Changeset: fb2ccb7c50c7 Author: wetmore Date: 2008-08-22 18:48 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/fb2ccb7c50c7
6497740: Limit the size of RSA public keys Reviewed-by: andreas, valeriep, vinnie ! src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java ! src/share/classes/sun/security/pkcs11/P11KeyStore.java ! src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java ! src/share/classes/sun/security/pkcs11/SunPKCS11.java ! src/share/classes/sun/security/rsa/RSAKeyFactory.java ! src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java ! src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java ! src/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java ! src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java ! src/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java ! src/windows/classes/sun/security/mscapi/RSASignature.java Changeset: 8e51a219fc3b Author: weijun Date: 2008-10-01 10:01 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8e51a219fc3b 6588160: jaas krb5 client leaks OS-level UDP sockets (all platforms) Reviewed-by: jccollet, chegar ! src/share/classes/sun/security/krb5/KrbKdcReq.java ! src/share/classes/sun/security/krb5/internal/UDPClient.java Changeset: 150a441a305d Author: ksrini Date: 2008-09-04 09:43 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/150a441a305d 6733959: Insufficient checks for "Main-Class" manifest entry in JAR files Summary: Fixes a buffer overrun problem with a very long Main-Class attribute. Reviewed-by: darcy ! src/share/bin/emessages.h ! src/share/bin/java.c ! test/tools/launcher/MultipleJRE.sh + test/tools/launcher/ZipMeUp.java Changeset: ec336f0e23f4 Author: okutsu Date: 2008-10-02 16:49 +0900 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ec336f0e23f4 6734167: Calendar.readObject allows elevation of privileges Reviewed-by: peytoia ! src/share/classes/java/util/Calendar.java Changeset: 135c5fe2ee42 Author: bae Date: 2008-10-02 20:37 +0400 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/135c5fe2ee42 6726779: ConvolveOp on USHORT raster can cause the JVM crash. Reviewed-by: igor, prr ! src/share/native/sun/awt/medialib/awt_ImagingLib.c + test/java/awt/image/ConvolveOp/EdgeNoOpCrash.java Changeset: 9d1033f65e4b Author: alanb Date: 2008-10-09 21:12 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/9d1033f65e4b 6721753: File.createTempFile produces guessable file names Reviewed-by: sherman ! src/share/classes/java/io/File.java Changeset: 3c567ab34788 Author: ksrini Date: 2008-10-17 09:43 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3c567ab34788 6755943: Java JAR Pack200 Decompression should enforce stricter header checks Summary: Fixes a core dump when fed with a faulty pack file and related malicious take over Reviewed-by: jrose ! make/common/shared/Defs-windows.gmk ! src/share/native/com/sun/java/util/jar/pack/bytes.cpp ! src/share/native/com/sun/java/util/jar/pack/defines.h ! src/share/native/com/sun/java/util/jar/pack/main.cpp ! src/share/native/com/sun/java/util/jar/pack/unpack.cpp ! src/share/native/com/sun/java/util/jar/pack/unpack.h ! src/share/native/com/sun/java/util/jar/pack/utils.cpp ! src/share/native/com/sun/java/util/jar/pack/utils.h + test/tools/pack200/MemoryAllocatorTest.java Changeset: 0291de857e51 Author: bae Date: 2008-12-03 13:34 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0291de857e51 6766136: corrupted gif image may cause crash in java splashscreen library. Reviewed-by: prr, art ! src/share/native/sun/awt/splashscreen/splashscreen_gfx_impl.h ! src/share/native/sun/awt/splashscreen/splashscreen_gif.c Changeset: dfb09d805b2d Author: prr Date: 2008-12-24 15:48 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dfb09d805b2d 6652463: MediaSize constructors allow to redefine the mapping of standard MediaSizeName values Reviewed-by: igor, jgodinez ! src/share/classes/javax/print/attribute/standard/MediaSize.java + test/javax/print/attribute/MediaMappingsTest.java Changeset: a8ec0998704e Author: weijun Date: 2008-12-30 10:42 +0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a8ec0998704e 6717680: LdapCtx does not close the connection if initialization fails Reviewed-by: vinnie, xuelei ! src/share/classes/com/sun/jndi/ldap/LdapCtx.java Changeset: 6a4e03cc03bb Author: prr Date: 2009-01-05 11:28 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6a4e03cc03bb 6632886: Font.createFont can be persuaded to leak temporary files 6522586: Enforce limits on Font creation 6652929: Font.createFont(int,File) trusts File.getPath Reviewed-by: igor ! src/share/classes/java/awt/Font.java + src/share/classes/sun/font/CreatedFontTracker.java ! src/share/classes/sun/font/FileFont.java ! src/share/classes/sun/font/FontManager.java + test/java/awt/FontClass/CreateFont/A.ttf + test/java/awt/FontClass/CreateFont/BigFont.java + test/java/awt/FontClass/CreateFont/DeleteFont.java + test/java/awt/FontClass/CreateFont/DeleteFont.sh + test/java/awt/FontClass/CreateFont/bigfont.html + test/java/awt/FontClass/CreateFont/fileaccess/FontFile.java Changeset: 392c4225d636 Author: ksrini Date: 2009-02-18 14:14 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/392c4225d636 6792554: Java JAR Pack200 header checks are insufficent Summary: Added several checks to ensure that the values read from the headers are consistent Reviewed-by: jrose ! src/share/native/com/sun/java/util/jar/pack/bands.cpp ! src/share/native/com/sun/java/util/jar/pack/coding.cpp ! src/share/native/com/sun/java/util/jar/pack/defines.h ! src/share/native/com/sun/java/util/jar/pack/unpack.cpp - test/tools/pack200/MemoryAllocatorTest.java Changeset: 7f4cf1eb7586 Author: bae Date: 2009-02-20 13:48 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7f4cf1eb7586 6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8] Reviewed-by: prr ! src/share/native/sun/awt/splashscreen/splashscreen_gif.c ! src/share/native/sun/awt/splashscreen/splashscreen_impl.h ! src/share/native/sun/awt/splashscreen/splashscreen_png.c Changeset: dedf9366f289 Author: prr Date: 2009-03-03 16:10 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/dedf9366f289 2163516: Font.createFont can be persuaded to leak temporary files Reviewed-by: igor ! src/share/classes/sun/font/FontManager.java ! src/share/classes/sun/font/TrueTypeFont.java ! src/share/classes/sun/font/Type1Font.java ! test/java/awt/FontClass/CreateFont/DeleteFont.java Changeset: 7f6c1ce75629 Author: bae Date: 2009-03-05 19:36 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7f6c1ce75629 6804998: JRE GIF Decoding Heap Corruption [V-y6g5jlm8e1] Reviewed-by: prr ! src/share/classes/sun/awt/image/GifImageDecoder.java ! src/share/native/sun/awt/image/gif/gifdecoder.c Changeset: 51f13571014c Author: bae Date: 2009-03-06 12:40 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/51f13571014c 6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp] Reviewed-by: prr ! src/share/native/sun/awt/giflib/dgif_lib.c Changeset: 2e34ef54a93a Author: michaelm Date: 2009-03-10 03:18 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2e34ef54a93a 6630639: lightweight HttpServer leaks file descriptors on no-data connections Summary: not cleaning up no-data connections properly Reviewed-by: chegar ! src/share/classes/sun/net/httpserver/Request.java ! src/share/classes/sun/net/httpserver/ServerImpl.java Changeset: 21e38c573956 Author: dfuchs Date: 2009-03-09 21:49 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/21e38c573956 6656633: getNotificationInfo methods static mutable Reviewed-by: emcmanus, jfdenise ! src/share/classes/javax/management/monitor/CounterMonitor.java ! src/share/classes/javax/management/monitor/GaugeMonitor.java ! src/share/classes/javax/management/monitor/StringMonitor.java Changeset: ea88236be621 Author: dfuchs