2 + * NEWS: Same + +2011-07-15 Deepak Bhole <dbhole@redhat.com> + + * configure.ac: Prepare to release 1.1.1 + * NEWS: Same + +2011-07-14 Omair Majid <omajid@redhat.com> + + RH718170, CVE-2011-2514: Java Web Start security warning dialog + manipulation + * netx/net/sourceforge/jnlp/services/XExtendedService.java + (openFile): Create XContents based on a copy of the File object to prevent + overloaded File classes from mangling the name. + (XFileContents): Create a separate copy of File object for local use. + +2011-07-14 Omair Majid <omajid@redhat.com> + + RH718164, CVE-2011-2513: Home directory path disclosure to untrusted + applications + * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java: New file. + * netx/net/sourceforge/jnlp/util/UrlUtils.java: New file. + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: + jarLocationSecurityMap now contains originating urls, not cache urls. + (initializeResources): Add remote url to map instead of local url. + (activateJars): Add remote url to the classloader's urls. Add mapping for + remote to local url. Put remote url in jarLocationSecurityMap. + (loadClass): Add remote url to the classloader's urls. Add mapping for + remote to local url. + (getCodeSourceSecurity): Update javadoc to note that the url must be + remote. + * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java + (initialize): Set the callback for URLJarFile. + +2011-06-14 Andrew Su <asu@redhat.com> + + * netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java: + (ControlPanel): Removed line that prevents resizing. + (createMainSettingsPanel): Detect the minimum size of panels instead + of fixed size. + * netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java: + (addComponents): Changed to update size when tool is being resized. + * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java + addComponents): Changed to a layout that will resize itself. + +2011-06-08 Deepak Bhole <dbhole@redhat.com> + + * configure.ac: Prepare for 1.1.1 + * NEWS: Same + 2011-06-08 Deepak Bhole <dbhole@redhat.com> * configure.ac: Update for release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/Makefile.am new/icedtea-web-1.1.4/Makefile.am --- old/icedtea-web-1.1/Makefile.am 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/Makefile.am 2011-08-31 20:17:30.000000000 +0200 @@ -43,7 +43,6 @@ # IllegalAccessException # - we want full privileges # -JRE='"$(SYSTEM_JDK_DIR)/jre"' LAUNCHER_BOOTCLASSPATH="-Xbootclasspath/a:$(datadir)/$(PACKAGE_NAME)/netx.jar$(RHINO_RUNTIME)" PLUGIN_BOOTCLASSPATH='"-Xbootclasspath/a:$(datadir)/$(PACKAGE_NAME)/netx.jar:$(datadir)/$(PACKAGE_NAME)/plugin.jar$(RHINO_RUNTIME)"' @@ -120,7 +119,7 @@ -e 's|[@]JAVAWS_BIN_LOCATION[@]|$(bindir)/$(javaws)|g' \ -e 's|[@]ITWEB_SETTINGS_BIN_LOCATION[@]|$(bindir)/$(itweb_settings)|g' \ -e 's|[@]JAVA[@]|$(JAVA)|g' \ - -e 's|[@]JRE[@]|$(JRE)|g' + -e 's|[@]JRE[@]|$(SYSTEM_JRE_DIR)|g' # Top-Level Targets # ================= @@ -208,7 +207,7 @@ -DPLUGIN_VERSION=""$(PLUGIN_VERSION)"" \ -DPACKAGE_URL=""$(PACKAGE_URL)"" \ -DMOZILLA_VERSION_COLLAPSED="$(MOZILLA_VERSION_COLLAPSED)" \ - -DICEDTEA_WEB_JRE=$(JRE) \ + -DICEDTEA_WEB_JRE=""$(SYSTEM_JRE_DIR)"" \ -DPLUGIN_BOOTCLASSPATH=$(PLUGIN_BOOTCLASSPATH) \ $(GLIB_CFLAGS) \ $(GTK_CFLAGS) \ @@ -530,13 +529,13 @@ ln -sf $(abs_top_builddir)/javac $(BOOT_DIR)/bin/javac ln -sf $(JAVADOC) $(BOOT_DIR)/bin/javadoc mkdir -p $(BOOT_DIR)/jre/lib && \ - ln -s $(SYSTEM_JDK_DIR)/jre/lib/rt.jar $(BOOT_DIR)/jre/lib && \ - if [ -e $(SYSTEM_JDK_DIR)/jre/lib/jsse.jar ] ; then \ - ln -s $(SYSTEM_JDK_DIR)/jre/lib/jsse.jar $(BOOT_DIR)/jre/lib ; \ + ln -s $(SYSTEM_JRE_DIR)/lib/rt.jar $(BOOT_DIR)/jre/lib && \ + if [ -e $(SYSTEM_JRE_DIR)/lib/jsse.jar ] ; then \ + ln -s $(SYSTEM_JRE_DIR)/lib/jsse.jar $(BOOT_DIR)/jre/lib ; \ else \ ln -s rt.jar $(BOOT_DIR)/jre/lib/jsse.jar ; \ fi - ln -sf $(SYSTEM_JDK_DIR)/jre/lib/$(JRE_ARCH_DIR) \ + ln -sf $(SYSTEM_JRE_DIR)/lib/$(JRE_ARCH_DIR) \ $(BOOT_DIR)/jre/lib/ && \ if ! test -d $(BOOT_DIR)/jre/lib/$(INSTALL_ARCH_DIR); \ then \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/NEWS new/icedtea-web-1.1.4/NEWS --- old/icedtea-web-1.1/NEWS 2011-06-08 23:58:51.000000000 +0200 +++ new/icedtea-web-1.1.4/NEWS 2011-10-28 20:43:16.000000000 +0200 @@ -8,6 +8,33 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release 1.1.4 (2011-11-08): +* Security updates: + - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass +* Common + - PR778: Jar download and server certificate verification deadlock + +New in release 1.1.3 (2011-09-28): +* Plugin + - PR782: Support building against npapi-sdk as well +* Common + - PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path element in the manifest + +New in release 1.1.2 (2011-08-31): +* Plugin + - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow + - RH718693: MindTerm SSH