added patch207 - PR3183.patch

- java SSL/TLS implementation: should follow the policies of system-wide crypto policy
This commit is contained in:
Jiri Vanek 2016-11-03 09:07:33 +01:00
parent ea155293bf
commit 647f8debfd
2 changed files with 166 additions and 1 deletions

158
PR3183.patch Normal file
View File

@ -0,0 +1,158 @@
# HG changeset patch
# User andrew
# Date 1478057514 0
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
PR3183: Support Fedora/RHEL system crypto policy
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/classes/java/security/Security.java
--- openjdk/jdk/src/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
@@ -43,6 +43,9 @@
* implementation-specific location, which is typically the properties file
* {@code lib/security/java.security} in the Java installation directory.
*
+ * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p>
+ *
* @author Benjamin Renaud
*/
@@ -52,6 +55,10 @@
private static final Debug sdebug =
Debug.getInstance("properties");
+ /* System property file*/
+ private static final String SYSTEM_PROPERTIES =
+ "/etc/crypto-policies/back-ends/java.config";
+
/* The java.security properties */
private static Properties props;
@@ -93,6 +100,7 @@
if (sdebug != null) {
sdebug.println("reading security properties file: " +
propFile);
+ sdebug.println(props.toString());
}
} catch (IOException e) {
if (sdebug != null) {
@@ -114,6 +122,31 @@
}
if ("true".equalsIgnoreCase(props.getProperty
+ ("security.useSystemPropertiesFile"))) {
+
+ // now load the system file, if it exists, so its values
+ // will win if they conflict with the earlier values
+ try (BufferedInputStream bis =
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+ props.load(bis);
+ loadedProps = true;
+
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ SYSTEM_PROPERTIES);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println
+ ("unable to load security properties from " +
+ SYSTEM_PROPERTIES);
+ e.printStackTrace();
+ }
+ }
+ }
+
+ if ("true".equalsIgnoreCase(props.getProperty
("security.overridePropertiesFile"))) {
String extraPropFile = System.getProperty
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-aix
--- openjdk/jdk/src/share/lib/security/java.security-aix Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-aix Wed Nov 02 03:31:54 2016 +0000
@@ -276,6 +276,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-linux
--- openjdk/jdk/src/share/lib/security/java.security-linux Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-linux Wed Nov 02 03:31:54 2016 +0000
@@ -276,6 +276,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=true
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-macosx
--- openjdk/jdk/src/share/lib/security/java.security-macosx Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-macosx Wed Nov 02 03:31:54 2016 +0000
@@ -279,6 +279,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-solaris
--- openjdk/jdk/src/share/lib/security/java.security-solaris Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-solaris Wed Nov 02 03:31:54 2016 +0000
@@ -278,6 +278,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-windows
--- openjdk/jdk/src/share/lib/security/java.security-windows Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-windows Wed Nov 02 03:31:54 2016 +0000
@@ -279,6 +279,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#

View File

@ -255,6 +255,7 @@ if [ "$1" -gt 1 ]; then
"${sum}" = '321342219bb130d238ff144b9e5dbfc1' -o \\
"${sum}" = '134a37a84983b620f4d8d51a550c0c38' -o \\
"${sum}" = '5ea976e209d0d0b5b6ab148416123e02' -o \\
"${sum}" = '059d61cfbb47e337b011ecda9350db9b' -o \\
"${sum}" = '5ab4c77cf14fbd7f7ee6f51a7a73d88c' ]; then
if [ -f "${javasecurity}.rpmnew" ]; then
mv -f "${javasecurity}.rpmnew" "${javasecurity}"
@ -795,7 +796,7 @@ Obsoletes: java-1.7.0-openjdk-accessibility%1
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}
Release: 2.%{buildver}%{?dist}
Release: 3.%{buildver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@ -944,6 +945,7 @@ Patch201: system-libjpeg.patch
Patch204: hotspot-remove-debuglink.patch
Patch205: dont-add-unnecessary-debug-links.patch
Patch206: hotspot-assembler-debuginfo.patch
Patch207: PR3183.patch
# Local fixes
# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS
@ -1244,6 +1246,7 @@ sh %{SOURCE12}
%patch204
%patch205
%patch206
%patch207
%patch1
%patch3
@ -1932,6 +1935,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
* Thu Nov 03 2016 jvanek <jvanek@redhat.com - 1:1.8.0.111-3.b16
- added patch207 - PR3183.patch
- java SSL/TLS implementation: should follow the policies of system-wide crypto policy
* Fri Oct 21 2016 Omair Majid <omajid@redhat.com> - 1:1.8.0.111-2.b16
- added dont-add-unnecessary-debug-links.patch
- added hotspot-assembler-debuginfo.patch