891323 – <dev-java/openjdk{,-jre-bin,-bin}-{8.362_p09,11.0.18_p10,17.0.6,_p10}: multiple vulnerabilities (Oracle CPU Jan 2023)

Bug 891323 - <dev-java/openjdk{,-jre-bin,-bin}-{8.362_p09,11.0.18_p10,17.0.6,_p10}: multiple vulnerabilities (Oracle CPU Jan 2023)

Summary: <dev-java/openjdk{,-jre-bin,-bin}-{8.362_p09,11.0.18_p10,17.0.6,_p10}: multip...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://openjdk.org/groups/vulnerabil...
Whiteboard:	B3 [glsa+]
Keywords:

Depends on:	891421
Blocks:	CVE-2023-21830, CVE-2023-21835, CVE-2023-21843
	Show dependency tree

Reported:	2023-01-18 18:08 UTC by John Helmert III
Modified:	2024-01-17 13:47 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-01-18 18:08:50 UTC

CVE-2023-21835:

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2023-21830:

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVE-2023-21843:

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

I don't think we have any upstream update yet.

Comment 1 John Helmert III archtester

2023-01-18 20:18:31 UTC

https://openjdk.org/groups/vulnerability/advisories/2023-01-17 says:

These issues have been addressed, as applicable, in the following releases:
  7u371, 8u362, 11.0.18, 13.0.14, 15.0.10, 17.0.6, and 19.0.2

So, need bumps to 8.362, 11.0.18, 17.0.6.

Comment 2 Larry the Git Cow gentoo-dev

2023-01-19 21:40:35 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d878000c5cbb136ef5c4c8c4879e062e67cbf4cf

commit d878000c5cbb136ef5c4c8c4879e062e67cbf4cf
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-19 21:25:03 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-19 21:39:58 +0000

    dev-java/openjdk: add 17.0.6_p10
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                  |   1 +
 dev-java/openjdk/openjdk-17.0.6_p10.ebuild | 314 +++++++++++++++++++++++++++++
 2 files changed, 315 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd328a9d99f784117be6d55fd0cb805f441684e9

commit bd328a9d99f784117be6d55fd0cb805f441684e9
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-19 21:23:22 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-19 21:39:58 +0000

    dev-java/openjdk: add 11.0.18_p10
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                   |   1 +
 dev-java/openjdk/openjdk-11.0.18_p10.ebuild | 300 ++++++++++++++++++++++++++++
 2 files changed, 301 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1d71c78d4b4453f05d02e7fb4755c1f253d283e

commit d1d71c78d4b4453f05d02e7fb4755c1f253d283e
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-19 21:21:07 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-19 21:39:57 +0000

    dev-java/openjdk: add 8.362_p09
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                 |   1 +
 dev-java/openjdk/openjdk-8.362_p09.ebuild | 229 ++++++++++++++++++++++++++++++
 2 files changed, 230 insertions(+)

Comment 3 Georgy Yakovlev archtester

2023-01-19 21:41:08 UTC

bins will come later, not ready yet at https://adoptium.net/temurin/releases

Comment 4 Larry the Git Cow gentoo-dev

2023-01-21 22:23:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9592aa157abd277bd02f7011f8a4e32e37e49d09

commit 9592aa157abd277bd02f7011f8a4e32e37e49d09
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:21:26 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:22:16 +0000

    dev-java/openjdk-bin: add 17.0.6_p10
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                      |   3 +
 dev-java/openjdk-bin/openjdk-bin-17.0.6_p10.ebuild | 137 +++++++++++++++++++++
 2 files changed, 140 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98a385f9a7de6f373f5ab0baddca7f2f6615f1d6

commit 98a385f9a7de6f373f5ab0baddca7f2f6615f1d6
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:13:23 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:22:10 +0000

    dev-java/openjdk-bin: add 11.0.18_p10
    
    amd64 arm macos only for now
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                      |   3 +
 .../openjdk-bin/openjdk-bin-11.0.18_p10.ebuild     | 136 +++++++++++++++++++++
 2 files changed, 139 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc7e3dc3774ef92459333fad986e7c96263450ee

commit fc7e3dc3774ef92459333fad986e7c96263450ee
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:00:38 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:15:24 +0000

    dev-java/openjdk-bin: add 8.362_p09
    
    amd64 only + macos, not all tarballs ready yet
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                     |   2 +
 dev-java/openjdk-bin/openjdk-bin-8.362_p09.ebuild | 133 ++++++++++++++++++++++
 2 files changed, 135 insertions(+)

