Mercurial > hg > release > icedtea6-1.6
view patches/security/20100330/6910590.patch @ 1723:d48a4f542e7d
Add new security patches and fix srcdir!=builddir issues.
2009-03-30 Andrew John Hughes <ahughes@redhat.com>
* patches/icedtea-systemtap.patch:
Moved to HotSpot-specific patch tree.
* Makefile.am: Add new security patches
and add $(HSBUILD) to systemtap patch.
Put copied OpenJDK files in openjdk-copy
rather than a duplicate rt directory
in the build tree.
* NEWS: List new security patches.
* patches/hotspot/default/systemtap.patch:
From patches/icedtea-systemtap.patch.
* patches/hotspot/original/icedtea-format.patch,
* patches/hotspot/original/systemtap.patch:
Added for original HotSpot build.
* patches/security/20100330/6626217.patch,
* patches/security/20100330/6633872.patch,
* patches/security/20100330/6639665.patch,
* patches/security/20100330/6736390.patch,
* patches/security/20100330/6745393.patch,
* patches/security/20100330/6887703.patch,
* patches/security/20100330/6888149.patch,
* patches/security/20100330/6892265.patch,
* patches/security/20100330/6893947.patch,
* patches/security/20100330/6893954.patch,
* patches/security/20100330/6898622.patch,
* patches/security/20100330/6898739.patch,
* patches/security/20100330/6899653.patch,
* patches/security/20100330/6902299.patch,
* patches/security/20100330/6904691.patch,
* patches/security/20100330/6909597.patch,
* patches/security/20100330/6910590.patch,
* patches/security/20100330/6914823.patch,
* patches/security/20100330/6914866.patch,
* patches/security/20100330/6932480.patch,
* patches/security/20100330/hotspot/default/6894807.patch,
* patches/security/20100330/hotspot/original/6894807.patch:
New security and hardening patches
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Tue, 30 Mar 2010 23:04:54 +0100 |
parents | |
children |
line wrap: on
line source
--- openjdk.orig/jdk/src/share/classes/java/lang/ProcessBuilder.java Tue Jan 12 12:31:35 2010 +++ openjdk/jdk/src/share/classes/java/lang/ProcessBuilder.java Tue Jan 12 12:31:34 2010 @@ -451,6 +451,7 @@ // Must convert to array first -- a malicious user-supplied // list might try to circumvent the security check. String[] cmdarray = command.toArray(new String[command.size()]); + cmdarray = cmdarray.clone(); for (String arg : cmdarray) if (arg == null) throw new NullPointerException();