RFE: Patch to fix jar signature verification
Deepak Bhole
dbhole at redhat.com
Fri Jul 10 15:44:47 PDT 2009
Hi,
Currently, we use JarInputStream when reading the jar to verify
signatures. JarInputStream does not work unless manifest file is the
first file in the jar. As a result, signed jars end up being treated as
unsigned, causing those applets to not work.
This patch fixes that by using JarFile instead, which does not have the
"manifest must be first" restriction.
Fixes:
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=325
https://bugzilla.redhat.com/show_bug.cgi?id=502318
ChangeLog:
* plugin/icedtea/sun/applet/PluginMessageConsumer.java: Fix minor typo in
how max worker count is interpreted.
* rt/net/sourceforge/jnlp/tools/JarSigner.java: use JarFile instead of
JarInputstream when verifying jars.
Deepak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IT-325-RHBZ-502318.patch
Type: text/x-patch
Size: 3182 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20090710/92f3aae7/IT-325-RHBZ-502318.patch
More information about the distro-pkg-dev
mailing list