Comment 5 Larry the Git Cow gentoo-dev

2023-01-21 22:33:25 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=532421733ef6f3efb24e5485203a9239b93eb77b

commit 532421733ef6f3efb24e5485203a9239b93eb77b
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:31:54 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:33:04 +0000

    dev-java/openjdk-jre-bin: add 17.0.6_p10
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  1 +
 .../openjdk-jre-bin-17.0.6_p10.ebuild              | 83 ++++++++++++++++++++++
 2 files changed, 84 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fd3efaea583c847864718dbb0e9dd1e9192ab46

commit 2fd3efaea583c847864718dbb0e9dd1e9192ab46
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:31:07 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:33:03 +0000

    dev-java/openjdk-jre-bin: add 11.0.18_p10
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  1 +
 .../openjdk-jre-bin-11.0.18_p10.ebuild             | 83 ++++++++++++++++++++++
 2 files changed, 84 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ce12c1a7574f6a8b8c2c03d323520a48d53a480

commit 0ce12c1a7574f6a8b8c2c03d323520a48d53a480
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:30:23 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:33:03 +0000

    dev-java/openjdk-jre-bin: add 8.362_p09
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  1 +
 .../openjdk-jre-bin-8.362_p09.ebuild               | 82 ++++++++++++++++++++++
 2 files changed, 83 insertions(+)

Comment 6 Larry the Git Cow gentoo-dev

2023-01-21 22:37:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794b73966093c72d8d82d28be735c5c638d79388

commit 794b73966093c72d8d82d28be735c5c638d79388
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:36:40 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:36:40 +0000

    dev-java/openjdk-jre-bin: drop 17.0.4.1_p1, 17.0.5_p8
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  2 -
 .../openjdk-jre-bin-17.0.4.1_p1.ebuild             | 83 ----------------------
 .../openjdk-jre-bin-17.0.5_p8.ebuild               | 83 ----------------------
 3 files changed, 168 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d685fef005698e0e88d04e9a637bf75f53cf1cff

commit d685fef005698e0e88d04e9a637bf75f53cf1cff
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:36:06 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:36:06 +0000

    dev-java/openjdk-jre-bin: drop 11.0.14_p9-r1, 11.0.16.1_p1, 11.0.17_p8
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  3 -
 .../openjdk-jre-bin-11.0.14_p9-r1.ebuild           | 83 ----------------------
 .../openjdk-jre-bin-11.0.16.1_p1.ebuild            | 83 ----------------------
 .../openjdk-jre-bin-11.0.17_p8.ebuild              | 83 ----------------------
 4 files changed, 252 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4fd5e13b473d164d949ec5417dc657fb5d51be1

commit e4fd5e13b473d164d949ec5417dc657fb5d51be1
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-21 22:35:23 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-21 22:35:23 +0000

    dev-java/openjdk-jre-bin: drop 8.322_p06, 8.345_p01, 8.352_p08
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  3 -
 .../openjdk-jre-bin-8.322_p06.ebuild               | 82 ----------------------
 .../openjdk-jre-bin-8.345_p01.ebuild               | 82 ----------------------
 .../openjdk-jre-bin-8.352_p08.ebuild               | 82 ----------------------
 4 files changed, 249 deletions(-)

Comment 7 Larry the Git Cow gentoo-dev

2023-01-22 23:13:15 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02e936a9e99842055b3c11d6912ec91a84708357

commit 02e936a9e99842055b3c11d6912ec91a84708357
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-22 23:05:06 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-22 23:13:09 +0000

    dev-java/openjdk-jre-bin: drop 8.332_p09, 11.0.15_p10, 17.0.3_p7
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  3 -
 dev-java/openjdk-jre-bin/metadata.xml              |  1 -
 .../openjdk-jre-bin-11.0.15_p10.ebuild             | 83 ----------------------
 .../openjdk-jre-bin-17.0.3_p7.ebuild               | 83 ----------------------
 .../openjdk-jre-bin-8.332_p09.ebuild               | 82 ---------------------
 5 files changed, 252 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e83945d120669e316ef333f3f0f8ce2df83d8f40

commit e83945d120669e316ef333f3f0f8ce2df83d8f40
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-22 23:04:08 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-22 23:13:08 +0000

