On Mon, 4 Nov 2024 16:09:33 GMT, Weijun Wang wrote:
> The test was mistakenly put in a package as the library class it's testing.
> This is unnecessary since there is no internal field/method it needs access
> to.
This pull request has now been integrated.
Changeset: c
The test was mistakenly put in a package as the library class it's testing.
This is unnecessary since there is no internal field/method it needs access to.
-
Commit messages:
- 8343549: SeededSecureRandomTest needn't be in a package
Changes: https://git.openjdk.org/jdk/pull/21881/f
On Mon, 28 Oct 2024 21:02:00 GMT, Sean Mullan wrote:
>> Sean Mullan has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 175 commits:
>>
>> - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411
>> - Specify that params
On Fri, 25 Oct 2024 21:14:25 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/java/security/SecureClassLoader.java line 1:
>>
>>> 1: /*
>>
>> The class spec still mentions "permissions which are retrieved by the system
>> policy by default". Shall we remove it? Also, `getPermissions` alw
On Fri, 25 Oct 2024 20:53:23 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/java/security/AccessControlContext.java line 141:
>>
>>> 139: throws AccessControlException
>>> 140: {
>>> 141: throw new AccessControlException("");
>>
>> No message for this exception?
>
>
On Thu, 24 Oct 2024 13:19:55 GMT, Sean Mullan wrote:
>> This is the implementation of JEP 486: Permanently Disable the Security
>> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The
>> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail the
>> main ch
On Mon, 21 Oct 2024 14:34:30 GMT, Julian Waters wrote:
> After 8339120, gcc began catching many different instances of unused code in
> the Windows specific codebase. Some of these seem to be bugs. I've taken the
> effort to mark out all the relevant globals and locals that trigger the
> unuse
On Fri, 18 Oct 2024 19:03:30 GMT, Sean Mullan wrote:
>> This is the implementation of JEP 486: Permanently Disable the Security
>> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The
>> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail the
>> main ch
On Fri, 18 Oct 2024 19:52:35 GMT, Sean Mullan wrote:
>> I assume for the second one above you mean
>> `javax.security.auth.kerberos.ServicePermission`. These classes still have a
>> lot of words like "grant" and "trust". I will make some changes to the
>> class descriptions of those classes,
On Wed, 16 Oct 2024 14:55:34 GMT, Jan Lahoda wrote:
>> Currently, running `java` without any parameters will lead to an output that
>> is a full `--help`, which is over 100 lines (on my computer at least), and
>> it feels overwhelming. And many people might actually want to run
>> JShell/REPL,
On Wed, 16 Oct 2024 20:51:49 GMT, Sean Mullan wrote:
>> src/jdk.security.jgss/share/classes/com/sun/security/jgss/InquireSecContextPermission.java
>> line 31:
>>
>>> 29:
>>> 30: /**
>>> 31: * This class is for GSS security context permissions.
>>
>> Why is the content of _this_ class modifie
On Mon, 14 Oct 2024 13:52:24 GMT, Sean Mullan wrote:
> This is the implementation of JEP 486: Permanently Disable the Security
> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The
> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail the
> main change
On Thu, 10 Oct 2024 16:37:24 GMT, Andrew Haley wrote:
>> The fourth preview of scoped values.
>
> Andrew Haley has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Fix javadoc
The one line change in `Subject.java` is fine.
-
PR Co
On Tue, 8 Oct 2024 15:28:17 GMT, Jan Lahoda wrote:
> Currently, running `java` without any parameters will lead to an output that
> is a full `--help`, which is over 100 lines (on my computer at least), and it
> feels overwhelming. And many people might actually want to run JShell/REPL,
> not
`Asserts.assertNotEquals` shows "expected 12345 to not equal 12345" which
sounds redundant, just say "expected not equals but was 12345".
`Asserts.assertEqualsByteArray` uses the words "expected... to equal...".
Modify it to follow the `assertEquals` style ""expected... but was...".
---
On Mon, 17 Jun 2024 14:51:07 GMT, Weijun Wang wrote:
> Make sure `pd` is always the same object when `getProtectionDomain0` is null.
This pull request has now been integrated.
Changeset: c3226aae
Author: Weijun Wang
URL:
https://git.openjdk.org/jdk/com
On Tue, 16 Jul 2024 12:59:36 GMT, Alan Bateman wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> explain why the test is related to the fix
>
> test/jdk/java/lang/Class/ProtectionDom
> Make sure `pd` is always the same object when `getProtectionDomain0` is null.
