[7u] Request for approval for 8021788/8022761: JarInputStream doesn't provide certificates for some file under META-INF
Jeff Dinkins
jeff.dinkins at oracle.com
Tue Sep 10 08:47:39 PDT 2013
Hi Max,
Approved for 7u-dev.
-jeff
On Sep 10, 2013, at 4:38 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
> Hi All
>
> This is a request to backport two related jdk8 fixes into jdk7u.
>
> 8021788: JarInputStream doesn't provide certificates for some file under META-INF
> 8022761: regression: SecurityException is NOT thrown while trying to pack a wrongly signed Indexed Jar file
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8021788
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8022761
>
> 8021788 fixed a problem that any normal (not signature-related) file inside META-INF is regarded as unsigned. 8022761 fixed a regression caused by 8021788.
>
> The fixes are already included in jdk8 as:
>
> http://hg.openjdk.java.net/jdk8/tl/jdk/rev/758e3117899c
> http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4bddc344848e
>
> The review threads were
>
> http://mail.openjdk.java.net/pipermail/security-dev/2013-August/008334.html
> http://mail.openjdk.java.net/pipermail/security-dev/2013-August/008574.html
>
> The patches for jdk7u are almost identical to the one in jdk8, except for a tiny change in the new regression test: the keytool command in jdk8 is backed by the sun.security.tools.keytool.Main class, while in jdk7, it was sun.security.tools.KeyTool. Same for jarsigner.
>
> New regression tests added. Existing tests also run fine.
>
> Thanks
> Weijun
More information about the jdk7u-dev
mailing list