    dev-java/openjdk: drop 17.0.3_p7-r1, 17.0.4.1_p1, 17.0.5_p8
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                          |   4 -
 .../files/openjdk-17.0.3-fix-nullptr-cast.patch    | 111 --------
 dev-java/openjdk/openjdk-17.0.3_p7-r1.ebuild       | 315 --------------------
 dev-java/openjdk/openjdk-17.0.4.1_p1.ebuild        | 316 ---------------------
 dev-java/openjdk/openjdk-17.0.5_p8.ebuild          | 314 --------------------
 5 files changed, 1060 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f693412522966cc92ccc3a142bf7318f448fd78

commit 4f693412522966cc92ccc3a142bf7318f448fd78
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-22 23:03:28 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-22 23:13:07 +0000

    dev-java/openjdk: drop 11.0.15_p10-r1, 11.0.16.1_p1, 11.0.17_p8
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                      |   3 -
 dev-java/openjdk/openjdk-11.0.15_p10-r1.ebuild | 300 -------------------------
 dev-java/openjdk/openjdk-11.0.16.1_p1.ebuild   | 300 -------------------------
 dev-java/openjdk/openjdk-11.0.17_p8.ebuild     | 300 -------------------------
 4 files changed, 903 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4bf4af9a114213da20ee9553c543b0249affe400

commit 4bf4af9a114213da20ee9553c543b0249affe400
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-22 23:02:57 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-22 23:13:07 +0000

    dev-java/openjdk: drop 8.332_p09, 8.345_p01, 8.352_p08
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                 |   3 -
 dev-java/openjdk/openjdk-8.332_p09.ebuild | 229 ------------------------------
 dev-java/openjdk/openjdk-8.345_p01.ebuild | 229 ------------------------------
 dev-java/openjdk/openjdk-8.352_p08.ebuild | 229 ------------------------------
 4 files changed, 690 deletions(-)

Comment 8 John Helmert III archtester

2023-01-23 04:03:22 UTC

Thanks! Please stabilize when ready

Comment 9 John Helmert III archtester

2023-01-23 04:24:56 UTC

(In reply to John Helmert III from comment #8)
> Thanks! Please stabilize when ready

Ah, sorry, stablereq is already filed.

Comment 10 Larry the Git Cow gentoo-dev

2023-01-24 05:26:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=733834545d0d772a7b3e2ecd8821019b594d2367

commit 733834545d0d772a7b3e2ecd8821019b594d2367
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-24 05:19:11 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-24 05:25:56 +0000

    dev-java/openjdk-bin: add some missing tarballs
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                       | 2 ++
 dev-java/openjdk-bin/openjdk-bin-11.0.18_p10.ebuild | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65fcf60898f2c0e4705230639c7c7c2551c89cee

commit 65fcf60898f2c0e4705230639c7c7c2551c89cee
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-24 05:16:28 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-24 05:25:55 +0000

    dev-java/openjdk-bin: add all missing tarballs
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                      |  4 ++++
 dev-java/openjdk-bin/openjdk-bin-17.0.6_p10.ebuild | 11 +++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

Comment 11 Larry the Git Cow gentoo-dev

2023-01-24 05:32:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c67245d1b85ad2f5ebd3a8fef13e93dbff561f57

commit c67245d1b85ad2f5ebd3a8fef13e93dbff561f57
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-24 05:31:18 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-24 05:31:57 +0000

    dev-java/openjdk-bin: drop 17.0.3_p7, 17.0.4.1_p1, 17.0.5_p8
    
    Bug: https://bugs.gentoo.org/891421
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                      |  21 ----
 dev-java/openjdk-bin/metadata.xml                  |   1 -
 dev-java/openjdk-bin/openjdk-bin-17.0.3_p7.ebuild  | 136 ---------------------
 .../openjdk-bin/openjdk-bin-17.0.4.1_p1.ebuild     | 136 ---------------------
 dev-java/openjdk-bin/openjdk-bin-17.0.5_p8.ebuild  | 136 ---------------------
 5 files changed, 430 deletions(-)

Comment 12 Georgy Yakovlev archtester

2023-01-24 05:33:19 UTC

:17 stable+cleanup done

others are still in progress

Comment 13 Larry the Git Cow gentoo-dev

2023-01-24 20:39:59 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e07c498dfe22e8a4ba087ced9d57245418f9e4a

commit 5e07c498dfe22e8a4ba087ced9d57245418f9e4a
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-24 20:37:52 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-24 20:38:38 +0000

    dev-java/openjdk-bin: keyword 11.0.18_p10 for ~ppc64
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                       | 1 +
 dev-java/openjdk-bin/openjdk-bin-11.0.18_p10.ebuild | 5 ++---
 2 files changed, 3 insertions(+), 3 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=836a7fb13753a58eccf8fcd69d4d73aee1a3f8d3

commit 836a7fb13753a58eccf8fcd69d4d73aee1a3f8d3
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-24 20:35:15 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-24 20:38:37 +0000

    dev-java/openjdk-bin: add arm64 and ppc64le tarballs for 8.362_p09
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                     | 2 ++
 dev-java/openjdk-bin/openjdk-bin-8.362_p09.ebuild | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