Applet doesn't work +Common + - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up + - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7 + - RH734081: Javaws cannot use proxy settings from Firefox + - RH738814: Access denied at ssl handshake + +New in release 1.1.1 (2011-07-20): +* Security updates: + - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications + - RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation + New in release 1.1 (2011-06-08): * New Features - IcedTea-Web now installs to a FHS-compliant location diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/acinclude.m4 new/icedtea-web-1.1.4/acinclude.m4 --- old/icedtea-web-1.1/acinclude.m4 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/acinclude.m4 2011-09-13 22:24:39.000000000 +0200 @@ -64,6 +64,32 @@ AC_SUBST(SYSTEM_JDK_DIR) ]) +AC_DEFUN_ONCE([IT_CHECK_FOR_JRE], +[ + AC_REQUIRE([IT_CHECK_FOR_JDK]) + AC_MSG_CHECKING([for a JRE home directory]) + AC_ARG_WITH([jre-home], + [AS_HELP_STRING([--with-jre-home], + [jre home directory \ + (default is the JRE under the JDK)])], + [ + SYSTEM_JRE_DIR=${withval} + ], + [ + SYSTEM_JRE_DIR= + ]) + if test -z "${SYSTEM_JRE_DIR}" ; then + if test -d "${SYSTEM_JDK_DIR}/jre" ; then + SYSTEM_JRE_DIR="${SYSTEM_JDK_DIR}/jre" + fi + fi + AC_MSG_RESULT(${SYSTEM_JRE_DIR}) + if ! test -d "${SYSTEM_JRE_DIR}"; then + AC_MSG_ERROR("A JRE home directory could not be found.") + fi + AC_SUBST(SYSTEM_JRE_DIR) +]) + AC_DEFUN_ONCE([FIND_JAVAC], [ AC_REQUIRE([IT_CHECK_FOR_JDK]) @@ -346,8 +372,15 @@ AC_SUBST(GTK_CFLAGS) AC_SUBST(GTK_LIBS) - PKG_CHECK_MODULES(MOZILLA, mozilla-plugin) - + PKG_CHECK_MODULES(MOZILLA, npapi-sdk, [ + AC_CACHE_CHECK([for xulrunner version], [xulrunner_cv_collapsed_version],[ + # XXX: use NPAPI versions instead + xulrunner_cv_collapsed_version=20000000 + ]) + ], [ + PKG_CHECK_MODULES(MOZILLA, mozilla-plugin) + ]) + AC_SUBST(MOZILLA_CFLAGS) AC_SUBST(MOZILLA_LIBS) fi @@ -592,6 +625,7 @@ AC_DEFUN_ONCE([IT_FIND_JAVA], [ + AC_REQUIRE([IT_CHECK_FOR_JRE]) AC_MSG_CHECKING([for a Java virtual machine]) AC_ARG_WITH([java], [AS_HELP_STRING(--with-java,specify location of the 1.5 java vm)], @@ -599,7 +633,7 @@ JAVA="${withval}" ], [ - JAVA=${SYSTEM_JDK_DIR}/bin/java + JAVA="${SYSTEM_JRE_DIR}/bin/java" ]) if ! test -f "${JAVA}"; then AC_PATH_PROG(JAVA, "${JAVA}") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/configure.ac new/icedtea-web-1.1.4/configure.ac --- old/icedtea-web-1.1/configure.ac 2011-06-08 21:42:49.000000000 +0200 +++ new/icedtea-web-1.1.4/configure.ac 2011-10-28 20:43:02.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([icedtea-web],[1.1],[distro-pkg-dev@openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web]) +AC_INIT([icedtea-web],[1.1.4],[distro-pkg-dev@openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web]) AM_INIT_AUTOMAKE([1.9 tar-pax foreign]) AC_CONFIG_FILES([Makefile netx.manifest]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/GuiLaunchHandler.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/GuiLaunchHandler.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java 2011-10-28 17:23:21.000000000 +0200 @@ -37,6 +37,7 @@ package net.sourceforge.jnlp; +import java.lang.reflect.InvocationTargetException; import java.net.URL; import javax.swing.SwingUtilities; @@ -87,19 +88,38 @@ @Override public void launchInitialized(final JNLPFile file) { + + final int preferredWidth = 500; + final int preferredHeight = 400; + + final URL splashImageURL = file.getInformation().getIconLocation( + IconDesc.SPLASH, preferredWidth, preferredHeight); + + if (splashImageURL != null) { + final ResourceTracker resourceTracker = new ResourceTracker(true); + resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy); + + try { + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + splashScreen = new JNLPSplashScreen(resourceTracker, null, null); + } + }); + } catch (InterruptedException ie) { + // Wait till splash screen is created + while (splashScreen == null); + } catch (InvocationTargetException ite) { + ite.printStackTrace(); + } + + splashScreen.setSplashImageURL(splashImageURL); + } + SwingUtilities.invokeLater(new Runnable() { @Override public void run() { - final int preferredWidth = 500; - final int preferredHeight = 400; - - URL splashImageURL = file.getInformation().getIconLocation( - IconDesc.SPLASH, preferredWidth, preferredHeight); if (splashImageURL != null) { - ResourceTracker resourceTracker = new ResourceTracker(true); - resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy); - splashScreen = new JNLPSplashScreen(resourceTracker, null, null); - splashScreen.setSplashImageURL(splashImageURL); if (splashScreen.isSplashScreenValid()) { splashScreen.setVisible(true); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej 1970-01-01 01:00:00.000000000 +0100 