Summary: | <dev-java/openjdk{,-bin}-{8.262_p01, 11.0.8_p10}: Multiple vulnerabilities (2020-07-14 advisory) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gyakovlev, java |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://openjdk.java.net/groups/vulnerability/advisories/2020-07-14 | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
dev-java/openjdk-8.265_p01 amd64 ppc64 x86
dev-java/openjdk-bin-8.265_p01 amd64 arm64 ppc64
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 732622 |
Description
Sam James
2020-07-14 20:45:21 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6244e4be97f2e7ce3ab0cc3348c0e8410e75a0eb commit 6244e4be97f2e7ce3ab0cc3348c0e8410e75a0eb Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-07-14 21:44:51 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-07-14 21:58:45 +0000 dev-java/openjdk: bump to 8.262_p10 Bug: https://bugs.gentoo.org/732624 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjdk/Manifest | 8 ++ dev-java/openjdk/openjdk-8.262_p10.ebuild | 226 ++++++++++++++++++++++++++++++ 2 files changed, 234 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50e3d8b2b8e866a63bfccedb321c52cda469d1af commit 50e3d8b2b8e866a63bfccedb321c52cda469d1af Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-07-14 22:02:23 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-07-14 22:02:23 +0000 dev-java/openjdk: bump to 11.0.8_p10 Bug: https://bugs.gentoo.org/732624 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-11.0.8_p10.ebuild | 276 +++++++++++++++++++++++++++++ 2 files changed, 277 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65246fa0096d75694e23f00f584b1f116c9fcf1e commit 65246fa0096d75694e23f00f584b1f116c9fcf1e Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-07-14 22:12:15 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-07-14 22:12:31 +0000 dev-java/openjfx: bump to 11.0.8_p2 Bug: https://bugs.gentoo.org/732624 Package-Manager: Portage-2.3.99, Repoman-2.3.23 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjfx/Manifest | 1 + dev-java/openjfx/openjfx-11.0.8_p2.ebuild | 222 ++++++++++++++++++++++++++++++ 2 files changed, 223 insertions(+) openjdk-jre-bin:11 and openjdk-bin:11 bumped as well. since :11 slot does not have stable keywords, I'll do cleanup just in a bit. still waiting for adoptopenjdk to provide openjdk-bin:8 tarballs. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ec8929d96d22493420580adf66d5cbde2d409c2 commit 7ec8929d96d22493420580adf66d5cbde2d409c2 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-07-16 18:36:12 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-07-16 18:37:08 +0000 dev-java/openjdk-jre-bin: bump to 8.262_p10 Bug: https://bugs.gentoo.org/732624 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-8.262_p10.ebuild | 84 ++++++++++++++++++++++ 2 files changed, 85 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b705fd7294d75585554cd8104606337b0407d838 commit b705fd7294d75585554cd8104606337b0407d838 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-07-16 18:33:51 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-07-16 18:36:59 +0000 dev-java/openjdk-bin: bump to 8.262_p10 no arm64 build available yet. will add keyword later. Bug: https://bugs.gentoo.org/732624 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjdk-bin/Manifest | 3 + dev-java/openjdk-bin/openjdk-bin-8.262_p10.ebuild | 92 +++++++++++++++++++++++ 2 files changed, 95 insertions(+) Ready to stable? yep. no new bugs. re-added arm64 tarball to -bin. (In reply to Georgy Yakovlev from comment #7) > yep. no new bugs. > re-added arm64 tarball to -bin. Cool, thanks! arm64 stable amd64 stable 8.265_p01 is out, and needs to get stable asap. Sanity check failed:
> dev-java/openjdk-bin-8.262_p10
> depend arm stable profile default/linux/arm/17.0 (1 total)
> >=app-eselect/eselect-java-0.4.0
> >=dev-java/java-config-2.2.0-r3
> depend arm dev profile default/linux/arm/17.0/armv4 (31 total)
> >=app-eselect/eselect-java-0.4.0
> >=dev-java/java-config-2.2.0-r3
> rdepend arm stable profile default/linux/arm/17.0 (1 total)
> >=app-eselect/eselect-java-0.4.0
> >=dev-java/java-config-2.2.0-r3
> >=sys-apps/baselayout-java-0.1.0-r1
> rdepend arm dev profile default/linux/arm/17.0/armv4 (31 total)
> >=app-eselect/eselect-java-0.4.0
> >=dev-java/java-config-2.2.0-r3
> >=sys-apps/baselayout-java-0.1.0-r1
arm64 stable amd64 stable x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f77738cc9c9f2c68d76eb9235ee4dd777adccd4 commit 3f77738cc9c9f2c68d76eb9235ee4dd777adccd4 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-08-04 21:56:07 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-08-04 21:58:24 +0000 dev-java/openjdk-bin: drop old Bug: https://bugs.gentoo.org/732624 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjdk-bin/Manifest | 12 --- .../openjdk-bin/openjdk-bin-11.0.7_p10-r1.ebuild | 115 --------------------- dev-java/openjdk-bin/openjdk-bin-8.252_p09.ebuild | 93 ----------------- dev-java/openjdk-bin/openjdk-bin-8.262_p10.ebuild | 93 ----------------- 4 files changed, 313 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2e262024d4c564b29a7da88732e2c422234549e commit b2e262024d4c564b29a7da88732e2c422234549e Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-08-04 21:44:55 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-08-04 21:58:23 +0000 dev-java/openjdk: drop old Bug: https://bugs.gentoo.org/732624 Closes: https://bugs.gentoo.org/734320 Closes: https://bugs.gentoo.org/706012 Closes: https://bugs.gentoo.org/713180 Closes: https://bugs.gentoo.org/706638 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjdk/Manifest | 17 -- .../openjdk/files/openjdk-11.0.7_p10-sigsegv.patch | 55 ---- .../openjdk/files/openjdk-8-detect-gcc10.patch | 49 ---- dev-java/openjdk/openjdk-11.0.7_p10.ebuild | 280 --------------------- dev-java/openjdk/openjdk-8.252_p09.ebuild | 231 ----------------- dev-java/openjdk/openjdk-8.262_p10.ebuild | 226 ----------------- 6 files changed, 858 deletions(-) ppc64 stable. last arch. also cleanup done. (In reply to Georgy Yakovlev from comment #17) > ppc64 stable. last arch. > > also cleanup done. Thank yoU! This issue was resolved and addressed in GLSA 202008-24 at https://security.gentoo.org/glsa/202008-24 by GLSA coordinator Sam James (sam_c). |