diff --git a/Delete-expired-certificate.patch b/Delete-expired-certificate.patch
index 8e93c394dfba16d5be822b0da5046b851248fde0..e5b4e99a7e401c3072fd0427cb054e8217998a09 100644
--- a/Delete-expired-certificate.patch
+++ b/Delete-expired-certificate.patch
@@ -1,4 +1,5 @@
 From 81e5f144710e946f70db91329a79b9ebcd76c2f3 Mon Sep 17 00:00:00 2001
+From: zhangyipeng  <zhangyipeng7@huawei.com>
 Date: Wed, 15 Dec 2021 17:04:17 +0800
 Subject: [PATCH] Delete expired certificate
 
@@ -117,9 +118,24 @@ index 0c195ff51..000000000
 -SnQ2+Q==
 ------END CERTIFICATE-----
 diff --git a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
-index f39dca74a..c404ed613 100644
+index f39dca74a..768b6572c 100644
 --- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
 +++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
+@@ -54,12 +54,12 @@ public class VerifyCACerts {
+             + File.separator + "security" + File.separator + "cacerts";
+ 
+     // The numbers of certs now.
+-    private static final int COUNT = 89;
++    private static final int COUNT = 86;
+ 
+     // SHA-256 of cacerts, can be generated with
+     // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
+     private static final String CHECKSUM
+-            = "CC:AD:BB:49:70:97:3F:42:AD:73:91:A0:A2:C4:B8:AA:D1:95:59:F3:B3:22:09:2A:1F:2C:AB:04:47:08:EF:AA";
++            = "89:78:5A:96:F4:B2:68:4C:91:C0:32:2C:ED:2D:6B:3B:26:B8:37:C3:07:DD:9E:50:87:53:53:7A:24:98:97:E0";
+ 
+     // Hex formatter to upper case with ":" delimiter
+     private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase();
 @@ -120,8 +120,6 @@ public class VerifyCACerts {
                      "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2");
              put("digicerthighassuranceevrootca [jdk]",
diff --git a/add-version-txt.patch b/add-version-txt.patch
index e098e18f97e13b82bcb84a85a7b269f98656e2da..855290a59d70b280cc26a614c82d983f7e8b2df3 100644
--- a/add-version-txt.patch
+++ b/add-version-txt.patch
@@ -13,7 +13,7 @@ index 000000000..b717bafbe
 --- /dev/null
 +++ b/version.txt
 @@ -0,0 +1 @@
-+17.0.3.0.13
++17.0.4.0.13
 -- 
 2.19.0
 
