I5MF63: test/jdk/java/lang/SecurityManager/CheckSecurityProvider.java failed

2022-08-15 20:23:54 +08:00 · 2022-08-15 20:23:54 +08:00 · 0b3d874ae2
commit 0b3d874ae2
parent 7a9fb0ac76
4 changed files with 6 additions and 128 deletions
--- a/openjdk-17.spec
+++ b/openjdk-17.spec
@ -885,7 +885,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: 1
+Release: 2
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
@ -943,15 +943,11 @@ Source14: TestECDSA.java
 # NSS via SunPKCS11 Provider (disabled comment
 # due to memory leak).
 Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
 # Ignore AWTError when assistive technologies are loaded
 Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
 # Restrict access to java-atk-wrapper classes
 Patch2: rh1648644-java_access_bridge_privileged_security.patch
 Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
 # Follow system wide crypto policy RHBZ#1249083
 Patch4: pr3183-rh1340845-support_system_crypto_policy.patch
 # Depend on pcs-lite-libs instead of pcs-lite-devel as this is only in optional repo
 Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
@ -1195,9 +1191,7 @@ fi
 pushd %{top_level_dir_name}
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
@ -1212,8 +1206,6 @@ pushd %{top_level_dir_name}
 %patch17 -p1
 popd # openjdk
 %patch1000
 # Extract systemtap tapsets
 %if %{with_systemtap}
 tar --strip-components=1 -x -I xz -f %{SOURCE8}
@ -1763,6 +1755,11 @@ cjc.mainProgram(arg)
 %changelog
 * Fri Aug 5 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.4.8-0.2
 - del pr3183-rh1340845-support_system_crypto_policy.patch
 - del rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
 - del rh1648644-java_access_bridge_privileged_security.patch
 * Fri Aug 5 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.4.8-0.1
 - add 8290705_fix_StringConcat_validate_mem_flow_asserts_with_unexpected_userStoreI.patch
--- a/pr3183-rh1340845-support_system_crypto_policy.patch
+++ b/pr3183-rh1340845-support_system_crypto_policy.patch
@ -1,87 +0,0 @@
 # HG changeset patch
 # User andrew
 # Date 1478057514 0
 # Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
 # Parent  3d53f19b48384e5252f4ec8891f7a3a82d77af2a
 diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
 --- a/src/java.base/share/classes/java/security/Security.java	Wed Oct 26 03:51:39 2016 +0100
 +++ b/src/java.base/share/classes/java/security/Security.java	Wed Nov 02 03:31:54 2016 +0000
@@ -43,6 +43,9 @@
  * implementation-specific location, which is typically the properties file
  * {@code conf/security/java.security} in the Java installation directory.
  *
 + * <p>Additional default values of security properties are read from a
 + * system-specific location, if available.</p>
 + *
  * @author Benjamin Renaud
  * @since 1.1
  */
@@ -52,6 +55,10 @@
     private static final Debug sdebug =
                         Debug.getInstance("properties");
 +    /* System property file*/
 +    private static final String SYSTEM_PROPERTIES =
 +        "/etc/crypto-policies/back-ends/java.config";
 +
     /* The java.security properties */
     private static Properties props;
@@ -93,6 +100,7 @@
                 if (sdebug != null) {
                     sdebug.println("reading security properties file: " +
                                 propFile);
 +                    sdebug.println(props.toString());
                 }
             } catch (IOException e) {
                 if (sdebug != null) {
@@ -114,6 +122,31 @@
         }
         if ("true".equalsIgnoreCase(props.getProperty
 +                ("security.useSystemPropertiesFile"))) {
 +
 +            // now load the system file, if it exists, so its values
 +            // will win if they conflict with the earlier values
 +            try (BufferedInputStream bis =
 +                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
 +                props.load(bis);
 +                loadedProps = true;
 +
 +                if (sdebug != null) {
 +                    sdebug.println("reading system security properties file " +
 +                                   SYSTEM_PROPERTIES);
 +                    sdebug.println(props.toString());
 +                }
 +            } catch (IOException e) {
 +                if (sdebug != null) {
 +                    sdebug.println
 +                        ("unable to load security properties from " +
 +                         SYSTEM_PROPERTIES);
 +                    e.printStackTrace();
 +                }
 +            }
 +        }
 +
 +        if ("true".equalsIgnoreCase(props.getProperty
                 ("security.overridePropertiesFile"))) {
             String extraPropFile = System.getProperty
 diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security
 --- a/src/java.base/share/conf/security/java.security	Wed Oct 26 03:51:39 2016 +0100
 +++ b/src/java.base/share/conf/security/java.security	Wed Nov 02 03:31:54 2016 +0000
@@ -276,6 +276,13 @@
 security.overridePropertiesFile=true
 #
 +# Determines whether this properties file will be appended to
 +# using the system properties file stored at
 +# /etc/crypto-policies/back-ends/java.config
 +#
 +security.useSystemPropertiesFile=true
 +
 +#
 # Determines the default key and trust manager factory algorithms for
 # the javax.net.ssl package.
 #
--- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+++ b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
@ -1,12 +0,0 @@
 diff -r e3f940bd3c8f src/java.base/share/conf/security/java.security
 --- openjdk/src/java.base/share/conf/security/java.security	Thu Jun 11 21:54:51 2020 +0530
 +++ openjdk/src/java.base/share/conf/security/java.security	Mon Aug 24 10:14:31 2020 +0200
@@ -77,7 +77,7 @@
 #ifdef macosx
 security.provider.tbd=Apple
 #endif
 -security.provider.tbd=SunPKCS11
 +#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
 #
 # A list of preferred providers for specific algorithms. These providers will
--- a/rh1648644-java_access_bridge_privileged_security.patch
+++ b/rh1648644-java_access_bridge_privileged_security.patch
@ -1,20 +0,0 @@
 --- openjdk/src/java.base/share/conf/security/java.security
 +++ openjdk/src/java.base/share/conf/security/java.security
@@ -304,6 +304,8 @@
 #
 package.access=sun.misc.,\
                sun.reflect.,\
 +               org.GNOME.Accessibility.,\
 +               org.GNOME.Bonobo.,\
 #
 # List of comma-separated packages that start with or equal this string
@@ -316,6 +318,8 @@
 #
 package.definition=sun.misc.,\
                    sun.reflect.,\
 +                   org.GNOME.Accessibility.,\
 +                   org.GNOME.Bonobo.,\
 #
 # Determines whether this properties file can be appended to