[java-1.7.0-openjdk/f18] Switched back to system lcms, fixed build number, mior cleanup
jiri vanek
jvanek at fedoraproject.org
Tue Sep 3 11:45:11 UTC 2013
commit 9abc1bf999f600e410e050b2853edecacbb1f1d7
Author: Jiri Vanek work <jvanek at judovana.home>
Date: Tue Sep 3 13:50:21 2013 +0200
Switched back to system lcms, fixed build number, mior cleanup
TestCryptoLevel.java | 72 ++++++++++++++++++++++++++
java-1.7.0-openjdk-disable-system-lcms.patch | 34 ------------
java-1.7.0-openjdk-doNotUseDisabledEcc.patch | 26 ---------
java-1.7.0-openjdk.spec | 33 +++++++-----
4 files changed, 92 insertions(+), 73 deletions(-)
---
diff --git a/TestCryptoLevel.java b/TestCryptoLevel.java
new file mode 100644
index 0000000..b32b7ae
--- /dev/null
+++ b/TestCryptoLevel.java
@@ -0,0 +1,72 @@
+/* TestCryptoLevel -- Ensure unlimited crypto policy is in use.
+ Copyright (C) 2012 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+public class TestCryptoLevel
+{
+ public static void main(String[] args)
+ throws NoSuchFieldException, ClassNotFoundException,
+ IllegalAccessException, InvocationTargetException
+ {
+ Class<?> cls = null;
+ Method def = null, exempt = null;
+
+ try
+ {
+ cls = Class.forName("javax.crypto.JceSecurity");
+ }
+ catch (ClassNotFoundException ex)
+ {
+ System.err.println("Running a non-Sun JDK.");
+ System.exit(0);
+ }
+ try
+ {
+ def = cls.getDeclaredMethod("getDefaultPolicy");
+ exempt = cls.getDeclaredMethod("getExemptPolicy");
+ }
+ catch (NoSuchMethodException ex)
+ {
+ System.err.println("Running IcedTea with the original crypto patch.");
+ System.exit(0);
+ }
+ def.setAccessible(true);
+ exempt.setAccessible(true);
+ PermissionCollection defPerms = (PermissionCollection) def.invoke(null);
+ PermissionCollection exemptPerms = (PermissionCollection) exempt.invoke(null);
+ Class<?> apCls = Class.forName("javax.crypto.CryptoAllPermission");
+ Field apField = apCls.getDeclaredField("INSTANCE");
+ apField.setAccessible(true);
+ Permission allPerms = (Permission) apField.get(null);
+ if (defPerms.implies(allPerms) && (exemptPerms == null || exemptPerms.implies(allPerms)))
+ {
+ System.err.println("Running with the unlimited policy.");
+ System.exit(0);
+ }
+ else
+ {
+ System.err.println("WARNING: Running with a restricted crypto policy.");
+ System.exit(-1);
+ }
+ }
+}
diff --git a/java-1.7.0-openjdk.spec b/java-1.7.0-openjdk.spec
index e33ee0f..1c3e6de 100644
--- a/java-1.7.0-openjdk.spec
+++ b/java-1.7.0-openjdk.spec
@@ -106,7 +106,7 @@
# Standard JPackage naming and versioning defines.
%global origin openjdk
-%global buildver 25
+%global buildver 31
# Keep priority on 6digits in case buildver>9
%global priority 1700%{buildver}
%global javaver 1.7.0
@@ -154,7 +154,7 @@
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{buildver}
-Release: %{icedtea_version}.3%{?dist}
+Release: %{icedtea_version}.4%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -217,6 +217,9 @@ Source9: pulseaudio.tar.gz
# Removed libraries that we link instead
Source10: remove-intree-libraries.sh
+# Ensure we aren't using the limited crypto policy
+Source11: TestCryptoLevel.java
+
# RPM/distribution specific patches
# Allow TCK to pass with access bridge wired in
@@ -245,18 +248,12 @@ Patch100: rhino.patch
Patch101: %{name}-bitmap.patch
Patch102: %{name}-size_t.patch
-# Disable system LCMS as 2.3.10 security release have fixes for it
-Patch500: %{name}-disable-system-lcms.patch
-
# Patch for PPC/PPC64
Patch104: %{name}-ppc-zero-jdk.patch
Patch105: %{name}-ppc-zero-hotspot.patch
Patch106: %{name}-freetype-check-fix.patch
-#do not used disbaled ecc
-Patch112: %{name}-doNotUseDisabledEcc.patch
-
# allow to create hs_pid.log in tmp (in 700 permissions) if working directory is unwritable
Patch107: abrt_friendly_hs_log_jdk7.patch
@@ -282,6 +279,7 @@ BuildRequires: alsa-lib-devel
BuildRequires: cups-devel
BuildRequires: desktop-file-utils
BuildRequires: giflib-devel
+BuildRequires: lcms2-devel >= 2.5
BuildRequires: libX11-devel
BuildRequires: libXi-devel
BuildRequires: libXp-devel
@@ -333,6 +331,7 @@ BuildRequires: systemtap-sdt-devel
%endif
Requires: rhino
+Requires: lcms2 >= 2.5
Requires: libjpeg = 6b
Requires: fontconfig
Requires: xorg-x11-fonts-Type1
@@ -503,9 +502,6 @@ tar xzf %{SOURCE7}
%patch102
%endif
-# Disable system LCMS2
-%patch500
-
%patch106
%patch107
@@ -524,8 +520,6 @@ tar xzf %{SOURCE7}
%patch404 -p1
%endif
-%patch112
-
%build
# How many cpu's do we have?
%ifarch aarch64
@@ -667,6 +661,11 @@ rm -f %{buildoutputdir}/j2sdk-image/jre/lib/fontconfig*.bfc
rm -f %{buildoutputdir}/lib/fontconfig*.properties.src
rm -f %{buildoutputdir}/lib/fontconfig*.bfc
+# Check unlimited policy has been used
+$JAVA_HOME/bin/javac -d . %{SOURCE11}
+$JAVA_HOME/bin/java TestCryptoLevel
+
+
%install
rm -rf $RPM_BUILD_ROOT
STRIP_KEEP_SYMTAB=libjvm*
@@ -1152,6 +1151,14 @@ exit 0
%doc %{buildoutputdir}/j2sdk-image/jre/LICENSE
%changelog
+* Mon Sep 03 2013 Jiri Vanek <jvanek at redhat.com> - 1.7.0.25-2.4.1.4.f18
+- buildver bumbed to 31
+- switched back to system lcms2
+ - removed patch 500 java-1.7.0-openjdk-disable-system-lcms
+ - added requires for lcms2 > 2.5
+- removed unnecessary patch 112 java-1.7.0-openjdk-doNotUseDisabledEcc.patch
+- added and used after build source 11, TestCryptoLevel.java
+
* Mon Sep 02 2013 Jiri Vanek <jvanek at redhat.com> - 1.7.0.25-2.4.1.1.f18
- removed bootstrap (bootstrap*.patch and javac-wrapper)
- updated to icedtea 2.4
More information about the scm-commits
mailing list