diff --git a/fix_X509TrustManagerImpl_symantec_distrust.patch b/fix_X509TrustManagerImpl_symantec_distrust.patch
deleted file mode 100644
index 223aa657625f5a1712e88a71ad3e72b85b3a011c..0000000000000000000000000000000000000000
--- a/fix_X509TrustManagerImpl_symantec_distrust.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-diff --git a/make/data/cacerts/geotrustglobalca b/make/data/cacerts/geotrustglobalca
-new file mode 100644
-index 000000000..7f8bf9a66
---- /dev/null
-+++ b/make/data/cacerts/geotrustglobalca
-@@ -0,0 +1,27 @@
-+Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
-+Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
-+Serial number: 23456
-+Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022
-+Signature algorithm name: SHA1withRSA
-+Subject Public Key Algorithm: 2048-bit RSA key
-+Version: 3
-+-----BEGIN CERTIFICATE-----
-+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
-+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
-+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
-+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
-+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
-+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
-+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
-+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
-+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
-+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
-+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
-+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
-+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
-+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
-+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
-+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
-+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-+-----END CERTIFICATE-----
-diff --git a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
-index c404ed613..4d459f798 100644
---- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
-+++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
-@@ -54,12 +54,12 @@ public class VerifyCACerts {
-             + File.separator + "security" + File.separator + "cacerts";
- 
-     // The numbers of certs now.
--    private static final int COUNT = 89;
-+    private static final int COUNT = 87;
- 
-     // SHA-256 of cacerts, can be generated with
-     // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
-     private static final String CHECKSUM
--            = "CC:AD:BB:49:70:97:3F:42:AD:73:91:A0:A2:C4:B8:AA:D1:95:59:F3:B3:22:09:2A:1F:2C:AB:04:47:08:EF:AA";
-+            = "63:C4:11:7D:BF:C5:05:2B:BF:C2:B4:5A:2C:B6:26:C4:57:76:FB:D4:48:3B:E7:4C:62:B0:A1:7B:4F:07:B1:0C";
- 
-     // Hex formatter to upper case with ":" delimiter
-     private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase();
-@@ -120,6 +120,8 @@ public class VerifyCACerts {
-                     "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2");
-             put("digicerthighassuranceevrootca [jdk]",
-                     "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF");
-+            put("geotrustglobalca [jdk]",
-+                    "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A");
-             put("geotrustprimaryca [jdk]",
-                     "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C");
-             put("geotrustprimarycag2 [jdk]",
-@@ -254,6 +256,8 @@ public class VerifyCACerts {
-             add("addtrustexternalca [jdk]");
-             // Valid until: Sat May 30 10:44:50 GMT 2020
-             add("addtrustqualifiedca [jdk]");
-+	    // Valid until: Sat May 21 04:00:00 GMT 2022
-+            add("geotrustglobalca [jdk]");
-         }
-     };
- 
diff --git a/jdk-updates-jdk17u-jdk-17.0.3+7.tar.gz b/jdk-updates-jdk17u-jdk-17.0.4+8.tar.gz
similarity index 82%
rename from jdk-updates-jdk17u-jdk-17.0.3+7.tar.gz
rename to jdk-updates-jdk17u-jdk-17.0.4+8.tar.gz
index 74dec1c462202b917c60611102c6a33183e15606..1ab048ab27e323fbff489ab7aeeaaf0c3fa567f1 100644
Binary files a/jdk-updates-jdk17u-jdk-17.0.3+7.tar.gz and b/jdk-updates-jdk17u-jdk-17.0.4+8.tar.gz differ
diff --git a/openjdk-17.spec b/openjdk-17.spec
index a7b50fcfd94a7cb6641d13c113ab2ef27d6ea38d..e57562711519ed25c88f78ab9d749f42401ba1ab 100644
--- a/openjdk-17.spec
+++ b/openjdk-17.spec
@@ -155,7 +155,7 @@
 # Used via new version scheme. JDK 17 was
 # GA'ed in March 2021 => 21.9
 %global vendor_version_string 21.9
-%global securityver 3
+%global securityver 4
 # buildjdkver is usually same as %%{majorver},
 # but in time of bootstrap of next jdk, it is majorver-1, 
 # and this it is better to change it here, on single place
@@ -175,7 +175,7 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global minorver        0
-%global buildver        7
+%global buildver        8
 # priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 %global priority %( printf '%02d%02d%02d%02d' %{majorver} %{minorver} %{securityver} %{buildver} )
@@ -773,18 +773,20 @@ Provides: jre%{?1} = %{epoch}:%{version}-%{release}
 
 %define java_headless_rpo() %{expand:
 # Require /etc/pki/java/cacerts
-Requires: ca-certificates
+#Requires: ca-certificates
 # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
 Requires: javapackages-filesystem
 # Require zone-info data provided by tzdata-java sub-package
-Requires: tzdata-java >= 2015d
+Requires: tzdata-java >= 2022a
 # tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
 # not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
 # considered as regression
-Requires: copy-jdk-configs >= 3.9
+Requires: copy-jdk-configs >= 4.0
 OrderWithRequires: copy-jdk-configs
 # for printing support
 Requires: cups-libs
+Requires: crypto-policies
+Requires: nss
 # Post requires alternatives to install tool alternatives
 Requires(post):   %{_sbindir}/alternatives
 # chkconfig does not contain alternatives anymore
@@ -885,7 +887,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
 
 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: 1
+Release: 0
 
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
@@ -943,17 +945,17 @@ Source14: TestECDSA.java
 
 # NSS via SunPKCS11 Provider (disabled comment
 # due to memory leak).
-Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+#Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
 
 # Ignore AWTError when assistive technologies are loaded
-Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
+#Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
 # Restrict access to java-atk-wrapper classes
-Patch2: rh1648644-java_access_bridge_privileged_security.patch
-Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
+#Patch2: rh1648644-java_access_bridge_privileged_security.patch
+#Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
 # Follow system wide crypto policy RHBZ#1249083
-Patch4: pr3183-rh1340845-support_system_crypto_policy.patch
+#Patch4: pr3183-rh1340845-support_system_crypto_policy.patch
 # Depend on pcs-lite-libs instead of pcs-lite-devel as this is only in optional repo
-Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
+#Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
 
 #############################################
 #
@@ -962,19 +964,16 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
 #############################################
 
