| Message ID | 20220419073954.537319-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] package/openjdk{-bin}: security bump 11.x to version 11.0.14.1+1 | expand |
On 19/04/2022 09:39, Peter Korsgaard wrote: > Fixes the following security issues: > > - JDK-8217375: jarsigner breaks old signature with long lines in manifest > - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside > - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization > - JDK-8268488: More valuable DerValues > - JDK-8268494: Better inlining of inlined interfaces > - JDK-8268512: More content for ContentInfo > - JDK-8268795: Enhance digests of Jar files > - JDK-8268801: Improve PKCS attribute handling > - JDK-8268813, CVE-2022-21283: Better String matching > - JDK-8269151: Better construction of EncryptedPrivateKeyInfo > - JDK-8269944: Better HTTP transport redux > - JDK-8270386, CVE-2022-21291: Better verification of scan methods > - JDK-8270392, CVE-2022-21293: Improve String constructions > - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps > - JDK-8270492, CVE-2022-21282: Better resolution of URIs > - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management > - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities > - JDK-8270952, CVE-2022-21277: Improve TIFF file handling > - JDK-8271962: Better TrueType font loading > - JDK-8271968: Better canonical naming > - JDK-8271987: Manifest improved manifest entries > - JDK-8272014, CVE-2022-21305: Better array indexing > - JDK-8272026, CVE-2022-21340: Verify Jar Verification > - JDK-8272236, CVE-2022-21341: Improve serial forms for transport > - JDK-8272272: Enhance jcmd communication > - JDK-8272462: Enhance image handling > - JDK-8273290: Enhance sound handling > - JDK-8273756, CVE-2022-21360: Enhance BMP image support > - JDK-8273838, CVE-2022-21365: Enhanced BMP processing > - JDK-8274096, CVE-2022-21366: Improve decoding of image files > - JDK-8279541: Improve HarfBuzz > > For more details, see the announcement: > > https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-January/011643.html > https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-February/012348.html > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Applied to master, thanks. This also invalidates [1], care to send an update of it? Regards, Arnout [1] https://patchwork.ozlabs.org/project/buildroot/patch/20220411070454.77482-1-ambi@samba.org/ > --- > package/openjdk-bin/openjdk-bin.hash | 2 +- > package/openjdk-bin/openjdk-bin.mk | 2 +- > package/openjdk/openjdk.hash | 2 +- > package/openjdk/openjdk.mk | 2 +- > 4 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/package/openjdk-bin/openjdk-bin.hash b/package/openjdk-bin/openjdk-bin.hash > index bbc939d4e8..082da7bf87 100644 > --- a/package/openjdk-bin/openjdk-bin.hash > +++ b/package/openjdk-bin/openjdk-bin.hash > @@ -2,7 +2,7 @@ > sha256 6ea18c276dcbb8522feeebcfc3a4b5cb7c7e7368ba8590d3326c6c3efc5448b6 OpenJDK17U-jdk_x64_linux_hotspot_17.0.1_12.tar.gz > > # From https://github.com/adoptium/temurin11-binaries/releases > -sha256 3b1c0c34be4c894e64135a454f2d5aaa4bd10aea04ec2fa0c0efe6bb26528e30 OpenJDK11U-jdk_x64_linux_hotspot_11.0.13_8.tar.gz > +sha256 43fb84f8063ad9bf6b6d694a67b8f64c8827552b920ec5ce794dfe5602edffe7 OpenJDK11U-jdk_x64_linux_hotspot_11.0.14.1_1.tar.gz > > # Locally calculated > sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 legal/java.prefs/LICENSE > diff --git a/package/openjdk-bin/openjdk-bin.mk b/package/openjdk-bin/openjdk-bin.mk > index 266c93d363..c9ddc9f69f 100644 > --- a/package/openjdk-bin/openjdk-bin.mk > +++ b/package/openjdk-bin/openjdk-bin.mk > @@ -9,7 +9,7 @@ HOST_OPENJDK_BIN_VERSION_MAJOR = 17 > HOST_OPENJDK_BIN_VERSION_MINOR = 0.1_12 > else > HOST_OPENJDK_BIN_VERSION_MAJOR = 11 > -HOST_OPENJDK_BIN_VERSION_MINOR = 0.13_8 > +HOST_OPENJDK_BIN_VERSION_MINOR = 0.14.1_1 > endif > HOST_OPENJDK_BIN_VERSION = $(HOST_OPENJDK_BIN_VERSION_MAJOR).