Hello community, here is the log from the commit of package icedtea-web for openSUSE:Factory checked in at Tue Sep 6 16:02:41 CEST 2011.
-------- --- icedtea-web/icedtea-web.changes 2011-07-20 15:19:15.000000000 +0200 +++ /mounts/work_src_done/STABLE/icedtea-web/icedtea-web.changes 2011-09-02 12:11:01.000000000 +0200 @@ -1,0 +2,13 @@ +Fri Sep 2 09:36:00 UTC 2011 - [email protected] + +- update to 1.1.2 + * PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow + * RH718693: MindTerm SSH Applet doesn’t work + * PR768: Signed applets/Web Start apps don’t work with OpenJDK7 and up + * PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7 + * RH734081: Javaws cannot use proxy settings from Firefox + * New (--with-jre-home=) option to allow use with only JRE installed +- use a common jre location libdir/jvm/jre instead of openjdk6 +- obsoleted CVE patches + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- icedtea-web-1.1-CVE-2011-2513.patch icedtea-web-1.1-CVE-2011-2514.patch icedtea-web-1.1.tar.gz New: ---- icedtea-web-1.1.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icedtea-web.spec ++++++ --- /var/tmp/diff_new_pack.lVsipW/_old 2011-09-06 16:02:18.000000000 +0200 +++ /var/tmp/diff_new_pack.lVsipW/_new 2011-09-06 16:02:18.000000000 +0200 @@ -43,14 +43,13 @@ %define javaplugin javaplugin %define pluginsdir %{_libdir}/browser-plugins -%define jredir jre-%{javaver}-openjdk %define sdkdir java-%{javaver}-openjdk-%{javaver} %define pluginpath %{_libdir} %define pluginname IcedTeaPlugin.so Name: icedtea-web -Version: 1.1 -Release: 4 +Version: 1.1.2 +Release: 1 Summary: Java Web Start and plugin implementation Group: Development/Languages/Java License: GPLv2 ; - with the OpenJDK Assembly Exception and the GNU Classpath Exception @@ -61,9 +60,6 @@ # https://bugzilla.mozilla.org/show_bug.cgi?id=582130 # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=622 Patch1: icedtea-web-1.1-moonlight-symbol-clash.patch -#PATCH-FIX-UPSTREAM: bnc#704309 -Patch2: icedtea-web-1.1-CVE-2011-2513.patch -Patch3: icedtea-web-1.1-CVE-2011-2514.patch Patch1000: icedtea-web-suse-desktop-files.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: java-1_6_0-openjdk-devel @@ -115,16 +111,13 @@ %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 %patch1000 -p1 %build -#XXX: This disallows usage of openjdk 7 %{configure} \ --with-jdk-home=%{_jvmdir}/%{sdkdir} \ - --with-java=%{jvmdir}/%{jredir}/bin/java \ + --with-jre-home=%{_jvmdir}/jre/ \ --docdir=%{_javadocdir}/%{name} \ --with-pkgversion=suse-%{release}-%{_arch} ++++++ icedtea-web-1.1.tar.gz -> icedtea-web-1.1.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/AUTHORS new/icedtea-web-1.1.2/AUTHORS --- old/icedtea-web-1.1/AUTHORS 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/AUTHORS 2011-08-31 19:28:19.000000000 +0200 @@ -3,6 +3,7 @@ Lillian Angel <[email protected]> Deepak Bhole <[email protected]> +Ricardo Martín Camarero <[email protected]> Thomas Fitzsimmons <[email protected]> Mark Greenwood <[email protected]> Andrew John Hughes <[email protected], [email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/ChangeLog new/icedtea-web-1.1.2/ChangeLog --- old/icedtea-web-1.1/ChangeLog 2011-06-08 23:59:06.000000000 +0200 +++ new/icedtea-web-1.1.2/ChangeLog 2011-08-31 19:30:00.000000000 +0200 @@ -1,3 +1,106 @@ +2011-08-31 Deepak Bhole <[email protected]> + + * NEWS: Prepare for 1.1.2 + * configure.ac: Same + +2011-08-29 Deepak Bhole <[email protected]> + + RH734081: Javaws cannot use proxy settings from Firefox + Based on patch from Lukas Zachar <lzachar at redhat dot com> + * netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java + (find): Only process Profile sections. Do not throw an exception if a + Default= line is not found since it is not guaranteed to exist. + +2011-08-24 Deepak Bhole <[email protected]> + + RH718693: MindTerm SSH Applet doesn't work + * plugin/icedteanp/java/netscape/security/PrivilegeManager.java: New + file. Stub class, not needed with IcedTea-Web. + +2011-08-23 Deepak Bhole <[email protected]> + + PR769: IcedTea-Web plugin does not work with some ssl sites with OpenJDK7 + * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java + (checkServerTrusted): Account for a null hostname that the + overloaded implementation may pass. + +2011-08-23 Omair Majid <[email protected]> + + * Makefile.am: Remove JRE. Replace uses with SYSTEM_JRE_DIR instead. Also + replace uses of SYSTEM_JDK_DIR/jre with SYSTEM_JRE_DIR. + * acinclude.m4 + (IT_CHECK_FOR_JRE): New macro. + (IT_FIND_JAVA): Require IT_CHECK_FOR_JRE. Use java binary from within the + JRE. + +2011-08-03 Deepak Bhole <[email protected]> + + PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up + * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): Put entry in + cert hashtable only if the entry is expected to be signed. + +2011-07-21 Deepak Bhole <[email protected]> + + PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow + Patch from: Ricardo Martín Camarero (Ricky) <rickyepoderi at yahoo dot es> + * plugin/icedteanp/java/sun/applet/PluginStreamHandler.java + (readPair): New