Add PR3695 to allow the system crypto policy to be turned off.
Correct original system crypto policy patch to refer to OpenJDK 11 bug (PR3694)
This commit is contained in:
parent
149d23b791
commit
1812058884
@ -957,7 +957,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
|
||||
|
||||
Name: java-%{javaver}-%{origin}
|
||||
Version: %{newjavaver}.%{buildver}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
|
||||
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
||||
# also included the epoch in their virtual provides. This created a
|
||||
@ -1028,10 +1028,12 @@ Patch2: rh1648644-java_access_bridge_privileged_security.patch
|
||||
# for all providers unconditionally
|
||||
Patch525: rh1022017-reduce_ssl_curves.patch
|
||||
Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
|
||||
# Follow system wide crypto policy RHBZ#1249083
|
||||
Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
|
||||
# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
|
||||
Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
|
||||
# System NSS via SunEC Provider
|
||||
Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
|
||||
Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
|
||||
# PR3695: Allow use of system crypto policy to be disabled by the user
|
||||
Patch6: pr3695-toggle_system_crypto_policy.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1318,6 +1320,7 @@ pushd %{top_level_dir_name}
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
@ -1874,6 +1877,10 @@ require "copy_jdk_configs.lua"
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Feb 07 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.2.7-2
|
||||
- Add PR3695 to allow the system crypto policy to be turned off.
|
||||
- Correct original system crypto policy patch to refer to OpenJDK 11 bug (PR3694)
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:11.0.2.7-1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
# Date 1478057514 0
|
||||
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
|
||||
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
|
||||
PR3183: Support Fedora/RHEL system crypto policy
|
||||
PR3694: Support Fedora/RHEL system crypto policy
|
||||
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
|
||||
--- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
|
||||
+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
|
78
pr3695-toggle_system_crypto_policy.patch
Normal file
78
pr3695-toggle_system_crypto_policy.patch
Normal file
@ -0,0 +1,78 @@
|
||||
# HG changeset patch
|
||||
# User andrew
|
||||
# Date 1545198926 0
|
||||
# Wed Dec 19 05:55:26 2018 +0000
|
||||
# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776
|
||||
# Parent 81f07f6d1f8b7b51b136d3974c61bc8bb513770c
|
||||
PR3695: Allow use of system crypto policy to be disabled by the user
|
||||
Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile
|
||||
|
||||
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
|
||||
--- a/src/java.base/share/classes/java/security/Security.java
|
||||
+++ b/src/java.base/share/classes/java/security/Security.java
|
||||
@@ -125,31 +125,6 @@
|
||||
}
|
||||
|
||||
if ("true".equalsIgnoreCase(props.getProperty
|
||||
- ("security.useSystemPropertiesFile"))) {
|
||||
-
|
||||
- // now load the system file, if it exists, so its values
|
||||
- // will win if they conflict with the earlier values
|
||||
- try (BufferedInputStream bis =
|
||||
- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
|
||||
- props.load(bis);
|
||||
- loadedProps = true;
|
||||
-
|
||||
- if (sdebug != null) {
|
||||
- sdebug.println("reading system security properties file " +
|
||||
- SYSTEM_PROPERTIES);
|
||||
- sdebug.println(props.toString());
|
||||
- }
|
||||
- } catch (IOException e) {
|
||||
- if (sdebug != null) {
|
||||
- sdebug.println
|
||||
- ("unable to load security properties from " +
|
||||
- SYSTEM_PROPERTIES);
|
||||
- e.printStackTrace();
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- if ("true".equalsIgnoreCase(props.getProperty
|
||||
("security.overridePropertiesFile"))) {
|
||||
|
||||
String extraPropFile = System.getProperty
|
||||
@@ -215,6 +190,33 @@
|
||||
}
|
||||
}
|
||||
|
||||
+ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
|
||||
+ if (disableSystemProps == null &&
|
||||
+ "true".equalsIgnoreCase(props.getProperty
|
||||
+ ("security.useSystemPropertiesFile"))) {
|
||||
+
|
||||
+ // now load the system file, if it exists, so its values
|
||||
+ // will win if they conflict with the earlier values
|
||||
+ try (BufferedInputStream bis =
|
||||
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
|
||||
+ props.load(bis);
|
||||
+ loadedProps = true;
|
||||
+
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("reading system security properties file " +
|
||||
+ SYSTEM_PROPERTIES);
|
||||
+ sdebug.println(props.toString());
|
||||
+ }
|
||||
+ } catch (IOException e) {
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println
|
||||
+ ("unable to load security properties from " +
|
||||
+ SYSTEM_PROPERTIES);
|
||||
+ e.printStackTrace();
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (!loadedProps) {
|
||||
initializeStatic();
|
||||
if (sdebug != null) {
|
Loading…
Reference in New Issue
Block a user