$(HOST_OPENJDK_BIN_VERSION_MINOR) > HOST_OPENJDK_BIN_SOURCE = OpenJDK$(HOST_OPENJDK_BIN_VERSION_MAJOR)U-jdk_x64_linux_hotspot_$(HOST_OPENJDK_BIN_VERSION).tar.gz > diff --git a/package/openjdk/openjdk.hash b/package/openjdk/openjdk.hash > index 2f46b044ad..f8a4f15260 100644 > --- a/package/openjdk/openjdk.hash > +++ b/package/openjdk/openjdk.hash > @@ -1,4 +1,4 @@ > # Locally computed > sha256 8c076203a6f85ab916b3e54de1992bcbcc5ffe580c52b1ac8d52ca7afb9f02d1 openjdk-17.0.1+12.tar.gz > -sha256 119c6233fe7ff5670c590e2f9d6686ac4d80c97b17065506998b75c547b54f2c openjdk-11.0.13+8.tar.gz > +sha256 0e859cc03378439023e17ee82aecee5a52265fb38906a8bebf16027aa2b2bcf5 openjdk-11.0.14.1+1.tar.gz > sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 LICENSE > diff --git a/package/openjdk/openjdk.mk b/package/openjdk/openjdk.mk > index 5fccdaa7ac..94b8cba577 100644 > --- a/package/openjdk/openjdk.mk > +++ b/package/openjdk/openjdk.mk > @@ -9,7 +9,7 @@ OPENJDK_VERSION_MAJOR = 17 > OPENJDK_VERSION_MINOR = 0.1+12 > else > OPENJDK_VERSION_MAJOR = 11 > -OPENJDK_VERSION_MINOR = 0.13+8 > +OPENJDK_VERSION_MINOR = 0.14.1+1 > endif > OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR) > OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issues: > - JDK-8217375: jarsigner breaks old signature with long lines in manifest > - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside > - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization > - JDK-8268488: More valuable DerValues > - JDK-8268494: Better inlining of inlined interfaces > - JDK-8268512: More content for ContentInfo > - JDK-8268795: Enhance digests of Jar files > - JDK-8268801: Improve PKCS attribute handling > - JDK-8268813, CVE-2022-21283: Better String matching > - JDK-8269151: Better construction of EncryptedPrivateKeyInfo > - JDK-8269944: Better HTTP transport redux > - JDK-8270386, CVE-2022-21291: Better verification of scan methods > - JDK-8270392, CVE-2022-21293: Improve String constructions > - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps > - JDK-8270492, CVE-2022-21282: Better resolution of URIs > - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management > - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities > - JDK-8270952, CVE-2022-21277: Improve TIFF file handling > - JDK-8271962: Better TrueType font loading > - JDK-8271968: Better canonical naming > - JDK-8271987: Manifest improved manifest entries > - JDK-8272014, CVE-2022-21305: Better array indexing > - JDK-8272026, CVE-2022-21340: Verify Jar Verification > - JDK-8272236, CVE-2022-21341: Improve serial forms for transport > - JDK-8272272: Enhance jcmd communication > - JDK-8272462: Enhance image handling > - JDK-8273290: Enhance sound handling > - JDK-8273756, CVE-2022-21360: Enhance BMP image support > - JDK-8273838, CVE-2022-21365: Enhanced BMP processing > - JDK-8274096, CVE-2022-21366: Improve decoding of image files > - JDK-8279541: Improve HarfBuzz > For more details, see the announcement: > https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-January/011643.html > https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-February/012348.html > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2022.02.x, thanks.
