Hello community, here is the log from the commit of package icedtea-web for openSUSE:Factory checked in at 2011-11-14 13:59:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/icedtea-web (Old) and /work/SRC/openSUSE:Factory/.icedtea-web.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "icedtea-web", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/icedtea-web/icedtea-web.changes 2011-10-25 16:02:03.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.icedtea-web.new/icedtea-web.changes 2011-11-14 13:59:11.000000000 +0100 @@ -1,0 +2,8 @@ +Mon Nov 14 10:19:16 UTC 2011 - mvysko...@suse.cz + +- update to 1.1.4 (fixes bnc#729870) + - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and + suffix domain SOP bypass + - PR778: Jar download and server certificate verification deadlock + +------------------------------------------------------------------- Old: ---- icedtea-web-1.1.3.tar.gz New: ---- icedtea-web-1.1.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icedtea-web.spec ++++++ --- /var/tmp/diff_new_pack.GzyDPw/_old 2011-11-14 13:59:14.000000000 +0100 +++ /var/tmp/diff_new_pack.GzyDPw/_new 2011-11-14 13:59:14.000000000 +0100 @@ -53,7 +53,7 @@ %define pluginname IcedTeaPlugin.so Name: icedtea-web -Version: 1.1.3 +Version: 1.1.4 Release: 1 Summary: Java Web Start and plugin implementation Group: Development/Languages/Java ++++++ icedtea-web-1.1.3.tar.gz -> icedtea-web-1.1.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/ChangeLog new/icedtea-web-1.1.4/ChangeLog --- old/icedtea-web-1.1.3/ChangeLog 2011-09-28 22:18:24.000000000 +0200 +++ new/icedtea-web-1.1.4/ChangeLog 2011-10-28 20:44:41.000000000 +0200 @@ -1,3 +1,27 @@ +2011-10-28 Deepak Bhole <dbh...@redhat.com> + + * NEWS: Prepare to release 1.1.4 + * configure.ac: Same + +2011-10-28 Deepak Bhole <dbh...@redhat.com> + RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and + suffix domain SOP bypass + * NEWS: Updated + * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java + (checkPermission): Remove special case for SocketPermission. + +2011-10-27 Deepak Bhole <dbh...@redhat.com> + + PR778: Jar download and server certificate verification deadlock + * NEWS: Updated + * netx/net/sourceforge/jnlp/GuiLaunchHandler.java (launchInitialized): + Moved as much code as possible out of the invokeLater block. + +2011-09-28 Deepak Bhole <dbh...@redhat.com> + + * NEWS: Prepare for 1.1.4 + * configure.ac: Same + 2011-09-28 Deepak Bhole <dbh...@redhat.com> * NEWS: Prepare to release 1.1.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/NEWS new/icedtea-web-1.1.4/NEWS --- old/icedtea-web-1.1.3/NEWS 2011-09-28 22:18:39.000000000 +0200 +++ new/icedtea-web-1.1.4/NEWS 2011-10-28 20:43:16.000000000 +0200 @@ -8,6 +8,12 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release 1.1.4 (2011-11-08): +* Security updates: + - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass +* Common + - PR778: Jar download and server certificate verification deadlock + New in release 1.1.3 (2011-09-28): * Plugin - PR782: Support building against npapi-sdk as well diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/configure new/icedtea-web-1.1.4/configure --- old/icedtea-web-1.1.3/configure 2011-09-28 22:18:57.000000000 +0200 +++ new/icedtea-web-1.1.4/configure 2011-10-28 21:59:27.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for icedtea-web 1.1.3. +# Generated by GNU Autoconf 2.68 for icedtea-web 1.1.4. # # Report bugs to <distro-pkg-...@openjdk.java.net>. # @@ -559,8 +559,8 @@ # Identity of this package. PACKAGE_NAME='icedtea-web' PACKAGE_TARNAME='icedtea-web' -PACKAGE_VERSION='1.1.3' -PACKAGE_STRING='icedtea-web 1.1.3' +PACKAGE_VERSION='1.1.4' +PACKAGE_STRING='icedtea-web 1.1.4' PACKAGE_BUGREPORT='distro-pkg-...@openjdk.java.net' PACKAGE_URL='http://icedtea.classpath.org/wiki/IcedTea-Web' @@ -1302,7 +1302,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures icedtea-web 1.1.3 to adapt to many kinds of systems. +\`configure' configures icedtea-web 1.1.