[rfc][icedtea-web] Fixing PR722: unsigned entries should be ignored in META-INF/
Adam Domurad
adomurad at redhat.com
Tue Jun 12 09:26:22 PDT 2012
So afaik the consensus is that this doesn't cause security problems, and
is the behaviour of Oracle's plugin, thus here is a simple patch. I have
done some testing with dropping unsigned files into the META-INF/, and
everything seems to be in working order.
ChangeLog:
2012-06-12 Adam Domurad <adomurad at redhat.com>
Fixes PR722, javaws failing to run with unsigned content in META-INF/
* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Changed
isSignatureRelated => isMetaInfFile. Now all files under META-INF/ are
disregarded in checking the jar signage.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: meta-inf.patch
Type: text/x-patch
Size: 1889 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120612/ee0bdcc8/meta-inf.patch
More information about the distro-pkg-dev
mailing list