function. + (handleMessage): Use readPair to incrementally tokenize message, rather + than using String.split(). + +2011-07-20 Deepak Bhole <[email protected]> + + * configure.ac: Prepare for 1.1.2 + * NEWS: Same + +2011-07-15 Deepak Bhole <[email protected]> + + * configure.ac: Prepare to release 1.1.1 + * NEWS: Same + +2011-07-14 Omair Majid <[email protected]> + + RH718170, CVE-2011-2514: Java Web Start security warning dialog + manipulation + * netx/net/sourceforge/jnlp/services/XExtendedService.java + (openFile): Create XContents based on a copy of the File object to prevent + overloaded File classes from mangling the name. + (XFileContents): Create a separate copy of File object for local use. + +2011-07-14 Omair Majid <[email protected]> + + RH718164, CVE-2011-2513: Home directory path disclosure to untrusted + applications + * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java: New file. + * netx/net/sourceforge/jnlp/util/UrlUtils.java: New file. + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: + jarLocationSecurityMap now contains originating urls, not cache urls. + (initializeResources): Add remote url to map instead of local url. + (activateJars): Add remote url to the classloader's urls. Add mapping for + remote to local url. Put remote url in jarLocationSecurityMap. + (loadClass): Add remote url to the classloader's urls. Add mapping for + remote to local url. + (getCodeSourceSecurity): Update javadoc to note that the url must be + remote. + * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java + (initialize): Set the callback for URLJarFile. + +2011-06-14 Andrew Su <[email protected]> + + * netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java: + (ControlPanel): Removed line that prevents resizing. + (createMainSettingsPanel): Detect the minimum size of panels instead + of fixed size. + * netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java: + (addComponents): Changed to update size when tool is being resized. + * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java + addComponents): Changed to a layout that will resize itself. + +2011-06-08 Deepak Bhole <[email protected]> + + * configure.ac: Prepare for 1.1.1 + * NEWS: Same + 2011-06-08 Deepak Bhole <[email protected]> * configure.ac: Update for release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/Makefile.am new/icedtea-web-1.1.2/Makefile.am --- old/icedtea-web-1.1/Makefile.am 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/Makefile.am 2011-08-31 19:28:19.000000000 +0200 @@ -43,7 +43,6 @@ # IllegalAccessException # - we want full privileges # -JRE='"$(SYSTEM_JDK_DIR)/jre"' LAUNCHER_BOOTCLASSPATH="-Xbootclasspath/a:$(datadir)/$(PACKAGE_NAME)/netx.jar$(RHINO_RUNTIME)" PLUGIN_BOOTCLASSPATH='"-Xbootclasspath/a:$(datadir)/$(PACKAGE_NAME)/netx.jar:$(datadir)/$(PACKAGE_NAME)/plugin.jar$(RHINO_RUNTIME)"' @@ -120,7 +119,7 @@ -e 's|[@]JAVAWS_BIN_LOCATION[@]|$(bindir)/$(javaws)|g' \ -e 's|[@]ITWEB_SETTINGS_BIN_LOCATION[@]|$(bindir)/$(itweb_settings)|g' \ -e 's|[@]JAVA[@]|$(JAVA)|g' \ - -e 's|[@]JRE[@]|$(JRE)|g' + -e 's|[@]JRE[@]|$(SYSTEM_JRE_DIR)|g' # Top-Level Targets # ================= @@ -208,7 +207,7 @@ -DPLUGIN_VERSION="\"$(PLUGIN_VERSION)\"" \ -DPACKAGE_URL="\"$(PACKAGE_URL)\"" \ -DMOZILLA_VERSION_COLLAPSED="$(MOZILLA_VERSION_COLLAPSED)" \ - -DICEDTEA_WEB_JRE=$(JRE) \ + -DICEDTEA_WEB_JRE="\"$(SYSTEM_JRE_DIR)\"" \ -DPLUGIN_BOOTCLASSPATH=$(PLUGIN_BOOTCLASSPATH) \ $(GLIB_CFLAGS) \ $(GTK_CFLAGS) \ @@ -530,13 +529,13 @@ ln -sf $(abs_top_builddir)/javac $(BOOT_DIR)/bin/javac ln -sf $(JAVADOC) $(BOOT_DIR)/bin/javadoc mkdir -p $(BOOT_DIR)/jre/lib && \ - ln -s $(SYSTEM_JDK_DIR)/jre/lib/rt.jar $(BOOT_DIR)/jre/lib && \ - if [ -e $(SYSTEM_JDK_DIR)/jre/lib/jsse.jar ] ; then \ - ln -s $(SYSTEM_JDK_DIR)/jre/lib/jsse.jar $(BOOT_DIR)/jre/lib ; \ + ln -s $(SYSTEM_JRE_DIR)/lib/rt.jar $(BOOT_DIR)/jre/lib && \ + if [ -e $(SYSTEM_JRE_DIR)/lib/jsse.jar ] ; then \ + ln -s $(SYSTEM_JRE_DIR)/lib/jsse.jar $(BOOT_DIR)/jre/lib ; \ else \ ln -s rt.jar $(BOOT_DIR)/jre/lib/jsse.jar ; \ fi - ln -sf $(SYSTEM_JDK_DIR)/jre/lib/$(JRE_ARCH_DIR) \ + ln -sf $(SYSTEM_JRE_DIR)/lib/$(JRE_ARCH_DIR) \ $(BOOT_DIR)/jre/lib/ && \ if ! test -d $(BOOT_DIR)/jre/lib/$(INSTALL_ARCH_DIR); \ then \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/Makefile.in new/icedtea-web-1.1.2/Makefile.in --- old/icedtea-web-1.1/Makefile.in 2011-06-08 23:59:15.000000000 +0200 +++ new/icedtea-web-1.1.2/Makefile.in 2011-08-31 19:30:56.000000000 +0200 @@ -143,6 +143,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SYSTEM_JDK_DIR = @SYSTEM_JDK_DIR@ +SYSTEM_JRE_DIR = @SYSTEM_JRE_DIR@ USING_ECJ = @USING_ECJ@ VERSION = @VERSION@ X11_CFLAGS = @X11_CFLAGS@ @@ -232,7 +233,6 @@ # IllegalAccessException # - we want full privileges # -JRE = '"$(SYSTEM_JDK_DIR)/jre"' LAUNCHER_BOOTCLASSPATH = "-Xbootclasspath/a:$(datadir)/$(PACKAGE_NAME)/netx.jar$(RHINO_RUNTIME)" PLUGIN_BOOTCLASSPATH = '"-Xbootclasspath/a:$(datadir)/$(PACKAGE_NAME)/netx.jar:$(datadir)/$(PACKAGE_NAME)/plugin.jar$(RHINO_RUNTIME)"' @@ -285,7 +285,7 @@ -e 's|[@]JAVAWS_BIN_LOCATION[@]|$(bindir)/$(javaws)|g' \ -e 