Mercurial > hg > release > icedtea-web-1.4

--- a/ChangeLog	Fri Aug 03 10:24:49 2012 +0200
+++ b/ChangeLog	Tue Aug 07 23:06:03 2012 +0200
@@ -1,3 +1,22 @@
+2012-08-07  Saad Mohammad  <smohammad@redhat.com>
+
+	Added license header to files without one.
+	* netx/net/sourceforge/jnlp/AppletLog.java:
+	* netx/net/sourceforge/jnlp/JNLPMatcherException.java:
+	* netx/net/sourceforge/jnlp/Log.java:
+	* netx/net/sourceforge/jnlp/Node.java:
+	* netx/net/sourceforge/jnlp/UpdateDesc.java:
+	* netx/net/sourceforge/jnlp/cache/IllegalResourceDescriptorException.java:
+	* netx/net/sourceforge/jnlp/security/SecurityDialogMessage.java: Added
+	license header.
+
+2012-08-07  Adam Domurad  <adomurad@redhat.com>
+
+	Fixes PR1106, plugin crashing with firefox + archlinux/gentoo
+	* plugin/icedteanp/IcedTeaNPPlugin.cc
+	(initialize_browser_functions): Account for the fact that
+	browserTable->size can be larger than sizeof(NPNetscapeFuncs)
+
 2012-08-01  Saad Mohammad  <smohammad@redhat.com>

 	Fix PR1049: Extension jnlp's signed jar with the content of only META-INF/*
--- a/NEWS	Fri Aug 03 10:24:49 2012 +0200
+++ b/NEWS	Tue Aug 07 23:06:03 2012 +0200
@@ -12,8 +12,10 @@
 * Security updates
   - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
   - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
+* Plugin
+  - PR1106: Buffer overflow in plugin table-
 * Common
-  - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered unsigned
+  - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered

 New in release 1.3 (2012-XX-XX):
 * NetX
--- a/netx/net/sourceforge/jnlp/AppletLog.java	Fri Aug 03 10:24:49 2012 +0200
+++ b/netx/net/sourceforge/jnlp/AppletLog.java	Tue Aug 07 23:06:03 2012 +0200
@@ -1,3 +1,40 @@
+/* AppletLog.java
+   Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
 package net.sourceforge.jnlp;

 import java.io.ByteArrayOutputStream;
--- a/netx/net/sourceforge/jnlp/JNLPMatcherException.java	Fri Aug 03 10:24:49 2012 +0200
+++ b/netx/net/sourceforge/jnlp/JNLPMatcherException.java	Tue Aug 07 23:06:03 2012 +0200
@@ -1,3 +1,40 @@
+/* JNLPMatcherException.java
+   Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
 package net.sourceforge.jnlp;

 public class JNLPMatcherException extends Exception
--- a/netx/net/sourceforge/jnlp/Log.java	Fri Aug 03 10:24:49 2012 +0200
+++ b/netx/net/sourceforge/jnlp/Log.java	Tue Aug 07 23:06:03 2012 +0200
@@ -1,3 +1,40 @@
+/* Log.java
+   Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
 package net.sourceforge.jnlp;

 import java.io.File;
--- a/netx/net/sourceforge/jnlp/Node.java	Fri Aug 03 10:24:49 2012 +0200
+++ b/netx/net/sourceforge/jnlp/Node.java	Tue Aug 07 23:06:03 2012 +0200
@@ -1,3 +1,40 @@
+/* Node.java
+   Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
 package net.sourceforge.jnlp;

 import java.util.ArrayList;
--- a/netx/net/sourceforge/jnlp/UpdateDesc.java	Fri Aug 03 10:24:49 2012 +0200
+++ b/netx/net/sourceforge/jnlp/UpdateDesc.java	Tue Aug 07 23:06:03 2012 +0200
@@ -1,3 +1,40 @@
+/* UpdateDesc.java
+   Copyright (C) 2010 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
 package net.sourceforge.jnlp;

 /**
--- a/netx/net/sourceforge/jnlp/cache/IllegalResourceDescriptorException.java	Fri Aug 03 10:24:49 2012 +0200
+++ b/netx/net/sourceforge/jnlp/cache/IllegalResourceDescriptorException.java	Tue Aug 07 23:06:03 2012 +0200
@@ -1,3 +1,40 @@
+/* IllegalResourceDescriptorException.java
+   Copyright (C) 2012 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
 package net.sourceforge.jnlp.cache;

 @SuppressWarnings("serial")
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogMessage.java	Fri Aug 03 10:24:49 2012 +0200
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogMessage.java	Tue Aug 07 23:06:03 2012 +0200
@@ -1,3 +1,40 @@
+/* SecurityDialogMessage.java
+   Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
 package net.sourceforge.jnlp.security;

 import java.security.cert.X509Certificate;
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc	Fri Aug 03 10:24:49 2012 +0200
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc	Tue Aug 07 23:06:03 2012 +0200
@@ -2043,8 +2043,13 @@

   //Ensure any unused fields are NULL
   memset(&browser_functions, 0, sizeof(NPNetscapeFuncs));
+
+  //browserTable->size can be larger than sizeof(NPNetscapeFuncs) (PR1106)
+  size_t copySize = browserTable->size < sizeof(NPNetscapeFuncs) ?
+                    browserTable->size : sizeof(NPNetscapeFuncs);
+
   //Copy fields according to given size
-  memcpy(&browser_functions, browserTable, browserTable->size);
+  memcpy(&browser_functions, browserTable, copySize);

   return true;
 }
--- a/tests/test-extensions/net/sourceforge/jnlp/browsertesting/browsers/Firefox.java	Fri Aug 03 10:24:49 2012 +0200
+++ b/tests/test-extensions/net/sourceforge/jnlp/browsertesting/browsers/Firefox.java	Tue Aug 07 23:06:03 2012 +0200
@@ -47,7 +47,7 @@
         super(bin);
     }

-    String[] cs={"-no-remote", "-new-tab"};
+    String[] cs={"-new-tab"};

     @Override
     public Browsers getID() {