Changeset: 3131e664558d
Author:ksrini
Date: 2010-12-18 09:38 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/langtools/rev/3131e664558d
6567415: Neverending loop in ClassReader
Reviewed-by: jjg
! src/share/classes/com/sun/tools/javac/jvm/ClassReader.java
+ test/tools/javac/6567415/T6
Changeset: ae84db37130a
Author:ksrini
Date: 2010-12-18 09:10 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/ae84db37130a
7007157: (pack200) stripping attributes causes a NPE
Reviewed-by: jrose, mduigou, dholmes
! src/share/classes/com/sun/java/util/jar/pack/ClassReader.java
>From my understanding, MD2 and MD5 is unsafe because one can forge one
thing (such as, a certificate) with different content, but the same
signature. If we continue support verification based on MD2 and MD5, it
also means that the attack with the forged certification works. We may
not be able to p