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej 2011-10-28 00:25:42.000000000 +0200 @@ -0,0 +1,52 @@ +--- GuiLaunchHandler.java ++++ GuiLaunchHandler.java +@@ -95,20 +96,40 @@ + + @Override + public void launchInitialized(final JNLPFile file) { ++ ++ int preferredWidth = 500; ++ int preferredHeight = 400; ++ ++ final URL splashImageURL = file.getInformation().getIconLocation( ++ IconDesc.SPLASH, preferredWidth, preferredHeight); ++ ++ if (splashImageURL != null) { ++ final ResourceTracker resourceTracker = new ResourceTracker(true); ++ resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy); ++ synchronized(mutex) { ++ try { ++ SwingUtilities.invokeAndWait(new Runnable() { ++ @Override ++ public void run() { ++ splashScreen = new JNLPSplashScreen(resourceTracker, null, null); ++ } ++ }); ++ } catch (InterruptedException ie) { ++ // Wait till splash screen is created ++ while (splashScreen == null); ++ } catch (InvocationTargetException ite) { ++ ite.printStackTrace(); ++ } ++ ++ splashScreen.setSplashImageURL(splashImageURL); ++ } ++ } ++ + SwingUtilities.invokeLater(new Runnable() { + @Override + public void run() { +- final int preferredWidth = 500; +- final int preferredHeight = 400; +- +- URL splashImageURL = file.getInformation().getIconLocation( +- IconDesc.SPLASH, preferredWidth, preferredHeight); + if (splashImageURL != null) { +- ResourceTracker resourceTracker = new ResourceTracker(true); +- resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy); + synchronized(mutex) { +- splashScreen = new JNLPSplashScreen(resourceTracker, null, null); +- splashScreen.setSplashImageURL(splashImageURL); + if (splashScreen.isSplashScreenValid()) { + splashScreen.setVisible(true); + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java 2011-08-31 20:17:30.000000000 +0200 @@ -93,7 +93,7 @@ } line = line.trim(); - if (line.startsWith("[") && line.endsWith("]")) { + if (line.startsWith("[Profile") && line.endsWith("]")) { if (foundDefaultSection) { break; } @@ -115,7 +115,7 @@ reader.close(); } - if (!foundDefaultSection) { + if (!foundDefaultSection && linesInSection.size() == 0) { throw new FileNotFoundException("preferences file"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java 2011-08-31 20:17:31.000000000 +0200 @@ -115,7 +115,6 @@ setDefaultCloseOperation(WindowConstants.DISPOSE_ON_CLOSE); pack(); setMinimumSize(getPreferredSize()); - setResizable(false); } private JPanel createTopPanel() { @@ -232,9 +231,23 @@ // Add panels. final JPanel settingsPanel = new JPanel(new CardLayout()); + + // Calculate largest minimum size we should use. + int height = 0; + int width = 0; + for (SettingsPanel panel : panels) { + JPanel p = panel.getPanel(); + Dimension d = p.getMinimumSize(); + if (d.height > height) + height = d.height; + if (d.width > width) + width = d.width; + } + Dimension dim = new Dimension(width, height); + for (SettingsPanel panel : panels) { JPanel p = panel.getPanel(); - p.setPreferredSize(new Dimension(530, 360)); + p.setPreferredSize(dim); settingsPanel.add(p, panel.toString()); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java 2011-08-31 20:17:31.000000000 +0200 @@ -25,6 +25,7 @@ import java.awt.FlowLayout; import java.awt.GridBagConstraints; import java.awt.GridBagLayout; +import java.awt.GridLayout; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.awt.event.ItemEvent; @@ -108,8 +109,8 @@ this.description.add(description[i], String.valueOf(i - 1)); // Settings for selecting Proxy Server - JPanel proxyServerPanel = new JPanel(new BorderLayout()); - JPanel proxyLocationPanel = new JPanel(new FlowLayout(FlowLayout.LEADING)); + JPanel proxyServerPanel = new JPanel(new GridLayout(0, 1)); + JPanel proxyLocationPanel = new JPanel(new GridBagLayout()); JPanel proxyBypassPanel = new JPanel(new FlowLayout(FlowLayout.LEADING)); JLabel addressLabel = new JLabel(Translator.R("NSAddress") + ":"); @@ -140,17 +141,24 @@ config.setProperty(properties[3], String.valueOf(e.getStateChange() == ItemEvent.SELECTED)); } }); - proxyLocationPanel.add(Box.createRigidArea(new Dimension(13, 0))); - proxyLocationPanel.add(addressLabel); - proxyLocationPanel.add(addressField); - proxyLocationPanel.add(portLabel); - proxyLocationPanel.add(portField); - proxyLocationPanel.add(advancedProxyButton); - proxyBypassPanel.add(Box.createRigidArea(new Dimension(10, 0))); + c.gridy = 0; + c.gridx = GridBagConstraints.RELATIVE; + c.weightx = 0; + proxyLocationPanel.add(Box.createHorizontalStrut(20), c); + proxyLocationPanel.add(addressLabel, c); + c.weightx = 1; + proxyLocationPanel.add(addressField, c); + c.weightx = 0; + proxyLocationPanel.add(portLabel, c); + c.weightx = 1; + proxyLocationPanel.add(portField, c); + c.weightx = 