Date: 2009-03-10 12:28 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ea88236be621 Merge Changeset: 8cdfcdea53cb Author: dfuchs Date: 2009-03-09 22:17 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8cdfcdea53cb 6691246: Thread context class loader can be set using JMX remote ClientNotifForwarded Reviewed-by: emcmanus ! src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java Changeset: 09b17f679cbd Author: dfuchs Date: 2009-03-10 12:36 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/09b17f679cbd Merge Changeset: 13dfb2c46091 Author: dfuchs Date: 2009-03-09 22:34 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/13dfb2c46091 6610888: Potential use of cleared of incorrect acc in JMX Monitor Reviewed-by: emcmanus ! src/share/classes/javax/management/monitor/Monitor.java Changeset: de520a184ddb Author: dfuchs Date: 2009-03-10 12:47 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/de520a184ddb Merge Changeset: 8062f8c51a88 Author: dfuchs Date: 2009-03-09 22:49 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/8062f8c51a88 6610896: JMX Monitor handles thread groups incorrectly Reviewed-by: emcmanus ! src/share/classes/javax/management/monitor/Monitor.java Changeset: e1d79edaf7a0 Author: dfuchs Date: 2009-03-10 12:55 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e1d79edaf7a0 Merge ! src/share/classes/javax/management/monitor/Monitor.java Changeset: 3265fb461090 Author: dfuchs Date: 2009-03-09 23:50 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3265fb461090 6721651: Security problem with out-of-the-box management Reviewed-by: emcmanus, lmalvent ! src/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java ! src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java ! src/share/lib/management/jmxremote.access Changeset: 6ed878e5a5d4 Author: dfuchs Date: 2009-03-10 14:29 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6ed878e5a5d4 Merge Changeset: 255dcd4f19b6 Author: vinnie Date: 2009-03-10 18:43 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/255dcd4f19b6 6737315: LDAP serialized data vulnerability Reviewed-by: alanb ! src/share/classes/com/sun/jndi/ldap/VersionHelper12.java Changeset: e51956c74e5c Author: asaha Date: 2009-04-16 21:08 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e51956c74e5c Merge ! make/common/shared/Defs-windows.gmk ! src/share/bin/emessages.h ! src/share/bin/java.c ! src/share/classes/com/sun/jmx/remote/internal/ClientNotifForwarder.java ! src/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java ! src/share/classes/java/awt/Font.java ! src/share/classes/java/io/File.java ! src/share/classes/java/util/Calendar.java ! src/share/classes/javax/management/monitor/CounterMonitor.java ! src/share/classes/javax/management/monitor/GaugeMonitor.java ! src/share/classes/javax/management/monitor/Monitor.java ! src/share/classes/sun/font/FontManager.java ! src/share/classes/sun/font/TrueTypeFont.java ! src/share/classes/sun/font/Type1Font.java ! src/share/classes/sun/net/httpserver/Request.java ! src/share/classes/sun/net/httpserver/ServerImpl.java ! src/share/native/com/sun/java/util/jar/pack/bands.cpp ! src/share/native/com/sun/java/util/jar/pack/bytes.cpp ! src/share/native/com/sun/java/util/jar/pack/coding.cpp ! src/share/native/com/sun/java/util/jar/pack/defines.h ! src/share/native/com/sun/java/util/jar/pack/main.cpp ! src/share/native/com/sun/java/util/jar/pack/unpack.cpp ! src/share/native/com/sun/java/util/jar/pack/unpack.h ! src/share/native/com/sun/java/util/jar/pack/utils.cpp ! src/share/native/com/sun/java/util/jar/pack/utils.h Changeset: 16c5e63f32d2 Author: asaha Date: 2009-04-16 22:47 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/16c5e63f32d2 Merge - src/share/native/java/util/zip/ZipEntry.c Changeset: a498d2817bef Author: asaha Date: 2009-04-17 09:21 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a498d2817bef Merge
