From 0b3d874ae24e4bcc91c7c4206fa19c49631f83e7 Mon Sep 17 00:00:00 2001 From: kuenking111 Date: Mon, 15 Aug 2022 20:23:54 +0800 Subject: [PATCH] I5MF63: test/jdk/java/lang/SecurityManager/CheckSecurityProvider.java failed --- openjdk-17.spec | 15 ++-- ...1340845-support_system_crypto_policy.patch | 87 ------------------- ...ut_nss_cfg_provider_to_java_security.patch | 12 --- ...va_access_bridge_privileged_security.patch | 20 ----- 4 files changed, 6 insertions(+), 128 deletions(-) delete mode 100644 pr3183-rh1340845-support_system_crypto_policy.patch delete mode 100644 rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch delete mode 100644 rh1648644-java_access_bridge_privileged_security.patch diff --git a/openjdk-17.spec b/openjdk-17.spec index 3a102a3..150e526 100644 --- a/openjdk-17.spec +++ b/openjdk-17.spec @@ -885,7 +885,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{newjavaver}.%{buildver} -Release: 1 +Release: 2 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages @@ -943,15 +943,11 @@ Source14: TestECDSA.java # NSS via SunPKCS11 Provider (disabled comment # due to memory leak). -Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch # Ignore AWTError when assistive technologies are loaded Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Restrict access to java-atk-wrapper classes -Patch2: rh1648644-java_access_bridge_privileged_security.patch Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch -# Follow system wide crypto policy RHBZ#1249083 -Patch4: pr3183-rh1340845-support_system_crypto_policy.patch # Depend on pcs-lite-libs instead of pcs-lite-devel as this is only in optional repo Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch @@ -1195,9 +1191,7 @@ fi pushd %{top_level_dir_name} %patch1 -p1 -%patch2 -p1 %patch3 -p1 -%patch4 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 @@ -1212,8 +1206,6 @@ pushd %{top_level_dir_name} %patch17 -p1 popd # openjdk -%patch1000 - # Extract systemtap tapsets %if %{with_systemtap} tar --strip-components=1 -x -I xz -f %{SOURCE8} @@ -1763,6 +1755,11 @@ cjc.mainProgram(arg) %changelog +* Fri Aug 5 2022 kuenking111 - 1:17.0.4.8-0.2 +- del pr3183-rh1340845-support_system_crypto_policy.patch +- del rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +- del rh1648644-java_access_bridge_privileged_security.patch + * Fri Aug 5 2022 kuenking111 - 1:17.0.4.8-0.1 - add 8290705_fix_StringConcat_validate_mem_flow_asserts_with_unexpected_userStoreI.patch diff --git a/pr3183-rh1340845-support_system_crypto_policy.patch b/pr3183-rh1340845-support_system_crypto_policy.patch deleted file mode 100644 index 9ca3dc6..0000000 --- a/pr3183-rh1340845-support_system_crypto_policy.patch +++ /dev/null @@ -1,87 +0,0 @@ - -# HG changeset patch -# User andrew -# Date 1478057514 0 -# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c -# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a -diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java ---- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100 -+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000 -@@ -43,6 +43,9 @@ - * implementation-specific location, which is typically the properties file - * {@code conf/security/java.security} in the Java installation directory. - * -+ *

Additional default values of security properties are read from a -+ * system-specific location, if available.

-+ * - * @author Benjamin Renaud - * @since 1.1 - */ -@@ -52,6 +55,10 @@ - private static final Debug sdebug = - Debug.getInstance("properties"); - -+ /* System property file*/ -+ private static final String SYSTEM_PROPERTIES = -+ "/etc/crypto-policies/back-ends/java.config"; -+ - /* The java.security properties */ - private static Properties props; - -@@ -93,6 +100,7 @@ - if (sdebug != null) { - sdebug.println("reading security properties file: " + - propFile); -+ sdebug.println(props.toString()); - } - } catch (IOException e) { - if (sdebug != null) { -@@ -114,6 +122,31 @@ - } - - if ("true".equalsIgnoreCase(props.getProperty -+ ("security.useSystemPropertiesFile"))) { -+ -+ // now load the system file, if it exists, so its values -+ // will win if they conflict with the earlier values -+ try (BufferedInputStream bis = -+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { -+ props.load(bis); -+ loadedProps = true; -+ -+ if (sdebug != null) { -+ sdebug.println("reading system security properties file " + -+ SYSTEM_PROPERTIES); -+ sdebug.println(props.toString()); -+ } -+ } catch (IOException e) { -+ if (sdebug != null) { -+ sdebug.println -+ ("unable to load security properties from " + -+ SYSTEM_PROPERTIES); -+ e.printStackTrace(); -+ } -+ } -+ } -+ -+ if ("true".equalsIgnoreCase(props.getProperty - ("security.overridePropertiesFile"))) { - - String extraPropFile = System.getProperty -diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security ---- a/src/java.base/share/conf/security/java.security Wed Oct 26 03:51:39 2016 +0100 -+++ b/src/java.base/share/conf/security/java.security Wed Nov 02 03:31:54 2016 +0000 -@@ -276,6 +276,13 @@ - security.overridePropertiesFile=true - - # -+# Determines whether this properties file will be appended to -+# using the system properties file stored at -+# /etc/crypto-policies/back-ends/java.config -+# -+security.useSystemPropertiesFile=true -+ -+# - # Determines the default key and trust manager factory algorithms for - # the javax.net.ssl package. - # diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch deleted file mode 100644 index ef4c828..0000000 --- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -r e3f940bd3c8f src/java.base/share/conf/security/java.security ---- openjdk/src/java.base/share/conf/security/java.security Thu Jun 11 21:54:51 2020 +0530 -+++ openjdk/src/java.base/share/conf/security/java.security Mon Aug 24 10:14:31 2020 +0200 -@@ -77,7 +77,7 @@ - #ifdef macosx - security.provider.tbd=Apple - #endif --security.provider.tbd=SunPKCS11 -+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg - - # - # A list of preferred providers for specific algorithms. These providers will diff --git a/rh1648644-java_access_bridge_privileged_security.patch b/rh1648644-java_access_bridge_privileged_security.patch deleted file mode 100644 index 53026ad..0000000 --- a/rh1648644-java_access_bridge_privileged_security.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openjdk/src/java.base/share/conf/security/java.security -+++ openjdk/src/java.base/share/conf/security/java.security -@@ -304,6 +304,8 @@ - # - package.access=sun.misc.,\ - sun.reflect.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - - # - # List of comma-separated packages that start with or equal this string -@@ -316,6 +318,8 @@ - # - package.definition=sun.misc.,\ - sun.reflect.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - - # - # Determines whether this properties file can be appended to -- Gitee