0; + proxyLocationPanel.add(advancedProxyButton, c); + proxyBypassPanel.add(Box.createHorizontalStrut(5)); proxyBypassPanel.add(bypassCheckBox); - proxyServerPanel.add(proxyLocationPanel, BorderLayout.CENTER); - proxyServerPanel.add(proxyBypassPanel, BorderLayout.SOUTH); + proxyServerPanel.add(proxyLocationPanel); + proxyServerPanel.add(proxyBypassPanel); JRadioButton directConnection = new JRadioButton(Translator.R("NSDirectConnection"), config.getProperty(properties[0]).equals("0")); directConnection.setActionCommand("0"); @@ -175,15 +183,20 @@ modeSelect.add(directConnection); // Settings for Automatic Proxy Configuration Script - JPanel proxyAutoPanel = new JPanel(new FlowLayout(FlowLayout.LEADING)); + JPanel proxyAutoPanel = new JPanel(new GridBagLayout()); JLabel locationLabel = new JLabel(Translator.R("NSScriptLocation") + ":"); final JTextField locationField = new JTextField(config.getProperty(properties[4]), 20); locationField.getDocument().addDocumentListener(new DocumentAdapter(config, properties[4])); - proxyAutoPanel.add(Box.createRigidArea(new Dimension(13, 0))); - proxyAutoPanel.add(locationLabel); - proxyAutoPanel.add(locationField); + c.gridx = 0; + proxyAutoPanel.add(Box.createHorizontalStrut(20), c); + c.gridx = GridBagConstraints.RELATIVE; + proxyAutoPanel.add(locationLabel, c); + c.weightx = 1; + proxyAutoPanel.add(locationField, c); + c.weighty = 0; + c.gridx = 0; c.gridy = 0; settingPanel.add(networkDesc, c); c.gridy = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java 1970-01-01 01:00:00.000000000 +0100 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java 2011-09-28 21:27:53.000000000 +0200 @@ -0,0 +1,174 @@ +/* CachedJarFileCallback.java + Copyright (C) 2011 Red Hat, Inc. + Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. +*/ + +package net.sourceforge.jnlp.runtime; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import java.util.jar.JarFile; + +import net.sourceforge.jnlp.util.UrlUtils; + +import sun.net.www.protocol.jar.URLJarFile; +import sun.net.www.protocol.jar.URLJarFileCallBack; + +/** + * Invoked by URLJarFile to get a JarFile corresponding to a URL. + * + * Large parts of this class are based on JarFileFactory and URLJarFile. + */ +final class CachedJarFileCallback implements URLJarFileCallBack { + + private static final CachedJarFileCallback INSTANCE = new CachedJarFileCallback(); + + public synchronized static CachedJarFileCallback getInstance() { + return INSTANCE; + } + + /* our managed cache */ + private final Map<URL, URL> mapping; + + private CachedJarFileCallback() { + mapping = new ConcurrentHashMap<URL, URL>(); + } + + protected void addMapping(URL remoteUrl, URL localUrl) { + mapping.put(remoteUrl, localUrl); + } + + @Override + public JarFile retrieve(URL url) throws IOException { + URL localUrl = mapping.get(url); + + if (localUrl == null) { + /* + * If the jar url is not known, treat it as it would be treated in + * general by URLJarFile. + */ + return cacheJarFile(url); + } + + if (UrlUtils.isLocalFile(localUrl)) { + // if it is known to us, just return the cached file + JarFile returnFile = new JarFile(localUrl.getPath()); + + try { + + // Blank out the class-path because: + // 1) Web Start does not support it + // 2) For the plug-in, we want to cache files from class-path so we do it manually + returnFile.getManifest().getMainAttributes().putValue("Class-Path", ""); + + if (JNLPRuntime.isDebug()) { + System.err.println("Class-Path attribute cleared for " + returnFile.getName()); + } + + } catch (NullPointerException npe) { + // Discard NPE here. Maybe there was no manifest, maybe there were no attributes, etc. + } + + return returnFile; + } else { + // throw new IllegalStateException("a non-local file in cache"); + return null; + } + + } + + /* + * This method is a copy of URLJarFile.retrieve() without the callback check. + */ + private JarFile cacheJarFile(URL url) throws IOException { + JarFile result = null; + + final int BUF_SIZE = 2048; + + /* get the stream before asserting privileges */ + final InputStream in = url.openConnection().getInputStream(); + + try { + result = + AccessController.doPrivileged(new PrivilegedExceptionAction<JarFile>() { + @Override + public JarFile run() throws IOException { + OutputStream out = null; + File tmpFile = null; + try { + tmpFile = File.createTempFile("jar_cache", null); + tmpFile.deleteOnExit(); + out = new FileOutputStream(tmpFile); + int read = 0; + byte[] buf = new byte[BUF_SIZE]; + while ((read = in.read(buf)) != -1) { + out.write(buf, 0, read); + } + out.close(); + out = null; + return new URLJarFile(tmpFile, null); + } catch (IOException e) { + if (tmpFile != null) { + tmpFile.delete(); + } + throw e; + } finally { + if (in != null) { + in.close(); + } + if (out != null) { + out.close(); + } + } + } + }); + } catch (PrivilegedActionException pae) { + throw (IOException) pae.getException(); + } + + return result; + } + +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java 