[Git][java-team/icedtea-web][upstream] New upstream version 1.8.4
Emmanuel Bourg
gitlab at salsa.debian.org
Sun Jun 7 22:01:11 BST 2020
Emmanuel Bourg pushed to branch upstream at Debian Java Maintainers / icedtea-web
Commits:
1a1cd792 by Emmanuel Bourg at 2020-06-07T22:57:36+02:00
New upstream version 1.8.4
- - - - -
10 changed files:
- + .gitignore
- ChangeLog
- NEWS
- configure.ac
- html-gen.sh
- netx/net/sourceforge/jnlp/JNLPFile.java
- netx/net/sourceforge/jnlp/cache/CacheUtil.java
- netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
- tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
- win-installer/installer.json.in
Changes:
=====================================
.gitignore
=====================================
@@ -0,0 +1,16 @@
+.idea
+common/target
+core/target
+integration-tests/classloader-integration-tests-module-3/target
+.DS_Store
+integration-tests/classloader-integration-tests/target
+integration/target
+test-extensions/target
+xml-parser/target
+jnlp-api/target
+integration-tests/classloader-integration-tests-module-native/target
+integration-tests/classloader-integration-tests-module-2/target
+integration-tests/classloader-integration-tests-module-parent/target
+integration-tests/classloader-integration-tests-module-1/target
+integration-tests/classloader-integration-tests-module-wrapper/target
+artifact-no-dependencies/target
=====================================
ChangeLog
=====================================
@@ -1,3 +1,14 @@
+2020-06-03 Hendrik Ebbers <hendrik.ebbers at web.de>
+
+ Release changes
+ * configure.ac: (AC_INIT) bumped to 1.8.4
+ * Release 1.8.4 contains backport of https://github.com/AdoptOpenJDK/IcedTea-Web/pull/389
+ * Release 1.8.4 contains backport of https://github.com/AdoptOpenJDK/IcedTea-Web/pull/384
+ * Release 1.8.4 contains backport of https://github.com/AdoptOpenJDK/IcedTea-Web/pull/340
+ * Release 1.8.4 contains https://github.com/AdoptOpenJDK/IcedTea-Web/pull/576
+ * Release 1.8.4 contains https://github.com/AdoptOpenJDK/IcedTea-Web/pull/577
+
+
2019-08-02 George Adams <george at jclarity.com>
Release changes
=====================================
NEWS
=====================================
@@ -8,6 +8,13 @@ GX - http://bugs.gentoo.org/show_bug.cgi?id=X
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release 1.8.4 (2020-06-03):
+* Backport of https://github.com/AdoptOpenJDK/IcedTea-Web/pull/389
+* Backport of https://github.com/AdoptOpenJDK/IcedTea-Web/pull/384
+* Backport of https://github.com/AdoptOpenJDK/IcedTea-Web/pull/340
+* https://github.com/AdoptOpenJDK/IcedTea-Web/pull/576
+* https://github.com/AdoptOpenJDK/IcedTea-Web/pull/577
+
New in release 1.8.3 (2019-08-02):
* Security updates
- CVE-2019-10182 - Fixed bug when relative path (..) could leak up (even out of cache)
=====================================
configure.ac
=====================================
@@ -1,4 +1,4 @@
-AC_INIT([icedtea-web],[1.8.3],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
+AC_INIT([icedtea-web],[1.8.4],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile netx.manifest])
AM_MAINTAINER_MODE([enable])
=====================================
html-gen.sh
=====================================
@@ -96,6 +96,7 @@ do
sed -i -r 's_(\<)?(https?://[^ ]*)(\>| |$)_\1<a href="\2">\2</a>\3_i' "./$FILE" # Create hyperlinks from http(s) URLs
sed -i -r 's/\<(.*@.*)\>/\<<a href="mailto:\1\?subject=IcedTea-Web">\1<\/a>\>/i' "./$FILE" # Create mailto links from email addresses formatted as <email at example.com>
sed -i -r 's/$/<br>/' "./$FILE" # "\n" -> "<br>"
+ sed -i '1i <head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/></head>' "./$FILE"
mv "$FILE" "$FILE.html"
print_debug "$FILE.html finished."
