aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and ↵Deepak Bhole2011-10-283-69/+10
| | | | suffix domain SOP bypass
* PR778: Jar download and server certificate verification deadlockDeepak Bhole2011-10-273-11/+41
|
* PR804: javaws launcher incorrectly handles file names with spacesOmair Majid2011-10-253-12/+50
| | | | | | | | | 2011-10-25 Omair Majid <[email protected]> PR804: javaws launcher incorrectly handles file names with spaces * NEWS: Update. * launcher/javaws.in: Use bash arrays to store arguments to handle filenames with spaces correctly.
* added reproducer for pr788Jiri Vanek2011-10-247-0/+225
|
* sun.misc.BASE64Encoder replaced by internal implementationJiri Vanek2011-10-176-3/+607
|
* added missing directory "signed" with its filesJiri Vanek2011-10-038-0/+342
|
* PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null error.Omair Majid2011-09-293-11/+56
| | | | | | | | | | | 2011-09-29 Omair Majid <[email protected]> * NEWS: Update. * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getResource): Rename to ... (findResource): New method. (findResources): If resource can not be found, search in lazy resources. (findResourcesBySearching): New method.
* Make getMainClass()'s return value consistent for AppletDesc and ApplicationDescOmair Majid2011-09-285-13/+17
| | | | | | | | | | | | | 2011-09-28 Omair Majid <[email protected]> * netx/net/sourceforge/jnlp/AppletDesc.java (getMainClass): Clarify the return value in javadoc. * netx/net/sourceforge/jnlp/Launcher.java (createApplet, createAppletObject): Do not replace '/' with '.'. * netx/net/sourceforge/jnlp/PluginBridge.java (PluginBridge): Ensure that the class name is in the dot-separated from. * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (checkForMain): Ensure that the name is an exact match.
* PR794: IcedTea-Web does not work if a Web Start app jar has a Class-PathDeepak Bhole2011-09-284-7/+103
| | | | element in the manifest.
* Add support for client authentication certificatesLars Herschke2011-09-266-5/+108
| | | | | | | | | | | | | | | | | | 2011-09-26 Lars Herschke <[email protected]> * netx/net/sourceforge/jnlp/resources/Messages.properties: Add CVExportPasswordMessage, CVImportPasswordMessage and CVPasswordTitle. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize): Initialize SSLContext with the user's client certificates. * netx/net/sourceforge/jnlp/security/CertificateUtils.java (addPKCS12ToKeyStore, addPKCS12ToKeyStore, dumpPKCS12): New methods. * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java (getPasswords): New method. (ImportButtonListener.actionPerformed): Import client certificates in PKCS12 format. (ExportButtonListener.actionPerformed): Export client certificates in PKCS12 format.
* RH738814: Access denied at ssl handshakeOmair Majid2011-09-234-5/+25
| | | | | | | | | | | | | | It turns out that TrustManager.checkTrusted() could be called by untrusted code. In such a case, we should still show a warning to the user, and not throw a SecurityException instead. 2011-09-23 Omair Majid <[email protected]> * netx/net/sourceforge/jnlp/security/SecurityDialogs.java (showCertWarningDialog): Add a javadoc comment. * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java (askUser): Wrap the call to showCertWarningDialog in a doPrivileged block.
* PR788: Elluminate Live! is not workingOmair Majid2011-09-223-3/+13
| | | | | | | | | | 2011-09-22 Omair Majid <[email protected]> PR788: Elluminate Live! is not working * NEWS: Update. * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (checkForMain): If localFile is null (JAR couldn't be downloaded), try to continue, rather than allowing the exception to cause an abort.
* PR766 javaws fails to parse an <argument> node that contains CDATAOmair Majid2011-09-212-5/+35
| | | | | | | | 2011-09-21 Omair Majid <[email protected]> PR766: javaws fails to parse an <argument> node that contains CDATA * netx/net/sourceforge/nanoxml/XMLElement.java (sanitizeInput): Do not remove CDATA sections along with comments.
* Add tests for CDATA sectionsOmair Majid2011-09-214-4/+110
|
* PR789: typo in jrunscript.shOmair Majid2011-09-223-1/+7
| | | | | | | 2011-09-22 Lars Herschke <[email protected]> PR789: typo in jrunscript.sh * jrunscript.in: Use = instead of ==.
* Added test (into signed reproducers) which is trying to missuse xtrustAll by ↵Jiri Vanek2011-09-221-0/+11
| | | | reflection and to laod unsigned code. This test pass, if loading unsigned jar will fail (because accessing of inner netx classes is avaiable by with reflection).
* added first signed reproducer as example and testing read properties signed ↵Jiri Vanek2011-09-222-2/+12
| | | | behaviour.
