* [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7
@ 2023-08-30 15:59 Adam Duskett
2023-08-30 19:41 ` Arnout Vandecappelle via buildroot
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Adam Duskett @ 2023-08-30 15:59 UTC (permalink / raw)
To: buildroot; +Cc: Tudor Holton, Adam Duskett
Fixed the following security issues:
* CVEs
- CVE-2023-22006
- CVE-2023-22036
- CVE-2023-22041
- CVE-2023-22044
- CVE-2023-22045
- CVE-2023-22049
- CVE-2023-25193
* Security fixes
- JDK-8298676: Enhanced Look and Feel
- JDK-8300285: Enhance TLS data handling
- JDK-8300596: Enhance Jar Signature validation
- JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
- JDK-8302475: Enhance HTTP client file downloading
- JDK-8302483: Enhance ZIP performance
- JDK-8303376: Better launching of JDI
- JDK-8304468: Better array usages
- JDK-8305312: Enhanced path handling
- JDK-8308682: Enhance AES performance
For details, see the announcements:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024064.html
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024063.html
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/openjdk-bin/openjdk-bin.hash | 8 ++++----
package/openjdk-bin/openjdk-bin.mk | 4 ++--
.../0001-Add-ARCv2-ISA-processors-support-to-Zero.patch | 0
package/openjdk/openjdk.hash | 4 ++--
package/openjdk/openjdk.mk | 4 ++--
5 files changed, 10 insertions(+), 10 deletions(-)
rename package/openjdk/{17.0.7+7 => 17.0.8+7}/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch (100%)
diff --git a/package/openjdk-bin/openjdk-bin.hash b/package/openjdk-bin/openjdk-bin.hash
index eb9d7396e3..401e83e75e 100644
--- a/package/openjdk-bin/openjdk-bin.hash
+++ b/package/openjdk-bin/openjdk-bin.hash
@@ -1,10 +1,10 @@
# https://github.com/adoptium/temurin17-binaries/releases
-sha256 e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
-sha256 0084272404b89442871e0a1f112779844090532978ad4d4191b8d03fc6adfade OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.7_7.tar.gz
+sha256 aa5fc7d388fe544e5d85902e68399d5299e931f9b280d358a3cbee218d6017b0 OpenJDK17U-jdk_x64_linux_hotspot_17.0.8_7.tar.gz
+sha256 c43688163cfdcb1a6e6fe202cc06a51891df746b954c55dbd01430e7d7326d00 OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.8_7.tar.gz
# From https://github.com/adoptium/temurin11-binaries/releases
-sha256 5f19fb28aea3e28fcc402b73ce72f62b602992d48769502effe81c52ca39a581 OpenJDK11U-jdk_x64_linux_hotspot_11.0.19_7.tar.gz
-sha256 0c7763a19b4af4ef5fbae831781b5184e988d6f131d264482399eeaf51b6e254 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.19_7.tar.gz
+sha256 7a99258af2e3ee9047e90f1c0c1775fd6285085759501295358d934d662e01f9 OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz
+sha256 eb821c049c2d2f7c3fbf8ddcce2d608d3aa7d488700e76bfbbebabba93021748 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.20_8.tar.gz
# Locally calculated
sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 legal/java.prefs/LICENSE
diff --git a/package/openjdk-bin/openjdk-bin.mk b/package/openjdk-bin/openjdk-bin.mk
index dad846534b..616c8d917d 100644
--- a/package/openjdk-bin/openjdk-bin.mk
+++ b/package/openjdk-bin/openjdk-bin.mk
@@ -6,10 +6,10 @@
ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
HOST_OPENJDK_BIN_VERSION_MAJOR = 17
-HOST_OPENJDK_BIN_VERSION_MINOR = 0.7_7
+HOST_OPENJDK_BIN_VERSION_MINOR = 0.8_7
else
HOST_OPENJDK_BIN_VERSION_MAJOR = 11
-HOST_OPENJDK_BIN_VERSION_MINOR = 0.19_7
+HOST_OPENJDK_BIN_VERSION_MINOR = 0.20_8
endif
ifeq ($(HOSTARCH),x86_64)
diff --git a/package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch b/package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
similarity index 100%
rename from package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
rename to package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
diff --git a/package/openjdk/openjdk.hash b/package/openjdk/openjdk.hash
index 3b36289628..ba398b84be 100644
--- a/package/openjdk/openjdk.hash
+++ b/package/openjdk/openjdk.hash
@@ -1,4 +1,4 @@
# Locally computed
-sha256 43b80a5aec5fce908e80858e9b34efdf1b49255a12ce303650325af65141d3e8 openjdk-17.0.7+7.tar.gz