2011-09-28 21:27:53.000000000 +0200 @@ -32,6 +32,7 @@ import java.security.PermissionCollection; import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; @@ -147,7 +148,7 @@ /** File entries in the jar files available to this classloader */ private TreeSet<String> jarEntries = new TreeSet<String>(); - /** Map of specific codesources to securitydesc */ + /** Map of specific original (remote) CodeSource Urls to securitydesc */ private HashMap<URL, SecurityDesc> jarLocationSecurityMap = new HashMap<URL, SecurityDesc>(); @@ -509,7 +510,7 @@ } } - jarLocationSecurityMap.put(location, jarSecurity); + jarLocationSecurityMap.put(jarDesc.getLocation(), jarSecurity); } catch (MalformedURLException mfe) { System.err.println(mfe.getMessage()); } @@ -731,7 +732,10 @@ try { URL fileURL = new URL("file://" + extractedJarLocation); - addURL(fileURL); + // there is no remote URL for this, so lets fake one + URL fakeRemote = new URL(jar.getLocation().toString() + "!" + je.getName()); + CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL); + addURL(fakeRemote); SecurityDesc jarSecurity = file.getSecurity(); @@ -752,7 +756,7 @@ codebase.getHost()); } - jarLocationSecurityMap.put(fileURL, jarSecurity); + jarLocationSecurityMap.put(fakeRemote, jarSecurity); } catch (MalformedURLException mfue) { if (JNLPRuntime.isDebug()) @@ -767,17 +771,25 @@ } - addURL(location); + addURL(jar.getLocation()); // there is currently no mechanism to cache files per // instance.. so only index cached files if (localFile != null) { + CachedJarFileCallback.getInstance().addMapping(jar.getLocation(), localFile.toURL()); + JarFile jarFile = new JarFile(localFile.getAbsolutePath()); Manifest mf = jarFile.getManifest(); - classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath())); + + if (file instanceof PluginBridge) { + classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath())); + } + JarIndex index = JarIndex.getJarIndex(jarFile, null); if (index != null) jarIndexes.add(index); + } else { + CachedJarFileCallback.getInstance().addMapping(jar.getLocation(), jar.getLocation()); } if (JNLPRuntime.isDebug()) @@ -1087,7 +1099,7 @@ * is downloaded. * @param desc the JARDesc for the new jar */ - private void addNewJar(JARDesc desc) { + private void addNewJar(final JARDesc desc) { available.add(desc); @@ -1097,11 +1109,71 @@ JNLPRuntime.getDefaultUpdatePolicy() ); - URL remoteURL = desc.getLocation(); + // Give read permissions to the cached jar file + AccessController.doPrivileged(new PrivilegedAction<Void>() { + public Void run() { + Permission p = CacheUtil.getReadPermission(desc.getLocation(), + desc.getVersion()); + + resourcePermissions.add(p); + + return null; + } + }); + + final URL remoteURL = desc.getLocation(); + final URL cachedUrl = tracker.getCacheURL(remoteURL); // blocks till download + + available.remove(desc); // Resource downloaded. Remove from available list. + + try { + + // Verify if needed + + final JarSigner signer = new JarSigner(); + final List<JARDesc> jars = new ArrayList<JARDesc>(); + jars.add(desc); + + // Decide what level of security this jar should have + // The verification and security setting functions rely on + // having AllPermissions as those actions normally happen + // during initialization. We therefore need to do those + // actions as privileged. + + AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { + public Void run() throws Exception { + signer.verifyJars(jars, tracker); + + if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) { + checkTrustWithUser(signer); + } + + final SecurityDesc security; + if (signer.anyJarsSigned()) { + security = new SecurityDesc(file, + SecurityDesc.ALL_PERMISSIONS, + file.getCodeBase().getHost()); + } else { + security = new SecurityDesc(file, + SecurityDesc.SANDBOX_PERMISSIONS, + file.getCodeBase().getHost()); + } + + jarLocationSecurityMap.put(remoteURL, security); + + return null; + } + }); + + addURL(remoteURL); + CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl); - URL u = tracker.getCacheURL(remoteURL); - if (u != null) { - addURL(u); + } catch (Exception e) { + // Do nothing. This code is called by loadClass which cannot + // throw additional exceptions. So instead, just ignore it. + // Exception => jar will not get added to classpath, which will + // result in CNFE from loadClass. + e.printStackTrace(); } } @@ -1295,7 +1367,7 @@ /** * Returns the security descriptor for given code source URL * - * @param source The code source + * @param source the origin (remote) url of the code * @return The SecurityDescriptor for that source */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java 2011-08-31 20:17:31.000000000 +0200 @@ -35,6 +35,8 @@ import javax.swing.UIManager; import javax.swing.text.html.parser.ParserDelegator; +import sun.net.www.protocol.jar.URLJarFile; + import net.sourceforge.jnlp.