Weijun Wang has updated the pull request incrementally with two additional
commits since the last revision:
- var to real type
- rename
-
Changes:
- all: https://git.openjdk.org/jdk/pull/19
On Mon, 17 Jun 2024 19:56:38 GMT, Sean Mullan wrote:
> AFAICT, the only test modified in this PR that actually enables a Security
> Manager is test/jdk/javax/management/security/AuthorizationTest.java. Is that
> test sufficient to exercise the code changes in this PR when an SM is enabled?
Whi
> Make sure `pd` is always the same object when `getProtectionDomain0` is null.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
explain why the test is related to the fix
-
Changes:
- all: https://git.openjdk.org/
On Mon, 17 Jun 2024 15:11:29 GMT, Weijun Wang wrote:
>> test/jdk/java/lang/Class/ProtectionDomainRace.java line 42:
>>
>>> 40: try {
>>> 41: Subject.doAs(null, ac);
>>> 42: } catch (Throwable t) {
>&g
On Mon, 17 Jun 2024 15:08:26 GMT, Chen Liang wrote:
>> Make sure `pd` is always the same object when `getProtectionDomain0` is null.
>
> test/jdk/java/lang/Class/ProtectionDomainRace.java line 42:
>
>> 40: try {
>> 41: Subject.doAs(null, ac);
>> 42:
Make sure `pd` is always the same object when `getProtectionDomain0` is null.
-
Commit messages:
- chmod
- the fix
Changes: https://git.openjdk.org/jdk/pull/19752/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19752&range=00
Issue: https://bugs.openjdk.org/browse/JDK-83
On Mon, 17 Jun 2024 10:03:27 GMT, Kevin Walls wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of
>> AccessControlContext will be removed when Security Manager is removed.
>>
>> Until then, updates are needed to not require setting
>> -Djava.security.manager
On Fri, 14 Jun 2024 15:26:54 GMT, Kevin Walls wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of
>> AccessControlContext will be removed when Security Manager is removed.
>>
>> Until then, updates are needed to not require setting
>> -Djava.security.manager
On Fri, 14 Jun 2024 14:00:58 GMT, Kevin Walls wrote:
>> src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
>> line 1461:
>>
>>> 1459: throw rte;
>>> 1460: } else {
>>> 1461: throw new PrivilegedActionException(e);
On Fri, 14 Jun 2024 12:41:20 GMT, Kevin Walls wrote:
> Does noPermissionsACC add anything?
I don't know. My principal for this code change is that nothing is changed for
the SM-is-allowed case.
-
PR Comment: https://git.openjdk.org/jdk/pull/19624#issuecomment-2168203868
On Thu, 13 Jun 2024 20:54:25 GMT, Kevin Walls wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of
>> AccessControlContext will be removed when Security Manager is removed.
>>
>> Until then, updates are needed to not require setting
>> -Djava.security.manager
On Tue, 11 Jun 2024 18:04:45 GMT, Kevin Walls wrote:
>> src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
>> line 1301:
>>
>>> 1299: }
>>> 1300: };
>>> 1301: if (acc == null) {
>>
>> This is a comment to all the
On Tue, 11 Jun 2024 16:18:23 GMT, Kevin Walls wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of
>> AccessControlContext will be removed when Security Manager is removed.
>>
>> Until then, updates are needed to not require setting
>> -Djava.security.manager
On Mon, 13 May 2024 11:47:38 GMT, Maurizio Cimadamore
wrote:
>> This PR implements [JEP 472](https://openjdk.org/jeps/472), by restricting
>> the use of JNI in the following ways:
>>
>> * `System::load` and `System::loadLibrary` are now restricted methods
>> * `Runtime::load` and `Runtime::loa
Update PSL to the latest upstream version.
-
Commit messages:
- the change
Changes: https://git.openjdk.org/jdk/pull/19127/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19127&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8331864
Stats: 568 lines in 5 files chang
On Wed, 17 Jan 2024 23:41:53 GMT, Weijun Wang wrote:
> This code change adds an alternative implementation of user-based
> authorization `Subject` APIs that doesn't depend on Security Manager APIs.
> Depending on if the Security Manager is allowed, the methods store the
>
On Wed, 20 Mar 2024 14:45:50 GMT, Weijun Wang wrote:
>> This code change adds an alternative implementation of user-based
>> authorization `Subject` APIs that doesn't depend on Security Manager APIs.
