Integrated: 8300140: ZipFile.isSignatureRelated returns true for files in META-INF subdirectories

Eirik Bjorsnos Fri, 27 Jan 2023 14:51:50 -0800

On Thu, 12 Jan 2023 18:44:26 GMT, Eirik Bjorsnos <d...@openjdk.org> wrote:


> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that 
> files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test IgnoreUnrelatedSignatureFiles is added which verifies that [*.SF, 
> *.RSA] files in META-INF/ subdirectories are indeed ignored.

This pull request has now been integrated.

Changeset: 5dfc4ec7
Author:    Eirik Bjorsnos <eir...@gmail.com>
Committer: Weijun Wang <wei...@openjdk.org>
URL:       
https://git.openjdk.org/jdk/commit/5dfc4ec7d94af9fe39fdee9d83b06101b827a3c6
Stats:     429 lines in 6 files changed: 405 ins; 8 del; 16 mod

8300140: ZipFile.isSignatureRelated returns true for files in META-INF 
subdirectories

Reviewed-by: weijun

-------------

PR: https://git.openjdk.org/jdk/pull/11976

Integrated: 8300140: ZipFile.isSignatureRelated returns true for files in META-INF subdirectories

Reply via email to