* [Buildroot] [PATCH v2 1/1] package/openjdk{-bin}: security bump versions to 11.0.19+7 and 17.0.7+7
@ 2023-08-28 18:56 Adam Duskett
2023-08-29 12:33 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Adam Duskett @ 2023-08-28 18:56 UTC (permalink / raw)
To: buildroot; +Cc: Tudor Holton, Adam Duskett
Fixes the following security issues:
* CVEs
- CVE-2023-21930
- CVE-2023-21937
- CVE-2023-21938
- CVE-2023-21939
- CVE-2023-21954
- CVE-2023-21967
- CVE-2023-21968
* Security fixes
- JDK-8287404: Improve ping times
- JDK-8288436: Improve Xalan supports
- JDK-8294474: Better AES support
- JDK-8295304: Runtime support improvements
- JDK-8296676, JDK-8296622: Improve String platform support
- JDK-8296684: Improve String platform support
- JDK-8296692: Improve String platform support
- JDK-8296832: Improve Swing platform support
- JDK-8297371: Improve UTF8 representation redux
- JDK-8298191: Enhance object reclamation process
- JDK-8298310: Enhance TLS session negotiation
- JDK-8298667: Improved path handling
- JDK-8299129: Enhance NameService lookups
For details, see the announcements:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021900.html
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021899.html
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
v1 -> v2:
- Add missing openjdk-bin updates
package/openjdk-bin/openjdk-bin.hash | 8 ++++----
package/openjdk-bin/openjdk-bin.mk | 4 ++--
.../0001-Add-ARCv2-ISA-processors-support-to-Zero.patch | 0
package/openjdk/openjdk.hash | 4 ++--
package/openjdk/openjdk.mk | 4 ++--
5 files changed, 10 insertions(+), 10 deletions(-)
rename package/openjdk/{17.0.7+7 => 17.0.8+7}/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch (100%)
diff --git a/package/openjdk-bin/openjdk-bin.hash b/package/openjdk-bin/openjdk-bin.hash
index eb9d7396e3..401e83e75e 100644
--- a/package/openjdk-bin/openjdk-bin.hash
+++ b/package/openjdk-bin/openjdk-bin.hash
@@ -1,10 +1,10 @@
# https://github.com/adoptium/temurin17-binaries/releases
-sha256 e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
-sha256 0084272404b89442871e0a1f112779844090532978ad4d4191b8d03fc6adfade OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.7_7.tar.gz
+sha256 aa5fc7d388fe544e5d85902e68399d5299e931f9b280d358a3cbee218d6017b0 OpenJDK17U-jdk_x64_linux_hotspot_17.0.8_7.tar.gz
+sha256 c43688163cfdcb1a6e6fe202cc06a51891df746b954c55dbd01430e7d7326d00 OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.8_7.tar.gz
# From https://github.com/adoptium/temurin11-binaries/releases
-sha256 5f19fb28aea3e28fcc402b73ce72f62b602992d48769502effe81c52ca39a581 OpenJDK11U-jdk_x64_linux_hotspot_11.0.19_7.tar.gz
-sha256 0c7763a19b4af4ef5fbae831781b5184e988d6f131d264482399eeaf51b6e254 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.19_7.tar.gz
+sha256 7a99258af2e3ee9047e90f1c0c1775fd6285085759501295358d934d662e01f9 OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz
+sha256 eb821c049c2d2f7c3fbf8ddcce2d608d3aa7d488700e76bfbbebabba93021748 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.20_8.tar.gz
# Locally calculated
sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 legal/java.prefs/LICENSE
diff --git a/package/openjdk-bin/openjdk-bin.mk b/package/openjdk-bin/openjdk-bin.mk
index dad846534b..616c8d917d 100644
--- a/package/openjdk-bin/openjdk-bin.mk
+++ b/package/openjdk-bin/openjdk-bin.mk
@@ -6,10 +6,10 @@
ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
HOST_OPENJDK_BIN_VERSION_MAJOR = 17
-HOST_OPENJDK_BIN_VERSION_MINOR = 0.7_7
+HOST_OPENJDK_BIN_VERSION_MINOR = 0.8_7
else
HOST_OPENJDK_BIN_VERSION_MAJOR = 11