>> Depending on if the Security Manager is allowed, the methods store
of the current `AccessControlContext`, then instead of storing the
> previous `AccessControlContext` object and passing it into `getSubject` to
> get the "previous" subject, the application should store the `current()`
> return value directly.
Weijun Wang has updated the pull reques
of the current `AccessControlContext`, then instead of storing the
> previous `AccessControlContext` object and passing it into `getSubject` to
> get the "previous" subject, the application should store the `current()`
> return value directly.
Weijun Wang has updated the pull reque
On Wed, 13 Mar 2024 19:53:40 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> revert changes to MBeanServerFileAccessController.java
>
> test/j
of the current `AccessControlContext`, then instead of storing the
> previous `AccessControlContext` object and passing it into `getSubject` to
> get the "previous" subject, the application should store the `current()`
> return value directly.
Weijun Wang has updated the pull reques
On Tue, 5 Mar 2024 16:49:01 GMT, Kevin Walls wrote:
>> Do you know where the subject is set? If it's set by a `doAs` call then it
>> will co-operate with `current()` no matter if SM is allowed. I tried to
>> search in the whole module and cannot find a `doAs` call. If it is also
>> through `Su
of the current `AccessControlContext`, then instead of storing the
> previous `AccessControlContext` object and passing it into `getSubject` to
> get the "previous" subject, the application should store the `current()`
> return value directly.
Weijun Wang has updated the pull reque
On Tue, 5 Mar 2024 11:36:53 GMT, Kevin Walls wrote:
>> I think we need @kevinjwalls or @dfuch to help advise on this.
>
> Right, this does not depend on the SM. All we need to do is get the Subject.
> This method implements the basic monitor (readonly) and control (readwrite)
> access.
> acces
of the current `AccessControlContext`, then instead of storing the
> previous `AccessControlContext` object and passing it into `getSubject` to
> get the "previous" subject, the application should store the `current()`
> return value directly.
Weijun Wang has updated the pull req
On Mon, 4 Mar 2024 16:17:14 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> fix MBeanServerFileAccessController, more test in SM
>
> src/java.base/share/classes/ja
On Mon, 4 Mar 2024 15:47:41 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> fix MBeanServerFileAccessController, more test in SM
>
> test/jdk/javax/security/auth/Subj
On Mon, 4 Mar 2024 15:15:54 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> fix MBeanServerFileAccessController, more test in SM
>
> test/jdk/javax/management/monitor/
On Mon, 4 Mar 2024 15:28:28 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> fix MBeanServerFileAccessController, more test in SM
>
> src/java.management/share/class
On Thu, 8 Feb 2024 16:34:00 GMT, Weijun Wang wrote:
> Many crypto service classes require a `SecureRandom` object at
> initialization. This test goes through each of them and calculates (generate,
> encrypt, sign,...) twice with the same `SecureRandom` object and ensures the
> o
On Sat, 17 Feb 2024 01:01:49 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> assertNotEqualsByteArray
>
> test/lib/jdk/test/lib/Asserts.java line 285:
>
>&g
> Many crypto service classes require a `SecureRandom` object at
> initialization. This test goes through each of them and calculates (generate,
> encrypt, sign,...) twice with the same `SecureRandom` object and ensures the
> output is the same.
Weijun Wang has updated the
> Many crypto service classes require a `SecureRandom` object at
> initialization. This test goes through each of them and calculates (generate,
> encrypt, sign,...) twice with the same `SecureRandom` object and ensures the
> output is the same.
Weijun Wang has updated the
> Many crypto service classes require a `SecureRandom` object at
> initialization. This test goes through each of them and calculates (generate,
> encrypt, sign,...) twice with the same `SecureRandom` object and ensures the
> output is the same.
Weijun Wang has updated the
On Thu, 8 Feb 2024 20:53:03 GMT, Kevin Driver wrote:
>> Many crypto service classes require a `SecureRandom` object at
>> initialization. This test goes through each of them and calculates
>> (generate, encrypt, sign,...) twice with the same `SecureRandom` object and
>> ensures the output is t
Many crypto service classes require a `SecureRandom` object at initialization.
This test goes through each of them and calculates (generate, encrypt,
sign,...) twice with the same `SecureRandom` object and ensures the output is
the same.