* Reproducers engine enchanced for signed reproducersJiri Vanek2011-09-225-30/+164
|
* added XrustAll optionJiri Vanek2011-09-225-0/+34
|
* current reproducers (see changelog) done more verboseJiri Vanek2011-09-1513-56/+101
|
* PR782: Support building against npapi-sdk as wellDeepak Bhole2011-09-134-2/+17
| | | | Patch from Michał Górny < mgorny at gentoo dot org >
* Fixed formatting issues in previous entry.Deepak Bhole2011-09-131-10/+14
|
* made compatible with rhel5 librariesJiri Vanek2011-09-015-12/+60
|
* RH734081: Javaws cannot use proxy settings from FirefoxDeepak Bhole2011-08-293-2/+11
| | | | | | | | | | Based on patch from Lukas Zachar <lzachar at redhat dot com> 2011-08-29 Deepak Bhole <[email protected]> * netx/net/sourceforge/jnlp/browser/FirefoxPreferencesFinder.java (find): Only process Profile sections. Do not throw an exception if a Default= line is not found since it is not guaranteed to exist.
* Fix RH718693: MindTerm SSH Applet doesn't workDeepak Bhole2011-08-243-0/+82
| | | | | | | | 2011-08-24 Deepak Bhole <[email protected]> RH718693: MindTerm SSH Applet doesn't work * plugin/icedteanp/java/netscape/security/PrivilegeManager.java: New file. Stub class, not needed with IcedTea-Web.
* Fix PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7Deepak Bhole2011-08-233-8/+20
|
* Add configure checks for new non-standard sun.* classesOmair Majid2011-08-232-0/+8
| | | | | | | | 2011-08-23 Omair Majid <[email protected]> * configure.ac: Add check for new non-standard classes sun.net.www.protocol.jar.URLJarFile and sun.net.www.protocol.jar.URLJarFileCallBack.
* Allow icedtea-web to run with just a JREOmair Majid2011-08-233-8/+43
| | | | | | | | | | | 2011-08-23 Omair Majid <[email protected]> * Makefile.am: Remove JRE. Replace uses with SYSTEM_JRE_DIR instead. Also replace uses of SYSTEM_JDK_DIR/jre with SYSTEM_JRE_DIR. * acinclude.m4 (IT_CHECK_FOR_JRE): New macro. (IT_FIND_JAVA): Require IT_CHECK_FOR_JRE. Use java binary from within the JRE.
* Checks and verifies a signed JNLP file at the launch of the application. A ↵Saad Mohammad2011-08-227-5/+389
| | | | signed JNLP warning is displayed if appropriate.
* Update UI for SecurityDialog.Danesh Dadachanji2011-08-174-5/+26
|
* Added Denis Lila and myself to AUTHORS and removed an extra email from ↵Danesh Dadachanji2011-08-172-1/+8
| | | | Andrew Hughes
* PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them ↵Danesh Dadachanji2011-08-113-1/+16
| | | | untrusted.
* MergeDeepak Bhole2011-08-093-5/+43
|\
| * PR771: IcedTea-Web certificate verification code does not use the right APIDeepak Bhole2011-08-093-5/+43
| |
* | PR765: JNLP file with all resource jars marked as 'lazy' fails to validate ↵Saad Mohammad2011-08-093-0/+14
|/ | | | signature and stops the launch of application
* PR768: Signed applets/Web Start apps don't work with OpenJDK7 and upDeepak Bhole2011-08-033-1/+9
|
* Minor changes in algorithm that compares signed JNLP application/templateSaad Mohammad2011-08-033-54/+70
|
* reproducers compilation extended for directory structureJiri Vanek2011-08-023-3/+18
|
* minor changes in reproducers engineJiri Vanek2011-07-262-43/+100
|
* PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slowDeepak Bhole2011-07-214-19/+71
| | | | Original patch from: Ricardo Martín Camarero <rickyepoderi at yahoo dot es>
* RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulationDeepak Bhole2011-07-154-3/+16
|
* RH718164, CVE-2011-2513: Home directory path disclosure to untrusted ↵Deepak Bhole2011-07-156-11/+252
| | | | applications
* Added algorithm that compares signed JNLP application/template file with ↵Saad Mohammad2011-07-1926-1/+1176
| | | | launching JNLP file (with test case and its resources)
* classes are now collapsable in html reportJiri Vanek2011-06-232-3/+8
|
* added first set of reproducersJiri Vanek2011-06-2129-0/+1077
|
* run-netx-dist-tests now also copy styesJiri Vanek2011-06-212-2/+7
|
* added engine for lunching reproducersJiri Vanek2011-06-1915-2/+1569
|
* added styles for junit xml reportJiri Vanek2011-06-165-2/+298
|
* Make itweb-settings resizableAndrew Su2011-06-144-17/+57
|
* Close the splashscreen in case of error (not just successful launch).Denis Lila2011-06-102-10/+32
|