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1372,7 +1372,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of icedtea-web 1.1.3:";; + short | recursive ) echo "Configuration of icedtea-web 1.1.4:";; esac cat <<\_ACEOF @@ -1498,7 +1498,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -icedtea-web configure 1.1.3 +icedtea-web configure 1.1.4 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1637,7 +1637,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by icedtea-web $as_me 1.1.3, which was +It was created by icedtea-web $as_me 1.1.4, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2452,7 +2452,7 @@ # Define the identity of the package. PACKAGE='icedtea-web' - VERSION='1.1.3' + VERSION='1.1.4' cat >>confdefs.h <<_ACEOF @@ -8592,7 +8592,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by icedtea-web $as_me 1.1.3, which was +This file was extended by icedtea-web $as_me 1.1.4, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -8650,7 +8650,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -icedtea-web config.status 1.1.3 +icedtea-web config.status 1.1.4 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/configure.ac new/icedtea-web-1.1.4/configure.ac --- old/icedtea-web-1.1.3/configure.ac 2011-09-28 21:56:31.000000000 +0200 +++ new/icedtea-web-1.1.4/configure.ac 2011-10-28 20:43:02.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([icedtea-web],[1.1.3],[distro-pkg-...@openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web]) +AC_INIT([icedtea-web],[1.1.4],[distro-pkg-...@openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web]) AM_INIT_AUTOMAKE([1.9 tar-pax foreign]) AC_CONFIG_FILES([Makefile netx.manifest]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/GuiLaunchHandler.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java --- old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/GuiLaunchHandler.java 2011-08-31 20:17:30.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java 2011-10-28 17:23:21.000000000 +0200 @@ -37,6 +37,7 @@ package net.sourceforge.jnlp; +import java.lang.reflect.InvocationTargetException; import java.net.URL; import javax.swing.SwingUtilities; @@ -87,19 +88,38 @@ @Override public void launchInitialized(final JNLPFile file) { + + final int preferredWidth = 500; + final int preferredHeight = 400; + + final URL splashImageURL = file.getInformation().getIconLocation( + IconDesc.SPLASH, preferredWidth, preferredHeight); + + if (splashImageURL != null) { + final ResourceTracker resourceTracker = new ResourceTracker(true); + resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy); + + try { + SwingUtilities.invokeAndWait(new Runnable() { + @Override + public void run() { + splashScreen = new JNLPSplashScreen(resourceTracker, null, null); + } + }); + } catch (InterruptedException ie) { + // Wait till splash screen is created + while (splashScreen == null); + } catch (InvocationTargetException ite) { + ite.printStackTrace(); + } + + splashScreen.setSplashImageURL(splashImageURL); + } + SwingUtilities.invokeLater(new Runnable() { @Override public void run() { - final int preferredWidth = 500; - final int preferredHeight = 400; - - URL splashImageURL = file.getInformation().getIconLocation( - IconDesc.SPLASH, preferredWidth, preferredHeight); if (splashImageURL != null) { - ResourceTracker resourceTracker = new ResourceTracker(true); - resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy); - splashScreen = new JNLPSplashScreen(resourceTracker, null, null); - splashScreen.setSplashImageURL(splashImageURL); if (splashScreen.isSplashScreenValid()) { splashScreen.setVisible(true); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej --- old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej 1970-01-01 01:00:00.000000000 +0100 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/GuiLaunchHandler.java.rej 2011-10-28 00:25:42.000000000 +0200 @@ -0,0 +1,52 @@ +--- GuiLaunchHandler.java ++++ GuiLaunchHandler.java +@@ -95,20 +96,40 @@ + + @Override + public