[7u] Request for approval for 8021788/8022761: JarInputStream doesn't provide certificates for some file under META-INF
Weijun Wang
weijun.wang at oracle.com
Tue Sep 10 04:38:39 PDT 2013
Hi All
This is a request to backport two related jdk8 fixes into jdk7u.
8021788: JarInputStream doesn't provide certificates for some file
under META-INF
8022761: regression: SecurityException is NOT thrown while trying to
pack a wrongly signed Indexed Jar file
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8021788
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8022761
8021788 fixed a problem that any normal (not signature-related) file
inside META-INF is regarded as unsigned. 8022761 fixed a regression
caused by 8021788.
The fixes are already included in jdk8 as:
http://hg.openjdk.java.net/jdk8/tl/jdk/rev/758e3117899c
http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4bddc344848e
The review threads were
http://mail.openjdk.java.net/pipermail/security-dev/2013-August/008334.html
http://mail.openjdk.java.net/pipermail/security-dev/2013-August/008574.html
The patches for jdk7u are almost identical to the one in jdk8, except
for a tiny change in the new regression test: the keytool command in
jdk8 is backed by the sun.security.tools.keytool.Main class, while in
jdk7, it was sun.security.tools.KeyTool. Same for jarsigner.
New regression tests added. Existing tests also run fine.
Thanks
Weijun
More information about the jdk7u-dev
mailing list