*; import net.sourceforge.jnlp.browser.BrowserAwareProxySelector; import net.sourceforge.jnlp.cache.*; @@ -237,6 +239,8 @@ Security.setProperty("package.access", Security.getProperty("package.access")+",net.sourceforge.jnlp"); + URLJarFile.setCallBack(CachedJarFileCallback.getInstance()); + initialized = true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java 2011-10-28 20:42:53.000000000 +0200 @@ -281,75 +281,7 @@ // } // } - try { - super.checkPermission(perm); - } catch (SecurityException se) { - - //This section is a special case for dealing with SocketPermissions. - if (JNLPRuntime.isDebug()) - System.err.println("Requesting permission: " + perm.toString()); - - //Change this SocketPermission's action to connect and accept - //(and resolve). This is to avoid asking for connect permission - //on every address resolve. - Permission tmpPerm = null; - if (perm instanceof SocketPermission) { - tmpPerm = new SocketPermission(perm.getName(), - SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION); - - // before proceeding, check if we are trying to connect to same origin - ApplicationInstance app = getApplication(); - JNLPFile file = app.getJNLPFile(); - - String srcHost = file.getSourceLocation().getAuthority(); - String destHost = name; - - // host = abc.xyz.com or abc.xyz.com:<port> - if (destHost.indexOf(':') >= 0) - destHost = destHost.substring(0, destHost.indexOf(':')); - - // host = abc.xyz.com - String[] hostComponents = destHost.split("\."); - - int length = hostComponents.length; - if (length >= 2) { - - // address is in xxx.xxx.xxx format - destHost = hostComponents[length - 2] + "." + hostComponents[length - 1]; - - // host = xyz.com i.e. origin - boolean isDestHostName = false; - - // make sure that it is not an ip address - try { - Integer.parseInt(hostComponents[length - 1]); - } catch (NumberFormatException e) { - isDestHostName = true; - } - - if (isDestHostName) { - // okay, destination is hostname. Now figure out if it is a subset of origin - if (srcHost.endsWith(destHost)) { - addPermission(tmpPerm); - return; - } - } - } - } else { - tmpPerm = perm; - } - - if (tmpPerm != null) { - //askPermission will only prompt the user on SocketPermission - //meaning we're denying all other SecurityExceptions that may arise. - if (askPermission(tmpPerm)) { - addPermission(tmpPerm); - //return quietly. - } else { - throw se; - } - } - } + super.checkPermission(perm); } catch (SecurityException ex) { if (JNLPRuntime.isDebug()) { System.out.println("Denying permission: " + perm); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/SecurityDialogs.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/security/SecurityDialogs.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/SecurityDialogs.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/security/SecurityDialogs.java 2011-09-28 21:27:48.000000000 +0200 @@ -181,6 +181,8 @@ * @param accessType the type of warning dialog to show * @param file the JNLPFile associated with this warning * @param jarSigner the JarSigner used to verify this application + * + * @return true if the user accepted the certificate */ public static boolean showCertWarningDialog(AccessType accessType, JNLPFile file, CertVerifier jarSigner) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java 2011-09-28 21:27:48.000000000 +0200 @@ -37,7 +37,9 @@ package net.sourceforge.jnlp.security; +import java.security.AccessController; import java.security.KeyStore; +import java.security.PrivilegedAction; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -224,16 +226,20 @@ // need to prompt the user if (!isExplicitlyTrusted(chain, authType)) { - try { - HostnameChecker checker = HostnameChecker - .getInstance(HostnameChecker.TYPE_TLS); - - checker.match(hostName, chain[0]); // only need to match @ 0 for - // CN - - } catch (CertificateException e) { + if (hostName == null) { CNMatched = false; - ce = e; + } else { + try { + HostnameChecker checker = HostnameChecker + .getInstance(HostnameChecker.TYPE_TLS); + + checker.match(hostName, chain[0]); // only need to match @ 0 for + // CN + + } catch (CertificateException e) { + CNMatched = false; + ce = e; + } } } @@ -375,14 +381,20 @@ * @param authType The authentication algorithm * @return user's response */ - private boolean askUser(X509Certificate[] chain, String authType, - boolean isTrusted, boolean hostMatched, - String hostName) { - return SecurityDialogs.showCertWarningDialog( + private boolean askUser(final X509Certificate[] chain, final String authType, + final boolean isTrusted, final boolean hostMatched, + final String hostName) { + final VariableX509TrustManager trustManager = this; + return AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + @Override + public Boolean run() { + return