!407 fix the issue that cert of geotrustglobalca expired

From: @wanghao_hw Reviewed-by: @kuenking111 Signed-off-by: @kuenking111
2023-03-28 06:07:19 +00:00 · 2023-03-28 06:07:19 +00:00 · 45fb0cbe1e
commit 45fb0cbe1e
parent 9a13aeab09 3c792aa99c
2 changed files with 89 additions and 1 deletions
--- a/fix-the-issue-that-cert-of-geotrustglobalca-expired.patch
+++ b/fix-the-issue-that-cert-of-geotrustglobalca-expired.patch
@ -0,0 +1,83 @@
+From bffc13e0e35ff04fea1ef2af74615c7c5b287c27 Mon Sep 17 00:00:00 2001
+From: wanghao_hw <wanghao564@huawei.com>
+Date: Fri, 24 Mar 2023 15:47:35 +0800
+Subject: [PATCH] fix the issue that cert of geotrustglobalca expired.
+
+---
+ jdk/make/data/cacerts/geotrustglobalca        | 27 -------------------
+ .../security/lib/cacerts/VerifyCACerts.java   |  7 ++---
+ 2 files changed, 2 insertions(+), 32 deletions(-)
+ delete mode 100644 jdk/make/data/cacerts/geotrustglobalca
+
+diff --git a/jdk/make/data/cacerts/geotrustglobalca b/jdk/make/data/cacerts/geotrustglobalca
+deleted file mode 100644
+index 7f8bf9a66..000000000
+--- a/jdk/make/data/cacerts/geotrustglobalca
+++ /dev/null
+@@ -1,27 +0,0 @@
+-Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
+-Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
+-Serial number: 23456
+-Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022
+-Signature algorithm name: SHA1withRSA
+-Subject Public Key Algorithm: 2048-bit RSA key
+-Version: 3
+------BEGIN CERTIFICATE-----
+-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+-YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+-R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+-9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+-fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+-iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+-1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+-bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+-MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+-ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+-uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+-Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+-tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+-PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+-hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+-5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+------END CERTIFICATE-----
+diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
+index c1423dc5b..8bca06c52 100644
+--- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
+++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
+@@ -53,12 +53,12 @@ public class VerifyCACerts {
+             + File.separator + "security" + File.separator + "cacerts";
+ 
+     // The numbers of certs now.
+-    private static final int COUNT = 84;
+    private static final int COUNT = 83;
+ 
+     // SHA-256 of cacerts, can be generated with
+     // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
+     private static final String CHECKSUM
+-            = "D3:05:21:64:FA:D7:CD:29:E8:CB:57:E7:47:ED:79:9B:47:D8:0E:75:2D:CA:83:BB:86:AF:D9:43:FD:3E:17:85";
+            = "2D:04:88:6C:52:53:54:EB:38:2D:BC:E0:AF:B7:82:F4:9E:32:A8:1A:1B:A3:AE:CF:25:CB:C2:F6:0F:4E:E1:20";
+ 
+     // map of cert alias to SHA-256 fingerprint
+     @SuppressWarnings("serial")
+@@ -111,8 +111,6 @@ public class VerifyCACerts {
+                     "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2");
+             put("digicerthighassuranceevrootca [jdk]",
+                     "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF");
+-	    put("geotrustglobalca [jdk]",
+-                    "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A");
+ 	    put("geotrustprimaryca [jdk]",
+                     "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C");
+             put("geotrustprimarycag2 [jdk]",
+@@ -242,7 +240,6 @@ public class VerifyCACerts {
+     private static final HashSet<String> EXPIRY_EXC_ENTRIES = new HashSet<String>() {
+         {
+             // Valid until: Sat May 21 04:00:00 GMT 2022
+-            add("geotrustglobalca [jdk]");
+         }
+     };
+ 
+-- 
+2.39.0
+
--- a/openjdk-1.8.0.spec
+++ b/openjdk-1.8.0.spec
@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r

 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 2
+Release: 3
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@ -1184,6 +1184,7 @@ Patch298: Add-CMS-s-trim-test-cases-and-fix-failure.patch
 Patch299: Disable-cds-on-x86-32.patch
 Patch300: Disable-no-compressedOop-cds-on-x86-32.patch
 Patch301: fix-SUSE-x86_32-build-failure.patch
+Patch302: fix-the-issue-that-cert-of-geotrustglobalca-expired.patch

 #############################################
 #
@ -1706,6 +1707,7 @@ pushd %{top_level_dir_name}
 %patch299 -p1
 %patch300 -p1
 %patch301 -p1
+%patch302 -p1
 popd

 # System library fixes
@ -2330,6 +2332,9 @@ cjc.mainProgram(arg)
 %endif

 %changelog
+* Fri Mar 24 2023 wanghao_hw<wanghao564@huawei.com> - 1:1.8.0.362-b09.3
+- add fix-the-issue-that-cert-of-geotrustglobalca-expired.patch
+
 * Wed Feb 15 2023 kuenking111<wangkun49@huawei.com> - 1:1.8.0.362-b09.2
 - add Add-CMS-s-trim-test-cases-and-fix-failure.patch
 - add Disable-cds-on-x86-32.patch