!8 I5MF63: test/jdk/java/lang/SecurityManager/CheckSecurityProvider.java failed

From: @kuenking111 Reviewed-by: @jvmboy Signed-off-by: @jvmboy
2022-08-16 02:52:18 +00:00 · 2022-08-16 02:52:18 +00:00 · 4728f396a9
commit 4728f396a9
parent 7a9fb0ac76 0b3d874ae2
4 changed files with 6 additions and 128 deletions
--- a/openjdk-17.spec
+++ b/openjdk-17.spec
@ -885,7 +885,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}

 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: 1
+Release: 2

 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
@ -943,15 +943,11 @@ Source14: TestECDSA.java

 # NSS via SunPKCS11 Provider (disabled comment
 # due to memory leak).
-Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch

 # Ignore AWTError when assistive technologies are loaded
 Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
 # Restrict access to java-atk-wrapper classes
-Patch2: rh1648644-java_access_bridge_privileged_security.patch
 Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
-# Follow system wide crypto policy RHBZ#1249083
-Patch4: pr3183-rh1340845-support_system_crypto_policy.patch
 # Depend on pcs-lite-libs instead of pcs-lite-devel as this is only in optional repo
 Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch

@ -1195,9 +1191,7 @@ fi

 pushd %{top_level_dir_name}
 %patch1 -p1
-%patch2 -p1
 %patch3 -p1
-%patch4 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
@ -1212,8 +1206,6 @@ pushd %{top_level_dir_name}
 %patch17 -p1
 popd # openjdk

-%patch1000
-
 # Extract systemtap tapsets
 %if %{with_systemtap}
 tar --strip-components=1 -x -I xz -f %{SOURCE8}
@ -1763,6 +1755,11 @@ cjc.mainProgram(arg)


 %changelog
+* Fri Aug 5 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.4.8-0.2
+- del pr3183-rh1340845-support_system_crypto_policy.patch
+- del rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+- del rh1648644-java_access_bridge_privileged_security.patch
+
 * Fri Aug 5 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.4.8-0.1
 - add 8290705_fix_StringConcat_validate_mem_flow_asserts_with_unexpected_userStoreI.patch

--- a/pr3183-rh1340845-support_system_crypto_policy.patch
+++ b/pr3183-rh1340845-support_system_crypto_policy.patch
@ -1,87 +0,0 @@
-
-# HG changeset patch
-# User andrew
-# Date 1478057514 0
-# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
-# Parent  3d53f19b48384e5252f4ec8891f7a3a82d77af2a
-diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
--- a/src/java.base/share/classes/java/security/Security.java	Wed Oct 26 03:51:39 2016 +0100
-+++ b/src/java.base/share/classes/java/security/Security.java	Wed Nov 02 03:31:54 2016 +0000
-@@ -43,6 +43,9 @@
-  * implementation-specific location, which is typically the properties file
-  * {@code conf/security/java.security} in the Java installation directory.
-  *
-+ * <p>Additional default values of security properties are read from a
-+ * system-specific location, if available.</p>
-+ *
-  * @author Benjamin Renaud
-  * @since 1.1
-  */
-@@ -52,6 +55,10 @@
-     private static final Debug sdebug =
-                         Debug.getInstance("properties");
- 
-+    /* System property file*/
-+    private static final String SYSTEM_PROPERTIES =
-+        "/etc/crypto-policies/back-ends/java.config";
-+
-     /* The java.security properties */
-     private static Properties props;
- 
-@@ -93,6 +100,7 @@
-                 if (sdebug != null) {
-                     sdebug.println("reading security properties file: " +
-                                 propFile);
-+                    sdebug.println(props.toString());
-                 }
-             } catch (IOException e) {
-                 if (sdebug != null) {
-@@ -114,6 +122,31 @@
-         }
- 
-         if ("true".equalsIgnoreCase(props.getProperty
-+                ("security.useSystemPropertiesFile"))) {
-+
-+            // now load the system file, if it exists, so its values
-+            // will win if they conflict with the earlier values
-+            try (BufferedInputStream bis =
-+                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
-+                props.load(bis);
-+                loadedProps = true;
-+
-+                if (sdebug != null) {
-+                    sdebug.println("reading system security properties file " +
-+                                   SYSTEM_PROPERTIES);
-+                    sdebug.println(props.toString());
-+                }
-+            } catch (IOException e) {
-+                if (sdebug != null) {
-+                    sdebug.println
-+                        ("unable to load security properties from " +
-+                         SYSTEM_PROPERTIES);
-+                    e.printStackTrace();
-+                }
-+            }
-+        }
-+
-+        if ("true".equalsIgnoreCase(props.getProperty
-                 ("security.overridePropertiesFile"))) {
- 
-             String extraPropFile = System.getProperty
-diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security
--- a/src/java.base/share/conf/security/java.security	Wed Oct 26 03:51:39 2016 +0100
-+++ b/src/java.base/share/conf/security/java.security	Wed Nov 02 03:31:54 2016 +0000
-@@ -276,6 +276,13 @@
- security.overridePropertiesFile=true
- 
- #
-+# Determines whether this properties file will be appended to
-+# using the system properties file stored at
-+# /etc/crypto-policies/back-ends/java.config
-+#
-+security.useSystemPropertiesFile=true
-+
-+#
- # Determines the default key and trust manager factory algorithms for
- # the javax.net.ssl package.
- #
--- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+++ b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
@ -1,12 +0,0 @@
-diff -r e3f940bd3c8f src/java.base/share/conf/security/java.security
--- openjdk/src/java.base/share/conf/security/java.security	Thu Jun 11 21:54:51 2020 +0530
-+++ openjdk/src/java.base/share/conf/security/java.security	Mon Aug 24 10:14:31 2020 +0200
-@@ -77,7 +77,7 @@
- #ifdef macosx
- security.provider.tbd=Apple
- #endif
-security.provider.tbd=SunPKCS11
-+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
- 
- #
- # A list of preferred providers for specific algorithms. These providers will
--- a/rh1648644-java_access_bridge_privileged_security.patch
+++ b/rh1648644-java_access_bridge_privileged_security.patch
@ -1,20 +0,0 @@
--- openjdk/src/java.base/share/conf/security/java.security
-+++ openjdk/src/java.base/share/conf/security/java.security
-@@ -304,6 +304,8 @@
- #
- package.access=sun.misc.,\
-                sun.reflect.,\
-+               org.GNOME.Accessibility.,\
-+               org.GNOME.Bonobo.,\
- 
- #
- # List of comma-separated packages that start with or equal this string
-@@ -316,6 +318,8 @@
- #
- package.definition=sun.misc.,\
-                    sun.reflect.,\
-+                   org.GNOME.Accessibility.,\
-+                   org.GNOME.Bonobo.,\
- 
- #
- # Determines whether this properties file can be appended to