-
Commit messages:
- initial change
Change
On Fri, 2 Feb 2024 23:36:41 GMT, Joe Darcy wrote:
> After the "this-escape" lint warning was added to javac (JDK-8015831), the
> base module was not updated to be able to compile with this warning enabled.
> This PR makes the necessary changes to allow the base module to build with
> the warni
On Tue, 30 Jan 2024 16:41:28 GMT, Weijun Wang wrote:
>> src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerFileAccessController.java
>> line 307:
>>
>>> 305: AccessController.doPrivileged(new PrivilegedAction<>() {
>>&g
of the current `AccessControlContext`, then instead of storing the
> previous `AccessControlContext` object and passing it into `getSubject` to
> get the "previous" subject, the application should store the `current()`
> return value directly.
Weijun Wang has updated the
On Tue, 30 Jan 2024 16:45:34 GMT, Weijun Wang wrote:
>> OK - things seem to be a bit convoluted here and some pieces might be
>> missing. I suspect that what needs to be done is more complicated:
>>
>> `RMIConnectionImpl` sets up an ACC and calls doPrivileged w
of the current `AccessControlContext`, then instead of storing the
> previous `AccessControlContext` object and passing it into `getSubject` to
> get the "previous" subject, the application should store the `current()`
> return value directly.
Weijun Wang has updated the pull reques
On Tue, 30 Jan 2024 13:56:53 GMT, Daniel Fuchs wrote:
>> This code change adds an alternative implementation of user-based
>> authorization `Subject` APIs that doesn't depend on Security Manager APIs.
>> Depending on if the Security Manager is allowed, the methods store the
>> current subject
On Tue, 30 Jan 2024 14:19:02 GMT, Daniel Fuchs wrote:
>> src/java.management/share/classes/com/sun/jmx/remote/internal/ServerNotifForwarder.java
>> line 349:
>>
>>> 347: @SuppressWarnings("removal")
>>> 348: private Subject getSubject() {
>>> 349: return Subject.current();
>>
>
This code change adds an alternative implementation of user-based authorization
`Subject` APIs that doesn't depend on Security Manager APIs. Depending on if
the Security Manager is allowed, the methods store the current subject
differently. See the spec change in the `Subject.java` file for deta
Update `public_suffix_list.dat` to the latest.
-
Commit messages:
- initial change
Changes: https://git.openjdk.org/jdk/pull/16692/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=16692&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8320208
Stats: 3002 lines in 4 fil
On Fri, 16 Jun 2023 12:14:49 GMT, Sean Coffey wrote:
>> New functionality in the -XshowSettings menu to display relevant information
>> about JDK security configuration
>
> Sean Coffey has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Pass P
On Tue, 13 Jun 2023 20:36:28 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a code review for moving the contents of the jdk.crypto.ec module into
> java.base. This moves the SunEC JCE Provider (Elliptic Curve) into
> java.base. EC has always been separate from the base module/pkg because of
On Wed, 14 Jun 2023 11:39:14 GMT, Sean Coffey wrote:
>> New functionality in the -XshowSettings menu to display relevant information
>> about JDK security configuration
>
> Sean Coffey has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Incorp
On Wed, 14 Jun 2023 11:39:14 GMT, Sean Coffey wrote:
>> New functionality in the -XshowSettings menu to display relevant information
>> about JDK security configuration
>
> Sean Coffey has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Incorp
On Wed, 14 Jun 2023 11:39:14 GMT, Sean Coffey wrote:
>> New functionality in the -XshowSettings menu to display relevant information
>> about JDK security configuration
>
> Sean Coffey has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Incorp
On Mon, 12 Jun 2023 22:32:14 GMT, Justin Lu wrote:
>> Please review this PR which updates the JDK's localized resources since the
>> previous L10n translation drop (1/26).
>>
>> To help with reviewing the changes, @jonathan-gibbons created a tool which
>> displays the localized changes next to
On Fri, 9 Jun 2023 13:54:14 GMT, Sean Coffey wrote:
> New functionality in the -XshowSettings menu to display relevant information
> about JDK security configuration
src/java.base/share/classes/sun/launcher/LauncherHelper.java line 349:
> 347: // split lines longer than 60 char
On Tue, 6 Jun 2023 17:32:35 GMT, Artem Semenov wrote:
>> I didn't ask to revert the change. It's
>> `s/TARGET_OS_MAC/defined(__APPLE__)/`.
>
> This is rarely used in the code and is not the essence of the current changes.
> If you introduce such changes, then throughout the code.