-HOST_OPENJDK_BIN_VERSION_MINOR = 0.19_7
+HOST_OPENJDK_BIN_VERSION_MINOR = 0.20_8
endif
ifeq ($(HOSTARCH),x86_64)
diff --git a/package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch b/package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
similarity index 100%
rename from package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
rename to package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
diff --git a/package/openjdk/openjdk.hash b/package/openjdk/openjdk.hash
index 3b36289628..ba398b84be 100644
--- a/package/openjdk/openjdk.hash
+++ b/package/openjdk/openjdk.hash
@@ -1,4 +1,4 @@
# Locally computed
-sha256 43b80a5aec5fce908e80858e9b34efdf1b49255a12ce303650325af65141d3e8 openjdk-17.0.7+7.tar.gz
-sha256 25fd9ab3042a284aa4e6348969403016404bc2706a4a02c149a0054fbe477337 openjdk-11.0.19+7.tar.gz
+sha256 643ff42dcdf8751e0fee716c1a1914ddc7348b174e871a5eb2636578a181f20d openjdk-17.0.8+7.tar.gz
+sha256 b2a37ef209ae7eaf8f34182b7c9aa3252af20a214d02970f96ce62242c805479 openjdk-11.0.20+8.tar.gz
sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 LICENSE
diff --git a/package/openjdk/openjdk.mk b/package/openjdk/openjdk.mk
index 39d461a87c..d1a2fa23ee 100644
--- a/package/openjdk/openjdk.mk
+++ b/package/openjdk/openjdk.mk
@@ -6,10 +6,10 @@
ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
OPENJDK_VERSION_MAJOR = 17
-OPENJDK_VERSION_MINOR = 0.7+7
+OPENJDK_VERSION_MINOR = 0.8+7
else
OPENJDK_VERSION_MAJOR = 11
-OPENJDK_VERSION_MINOR = 0.19+7
+OPENJDK_VERSION_MINOR = 0.20+8
endif
OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR)
OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
--
2.41.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [Buildroot] [PATCH v2 1/1] package/openjdk{-bin}: security bump versions to 11.0.19+7 and 17.0.7+7
2023-08-28 18:56 [Buildroot] [PATCH v2 1/1] package/openjdk{-bin}: security bump versions to 11.0.19+7 and 17.0.7+7 Adam Duskett
@ 2023-08-29 12:33 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-08-29 12:33 UTC (permalink / raw)
To: Adam Duskett; +Cc: Tudor Holton, buildroot
Hello Adam,
On Mon, 28 Aug 2023 12:56:28 -0600
Adam Duskett <aduskett@gmail.com> wrote:
> For details, see the announcements:
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021900.html
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021899.html
> ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
> OPENJDK_VERSION_MAJOR = 17
> -OPENJDK_VERSION_MINOR = 0.7+7
> +OPENJDK_VERSION_MINOR = 0.8+7
> else
> OPENJDK_VERSION_MAJOR = 11
> -OPENJDK_VERSION_MINOR = 0.19+7
> +OPENJDK_VERSION_MINOR = 0.20+8
> endif
> OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR)
> OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
Something is wrong between your commit log/description and what the
commit is doing. The commit log is pointing to a bump to 11.0.19+7, but
we're already at 11.0.19+7 in Buildroot (your patch is updating to
11.0.20+8), and the commit log points to a bump to 17.0.7+7, but we're
already at 17.0.7+7 in Buildroot (your patch is updating to 17.0.8+7).
And therefore, the changelogs that you point to in your commit log,
that describe several CVEs as being fixed are not relevant to your
commit: they are related to the versions already in Buildroot.
Could you double check this?
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-08-29 12:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-28 18:56 [Buildroot] [PATCH v2 1/1] package/openjdk{-bin}: security bump versions to 11.0.19+7 and 17.0.7+7 Adam Duskett
2023-08-29 12:33 ` Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox