* [Buildroot] [PATCH v2 1/1] package/openjdk{-bin}: security bump versions to 11.0.19+7 and 17.0.7+7
@ 2023-08-28 18:56 Adam Duskett
2023-08-29 12:33 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Adam Duskett @ 2023-08-28 18:56 UTC (permalink / raw)
To: buildroot; +Cc: Tudor Holton, Adam Duskett
Fixes the following security issues:
* CVEs
- CVE-2023-21930
- CVE-2023-21937
- CVE-2023-21938
- CVE-2023-21939
- CVE-2023-21954
- CVE-2023-21967
- CVE-2023-21968
* Security fixes
- JDK-8287404: Improve ping times
- JDK-8288436: Improve Xalan supports
- JDK-8294474: Better AES support
- JDK-8295304: Runtime support improvements
- JDK-8296676, JDK-8296622: Improve String platform support
- JDK-8296684: Improve String platform support
- JDK-8296692: Improve String platform support
- JDK-8296832: Improve Swing platform support
- JDK-8297371: Improve UTF8 representation redux
- JDK-8298191: Enhance object reclamation process
- JDK-8298310: Enhance TLS session negotiation
- JDK-8298667: Improved path handling
- JDK-8299129: Enhance NameService lookups
For details, see the announcements:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021900.html
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021899.html
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
v1 -> v2:
- Add missing openjdk-bin updates
package/openjdk-bin/openjdk-bin.hash | 8 ++++----
package/openjdk-bin/openjdk-bin.mk | 4 ++--
.../0001-Add-ARCv2-ISA-processors-support-to-Zero.patch | 0
package/openjdk/openjdk.hash | 4 ++--
package/openjdk/openjdk.mk | 4 ++--
5 files changed, 10 insertions(+), 10 deletions(-)
rename package/openjdk/{17.0.7+7 => 17.0.8+7}/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch (100%)
diff --git a/package/openjdk-bin/openjdk-bin.hash b/package/openjdk-bin/openjdk-bin.hash
index eb9d7396e3..401e83e75e 100644
--- a/package/openjdk-bin/openjdk-bin.hash
+++ b/package/openjdk-bin/openjdk-bin.hash
@@ -1,10 +1,10 @@
# https://github.com/adoptium/temurin17-binaries/releases
-sha256 e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
-sha256 0084272404b89442871e0a1f112779844090532978ad4d4191b8d03fc6adfade OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.7_7.tar.gz
+sha256 aa5fc7d388fe544e5d85902e68399d5299e931f9b280d358a3cbee218d6017b0 OpenJDK17U-jdk_x64_linux_hotspot_17.0.8_7.tar.gz
+sha256 c43688163cfdcb1a6e6fe202cc06a51891df746b954c55dbd01430e7d7326d00 OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.8_7.tar.gz
# From https://github.com/adoptium/temurin11-binaries/releases
-sha256 5f19fb28aea3e28fcc402b73ce72f62b602992d48769502effe81c52ca39a581 OpenJDK11U-jdk_x64_linux_hotspot_11.0.19_7.tar.gz
-sha256 0c7763a19b4af4ef5fbae831781b5184e988d6f131d264482399eeaf51b6e254 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.19_7.tar.gz
+sha256 7a99258af2e3ee9047e90f1c0c1775fd6285085759501295358d934d662e01f9 OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz
+sha256 eb821c049c2d2f7c3fbf8ddcce2d608d3aa7d488700e76bfbbebabba93021748 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.20_8.tar.gz
# Locally calculated
sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 legal/java.prefs/LICENSE
diff --git a/package/openjdk-bin/openjdk-bin.mk b/package/openjdk-bin/openjdk-bin.mk
index dad846534b..616c8d917d 100644
--- a/package/openjdk-bin/openjdk-bin.mk
+++ b/package/openjdk-bin/openjdk-bin.mk
@@ -6,10 +6,10 @@
ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
HOST_OPENJDK_BIN_VERSION_MAJOR = 17
-HOST_OPENJDK_BIN_VERSION_MINOR = 0.7_7
+HOST_OPENJDK_BIN_VERSION_MINOR = 0.8_7
else
HOST_OPENJDK_BIN_VERSION_MAJOR = 11
