APAR status
Closed as program error.
Error description
Error Message: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size) . Stack Trace: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size) at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1728) at java.base/java.util.zip.ZipFile$Source.checkExtraFields(ZipFile. java:1261) at java.base/java.util.zip.ZipFile$Source.checkAndAddEntry(ZipFile. java:1212) at java.base/java.util.zip.ZipFile$Source.initCEN(ZipFile.java:1667 ) at java.base/java.util.zip.ZipFile$Source.<init>(ZipFile.java:1445) ... .
Local fix
The regression can be circumvented with the following command line option, but this disables the fix for CVE-2023-22036 so it must be used with care: -Djdk.util.zip.disableZip64ExtraFieldValidation=true
Problem summary
The fix for CVE-2023-22036 under APAR IJ47678 caused a regression which causes an ZipException when attempting to open ZIP files produced by some third party tools. The Exception will look similar to this: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size) at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1728) at java.base/java.util.zip.ZipFile$Source.checkExtraFields(ZipFile. java:1261) at java.base/java.util.zip.ZipFile$Source.checkAndAddEntry(ZipFile. java:1212) at java.base/java.util.zip.ZipFile$Source.initCEN(ZipFile.java:1667 ) at java.base/java.util.zip.ZipFile$Source.<init>(ZipFile.java:1445) ... See OpenJDK bug 8313765 for more information.
Problem conclusion
The issue has been addressed with the fix for OpenJDK bug 8313765. . This APAR will be fixed in the following Releases: . IBM Semeru Runtimes 11 11.0.20.1 17 17.0.8.1 . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available maintenance can be found at: https://www.ibm.com/support/pages/java-sdk
Temporary fix
Comments
APAR Information
APAR number
IJ48301
Reported component name
OPENJDK CLASS L
Reported component ID
621800100
Reported release
B00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-08-31
Closed date
2023-08-31
Last modified date
2023-09-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
OPENJDK CLASS L
Fixed component ID
621800100
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
11 September 2023