From 97bef40bd96730eb6e775eb166893cfbb969a95b Mon Sep 17 00:00:00 2001 From: Jiri Vanek Date: Tue, 7 Aug 2012 12:24:29 +0200 Subject: Removed firefox switch wich was causing paralel tests not to start --- .../net/sourceforge/jnlp/browsertesting/browsers/Firefox.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test-extensions/net/sourceforge/jnlp/browsertesting/browsers/Firefox.java b/tests/test-extensions/net/sourceforge/jnlp/browsertesting/browsers/Firefox.java index 049dd96..bad72d3 100644 --- a/tests/test-extensions/net/sourceforge/jnlp/browsertesting/browsers/Firefox.java +++ b/tests/test-extensions/net/sourceforge/jnlp/browsertesting/browsers/Firefox.java @@ -47,7 +47,7 @@ public class Firefox extends MozillaFamilyLinuxBrowser { super(bin); } - String[] cs={"-no-remote", "-new-tab"}; + String[] cs={"-new-tab"}; @Override public Browsers getID() { -- cgit v1.2.3 From c9a4a730d3bdf145cdb2c9e305ded7e76d65fe9c Mon Sep 17 00:00:00 2001 From: Adam Domurad Date: Tue, 7 Aug 2012 10:57:02 -0400 Subject: Fixes PR1106, buffer overflow in plugin table --- ChangeLog | 7 +++++++ NEWS | 4 +++- plugin/icedteanp/IcedTeaNPPlugin.cc | 7 ++++++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0492e53..babafe5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2012-08-07 Adam Domurad + + Fixes PR1106, plugin crashing with firefox + archlinux/gentoo + * plugin/icedteanp/IcedTeaNPPlugin.cc + (initialize_browser_functions): Account for the fact that + browserTable->size can be larger than sizeof(NPNetscapeFuncs) + 2012-08-01 Saad Mohammad Fix PR1049: Extension jnlp's signed jar with the content of only META-INF/* diff --git a/NEWS b/NEWS index 0ab7730..e1e6dc3 100644 --- a/NEWS +++ b/NEWS @@ -12,8 +12,10 @@ New in release 1.4 (2012-XX-XX): * Security updates - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings +* Plugin + - PR1106: Buffer overflow in plugin table- * Common - - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered unsigned + - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered New in release 1.3 (2012-XX-XX): * NetX diff --git a/plugin/icedteanp/IcedTeaNPPlugin.cc b/plugin/icedteanp/IcedTeaNPPlugin.cc index d8b8948..1012812 100644 --- a/plugin/icedteanp/IcedTeaNPPlugin.cc +++ b/plugin/icedteanp/IcedTeaNPPlugin.cc @@ -2043,8 +2043,13 @@ initialize_browser_functions(const NPNetscapeFuncs* browserTable) //Ensure any unused fields are NULL memset(&browser_functions, 0, sizeof(NPNetscapeFuncs)); + + //browserTable->size can be larger than sizeof(NPNetscapeFuncs) (PR1106) + size_t copySize = browserTable->size < sizeof(NPNetscapeFuncs) ? + browserTable->size : sizeof(NPNetscapeFuncs); + //Copy fields according to given size - memcpy(&browser_functions, browserTable, browserTable->size); + memcpy(&browser_functions, browserTable, copySize); return true; } -- cgit v1.2.3 From 6342e7fd17bf9813acd343a9f17c378f77e4ea0f Mon Sep 17 00:00:00 2001 From: Saad Mohammad Date: Tue, 7 Aug 2012 16:23:15 -0400 Subject: Add license header to files --- ChangeLog | 12 +++++++ netx/net/sourceforge/jnlp/AppletLog.java | 37 ++++++++++++++++++++++ .../net/sourceforge/jnlp/JNLPMatcherException.java | 37 ++++++++++++++++++++++ netx/net/sourceforge/jnlp/Log.java | 37 ++++++++++++++++++++++ netx/net/sourceforge/jnlp/Node.java | 37 ++++++++++++++++++++++ netx/net/sourceforge/jnlp/UpdateDesc.java | 37 ++++++++++++++++++++++ .../cache/IllegalResourceDescriptorException.java | 37 ++++++++++++++++++++++ .../jnlp/security/SecurityDialogMessage.java | 37 ++++++++++++++++++++++ 8 files changed, 271 insertions(+) diff --git a/ChangeLog