From e10f281042e9f56accf0b7c882e88e3e37f00284 Mon Sep 17 00:00:00 2001 From: kuenking111 Date: Thu, 28 Apr 2022 16:18:42 +0800 Subject: [PATCH] I556T8: fix X509TrustManagerImpl Symantec Distrust failed --- ...09TrustManagerImpl_symantec_distrust.patch | 72 +++++++++++++++++++ openjdk-11.spec | 10 ++- 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 fix_X509TrustManagerImpl_symantec_distrust.patch diff --git a/fix_X509TrustManagerImpl_symantec_distrust.patch b/fix_X509TrustManagerImpl_symantec_distrust.patch new file mode 100644 index 0000000..570e066 --- /dev/null +++ b/fix_X509TrustManagerImpl_symantec_distrust.patch @@ -0,0 +1,72 @@ +diff --git a/make/data/cacerts/geotrustglobalca b/make/data/cacerts/geotrustglobalca +new file mode 100644 +index 000000000..7f8bf9a66 +--- /dev/null ++++ b/make/data/cacerts/geotrustglobalca +@@ -0,0 +1,27 @@ ++Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US ++Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US ++Serial number: 23456 ++Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT ++MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i ++YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG ++EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg ++R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 ++9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq ++fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv ++iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU ++1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ ++bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW ++MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA ++ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l ++uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn ++Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS ++tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF ++PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un ++hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV ++5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== ++-----END CERTIFICATE----- +diff --git a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java +index c131bd493..478cc7235 100644 +--- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java ++++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java +@@ -53,12 +53,12 @@ public class VerifyCACerts { + + File.separator + "security" + File.separator + "cacerts"; + + // The numbers of certs now. +- private static final int COUNT = 86; ++ private static final int COUNT = 87; + + // SHA-256 of cacerts, can be generated with + // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 + private static final String CHECKSUM +- = "89:78:5A:96:F4:B2:68:4C:91:C0:32:2C:ED:2D:6B:3B:26:B8:37:C3:07:DD:9E:50:87:53:53:7A:24:98:97:E0"; ++ = "63:C4:11:7D:BF:C5:05:2B:BF:C2:B4:5A:2C:B6:26:C4:57:76:FB:D4:48:3B:E7:4C:62:B0:A1:7B:4F:07:B1:0C"; + + // map of cert alias to SHA-256 fingerprint + @SuppressWarnings("serial") +@@ -116,7 +116,9 @@ public class VerifyCACerts { + "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2"); + put("digicerthighassuranceevrootca [jdk]", + "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF"); +- put("geotrustprimaryca [jdk]", ++ put("geotrustglobalca [jdk]", ++ "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A"); ++ put("geotrustprimaryca [jdk]", + "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C"); + put("geotrustprimarycag2 [jdk]", + "5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66"); +@@ -250,6 +252,8 @@ public class VerifyCACerts { + add("addtrustexternalca [jdk]"); + // Valid until: Sat May 30 10:44:50 GMT 2020 + add("addtrustqualifiedca [jdk]"); ++ // Valid until: Sat May 21 04:00:00 GMT 2022 ++ add("geotrustglobalca [jdk]"); + } + }; + diff --git a/openjdk-11.spec b/openjdk-11.spec index e1cef4d..99b2b18 100644 --- a/openjdk-11.spec +++ b/openjdk-11.spec @@ -740,7 +740,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{newjavaver}.%{buildver} -Release: 0 +Release: 1 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -873,6 +873,10 @@ Patch87: fix_macroAssembler_missing_matcher_header_file_causing_build_failure.pa Patch88: fix-error-in-build-core-variants.patch Patch89: downgrade-the-symver-of-memcpy-GLIBC_2.14-on-x86.patch +# 11.0.15 +Patch90: fix_X509TrustManagerImpl_symantec_distrust.patch + + BuildRequires: autoconf BuildRequires: alsa-lib-devel BuildRequires: binutils @@ -1160,6 +1164,7 @@ pushd %{top_level_dir_name} %patch87 -p1 %patch88 -p1 %patch89 -p1 +%patch90 -p1 popd # openjdk # %patch1000 @@ -1669,6 +1674,9 @@ cjc.mainProgram(arg) %changelog +* Thu Apr 28 2022 kuenking111 - 1:11.0.15.10-1 +- add fix_X509TrustManagerImpl_symantec_distrust.patch + * Tue Apr 26 2022 kuenking111 - 1:11.0.15.10-0 - modified 8231441-3-AArch64-Initial-SVE-backend-support.patch - modified 8210473-JEP-345-NUMA-Aware-Memory-Allocation-for-G1.patch -- Gitee