All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-java][dunfell] [PATCH] xerces-j: Upgrade to 2.12.2
@ 2022-07-04 12:45 Neetika
  2022-07-04 14:19 ` [OE-core] " Steve Sakoman
  0 siblings, 1 reply; 4+ messages in thread
From: Neetika @ 2022-07-04 12:45 UTC (permalink / raw)
  To: openembedded-core, raj.khem; +Cc: Neetika Singh

From: Neetika Singh <Neetika.Singh@kpit.com>

As per below links CVE-2022-23437 is fixed by upgrade of
xerces-j version to 2.12.2.
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-23437
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=743111a72f39a1b24f87bd1b2fc32ef707b41407

Hence upgrade the version.

Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
---
 .../xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb}   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename recipes-core/xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb} (88%)

diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.12.2.bb
similarity index 88%
rename from recipes-core/xerces-j/xerces-j_2.11.0.bb
rename to recipes-core/xerces-j/xerces-j_2.12.2.bb
index fda6fe4..bc2780e 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.12.2.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = " \
                     file://LICENSE.serializer.txt;md5=d229da563da18fe5d58cd95a6467d584 \
                    "

-SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
+SRC_URI = "http://archive.apache.org/dist/xerces/j/source/Xerces-J-src.${PV}.tar.gz"

 # CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
 # Already fixed with updates and closed.
@@ -20,7 +20,7 @@ SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
 # https://bugzilla.redhat.com/show_bug.cgi?id=1567542
 CVE_CHECK_WHITELIST += "CVE-2018-2799"

-S = "${WORKDIR}/xerces-2_11_0"
+S = "${WORKDIR}/xerces-2_12_2"

 inherit java-library

@@ -63,7 +63,7 @@ do_compile() {

 }

-SRC_URI[md5sum] = "d01fc11eacbe43b45681cb85ac112ebf"
-SRC_URI[sha256sum] = "f59a5ef7b51bd883f2e9bda37a9360692e6c5e439b98d9b6ac1953e1f98b0680"
+SRC_URI[md5sum] = "41dde3c515fca8d307416123bc07a739"
+SRC_URI[sha256sum] = "6dd1ebd4c88e935c182375346cd7365514bd8dd2ad2f30f0d0b05257bab34ee8"

 BBCLASSEXTEND = "native"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [OE-core] [meta-java][dunfell] [PATCH] xerces-j: Upgrade to 2.12.2
  2022-07-04 12:45 [meta-java][dunfell] [PATCH] xerces-j: Upgrade to 2.12.2 Neetika
@ 2022-07-04 14:19 ` Steve Sakoman
  0 siblings, 0 replies; 4+ messages in thread
From: Steve Sakoman @ 2022-07-04 14:19 UTC (permalink / raw)
  To: Neetika.Singh; +Cc: openembedded-core, raj.khem

Since this is a patch for meta-java it should be sent to:
openembedded-devel@lists.openembedded.org

Also, it shouldn't be tagged for [oe-core], just [meta-java]

