/hg/icedtea-web: Fixes PR722: Now ignores unsigned content in ME...
adomurad at icedtea.classpath.org
adomurad at icedtea.classpath.org
Tue Jun 12 12:25:52 PDT 2012
changeset 40776f2e940f in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=40776f2e940f
author: Adam Domurad <adomurad at redhat.com>
date: Tue Jun 12 15:25:44 2012 -0400
Fixes PR722: Now ignores unsigned content in META-INF/ during signing process
diffstat:
ChangeLog | 8 ++++++
NEWS | 1 +
netx/net/sourceforge/jnlp/tools/JarCertVerifier.java | 26 ++++---------------
3 files changed, 15 insertions(+), 20 deletions(-)
diffs (76 lines):
diff -r bf792a768ad2 -r 40776f2e940f ChangeLog
--- a/ChangeLog Tue Jun 12 10:21:05 2012 +0200
+++ b/ChangeLog Tue Jun 12 15:25:44 2012 -0400
@@ -1,3 +1,11 @@
+2012-06-12 Adam Domurad <adomurad at redhat.com>
+
+ Fixes PR722, javaws failing to run with unsigned content in META-INF/
+ * NEWS: Added entry: Fixes PR722
+ * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Changed
+ isSignatureRelated => isMetaInfFile. Now all files under META-INF/ are
+ disregarded in checking the jar signage.
+
2012-06-11 Jiri Vanek <jvanek at redhat.com>
Implemented xml logging backend
diff -r bf792a768ad2 -r 40776f2e940f NEWS
--- a/NEWS Tue Jun 12 10:21:05 2012 +0200
+++ b/NEWS Tue Jun 12 15:25:44 2012 -0400
@@ -18,6 +18,7 @@
- PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
- PR861: Allow loading from non codebase hosts. Allow code to connect to hosting server
- PR518: NPString.utf8characters not guaranteed to be nul-terminated
+ - PR722: META-INF/ unsigned entries should be ignored in signing
* Common
- PR918: java applet windows uses a low resulution black/white icon
diff -r bf792a768ad2 -r 40776f2e940f netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java Tue Jun 12 10:21:05 2012 +0200
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java Tue Jun 12 15:25:44 2012 -0400
@@ -277,7 +277,7 @@
anySigned |= isSigned;
boolean shouldHaveSignature = !je.isDirectory()
- && !signatureRelated(name);
+ && !isMetaInfFile(name);
hasUnsignedEntry |= shouldHaveSignature && !isSigned;
@@ -438,32 +438,18 @@
}
/**
- * signature-related files include:
+ * Returns whether a file is in META-INF, and thus does not require signing.
+ *
+ * Signature-related files under META-INF include:
* . META-INF/MANIFEST.MF
* . META-INF/SIG-*
* . META-INF/*.SF
* . META-INF/*.DSA
* . META-INF/*.RSA
- *
- * Required for verifyJar()
*/
- private boolean signatureRelated(String name) {
+ static private boolean isMetaInfFile(String name) {
String ucName = name.toUpperCase();
- if (ucName.equals(JarFile.MANIFEST_NAME) ||
- ucName.equals(META_INF) ||
- (ucName.startsWith(SIG_PREFIX) &&
- ucName.indexOf("/") == ucName.lastIndexOf("/"))) {
- return true;
- }
-
- if (ucName.startsWith(META_INF) &&
- SignatureFileVerifier.isBlockOrSF(ucName)) {
- // .SF/.DSA/.RSA files in META-INF subdirs
- // are not considered signature-related
- return (ucName.indexOf("/") == ucName.lastIndexOf("/"));
- }
-
- return false;
+ return ucName.startsWith(META_INF);
}
/**
More information about the distro-pkg-dev
mailing list