From 9d274e8023602496741c68b789fd88d4af92a48a Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Wed, 23 Feb 2022 04:03:20 +0000 Subject: [PATCH] Add JDK-8275535 patch to fix LDAP authentication issue. Resolves: rhbz#2053523 --- java-11-openjdk.spec | 10 +++++++++- jdk8275535-rh2053256-ldap_auth.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 jdk8275535-rh2053256-ldap_auth.patch diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec index e46c6d5..861059e 100644 --- a/java-11-openjdk.spec +++ b/java-11-openjdk.spec @@ -363,7 +363,7 @@ %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 1 -%global rpmrelease 1 +%global rpmrelease 2 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -1290,6 +1290,8 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1 Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch # PR3695: Allow use of system crypto policy to be disabled by the user Patch7: pr3695-toggle_system_crypto_policy.patch +# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked +Patch8: jdk8275535-rh2053256-ldap_auth.patch ############################################# # @@ -1721,6 +1723,8 @@ popd # openjdk %patch1015 %patch1016 +%patch8 + # Extract systemtap tapsets %if %{with_systemtap} tar --strip-components=1 -x -I xz -f %{SOURCE8} @@ -2492,6 +2496,10 @@ require "copy_jdk_configs.lua" %endif %changelog +* Wed Feb 23 2022 Andrew Hughes - 1:11.0.14.1.1-2 +- Add JDK-8275535 patch to fix LDAP authentication issue. +- Resolves: rhbz#2053523 + * Fri Feb 18 2022 Andrew Hughes - 1:11.0.14.1.1-1 - Update to jdk-11.0.14.1+1 - Update release notes to 11.0.14.1+1 diff --git a/jdk8275535-rh2053256-ldap_auth.patch b/jdk8275535-rh2053256-ldap_auth.patch new file mode 100644 index 0000000..7a25e4b --- /dev/null +++ b/jdk8275535-rh2053256-ldap_auth.patch @@ -0,0 +1,26 @@ +diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java +index 300f3682655..6f3eb6c450b 100644 +--- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java ++++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java +@@ -226,6 +226,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor + ctx = getLdapCtxFromUrl( + r.getDomainName(), url, new LdapURL(u), env); + return ctx; ++ } catch (AuthenticationException e) { ++ // do not retry on a different endpoint to avoid blocking ++ // the user if authentication credentials are wrong. ++ throw e; + } catch (NamingException e) { + // try the next element + lastException = e; +@@ -278,6 +282,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor + for (String u : urls) { + try { + return getUsingURL(u, env); ++ } catch (AuthenticationException e) { ++ // do not retry on a different URL to avoid blocking ++ // the user if authentication credentials are wrong. ++ throw e; + } catch (NamingException e) { + ex = e; + }