From 72ac500dc654bbc82332712022cca573db0bc3e6 Mon Sep 17 00:00:00 2001
From: Jiri Vanek <jvanek@redhat.com>
Date: Wed, 17 Apr 2013 14:22:01 +0200
Subject: Fixed gifar vulnereability with automated testcase

---
 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java')

diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index 983979e..e790746 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -60,7 +60,7 @@ import java.util.TreeSet;
 import java.util.Vector;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
+import net.sourceforge.jnlp.util.JarFile;
 import java.util.jar.Manifest;
 
 import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
@@ -678,7 +678,7 @@ public class JNLPClassLoader extends URLClassLoader {
                 //to read the cacerts or trusted.certs files.
                 e.printStackTrace();
                 throw new LaunchException(null, null, R("LSFatal"),
-                                        R("LCInit"), R("LFatalVerification"), R("LFatalVerificationInfo"));
+                                        R("LCInit"), R("LFatalVerification"), R("LFatalVerificationInfo") + ": " +e.getMessage());
             }
 
             //Case when at least one jar has some signing
-- 
cgit v1.2.3