Mercurial > hg > release > icedtea6-1.6

view patches/security/20100330/6910590.patch @ 1723:d48a4f542e7d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add new security patches and fix srcdir!=builddir issues. 2009-03-30 Andrew John Hughes <ahughes@redhat.com> * patches/icedtea-systemtap.patch: Moved to HotSpot-specific patch tree. * Makefile.am: Add new security patches and add $(HSBUILD) to systemtap patch. Put copied OpenJDK files in openjdk-copy rather than a duplicate rt directory in the build tree. * NEWS: List new security patches. * patches/hotspot/default/systemtap.patch: From patches/icedtea-systemtap.patch. * patches/hotspot/original/icedtea-format.patch, * patches/hotspot/original/systemtap.patch: Added for original HotSpot build. * patches/security/20100330/6626217.patch, * patches/security/20100330/6633872.patch, * patches/security/20100330/6639665.patch, * patches/security/20100330/6736390.patch, * patches/security/20100330/6745393.patch, * patches/security/20100330/6887703.patch, * patches/security/20100330/6888149.patch, * patches/security/20100330/6892265.patch, * patches/security/20100330/6893947.patch, * patches/security/20100330/6893954.patch, * patches/security/20100330/6898622.patch, * patches/security/20100330/6898739.patch, * patches/security/20100330/6899653.patch, * patches/security/20100330/6902299.patch, * patches/security/20100330/6904691.patch, * patches/security/20100330/6909597.patch, * patches/security/20100330/6910590.patch, * patches/security/20100330/6914823.patch, * patches/security/20100330/6914866.patch, * patches/security/20100330/6932480.patch, * patches/security/20100330/hotspot/default/6894807.patch, * patches/security/20100330/hotspot/original/6894807.patch: New security and hardening patches http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
author Andrew John Hughes <ahughes@redhat.com>
date Tue, 30 Mar 2010 23:04:54 +0100
parents
children
line wrap: on
line source

--- openjdk.orig/jdk/src/share/classes/java/lang/ProcessBuilder.java	Tue Jan 12 12:31:35 2010
+++ openjdk/jdk/src/share/classes/java/lang/ProcessBuilder.java	Tue Jan 12 12:31:34 2010
@@ -451,6 +451,7 @@
         // Must convert to array first -- a malicious user-supplied
         // list might try to circumvent the security check.
         String[] cmdarray = command.toArray(new String[command.size()]);
+        cmdarray = cmdarray.clone();
         for (String arg : cmdarray)
             if (arg == null)
                 throw new NullPointerException();