-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
7
-
None
In JDK-8309841. we introduced a feature to detect entries listed in an SF file but missing from the JAR file, indicating the file was signed but later removed. This was implemented by adding all SF file entries to a set and then removing them one by one while processing JAR entries. If the set is not empty at the end, a warning will be shown listing the remaining file names.
However, a bug in the original code change removed entries from the set only if they are signed. Thus if a JAR was signed but treated unsigned at verification (for example, an disabled algorithm was used), all entries in that SF file will be incorrectly reported as nonexistent signed entries. This is a false alarm.
However, a bug in the original code change removed entries from the set only if they are signed. Thus if a JAR was signed but treated unsigned at verification (for example, an disabled algorithm was used), all entries in that SF file will be incorrectly reported as nonexistent signed entries. This is a false alarm.
- relates to
-
JDK-8309841 Jarsigner should print a warning if an entry is removed
-
- Closed
-
- links to
-
Review(master)
openjdk/jdk/26781