[jdk13u-dev] RFR: 8269039: Disable SHA-1 Signed JARs
Yuri Nesterenko
yan at openjdk.org
Wed Aug 17 12:58:23 UTC 2022
On Tue, 16 Aug 2022 16:28:33 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> Backport from JDK18 is not applied clean, resolved with help o JDK11 patch:
> - src/java.base/share/conf/security/java.security
>
> - is not applied clean because 13 mentions "include jdk.disabled.namedCurves" added by JDK-8233228
> - src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
>
> - Some hunks did not apply because DISABLED_CHECK was renamed
> to JAR_DISABLED_CHECK in 17 by JDK-8266225.
>
> - Other hunks patch methods not in 13: checkWeakKey(), checkWeakAlg()
> as well as the calls to these methods.
> - test/jdk/java/security/Security/signedfirst/Dyn.sh
> and test/jdk/java/security/Security/signedfirst/Static.sh
>
> - Deleting did not apply because of SunOS declaration.
> - JAR files changes are not applied, copied from JDK11
> - test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java
> -
> Patch skipped, test not in 13.
> - test/jdk/sun/security/tools/jarsigner/TimestampCheck.java
>
> - Resolved using JDK11 patch.
> - test/lib/jdk/test/lib/security/SecurityUtils.java
>
> - The change to this file was already backported.
>
> All sun/security/tools/jarsigner java/security/Security/signedfirst tests passed
Marked as reviewed by yan (Reviewer).
-------------
PR: https://git.openjdk.org/jdk13u-dev/pull/389
More information about the jdk-updates-dev
mailing list