diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec index fc14090..e2a4e4b 100644 --- a/java-11-openjdk.spec +++ b/java-11-openjdk.spec @@ -957,7 +957,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{newjavaver}.%{buildver} -Release: 1%{?dist} +Release: 2%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1028,10 +1028,12 @@ Patch2: rh1648644-java_access_bridge_privileged_security.patch # for all providers unconditionally Patch525: rh1022017-reduce_ssl_curves.patch Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch -# Follow system wide crypto policy RHBZ#1249083 -Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch +# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy +Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch # System NSS via SunEC Provider -Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch +Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch +# PR3695: Allow use of system crypto policy to be disabled by the user +Patch6: pr3695-toggle_system_crypto_policy.patch ############################################# # @@ -1318,6 +1320,7 @@ pushd %{top_level_dir_name} %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 @@ -1874,6 +1877,10 @@ require "copy_jdk_configs.lua" %changelog +* Thu Feb 07 2019 Andrew John Hughes - 1:11.0.2.7-2 +- Add PR3695 to allow the system crypto policy to be turned off. +- Correct original system crypto policy patch to refer to OpenJDK 11 bug (PR3694) + * Fri Feb 01 2019 Fedora Release Engineering - 1:11.0.2.7-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch b/pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch similarity index 98% rename from pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch rename to pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch index 4efbe9a..97f276f 100644 --- a/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch +++ b/pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch @@ -4,7 +4,7 @@ # Date 1478057514 0 # Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c # Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a -PR3183: Support Fedora/RHEL system crypto policy +PR3694: Support Fedora/RHEL system crypto policy diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java --- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100 +++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000 diff --git a/pr3695-toggle_system_crypto_policy.patch b/pr3695-toggle_system_crypto_policy.patch new file mode 100644 index 0000000..3799237 --- /dev/null +++ b/pr3695-toggle_system_crypto_policy.patch @@ -0,0 +1,78 @@ +# HG changeset patch +# User andrew +# Date 1545198926 0 +# Wed Dec 19 05:55:26 2018 +0000 +# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776 +# Parent 81f07f6d1f8b7b51b136d3974c61bc8bb513770c +PR3695: Allow use of system crypto policy to be disabled by the user +Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile + +diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java +--- a/src/java.base/share/classes/java/security/Security.java ++++ b/src/java.base/share/classes/java/security/Security.java +@@ -125,31 +125,6 @@ + } + + if ("true".equalsIgnoreCase(props.getProperty +- ("security.useSystemPropertiesFile"))) { +- +- // now load the system file, if it exists, so its values +- // will win if they conflict with the earlier values +- try (BufferedInputStream bis = +- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { +- props.load(bis); +- loadedProps = true; +- +- if (sdebug != null) { +- sdebug.println("reading system security properties file " + +- SYSTEM_PROPERTIES); +- sdebug.println(props.toString()); +- } +- } catch (IOException e) { +- if (sdebug != null) { +- sdebug.println +- ("unable to load security properties from " + +- SYSTEM_PROPERTIES); +- e.printStackTrace(); +- } +- } +- } +- +- if ("true".equalsIgnoreCase(props.getProperty + ("security.overridePropertiesFile"))) { + + String extraPropFile = System.getProperty +@@ -215,6 +190,33 @@ + } + } + ++ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile"); ++ if (disableSystemProps == null && ++ "true".equalsIgnoreCase(props.getProperty ++ ("security.useSystemPropertiesFile"))) { ++ ++ // now load the system file, if it exists, so its values ++ // will win if they conflict with the earlier values ++ try (BufferedInputStream bis = ++ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { ++ props.load(bis); ++ loadedProps = true; ++ ++ if (sdebug != null) { ++ sdebug.println("reading system security properties file " + ++ SYSTEM_PROPERTIES); ++ sdebug.println(props.toString()); ++ } ++ } catch (IOException e) { ++ if (sdebug != null) { ++ sdebug.println ++ ("unable to load security properties from " + ++ SYSTEM_PROPERTIES); ++ e.printStackTrace(); ++ } ++ } ++ } ++ + if (!loadedProps) { + initializeStatic(); + if (sdebug != null) {