From d69a8df074c400bd83719e8ba31254510d002b77 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Sun, 24 Jan 2021 10:43:32 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/java-11-openjdk.git#214b0d1ac4a1cd82127afd8b10689ac290018c27 --- java-11-openjdk.spec | 10 +++++++++- rh1842572-rsa_default_for_keytool.patch | 12 ++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 rh1842572-rsa_default_for_keytool.patch diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec index e3276ae..595b292 100644 --- a/java-11-openjdk.spec +++ b/java-11-openjdk.spec @@ -298,7 +298,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global buildver 8 -%global rpmrelease 2 +%global rpmrelease 3 #%%global tagsuffix "" # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -1163,6 +1163,9 @@ Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Restrict access to java-atk-wrapper classes Patch2: rh1648644-java_access_bridge_privileged_security.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1842572-rsa_default_for_keytool.patch + ############################################# # # Shenandoah specific patches @@ -1552,6 +1555,7 @@ popd # openjdk %patch1000 %patch600 +%patch1003 # Extract systemtap tapsets %if %{with_systemtap} @@ -2187,6 +2191,10 @@ require "copy_jdk_configs.lua" %endif %changelog +* Sun Jan 24 2021 Andrew Hughes - 1:11.0.10.0.8-0.3.ea +- Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +- Adjust RH1842572 patch due to context change from JDK-8213400 + * Sat Jan 23 2021 Andrew Hughes - 1:11.0.10.0.8-0.2.ea - Need to support noarch for creating source RPMs for non-scratch builds. diff --git a/rh1842572-rsa_default_for_keytool.patch b/rh1842572-rsa_default_for_keytool.patch new file mode 100644 index 0000000..9f1dabc --- /dev/null +++ b/rh1842572-rsa_default_for_keytool.patch @@ -0,0 +1,12 @@ +diff --git openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java +--- openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java ++++ openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java +@@ -1135,7 +1135,7 @@ + } + } else if (command == GENKEYPAIR) { + if (keyAlgName == null) { +- keyAlgName = "DSA"; ++ keyAlgName = "RSA"; + } + doGenKeyPair(alias, dname, keyAlgName, keysize, groupName, sigAlgName); + kssave = true;