's|[@]ITWEB_SETTINGS_BIN_LOCATION[@]|$(bindir)/$(itweb_settings)|g' \ -e 's|[@]JAVA[@]|$(JAVA)|g' \ - -e 's|[@]JRE[@]|$(JRE)|g' + -e 's|[@]JRE[@]|$(SYSTEM_JRE_DIR)|g' # Plugin @@ -682,7 +682,7 @@ @ENABLE_PLUGIN_TRUE@ -DPLUGIN_VERSION="\"$(PLUGIN_VERSION)\"" \ @ENABLE_PLUGIN_TRUE@ -DPACKAGE_URL="\"$(PACKAGE_URL)\"" \ @ENABLE_PLUGIN_TRUE@ -DMOZILLA_VERSION_COLLAPSED="$(MOZILLA_VERSION_COLLAPSED)" \ -@ENABLE_PLUGIN_TRUE@ -DICEDTEA_WEB_JRE=$(JRE) \ +@ENABLE_PLUGIN_TRUE@ -DICEDTEA_WEB_JRE="\"$(SYSTEM_JRE_DIR)\"" \ @ENABLE_PLUGIN_TRUE@ -DPLUGIN_BOOTCLASSPATH=$(PLUGIN_BOOTCLASSPATH) \ @ENABLE_PLUGIN_TRUE@ $(GLIB_CFLAGS) \ @ENABLE_PLUGIN_TRUE@ $(GTK_CFLAGS) \ @@ -992,13 +992,13 @@ ln -sf $(abs_top_builddir)/javac $(BOOT_DIR)/bin/javac ln -sf $(JAVADOC) $(BOOT_DIR)/bin/javadoc mkdir -p $(BOOT_DIR)/jre/lib && \ - ln -s $(SYSTEM_JDK_DIR)/jre/lib/rt.jar $(BOOT_DIR)/jre/lib && \ - if [ -e $(SYSTEM_JDK_DIR)/jre/lib/jsse.jar ] ; then \ - ln -s $(SYSTEM_JDK_DIR)/jre/lib/jsse.jar $(BOOT_DIR)/jre/lib ; \ + ln -s $(SYSTEM_JRE_DIR)/lib/rt.jar $(BOOT_DIR)/jre/lib && \ + if [ -e $(SYSTEM_JRE_DIR)/lib/jsse.jar ] ; then \ + ln -s $(SYSTEM_JRE_DIR)/lib/jsse.jar $(BOOT_DIR)/jre/lib ; \ else \ ln -s rt.jar $(BOOT_DIR)/jre/lib/jsse.jar ; \ fi - ln -sf $(SYSTEM_JDK_DIR)/jre/lib/$(JRE_ARCH_DIR) \ + ln -sf $(SYSTEM_JRE_DIR)/lib/$(JRE_ARCH_DIR) \ $(BOOT_DIR)/jre/lib/ && \ if ! test -d $(BOOT_DIR)/jre/lib/$(INSTALL_ARCH_DIR); \ then \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/NEWS new/icedtea-web-1.1.2/NEWS --- old/icedtea-web-1.1/NEWS 2011-06-08 23:58:51.000000000 +0200 +++ new/icedtea-web-1.1.2/NEWS 2011-08-31 19:29:26.000000000 +0200 @@ -8,6 +8,20 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release 1.1.2 (2011-08-31): +* Plugin + - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow + - RH718693: MindTerm SSH Applet doesn't work +Common + - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up + - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7 + - RH734081: Javaws cannot use proxy settings from Firefox + +New in release 1.1.1 (2011-07-20): +* Security updates: + - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications + - RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation + New in release 1.1 (2011-06-08): * New Features - IcedTea-Web now installs to a FHS-compliant location diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/acinclude.m4 new/icedtea-web-1.1.2/acinclude.m4 --- old/icedtea-web-1.1/acinclude.m4 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/acinclude.m4 2011-08-31 19:28:19.000000000 +0200 @@ -64,6 +64,32 @@ AC_SUBST(SYSTEM_JDK_DIR) ]) +AC_DEFUN_ONCE([IT_CHECK_FOR_JRE], +[ + AC_REQUIRE([IT_CHECK_FOR_JDK]) + AC_MSG_CHECKING([for a JRE home directory]) + AC_ARG_WITH([jre-home], + [AS_HELP_STRING([--with-jre-home], + [jre home directory \ + (default is the JRE under the JDK)])], + [ + SYSTEM_JRE_DIR=${withval} + ], + [ + SYSTEM_JRE_DIR= + ]) + if test -z "${SYSTEM_JRE_DIR}" ; then + if test -d "${SYSTEM_JDK_DIR}/jre" ; then + SYSTEM_JRE_DIR="${SYSTEM_JDK_DIR}/jre" + fi + fi + AC_MSG_RESULT(${SYSTEM_JRE_DIR}) + if ! test -d "${SYSTEM_JRE_DIR}"; then + AC_MSG_ERROR("A JRE home directory could not be found.") + fi + AC_SUBST(SYSTEM_JRE_DIR) +]) + AC_DEFUN_ONCE([FIND_JAVAC], [ AC_REQUIRE([IT_CHECK_FOR_JDK]) @@ -592,6 +618,7 @@ AC_DEFUN_ONCE([IT_FIND_JAVA], [ + AC_REQUIRE([IT_CHECK_FOR_JRE]) AC_MSG_CHECKING([for a Java virtual machine]) AC_ARG_WITH([java], [AS_HELP_STRING(--with-java,specify location of the 1.5 java vm)], @@ -599,7 +626,7 @@ JAVA="${withval}" ], [ - JAVA=${SYSTEM_JDK_DIR}/bin/java + JAVA="${SYSTEM_JRE_DIR}/bin/java" ]) if ! test -f "${JAVA}"; then AC_PATH_PROG(JAVA, "${JAVA}") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/configure new/icedtea-web-1.1.2/configure --- old/icedtea-web-1.1/configure 2011-06-08 23:59:14.000000000 +0200 +++ new/icedtea-web-1.1.2/configure 2011-08-31 19:30:55.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for icedtea-web 1.1. +# Generated by GNU Autoconf 2.68 for icedtea-web 1.1.2. # # Report bugs to <[email protected]>. # @@ -559,8 +559,8 @@ # Identity of this package. PACKAGE_NAME='icedtea-web' PACKAGE_TARNAME='icedtea-web' -PACKAGE_VERSION='1.1' -PACKAGE_STRING='icedtea-web 1.1' +PACKAGE_VERSION='1.1.2' +PACKAGE_STRING='icedtea-web 1.1.2' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='http://icedtea.classpath.org/wiki/IcedTea-Web' @@ -577,6 +577,7 @@ WITH_RHINO_FALSE WITH_RHINO_TRUE JAVA +SYSTEM_JRE_DIR X11_LIBS X11_CFLAGS MOZILLA_VERSION_COLLAPSED @@ -732,6 +733,7 @@ with_javadoc with_pkgversion enable_plugin +with_jre_home with_java with_rhino with_junit @@ -1300,7 +1302,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures icedtea-web 1.1 to adapt to many kinds of systems. +\`configure' configures icedtea-web 1.1.