[jdk15u-dev] RFR: 8269039: Disable SHA-1 Signed JARs
Alexey Bakhtin
abakhtin at openjdk.org
Thu Aug 18 16:24:36 UTC 2022
Backport from JDK18 is not applied clean, resolved with help of JDK13 patch:
* src/java.base/share/conf/security/java.security
* is not applied clean because 15 mentions "include jdk.disabled.namedCurves" added by JDK-8233228
* src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
* Some hunks did not apply because DISABLED_CHECK was renamed
to JAR_DISABLED_CHECK in 17 by JDK-8266225.
* Other hunks patch methods not in 15: checkWeakKey(), checkWeakAlg()
as well as the calls to these methods.
* JAR files changes are not applied, copied from JDK13
* test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java
*
Patch skipped, test not in 15.
* test/jdk/sun/security/tools/jarsigner/TimestampCheck.java
* Resolved using JDK13 patch.
* test/lib/jdk/test/lib/security/SecurityUtils.java
* The change to this file was already backported.
All sun/security/tools/jarsigner java/security/Security/signedfirst tests passed
-------------
Commit messages:
- Backport 6d91a3eb7bd1e1403cfb67f7eb8ce06d7e08e7a7
Changes: https://git.openjdk.org/jdk15u-dev/pull/255/files
Webrev: https://webrevs.openjdk.org/?repo=jdk15u-dev&pr=255&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8269039
Stats: 622 lines in 25 files changed: 300 ins; 206 del; 116 mod
Patch: https://git.openjdk.org/jdk15u-dev/pull/255.diff
Fetch: git fetch https://git.openjdk.org/jdk15u-dev pull/255/head:pull/255
PR: https://git.openjdk.org/jdk15u-dev/pull/255
More information about the jdk-updates-dev
mailing list