rpms
/
java-17-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access. 

Resolves: rhbz#1997359
This commit is contained in:
Andrew Hughes 2021-08-30 16:52:01 +01:00
parent 027bbcc4e3
commit 1c4a8bc563
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
java-17-openjdk.spec
View File

@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 33
%global rpmrelease 4
%global rpmrelease 5
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -1180,6 +1180,7 @@ Patch1011: rh1929465-dont_define_unused_throwioexception.patch
Patch1009: rh1995150-disable_non-fips_crypto.patch
# RH1996182: Login to the NSS software token in FIPS mode
Patch1010: rh1996182-login_to_nss_software_token.patch
Patch1012: rh1996182-extend_security_policy.patch
#############################################
#
@ -1545,6 +1546,7 @@ popd # openjdk
%patch1009
%patch1010
%patch1011
%patch1012
# Extract systemtap tapsets
%if %{with_systemtap}
@ -2262,6 +2264,10 @@ cjc.mainProgram(args)
%endif
%changelog
* Mon Aug 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.5.ea
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
- Resolves: rhbz#1997359
* Sat Aug 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.4.ea
- Fix unused function compiler warning found in systemconf.c
- Related: rhbz#1995889

18
rh1996182-extend_security_policy.patch Normal file
View File

@ -0,0 +1,18 @@
commit bfd7c5dae9c15266799cb885b8c60199217b65b9
Author: Andrew Hughes <gnu.andrew@redhat.com>
Date: Mon Aug 30 16:14:14 2021 +0100
RH1996182: Extend default security policy to allow SunPKCS11 access to jdk.internal.access
diff --git openjdk.orig/src/java.base/share/lib/security/default.policy openjdk/src/java.base/share/lib/security/default.policy
index 8356e56367b..23925f048be 100644
--- openjdk.orig/src/java.base/share/lib/security/default.policy
+++ openjdk/src/java.base/share/lib/security/default.policy
@@ -128,6 +128,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
grant codeBase "jrt:/jdk.crypto.cryptoki" {
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.crypto.provider";
+ permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.access";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.*";