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1370,7 +1372,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of icedtea-web 1.1:";; + short | recursive ) echo "Configuration of icedtea-web 1.1.2:";; esac cat <<\_ACEOF @@ -1397,6 +1399,8 @@ (javadoc) --with-pkgversion=PKG Use PKG in the version string in addition to "IcedTea" + --with-jre-home jre home directory (default is the JRE under the + JDK) --with-java specify location of the 1.5 java vm --with-rhino specify location of the rhino jar --with-junit specify location of the junit jar @@ -1494,7 +1498,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -icedtea-web configure 1.1 +icedtea-web configure 1.1.2 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1633,7 +1637,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by icedtea-web $as_me 1.1, which was +It was created by icedtea-web $as_me 1.1.2, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2448,7 +2452,7 @@ # Define the identity of the package. PACKAGE='icedtea-web' - VERSION='1.1' + VERSION='1.1.2' cat >>confdefs.h <<_ACEOF @@ -5827,7 +5831,7 @@ cd tmp.$$ mkdir pkg cat << \EOF > $CLASS -/* [#]line 5830 "configure" */ +/* [#]line 5834 "configure" */ package pkg; public class Test @@ -6607,6 +6611,35 @@ + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a JRE home directory" >&5 +$as_echo_n "checking for a JRE home directory... " >&6; } + +# Check whether --with-jre-home was given. +if test "${with_jre_home+set}" = set; then : + withval=$with_jre_home; + SYSTEM_JRE_DIR=${withval} + +else + + SYSTEM_JRE_DIR= + +fi + + if test -z "${SYSTEM_JRE_DIR}" ; then + if test -d "${SYSTEM_JDK_DIR}/jre" ; then + SYSTEM_JRE_DIR="${SYSTEM_JDK_DIR}/jre" + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SYSTEM_JRE_DIR}" >&5 +$as_echo "${SYSTEM_JRE_DIR}" >&6; } + if ! test -d "${SYSTEM_JRE_DIR}"; then + as_fn_error $? "\"A JRE home directory could not be found.\"" "$LINENO" 5 + fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a Java virtual machine" >&5 $as_echo_n "checking for a Java virtual machine... " >&6; } @@ -6617,7 +6650,7 @@ else - JAVA=${SYSTEM_JDK_DIR}/bin/java + JAVA="${SYSTEM_JRE_DIR}/bin/java" fi @@ -6768,7 +6801,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 6771 "configure" */ +/* [#]line 6804 "configure" */ package sun.applet; import java.util.jar.Pack200; @@ -6818,7 +6851,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 6821 "configure" */ +/* [#]line 6854 "configure" */ package sun.applet; import java.net.CookieManager; @@ -6868,7 +6901,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 6871 "configure" */ +/* [#]line 6904 "configure" */ package sun.applet; import java.net.HttpCookie; @@ -6918,7 +6951,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 6921 "configure" */ +/* [#]line 6954 "configure" */ package sun.applet; import java.net.CookieHandler; @@ -6968,7 +7001,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 6971 "configure" */ +/* [#]line 7004 "configure" */ package sun.applet; import sun.security.provider.X509Factory; @@ -7018,7 +7051,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7021 "configure" */ +/* [#]line 7054 "configure" */ package sun.applet; import sun.security.util.SecurityConstants; @@ -7068,7 +7101,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7071 "configure" */ +/* [#]line 7104 "configure" */ package sun.applet; import sun.security.util.HostnameChecker; @@ -7118,7 +7151,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7121 "configure" */ +/* [#]line 7154 "configure" */ package sun.applet; import sun.security.x509.X500Name; @@ -7168,7 +7201,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7171 "configure" */ +/* [#]line 7204 "configure" */ package sun.applet; import sun.misc.BASE64Encoder; @@ -7218,7 +7251,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7221 "configure" */ +/* [#]line 7254 "configure" */ package sun.applet; import sun.misc.HexDumpEncoder; @@ -7268,7 +7301,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7271 "configure" */ +/* [#]line 7304 "configure" */ package sun.applet; import sun.security.validator.ValidatorException; @@ -7318,7 +7351,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7321 "configure" */ +/* [#]line 7354 "configure" */ package sun.applet; import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager; @@ -7368,7 +7401,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7371 "configure" */ +/* [#]line 7404 "configure" */ package sun.applet; import sun.awt.X11.XEmbeddedFrame; @@ -7418,7 +7451,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7421 "configure" */ +/* [#]line 7454 "configure" */ package sun.applet; import sun.misc.Ref; @@ -7468,7 +7501,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7471 "configure" */ +/* [#]line 7504 "configure" */ package sun.applet; import com.sun.jndi.toolkit.url.UrlUtil; @@ -7518,7 +7551,7 @@ mkdir -p tmp.$$/$(dirname $CLASS) cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7521 "configure" */ +/* [#]line 7554 "configure" */ package sun.applet; import sun.applet.AppletImageRef; @@ -7568,7 +7601,7 @@ mkdir -p tmp.