From 1f4bec334afa64f094c5b4a12bb02043b0bb9454 Mon Sep 17 00:00:00 2001 From: kuenking111 Date: Mon, 28 Jun 2021 14:43:29 +0800 Subject: [PATCH] I3Y4ON: delete untrustworthy cacert soneraclass2ca --- ..._untrustworthy_cacert_soneraclass2ca.patch | 74 +++++++++++++++++++ openjdk-1.8.0.spec | 9 ++- 2 files changed, 81 insertions(+), 2 deletions(-) create mode 100755 delete_untrustworthy_cacert_soneraclass2ca.patch diff --git a/delete_untrustworthy_cacert_soneraclass2ca.patch b/delete_untrustworthy_cacert_soneraclass2ca.patch new file mode 100755 index 0000000..fe7f5c8 --- /dev/null +++ b/delete_untrustworthy_cacert_soneraclass2ca.patch @@ -0,0 +1,74 @@ +diff --git a/jdk/make/data/cacerts/soneraclass2ca b/jdk/make/data/cacerts/soneraclass2ca +deleted file mode 100644 +index 43faa5e2..00000000 +--- a/jdk/make/data/cacerts/soneraclass2ca ++++ /dev/null +@@ -1,26 +0,0 @@ +-Owner: CN=Sonera Class2 CA, O=Sonera, C=FI +-Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI +-Serial number: 1d +-Valid from: Fri Apr 06 07:29:40 GMT 2001 until: Tue Apr 06 07:29:40 GMT 2021 +-Signature algorithm name: SHA1withRSA +-Subject Public Key Algorithm: 2048-bit RSA key +-Version: 3 +------BEGIN CERTIFICATE----- +-MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +-MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +-MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +-BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +-hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +-Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +-5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +-3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +-vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +-8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +-DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +-MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +-zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +-3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +-FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +-Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +-ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +------END CERTIFICATE----- +diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +index 9053b796..d1a7879d 100644 +--- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java ++++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +@@ -53,12 +53,12 @@ public class VerifyCACerts { + + File.separator + "security" + File.separator + "cacerts"; + + // The numbers of certs now. +- private static final int COUNT = 90; ++ private static final int COUNT = 89; + + // SHA-256 of cacerts, can be generated with + // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 + private static final String CHECKSUM +- = "DC:22:7E:D7:F3:46:1F:8B:A8:4E:EE:C2:A8:4B:8E:26:89:4F:95:5C:71:A3:1B:5A:6E:A6:48:FD:CB:C9:F2:95"; ++ = "E6:F5:ED:92:CE:E2:35:5C:84:56:78:C7:72:29:29:A9:83:99:19:D9:54:F4:FF:7F:F7:D4:DB:2D:34:36:20:B5"; + + // map of cert alias to SHA-256 fingerprint + @SuppressWarnings("serial") +@@ -167,8 +167,6 @@ public class VerifyCACerts { + "3B:22:2E:56:67:11:E9:92:30:0D:C0:B1:5A:B9:47:3D:AF:DE:F8:C8:4D:0C:EF:7D:33:17:B4:C1:82:1D:14:36"); + put("swisssignsilverg2ca [jdk]", + "BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5"); +- put("soneraclass2ca [jdk]", +- "79:08:B4:03:14:C1:38:10:0B:51:8D:07:35:80:7F:FB:FC:F8:51:8A:00:95:33:71:05:BA:38:6B:15:3D:D9:27"); + put("securetrustca [jdk]", + "F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73"); + put("xrampglobalca [jdk]", +@@ -245,12 +243,7 @@ public class VerifyCACerts { + // Exception list to 90 days expiry policy + // No error will be reported if certificate in this list expires + @SuppressWarnings("serial") +- private static final HashSet EXPIRY_EXC_ENTRIES = new HashSet() { +- { +- // Valid until: Tue Apr 06 15:29:40 HKT 2021 +- add("soneraclass2ca [jdk]"); +- } +- }; ++ private static final HashSet EXPIRY_EXC_ENTRIES = new HashSet(); + + // Ninety days in milliseconds + private static final long NINETY_DAYS = 7776000000L; diff --git a/openjdk-1.8.0.spec b/openjdk-1.8.0.spec index f63e9a9..d83a699 100644 --- a/openjdk-1.8.0.spec +++ b/openjdk-1.8.0.spec @@ -918,7 +918,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 14 +Release: 15 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1109,6 +1109,7 @@ Patch195: support_CMS_parallel_inspection.patch Patch196: g1gc-numa-aware-Implementation.patch Patch197: implementation_of_Blas_hotspot_function_in_Intrinsics.patch Patch198: fix_G1GC_memory_leak_in_numa.patch +Patch199: delete_untrustworthy_cacert_soneraclass2ca.patch ############################################# # @@ -1566,6 +1567,7 @@ pushd %{top_level_dir_name} %patch196 -p1 %patch197 -p1 %patch198 -p1 +%patch199 -p1 popd # System library fixes @@ -1639,7 +1641,7 @@ export ARCH_DATA_MODEL=64 # We use ourcppflags because the OpenJDK build seems to # pass EXTRA_CFLAGS to the HotSpot C++ compiler... -EXTRA_CFLAGS="%ourcppflags -Wno-error -fcommon" +EXTRA_CFLAGS="%ourcppflags -Wno-error -fcommon -fsigned-char" EXTRA_CPP_FLAGS="%ourcppflags -Wno-error" EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" @@ -2182,6 +2184,9 @@ require "copy_jdk_configs.lua" %endif %changelog +* Mon Jun 28 2021 kuenking111 - 1:1.8.0.292-b10.15 +- fix delete_untrustworthy_cacert_soneraclass2ca.patch + * Thu Jun 17 2021 kuenking111 - 1:1.8.0.292-b10.14 - fix systemDictionary resolve_from_stream ResourceMark