Comment 14 Larry the Git Cow gentoo-dev

2023-01-24 20:48:38 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12d4aa63ecd4fd7940f091b9510b2ef11a29ae1d

commit 12d4aa63ecd4fd7940f091b9510b2ef11a29ae1d
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-24 20:46:56 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-24 20:48:13 +0000

    dev-java/openjdk-bin: drop 8.332_p09, 8.345_p01
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                     |  10 --
 dev-java/openjdk-bin/openjdk-bin-8.332_p09.ebuild | 123 ----------------------
 dev-java/openjdk-bin/openjdk-bin-8.345_p01.ebuild | 123 ----------------------
 3 files changed, 256 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c9b488590b97868a5a222c67b722ae86739d3e3

commit 8c9b488590b97868a5a222c67b722ae86739d3e3
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-24 20:45:49 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-24 20:48:13 +0000

    dev-java/openjdk-bin: drop 11.0.15_p10, 11.0.16.1_p1, 11.0.17_p8
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                      |  18 ---
 .../openjdk-bin/openjdk-bin-11.0.15_p10.ebuild     | 135 ---------------------
 .../openjdk-bin/openjdk-bin-11.0.16.1_p1.ebuild    | 135 ---------------------
 dev-java/openjdk-bin/openjdk-bin-11.0.17_p8.ebuild | 135 ---------------------
 4 files changed, 423 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c68e296350984edc39ffea65845438c6be44e14c

commit c68e296350984edc39ffea65845438c6be44e14c
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-24 20:44:23 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-24 20:48:12 +0000

    dev-java/openjdk-bin: keyword 8.362_p09 for ~arm64
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/openjdk-bin-8.362_p09.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 15 Georgy Yakovlev archtester

2023-01-24 20:50:34 UTC

11: stable and cleanup done
8: stable done, partial cleanup done, full cleanup  is blocked by missing ~arm tarball, so openjdk-bin-8.352_p08 stays for a bit.

Comment 16 John Helmert III archtester

2023-01-24 23:03:25 UTC

(In reply to Georgy Yakovlev from comment #15)
> 11: stable and cleanup done
> 8: stable done, partial cleanup done, full cleanup  is blocked by missing
> ~arm tarball, so openjdk-bin-8.352_p08 stays for a bit.

Thank you!

Comment 17 Larry the Git Cow gentoo-dev

2023-01-25 18:22:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e36d73c4ba0bb06f9850ea155f99744c87fd472

commit 3e36d73c4ba0bb06f9850ea155f99744c87fd472
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-25 18:22:12 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-25 18:22:12 +0000

    dev-java/openjdk-bin: drop 8.352_p08
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                     |   6 -
 dev-java/openjdk-bin/openjdk-bin-8.352_p08.ebuild | 131 ----------------------
 2 files changed, 137 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd2e164fcddf2e7390e372b6224800f327f3140e

commit bd2e164fcddf2e7390e372b6224800f327f3140e
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2023-01-25 18:20:32 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2023-01-25 18:21:49 +0000

    dev-java/openjdk-bin: keyword 8.362_p09 for ~arm
    
    Bug: https://bugs.gentoo.org/891323
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                     | 2 ++
 dev-java/openjdk-bin/openjdk-bin-8.362_p09.ebuild | 8 +++-----
 2 files changed, 5 insertions(+), 5 deletions(-)

Comment 18 Georgy Yakovlev archtester

2023-01-25 18:23:59 UTC

finally all done, cleanup too.

Comment 19 John Helmert III archtester

2023-01-25 18:29:17 UTC

Thanks!

Comment 20 Larry the Git Cow gentoo-dev

2024-01-17 13:45:33 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=192b729d81f588010b67c1e39e06aa02c513b126

commit 192b729d81f588010b67c1e39e06aa02c513b126
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-17 13:45:06 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-17 13:45:28 +0000

    [ GLSA 202401-25 ] OpenJDK: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/859376
    Bug: https://bugs.gentoo.org/859400
    Bug: https://bugs.gentoo.org/877597
    Bug: https://bugs.gentoo.org/891323
    Bug: https://bugs.gentoo.org/908243
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-25.xml | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)