$$ cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 7571 "configure" */ +/* [#]line 7604 "configure" */ import java.lang.reflect.Modifier; public class TestAppletViewer @@ -8384,7 +8417,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by icedtea-web $as_me 1.1, which was +This file was extended by icedtea-web $as_me 1.1.2, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -8442,7 +8475,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -icedtea-web config.status 1.1 +icedtea-web config.status 1.1.2 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/configure.ac new/icedtea-web-1.1.2/configure.ac --- old/icedtea-web-1.1/configure.ac 2011-06-08 21:42:49.000000000 +0200 +++ new/icedtea-web-1.1.2/configure.ac 2011-08-31 19:29:13.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([icedtea-web],[1.1],[[email protected]], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web]) +AC_INIT([icedtea-web],[1.1.2],[[email protected]], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web]) AM_INIT_AUTOMAKE([1.9 tar-pax foreign]) AC_CONFIG_FILES([Makefile netx.manifest]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java 2011-08-31 19:28:19.000000000 +0200 @@ -93,7 +93,7 @@ } line = line.trim(); - if (line.startsWith("[") && line.endsWith("]")) { + if (line.startsWith("[Profile") && line.endsWith("]")) { if (foundDefaultSection) { break; } @@ -115,7 +115,7 @@ reader.close(); } - if (!foundDefaultSection) { + if (!foundDefaultSection && linesInSection.size() == 0) { throw new FileNotFoundException("preferences file"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java 2011-08-31 19:28:19.000000000 +0200 @@ -115,7 +115,6 @@ setDefaultCloseOperation(WindowConstants.DISPOSE_ON_CLOSE); pack(); setMinimumSize(getPreferredSize()); - setResizable(false); } private JPanel createTopPanel() { @@ -232,9 +231,23 @@ // Add panels. final JPanel settingsPanel = new JPanel(new CardLayout()); + + // Calculate largest minimum size we should use. + int height = 0; + int width = 0; + for (SettingsPanel panel : panels) { + JPanel p = panel.getPanel(); + Dimension d = p.getMinimumSize(); + if (d.height > height) + height = d.height; + if (d.width > width) + width = d.width; + } + Dimension dim = new Dimension(width, height); + for (SettingsPanel panel : panels) { JPanel p = panel.getPanel(); - p.setPreferredSize(new Dimension(530, 360)); + p.setPreferredSize(dim); settingsPanel.add(p, panel.toString()); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/controlpanel/NetworkSettingsPanel.java 2011-08-31 19:28:19.000000000 +0200 @@ -25,6 +25,7 @@ import java.awt.FlowLayout; import java.awt.GridBagConstraints; import java.awt.GridBagLayout; +import java.awt.GridLayout; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.awt.event.ItemEvent; @@ -108,8 +109,8 @@ this.description.add(description[i], String.valueOf(i - 1)); // Settings for selecting Proxy Server - JPanel proxyServerPanel = new JPanel(new BorderLayout()); - JPanel proxyLocationPanel = new JPanel(new FlowLayout(FlowLayout.LEADING)); + JPanel proxyServerPanel = new JPanel(new GridLayout(0, 1)); + JPanel proxyLocationPanel = new JPanel(new GridBagLayout()); JPanel proxyBypassPanel = new JPanel(new FlowLayout(FlowLayout.LEADING)); JLabel addressLabel = new JLabel(Translator.R("NSAddress") + ":"); @@ -140,17 +141,24 @@ config.setProperty(properties[3], String.valueOf(e.getStateChange() == ItemEvent.SELECTED)); } }); - proxyLocationPanel.add(Box.createRigidArea(new Dimension(13, 0))); - proxyLocationPanel.add(addressLabel); - proxyLocationPanel.add(addressField); - proxyLocationPanel.add(portLabel); - proxyLocationPanel.add(portField); - proxyLocationPanel.add(advancedProxyButton); - proxyBypassPanel.add(Box.createRigidArea(new Dimension(10, 0))); + c.gridy = 0; + c.gridx = GridBagConstraints.RELATIVE; + c.weightx = 0; + proxyLocationPanel.add(Box.createHorizontalStrut(20), c); + proxyLocationPanel.add(addressLabel, c); + c.weightx = 1; + proxyLocationPanel.add(addressField, c); + c.weightx = 0; + proxyLocationPanel.add(portLabel, c); + c.weightx = 1; + proxyLocationPanel.add(portField, c); + c.weightx = 0; + proxyLocationPanel.add(advancedProxyButton, c); + proxyBypassPanel.add(Box.createHorizontalStrut(5)); proxyBypassPanel.add(bypassCheckBox); - proxyServerPanel.add(proxyLocationPanel, BorderLayout.CENTER); - proxyServerPanel.add(proxyBypassPanel, BorderLayout.SOUTH); + proxyServerPanel.add(proxyLocationPanel); + proxyServerPanel.add(proxyBypassPanel); JRadioButton directConnection = new JRadioButton(Translator.R("NSDirectConnection"), config.getProperty(properties[0]).equals("0")); directConnection.setActionCommand("0"); @@ -175,15 +183,20 @@ modeSelect.add(directConnection); // Settings for Automatic Proxy Configuration Script - JPanel proxyAutoPanel = new JPanel(new FlowLayout(FlowLayout.LEADING)); + JPanel proxyAutoPanel = new JPanel(new GridBagLayout()); JLabel locationLabel = new JLabel(Translator.R("NSScriptLocation") + ":"); final JTextField locationField = new JTextField(config.getProperty(properties[4]), 20); locationField.getDocument().addDocumentListener(new DocumentAdapter(config, properties[4])); - proxyAutoPanel.add(Box.createRigidArea(new Dimension(13, 0))); - proxyAutoPanel.add(locationLabel); - proxyAutoPanel.add(locationField); + c.gridx = 0; + proxyAutoPanel.add(Box.createHorizontalStrut(20), c); + c.gridx = GridBagConstraints.RELATIVE; + proxyAutoPanel.add(locationLabel, c); + c.weightx = 