Just a minimal comment. You can leave it as is. No more code review
required for me.
PreserveRawManifestEntryAndDigest.java
--------------------------------------
I'm not very sure of line 63:
63 * @run main jdk.test.lib.FileInstaller ...
64 * @run testng/othervm/timeout=1200 ...
It's OK but I don't like the dependency between line 63 and 64. The
following code could be used in the test code if you want to avoid line 63.
System.getProperty("test.src", ".") + "/no-native-provider.conf"
But it may not worthy an update here.
Is it required to remove the copied file in 63?
I'm fine as well if you want to exclude the test for Solaris platforms
(my preference). But please file a new bug if you find something
unusual for Solaris platforms.
Thanks,
Xuelei
On 7/30/2019 9:31 PM, Weijun Wang wrote:
Ping again.
This is the only security bug that must be resolved in JDK 13. Please.
Thanks,
Max
On Jul 26, 2019, at 10:57 PM, Weijun Wang <weijun.w...@oracle.com> wrote:
Please review the fix at
http://cr.openjdk.java.net/~weijun/8228431/webrev.00/
The no-native-provider.conf file put SUN and SunRsaSign as the first 2 security
providers and thus shadows the OracleUcrypto and SunPKCS11 providers used by
Solaris. Please note that duplicated provider names are silently ignored so
this is harmless. On other platforms, the first 2 providers are already SUN and
SunRsaSign.
I ran the test 200 times on solaris-sparcv9 and it does not fail once. Before
this fix, it always fails on this platform.
An alternative fix is to simply exclude the test from solaris-sparc using `@requires
os.family != "solaris"`. I've fixed some other security/tools test failures
using this solution. The reason is that these tests are testing platform-independent
behaviors so it's OK to skip one platform. I don't think this test is platform-dependent
in any way.
Thanks,
Max