Steve

On Mon, Jul 4, 2022 at 2:45 AM Neetika.Singh via
lists.openembedded.org <Neetika.Singh=kpit.com@lists.openembedded.org>
wrote:
>
> From: Neetika Singh <Neetika.Singh@kpit.com>
>
> As per below links CVE-2022-23437 is fixed by upgrade of
> xerces-j version to 2.12.2.
> https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-23437
> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=743111a72f39a1b24f87bd1b2fc32ef707b41407
>
> Hence upgrade the version.
>
> Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
> ---
>  .../xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb}   | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>  rename recipes-core/xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb} (88%)
>
> diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.12.2.bb
> similarity index 88%
> rename from recipes-core/xerces-j/xerces-j_2.11.0.bb
> rename to recipes-core/xerces-j/xerces-j_2.12.2.bb
> index fda6fe4..bc2780e 100644
> --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
> +++ b/recipes-core/xerces-j/xerces-j_2.12.2.bb
> @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = " \
>                      file://LICENSE.serializer.txt;md5=d229da563da18fe5d58cd95a6467d584 \
>                     "
>
> -SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
> +SRC_URI = "http://archive.apache.org/dist/xerces/j/source/Xerces-J-src.${PV}.tar.gz"
>
>  # CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
>  # Already fixed with updates and closed.
> @@ -20,7 +20,7 @@ SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
>  # https://bugzilla.redhat.com/show_bug.cgi?id=1567542
>  CVE_CHECK_WHITELIST += "CVE-2018-2799"
>
> -S = "${WORKDIR}/xerces-2_11_0"
> +S = "${WORKDIR}/xerces-2_12_2"
>
>  inherit java-library
>
> @@ -63,7 +63,7 @@ do_compile() {
>
>  }
>
> -SRC_URI[md5sum] = "d01fc11eacbe43b45681cb85ac112ebf"
> -SRC_URI[sha256sum] = "f59a5ef7b51bd883f2e9bda37a9360692e6c5e439b98d9b6ac1953e1f98b0680"
> +SRC_URI[md5sum] = "41dde3c515fca8d307416123bc07a739"
> +SRC_URI[sha256sum] = "6dd1ebd4c88e935c182375346cd7365514bd8dd2ad2f30f0d0b05257bab34ee8"
>
>  BBCLASSEXTEND = "native"
> --
> 2.17.1
>
> This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#167604): https://lists.openembedded.org/g/openembedded-core/message/167604
> Mute This Topic: https://lists.openembedded.org/mt/92163687/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [meta-java][dunfell][PATCH] xerces-j: Upgrade to 2.12.2
  2022-07-07  8:52 [meta-java][dunfell][PATCH] " Neetika
@ 2023-03-09 10:55 ` virendrak
  0 siblings, 0 replies; 4+ messages in thread
From: virendrak @ 2023-03-09 10:55 UTC (permalink / raw)
  To: openembedded-devel

[-- Attachment #1: Type: text/plain, Size: 217 bytes --]

It has been a long time since meta-java not getting updated.

https://git.yoctoproject.org/meta-java/commit/?h=dunfell-next&id=6d5620541584e20e195783dc025314a8a29e655b

This change still present in dunfell-next.

[-- Attachment #2: Type: text/html, Size: 404 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [meta-java][dunfell][PATCH] xerces-j: Upgrade to 2.12.2
@ 2022-07-07  8:52 Neetika
  2023-03-09 10:55 ` virendrak
  0 siblings, 1 reply; 4+ messages in thread
From: Neetika @ 2022-07-07  8:52 UTC (permalink / raw)
  To: openembedded-devel, raj.khem; +Cc: Neetika Singh

From: Neetika Singh <Neetika.Singh@kpit.com>

As per below links CVE-2022-23437 is fixed by upgrade of
xerces-j version to 2.12.2.
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-23437
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=743111a72f39a1b24f87bd1b2fc32ef707b41407

Hence upgrade the version.

Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
---
 .../xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb}   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename recipes-core/xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb} (88%)

diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.12.2.bb
similarity index 88%
rename from recipes-core/xerces-j/xerces-j_2.11.0.bb
rename to recipes-core/xerces-j/xerces-j_2.12.2.bb
index fda6fe4..bc2780e 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.12.2.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = " \
                     file://LICENSE.serializer.txt;md5=d229da563da18fe5d58cd95a6467d584 \
                    "

-SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
+SRC_URI = "http://archive.apache.org/dist/xerces/j/source/Xerces-J-src.${PV}.tar.gz"

 # CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
 # Already fixed with updates and closed.
@@ -20,7 +20,7 @@ SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
 # https://bugzilla.redhat.com/show_bug.cgi?id=1567542
 CVE_CHECK_WHITELIST += "CVE-2018-2799"

-S = "${WORKDIR}/xerces-2_11_0"
+S = "${WORKDIR}/xerces-2_12_2"

 inherit java-library

@@ -63,7 +63,7 @@ do_compile() {

 }

-SRC_URI[md5sum] = "d01fc11eacbe43b45681cb85ac112ebf"
-SRC_URI[sha256sum] = "f59a5ef7b51bd883f2e9bda37a9360692e6c5e439b98d9b6ac1953e1f98b0680"
+SRC_URI[md5sum] = "41dde3c515fca8d307416123bc07a739"
+SRC_URI[sha256sum] = "6dd1ebd4c88e935c182375346cd7365514bd8dd2ad2f30f0d0b05257bab34ee8"

 BBCLASSEXTEND = "native"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-03-09 11:57 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-04 12:45 [meta-java][dunfell] [PATCH] xerces-j: Upgrade to 2.12.2 Neetika
2022-07-04 14:19 ` [OE-core] " Steve Sakoman
2022-07-07  8:52 [meta-java][dunfell][PATCH] " Neetika
2023-03-09 10:55 ` virendrak

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.