-sha256 25fd9ab3042a284aa4e6348969403016404bc2706a4a02c149a0054fbe477337 openjdk-11.0.19+7.tar.gz
+sha256 643ff42dcdf8751e0fee716c1a1914ddc7348b174e871a5eb2636578a181f20d openjdk-17.0.8+7.tar.gz
+sha256 b2a37ef209ae7eaf8f34182b7c9aa3252af20a214d02970f96ce62242c805479 openjdk-11.0.20+8.tar.gz
sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 LICENSE
diff --git a/package/openjdk/openjdk.mk b/package/openjdk/openjdk.mk
index 39d461a87c..d1a2fa23ee 100644
--- a/package/openjdk/openjdk.mk
+++ b/package/openjdk/openjdk.mk
@@ -6,10 +6,10 @@
ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
OPENJDK_VERSION_MAJOR = 17
-OPENJDK_VERSION_MINOR = 0.7+7
+OPENJDK_VERSION_MINOR = 0.8+7
else
OPENJDK_VERSION_MAJOR = 11
-OPENJDK_VERSION_MINOR = 0.19+7
+OPENJDK_VERSION_MINOR = 0.20+8
endif
OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR)
OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
--
2.41.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7
2023-08-30 15:59 [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7 Adam Duskett
@ 2023-08-30 19:41 ` Arnout Vandecappelle via buildroot
2023-08-30 20:02 ` Arnout Vandecappelle via buildroot
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Arnout Vandecappelle via buildroot @ 2023-08-30 19:41 UTC (permalink / raw)
To: Adam Duskett, buildroot; +Cc: Tudor Holton
On 30/08/2023 17:59, Adam Duskett wrote:
> Fixed the following security issues:
>
> * CVEs
> - CVE-2023-22006
> - CVE-2023-22036
> - CVE-2023-22041
> - CVE-2023-22044
> - CVE-2023-22045
> - CVE-2023-22049
> - CVE-2023-25193
> * Security fixes
> - JDK-8298676: Enhanced Look and Feel
> - JDK-8300285: Enhance TLS data handling
> - JDK-8300596: Enhance Jar Signature validation
> - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
> - JDK-8302475: Enhance HTTP client file downloading
> - JDK-8302483: Enhance ZIP performance
> - JDK-8303376: Better launching of JDI
> - JDK-8304468: Better array usages
> - JDK-8305312: Enhanced path handling
> - JDK-8308682: Enhance AES performance
>
> For details, see the announcements:
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024064.html
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024063.html
>
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> package/openjdk-bin/openjdk-bin.hash | 8 ++++----
> package/openjdk-bin/openjdk-bin.mk | 4 ++--
> .../0001-Add-ARCv2-ISA-processors-support-to-Zero.patch | 0
> package/openjdk/openjdk.hash | 4 ++--
> package/openjdk/openjdk.mk | 4 ++--
> 5 files changed, 10 insertions(+), 10 deletions(-)
> rename package/openjdk/{17.0.7+7 => 17.0.8+7}/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch (100%)
>
> diff --git a/package/openjdk-bin/openjdk-bin.hash b/package/openjdk-bin/openjdk-bin.hash
> index eb9d7396e3..401e83e75e 100644
> --- a/package/openjdk-bin/openjdk-bin.hash
> +++ b/package/openjdk-bin/openjdk-bin.hash
> @@ -1,10 +1,10 @@
> # https://github.com/adoptium/temurin17-binaries/releases
> -sha256 e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
> -sha256 0084272404b89442871e0a1f112779844090532978ad4d4191b8d03fc6adfade OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.7_7.tar.gz
> +sha256 aa5fc7d388fe544e5d85902e68399d5299e931f9b280d358a3cbee218d6017b0 OpenJDK17U-jdk_x64_linux_hotspot_17.0.8_7.tar.gz
> +sha256 c43688163cfdcb1a6e6fe202cc06a51891df746b954c55dbd01430e7d7326d00 OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.8_7.tar.gz
>
> # From https://github.com/adoptium/temurin11-binaries/releases
> -sha256 5f19fb28aea3e28fcc402b73ce72f62b602992d48769502effe81c52ca39a581 OpenJDK11U-jdk_x64_linux_hotspot_11.0.19_7.tar.gz
> -sha256 0c7763a19b4af4ef5fbae831781b5184e988d6f131d264482399eeaf51b6e254 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.19_7.tar.gz
> +sha256 7a99258af2e3ee9047e90f1c0c1775fd6285085759501295358d934d662e01f9 OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz
> +sha256 eb821c049c2d2f7c3fbf8ddcce2d608d3aa7d488700e76bfbbebabba93021748 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.20_8.tar.gz
>
> # Locally calculated
> sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 legal/java.prefs/LICENSE
> diff --git a/package/openjdk-bin/openjdk-bin.mk b/package/openjdk-bin/openjdk-bin.mk
> index dad846534b..616c8d917d 100644
> --- a/package/openjdk-bin/openjdk-bin.mk
> +++ b/package/openjdk-bin/openjdk-bin.mk
> @@ -6,10 +6,10 @@
>
> ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
> HOST_OPENJDK_BIN_VERSION_MAJOR = 17
> -HOST_OPENJDK_BIN_VERSION_MINOR = 0.7_7
> +HOST_OPENJDK_BIN_VERSION_MINOR = 0.8_7
> else
> HOST_OPENJDK_BIN_VERSION_MAJOR = 11
> -HOST_OPENJDK_BIN_VERSION_MINOR = 0.19_7
> +HOST_OPENJDK_BIN_VERSION_MINOR = 0.20_8
> endif
>
> ifeq ($(HOSTARCH),x86_64)
> diff --git a/package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch b/package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
> similarity index 100%
> rename from package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
> rename to package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
> diff --git a/package/openjdk/openjdk.hash b/package/openjdk/openjdk.hash
> index 3b36289628..ba398b84be 100644
> --- a/package/openjdk/openjdk.hash
> +++ b/package/openjdk/openjdk.hash
> @@ -1,4 +1,4 @@
> # Locally computed
> -sha256 43b80a5aec5fce908e80858e9b34efdf1b49255a12ce303650325af65141d3e8 openjdk-17.0.7+7.tar.gz
> -sha256 25fd9ab3042a284aa4e6348969403016404bc2706a4a02c149a0054fbe477337 openjdk-11.0.19+7.tar.gz
> +sha256 643ff42dcdf8751e0fee716c1a1914ddc7348b174e871a5eb2636578a181f20d openjdk-17.0.8+7.tar.gz
> +sha256 b2a37ef209ae7eaf8f34182b7c9aa3252af20a214d02970f96ce62242c805479 openjdk-11.0.20+8.tar.gz
> sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 LICENSE
> diff --git a/package/openjdk/openjdk.mk b/package/openjdk/openjdk.mk
> index 39d461a87c..d1a2fa23ee 100644
> --- a/package/openjdk/openjdk.mk
> +++ b/package/openjdk/openjdk.mk
> @@ -6,10 +6,10 @@
>
> ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
> OPENJDK_VERSION_MAJOR = 17
> -OPENJDK_VERSION_MINOR = 0.7+7
> +OPENJDK_VERSION_MINOR = 0.8+7
> else
> OPENJDK_VERSION_MAJOR = 11
> -OPENJDK_VERSION_MINOR = 0.19+7
> +OPENJDK_VERSION_MINOR = 0.20+8
> endif
> OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR)
> OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7
2023-08-30 15:59 [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7 Adam Duskett
2023-08-30 19:41 ` Arnout Vandecappelle via buildroot
@ 2023-08-30 20:02 ` Arnout Vandecappelle via buildroot
2023-08-30 21:58 ` Thomas Petazzoni via buildroot
2023-09-13 20:09 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Arnout Vandecappelle via buildroot @ 2023-08-30 20:02 UTC (permalink / raw)
To: Adam Duskett, buildroot; +Cc: Tudor Holton
On 30/08/2023 17:59, Adam Duskett wrote:
> Fixed the following security issues:
>
> * CVEs
> - CVE-2023-22006
> - CVE-2023-22036
> - CVE-2023-22041
> - CVE-2023-22044
> - CVE-2023-22045
> - CVE-2023-22049
> - CVE-2023-25193
> * Security fixes
> - JDK-8298676: Enhanced Look and Feel
> - JDK-8300285: Enhance TLS data handling
> - JDK-8300596: Enhance Jar Signature validation
> - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
> - JDK-8302475: Enhance HTTP client file downloading
> - JDK-8302483: Enhance ZIP performance
> - JDK-8303376: Better launching of JDI
> - JDK-8304468: Better array usages
> - JDK-8305312: Enhanced path handling
> - JDK-8308682: Enhance AES performance
>
> For details, see the announcements:
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024064.html
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024063.html
>
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> package/openjdk-bin/openjdk-bin.hash | 8 ++++----
> package/openjdk-bin/openjdk-bin.mk | 4 ++--
> .../0001-Add-ARCv2-ISA-processors-support-to-Zero.patch | 0
> package/openjdk/openjdk.hash | 4 ++--
> package/openjdk/openjdk.mk | 4 ++--
> 5 files changed, 10 insertions(+), 10 deletions(-)
> rename package/openjdk/{17.0.7+7 => 17.0.8+7}/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch (100%)
You forgot to apply this rename to the .checkpackageignore file as well. So I
pushed a follow-up commit fixing that.
