[jdk17u-dev] Integrated: 8339280: jarsigner -verify performs cross-checking between CEN and LOC
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Tue Oct 7 21:21:59 UTC 2025
On Thu, 18 Sep 2025 21:30:13 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:
> Hi, this is a backport of openjdk/jdk21u-dev#2235. The backport is almost clean, except for:
>
> * A slightly different context around `Main.java` imports
> * ~~17u doesn't have `Resources_de.java` (changes were discarded)~~
> * $\mbox{\color{red}UPDATE}$ (ea571bc85aae540b395d0175bc4014e899413064): all the internationalized messages have been removed, as they aren't typically included in backports (thanks @jerboaa for letting me know).
> * The `jarsigner.1` manpage has a slightly different format (manually adjusted to match the 17u format)
>
> #### Related issues ("relates to" Jira issue links)
>
> [JDK-8353299](https://bugs.openjdk.org/browse/JDK-8353299 "VerifyJarEntryName.java test fails") (openjdk/jdk at acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and [JDK-8367782](https://bugs.openjdk.org/browse/JDK-8367782 "VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName") (openjdk/jdk at 1b9a11682d5f73885213822423bfce8dfc17febd) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of `VerifyJarEntryName.java`.
>
> Since `test/hotspot/jtreg/runtime/cds/appcds/SignedJar.java` is not failing after the backport, [JDK-8353330](https://bugs.openjdk.org/browse/JDK-8353330 "Test runtime/cds/appcds/SignedJar.java fails in CDSHeapVerifier") was not included.
>
> #### Testing
>
> * Besides the `tier1` run from the [GitHub actions](https://github.com/franferrax/jdk17u-dev/actions/runs/17832135845) (all passed), I ran a regression using the following categories and individual tests:
> * `test/hotspot/jtreg/runtime/cds/appcds/SignedJar.java`
> * `test/jdk/java/security/SignedJar`
> * `test/jdk/java/util/jar`
> * `test/jdk/jdk/security/jarsigner`
> * `test/jdk/sun/security/pkcs/pkcs7`
> * `test/jdk/sun/security/tools/jarsigner`
> * Includes `VerifyJarEntryName.java`, created for this issue
> * `test/jdk/sun/security/tools/keytool`
>
> No regressions were found against the current `master` branch (ec6528e9cf66abe34b9c293359ca11a4b550b7a8).
This pull request has now been integrated.
Changeset: 82f1ed62
Author: Francisco Ferrari Bihurriet <fferrari at openjdk.org>
Committer: Alexey Bakhtin <abakhtin at openjdk.org>
URL: https://git.openjdk.org/jdk17u-dev/commit/82f1ed62ae93209789e8da93066a867deafe4364
Stats: 325 lines in 4 files changed: 325 ins; 0 del; 0 mod
8339280: jarsigner -verify performs cross-checking between CEN and LOC
8353299: VerifyJarEntryName.java test fails
8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName
Reviewed-by: abakhtin
Backport-of: bbd5b174c50346152a624317b6bd76ec48f7e551
-------------
PR: https://git.openjdk.org/jdk17u-dev/pull/3954
More information about the jdk-updates-dev
mailing list