[java-1.7.0-openjdk/f18] Switched back to system lcms, fixed build number, mior cleanup

jiri vanek jvanek at fedoraproject.org
Tue Sep 3 11:45:11 UTC 2013 

commit 9abc1bf999f600e410e050b2853edecacbb1f1d7
Author: Jiri Vanek work <jvanek at judovana.home>
Date:   Tue Sep 3 13:50:21 2013 +0200

    Switched back to system lcms, fixed build number,  mior cleanup

 TestCryptoLevel.java                         |   72 ++++++++++++++++++++++++++
 java-1.7.0-openjdk-disable-system-lcms.patch |   34 ------------
 java-1.7.0-openjdk-doNotUseDisabledEcc.patch |   26 ---------
 java-1.7.0-openjdk.spec                      |   33 +++++++-----
 4 files changed, 92 insertions(+), 73 deletions(-)
---
diff --git a/TestCryptoLevel.java b/TestCryptoLevel.java
new file mode 100644
index 0000000..b32b7ae
--- /dev/null
+++ b/TestCryptoLevel.java
@@ -0,0 +1,72 @@
+/* TestCryptoLevel -- Ensure unlimited crypto policy is in use.
+   Copyright (C) 2012 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+public class TestCryptoLevel
+{
+  public static void main(String[] args)
+    throws NoSuchFieldException, ClassNotFoundException,
+           IllegalAccessException, InvocationTargetException
+  {
+    Class<?> cls = null;
+    Method def = null, exempt = null;
+
+    try
+      {
+        cls = Class.forName("javax.crypto.JceSecurity");
+      }
+    catch (ClassNotFoundException ex)
+      {
+        System.err.println("Running a non-Sun JDK.");
+        System.exit(0);
+      }
+    try
+      {
+        def = cls.getDeclaredMethod("getDefaultPolicy");
+        exempt = cls.getDeclaredMethod("getExemptPolicy");
+      }
+    catch (NoSuchMethodException ex)
+      {
+        System.err.println("Running IcedTea with the original crypto patch.");
+        System.exit(0);
+      }
+    def.setAccessible(true);
+    exempt.setAccessible(true);
+    PermissionCollection defPerms = (PermissionCollection) def.invoke(null);
+    PermissionCollection exemptPerms = (PermissionCollection) exempt.invoke(null);
+    Class<?> apCls = Class.forName("javax.crypto.CryptoAllPermission");
+    Field apField = apCls.getDeclaredField("INSTANCE");
+    apField.setAccessible(true);
+    Permission allPerms = (Permission) apField.get(null);
+    if (defPerms.implies(allPerms) && (exemptPerms == null || exemptPerms.implies(allPerms)))
+      {
+        System.err.println("Running with the unlimited policy.");
+        System.exit(0);
+      }
+    else
+      {
+        System.err.println("WARNING: Running with a restricted crypto policy.");
+        System.exit(-1);
+      }
+  }
+}
diff --git a/java-1.7.0-openjdk.spec b/java-1.7.0-openjdk.spec
index e33ee0f..1c3e6de 100644
--- a/java-1.7.0-openjdk.spec
+++ b/java-1.7.0-openjdk.spec
@@ -106,7 +106,7 @@
 
 # Standard JPackage naming and versioning defines.
 %global origin          openjdk
-%global buildver        25
+%global buildver        31
 # Keep priority on 6digits in case buildver>9
 %global priority        1700%{buildver}
 %global javaver         1.7.0
@@ -154,7 +154,7 @@
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{buildver}
-Release: %{icedtea_version}.3%{?dist}
+Release: %{icedtea_version}.4%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
 # and this change was brought into RHEL-4.  java-1.5.0-ibm packages
 # also included the epoch in their virtual provides.  This created a
@@ -217,6 +217,9 @@ Source9: pulseaudio.tar.gz
 # Removed libraries that we link instead
 Source10: remove-intree-libraries.sh
 
+# Ensure we aren't using the limited crypto policy
+Source11: TestCryptoLevel.java
+
 # RPM/distribution specific patches
 
 # Allow TCK to pass with access bridge wired in
@@ -245,18 +248,12 @@ Patch100: rhino.patch
 Patch101: %{name}-bitmap.patch
 Patch102: %{name}-size_t.patch
 
-# Disable system LCMS as 2.3.10 security release have fixes for it
-Patch500:  %{name}-disable-system-lcms.patch
-
 # Patch for PPC/PPC64
 Patch104: %{name}-ppc-zero-jdk.patch
 Patch105: %{name}-ppc-zero-hotspot.patch
 
 Patch106: %{name}-freetype-check-fix.patch
 
-#do not used disbaled ecc
-Patch112: %{name}-doNotUseDisabledEcc.patch
-
 # allow to create hs_pid.log in tmp (in 700 permissions) if working directory is unwritable
 Patch107: abrt_friendly_hs_log_jdk7.patch
 
@@ -282,6 +279,7 @@ BuildRequires: alsa-lib-devel
 BuildRequires: cups-devel
 BuildRequires: desktop-file-utils
 BuildRequires: giflib-devel
+BuildRequires: lcms2-devel >= 2.5
 BuildRequires: libX11-devel
 BuildRequires: libXi-devel
 BuildRequires: libXp-devel
@@ -333,6 +331,7 @@ BuildRequires: systemtap-sdt-devel
 %endif
 
 Requires: rhino
+Requires: lcms2 >= 2.5
 Requires: libjpeg = 6b
 Requires: fontconfig
 Requires: xorg-x11-fonts-Type1
@@ -503,9 +502,6 @@ tar xzf %{SOURCE7}
 %patch102
 %endif
 
-# Disable system LCMS2
-%patch500
-
 %patch106
 %patch107
 
@@ -524,8 +520,6 @@ tar xzf %{SOURCE7}
 %patch404 -p1
 %endif
 
-%patch112
-
 %build
 # How many cpu's do we have?
 %ifarch aarch64
@@ -667,6 +661,11 @@ rm -f %{buildoutputdir}/j2sdk-image/jre/lib/fontconfig*.bfc
 rm -f %{buildoutputdir}/lib/fontconfig*.properties.src
 rm -f %{buildoutputdir}/lib/fontconfig*.bfc
 
+# Check unlimited policy has been used
+$JAVA_HOME/bin/javac -d . %{SOURCE11}
+$JAVA_HOME/bin/java TestCryptoLevel
+
+
 %install
 rm -rf $RPM_BUILD_ROOT
 STRIP_KEEP_SYMTAB=libjvm*
@@ -1152,6 +1151,14 @@ exit 0
 %doc %{buildoutputdir}/j2sdk-image/jre/LICENSE
 
 %changelog
+* Mon Sep 03 2013 Jiri Vanek <jvanek at redhat.com> - 1.7.0.25-2.4.1.4.f18
+- buildver bumbed to 31
+- switched back to system lcms2
+ - removed patch 500 java-1.7.0-openjdk-disable-system-lcms
+ - added requires for lcms2 > 2.5
+- removed unnecessary patch 112 java-1.7.0-openjdk-doNotUseDisabledEcc.patch
+- added and used after build source 11, TestCryptoLevel.java
+
 * Mon Sep 02 2013 Jiri Vanek <jvanek at redhat.com> - 1.7.0.25-2.4.1.1.f18
 - removed bootstrap (bootstrap*.patch and javac-wrapper)
 - updated to icedtea 2.4

More information about the scm-commits mailing list