From df67399225775c0ce705c4cb4e7a88abef208342 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 19 Feb 2019 05:03:27 +0000 Subject: [PATCH] Add PR3655 to allow the system crypto policy to be turned off. --- java-1.8.0-openjdk.spec | 8 ++- pr3655-toggle_system_crypto_policy.patch | 78 ++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 pr3655-toggle_system_crypto_policy.patch diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index f2d2c09..5eb8fbc 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -991,7 +991,7 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 3%{?dist} +Release: 4%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1121,6 +1121,8 @@ Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_jav Patch540: pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jssecacerts.patch # PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy Patch300: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch +# PR3655: Allow use of system crypto policy to be disabled by the user +Patch301: pr3655-toggle_system_crypto_policy.patch ############################################# # @@ -1599,6 +1601,7 @@ sh %{SOURCE12} %patch210 %patch300 +%patch301 %patch1 %patch3 @@ -2318,6 +2321,9 @@ require "copy_jdk_configs.lua" %endif %changelog +* Tue Feb 19 2019 Andrew Hughes - 1:1.8.0.201.b09-4 +- Add PR3655 to allow the system crypto policy to be turned off. + * Mon Feb 11 2019 Jiri Vanek - 1:1.8.0.201.b09-3 - config files to etc diff --git a/pr3655-toggle_system_crypto_policy.patch b/pr3655-toggle_system_crypto_policy.patch new file mode 100644 index 0000000..abfac45 --- /dev/null +++ b/pr3655-toggle_system_crypto_policy.patch @@ -0,0 +1,78 @@ +# HG changeset patch +# User andrew +# Date 1545198926 0 +# Wed Dec 19 05:55:26 2018 +0000 +# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776 +# Parent 81f07f6d1f8b7b51b136d3974c61bc8bb513770c +PR3655: Allow use of system crypto policy to be disabled by the user +Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile + +diff --git a/src/share/classes/javopenjdk.orig/jdk/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java +--- openjdk.orig/jdk/src/share/classes/java/security/Security.java ++++ openjdk/jdk/src/share/classes/java/security/Security.java +@@ -122,31 +122,6 @@ + } + + if ("true".equalsIgnoreCase(props.getProperty +- ("security.useSystemPropertiesFile"))) { +- +- // now load the system file, if it exists, so its values +- // will win if they conflict with the earlier values +- try (BufferedInputStream bis = +- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { +- props.load(bis); +- loadedProps = true; +- +- if (sdebug != null) { +- sdebug.println("reading system security properties file " + +- SYSTEM_PROPERTIES); +- sdebug.println(props.toString()); +- } +- } catch (IOException e) { +- if (sdebug != null) { +- sdebug.println +- ("unable to load security properties from " + +- SYSTEM_PROPERTIES); +- e.printStackTrace(); +- } +- } +- } +- +- if ("true".equalsIgnoreCase(props.getProperty + ("security.overridePropertiesFile"))) { + + String extraPropFile = System.getProperty +@@ -212,6 +187,33 @@ + } + } + ++ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile"); ++ if (disableSystemProps == null && ++ "true".equalsIgnoreCase(props.getProperty ++ ("security.useSystemPropertiesFile"))) { ++ ++ // now load the system file, if it exists, so its values ++ // will win if they conflict with the earlier values ++ try (BufferedInputStream bis = ++ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { ++ props.load(bis); ++ loadedProps = true; ++ ++ if (sdebug != null) { ++ sdebug.println("reading system security properties file " + ++ SYSTEM_PROPERTIES); ++ sdebug.println(props.toString()); ++ } ++ } catch (IOException e) { ++ if (sdebug != null) { ++ sdebug.println ++ ("unable to load security properties from " + ++ SYSTEM_PROPERTIES); ++ e.printStackTrace(); ++ } ++ } ++ } ++ + if (!loadedProps) { + initializeStatic(); + if (sdebug != null) {