 # 17.0.2
-Patch7: downgrade-the-glibc-symver-of-memcpy.patch
-Patch8: downgrade-the-glibc-symver-of-log2f-posix_spawn.patch
-Patch9: add-version-txt.patch
-Patch10: 8273111-Default-timezone-should-return-zone-ID-if-et.patch
-Patch11: Add-prefetch-before-copy-in-PSPromotionManager-copy_.patch
-Patch12: 8272138-ZGC-Adopt-relaxed-ordering-for-self-healing.patch
-Patch13: G1-GC-NUMA-feature-preferentially-selects-the-neares.patch
-Patch14: Clean-up-JDK17-codeDEX.patch
-Patch15: Delete-expired-certificate.patch
-Patch16: Clean-up-JDK17-codeDEX-fix-Non-static-numa_node_dist.patch
-
-# 17.0.3
-Patch17: fix_X509TrustManagerImpl_symantec_distrust.patch
+#Patch7: downgrade-the-glibc-symver-of-memcpy.patch
+#Patch8: downgrade-the-glibc-symver-of-log2f-posix_spawn.patch
+#Patch9: add-version-txt.patch
+#Patch10: 8273111-Default-timezone-should-return-zone-ID-if-et.patch
+#Patch11: Add-prefetch-before-copy-in-PSPromotionManager-copy_.patch
+#Patch12: 8272138-ZGC-Adopt-relaxed-ordering-for-self-healing.patch
+#Patch13: G1-GC-NUMA-feature-preferentially-selects-the-neares.patch
+#Patch14: Clean-up-JDK17-codeDEX.patch
+#Patch15: Delete-expired-certificate.patch
+#Patch16: Clean-up-JDK17-codeDEX-fix-Non-static-numa_node_dist.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -1012,7 +1011,7 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
 %ifnarch %{jit_arches}
 BuildRequires: libffi-devel
 %endif
-BuildRequires: tzdata-java >= 2015d
+BuildRequires: tzdata-java >= 2022a
 # Earlier versions have a bug in tree vectorization on PPC
 BuildRequires: gcc >= 4.8.3-8
 
@@ -1194,25 +1193,24 @@ fi
 # OpenJDK patches
 
 pushd %{top_level_dir_name}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
+#%patch1 -p1
+#%patch2 -p1
+#%patch3 -p1
+#%patch4 -p1
+#%patch6 -p1
+#%patch7 -p1
+#%patch8 -p1
+#%patch9 -p1
+#%patch10 -p1
+#%patch11 -p1
+#%patch12 -p1
+#%patch13 -p1
+#%patch14 -p1
+#%patch15 -p1
+#%patch16 -p1
 popd # openjdk
 
-%patch1000
+#%patch1000
 
 # Extract systemtap tapsets
 %if %{with_systemtap}
@@ -1390,255 +1388,6 @@ ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/lib/tzdb.dat
 # build cycles
 done
 
