Mercurial > hg > release > icedtea6-1.8
view patches/security/20110215/6994263.patch @ 2135:ad0f435608c3
Add security updates from Oracle SSR.
S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
S6907662, CVE-2010-4465: Swing timer-based security manager bypass
S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation
S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries
S6985453, CVE-2010-4471: Java2D font-related system property leak
2011-02-09 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am: Add new patches.
* NEWS: Updated.
* patches/icedtea-nio2.patch: Rejigged.
* patches/security/20110215/6878713.patch,
* patches/security/20110215/6907662.patch,
* patches/security/20110215/6981922.patch,
* patches/security/20110215/6983554.patch,
* patches/security/20110215/6994263.patch,
* patches/security/20110215/6985453.patch:
Security updates from Oracle SSR.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Thu, 10 Feb 2011 08:34:04 +0000 |
parents | |
children |
line wrap: on
line source
--- openjdk/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Nov 1 13:25:19 2010 +++ openjdk/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Nov 1 13:25:18 2010 @@ -247,6 +247,8 @@ if (!_alreadyInitialized) { _transformHash = new HashMap(10); + // make sure builtin algorithms are all registered first + com.sun.org.apache.xml.internal.security.Init.init(); _alreadyInitialized = true; } } @@ -274,19 +276,13 @@ "algorithm.alreadyRegistered", exArgs); } - ClassLoader cl = (ClassLoader) AccessController.doPrivileged( - new PrivilegedAction() { - public Object run() { - return Thread.currentThread().getContextClassLoader(); - } - }); + ClassLoader cl = Thread.currentThread().getContextClassLoader(); try { Transform._transformHash.put (algorithmURI, Class.forName(implementingClass, true, cl)); } catch (ClassNotFoundException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + throw new RuntimeException(e); } } }