RFE: Patch to fix jar signature verification
Omair Majid
omajid at redhat.com
Mon Jul 13 11:28:15 PDT 2009
Deepak Bhole wrote:
> Hi,
>
> Currently, we use JarInputStream when reading the jar to verify
> signatures. JarInputStream does not work unless manifest file is the
> first file in the jar. As a result, signed jars end up being treated as
> unsigned, causing those applets to not work.
>
> This patch fixes that by using JarFile instead, which does not have the
> "manifest must be first" restriction.
>
> Fixes:
> http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=325
> https://bugzilla.redhat.com/show_bug.cgi?id=502318
>
> ChangeLog:
>
> * plugin/icedtea/sun/applet/PluginMessageConsumer.java: Fix minor typo in
> how max worker count is interpreted.
> * rt/net/sourceforge/jnlp/tools/JarSigner.java: use JarFile instead of
> JarInputstream when verifying jars.
>
Looks good to me!
Cheers,
Omair
More information about the distro-pkg-dev
mailing list