b/ChangeLog index babafe5..f565267 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2012-08-07 Saad Mohammad + + Added license header to files without one. + * netx/net/sourceforge/jnlp/AppletLog.java: + * netx/net/sourceforge/jnlp/JNLPMatcherException.java: + * netx/net/sourceforge/jnlp/Log.java: + * netx/net/sourceforge/jnlp/Node.java: + * netx/net/sourceforge/jnlp/UpdateDesc.java: + * netx/net/sourceforge/jnlp/cache/IllegalResourceDescriptorException.java: + * netx/net/sourceforge/jnlp/security/SecurityDialogMessage.java: Added + license header. + 2012-08-07 Adam Domurad Fixes PR1106, plugin crashing with firefox + archlinux/gentoo diff --git a/netx/net/sourceforge/jnlp/AppletLog.java b/netx/net/sourceforge/jnlp/AppletLog.java index 9c178f8..3523da8 100644 --- a/netx/net/sourceforge/jnlp/AppletLog.java +++ b/netx/net/sourceforge/jnlp/AppletLog.java @@ -1,3 +1,40 @@ +/* AppletLog.java + Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + package net.sourceforge.jnlp; import java.io.ByteArrayOutputStream; diff --git a/netx/net/sourceforge/jnlp/JNLPMatcherException.java b/netx/net/sourceforge/jnlp/JNLPMatcherException.java index 11e7e39..7ad2ca5 100644 --- a/netx/net/sourceforge/jnlp/JNLPMatcherException.java +++ b/netx/net/sourceforge/jnlp/JNLPMatcherException.java @@ -1,3 +1,40 @@ +/* JNLPMatcherException.java + Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + package net.sourceforge.jnlp; public class JNLPMatcherException extends Exception diff --git a/netx/net/sourceforge/jnlp/Log.java b/netx/net/sourceforge/jnlp/Log.java index a7aa102..93c287b 100644 --- a/netx/net/sourceforge/jnlp/Log.java +++ b/netx/net/sourceforge/jnlp/Log.java @@ -1,3 +1,40 @@ +/* Log.java + Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + package net.sourceforge.jnlp; import java.io.File; diff --git a/netx/net/sourceforge/jnlp/Node.java b/netx/net/sourceforge/jnlp/Node.java index 327d640..f3c95bd 100644 --- a/netx/net/sourceforge/jnlp/Node.java +++ b/netx/net/sourceforge/jnlp/Node.java @@ -1,3 +1,40 @@ +/* Node.java + Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + package net.sourceforge.jnlp; import java.util.ArrayList; diff --git a/netx/net/sourceforge/jnlp/UpdateDesc.java b/netx/net/sourceforge/jnlp/UpdateDesc.java index 727efe6..8203533 100644 --- a/netx/net/sourceforge/jnlp/UpdateDesc.java +++ b/netx/net/sourceforge/jnlp/UpdateDesc.java @@ -1,3 +1,40 @@ +/* UpdateDesc.java + Copyright (C) 2010 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + package net.sourceforge.jnlp; /** diff --git a/netx/net/sourceforge/jnlp/cache/IllegalResourceDescriptorException.java b/netx/net/sourceforge/jnlp/cache/IllegalResourceDescriptorException.java index 907ebdc..7afb85d 100644 --- a/netx/net/sourceforge/jnlp/cache/IllegalResourceDescriptorException.java +++ b/netx/net/sourceforge/jnlp/cache/IllegalResourceDescriptorException.java @@ -1,3 +1,40 @@ +/* IllegalResourceDescriptorException.java + Copyright (C) 2012 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + package net.sourceforge.jnlp.cache; @SuppressWarnings("serial") diff --git a/netx/net/sourceforge/jnlp/security/SecurityDialogMessage.java b/netx/net/sourceforge/jnlp/security/SecurityDialogMessage.java index 60e8420..dd2114d 100644 --- a/netx/net/sourceforge/jnlp/security/SecurityDialogMessage.java +++ b/netx/net/sourceforge/jnlp/security/SecurityDialogMessage.java @@ -1,3 +1,40 @@ +/* SecurityDialogMessage.java + Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + package net.sourceforge.jnlp.security; import java.security.cert.X509Certificate; -- cgit v1.2.3