-%check
-
-# We test debug first as it will give better diagnostics on a crash
-for suffix in %{rev_build_loop} ; do
-
-export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
-
-# Check unlimited policy has been used
-$JAVA_HOME/bin/javac -d . %{SOURCE13}
-$JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel
-
-# Check ECC is working
-$JAVA_HOME/bin/javac -d . %{SOURCE14}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
-
-# Check debug symbols are present and can identify code
-find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
-do
-  if [ -f "$lib" ] ; then
-    echo "Testing $lib for debug symbols"
-    # All these tests rely on RPM failing the build if the exit code of any set
-    # of piped commands is non-zero.
-
-    # Test for .debug_* sections in the shared object. This is the main test
-    # Stripped objects will not contain these
-    eu-readelf -S "$lib" | grep "] .debug_"
-    test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2
-
-    # Test FILE symbols. These will most likely be removed by anything that
-    # manipulates symbol tables because it's generally useless. So a nice test
-    # that nothing has messed with symbols
-    old_IFS="$IFS"
-    IFS=$'\n'
-    for line in $(eu-readelf -s "$lib" | grep "00000000      0 FILE    LOCAL  DEFAULT")
-    do
-     # We expect to see .cpp files, except for architectures like aarch64 and
-     # s390 where we expect .o and .oS files
-      echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
-    done
-    IFS="$old_IFS"
-
-    # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking
-    if [ "`basename $lib`" = "libjvm.so" ]; then
-      eu-readelf -s "$lib" | \
-        grep -E "00000000      0 FILE    LOCAL  DEFAULT      ABS javaCalls.(cpp|o)$"
-    fi
-
-    # Test that there are no .gnu_debuglink sections pointing to another
-    # debuginfo file. There shouldn't be any debuginfo files, so the link makes
-    # no sense either
-    eu-readelf -S "$lib" | grep 'gnu'
-    if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then
-      echo "bad .gnu_debuglink section."
-      eu-readelf -x .gnu_debuglink "$lib"
-      false
-    fi
-  fi
-done
-
-# Make sure gdb can do a backtrace based on line numbers on libjvm.so
-# javaCalls.cpp:58 should map to:
-# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 
-# Using line number 1 might cause build problems. See:
-gdb -q "$JAVA_HOME/bin/java" <<EOF | tee gdb.out
-handle SIGSEGV pass nostop noprint
-handle SIGILL pass nostop noprint
-set breakpoint pending on
-break javaCalls.cpp:1
-commands 1
-backtrace
-quit
-end
-run -version
-EOF
-
-grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
-
-# Check src.zip has all sources. See RHBZ#1130490
-jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
-
-# Check class files include useful debugging information
-$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
-$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
-$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
-
-# Check generated class files include useful debugging information
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
-
-# build cycles check
-done
-
-%install
-STRIP_KEEP_SYMTAB=libjvm*
-
-for suffix in %{build_loop} ; do
-
-# Install the jdk
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
-cp -a %{buildoutputdir -- $suffix}/images/%{jdkimage} \
-  $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
-
-# Install jsa directories so we can owe them
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/%{archinstall}/server/
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/%{archinstall}/client/
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/ || true  ; # sometimes is here, sometimes not, ifout it or || true it out
-
-pushd %{buildoutputdir $suffix}/images/%{jdkimage}
-
-%if %{with_systemtap}
-  # Install systemtap support files
-  install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset
-  # note, that uniquesuffix  is in BUILD dir in this case
-  cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
-  pushd  $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
-   tapsetFiles=`ls *.stp`
-  popd
-  install -d -m 755 $RPM_BUILD_ROOT%{tapsetdir}
-  for name in $tapsetFiles ; do
-    targetName=`echo $name | sed "s/.stp/$suffix.stp/"`
-    ln -sf %{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
-  done
-%endif
-
-  # Remove empty cacerts database
-  rm -f $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/security/cacerts
-  # Install cacerts symlink needed by some apps which hard-code the path
-  pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/security
-      ln -sf /etc/pki/java/cacerts .
-  popd
-
-  # Install version-ed symlinks
-  pushd $RPM_BUILD_ROOT%{_jvmdir}
-    ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix}
-  popd
-
-
-  # Install man pages
-  install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man1
-  for manpage in man/man1/*
-  do
-    # Convert man pages to UTF8 encoding
-    iconv -f ISO_8859-1 -t UTF8 $manpage -o $manpage.tmp
-    mv -f $manpage.tmp $manpage
-    install -m 644 -p $manpage $RPM_BUILD_ROOT%{_mandir}/man1/$(basename \
-      $manpage .1)-%{uniquesuffix -- $suffix}.1
-  done
-  # Remove man pages from jdk image
-  rm -rf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/man
-
-popd
-
-if ! echo $suffix | grep -q "debug" ; then
-  # Install Javadoc documentation
-  install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
-  cp -a %{buildoutputdir -- $suffix}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
-  cp -a %{buildoutputdir -- $suffix}/bundles/jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
-fi
-
-# Install icons and menu entries
-for s in 16 24 32 48 ; do
-  install -D -p -m 644 \
-    %{top_level_dir_name}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png \
-    $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png
-done
-
-# Install desktop files
-install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps}
-for e in jconsole$suffix ; do
-    desktop-file-install --vendor=%{uniquesuffix -- $suffix} --mode=644 \
-        --dir=$RPM_BUILD_ROOT%{_datadir}/applications $e.desktop
-done
-
-# Install /etc/.java/.systemPrefs/ directory
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/.java/.systemPrefs
-
-# copy samples next to demos; samples are mostly js files
-cp -r %{top_level_dir_name}/src/sample  $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/
-
-
-# moving config files to /etc
-mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
-mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
-mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/conf/  $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
-mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib/security  $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
-pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}
-  ln -s %{etcjavadir -- $suffix}/conf  ./conf
-popd
-pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib
-  ln -s %{etcjavadir -- $suffix}/lib/security  ./security
-popd
-# end moving files to /etc
-
-# stabilize permissions
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; 
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; 
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ; 
-
-# end, dual install
-done
-
-%if %{include_normal_build}
-# intentionally only for non-debug
-%pretrans headless -p <lua>
--- if copy-jdk-configs is in transaction, it installs in pretrans to temp
--- if copy_jdk_configs is in temp, then it means that copy-jdk-configs is in transaction  and so is
--- preferred over one in %%{_libexecdir}. If it is not in transaction, then depends
--- whether copy-jdk-configs is installed or not. If so, then configs are copied
--- (copy_jdk_configs from %%{_libexecdir} used) or not copied at all
-local posix = require "posix"
-
-if (os.getenv("debug") == "true") then
-  debug = true;
-  print("cjc: in spec debug is on")
-else
-  debug = false;
-end
-
-SOURCE1 = "%{rpm_state_dir}/copy_jdk_configs.lua"
-SOURCE2 = "%{_libexecdir}/copy_jdk_configs.lua"
-
-local stat1 = posix.stat(SOURCE1, "type");
-local stat2 = posix.stat(SOURCE2, "type");
-
-  if (stat1 ~= nil) then
-  if (debug) then
-    print(SOURCE1 .." exists - copy-jdk-configs in transaction, using this one.")
-  end;
-  package.path = package.path .. ";" .. SOURCE1
-else
-  if (stat2 ~= nil) then
-  if (debug) then
-    print(SOURCE2 .." exists - copy-jdk-configs already installed and NOT in transaction. Using.")
-  end;
-  package.path = package.path .. ";" .. SOURCE2
-  else
-    if (debug) then
-      print(SOURCE1 .." does NOT exists")
-      print(SOURCE2 .." does NOT exists")
-      print("No config files will be copied")
-    end
-  return
-  end
-end
--- run content of included file with fake args
-cjc = require "copy_jdk_configs.lua"
-arg = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
-cjc.mainProgram(arg)
 
