Add PR3655 to allow the system crypto policy to be turned off.

2019-02-19 05:03:27 +00:00 · 2019-02-19 05:03:27 +00:00 · df67399225
commit df67399225
parent b227556dea
2 changed files with 85 additions and 1 deletions
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@ -991,7 +991,7 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas

 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 3%{?dist}
+Release: 4%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@ -1121,6 +1121,8 @@ Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_jav
 Patch540: pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jssecacerts.patch
 # PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy
 Patch300: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
+# PR3655: Allow use of system crypto policy to be disabled by the user
+Patch301: pr3655-toggle_system_crypto_policy.patch

 #############################################
 #
@ -1599,6 +1601,7 @@ sh %{SOURCE12}
 %patch210

 %patch300
+%patch301

 %patch1
 %patch3
@ -2318,6 +2321,9 @@ require "copy_jdk_configs.lua"
 %endif

 %changelog
+* Tue Feb 19 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.201.b09-4
+- Add PR3655 to allow the system crypto policy to be turned off.
+
 * Mon Feb 11 2019 Jiri Vanek <jvanek@redhat.com>  - 1:1.8.0.201.b09-3
 - config files to etc

--- a/pr3655-toggle_system_crypto_policy.patch
+++ b/pr3655-toggle_system_crypto_policy.patch
@ -0,0 +1,78 @@
+# HG changeset patch
+# User andrew
+# Date 1545198926 0
+#      Wed Dec 19 05:55:26 2018 +0000
+# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776
+# Parent  81f07f6d1f8b7b51b136d3974c61bc8bb513770c
+PR3655: Allow use of system crypto policy to be disabled by the user
+Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile
+
+diff --git a/src/share/classes/javopenjdk.orig/jdk/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
+++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -122,31 +122,6 @@
+         }
+ 
+         if ("true".equalsIgnoreCase(props.getProperty
+-                ("security.useSystemPropertiesFile"))) {
+-
+-            // now load the system file, if it exists, so its values
+-            // will win if they conflict with the earlier values
+-            try (BufferedInputStream bis =
+-                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+-                props.load(bis);
+-                loadedProps = true;
+-
+-                if (sdebug != null) {
+-                    sdebug.println("reading system security properties file " +
+-                                   SYSTEM_PROPERTIES);
+-                    sdebug.println(props.toString());
+-                }
+-            } catch (IOException e) {
+-                if (sdebug != null) {
+-                    sdebug.println
+-                        ("unable to load security properties from " +
+-                         SYSTEM_PROPERTIES);
+-                    e.printStackTrace();
+-                }
+-            }
+-        }
+-
+-        if ("true".equalsIgnoreCase(props.getProperty
+                 ("security.overridePropertiesFile"))) {
+ 
+             String extraPropFile = System.getProperty
+@@ -212,6 +187,33 @@
+             }
+         }
+ 
+        String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+        if (disableSystemProps == null &&
+            "true".equalsIgnoreCase(props.getProperty
+                ("security.useSystemPropertiesFile"))) {
+
+            // now load the system file, if it exists, so its values
+            // will win if they conflict with the earlier values
+            try (BufferedInputStream bis =
+                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+                props.load(bis);
+                loadedProps = true;
+
+                if (sdebug != null) {
+                    sdebug.println("reading system security properties file " +
+                                   SYSTEM_PROPERTIES);
+                    sdebug.println(props.toString());
+                }
+            } catch (IOException e) {
+                if (sdebug != null) {
+                    sdebug.println
+                        ("unable to load security properties from " +
+                         SYSTEM_PROPERTIES);
+                    e.printStackTrace();
+                }
+            }
+        }
+
+         if (!loadedProps) {
+             initializeStatic();
+             if (sdebug != null) {