[jdk15u-dev] Integrated: 8269039: Disable SHA-1 Signed JARs
Alexey Bakhtin
abakhtin at openjdk.org
Mon Aug 22 08:10:26 UTC 2022
On Thu, 18 Aug 2022 15:56:59 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> Backport from JDK18 is not applied clean, resolved with help of JDK13 patch:
>
> * src/java.base/share/conf/security/java.security
>
> * is not applied clean because 15 mentions "include jdk.disabled.namedCurves" added by JDK-8233228
> * src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
>
> * Some hunks did not apply because DISABLED_CHECK was renamed
> to JAR_DISABLED_CHECK in 17 by JDK-8266225.
>
> * Other hunks patch methods not in 15: checkWeakKey(), checkWeakAlg()
> as well as the calls to these methods.
> * JAR files changes are not applied, copied from JDK13
> * test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java
> *
> Patch skipped, test not in 15.
> * test/jdk/sun/security/tools/jarsigner/TimestampCheck.java
>
> * Resolved using JDK13 patch.
> * test/lib/jdk/test/lib/security/SecurityUtils.java
>
> * The change to this file was already backported.
>
> All sun/security/tools/jarsigner java/security/Security/signedfirst tests passed
This pull request has now been integrated.
Changeset: 0ec5a527
Author: Alexey Bakhtin <abakhtin at openjdk.org>
URL: https://git.openjdk.org/jdk15u-dev/commit/0ec5a527e13b0a5a9ad1248d47c9e0a48e13a66e
Stats: 622 lines in 25 files changed: 300 ins; 206 del; 116 mod
8269039: Disable SHA-1 Signed JARs
Reviewed-by: yan
Backport-of: 6d91a3eb7bd1e1403cfb67f7eb8ce06d7e08e7a7
-------------
PR: https://git.openjdk.org/jdk15u-dev/pull/255
More information about the jdk-updates-dev
mailing list