[java-1.7.0-openjdk/f20] Switched back to system lcms, fixed build number, mior cleanup

jiri vanek jvanek at fedoraproject.org
Tue Sep 3 11:44:40 UTC 2013 

commit 2d6639a8f2eb61124ac497070000c95d84480e66
Author: Jiri Vanek work <jvanek at judovana.home>
Date:   Tue Sep 3 13:49:21 2013 +0200

    Switched back to system lcms, fixed build number,  mior cleanup

 TestCryptoLevel.java                             |   72 ++++++++++++++++++++++
 java-1.7.0-openjdk-disable-system-lcms-2.3.patch |   36 -----------
 java-1.7.0-openjdk-disable-system-lcms.patch     |   34 ----------
 java-1.7.0-openjdk-doNotUseDisabledEcc.patch     |   26 --------
 java-1.7.0-openjdk.spec                          |   42 +++++++------
 5 files changed, 96 insertions(+), 114 deletions(-)
---
diff --git a/TestCryptoLevel.java b/TestCryptoLevel.java
new file mode 100644
index 0000000..b32b7ae
--- /dev/null
+++ b/TestCryptoLevel.java
@@ -0,0 +1,72 @@
+/* TestCryptoLevel -- Ensure unlimited crypto policy is in use.
+   Copyright (C) 2012 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+public class TestCryptoLevel
+{
+  public static void main(String[] args)
+    throws NoSuchFieldException, ClassNotFoundException,
+           IllegalAccessException, InvocationTargetException
+  {
+    Class<?> cls = null;
+    Method def = null, exempt = null;
+
+    try
+      {
+        cls = Class.forName("javax.crypto.JceSecurity");
+      }
+    catch (ClassNotFoundException ex)
+      {
+        System.err.println("Running a non-Sun JDK.");
+        System.exit(0);
+      }
+    try
+      {
+        def = cls.getDeclaredMethod("getDefaultPolicy");
+        exempt = cls.getDeclaredMethod("getExemptPolicy");
+      }
+    catch (NoSuchMethodException ex)
+      {
+        System.err.println("Running IcedTea with the original crypto patch.");
+        System.exit(0);
+      }
+    def.setAccessible(true);
+    exempt.setAccessible(true);
+    PermissionCollection defPerms = (PermissionCollection) def.invoke(null);
+    PermissionCollection exemptPerms = (PermissionCollection) exempt.invoke(null);
+    Class<?> apCls = Class.forName("javax.crypto.CryptoAllPermission");
+    Field apField = apCls.getDeclaredField("INSTANCE");
+    apField.setAccessible(true);
+    Permission allPerms = (Permission) apField.get(null);
+    if (defPerms.implies(allPerms) && (exemptPerms == null || exemptPerms.implies(allPerms)))
+      {
+        System.err.println("Running with the unlimited policy.");
+        System.exit(0);
+      }
+    else
+      {
+        System.err.println("WARNING: Running with a restricted crypto policy.");
+        System.exit(-1);
+      }
+  }
+}
diff --git a/java-1.7.0-openjdk.spec b/java-1.7.0-openjdk.spec
index d03d94d..2ff0a2f 100644
--- a/java-1.7.0-openjdk.spec
+++ b/java-1.7.0-openjdk.spec
@@ -102,7 +102,7 @@
 
 # Standard JPackage naming and versioning defines.
 %global origin          openjdk
-%global buildver        25
+%global buildver        31
 # Keep priority on 6digits in case buildver>9
 %global priority        1700%{buildver}
 %global javaver         1.7.0
@@ -142,7 +142,7 @@
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{buildver}
-Release: %{icedtea_version}.1%{?dist}
+Release: %{icedtea_version}.4%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
 # and this change was brought into RHEL-4.  java-1.5.0-ibm packages
 # also included the epoch in their virtual provides.  This created a
@@ -203,6 +203,9 @@ Source9: pulseaudio.tar.gz
 # Removed libraries that we link instead
 Source10: remove-intree-libraries.sh
 
