JDK-8217375 : jarsigner breaks old signature with long lines in manifest
- Type: Bug
- Component: security-libs
- Sub-Component: jdk.security
- Affected Version: 11
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- Submitted: 2019-01-18
- Updated: 2022-12-08
- Resolved: 2019-07-18
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 13 | JDK 14 |
|---|---|---|
| 11.0.14Fixed | 13 b31Fixed  |
14Fixed |
Related Reports
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
Description
After JDK-6372077 the maximum length of a line in a manifest file was changed from 70 to 72 bytes. If a JAR file was signed with an old version of jarsigner and signed again using a different signer with jarsigner from JDK 11, the manifest file might be rewritten (if the manifest has any change, for example, a new file is added) with a different width. The manifest hash recorded in the original signature will not match the updated manifest and the old signature will not verify.
Comments
|