1; + proxyAutoPanel.add(locationField, c); + c.weighty = 0; + c.gridx = 0; c.gridy = 0; settingPanel.add(networkDesc, c); c.gridy = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java 1970-01-01 01:00:00.000000000 +0100 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java 2011-08-31 19:28:19.000000000 +0200 @@ -0,0 +1,157 @@ +/* CachedJarFileCallback.java + Copyright (C) 2011 Red Hat, Inc. + Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. +*/ + +package net.sourceforge.jnlp.runtime; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import java.util.jar.JarFile; + +import net.sourceforge.jnlp.util.UrlUtils; + +import sun.net.www.protocol.jar.URLJarFile; +import sun.net.www.protocol.jar.URLJarFileCallBack; + +/** + * Invoked by URLJarFile to get a JarFile corresponding to a URL. + * + * Large parts of this class are based on JarFileFactory and URLJarFile. + */ +final class CachedJarFileCallback implements URLJarFileCallBack { + + private static final CachedJarFileCallback INSTANCE = new CachedJarFileCallback(); + + public synchronized static CachedJarFileCallback getInstance() { + return INSTANCE; + } + + /* our managed cache */ + private final Map<URL, URL> mapping; + + private CachedJarFileCallback() { + mapping = new ConcurrentHashMap<URL, URL>(); + } + + protected void addMapping(URL remoteUrl, URL localUrl) { + mapping.put(remoteUrl, localUrl); + } + + @Override + public JarFile retrieve(URL url) throws IOException { + URL localUrl = mapping.get(url); + + if (localUrl == null) { + /* + * If the jar url is not known, treat it as it would be treated in + * general by URLJarFile. + */ + return cacheJarFile(url); + } + + if (UrlUtils.isLocalFile(localUrl)) { + // if it is known to us, just return the cached file + return new JarFile(localUrl.getPath()); + } else { + // throw new IllegalStateException("a non-local file in cache"); + return null; + } + + } + + /* + * This method is a copy of URLJarFile.retrieve() without the callback check. + */ + private JarFile cacheJarFile(URL url) throws IOException { + JarFile result = null; + + final int BUF_SIZE = 2048; + + /* get the stream before asserting privileges */ + final InputStream in = url.openConnection().getInputStream(); + + try { + result = + AccessController.doPrivileged(new PrivilegedExceptionAction<JarFile>() { + @Override + public JarFile run() throws IOException { + OutputStream out = null; + File tmpFile = null; + try { + tmpFile = File.createTempFile("jar_cache", null); + tmpFile.deleteOnExit(); + out = new FileOutputStream(tmpFile); + int read = 0; + byte[] buf = new byte[BUF_SIZE]; + while ((read = in.read(buf)) != -1) { + out.write(buf, 0, read); + } + out.close(); + out = null; + return new URLJarFile(tmpFile, null); + } catch (IOException e) { + if (tmpFile != null) { + tmpFile.delete(); + } + throw e; + } finally { + if (in != null) { + in.close(); + } + if (out != null) { + out.close(); + } + } + } + }); + } catch (PrivilegedActionException pae) { + throw (IOException) pae.getException(); + } + + return result; + } + +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java 2011-08-31 19:28:19.000000000 +0200 @@ -147,7 +147,7 @@ /** File entries in the jar files available to this classloader */ private TreeSet<String> jarEntries = new TreeSet<String>(); - /** Map of specific codesources to securitydesc */ + /** Map of specific original (remote) CodeSource Urls to securitydesc */ private HashMap<URL, SecurityDesc> jarLocationSecurityMap = new HashMap<URL, SecurityDesc>(); @@ -509,7 +509,7 @@ } } - jarLocationSecurityMap.put(location, jarSecurity); + jarLocationSecurityMap.put(jarDesc.getLocation(), jarSecurity); } catch (MalformedURLException mfe) { System.err.println(mfe.getMessage()); } @@ -731,7 +731,10 @@ try { URL fileURL = new URL("file://" + extractedJarLocation); - addURL(fileURL); + // there is no remote URL for this, so lets fake one + URL fakeRemote = new URL(jar.getLocation().toString() + "!" + je.getName()); + CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL); + addURL(fakeRemote); SecurityDesc jarSecurity = file.getSecurity(); @@ -752,7 +755,7 @@ codebase.getHost()); } - jarLocationSecurityMap.put(fileURL, jarSecurity); + jarLocationSecurityMap.put(fakeRemote, jarSecurity); } catch (MalformedURLException mfue) { if (JNLPRuntime.isDebug()) @@ -767,17 +770,21 @@ } - addURL(location); + addURL(jar.getLocation()); // there is currently no mechanism to cache files per // instance.. so only index cached files if (localFile != null) { + CachedJarFileCallback.getInstance().addMapping(jar.getLocation(), localFile.toURL()); + JarFile jarFile = new JarFile(localFile.getAbsolutePath()); Manifest mf = jarFile.getManifest(); classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath())); JarIndex index = JarIndex.getJarIndex(jarFile, null); if (index != null) jarIndexes.add(index); + } else { + CachedJarFileCallback.getInstance().addMapping(jar.getLocation(), jar.getLocation()); } if (JNLPRuntime.isDebug()) @@ -1098,11 +1105,9 @@ ); URL remoteURL = desc.getLocation(); - - URL u = tracker.getCacheURL(remoteURL); - if (u != null) { - addURL(u); - } + URL cachedUrl = tracker.getCacheURL(remoteURL); + addURL(remoteURL); + CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl); } /** @@ -1295,7 +1300,7 @@ /** * Returns the security descriptor for given code source URL * - * @param source The code source + * @param source the origin (remote) url of the code * @return The SecurityDescriptor for that source */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java 2011-08-31 19:28:19.000000000 +0200 @@ -35,6 +35,8 @@ import javax.swing.UIManager; import javax.swing.text.html.parser.ParserDelegator; +import sun.net.www.protocol.jar.URLJarFile; + import net.sourceforge.jnlp.