diff --git a/SOURCES/pr2974-rh1343832.patch b/SOURCES/pr2974-rh1343832.patch new file mode 100644 index 0000000..1c9af4d --- /dev/null +++ b/SOURCES/pr2974-rh1343832.patch @@ -0,0 +1,148 @@ +# HG changeset patch +# User andrew +# Date 1464316115 -3600 +# Fri May 27 03:28:35 2016 +0100 +# Node ID 794541fbbdc323f7da8a5cee75611f977eee66ee +# Parent 0be28a33e12dfc9ae1e4be381530643f691d351a +PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings +Summary: Add -systemlineendings option to keytool to allow system line endings to be used again. +Adapted for u91 on 2016/06/08 + +diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java 2016-04-10 17:59:49.000000000 -0400 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java 2016-06-08 13:10:36.593775141 -0400 +@@ -30,6 +30,7 @@ + import java.io.IOException; + import java.math.BigInteger; + ++import java.security.AccessController; + import java.security.cert.CertificateException; + import java.security.NoSuchAlgorithmException; + import java.security.InvalidKeyException; +@@ -39,6 +40,7 @@ + + import java.util.Base64; + ++import sun.security.action.GetPropertyAction; + import sun.security.util.*; + import sun.security.x509.AlgorithmId; + import sun.security.x509.X509Key; +@@ -76,6 +78,14 @@ + * @author Hemma Prafullchandra + */ + public class PKCS10 { ++ ++ private static final byte[] sysLineEndings; ++ ++ static { ++ sysLineEndings = ++ AccessController.doPrivileged(new GetPropertyAction("line.separator")).getBytes(); ++ } ++ + /** + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it +@@ -286,12 +296,39 @@ + */ + public void print(PrintStream out) + throws IOException, SignatureException { ++ print(out, false); ++ } ++ ++ /** ++ * Prints an E-Mailable version of the certificate request on the print ++ * stream passed. The format is a common base64 encoded one, supported ++ * by most Certificate Authorities because Netscape web servers have ++ * used this for some time. Some certificate authorities expect some ++ * more information, in particular contact information for the web ++ * server administrator. ++ * ++ * @param out the print stream where the certificate request ++ * will be printed. ++ * @param systemLineEndings true if the request should be terminated ++ * using the system line endings. ++ * @exception IOException when an output operation failed ++ * @exception SignatureException when the certificate request was ++ * not yet signed. ++ */ ++ public void print(PrintStream out, boolean systemLineEndings) ++ throws IOException, SignatureException { ++ byte[] lineEndings; ++ + if (encoded == null) + throw new SignatureException("Cert request was not signed"); + ++ if (systemLineEndings) ++ lineEndings = sysLineEndings; ++ else ++ lineEndings = new byte[] {'\r', '\n'}; // CRLF + + out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); +- out.println(Base64.getMimeEncoder().encodeToString(encoded)); ++ out.println(Base64.getMimeEncoder(76, lineEndings).encodeToString(encoded)); + out.println("-----END NEW CERTIFICATE REQUEST-----"); + } + +diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java 2016-04-10 17:59:49.000000000 -0400 ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java 2016-06-08 13:07:33.272760634 -0400 +@@ -114,6 +114,7 @@ + private String infilename = null; + private String outfilename = null; + private String srcksfname = null; ++ private boolean systemLineEndings = false; + + // User-specified providers are added before any command is called. + // However, they are not removed before the end of the main() method. +@@ -160,7 +161,7 @@ + CERTREQ("Generates.a.certificate.request", + ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME, + STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, +- PROVIDERARG, PROVIDERPATH, V, PROTECTED), ++ PROVIDERARG, PROVIDERPATH, SYSTEMLINEENDINGS, V, PROTECTED), + CHANGEALIAS("Changes.an.entry.s.alias", + ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS, + STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, +@@ -293,6 +294,7 @@ + STARTDATE("startdate", "", "certificate.validity.start.date.time"), + STOREPASS("storepass", "", "keystore.password"), + STORETYPE("storetype", "", "keystore.type"), ++ SYSTEMLINEENDINGS("systemlineendings", null, "system.line.endings"), + TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"), + V("v", null, "verbose.output"), + VALIDITY("validity", "", "validity.number.of.days"); +@@ -534,6 +536,8 @@ + protectedPath = true; + } else if (collator.compare(flags, "-srcprotected") == 0) { + srcprotectedPath = true; ++ } else if (collator.compare(flags, "-systemlineendings") == 0) { ++ systemLineEndings = true; + } else { + System.err.println(rb.getString("Illegal.option.") + flags); + tinyHelp(); +@@ -1332,7 +1336,7 @@ + + // Sign the request and base-64 encode it + request.encodeAndSign(subject, signature); +- request.print(out); ++ request.print(out, systemLineEndings); + } + + /** +@@ -4188,4 +4192,3 @@ + return new Pair<>(a,b); + } + } +- +diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java 2016-04-10 17:59:49.000000000 -0400 ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java 2016-06-08 13:07:33.272760634 -0400 +@@ -168,6 +168,8 @@ + "keystore password"}, //-storepass + {"keystore.type", + "keystore type"}, //-storetype ++ {"system.line.endings", ++ "use system line endings rather than CRLF to terminate output"}, //-systemlineendings + {"trust.certificates.from.cacerts", + "trust certificates from cacerts"}, //-trustcacerts + {"verbose.output", diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 55ceeca..1cfd6c0 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -715,7 +715,7 @@ OrderWithRequires: %{name}-headless%1 = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever} -Release: 0.%{buildver}%{?dist} +Release: 1.%{buildver}%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons, # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -785,6 +785,8 @@ Patch504: rh1163501.patch Patch511: rh1214835.patch # Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions Patch512: no_strict_overflow.patch +# RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings +Patch523: pr2974-rh1343832.patch # Arch-specific upstreamable patches # PR2415: JVM -Xmx requirement is too high on s390 @@ -1110,6 +1112,7 @@ sh %{SOURCE12} %patch504 %patch511 %patch512 +%patch523 # Extract systemtap tapsets %if %{with_systemtap} @@ -1801,6 +1804,10 @@ end %endif %changelog +* Wed Jun 01 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Add fix for PKCS#10 output regression, adding -systemlineendings option. +- Resolves: rhbz#1343832 + * Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-0.b14 - Add additional fix to Zero patch to properly handle result on 64-bit big-endian - Resolves: rhbz#1325422