From a7a6b51080d5c5d3bd7ace053e8b198e729ed98e Mon Sep 17 00:00:00 2001 From: kuenking111 Date: Thu, 28 Apr 2022 16:33:56 +0800 Subject: [PATCH] I556TM: fix X509TrustManagerImpl Symantec Distrust failed --- ...09TrustManagerImpl_symantec_distrust.patch | 70 +++++++++++++++++++ openjdk-17.spec | 9 ++- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 fix_X509TrustManagerImpl_symantec_distrust.patch diff --git a/fix_X509TrustManagerImpl_symantec_distrust.patch b/fix_X509TrustManagerImpl_symantec_distrust.patch new file mode 100644 index 0000000..223aa65 --- /dev/null +++ b/fix_X509TrustManagerImpl_symantec_distrust.patch @@ -0,0 +1,70 @@ +diff --git a/make/data/cacerts/geotrustglobalca b/make/data/cacerts/geotrustglobalca +new file mode 100644 +index 000000000..7f8bf9a66 +--- /dev/null ++++ b/make/data/cacerts/geotrustglobalca +@@ -0,0 +1,27 @@ ++Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US ++Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US ++Serial number: 23456 ++Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT ++MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i ++YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG ++EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg ++R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 ++9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq ++fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv ++iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU ++1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ ++bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW ++MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA ++ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l ++uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn ++Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS ++tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF ++PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un ++hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV ++5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== ++-----END CERTIFICATE----- +diff --git a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java +index c404ed613..4d459f798 100644 +--- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java ++++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java +@@ -54,12 +54,12 @@ public class VerifyCACerts { + + File.separator + "security" + File.separator + "cacerts"; + + // The numbers of certs now. +- private static final int COUNT = 89; ++ private static final int COUNT = 87; + + // SHA-256 of cacerts, can be generated with + // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 + private static final String CHECKSUM +- = "CC:AD:BB:49:70:97:3F:42:AD:73:91:A0:A2:C4:B8:AA:D1:95:59:F3:B3:22:09:2A:1F:2C:AB:04:47:08:EF:AA"; ++ = "63:C4:11:7D:BF:C5:05:2B:BF:C2:B4:5A:2C:B6:26:C4:57:76:FB:D4:48:3B:E7:4C:62:B0:A1:7B:4F:07:B1:0C"; + + // Hex formatter to upper case with ":" delimiter + private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase(); +@@ -120,6 +120,8 @@ public class VerifyCACerts { + "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2"); + put("digicerthighassuranceevrootca [jdk]", + "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF"); ++ put("geotrustglobalca [jdk]", ++ "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A"); + put("geotrustprimaryca [jdk]", + "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C"); + put("geotrustprimarycag2 [jdk]", +@@ -254,6 +256,8 @@ public class VerifyCACerts { + add("addtrustexternalca [jdk]"); + // Valid until: Sat May 30 10:44:50 GMT 2020 + add("addtrustqualifiedca [jdk]"); ++ // Valid until: Sat May 21 04:00:00 GMT 2022 ++ add("geotrustglobalca [jdk]"); + } + }; + diff --git a/openjdk-17.spec b/openjdk-17.spec index c4b0c2c..a7b50fc 100644 --- a/openjdk-17.spec +++ b/openjdk-17.spec @@ -885,7 +885,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{newjavaver}.%{buildver} -Release: 0 +Release: 1 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages @@ -973,6 +973,9 @@ Patch14: Clean-up-JDK17-codeDEX.patch Patch15: Delete-expired-certificate.patch Patch16: Clean-up-JDK17-codeDEX-fix-Non-static-numa_node_dist.patch +# 17.0.3 +Patch17: fix_X509TrustManagerImpl_symantec_distrust.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: alsa-lib-devel @@ -1206,6 +1209,7 @@ pushd %{top_level_dir_name} %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 popd # openjdk %patch1000 @@ -1759,5 +1763,8 @@ cjc.mainProgram(arg) %changelog +* Thu April 28 2022 kuenking111 - 1:17.0.3.7-1 +- add fix_X509TrustManagerImpl_symantec_distrust.patch + * Tue April 26 2022 kuenking111 - 1:17.0.3.7-0.rolling - Init jdk-17.0.3+7-ga -- Gitee