@@ -104,9 +105,9 @@ done
print_debug "Done sed subs. Starting in-place additions"
# Centre the column of author names in the Authors file
-sed -i '4i <center>' AUTHORS.html
+sed -i '5i <center>' AUTHORS.html
# Insert jamIcon above author names
-sed -i '5i <br><img src="jamIcon.jpg" alt="Jam Icon" width="87" height="84"><br><br>' AUTHORS.html
+sed -i '6i <br><img src="jamIcon.jpg" alt="Jam Icon" width="87" height="84"><br><br>' AUTHORS.html
echo "</center>" >> AUTHORS.html
if [ -n "${REPO_URL}" ]; then
=====================================
netx/net/sourceforge/jnlp/JNLPFile.java
=====================================
@@ -228,9 +228,10 @@ public class JNLPFile {
* @throws ParseException if the JNLP file was invalid
*/
protected JNLPFile(URL location, Version version, ParserSettings settings, UpdatePolicy policy, URL forceCodebase) throws IOException, ParseException {
- InputStream input = openURL(location, version, policy);
this.parserSettings = settings;
- parse(input, location, forceCodebase);
+ try (InputStream input = openURL(location, version, policy)) {
+ parse(input, location, forceCodebase);
+ }
//Downloads the original jnlp file into the cache if possible
//(i.e. If the jnlp file being launched exist locally, but it
=====================================
netx/net/sourceforge/jnlp/cache/CacheUtil.java
=====================================
@@ -696,7 +696,7 @@ public class CacheUtil {
path.append(location.getPort());
path.append(File.separatorChar);
}
- String locationPath = location.getPath().replace('/', File.separatorChar);
+ String locationPath = location.getPath();
String query = "";
if (location.getQuery() != null) {
query = location.getQuery();
@@ -716,7 +716,7 @@ public class CacheUtil {
throw new RuntimeException(ex);
}
} else {
- path.append(locationPath);
+ path.append(locationPath.replace('/', File.separatorChar));
if (location.getQuery() != null && !location.getQuery().trim().isEmpty()) {
path.append(".").append(location.getQuery());
}
@@ -877,7 +877,7 @@ public class CacheUtil {
rStr = lruHandler.getCacheDir().getFullPath()+ rStr.substring(0, rStr.indexOf(File.separatorChar, 1));
long len = file.length();
- if (keep.contains(file.getPath().substring(rStr.length()))) {
+ if (keep.contains(path)) {
lruHandler.removeEntry(key);
continue;
}
@@ -897,7 +897,7 @@ public class CacheUtil {
}
curSize += len;
- keep.add(file.getPath().substring(rStr.length()));
+ keep.add(path);
for (File f : file.getParentFile().listFiles()) {
if (!(f.equals(file) || f.equals(pf.getStoreFile()))) {
=====================================
netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
=====================================
@@ -185,7 +185,7 @@ public class HttpsCertVerifier implements CertVerifier {
}
}
- if (subjAltNames != null)
+ if (derValue.length() == 0 && subjAltNames != null)
names = names.substring(2); // remove proceeding ", "
} catch (CertificateParsingException cpe) {
=====================================
tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java
=====================================
@@ -90,7 +90,7 @@ public class CacheUtilTest {
}
@Test
- public void tesPathUpNoGoBasic() throws Exception {
+ public void testPathUpNoGoBasic() throws Exception {
final URL u = new URL("https://example.com/applet/../my.jar");