> Moreover, thi
On Thu, 1 Jun 2023 15:02:16 GMT, Artem Semenov wrote:
>> src/java.security.jgss/share/native/libj2gss/gssapi.h line 47:
>>
>>> 45:
>>> 46: // Condition was copied from
>>> 47: //
>>> Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/gssapi/gssapi.h
>>
On Wed, 31 May 2023 13:37:06 GMT, Artem Semenov wrote:
>> When using the clang compiler to build OpenJDk on Linux, we encounter
>> various "warnings as errors".
>> They can be fixed with small changes.
>
> Artem Semenov has updated the pull request incrementally with one additional
> commit sin
Update XML Security for Java to 3.0.2. Some change to tests:
1. No more Xalan. One test case is singled out to demonstrate how to use a
special configuration.
2. EdDSA does not support `KeyValue`. Use X.509 certificate instead.
-
Commit messages:
- the change
Changes: https://git.
Update PSL for JDK 21.
-
Commit messages:
- the upgrade
Changes: https://git.openjdk.org/jdk/pull/13662/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=13662&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8302182
Stats: 1479 lines in 5 files changed: 647 ins; 697 de
Enhance the `Proc` utility to support compilation.
-
Commit messages:
- the fix
Changes: https://git.openjdk.org/jdk/pull/13425/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=13425&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8305846
Stats: 139 lines in 4 files c
On Fri, 17 Mar 2023 21:49:33 GMT, Weijun Wang wrote:
>> Justin Lu has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Adjust CF test to read in with UTF-8 to fix failing test
>
> make/jdk/src/classes
On Fri, 17 Mar 2023 20:28:13 GMT, Justin Lu wrote:
>> This PR converts Unicode sequences to UTF-8 native in .properties file.
>> (Excluding the Unicode space and tab sequence). The conversion was done
>> using native2ascii.
>>
>> In addition, the build logic is adjusted to support reading in t
On Thu, 23 Feb 2023 16:42:17 GMT, Sean Mullan wrote:
> The LDAPCertStore implementation passes Distinguished Names in CRL and
> Certificate URLs as Strings to JNDI APIs such as
> LdapContext.getAttributes(String), which then treats them as CompositeNames.
> This causes issues with URLs that ha
On Tue, 17 Jan 2023 18:54:13 GMT, Eirik Bjorsnos wrote:
>> This PR adds test coverage for pending block files in signed JAR files
>>
>> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes
>> before the corresponding signature file [SF] in the JAR.
>>
>> JarVerifier.pro
On Tue, 24 Jan 2023 12:31:30 GMT, Eirik Bjorsnos wrote:
>> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that
>> files reside in META-INF directly, and not in a subdirectory of META-INF.
>>
>> The mentioned call sites needs updates to check and ignore such files.
>>
>> A
On Wed, 25 Jan 2023 17:51:20 GMT, Damon Nguyen wrote:
>> Open l10n drop. Files have been updated with translated versions. Whitespace
>> tool has been ran on files.
>> All tests passed
>
> Damon Nguyen has updated the pull request incrementally with one additional
> commit since the last revisi
On Wed, 25 Jan 2023 17:56:15 GMT, Damon Nguyen wrote:
>> src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/toolkit/resources/doclets_zh_CN.properties
>> line 113:
>>
>>> 111:
>>> doclet.inheritDocWithinInappropriateTag=\u4E0D\u80FD\u5728\u6B64\u6807\u8BB0\u4E2D\u4F7F\u7528
>>> @inher
On Tue, 24 Jan 2023 23:56:23 GMT, Damon Nguyen wrote:
>> Open l10n drop. Files have been updated with translated versions. Whitespace
>> tool has been ran on files.
>> All tests passed
>
> Damon Nguyen has updated the pull request incrementally with one additional
> commit since the last revisi
On Tue, 24 Jan 2023 23:56:23 GMT, Damon Nguyen wrote:
>> Open l10n drop. Files have been updated with translated versions. Whitespace
>> tool has been ran on files.
>> All tests passed
>
> Damon Nguyen has updated the pull request incrementally with one additional
> commit since the last revisi
On Tue, 24 Jan 2023 12:31:30 GMT, Eirik Bjorsnos wrote:
>> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that
>> files reside in META-INF directly, and not in a subdirectory of META-INF.
>>
>> The mentioned call sites needs updates to check and ignore such files.
