Changeset: d3309aae68ef Author: dl Date: 2009-10-06 12:20 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d3309aae68ef
6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error Summary: Avoid integer overflow by using long arithmetic Reviewed-by: martin, dholmes ! src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java ! src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java ! src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java Changeset: 08f57141c305 Author: asaha Date: 2009-11-20 14:24 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/08f57141c305 Merge - test/sun/tools/native2ascii/test2 Changeset: b1e8f41ed755 Author: chegar Date: 2009-11-23 12:40 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/b1e8f41ed755 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups Reviewed-by: alanb, hawtin ! src/share/classes/java/lang/ThreadGroup.java Changeset: e943f6b0b0e9 Author: alanb Date: 2009-11-25 10:02 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/e943f6b0b0e9 6736390: File TOCTOU deserialization vulnerability Reviewed-by: hawtin ! src/share/classes/java/io/File.java Changeset: ff9c2f53594e Author: sherman Date: 2009-11-25 11:29 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ff9c2f53594e 6745393: Inflater/Deflater clone issue Summary: To use explicit lobk object. Reviewed-by: alanb ! src/share/classes/java/util/zip/Deflater.java ! src/share/classes/java/util/zip/Inflater.java ! src/share/native/java/util/zip/Deflater.c ! src/share/native/java/util/zip/Inflater.c Changeset: d893f890b4dd Author: sherman Date: 2009-11-25 12:51 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d893f890b4dd 6904925: Changeset for 6745393 for jdk7 ssr forest was incomplete Summary: To add, commit and push back the ZStreamRef.java Reviewed-by: alanb + src/share/classes/java/util/zip/ZStreamRef.java Changeset: df3091222715 Author: mchung Date: 2009-11-25 09:09 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/df3091222715 6893947: Deserialization of RMIConnectionImpl objects should enforce stricter checks [ZDI-CAN-588] Summary: narrow the doPrivileged block to only set context ClassLoader Reviewed-by: hawtin, emcmanus ! src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Changeset: bc309e9233ce Author: mchung Date: 2009-11-25 11:19 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/bc309e9233ce Merge Changeset: 621edf6b03fc Author: mchung Date: 2009-11-25 16:02 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/621edf6b03fc Merge Changeset: 338c8775f0a3 Author: asaha Date: 2009-11-26 07:17 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/338c8775f0a3 Merge Changeset: f0b63b6d9709 Author: asaha Date: 2009-12-01 08:55 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/f0b63b6d9709 Merge - test/tools/launcher/SolarisDataModel.sh - test/tools/launcher/SolarisRunpath.sh - test/tools/launcher/libraryCaller.c - test/tools/launcher/libraryCaller.h - test/tools/launcher/libraryCaller.java Changeset: 121fa73c7185 Author: michaelm Date: 2009-12-02 12:17 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/121fa73c7185 6893954: Subclasses of InetAddress may incorrectly interpret network addresses Summary: runtime type checks and deserialization check Reviewed-by: chegar, alanb, jccollet ! src/share/classes/java/net/DatagramSocket.java ! src/share/classes/java/net/InetAddress.java ! src/share/classes/java/net/MulticastSocket.java ! src/share/classes/java/net/NetworkInterface.java ! src/share/classes/java/net/Socket.java ! src/share/classes/sun/nio/ch/Net.java Changeset: edaa7e2efd63 Author: asaha Date: 2009-12-04 10:23 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/edaa7e2efd63 Merge - make/tools/CharsetMapping/DoubleByte-X.java - make/tools/CharsetMapping/SingleByte-X.java - src/share/classes/sun/util/CoreResourceBundleControl-XLocales.java - src/share/classes/sun/util/LocaleDataMetaInfo-XLocales.java - test/java/util/Formatter/Basic-X.java Changeset: 3598d6eb087c Author: xuelei Date: 2009-12-07 21:16 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3598d6eb087c 6898739: TLS renegotiation issue Summary: the interim fix disables TLS/SSL renegotiation Reviewed-by: mullan, chegar, wetmore ! src/share/classes/sun/security/ssl/ClientHandshaker.java ! src/share/classes/sun/security/ssl/Handshaker.java ! src/share/classes/sun/security/ssl/SSLEngineImpl.java ! src/share/classes/sun/security/ssl/SSLSocketImpl.java ! src/share/classes/sun/security/ssl/ServerHandshaker.java ! test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java ! test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java ! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java ! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java ! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java Changeset: 91a4840fa9b4 Author: mullan Date: 2009-12-08 15:58 -0500 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/91a4840fa9b4 6633872: Policy/PolicyFile leak dynamic ProtectionDomains. Reviewed-by: hawtin ! src/share/classes/java/security/Policy.java ! src/share/classes/java/security/ProtectionDomain.java + src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java ! src/share/classes/sun/misc/SharedSecrets.java ! src/share/classes/sun/security/provider/PolicyFile.java Changeset: 7a60d100ffa5 Author: mullan Date: 2009-12-18 09:09 -0500 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7a60d100ffa5 6904162: Add new VeriSign root CA certificates to JRE and remove some old/unused ones Reviewed-by: asaha - test/lib/security/cacerts/VerifyCACerts.java Changeset: 3dabb7d5be98 Author: malenkov Date: 2009-12-22 17:56 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3dabb7d5be98 6904691: Java Applet Trusted Methods Chaining Privilege Escalation Vulnerability Reviewed-by: hawtin, peterz ! src/share/classes/java/beans/EventHandler.java ! src/share/classes/java/beans/Statement.java ! test/java/beans/EventHandler/Test6277246.java ! test/java/beans/EventHandler/Test6277266.java Changeset: c80b6350de63 Author: michaelm Date: 2010-01-12 12:13 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c80b6350de63 6910590: Application can modify command array, in ProcessBuilder Summary: clone array returned by List.toArray() Reviewed-by: chegar, alanb ! src/share/classes/java/lang/ProcessBuilder.java Changeset: 0667ab707c48 Author: bae Date: 2010-02-17 12:49 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0667ab707c48 6914866: Sun JRE ImagingLib arbitrary code execution vulnerability Reviewed-by: prr, hawtin ! src/share/native/sun/awt/medialib/awt_ImagingLib.c ! src/share/native/sun/awt/medialib/safe_alloc.h Changeset: 494aea51f26f Author: bae Date: 2010-02-17 13:10 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/494aea51f26f 6914823: Java AWT Library Invalid Index Vulnerability Reviewed-by: flar, hawtin ! src/share/classes/sun/awt/image/ImageRepresentation.java Changeset: 45ead4a2c48b Author: bae Date: 2010-02-17 13:32 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/45ead4a2c48b 6909597: Sun Java Runtime Environment JPEGImageReader stepX Integer Overflow Vulnerability Reviewed-by: igor ! src/share/native/sun/awt/image/jpeg/imageioJPEG.c Changeset: 1ff19af7b735 Author: bae Date: 2010-02-19 22:30 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1ff19af7b735 6899653: Sun Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability Reviewed-by: prr, hawtin ! src/share/native/sun/java2d/cmm/lcms/cmsio1.c ! src/share/native/sun/java2d/cmm/lcms/cmsxform.c Changeset: cda01c4b091c Author: ksrini Date: 2010-02-22 14:33 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/cda01c4b091c 6902299: Java JAR "unpack200" must verify input parameters Summary: Added several checks for addition of values before memory allocation Reviewed-by: asaha ! src/share/native/com/sun/java/util/jar/pack/bytes.cpp ! src/share/native/com/sun/java/util/jar/pack/unpack.cpp Changeset: 7a6b3cc68e92 Author: denis Date: 2010-02-26 03:54 -0800 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/7a6b3cc68e92 6887703: Unsigned applet can retrieve the dragged information before drop action occur Reviewed-by: uta ! src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java Changeset: c5c6f8fa92ae Author: denis Date: 2010-03-06 03:37 +0300 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c5c6f8fa92ae 6932659: JTreg test files were missed in push of 6887703 Reviewed-by: uta ! test/java/awt/regtesthelpers/process/ProcessCommunicator.java Changeset: 2805db6e6ff6 Author: asaha Date: 2010-03-24 14:16 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/2805db6e6ff6 Merge - make/java/redist/FILES.gmk - make/java/text/FILES_java.gmk - make/sun/nio/FILES_java.gmk ! src/share/classes/java/beans/Statement.java ! src/share/classes/java/util/zip/Deflater.java - src/share/classes/javax/swing/plaf/synth/DefaultMenuLayout.java - src/share/classes/sun/awt/ComponentAccessor.java - src/share/classes/sun/awt/WindowAccessor.java - src/share/classes/sun/dyn/util/BytecodeSignature.java - src/share/classes/sun/security/provider/IdentityDatabase.java ! src/share/classes/sun/security/provider/PolicyFile.java - src/share/classes/sun/security/provider/SystemIdentity.java - src/share/classes/sun/security/provider/SystemSigner.java - src/share/classes/sun/security/x509/X500Signer.java - src/share/classes/sun/security/x509/X509Cert.java - src/share/classes/sun/swing/plaf/synth/SynthUI.java - src/share/classes/sun/tools/jar/JarVerifierStream.java - src/solaris/classes/sun/nio/ch/SctpSocketDispatcher.java ! test/java/awt/regtesthelpers/process/ProcessCommunicator.java - test/java/net/Socket/FDClose.java Changeset: 1dccfa00dc64 Author: asaha Date: 2010-03-24 17:32 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1dccfa00dc64 Merge ! src/share/classes/sun/security/ssl/SSLSocketImpl.java Changeset: 6ec14b5ede77 Author: asaha Date: 2010-03-25 07:12 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6ec14b5ede77 Merge Changeset: 3ef9b3446677 Author: asaha Date: 2010-03-29 07:17 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/3ef9b3446677 Merge Changeset: a9fdd143a58e Author: asaha Date: 2010-04-05 16:11 -0700 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a9fdd143a58e Merge - make/tools/src/build/tools/charsetmapping/CharsetMapping.java - make/tools/src/build/tools/charsetmapping/GenerateDBCS.java - make/tools/src/build/tools/charsetmapping/GenerateEUC_TW.java - make/tools/src/build/tools/charsetmapping/GenerateMapping.java - make/tools/src/build/tools/charsetmapping/GenerateSBCS.java - src/share/classes/sun/io/ByteToCharHKSCS.java - src/share/classes/sun/io/ByteToCharHKSCS_2001.java - src/share/classes/sun/io/CharToByteHKSCS.java - src/share/classes/sun/io/CharToByteHKSCS_2001.java - src/share/classes/sun/nio/cs/ext/Big5.java - src/share/classes/sun/nio/cs/ext/HKSCS_2001.java
