Add PR3695 to allow the system crypto policy to be turned off.

Correct original system crypto policy patch to refer to OpenJDK 11 bug (PR3694)

java-11-openjdk.spec

@@ -957,7 +957,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
 
 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: 1%{?dist}
+Release: 2%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -1028,10 +1028,12 @@ Patch2:    rh1648644-java_access_bridge_privileged_security.patch
 # for all providers unconditionally
 Patch525: rh1022017-reduce_ssl_curves.patch
 Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
-# Follow system wide crypto policy RHBZ#1249083
+# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
-Patch4:    pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
+Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
 # System NSS via SunEC Provider
-Patch5:    pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
+Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
+# PR3695: Allow use of system crypto policy to be disabled by the user
+Patch6: pr3695-toggle_system_crypto_policy.patch
 
 #############################################
 #
@@ -1318,6 +1320,7 @@ pushd %{top_level_dir_name}
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
@@ -1874,6 +1877,10 @@ require "copy_jdk_configs.lua"
 
 
 %changelog
+* Thu Feb 07 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.2.7-2
+- Add PR3695 to allow the system crypto policy to be turned off.
+- Correct original system crypto policy patch to refer to OpenJDK 11 bug (PR3694)
+
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:11.0.2.7-1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 

pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch

@@ -4,7 +4,7 @@
 # Date 1478057514 0
 # Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
 # Parent  3d53f19b48384e5252f4ec8891f7a3a82d77af2a
-PR3183: Support Fedora/RHEL system crypto policy
+PR3694: Support Fedora/RHEL system crypto policy
 diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
 --- a/src/java.base/share/classes/java/security/Security.java	Wed Oct 26 03:51:39 2016 +0100
 +++ b/src/java.base/share/classes/java/security/Security.java	Wed Nov 02 03:31:54 2016 +0000

pr3695-toggle_system_crypto_policy.patch

@@ -0,0 +1,78 @@
+# HG changeset patch
+# User andrew
+# Date 1545198926 0
+#      Wed Dec 19 05:55:26 2018 +0000
+# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776
+# Parent  81f07f6d1f8b7b51b136d3974c61bc8bb513770c
+PR3695: Allow use of system crypto policy to be disabled by the user
+Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile
+
+diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
+--- a/src/java.base/share/classes/java/security/Security.java
++++ b/src/java.base/share/classes/java/security/Security.java
+@@ -125,31 +125,6 @@
+         }
+ 
+         if ("true".equalsIgnoreCase(props.getProperty
+-                ("security.useSystemPropertiesFile"))) {
+-
+-            // now load the system file, if it exists, so its values
+-            // will win if they conflict with the earlier values
+-            try (BufferedInputStream bis =
+-                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+-                props.load(bis);
+-                loadedProps = true;
+-
+-                if (sdebug != null) {
+-                    sdebug.println("reading system security properties file " +
+-                                   SYSTEM_PROPERTIES);
+-                    sdebug.println(props.toString());
+-                }
+-            } catch (IOException e) {
+-                if (sdebug != null) {
+-                    sdebug.println
+-                        ("unable to load security properties from " +
+-                         SYSTEM_PROPERTIES);
+-                    e.printStackTrace();
+-                }
+-            }
+-        }
+-
+-        if ("true".equalsIgnoreCase(props.getProperty
+                 ("security.overridePropertiesFile"))) {
+ 
+             String extraPropFile = System.getProperty
+@@ -215,6 +190,33 @@
+             }
+         }
+ 
++        String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
++        if (disableSystemProps == null &&
++            "true".equalsIgnoreCase(props.getProperty
++                ("security.useSystemPropertiesFile"))) {
++
++            // now load the system file, if it exists, so its values
++            // will win if they conflict with the earlier values
++            try (BufferedInputStream bis =
++                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
++                props.load(bis);
++                loadedProps = true;
++
++                if (sdebug != null) {
++                    sdebug.println("reading system security properties file " +
++                                   SYSTEM_PROPERTIES);
++                    sdebug.println(props.toString());
++                }
++            } catch (IOException e) {
++                if (sdebug != null) {
++                    sdebug.println
++                        ("unable to load security properties from " +
++                         SYSTEM_PROPERTIES);
++                    e.printStackTrace();
++                }
++            }
++        }
++
+         if (!loadedProps) {
+             initializeStatic();
+             if (sdebug != null) {