From e157afaa54ac1df43cbd9b1a7c44c58377444a68 Mon Sep 17 00:00:00 2001 From: wanghao_hw Date: Fri, 24 Mar 2023 16:27:06 +0800 Subject: [PATCH] I6PYJ9:fix the issue that cert of geotrustglobalca expired. --- ...hat-cert-of-geotrustglobalca-expired.patch | 83 +++++++++++++++++++ openjdk-1.8.0.spec | 7 +- 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 fix-the-issue-that-cert-of-geotrustglobalca-expired.patch diff --git a/fix-the-issue-that-cert-of-geotrustglobalca-expired.patch b/fix-the-issue-that-cert-of-geotrustglobalca-expired.patch new file mode 100644 index 0000000..40f7b06 --- /dev/null +++ b/fix-the-issue-that-cert-of-geotrustglobalca-expired.patch @@ -0,0 +1,83 @@ +From bffc13e0e35ff04fea1ef2af74615c7c5b287c27 Mon Sep 17 00:00:00 2001 +From: wanghao_hw +Date: Fri, 24 Mar 2023 15:47:35 +0800 +Subject: [PATCH] fix the issue that cert of geotrustglobalca expired. + +--- + jdk/make/data/cacerts/geotrustglobalca | 27 ------------------- + .../security/lib/cacerts/VerifyCACerts.java | 7 ++--- + 2 files changed, 2 insertions(+), 32 deletions(-) + delete mode 100644 jdk/make/data/cacerts/geotrustglobalca + +diff --git a/jdk/make/data/cacerts/geotrustglobalca b/jdk/make/data/cacerts/geotrustglobalca +deleted file mode 100644 +index 7f8bf9a66..000000000 +--- a/jdk/make/data/cacerts/geotrustglobalca ++++ /dev/null +@@ -1,27 +0,0 @@ +-Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US +-Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US +-Serial number: 23456 +-Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022 +-Signature algorithm name: SHA1withRSA +-Subject Public Key Algorithm: 2048-bit RSA key +-Version: 3 +------BEGIN CERTIFICATE----- +-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +-YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +-R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +-9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +-fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +-iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +-1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +-bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +-MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +-ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +-uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +-Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +-tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +-PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +-hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +-5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +------END CERTIFICATE----- +diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +index c1423dc5b..8bca06c52 100644 +--- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java ++++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +@@ -53,12 +53,12 @@ public class VerifyCACerts { + + File.separator + "security" + File.separator + "cacerts"; + + // The numbers of certs now. +- private static final int COUNT = 84; ++ private static final int COUNT = 83; + + // SHA-256 of cacerts, can be generated with + // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 + private static final String CHECKSUM +- = "D3:05:21:64:FA:D7:CD:29:E8:CB:57:E7:47:ED:79:9B:47:D8:0E:75:2D:CA:83:BB:86:AF:D9:43:FD:3E:17:85"; ++ = "2D:04:88:6C:52:53:54:EB:38:2D:BC:E0:AF:B7:82:F4:9E:32:A8:1A:1B:A3:AE:CF:25:CB:C2:F6:0F:4E:E1:20"; + + // map of cert alias to SHA-256 fingerprint + @SuppressWarnings("serial") +@@ -111,8 +111,6 @@ public class VerifyCACerts { + "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2"); + put("digicerthighassuranceevrootca [jdk]", + "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF"); +- put("geotrustglobalca [jdk]", +- "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A"); + put("geotrustprimaryca [jdk]", + "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C"); + put("geotrustprimarycag2 [jdk]", +@@ -242,7 +240,6 @@ public class VerifyCACerts { + private static final HashSet EXPIRY_EXC_ENTRIES = new HashSet() { + { + // Valid until: Sat May 21 04:00:00 GMT 2022 +- add("geotrustglobalca [jdk]"); + } + }; + +-- +2.39.0 + diff --git a/openjdk-1.8.0.spec b/openjdk-1.8.0.spec index 3f11162..98c39a9 100644 --- a/openjdk-1.8.0.spec +++ b/openjdk-1.8.0.spec @@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 2 +Release: 3 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1184,6 +1184,7 @@ Patch298: Add-CMS-s-trim-test-cases-and-fix-failure.patch Patch299: Disable-cds-on-x86-32.patch Patch300: Disable-no-compressedOop-cds-on-x86-32.patch Patch301: fix-SUSE-x86_32-build-failure.patch +Patch302: fix-the-issue-that-cert-of-geotrustglobalca-expired.patch ############################################# # @@ -1706,6 +1707,7 @@ pushd %{top_level_dir_name} %patch299 -p1 %patch300 -p1 %patch301 -p1 +%patch302 -p1 popd # System library fixes @@ -2330,6 +2332,9 @@ cjc.mainProgram(arg) %endif %changelog +* Fri Mar 24 2023 wanghao_hw - 1:1.8.0.362-b09.3 +- add fix-the-issue-that-cert-of-geotrustglobalca-expired.patch + * Wed Feb 15 2023 kuenking111 - 1:1.8.0.362-b09.2 - add Add-CMS-s-trim-test-cases-and-fix-failure.patch - add Disable-cds-on-x86-32.patch -- Gitee