rpms
/
java-11-openjdk
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add PR3695 to allow the system crypto policy to be turned off. 

Correct original system crypto policy patch to refer to OpenJDK 11 bug (PR3694)
This commit is contained in:
Andrew Hughes 2019-02-07 05:10:19 +00:00
parent 149d23b791
commit 1812058884
3 changed files with 90 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
java-11-openjdk.spec
View File

@ -957,7 +957,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{newjavaver}.%{buildver}
Release: 1%{?dist}
Release: 2%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@ -1028,10 +1028,12 @@ Patch2: rh1648644-java_access_bridge_privileged_security.patch
# for all providers unconditionally
Patch525: rh1022017-reduce_ssl_curves.patch
Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
# Follow system wide crypto policy RHBZ#1249083
Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# System NSS via SunEC Provider
Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
# PR3695: Allow use of system crypto policy to be disabled by the user
Patch6: pr3695-toggle_system_crypto_policy.patch
#############################################
#
@ -1318,6 +1320,7 @@ pushd %{top_level_dir_name}
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
@ -1874,6 +1877,10 @@ require "copy_jdk_configs.lua"
%changelog
* Thu Feb 07 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.2.7-2
- Add PR3695 to allow the system crypto policy to be turned off.
- Correct original system crypto policy patch to refer to OpenJDK 11 bug (PR3694)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:11.0.2.7-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

2
pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch → pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
View File

@ -4,7 +4,7 @@
# Date 1478057514 0
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
PR3183: Support Fedora/RHEL system crypto policy
PR3694: Support Fedora/RHEL system crypto policy
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
--- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000

78
pr3695-toggle_system_crypto_policy.patch Normal file
View File

@ -0,0 +1,78 @@
# HG changeset patch
# User andrew
# Date 1545198926 0
# Wed Dec 19 05:55:26 2018 +0000
# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776
# Parent 81f07f6d1f8b7b51b136d3974c61bc8bb513770c
PR3695: Allow use of system crypto policy to be disabled by the user
Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
--- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java
@@ -125,31 +125,6 @@
}
if ("true".equalsIgnoreCase(props.getProperty
- ("security.useSystemPropertiesFile"))) {
-
- // now load the system file, if it exists, so its values
- // will win if they conflict with the earlier values
- try (BufferedInputStream bis =
- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
- props.load(bis);
- loadedProps = true;
-
- if (sdebug != null) {
- sdebug.println("reading system security properties file " +
- SYSTEM_PROPERTIES);
- sdebug.println(props.toString());
- }
- } catch (IOException e) {
- if (sdebug != null) {
- sdebug.println
- ("unable to load security properties from " +
- SYSTEM_PROPERTIES);
- e.printStackTrace();
- }
- }
- }
-
- if ("true".equalsIgnoreCase(props.getProperty
("security.overridePropertiesFile"))) {
String extraPropFile = System.getProperty
@@ -215,6 +190,33 @@
}
}
+ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+ if (disableSystemProps == null &&
+ "true".equalsIgnoreCase(props.getProperty
+ ("security.useSystemPropertiesFile"))) {
+
+ // now load the system file, if it exists, so its values
+ // will win if they conflict with the earlier values
+ try (BufferedInputStream bis =
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+ props.load(bis);
+ loadedProps = true;
+
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ SYSTEM_PROPERTIES);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println
+ ("unable to load security properties from " +
+ SYSTEM_PROPERTIES);
+ e.printStackTrace();
+ }
+ }
+ }
+
if (!loadedProps) {
initializeStatic();
if (sdebug != null) {