This commit is contained in:
Fridrich Strba
Git OBS Bridge
parent
bde797716d
commit
44c6217149
2447
fips.patch
2447
fips.patch
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 8 13:19:26 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Removed patch:
|
||||
* system-crypto-policy.patch
|
||||
+ folded into the fips.patch, since they are patching the same
|
||||
places
|
||||
- Modified patches:
|
||||
* fips.patch
|
||||
+ revert to the version used with 17.0.4.0, since the newest
|
||||
changes are buggy (bsc#1205916)
|
||||
+ fold in the system-crypto-policy.patch
|
||||
* nss-security-provider.patch
|
||||
+ apply after the fips.patch and thus rediff the hunk to changed
|
||||
context.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 1 15:59:11 UTC 2022 - Javier Llorente <javier@opensuse.org>
|
||||
|
||||
|
||||
@ -169,9 +169,8 @@ Patch12: adlc-parser.patch
|
||||
# Fix: implicit-pointer-decl
|
||||
Patch13: implicit-pointer-decl.patch
|
||||
Patch15: system-pcsclite.patch
|
||||
Patch16: system-crypto-policy.patch
|
||||
Patch16: fips.patch
|
||||
Patch17: nss-security-provider.patch
|
||||
Patch18: fips.patch
|
||||
#
|
||||
Patch20: loadAssistiveTechnologies.patch
|
||||
#
|
||||
@ -441,7 +440,6 @@ rm -rvf src/java.desktop/share/native/liblcms/lcms2*
|
||||
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
|
||||
%patch20 -p1
|
||||
|
||||
|
||||
@ -7,4 +7,4 @@
|
||||
+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
|
||||
|
||||
#
|
||||
# A list of preferred providers for specific algorithms. These providers will
|
||||
# Security providers used when FIPS mode support is active
|
||||
|
||||
@ -1,81 +0,0 @@
|
||||
--- a/src/java.base/share/classes/java/security/Security.java
|
||||
+++ b/src/java.base/share/classes/java/security/Security.java
|
||||
@@ -47,6 +47,9 @@
|
||||
* implementation-specific location, which is typically the properties file
|
||||
* {@code conf/security/java.security} in the Java installation directory.
|
||||
*
|
||||
+ * <p>Additional default values of security properties are read from a
|
||||
+ * system-specific location, if available.</p>
|
||||
+ *
|
||||
* @author Benjamin Renaud
|
||||
* @since 1.1
|
||||
*/
|
||||
@@ -57,6 +60,10 @@
|
||||
private static final Debug sdebug =
|
||||
Debug.getInstance("properties");
|
||||
|
||||
+ /* System property file*/
|
||||
+ private static final String SYSTEM_PROPERTIES =
|
||||
+ "/etc/crypto-policies/back-ends/java.config";
|
||||
+
|
||||
/* The java.security properties */
|
||||
private static Properties props;
|
||||
|
||||
@@ -99,6 +106,7 @@
|
||||
if (sdebug != null) {
|
||||
sdebug.println("reading security properties file: " +
|
||||
propFile);
|
||||
+ sdebug.println(props.toString());
|
||||
}
|
||||
} catch (IOException e) {
|
||||
if (sdebug != null) {
|
||||
@@ -185,6 +193,33 @@
|
||||
}
|
||||
}
|
||||
|
||||
+ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
|
||||
+ if (disableSystemProps == null &&
|
||||
+ "true".equalsIgnoreCase(props.getProperty
|
||||
+ ("security.useSystemPropertiesFile"))) {
|
||||
+
|
||||
+ // now load the system file, if it exists, so its values
|
||||
+ // will win if they conflict with the earlier values
|
||||
+ try (BufferedInputStream bis =
|
||||
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
|
||||
+ props.load(bis);
|
||||
+ loadedProps = true;
|
||||
+
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("reading system security properties file " +
|
||||
+ SYSTEM_PROPERTIES);
|
||||
+ sdebug.println(props.toString());
|
||||
+ }
|
||||
+ } catch (IOException e) {
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println
|
||||
+ ("unable to load security properties from " +
|
||||
+ SYSTEM_PROPERTIES);
|
||||
+ e.printStackTrace();
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (!loadedProps) {
|
||||
initializeStatic();
|
||||
if (sdebug != null) {
|
||||
--- a/src/java.base/share/conf/security/java.security
|
||||
+++ b/src/java.base/share/conf/security/java.security
|
||||
@@ -330,6 +330,13 @@
|
||||
#
|
||||
security.overridePropertiesFile=true
|
||||
|
||||
+#
|
||||
+# Determines whether this properties file will be appended to
|
||||
+# using the system properties file stored at
|
||||
+# /etc/crypto-policies/back-ends/java.config
|
||||
+#
|
||||
+security.useSystemPropertiesFile=true
|
||||
+
|
||||
#
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
Loading…
Reference in New Issue
Block a user