jdk11u-dev
jdk11u-dev copied to clipboard
openjdk
8339280: jarsigner -verify performs cross-checking between CEN and LOC
Hi, this is a backport of openjdk/jdk17u-dev#3954. The backport is almost clean, except for:
- Trivial context differences in
Main.java~~,Resources.java,Resources_ja.java, andResources_zh_CN.java~~ - The English
jarsigner.1manpages have a slightly different format (manually adjusted to match the 11u format)- Also, there are 3 identical files for it (Linux, BSD, Solaris)
- ~~There also exist a Japanese version of the
jarsigner.1manpages, they were updated using an LLM translation (giving as context the translations from the resources files, where there is a similar sentence), if any Japanese speaker is reading this, please check it:~~~~This jar contains internal inconsistencies detected during verification that may result in different contents when reading via JarFile and JarInputStream.~~ ~~⬇️~~ ~~このjarには検証中に検出された内部的な不整合があるため、JarFileとJarInputStreamから読み取る場合にコンテンツが異なる可能性があります。~~
- ~~I updated
src/linux/doc/man/ja/jarsigner.1andsrc/solaris/doc/sun/man/man1/ja/jarsigner.1(identical), and leftsrc/bsd/doc/man/ja/jarsigner.1untouched (doesn't have any content besides the headers)~~ - ~~Tip: these files are encoded in
EUC-JP, to open them in VIM usevim -c "e ++enc=EUC-JP" .../ja/jarsigner.1~~
- ~~I updated
$\mbox{\color{red}UPDATE}$ (191d5cad9c8c0d452c0571c669e06b375b9f578a): all the internationalized messages have been removed, as they aren't typically included in backports (thanks @jerboaa for letting me know).
Related issues ("relates to" Jira issue links)
JDK-8353299 (openjdk/jdk@acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and JDK-8367782 (openjdk/jdk@1b9a11682d5f73885213822423bfce8dfc17febd) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of VerifyJarEntryName.java.
Since test/hotspot/jtreg/runtime/appcds/SignedJar.java is not failing after the backport, JDK-8353330 was not included.
Testing
- Besides the
tier1run from the GitHub actions (all passed), I ran a regression using the following categories and individual tests:test/hotspot/jtreg/runtime/appcds/SignedJar.javatest/jdk/java/security/SignedJartest/jdk/java/util/jartest/jdk/jdk/security/jarsignertest/jdk/sun/security/pkcs/pkcs7test/jdk/sun/security/tools/jarsigner- Includes
VerifyJarEntryName.java, created for this issue
- Includes
test/jdk/sun/security/tools/keytool
No regressions were found against the current master branch (465fb7df15176dfe7a044241c8f44411b307df4c).
Progress
- [x] Change must be properly reviewed (1 review required, with at least 1 Reviewer)
- [x] Change must not contain extraneous whitespace
- [x] Commit message must refer to an issue
- [ ] JDK-8339280 needs maintainer approval
- [ ] JDK-8353299 needs maintainer approval
- [ ] JDK-8367782 needs maintainer approval
Warning
⚠️ Found leading lowercase letter in issue title for 8339280: jarsigner -verify performs cross-checking between CEN and LOC
Issues
- JDK-8339280: jarsigner -verify performs cross-checking between CEN and LOC (Enhancement - P4 - Requested)
- JDK-8353299: VerifyJarEntryName.java test fails (Bug - P3 - Requested)
- JDK-8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName (Bug - P4 - Requested)
Reviewers
- Alexey Bakhtin (@alexeybakhtin - Reviewer)
Reviewing
Using git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/3098/head:pull/3098
$ git checkout pull/3098
Update a local copy of the PR:
$ git checkout pull/3098
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/3098/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 3098
View PR using the GUI difftool:
$ git pr show -t 3098
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/3098.diff
Using Webrev
:wave: Welcome back fferrari! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.
![bridgekeeper[bot] avatar](https://avatars.githubusercontent.com/u/41768318?v=4 "Published by a pub.dev verified publisher"){kind=small}
@franferrax This change now passes all automated pre-integration checks.
After integration, the commit message for the final commit will be:
8339280: jarsigner -verify performs cross-checking between CEN and LOC
8353299: VerifyJarEntryName.java test fails
8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName
Reviewed-by: abakhtin, sgehwolf
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.
At the time when this comment was updated there had been 20 new commits pushed to the master branch:
- 9c5f0dd4d7f5c28c57ae0b28f06bb4b90a496d5c: Merge
- d3b1c2be9e87aad07cac29d94679130fe5807c17: 8360937: Enhance certificate handling
- 2c7f45612d11199a9d5eaa6d61a2893ec4afa687: 8356294: Enhance Path Factories
- ... and 17 more: https://git.openjdk.org/jdk11u-dev/compare/465fb7df15176dfe7a044241c8f44411b307df4c...master
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.
As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@alexeybakhtin, @jerboaa) but any other Committer may sponsor as well.
➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).
@franferrax
Adding additional issue to issue list: 8353299: VerifyJarEntryName.java test fails.
@franferrax
Adding additional issue to issue list: 8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName.
⚠️ @franferrax This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.
/approval request JDK-8339280 enhances the jarsigner utility with cross-validation of JAR entries. Subsequent test updates (JDK-8353299 & JDK-8367782) are included for better reliability and coverage. Please find details about the testing in the pull request description.
@franferrax 8339280: The approval request has been created successfully. 8353299: The approval request has been created successfully. 8367782: The approval request has been created successfully.
@franferrax This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply issue a /touch or /keepalive command to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!
@jerboaa 8339280: The approval request has been approved. 8353299: The approval request has been approved. 8367782: The approval request has been approved.
@franferrax Your change (at version 191d5cad9c8c0d452c0571c669e06b375b9f578a) is now ready to be sponsored by a Committer.
Going to push as commit c40bce3c5f56204ca23efbc072526e2bd3581d36.
Since your change was applied there have been 20 commits pushed to the master branch:
- 9c5f0dd4d7f5c28c57ae0b28f06bb4b90a496d5c: Merge
- d3b1c2be9e87aad07cac29d94679130fe5807c17: 8360937: Enhance certificate handling
- 2c7f45612d11199a9d5eaa6d61a2893ec4afa687: 8356294: Enhance Path Factories
- ... and 17 more: https://git.openjdk.org/jdk11u-dev/compare/465fb7df15176dfe7a044241c8f44411b307df4c...master
Your commit was automatically rebased without conflicts.
@phohensee @franferrax Pushed as commit c40bce3c5f56204ca23efbc072526e2bd3581d36.
:bulb: You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.