Add JDK-8275535 patch to fix LDAP authentication issue.

Resolves: rhbz#2053523
2022-02-23 04:03:20 +00:00 · 2022-02-23 04:03:20 +00:00 · 9d274e8023
commit 9d274e8023
parent 3e6e30fbbb
2 changed files with 35 additions and 1 deletions
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@ -363,7 +363,7 @@
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        1
-%global rpmrelease      1
+%global rpmrelease      2
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@ -1290,6 +1290,8 @@ Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
 Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
 # PR3695: Allow use of system crypto policy to be disabled by the user
 Patch7: pr3695-toggle_system_crypto_policy.patch
+# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
+Patch8: jdk8275535-rh2053256-ldap_auth.patch

 #############################################
 #
@ -1721,6 +1723,8 @@ popd # openjdk
 %patch1015
 %patch1016

+%patch8
+
 # Extract systemtap tapsets
 %if %{with_systemtap}
 tar --strip-components=1 -x -I xz -f %{SOURCE8}
@ -2492,6 +2496,10 @@ require "copy_jdk_configs.lua"
 %endif

 %changelog
+* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-2
+- Add JDK-8275535 patch to fix LDAP authentication issue.
+- Resolves: rhbz#2053523
+
 * Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-1
 - Update to jdk-11.0.14.1+1
 - Update release notes to 11.0.14.1+1
--- a/jdk8275535-rh2053256-ldap_auth.patch
+++ b/jdk8275535-rh2053256-ldap_auth.patch
@ -0,0 +1,26 @@
+diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+index 300f3682655..6f3eb6c450b 100644
+--- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+@@ -226,6 +226,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
+                     ctx = getLdapCtxFromUrl(
+                             r.getDomainName(), url, new LdapURL(u), env);
+                     return ctx;
+                } catch (AuthenticationException e) {
+                    // do not retry on a different endpoint to avoid blocking
+                    // the user if authentication credentials are wrong.
+                    throw e;
+                 } catch (NamingException e) {
+                     // try the next element
+                     lastException = e;
+@@ -278,6 +282,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
+         for (String u : urls) {
+             try {
+                 return getUsingURL(u, env);
+            } catch (AuthenticationException e) {
+                // do not retry on a different URL to avoid blocking
+                // the user if authentication credentials are wrong.
+                throw e;
+             } catch (NamingException e) {
+                 ex = e;
+             }