diff --git a/package/openjdk-bin/openjdk-bin.hash b/package/openjdk-bin/openjdk-bin.hash index bbc939d4e8..082da7bf87 100644 --- a/package/openjdk-bin/openjdk-bin.hash +++ b/package/openjdk-bin/openjdk-bin.hash @@ -2,7 +2,7 @@ sha256 6ea18c276dcbb8522feeebcfc3a4b5cb7c7e7368ba8590d3326c6c3efc5448b6 OpenJDK17U-jdk_x64_linux_hotspot_17.0.1_12.tar.gz # From https://github.com/adoptium/temurin11-binaries/releases -sha256 3b1c0c34be4c894e64135a454f2d5aaa4bd10aea04ec2fa0c0efe6bb26528e30 OpenJDK11U-jdk_x64_linux_hotspot_11.0.13_8.tar.gz +sha256 43fb84f8063ad9bf6b6d694a67b8f64c8827552b920ec5ce794dfe5602edffe7 OpenJDK11U-jdk_x64_linux_hotspot_11.0.14.1_1.tar.gz # Locally calculated sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 legal/java.prefs/LICENSE diff --git a/package/openjdk-bin/openjdk-bin.mk b/package/openjdk-bin/openjdk-bin.mk index 266c93d363..c9ddc9f69f 100644 --- a/package/openjdk-bin/openjdk-bin.mk +++ b/package/openjdk-bin/openjdk-bin.mk @@ -9,7 +9,7 @@ HOST_OPENJDK_BIN_VERSION_MAJOR = 17 HOST_OPENJDK_BIN_VERSION_MINOR = 0.1_12 else HOST_OPENJDK_BIN_VERSION_MAJOR = 11 -HOST_OPENJDK_BIN_VERSION_MINOR = 0.13_8 +HOST_OPENJDK_BIN_VERSION_MINOR = 0.14.1_1 endif HOST_OPENJDK_BIN_VERSION = $(HOST_OPENJDK_BIN_VERSION_MAJOR).$(HOST_OPENJDK_BIN_VERSION_MINOR) HOST_OPENJDK_BIN_SOURCE = OpenJDK$(HOST_OPENJDK_BIN_VERSION_MAJOR)U-jdk_x64_linux_hotspot_$(HOST_OPENJDK_BIN_VERSION).tar.gz diff --git a/package/openjdk/openjdk.hash b/package/openjdk/openjdk.hash index 2f46b044ad..f8a4f15260 100644 --- a/package/openjdk/openjdk.hash +++ b/package/openjdk/openjdk.hash @@ -1,4 +1,4 @@ # Locally computed sha256 8c076203a6f85ab916b3e54de1992bcbcc5ffe580c52b1ac8d52ca7afb9f02d1 openjdk-17.0.1+12.tar.gz -sha256 119c6233fe7ff5670c590e2f9d6686ac4d80c97b17065506998b75c547b54f2c openjdk-11.0.13+8.tar.gz +sha256 0e859cc03378439023e17ee82aecee5a52265fb38906a8bebf16027aa2b2bcf5 openjdk-11.0.14.1+1.tar.gz sha256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726 LICENSE diff --git a/package/openjdk/openjdk.mk b/package/openjdk/openjdk.mk index 5fccdaa7ac..94b8cba577 100644 --- a/package/openjdk/openjdk.mk +++ b/package/openjdk/openjdk.mk @@ -9,7 +9,7 @@ OPENJDK_VERSION_MAJOR = 17 OPENJDK_VERSION_MINOR = 0.1+12 else OPENJDK_VERSION_MAJOR = 11 -OPENJDK_VERSION_MINOR = 0.13+8 +OPENJDK_VERSION_MINOR = 0.14.1+1 endif OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR) OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
Fixes the following security issues: - JDK-8217375: jarsigner breaks old signature with long lines in manifest - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization - JDK-8268488: More valuable DerValues - JDK-8268494: Better inlining of inlined interfaces - JDK-8268512: More content for ContentInfo - JDK-8268795: Enhance digests of Jar files - JDK-8268801: Improve PKCS attribute handling - JDK-8268813, CVE-2022-21283: Better String matching - JDK-8269151: Better construction of EncryptedPrivateKeyInfo - JDK-8269944: Better HTTP transport redux - JDK-8270386, CVE-2022-21291: Better verification of scan methods - JDK-8270392, CVE-2022-21293: Improve String constructions - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps - JDK-8270492, CVE-2022-21282: Better resolution of URIs - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities - JDK-8270952, CVE-2022-21277: Improve TIFF file handling - JDK-8271962: Better TrueType font loading - JDK-8271968: Better canonical naming - JDK-8271987: Manifest improved manifest entries - JDK-8272014, CVE-2022-21305: Better array indexing - JDK-8272026, CVE-2022-21340: Verify Jar Verification - JDK-8272236, CVE-2022-21341: Improve serial forms for transport - JDK-8272272: Enhance jcmd communication - JDK-8272462: Enhance image handling - JDK-8273290: Enhance sound handling - JDK-8273756, CVE-2022-21360: Enhance BMP image support - JDK-8273838, CVE-2022-21365: Enhanced BMP processing - JDK-8274096, CVE-2022-21366: Improve decoding of image files - JDK-8279541: Improve HarfBuzz For more details, see the announcement: https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-January/011643.html https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-February/012348.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/openjdk-bin/openjdk-bin.hash | 2 +- package/openjdk-bin/openjdk-bin.mk | 2 +- package/openjdk/openjdk.hash | 2 +- package/openjdk/openjdk.mk | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-)