~ubuntu-branches/ubuntu/karmic/openjdk-6/karmic-security

Viewing changes to patches/security/20110215/6985453.patch

Committer: Bazaar Package Importer
Author(s): Steve Beattie
Date: 2011-02-23 09:41:17 UTC
mfrom: (0.33.1 upstream)
Revision ID: james.westby@ubuntu.com-20110223094117-a1onlognjzmk28qv

Tags: 6b20-1.9.7-0ubuntu1~9.10.1

* IcedTea6 1.9.7 release.
  - SECURITY UPDATE:
    + S4421494, CVE-2010-4476: infinite loop while parsing double literal.
    + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
    + S6907662, CVE-2010-4465: Swing timer-based security manager bypass
    + S6994263, CVE-2010-4472: Untrusted code allowed to replace
      DSIG/C14N implementation
    + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
    + S6983554, CVE-2010-4450: Launcher incorrect processing of
      empty library path entries
    + S6985453, CVE-2010-4471: Java2D font-related system property leak
    + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
    + RH677332, CVE-2011-0706: Multiple signers privilege escalation
  - Bug fixes
    + RH676659: Pass -export-dynamic flag to linker using -Wl,
      as option in gcc 4.6+ is broken
    + G344659: Fix issue when building on SPARC
    + Fix latent JAXP bug caused by missing import
* dropped patch due to different fix applied upstream:
  - debian/patches/hotspot-sparc-fix.diff
* debian/patches/hotspot-fix_added_define.patch: added to fix
  redefinition added by patch for S6878713
* Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
  zerovm instead to compensate for
  http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631

files added:
debian/patches/hotspot-fix_added_define.patch

patches/g344659-sparc_fix.patch

patches/latent_jaxp_bug.patch

patches/rh676659-gcc-export-dynamic.patch

patches/security/20110209

patches/security/20110209/4421494.patch

patches/security/20110215

patches/security/20110215/6878713.patch

patches/security/20110215/6907662.patch

patches/security/20110215/6927050.patch

patches/security/20110215/6981922.patch

patches/security/20110215/6983554.patch

patches/security/20110215/6985453.patch

patches/security/20110215/6994263.patch

files modified:
ChangeLog

Makefile.am

Makefile.in

NEWS

aclocal.m4

config.guess

config.sub

configure

configure.ac

debian/changelog

debian/control.in

debian/rules

netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java

patches/icedtea-nio2.patch

Show diffs side-by-side

added added

removed removed

patches/security/20110215/6985453.patch

# HG changeset patch

# User bae

# Date 1288382134 -14400

# Node ID 5e70dbac6a7d3743e64e19399552a60d25ba5cff

# Parent f3dff5c1b9c2cc8d38fde74c3661786f6332a3eb

6985453: Font.createFont may expose some system properties in exception text

Reviewed-by: prr, hawtin

diff --git a/src/share/classes/sun/font/FileFont.java b/src/share/classes/sun/font/FileFont.java

--- openjdk/jdk/src/share/classes/sun/font/FileFont.java

+++ openjdk/jdk/src/share/classes/sun/font/FileFont.java

@@ -48,6 +48,9 @@ import java.util.HashSet;

import java.util.HashSet;

import java.util.HashMap;

import java.awt.Font;

+import java.security.AccessController;

+import java.security.PrivilegedActionException;

+import java.security.PrivilegedExceptionAction;

public abstract class FileFont extends PhysicalFont {

@@ -284,4 +287,49 @@ public abstract class FileFont extends P

});

}

+ protected String getPublicFileName() {

+ SecurityManager sm = System.getSecurityManager();

+ if (sm == null) {

+ return platName;

+ }

+ boolean canReadProperty = true;

+ try {

+ sm.checkPropertyAccess("java.io.tmpdir");

+ } catch (SecurityException e) {

+ canReadProperty = false;

+ }

+ if (canReadProperty) {

+ return platName;

+ }

+ final File f = new File(platName);

+ Boolean isTmpFile = Boolean.FALSE;

+ try {

+ isTmpFile = AccessController.doPrivileged(

+ new PrivilegedExceptionAction<Boolean>() {

+ public Boolean run() {

+ File tmp = new File(System.getProperty("java.io.tmpdir"));

+ try {

+ String tpath = tmp.getCanonicalPath();

+ String fpath = f.getCanonicalPath();

+ return (fpath == null) || fpath.startsWith(tpath);

+ } catch (IOException e) {

+ return Boolean.TRUE;

+ }

+ );

+ } catch (PrivilegedActionException e) {

+ // unable to verify whether value of java.io.tempdir will be

+ // exposed, so return only a name of the font file.

+ isTmpFile = Boolean.TRUE;

+ }

+ return isTmpFile ? "temp file" : platName;

+ }

}

diff --git a/src/share/classes/sun/font/TrueTypeFont.java b/src/share/classes/sun/font/TrueTypeFont.java

--- openjdk/jdk/src/share/classes/sun/font/TrueTypeFont.java

+++ openjdk/jdk/src/share/classes/sun/font/TrueTypeFont.java

@@ -504,7 +504,8 @@ public class TrueTypeFont extends FileFo

break;

default:

- throw new FontFormatException("Unsupported sfnt " + platName);

+ throw new FontFormatException("Unsupported sfnt " +

+ getPublicFileName());

}

/* Now have the offset of this TT font (possibly within a TTC)

@@ -1369,6 +1370,6 @@ public class TrueTypeFont extends FileFo

public String toString() {

return "** TrueType Font: Family="+familyName+ " Name="+fullName+

- " style="+style+" fileName="+platName;

+ " style="+style+" fileName="+getPublicFileName();

}

diff --git a/src/share/classes/sun/font/Type1Font.java b/src/share/classes/sun/font/Type1Font.java

--- openjdk/jdk/src/share/classes/sun/font/Type1Font.java

+++ openjdk/jdk/src/share/classes/sun/font/Type1Font.java

@@ -677,7 +677,7 @@ public class Type1Font extends FileFont

public String toString() {

return "** Type1 Font: Family="+familyName+ " Name="+fullName+

100

- " style="+style+" fileName="+platName;

101

+ " style="+style+" fileName="+getPublicFileName();

102

}

103

104

}

Older »