 %post
 %{post_script %{nil}}
@@ -1675,33 +1424,6 @@ cjc.mainProgram(arg)
 
 %postun javadoc-zip
 %{postun_javadoc_zip %{nil}}
-%endif
-
-%if %{include_debug_build}
-%post slowdebug
-%{post_script -- %{debug_suffix_unquoted}}
-
-%post headless-slowdebug
-%{post_headless -- %{debug_suffix_unquoted}}
-
-%postun slowdebug
-%{postun_script -- %{debug_suffix_unquoted}}
-
-%postun headless-slowdebug
-%{postun_headless -- %{debug_suffix_unquoted}}
-
-%posttrans slowdebug
-%{posttrans_script -- %{debug_suffix_unquoted}}
-
-%post devel-slowdebug
-%{post_devel -- %{debug_suffix_unquoted}}
-
-%postun devel-slowdebug
-%{postun_devel -- %{debug_suffix_unquoted}}
-
-%posttrans  devel-slowdebug
-%{posttrans_devel -- %{debug_suffix_unquoted}}
-%endif
 
 %if %{include_normal_build}
 %files
@@ -1741,30 +1463,15 @@ cjc.mainProgram(arg)
 %{files_javadoc_zip %{nil}}
 %endif
 
-%if %{include_debug_build}
-%files slowdebug
-%{files_jre -- %{debug_suffix_unquoted}}
-
-%files headless-slowdebug
-%{files_jre_headless -- %{debug_suffix_unquoted}}
-
-%files devel-slowdebug
-%{files_devel -- %{debug_suffix_unquoted}}
-
-%files jmods-slowdebug
-%{files_jmods -- %{debug_suffix_unquoted}}
-
-%files demo-slowdebug
-%{files_demo -- %{debug_suffix_unquoted}}
-
-%files src-slowdebug
-%{files_src -- %{debug_suffix_unquoted}}
-%endif
-
 
 %changelog
-* Thu April 28 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.3.7-1
+* Wed Jul 27 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.4.8-0.rolling
+- del fix_X509TrustManagerImpl_symantec_distrust.patch
+- modified Delete-expired-certificate.patch
+- modified add-version-txt.patch
+
+* Thu Apr 28 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.3.7-1
 - add fix_X509TrustManagerImpl_symantec_distrust.patch
 
-* Tue April 26 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.3.7-0.rolling
+* Tue Apr 26 2022 kuenking111 <wangkun49@huawei.com> - 1:17.0.3.7-0.rolling
 - Init jdk-17.0.3+7-ga