SecurityDialogs.showCertWarningDialog( AccessType.UNVERIFIED, null, - new HttpsCertVerifier(this, chain, authType, + new HttpsCertVerifier(trustManager, chain, authType, isTrusted, hostMatched, hostName)); + } + }); } /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java 2011-08-31 20:17:31.000000000 +0200 @@ -42,6 +42,7 @@ import java.awt.BorderLayout; import java.awt.Dimension; import java.awt.FlowLayout; +import java.awt.GridLayout; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.awt.event.KeyEvent; @@ -241,6 +242,8 @@ closePanel.add(closeButton, BorderLayout.EAST); main.add(closePanel, BorderLayout.SOUTH); } + + setLayout(new GridLayout(0,1)); add(main); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/services/XExtendedService.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/services/XExtendedService.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/services/XExtendedService.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/services/XExtendedService.java 2011-08-31 20:17:31.000000000 +0200 @@ -34,10 +34,12 @@ public FileContents openFile(File file) throws IOException { + File secureFile = new File(file.getPath()); + /* FIXME: this opens a file with read/write mode, not just read or write */ - if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) { + if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) { return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class, - new XFileContents(file)); + new XFileContents(secureFile)); } else { return null; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/services/XFileContents.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/services/XFileContents.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/services/XFileContents.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/services/XFileContents.java 2011-08-31 20:17:31.000000000 +0200 @@ -34,7 +34,8 @@ * Create a file contents implementation for the file. */ protected XFileContents(File file) { - this.file = file; + // create a safe copy + this.file = new File(file.getPath()); } /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/tools/JarSigner.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/tools/JarSigner.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/tools/JarSigner.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/tools/JarSigner.java 2011-08-31 20:17:31.000000000 +0200 @@ -284,7 +284,7 @@ if (shouldHaveSignature) totalSignableEntries++; - if (isSigned) { + if (shouldHaveSignature && isSigned) { for (int i = 0; i < signers.length; i++) { CertPath certPath = signers[i].getSignerCertPath(); if (!certs.containsKey(certPath)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/netx/net/sourceforge/jnlp/util/UrlUtils.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/util/UrlUtils.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/util/UrlUtils.java 1970-01-01 01:00:00.000000000 +0100 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/util/UrlUtils.java 2011-08-31 20:17:31.000000000 +0200 @@ -0,0 +1,53 @@ +/* UrlUtils.java + Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. +*/ + +package net.sourceforge.jnlp.util; + +import java.net.URL; + +public class UrlUtils { + + public static boolean isLocalFile(URL url) { + + if (url.getProtocol().equals("file") && + (url.getAuthority() == null || url.getAuthority().equals("")) && + (url.getHost() == null || url.getHost().equals(("")))) { + return true; + } + return false; + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/plugin/icedteanp/java/netscape/security/PrivilegeManager.java new/icedtea-web-1.1.4/plugin/icedteanp/java/netscape/security/PrivilegeManager.java --- old/icedtea-web-1.1/plugin/icedteanp/java/netscape/security/PrivilegeManager.java 1970-01-01 01:00:00.000000000 +0100 +++ new/icedtea-web-1.1.4/plugin/icedteanp/java/netscape/security/PrivilegeManager.java 2011-08-31 20:17:31.000000000 +0200 @@ -0,0 +1,75 @@ +/* + PrivilegeManager.java + Copyright (C) 2011 Red Hat + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. +*/ + +/** + * + * This class does not implement any functionality and exists for backward + * compatibility only. + * + * At one point Netscape required applets to request specific permissions to + * do things. This is not longer the case with IcedTea-Web (and other modern + * plug-ins). However because some old applets may still have code calling + * this class, an empty stub is needed to prevent a ClassNotFoundException. + * + */ + +package netscape.security; + +import sun.applet.PluginDebug; + +public class PrivilegeManager { + + /** + * Stub for enablePrivilege. Not used by IcedTea-Web, kept for compatibility + * + * @param privilege + */ + public static void enablePrivilege(String privilege) { + PluginDebug.debug("netscape.security.enablePrivilege stub called"); + } + + /** + * Stub for disablePrivilege. Not used by IcedTea-Web, kept for compatibility + * + * @param privilege + */ + public static void disablePrivilege(String privilege) { + PluginDebug.debug("netscape.security.disablePrivilege stub called"); + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/icedtea-web-1.1/plugin/icedteanp/java/sun/applet/PluginStreamHandler.java new/icedtea-web-1.1.4/plugin/icedteanp/java/sun/applet/PluginStreamHandler.java --- old/icedtea-web-1.1/plugin/icedteanp/java/sun/applet/PluginStreamHandler.