added patch207 - PR3183.patch

- java SSL/TLS implementation: should follow the policies of system-wide crypto policy
2016-11-03 09:07:33 +01:00 · 2016-11-03 09:07:33 +01:00 · 647f8debfd
commit 647f8debfd
parent ea155293bf
2 changed files with 166 additions and 1 deletions
--- a/PR3183.patch
+++ b/PR3183.patch
@ -0,0 +1,158 @@
+
+# HG changeset patch
+# User andrew
+# Date 1478057514 0
+# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
+# Parent  3d53f19b48384e5252f4ec8891f7a3a82d77af2a
+PR3183: Support Fedora/RHEL system crypto policy
+
+diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/classes/java/security/Security.java
+--- openjdk/jdk/src/share/classes/java/security/Security.java	Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/classes/java/security/Security.java	Wed Nov 02 03:31:54 2016 +0000
+@@ -43,6 +43,9 @@
+  * implementation-specific location, which is typically the properties file
+  * {@code lib/security/java.security} in the Java installation directory.
+  *
+ * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p>
+ *
+  * @author Benjamin Renaud
+  */
+ 
+@@ -52,6 +55,10 @@
+     private static final Debug sdebug =
+                         Debug.getInstance("properties");
+ 
+    /* System property file*/
+    private static final String SYSTEM_PROPERTIES =
+        "/etc/crypto-policies/back-ends/java.config";
+
+     /* The java.security properties */
+     private static Properties props;
+ 
+@@ -93,6 +100,7 @@
+                 if (sdebug != null) {
+                     sdebug.println("reading security properties file: " +
+                                 propFile);
+                    sdebug.println(props.toString());
+                 }
+             } catch (IOException e) {
+                 if (sdebug != null) {
+@@ -114,6 +122,31 @@
+         }
+ 
+         if ("true".equalsIgnoreCase(props.getProperty
+                ("security.useSystemPropertiesFile"))) {
+
+            // now load the system file, if it exists, so its values
+            // will win if they conflict with the earlier values
+            try (BufferedInputStream bis =
+                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+                props.load(bis);
+                loadedProps = true;
+
+                if (sdebug != null) {
+                    sdebug.println("reading system security properties file " +
+                                   SYSTEM_PROPERTIES);
+                    sdebug.println(props.toString());
+                }
+            } catch (IOException e) {
+                if (sdebug != null) {
+                    sdebug.println
+                        ("unable to load security properties from " +
+                         SYSTEM_PROPERTIES);
+                    e.printStackTrace();
+                }
+            }
+        }
+
+        if ("true".equalsIgnoreCase(props.getProperty
+                 ("security.overridePropertiesFile"))) {
+ 
+             String extraPropFile = System.getProperty
+diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-aix
+--- openjdk/jdk/src/share/lib/security/java.security-aix	Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-aix	Wed Nov 02 03:31:54 2016 +0000
+@@ -276,6 +276,13 @@
+ security.overridePropertiesFile=true
+ 
+ #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
+ # Determines the default key and trust manager factory algorithms for
+ # the javax.net.ssl package.
+ #
+diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-linux
+--- openjdk/jdk/src/share/lib/security/java.security-linux	Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-linux	Wed Nov 02 03:31:54 2016 +0000
+@@ -276,6 +276,13 @@
+ security.overridePropertiesFile=true
+ 
+ #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=true
+
+#
+ # Determines the default key and trust manager factory algorithms for
+ # the javax.net.ssl package.
+ #
+diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-macosx
+--- openjdk/jdk/src/share/lib/security/java.security-macosx	Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-macosx	Wed Nov 02 03:31:54 2016 +0000
+@@ -279,6 +279,13 @@
+ security.overridePropertiesFile=true
+ 
+ #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
+ # Determines the default key and trust manager factory algorithms for
+ # the javax.net.ssl package.
+ #
+diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-solaris
+--- openjdk/jdk/src/share/lib/security/java.security-solaris	Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-solaris	Wed Nov 02 03:31:54 2016 +0000
+@@ -278,6 +278,13 @@
+ security.overridePropertiesFile=true
+ 
+ #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
+ # Determines the default key and trust manager factory algorithms for
+ # the javax.net.ssl package.
+ #
+diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-windows
+--- openjdk/jdk/src/share/lib/security/java.security-windows	Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-windows	Wed Nov 02 03:31:54 2016 +0000
+@@ -279,6 +279,13 @@
+ security.overridePropertiesFile=true
+ 
+ #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
+ # Determines the default key and trust manager factory algorithms for
+ # the javax.net.ssl package.
+ #
+
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@ -255,6 +255,7 @@ if [ "$1" -gt 1 ]; then
       "${sum}" = '321342219bb130d238ff144b9e5dbfc1' -o \\
       "${sum}" = '134a37a84983b620f4d8d51a550c0c38' -o \\
       "${sum}" = '5ea976e209d0d0b5b6ab148416123e02' -o \\
+       "${sum}" = '059d61cfbb47e337b011ecda9350db9b' -o \\
       "${sum}" = '5ab4c77cf14fbd7f7ee6f51a7a73d88c' ]; then
    if [ -f "${javasecurity}.rpmnew" ]; then
      mv -f "${javasecurity}.rpmnew" "${javasecurity}"
@ -795,7 +796,7 @@ Obsoletes: java-1.7.0-openjdk-accessibility%1

 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}
-Release: 2.%{buildver}%{?dist}
+Release: 3.%{buildver}%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
 # and this change was brought into RHEL-4.  java-1.5.0-ibm packages
 # also included the epoch in their virtual provides.  This created a
@ -944,6 +945,7 @@ Patch201: system-libjpeg.patch
 Patch204: hotspot-remove-debuglink.patch
 Patch205: dont-add-unnecessary-debug-links.patch
 Patch206: hotspot-assembler-debuginfo.patch
+Patch207: PR3183.patch

 # Local fixes
 # PR1834, RH1022017: Reduce curves reported by SSL to those in NSS
@ -1244,6 +1246,7 @@ sh %{SOURCE12}
 %patch204
 %patch205
 %patch206
+%patch207

 %patch1
 %patch3
@ -1932,6 +1935,10 @@ require "copy_jdk_configs.lua"
 %endif

 %changelog
+* Thu Nov 03 2016 jvanek <jvanek@redhat.com - 1:1.8.0.111-3.b16
+- added patch207 - PR3183.patch
+- java SSL/TLS implementation: should follow the policies of system-wide crypto policy 
+
 * Fri Oct 21 2016 Omair Majid <omajid@redhat.com> - 1:1.8.0.111-2.b16
 - added dont-add-unnecessary-debug-links.patch
 - added hotspot-assembler-debuginfo.patch