>>
>> A
On Mon, 16 Jan 2023 11:44:36 GMT, Eirik Bjorsnos wrote:
> This PR adds test coverage for pending block files in signed JAR files
>
> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes
> before the corresponding signature file [SF] in the JAR.
>
> JarVerifier.processEn
On Sat, 14 Jan 2023 12:02:11 GMT, Eirik Bjorsnos wrote:
>> src/java.base/share/classes/java/util/zip/ZipFile.java line 1748:
>>
>>> 1746: .isBlockOrSF(new String(name, off, len,
>>> UTF_8.INSTANCE)
>>> 1747: .toUpperCase(Locale.ENGLISH)));
>>> 1748:
>>
>> H
On Sat, 14 Jan 2023 12:14:54 GMT, Eirik Bjorsnos wrote:
>> src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 980:
>>
>>> 978: * Returns true iff the entry resides directly in the META-INF/
>>> directory
>>> 979: */
>>> 980: private boolean isInMetaInf(ZipEnt
On Thu, 12 Jan 2023 18:44:26 GMT, Eirik Bjorsnos wrote:
> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that
> files reside in META-INF directly, and not in a subdirectory of META-INF.
>
> The mentioned call sites needs updates to check and ignore such files.
>
> A new te
On Fri, 16 Dec 2022 17:41:42 GMT, Damon Nguyen wrote:
>> Yes, you can replace all "存在安全风险" (that is not after ""被视为") to "被视为存在安全风险".
>>
>> There are also similar usages in
>> `src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java`.
>
> Hi @wangweij , I believe I fixed the o
On Fri, 16 Dec 2022 03:41:09 GMT, Damon Nguyen wrote:
>> src/java.base/share/classes/sun/security/tools/keytool/Resources_zh_CN.java
>> line 75:
>>
>>> 73: "\u5DF2\u751F\u6210 {0} \u4F4D{1}\u5BC6\u94A5"},
>>> //-genseckey
>>> 74: {"key.algorithm.weak", "%1$s \u4F7F\u752
On Thu, 15 Dec 2022 23:01:35 GMT, Damon Nguyen wrote:
>> Open l10n drop
>> All tests passed
>
> Damon Nguyen has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Revert double quote as well
src/java.base/share/classes/sun/security/tools/keytool
On Fri, 2 Dec 2022 16:40:51 GMT, Magnus Ihse Bursie wrote:
> According to [the
> specification](https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/util/Properties.html#load(java.io.Reader))
> trailing whitespaces in the values of properties files are (somewhat
> surprisingly) ac
On Fri, 2 Dec 2022 08:18:35 GMT, Alan Bateman wrote:
>> If the console cannot be used anyway inside jshell, then this is good enough.
>
> Naoto has confirmed that the password prompt from keytool does not echo, good!
>
> The intention is that Console be usable in jshell so I think the issue is
On Thu, 1 Dec 2022 19:30:29 GMT, Naoto Sato wrote:
>> What's the expected behavior?
>
> I confirmed that the standalone `keytool` did not echo the input, which
> should be OK for this IMO.
If the console cannot be used anyway inside jshell, then this is good enough.
-
PR: https://
On Thu, 1 Dec 2022 16:08:39 GMT, Weijun Wang wrote:
>> Sure. Trying out now...
>
> I can still see the password on screen. Here `in` is a
> `jdk.jshell.execution.Util` so the updated check on line 58 above failed.
>
> $ jshell -C--add-exports -Cjava.base/sun.security.tool
On Thu, 1 Dec 2022 15:49:30 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/util/Password.java line 63:
>>
>>> 61: // readPassword returns "" if you just press ENTER with
>>> the built-in Console,
>>> 62:
On Thu, 1 Dec 2022 15:16:29 GMT, Alan Bateman wrote:
>> Naoto Sato has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Adds a test
>> - Removed JavaIOAccess.charset() which is no longer needed
>
> src/java.base/share/classes/sun/security/
On Tue, 22 Nov 2022 00:45:00 GMT, pandaapo wrote:
>> The cache named `signerToCodeSource` in `JarVerifier` is never used now.
>
> pandaapo has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Modify as reviews.
Everything looks fine now. Thanks
On Mon, 21 Nov 2022 00:29:34 GMT, pandaapo wrote:
>> The cache named `signerToCodeSource` in `JarVerifier` is never used now.
>
> pandaapo has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Modify as review and update copyright.
Looks almost
1 - 100 of 119 matches
Mail list logo