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.4/plugin/icedteanp/java/sun/applet/PluginStreamHandler.java 2011-08-31 20:17:31.000000000 +0200 @@ -113,18 +113,58 @@ listenerThread.start(); } + /** + * Given a string, reads the first two (space separated) tokens. + * + * @param message The string to read + * @param start The position to start reading at + * @param array The array into which the first two tokens are placed + * @return Position where the next token starts + */ + private int readPair(String message, int start, String[] array) { + + int end = start; + array[0] = null; + array[1] = null; + + if (message.length() > start) { + int firstSpace = message.indexOf(' ', start); + if (firstSpace == -1) { + array[0] = message.substring(start); + end = message.length(); + } else { + array[0] = message.substring(start, firstSpace); + if (message.length() > firstSpace + 1) { + int secondSpace = message.indexOf(' ', firstSpace + 1); + if (secondSpace == -1) { + array[1] = message.substring(firstSpace + 1); + end = message.length(); + } else { + array[1] = message.substring(firstSpace + 1, secondSpace); + end = secondSpace + 1; + } + } + } + } + + PluginDebug.debug("readPair: '", array[0], "' - '", array[1], "' ", end); + return end; + } + public void handleMessage(String message) throws PluginException { - int nextIndex = 0; int reference = -1; String src = null; String[] privileges = null; String rest = ""; + String[] msgComponents = new String[2]; + int pos = 0; + int oldPos = 0; - String[] msgComponents = message.split(" "); - - if (msgComponents.length < 2) + pos = readPair(message, oldPos, msgComponents); + if (msgComponents[0] == null || msgComponents[1] == null) { return; + } if (msgComponents[0].startsWith("plugin")) { handlePluginMessage(message); @@ -134,38 +174,38 @@ // type and identifier are guaranteed to be there String type = msgComponents[0]; final int identifier = Integer.parseInt(msgComponents[1]); - nextIndex = 2; // reference, src and privileges are optional components, // and are guaranteed to be in that order, if they occur + oldPos = pos; + pos = readPair(message, oldPos, msgComponents); // is there a reference ? - if (msgComponents[nextIndex].equals("reference")) { - reference = Integer.parseInt(msgComponents[nextIndex + 1]); - nextIndex += 2; + if ("reference".equals(msgComponents[0])) { + reference = Integer.parseInt(msgComponents[1]); + oldPos = pos; + pos = readPair(message, oldPos, msgComponents); } // is there a src? - if (msgComponents[nextIndex].equals("src")) { - src = msgComponents[nextIndex + 1]; - nextIndex += 2; + if ("src".equals(msgComponents[0])) { + src = msgComponents[1]; + oldPos = pos; + pos = readPair(message, oldPos, msgComponents); } // is there a privileges? - if (msgComponents[nextIndex].equals("privileges")) { - String privs = msgComponents[nextIndex + 1]; + if ("privileges".equals(msgComponents[0])) { + String privs = msgComponents[1]; privileges = privs.split(","); - nextIndex += 2; + oldPos = pos; } // rest - for (int i = nextIndex; i < msgComponents.length; i++) { - rest += msgComponents[i]; - rest += " "; + if (message.length() > oldPos) { + rest = message.substring(oldPos); } - rest = rest.trim(); - try { PluginDebug.debug("Breakdown -- type: ", type, " identifier: ", identifier, " reference: ", reference, " src: ", src, " privileges: ", privileges, " rest: "", rest, """); ++++++ icedtea-web-npapi-sdk-r5.patch ++++++ Index: icedtea-web-1.1.3/plugin/icedteanp/IcedTeaNPPlugin.cc =================================================================== --- icedtea-web-1.1.3.orig/plugin/icedteanp/IcedTeaNPPlugin.cc 2011-10-24 10:44:26.000000000 +0200 +++ icedtea-web-1.1.3/plugin/icedteanp/IcedTeaNPPlugin.cc 2011-10-24 10:45:53.357149850 +0200 @@ -2262,7 +2262,7 @@ // Returns a string describing the MIME type that this plugin // handles. -char* +const char* NP_GetMIMEDescription () { PLUGIN_DEBUG ("NP_GetMIMEDescription\n"); ++++++ icedtea-web-suse-desktop-files.patch ++++++ --- /var/tmp/diff_new_pack.EaqdJA/_old 2011-11-14 17:01:33.000000000 +0100 +++ /var/tmp/diff_new_pack.EaqdJA/_new 2011-11-14 17:01:33.000000000 +0100 @@ -12,4 +12,4 @@ Terminal=false Type=Application -Categories=Settings; -+Categories=System;Network ++Categories=Settings;DesktopSettings; continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org