[jdk11u-dev] RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Fri Sep 19 10:25:43 UTC 2025
Hi, this is a backport of openjdk/jdk17u-dev#3954. The backport is almost clean, except for:
* Trivial context differences in `Main.java`, `Resources.java`, `Resources_ja.java`, and `Resources_zh_CN.java`
* The English `jarsigner.1` manpages have a slightly different format (manually adjusted to match the 11u format)
* Also, there are 3 identical files for it (_Linux_, _BSD_, _Solaris_)
* There also exist a Japanese version of the `jarsigner.1` manpages, they were updated using an LLM translation (giving as context the translations from the resources files, where there is a similar sentence), if any Japanese speaker is reading this, please check it:
> This jar contains internal inconsistencies detected during verification that may result in different contents when reading via JarFile and JarInputStream.
> ⬇️
> このjarには検証中に検出された内部的な不整合があるため、JarFileとJarInputStreamから読み取る場合にコンテンツが異なる可能性があります。
* I updated `src/linux/doc/man/ja/jarsigner.1` and `src/solaris/doc/sun/man/man1/ja/jarsigner.1` (identical), and left `src/bsd/doc/man/ja/jarsigner.1` untouched (doesn't have any content besides the headers)
* Tip: these files are encoded in `EUC-JP`, to open them in VIM use `vim -c "e ++enc=EUC-JP" .../ja/jarsigner.1`
#### Related issues ("relates to" Jira issue links)
[JDK-8353299](https://bugs.openjdk.org/browse/JDK-8353299 "VerifyJarEntryName.java test fails") (openjdk/jdk at acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and [JDK-8367782](https://bugs.openjdk.org/browse/JDK-8367782 "VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName") (openjdk/jdk at TBD) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of `VerifyJarEntryName.java`.
Since `test/hotspot/jtreg/runtime/appcds/SignedJar.java` is not failing after the backport, [JDK-8353330](https://bugs.openjdk.org/browse/JDK-8353330 "Test runtime/cds/appcds/SignedJar.java fails in CDSHeapVerifier") was not included.
#### Testing
* Besides the `tier1` run from the [GitHub actions](https://github.com/franferrax/jdk11u-dev/actions/runs/17843495340) (all passed), I ran a regression using the following categories and individual tests:
* `test/hotspot/jtreg/runtime/appcds/SignedJar.java`
* `test/jdk/java/security/SignedJar`
* `test/jdk/java/util/jar`
* `test/jdk/jdk/security/jarsigner`
* `test/jdk/sun/security/pkcs/pkcs7`
* `test/jdk/sun/security/tools/jarsigner`
* Includes `VerifyJarEntryName.java`, created for this issue
* `test/jdk/sun/security/tools/keytool`
No regressions were found against the current `master` branch (465fb7df15176dfe7a044241c8f44411b307df4c).
-------------
Commit messages:
- Backport 8353299 & 8367782
- Backport bbd5b174c50346152a624317b6bd76ec48f7e551
Changes: https://git.openjdk.org/jdk11u-dev/pull/3098/files
Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=3098&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8339280
Stats: 399 lines in 10 files changed: 399 ins; 0 del; 0 mod
Patch: https://git.openjdk.org/jdk11u-dev/pull/3098.diff
Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/3098/head:pull/3098
PR: https://git.openjdk.org/jdk11u-dev/pull/3098
More information about the jdk-updates-dev
mailing list