Regards,
Arnout
>
> diff --git a/package/openjdk-bin/openjdk-bin.hash b/package/openjdk-bin/openjdk-bin.hash
> index eb9d7396e3..401e83e75e 100644
> --- a/package/openjdk-bin/openjdk-bin.hash
> +++ b/package/openjdk-bin/openjdk-bin.hash
> @@ -1,10 +1,10 @@
> # https://github.com/adoptium/temurin17-binaries/releases
> -sha256 e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
> -sha256 0084272404b89442871e0a1f112779844090532978ad4d4191b8d03fc6adfade OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.7_7.tar.gz
> +sha256 aa5fc7d388fe544e5d85902e68399d5299e931f9b280d358a3cbee218d6017b0 OpenJDK17U-jdk_x64_linux_hotspot_17.0.8_7.tar.gz
> +sha256 c43688163cfdcb1a6e6fe202cc06a51891df746b954c55dbd01430e7d7326d00 OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.8_7.tar.gz
>
> # From https://github.com/adoptium/temurin11-binaries/releases
> -sha256 5f19fb28aea3e28fcc402b73ce72f62b602992d48769502effe81c52ca39a581 OpenJDK11U-jdk_x64_linux_hotspot_11.0.19_7.tar.gz
> -sha256 0c7763a19b4af4ef5fbae831781b5184e988d6f131d264482399eeaf51b6e254 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.19_7.tar.gz
> +sha256 7a99258af2e3ee9047e90f1c0c1775fd6285085759501295358d934d662e01f9 OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz
> +sha256 eb821c049c2d2f7c3fbf8ddcce2d608d3aa7d488700e76bfbbebabba93021748 OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.20_8.tar.gz
>
> # Locally calculated
> sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 legal/java.prefs/LICENSE
> diff --git a/package/openjdk-bin/openjdk-bin.mk b/package/openjdk-bin/openjdk-bin.mk
> index dad846534b..616c8d917d 100644
> --- a/package/openjdk-bin/openjdk-bin.mk
> +++ b/package/openjdk-bin/openjdk-bin.mk
> @@ -6,10 +6,10 @@
>
> ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
> HOST_OPENJDK_BIN_VERSION_MAJOR = 17
> -HOST_OPENJDK_BIN_VERSION_MINOR = 0.7_7
> +HOST_OPENJDK_BIN_VERSION_MINOR = 0.8_7
> else
> HOST_OPENJDK_BIN_VERSION_MAJOR = 11
> -HOST_OPENJDK_BIN_VERSION_MINOR = 0.19_7
> +HOST_OPENJDK_BIN_VERSION_MINOR = 0.20_8
> endif
>
> ifeq ($(HOSTARCH),x86_64)
> diff --git a/package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch b/package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
> similarity index 100%
> rename from package/openjdk/17.0.7+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
> rename to package/openjdk/17.0.8+7/0001-Add-ARCv2-ISA-processors-support-to-Zero.patch
> diff --git a/package/openjdk/openjdk.hash b/package/openjdk/openjdk.hash
> index 3b36289628..ba398b84be 100644
> --- a/package/openjdk/openjdk.hash
> +++ b/package/openjdk/openjdk.hash
> @@ -1,4 +1,4 @@
> # Locally computed
> -sha256 43b80a5aec5fce908e80858e9b34efdf1b49255a12ce303650325af65141d3e8 openjdk-17.0.7+7.tar.gz
> -sha256 25fd9ab3042a284aa4e6348969403016404bc2706a4a02c149a0054fbe477337 openjdk-11.0.19+7.tar.gz
> +sha256 643ff42dcdf8751e0fee716c1a1914ddc7348b174e871a5eb2636578a181f20d openjdk-17.0.8+7.tar.gz
> +sha256 b2a37ef209ae7eaf8f34182b7c9aa3252af20a214d02970f96ce62242c805479 openjdk-11.0.20+8.tar.gz
> sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 LICENSE
> diff --git a/package/openjdk/openjdk.mk b/package/openjdk/openjdk.mk
> index 39d461a87c..d1a2fa23ee 100644
> --- a/package/openjdk/openjdk.mk