void launchInitialized(final JNLPFile file) { ++ ++ int preferredWidth = 500; ++ int preferredHeight = 400; ++ ++ final URL splashImageURL = file.getInformation().getIconLocation( ++ IconDesc.SPLASH, preferredWidth, preferredHeight); ++ ++ if (splashImageURL != null) { ++ final ResourceTracker resourceTracker = new ResourceTracker(true); ++ resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy); ++ synchronized(mutex) { ++ try { ++ SwingUtilities.invokeAndWait(new Runnable() { ++ @Override ++ public void run() { ++ splashScreen = new JNLPSplashScreen(resourceTracker, null, null); ++ } ++ }); ++ } catch (InterruptedException ie) { ++ // Wait till splash screen is created ++ while (splashScreen == null); ++ } catch (InvocationTargetException ite) { ++ ite.printStackTrace(); ++ } ++ ++ splashScreen.setSplashImageURL(splashImageURL); ++ } ++ } ++ + SwingUtilities.invokeLater(new Runnable() { + @Override + public void run() { +- final int preferredWidth = 500; +- final int preferredHeight = 400; +- +- URL splashImageURL = file.getInformation().getIconLocation( +- IconDesc.SPLASH, preferredWidth, preferredHeight); + if (splashImageURL != null) { +- ResourceTracker resourceTracker = new ResourceTracker(true); +- resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy); + synchronized(mutex) { +- splashScreen = new JNLPSplashScreen(resourceTracker, null, null); +- splashScreen.setSplashImageURL(splashImageURL); + if (splashScreen.isSplashScreenValid()) { + splashScreen.setVisible(true); + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java --- old/icedtea-web-1.1.3/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java 2011-08-31 20:17:31.000000000 +0200 +++ new/icedtea-web-1.1.4/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java 2011-10-28 20:42:53.000000000 +0200 @@ -281,75 +281,7 @@ // } // } - try { - super.checkPermission(perm); - } catch (SecurityException se) { - - //This section is a special case for dealing with SocketPermissions. - if (JNLPRuntime.isDebug()) - System.err.println("Requesting permission: " + perm.toString()); - - //Change this SocketPermission's action to connect and accept - //(and resolve). This is to avoid asking for connect permission - //on every address resolve. - Permission tmpPerm = null; - if (perm instanceof SocketPermission) { - tmpPerm = new SocketPermission(perm.getName(), - SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION); - - // before proceeding, check if we are trying to connect to same origin - ApplicationInstance app = getApplication(); - JNLPFile file = app.getJNLPFile(); - - String srcHost = file.getSourceLocation().getAuthority(); - String destHost = name; - - // host = abc.xyz.com or abc.xyz.com:<port> - if (destHost.indexOf(':') >= 0) - destHost = destHost.substring(0, destHost.indexOf(':')); - - // host = abc.xyz.com - String[] hostComponents = destHost.split("\\."); - - int length = hostComponents.length; - if (length >= 2) { - - // address is in xxx.xxx.xxx format - destHost = hostComponents[length - 2] + "." + hostComponents[length - 1]; - - // host = xyz.com i.e. origin - boolean isDestHostName = false; - - // make sure that it is not an ip address - try { - Integer.parseInt(hostComponents[length - 1]); - } catch (NumberFormatException e) { - isDestHostName = true; - } - - if (isDestHostName) { - // okay, destination is hostname. Now figure out if it is a subset of origin - if (srcHost.endsWith(destHost)) { - addPermission(tmpPerm); - return; - } - } - } - } else { - tmpPerm = perm; - } - - if (tmpPerm != null) { - //askPermission will only prompt the user on SocketPermission - //meaning we're denying all other SecurityExceptions that may arise. - if (askPermission(tmpPerm)) { - addPermission(tmpPerm); - //return quietly. - } else { - throw se; - } - } - } + super.checkPermission(perm); } catch (SecurityException ex) { if (JNLPRuntime.isDebug()) { System.out.println("Denying permission: " + perm); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org