final File expected = new File("/tmp/https/example.com/abca4723622ed60db3dea12cbe2402622a74f7a49b73e23b55988e4eee5ded.jar");
File r = CacheUtil.urlToPath(u, "/tmp/");
@@ -98,7 +98,7 @@ public class CacheUtilTest {
}
@Test
- public void tesPathUpNoGoBasicLong() throws Exception {
+ public void testPathUpNoGoBasicLong() throws Exception {
final URL u = new URL("https://example.com/applet/../my.jar.q_SlNFU1NJT05JRD02OUY1ODVCNkJBOTM1NThCQjdBMTA5RkQyNDZEQjEwRi5wcm9kX3RwdG9tY2F0MjE1X2p2bTsgRW50cnVzdFRydWVQYXNzUmVkaXJlY3RVcmw9Imh0dHBzOi8vZWZzLnVzcHRvLmdvdi9FRlNXZWJVSVJlZ2lzdGVyZWQvRUZTV2ViUmVnaXN0ZXJlZCI7IFRDUFJPRFBQQUlSc2Vzc2lvbj02MjIxMjk0MTguMjA0ODAuMDAwMA\"");
final File expected = new File("/tmp/https/example.com/ec97413e3f6eee8215ecc8375478cc1ae5f44f18241b9375361d5dfcd7b0ec");
File r = CacheUtil.urlToPath(u, "/tmp/");
@@ -106,7 +106,7 @@ public class CacheUtilTest {
}
@Test
- public void tesPathUpNoGoBasic2() throws Exception {
+ public void testPathUpNoGoBasic2() throws Exception {
final URL u = new URL("https://example.com/../my.jar");
final File expected = new File("/tmp/https/example.com/eb1a56bed34523dbe7ad84d893ebc31a8bbbba9ce3f370e42741b6a5f067c140.jar");
File r = CacheUtil.urlToPath(u, "/tmp/");
@@ -114,7 +114,7 @@ public class CacheUtilTest {
}
@Test
- public void tesPathUpNoGoBasicEvil() throws Exception {
+ public void testPathUpNoGoBasicEvil() throws Exception {
final URL u = new URL("https://example.com/../../my.jar");
final File expected = new File("/tmp/https/example.com/db464f11d68af73e37eefaef674517b6be23f0e4a5738aaee774ecf5b58f1bfc.jar");
File r = CacheUtil.urlToPath(u, "/tmp/");
@@ -122,14 +122,14 @@ public class CacheUtilTest {
}
@Test
- public void tesPathUpNoGoBasicEvil2() throws Exception {
+ public void testPathUpNoGoBasicEvil2() throws Exception {
final URL u = new URL("https://example.com:99/../../../my.jar");
final File expected = new File("/tmp/https/example.com/99/95401524c345e0d554d4d77330e86c98a77b9bb58a0f93094204df446b356.jar");
File r = CacheUtil.urlToPath(u, "/tmp/");
Assert.assertEquals(expected, r);
}
@Test
- public void tesPathUpNoGoBasicEvilest() throws Exception {
+ public void testPathUpNoGoBasicEvilest() throws Exception {
final URL u = new URL("https://example2.com/something/../../../../../../../../../../../my.jar");
final File expected = new File("/tmp/https/example2.com/a8df64388f5b84d5f635e4d6dea5f4d2f692ae5381f8ec6736825ff8d6ff2c0.jar");
File r = CacheUtil.urlToPath(u, "/tmp/");
=====================================
win-installer/installer.json.in
=====================================
@@ -127,6 +127,17 @@
"value": "\"[INSTALLDIR]bin\\javaws.exe\" \"%1\""
}
]
+ },
+ {
+ "root": "HKLM",
+ "key": "SOFTWARE\\Classes\\MIME\\Database\\Content Type\\application/x-java-jnlp-file",
+ "values": [
+ {
+ "type": "string",
+ "name": "Extension",
+ "value": ".jnlp"
+ }
+ ]
}
],
"environmentVariables": [
View it on GitLab: https://salsa.debian.org/java-team/icedtea-web/-/commit/1a1cd7926eae341a93a560b1820805f7214c1012
--
View it on GitLab: https://salsa.debian.org/java-team/icedtea-web/-/commit/1a1cd7926eae341a93a560b1820805f7214c1012
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20200607/cb10b070/attachment.html>
More information about the pkg-java-commits
mailing list