-HOST_OPENJDK_BIN_VERSION_MINOR = 0.19_7
+HOST_OPENJDK_BIN_VERSION_MINOR = 0.20_8
endif
ifeq ($(HOSTARCH),x86_64)
diff --git a/package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch b/package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
similarity index 100%
rename from package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
rename to package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
diff --git a/package/openjdk/openjdk.hash b/package/openjdk/openjdk.hash
index 3b36289628..ba398b84be 100644
--- a/package/openjdk/openjdk.hash
+++ b/package/openjdk/openjdk.hash
@@ -1,4 +1,4 @@
# Locally computed
-sha256 43b80a5aec5fce908e80858e9b34efdf1b49255a12ce303650325af65141d3e8 openjdk-17.0.7+7.tar.gz
-sha256 25fd9ab3042a284aa4e6348969403016404bc2706a4a02c149a0054fbe477337 openjdk-11.0.19+7.tar.gz
+sha256 643ff42dcdf8751e0fee716c1a1914ddc7348b174e871a5eb2636578a181f20d openjdk-17.0.8+7.tar.gz
+sha256 b2a37ef209ae7eaf8f34182b7c9aa3252af20a214d02970f96ce62242c805479 openjdk-11.0.20+8.tar.gz
sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 LICENSE
diff --git a/package/openjdk/openjdk.mk b/package/openjdk/openjdk.mk
index 39d461a87c..d1a2fa23ee 100644
--- a/package/openjdk/openjdk.mk
+++ b/package/openjdk/openjdk.mk
@@ -6,10 +6,10 @@
ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
OPENJDK_VERSION_MAJOR = 17
-OPENJDK_VERSION_MINOR = 0.7+7
+OPENJDK_VERSION_MINOR = 0.8+7
else
OPENJDK_VERSION_MAJOR = 11
-OPENJDK_VERSION_MINOR = 0.19+7
+OPENJDK_VERSION_MINOR = 0.20+8
endif
OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR)
OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
--
2.41.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH v2 1/1] package/openjdk{-bin}: security bump versions to 11.0.19+7 and 17.0.7+7
2023-08-28 18:56 [Buildroot] [PATCH v2 1/1] package/openjdk{-bin}: security bump versions to 11.0.19+7 and 17.0.7+7 Adam Duskett
@ 2023-08-29 12:33 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-08-29 12:33 UTC (permalink / raw)
To: Adam Duskett; +Cc: Tudor Holton, buildroot
Hello Adam,
On Mon, 28 Aug 2023 12:56:28 -0600
Adam Duskett <aduskett@gmail.com> wrote:
> For details, see the announcements:
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021900.html
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021899.html
> ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
> OPENJDK_VERSION_MAJOR = 17
> -OPENJDK_VERSION_MINOR = 0.7+7
> +OPENJDK_VERSION_MINOR = 0.8+7
> else
> OPENJDK_VERSION_MAJOR = 11
> -OPENJDK_VERSION_MINOR = 0.19+7
> +OPENJDK_VERSION_MINOR = 0.20+8
> endif
> OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR)
> OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
Something is wrong between your commit log/description and what the
commit is doing. The commit log is pointing to a bump to 11.0.19+7, but
we're already at 11.0.19+7 in Buildroot (your patch is updating to
11.0.20+8), and the commit log points to a bump to 17.0.7+7, but we're
already at 17.0.7+7 in Buildroot (your patch is updating to 17.0.8+7).
And therefore, the changelogs that you point to in your commit log,
that describe several CVEs as being fixed are not relevant to your
commit: they are related to the versions already in Buildroot.
Could you double check this?
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-08-29 12:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-28 18:56 [Buildroot] [PATCH v2 1/1] package/openjdk{-bin}: security bump versions to 11.0.19+7 and 17.0.7+7 Adam Duskett
2023-08-29 12:33 ` Thomas Petazzoni via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.