rpms/java-1.8.0-openjdk
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Add JDK-8275535 patch to fix LDAP authentication issue.

Browse Source 
Resolves: rhbz#2053525
This commit is contained in:
Andrew Hughes 2022-02-28 06:35:30 +00:00
parent 3bd296bf8b
commit 52c15259b0
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
java-1.8.0-openjdk.spec
View File

@ -324,7 +324,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27 # eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 7 %global rpmrelease 8
# Define milestone (EA for pre-releases, GA ("fcs") for releases) # Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1): # Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases, # - 0.N%%{?extraver}%%{?dist} for EA releases,
@ -1463,6 +1463,8 @@ Patch600: rh1750419-redhat_alt_java.patch
Patch111: jdk8218811-perfMemory_linux.patch Patch111: jdk8218811-perfMemory_linux.patch
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
Patch113: jdk8275535-rh2053256-ldap_auth.patch
############################################# #############################################
# #
@ -1888,6 +1890,7 @@ sh %{SOURCE12}
%patch112 %patch112
%patch580 %patch580
%patch581 %patch581
%patch113
# RPM-only fixes # RPM-only fixes
%patch539 %patch539
@ -2655,6 +2658,10 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-8
- Add JDK-8275535 patch to fix LDAP authentication issue.
- Resolves: rhbz#2053525
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-7 * Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-7
- Detect NSS at runtime for FIPS detection - Detect NSS at runtime for FIPS detection
- Turn off build-time NSS linking and go back to an explicit Requires on NSS - Turn off build-time NSS linking and go back to an explicit Requires on NSS

26
jdk8275535-rh2053256-ldap_auth.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
index cf4becb7db..4ab2ac0a31 100644
--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
ctx = getLdapCtxFromUrl(
r.getDomainName(), url, new LdapURL(u), env);
return ctx;
+ } catch (AuthenticationException e) {
+ // do not retry on a different endpoint to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
// try the next element
lastException = e;
@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
for (String u : urls) {
try {
return getUsingURL(u, env);
+ } catch (AuthenticationException e) {
+ // do not retry on a different URL to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
ex = e;
}