> +++ b/package/openjdk/openjdk.mk
> @@ -6,10 +6,10 @@
>
> ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
> OPENJDK_VERSION_MAJOR = 17
> -OPENJDK_VERSION_MINOR = 0.7+7
> +OPENJDK_VERSION_MINOR = 0.8+7
> else
> OPENJDK_VERSION_MAJOR = 11
> -OPENJDK_VERSION_MINOR = 0.19+7
> +OPENJDK_VERSION_MINOR = 0.20+8
> endif
> OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR)
> OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7
2023-08-30 15:59 [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7 Adam Duskett
2023-08-30 19:41 ` Arnout Vandecappelle via buildroot
2023-08-30 20:02 ` Arnout Vandecappelle via buildroot
@ 2023-08-30 21:58 ` Thomas Petazzoni via buildroot
2023-09-13 20:09 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-08-30 21:58 UTC (permalink / raw)
To: Adam Duskett; +Cc: Tudor Holton, buildroot
Hello Adam,
On Wed, 30 Aug 2023 09:59:26 -0600
Adam Duskett <aduskett@gmail.com> wrote:
> Fixed the following security issues:
>
> * CVEs
> - CVE-2023-22006
> - CVE-2023-22036
> - CVE-2023-22041
> - CVE-2023-22044
> - CVE-2023-22045
> - CVE-2023-22049
> - CVE-2023-25193
One thing that bothers me is that none of these CVEs were identified by our pkg-stats script:
http://autobuild.buildroot.net/stats/master.html
https://nvd.nist.gov/vuln/detail/CVE-2023-25193 is reported against
harfbuzz, not openjdk. Are we using a vendored version of harfbuzz in
openjdk?
Could you check the other CVEs and figure out why pkg-stats doesn't find them?
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7
2023-08-30 15:59 [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7 Adam Duskett
` (2 preceding siblings ...)
2023-08-30 21:58 ` Thomas Petazzoni via buildroot
@ 2023-09-13 20:09 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2023-09-13 20:09 UTC (permalink / raw)
To: Adam Duskett; +Cc: Tudor Holton, buildroot
>>>>> "Adam" == Adam Duskett <aduskett@gmail.com> writes:
> Fixed the following security issues:
> * CVEs
> - CVE-2023-22006
> - CVE-2023-22036
> - CVE-2023-22041
> - CVE-2023-22044
> - CVE-2023-22045
> - CVE-2023-22049
> - CVE-2023-25193
> * Security fixes
> - JDK-8298676: Enhanced Look and Feel
> - JDK-8300285: Enhance TLS data handling
> - JDK-8300596: Enhance Jar Signature validation
> - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
> - JDK-8302475: Enhance HTTP client file downloading
> - JDK-8302483: Enhance ZIP performance
> - JDK-8303376: Better launching of JDI
> - JDK-8304468: Better array usages
> - JDK-8305312: Enhanced path handling
> - JDK-8308682: Enhance AES performance
> For details, see the announcements:
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024064.html
> https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024063.html
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
Committed to 2023.02.x and 2023.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-09-13 20:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-30 15:59 [Buildroot] [PATCH 1/1] package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7 Adam Duskett
2023-08-30 19:41 ` Arnout Vandecappelle via buildroot
2023-08-30 20:02 ` Arnout Vandecappelle via buildroot
2023-08-30 21:58 ` Thomas Petazzoni via buildroot
2023-09-13 20:09 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).