[1.10, 1.11, 2.1 & 2.2 APPROVAL] jar uf support broken with 7143606 security fix
Omair Majid
omajid at redhat.com
Mon Oct 15 14:24:14 PDT 2012
On 10/15/2012 09:36 AM, Andrew Hughes wrote:
> Even better, they are already in 6 too:
>
> http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/2366192c7fcb
> http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/0e34d4326386
>
> So we just need these changesets in 1.10 & 1.11.
>
If the original jar had locked down permissions, will the 'updated' jar
now have more relaxed permissions? But I suppose this is how the jar
command has always behaved.
We don't know how much testing has been done on this, do we? Looking at
the test case, it wont even compile: it uses PosixFilePermission (added
in 1.7) and try-with-resources.
Cheers,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the distro-pkg-dev
mailing list