*; import net.sourceforge.jnlp.browser.BrowserAwareProxySelector; import net.sourceforge.jnlp.cache.*; @@ -237,6 +239,8 @@ Security.setProperty("package.access", Security.getProperty("package.access")+",net.sourceforge.jnlp"); + URLJarFile.setCallBack(CachedJarFileCallback.getInstance()); + initialized = true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java 2011-08-31 19:28:19.000000000 +0200 @@ -224,16 +224,20 @@ // need to prompt the user if (!isExplicitlyTrusted(chain, authType)) { - try { - HostnameChecker checker = HostnameChecker - .getInstance(HostnameChecker.TYPE_TLS); + if (hostName == null) { + CNMatched = false; + } else { + try { + HostnameChecker checker = HostnameChecker + .getInstance(HostnameChecker.TYPE_TLS); - checker.match(hostName, chain[0]); // only need to match @ 0 for - // CN + checker.match(hostName, chain[0]); // only need to match @ 0 for + // CN - } catch (CertificateException e) { - CNMatched = false; - ce = e; + } catch (CertificateException e) { + CNMatched = false; + ce = e; + } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java 2011-08-31 19:28:19.000000000 +0200 @@ -42,6 +42,7 @@ import java.awt.BorderLayout; import java.awt.Dimension; import java.awt.FlowLayout; +import java.awt.GridLayout; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.awt.event.KeyEvent; @@ -241,6 +242,8 @@ closePanel.add(closeButton, BorderLayout.EAST); main.add(closePanel, BorderLayout.SOUTH); } + + setLayout(new GridLayout(0,1)); add(main); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/services/XExtendedService.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/services/XExtendedService.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/services/XExtendedService.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/services/XExtendedService.java 2011-08-31 19:28:19.000000000 +0200 @@ -34,10 +34,12 @@ public FileContents openFile(File file) throws IOException { + File secureFile = new File(file.getPath()); + /* FIXME: this opens a file with read/write mode, not just read or write */ - if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) { + if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) { return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class, - new XFileContents(file)); + new XFileContents(secureFile)); } else { return null; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/services/XFileContents.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/services/XFileContents.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/services/XFileContents.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/services/XFileContents.java 2011-08-31 19:28:19.000000000 +0200 @@ -34,7 +34,8 @@ * Create a file contents implementation for the file. */ protected XFileContents(File file) { - this.file = file; + // create a safe copy + this.file = new File(file.getPath()); } /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/tools/JarSigner.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/tools/JarSigner.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/tools/JarSigner.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/tools/JarSigner.java 2011-08-31 19:28:19.000000000 +0200 @@ -284,7 +284,7 @@ if (shouldHaveSignature) totalSignableEntries++; - if (isSigned) { + if (shouldHaveSignature && isSigned) { for (int i = 0; i < signers.length; i++) { CertPath certPath = signers[i].getSignerCertPath(); if (!certs.containsKey(certPath)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/netx/net/sourceforge/jnlp/util/UrlUtils.java new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/util/UrlUtils.java --- old/icedtea-web-1.1/netx/net/sourceforge/jnlp/util/UrlUtils.java 1970-01-01 01:00:00.000000000 +0100 +++ new/icedtea-web-1.1.2/netx/net/sourceforge/jnlp/util/UrlUtils.java 2011-08-31 19:28:19.000000000 +0200 @@ -0,0 +1,53 @@ +/* UrlUtils.java + Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. +*/ + +package net.sourceforge.jnlp.util; + +import java.net.URL; + +public class UrlUtils { + + public static boolean isLocalFile(URL url) { + + if (url.getProtocol().equals("file") && + (url.getAuthority() == null || url.getAuthority().equals("")) && + (url.getHost() == null || url.getHost().equals(("")))) { + return true; + } + return false; + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/plugin/icedteanp/java/netscape/security/PrivilegeManager.java new/icedtea-web-1.1.2/plugin/icedteanp/java/netscape/security/PrivilegeManager.java --- old/icedtea-web-1.1/plugin/icedteanp/java/netscape/security/PrivilegeManager.java 1970-01-01 01:00:00.000000000 +0100 +++ new/icedtea-web-1.1.2/plugin/icedteanp/java/netscape/security/PrivilegeManager.java 2011-08-31 19:28:19.000000000 +0200 @@ -0,0 +1,75 @@ +/* + PrivilegeManager.java + Copyright (C) 2011 Red Hat + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. +*/ + +/** + * + * This class does not implement any functionality and exists for backward + * compatibility only. + * + * At one point Netscape required applets to request specific permissions to + * do things. This is not longer the case with IcedTea-Web (and other modern + * plug-ins). However because some old applets may still have code calling + * this class, an empty stub is needed to prevent a ClassNotFoundException. + * + */ + +package netscape.security; + +import sun.applet.PluginDebug; + +public class PrivilegeManager { + + /** + * Stub for enablePrivilege. Not used by IcedTea-Web, kept for compatibility + * + * @param privilege + */ + public static void enablePrivilege(String privilege) { + PluginDebug.debug("netscape.security.enablePrivilege stub called"); + } + + /** + * Stub for disablePrivilege. Not used by IcedTea-Web, kept for compatibility + * + * @param privilege + */ + public static void disablePrivilege(String privilege) { + PluginDebug.debug("netscape.security.disablePrivilege stub called"); + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1/plugin/icedteanp/java/sun/applet/PluginStreamHandler.java new/icedtea-web-1.1.2/plugin/icedteanp/java/sun/applet/PluginStreamHandler.java --- old/icedtea-web-1.1/plugin/icedteanp/java/sun/applet/PluginStreamHandler.java 2011-06-08 21:42:40.000000000 +0200 +++ new/icedtea-web-1.1.2/plugin/icedteanp/java/sun/applet/PluginStreamHandler.java 2011-08-31 19:28:19.000000000 +0200 @@ -113,18 +113,58 @@ listenerThread.start(); } + /** + * Given a string, reads the first two (space separated) tokens. + * + * @param message The string to read + * @param start The position to start reading at + * @param array The array into which the first two tokens are placed + * @return Position where the next token starts + */ + private int readPair(String message, int start, String[] array) { + + int end = start; + array[0] = null; + array[1] = null; + + if (message.length() > start) { + int firstSpace = message.indexOf(' ', start); + if (firstSpace == -1) { + array[0] = message.substring(start); + end = message.length(); + } else { + array[0] = message.substring(start, firstSpace); + if (message.length() > firstSpace + 1) { + int secondSpace = message.indexOf(' ', firstSpace + 1); + if (secondSpace == -1) { + array[1] = message.substring(firstSpace + 1); + end = message.length(); + } else { + array[1] = message.substring(firstSpace + 1, secondSpace); + end = secondSpace + 1; + } + } + } + } + + PluginDebug.debug("readPair: '", array[0], "' - '", array[1], "' ", end); + return end; + } + public void handleMessage(String message) throws PluginException { - int nextIndex = 0; int reference = -1; String src = null; String[] privileges = null; String rest = ""; + String[] msgComponents = new String[2]; + int pos = 0; + int oldPos = 0; - String[] msgComponents = message.split(" "); - - if (msgComponents.length < 2) + pos = readPair(message, oldPos, msgComponents); + if (msgComponents[0] == null || msgComponents[1] == null) { return; + } if (msgComponents[0].startsWith("plugin")) { handlePluginMessage(message); @@ -134,38 +174,38 @@ // type and identifier are guaranteed to be there String type = msgComponents[0]; final int identifier = Integer.parseInt(msgComponents[1]); - nextIndex = 2; // reference, src and privileges are optional components, // and are guaranteed to be in that order, if they occur + oldPos = pos; + pos = readPair(message, oldPos, msgComponents); // is there a reference ? - if (msgComponents[nextIndex].equals("reference")) { - reference = Integer.parseInt(msgComponents[nextIndex + 1]); - nextIndex += 2; + if ("reference".equals(msgComponents[0])) { + reference = Integer.parseInt(msgComponents[1]); + oldPos = pos; + pos = readPair(message, oldPos, msgComponents); } // is there a src? - if (msgComponents[nextIndex].equals("src")) { - src = msgComponents[nextIndex + 1]; - nextIndex += 2; + if ("src".equals(msgComponents[0])) { + src = msgComponents[1]; + oldPos = pos; + pos = readPair(message, oldPos, msgComponents); } // is there a privileges? - if (msgComponents[nextIndex].equals("privileges")) { - String privs = msgComponents[nextIndex + 1]; + if ("privileges".equals(msgComponents[0])) { + String privs = msgComponents[1]; privileges = privs.split(","); - nextIndex += 2; + oldPos = pos; } // rest - for (int i = nextIndex; i < msgComponents.length; i++) { - rest += msgComponents[i]; - rest += " "; + if (message.length() > oldPos) { + rest = message.substring(oldPos); } - rest = rest.trim(); - try { PluginDebug.debug("Breakdown -- type: ", type, " identifier: ", identifier, " reference: ", reference, " src: ", src, " privileges: ", privileges, " rest: \"", rest, "\""); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