+# Ensure we aren't using the limited crypto policy
+Source11: TestCryptoLevel.java
+
 # RPM/distribution specific patches
 
 # Allow TCK to pass with access bridge wired in
@@ -233,19 +236,12 @@ Patch1000: rhino-2.3.patch
 Patch101: %{name}-bitmap.patch
 Patch102: %{name}-size_t.patch
 
-# Disable system LCMS as 2.3.10 security release have fixes for it
-Patch500:  %{name}-disable-system-lcms.patch
-Patch5000:  %{name}-disable-system-lcms-2.3.patch
-
 # Patch for PPC/PPC64
 Patch104: %{name}-ppc-zero-jdk.patch
 Patch105: %{name}-ppc-zero-hotspot.patch
 
 Patch106: %{name}-freetype-check-fix.patch
 
-#do not used disbaled ecc
-Patch112: %{name}-doNotUseDisabledEcc.patch
-
 # allow to create hs_pid.log in tmp (in 700 permissions) if working directory is unwritable
 Patch200: abrt_friendly_hs_log_jdk7.patch
 
@@ -526,13 +522,6 @@ tar xzf %{SOURCE7}
 %patch102
 %endif
 
-# Disable system LCMS2
-%ifarch %{arm}
-%patch5000
-%else
-%patch500
-%endif
-
 %patch106
 %patch200
 
@@ -564,8 +553,6 @@ tar xzf %{SOURCE7}
 %patch502
 %patch503
 %patch504
-%else
-%patch112
 %endif
 
 %build
@@ -644,7 +631,11 @@ make \
   ANT="/usr/bin/ant" \
   DISTRO_NAME="Fedora" \
   DISTRO_PACKAGE_VERSION="fedora-%{release}-%{_arch}" \
+%ifarch %{arm}
+ JDK_UPDATE_VERSION="25" \
+%else
   JDK_UPDATE_VERSION=`printf "%02d" %{buildver}` \
+%endif
   MILESTONE="fcs" \
   HOTSPOT_BUILD_JOBS="$NUM_PROC" \
   STATIC_CXX="false" \
@@ -698,6 +689,12 @@ rm -f %{buildoutputdir}/j2sdk-image/jre/lib/fontconfig*.bfc
 rm -f %{buildoutputdir}/lib/fontconfig*.properties.src
 rm -f %{buildoutputdir}/lib/fontconfig*.bfc
 
+%ifnarch %{arm}
+# Check unlimited policy has been used
+$JAVA_HOME/bin/javac -d . %{SOURCE11}
+$JAVA_HOME/bin/java TestCryptoLevel
+%endif
+
 %install
 rm -rf $RPM_BUILD_ROOT
 STRIP_KEEP_SYMTAB=libjvm*
@@ -1344,6 +1341,15 @@ exit 0
 %{_jvmdir}/%{jredir}/lib/accessibility.properties
 
 %changelog
+* Mon Sep 03 2013 Jiri Vanek <jvanek at redhat.com> - 1.7.0.25-2.4.1.4.f20
+- buildver bumbed to 31 for not arm arch
+- switched back to system lcms2
+ - removed patch 500 java-1.7.0-openjdk-disable-system-lcms
+ - removed patch 5000 java-1.7.0-openjdk-disable-system-lcms-2.3
+ - added requires for lcms2 > 2.5
+- removed unnecessary patch 112 java-1.7.0-openjdk-doNotUseDisabledEcc.patch
+- added and used after build source 11, TestCryptoLevel.java (non arm32 arch)
+
 * Mon Sep 02 2013 Jiri Vanek <jvanek at redhat.com> - 1.7.0.25-2.4.1.1.f20
 - updated to icedtea 2.4
  - added java-1.7.0-openjdk-doNotUseDisabledEcc.patch (2.4 only)

More information about the scm-commits mailing list