GNU bug report logs -
#29140
[PATCH] gnu: icedtea: Update to 3.6.0 [security fixes].
Previous Next
Reported by: Marius Bakke <mbakke <at> fastmail.com>
Date: Fri, 3 Nov 2017 22:31:01 UTC
Severity: normal
Tags: patch
Done: Marius Bakke <mbakke <at> fastmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 29140 in the body.
You can then email your comments to 29140 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#29140; Package
guix-patches.
(Fri, 03 Nov 2017 22:31:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Marius Bakke <mbakke <at> fastmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 03 Nov 2017 22:31:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2017-{10274,10821,10825,10295,10388,10346,10350,10347,10349,10345,
10348,10357,10355,10356,10165} and CVE-2016-{10165,9840,9841,9842,9843}.
* gnu/packages/java.scm (icedtea-8): Update to 3.6.0.
[native-inputs]: Update dependency hashes.
---
gnu/packages/java.scm | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index f155fdbab..e57ce322b 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -1563,7 +1563,7 @@ IcedTea build harness.")
(license license:gpl2+))))
(define-public icedtea-8
- (let* ((version "3.5.1")
+ (let* ((version "3.6.0")
(drop (lambda (name hash)
(origin
(method url-fetch)
@@ -1572,7 +1572,7 @@ IcedTea build harness.")
"/icedtea8/" version "/" name ".tar.xz"))
(sha256 (base32 hash))))))
(package (inherit icedtea-7)
- (version "3.5.1")
+ (version "3.6.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1580,7 +1580,7 @@ IcedTea build harness.")
version ".tar.xz"))
(sha256
(base32
- "1j8iv0cdk9fkh3yb5is7z29m9k3s89w6y9090538j6aa7p4nmalf"))
+ "0zj192zrrxqh6j1ywc3399gk2ycay9w8pvzcvvr2kvdkb37ak86h"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -1656,34 +1656,34 @@ IcedTea build harness.")
`(("jdk" ,icedtea-7 "jdk")
("openjdk-src"
,(drop "openjdk"
- "0a6yrq8y1zkzc7hm2l28rm3vzy5izfxhmmhhhvc91lhfclnqcd2q"))
+ "0mqxh81kq05z4wydkik0yrr81ibf84xmwsdcw9n2gfrzs4f5jxnb"))
("aarch32-drop"
,(drop "aarch32"
- "0cway5a5hcfyh4pzl9zz5xr7lil4gsliy6r5iqbaasd2d9alvqiq"))
+ "0b207g2n6kn510zf5vwh58bsxgqrmkvrna4p20r74v9cwcwx83n2"))
("corba-drop"
,(drop "corba"
- "031sc6byd8lqvz3cd07phm13pqrxalxk9f3a2q8pim5n4sbsy0qb"))
+ "0qinc1q4w01nkr9klhfyd8caxvyrrfxjrz32nd7kgyja2bj8x7dd"))
("jaxp-drop"
,(drop "jaxp"
- "1815jaj0k0w1s0g0jr1ahkajp1jx2qlb08i6l9ha4wyqqyp49a4n"))
+ "07azrp3g86vk2laybmr5xfn0yrljkxs0rlm1q48385br225bgdxi"))
("jaxws-drop"
,(drop "jaxws"
- "0vh4f85cxhqvabzg86ycpz02519cdzgsn5dr75k22rkmbbxnbbl6"))
+ "018fd2hq57zp3pq06wlxy5pabqcyk36xi8hk0d6xk3a90wsjvyik"))
("jdk-drop"
,(drop "jdk"
- "196ycqz4d9kknc6b219q4ib83l1kkl6w6l1cznw9bzaafyynqa35"))
+ "0vs488kq5j2cc6kplc78jbhfxwq4fn06l34xrbq4d6y17777arg8"))
("langtools-drop"
,(drop "langtools"
- "0ssnadlr5cxhmj06nmni34kdynix1sjhcvjzahm5yzfd7dfllmgy"))
+ "04f6d1wvck5jrpvrcw5gsbzxnihcry9zrf1v85czdm959q21zv9c"))
("hotspot-drop"
,(drop "hotspot"
"0f7fxf0s9kadvs80hm5ga72pyp9r0fvl8zm1wmd1wrks8kl79sd6"))
("nashorn-drop"
,(drop "nashorn"
- "0m95qgnd4z6p0xp9m06ihss7skx2yrm7xw69jsjsrxpriy1shiwy"))
+ "1a26cmzbs50gkh4rmmmxls7zljx62vfp1wq02gsfd5jqs4xvlibj"))
("shenandoah-drop"
,(drop "shenandoah"
- "0yjlcgp6mldp30hmkfl68mdwlbg3gb0m6xd5y7srczni7cln5f3i"))
+ "11hmn9mwmvryfddcanzx3qffjm8bbiv18nwv3iy9cswrvxjy010f"))
,@(fold alist-delete (package-native-inputs icedtea-7)
'("jdk" "openjdk-src" "corba-drop" "jaxp-drop" "jaxws-drop"
"jdk-drop" "langtools-drop" "hotspot-drop")))))))
--
2.15.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#29140; Package
guix-patches.
(Fri, 03 Nov 2017 23:43:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 29140 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Fri, Nov 03, 2017 at 11:30:23PM +0100, Marius Bakke wrote:
> Fixes CVE-2017-{10274,10821,10825,10295,10388,10346,10350,10347,10349,10345,
> 10348,10357,10355,10356,10165} and CVE-2016-{10165,9840,9841,9842,9843}.
>
> * gnu/packages/java.scm (icedtea-8): Update to 3.6.0.
> [native-inputs]: Update dependency hashes.
Thanks! LGTM assuming it builds.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Marius Bakke <mbakke <at> fastmail.com>:
You have taken responsibility.
(Sat, 04 Nov 2017 14:48:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Marius Bakke <mbakke <at> fastmail.com>:
bug acknowledged by developer.
(Sat, 04 Nov 2017 14:48:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 29140-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> On Fri, Nov 03, 2017 at 11:30:23PM +0100, Marius Bakke wrote:
>> Fixes CVE-2017-{10274,10821,10825,10295,10388,10346,10350,10347,10349,10345,
>> 10348,10357,10355,10356,10165} and CVE-2016-{10165,9840,9841,9842,9843}.
>>
>> * gnu/packages/java.scm (icedtea-8): Update to 3.6.0.
>> [native-inputs]: Update dependency hashes.
>
> Thanks! LGTM assuming it builds.
Yes, also tried building some dependent packages.
Somehow I did not find the "hotspot drop" initially, but found it later
and updated the commit. Pushed as 46dea1241c801af5aa65e0c7b4e84bb0aff1.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 03 Dec 2017 12:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 250 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.