Update server-jre to 8u151 #898
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
scotthain
suggested changes
Nov 17, 2017
Latest rubygems seriese is 2.6. Signed-off-by: Masahiro Nakagawa <repeatedly@gmail.com>
This addresses the following CVEs: - CVE-2016-8615: cookie injection for other servers - CVE-2016-8616: case insensitive password comparison - CVE-2016-8617: OOB write via unchecked multiplication - CVE-2016-8618: double-free in curl_maprintf - CVE-2016-8619: double-free in krb5 code - CVE-2016-8620: glob parser write/read out of bounds - CVE-2016-8621: curl_getdate read out of bounds - CVE-2016-8622: URL unescape heap overflow via integer truncation - CVE-2016-8623: Use-after-free via shared cookies - CVE-2016-8624: invalid URL parsing with '#' - CVE-2016-8625: IDNA 2003 makes curl use wrong host Signed-off-by: Stephan Renatus <srenatus@chef.io>
because it needs > 2.1 now. Signed-off-by: Stephan Renatus <srenatus@chef.io>
Signed-off-by: Scott Hain <shain@chef.io>
Signed-off-by: Stephan Renatus <srenatus@chef.io>
Signed-off-by: Stephan Renatus <srenatus@chef.io>
Signed-off-by: tyler-ball <tyleraball@gmail.com>
We've moved away from pinning chefstyle in chef projects and instead realized that we should cleanup things as we break them. Update URLs while I'm in here. Signed-off-by: Tim Smith <tsmith@chef.io>
Signed-off-by: Steven Danna <steve@chef.io>
Signed-off-by: Thom May <thom@may.lt>
Unsure how this worked before. Magical accidental builds == bad. This should make things more deterministic. Hopefully, this will fix http://wilson.ci.chef.co/view/Chef%20Analytics/job/chef-analytics-build/architecture=x86_64,platform=ubuntu-12.04,project=opscode-analytics,role=builder/589/consoleFull Signed-off-by: Kartik Null Cating-Subramanian <ksubramanian@chef.io>
Signed-off-by: Tyler Cloke <tylercloke@gmail.com>
Signed-off-by: Tyler Cloke <tylercloke@gmail.com>
Moves all dev deps to the Gemfile Signed-off-by: Tim Smith <tsmith@chef.io>
Has several pretty important fixes for sv. https://bugs.contribs.org/show_bug.cgi?id=8655 Signed-off-by: Tim Smith <tsmith@chef.io>
Signed-off-by: Scott Hain <shain@chef.io>
Signed-off-by: Tyler Cloke <tylercloke@gmail.com>
Signed-off-by: Tyler Cloke <tylercloke@gmail.com>
Remove older versions that we shouldn't be using. Signed-off-by: Steven Danna <steve@chef.io>
Leveraging the new fips_mode? flags added to omnibus, DRYing up code Signed-off-by: tyler-ball <tyleraball@gmail.com>
Signed-off-by: tyler-ball <tyleraball@gmail.com>
This adds the most recent releases in the 2.2, 2.3 and 2.4 series. Signed-off-by: Steven Danna <steve@chef.io>
Signed-off-by: Steven Danna <steve@chef.io>
These definitions have been added to resolve build issues with ECC algorithm support. The bcyrpt_pbkdf gem currently link against shared libs which are not installed on Cisco IOS-XR. The rbnacl-libsodium gem currently fails to compile on Solaris for both x86-64 and SPARC architectures. Adding these definitions will allow us to selectively define the supported platforms as well as provide a simple means to itterate on patches as needed. Signed-off-by: Ryan Hass <rhass@users.noreply.github.com> Signed-off-by: Tom Duffield <tom@chef.io>
It became available with nginx 1.9.5, so it's in any version of openresty >= 1.9.5.x. Signed-off-by: Stephan Renatus <srenatus@chef.io>
Signed-off-by: tyler-ball <tyleraball@gmail.com>
Signed-off-by: tyler-ball <tyleraball@gmail.com>
…ts than the build environment Signed-off-by: tyler-ball <tyleraball@gmail.com>
per discussion in #_cve-2017-1000117 bumping to 2.14.1 Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
Signed-off-by: Scott Hain <shain@chef.io>
Signed-off-by: Scott Hain <shain@chef.io>
Signed-off-by: Scott Hain <shain@chef.io>
Signed-off-by: Bryan McLellan <btm@loftninjas.org>
https://bugs.ruby-lang.org/issues/13150 Signed-off-by: Bryan McLellan <btm@chef.io>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Since the 9.3.14, the latest 9.3 omnibus'd PG: + 9.3.18: CVE-2017-7547, CVE-2017-7546 + 9.3.17: CVE-2017-7486, CVE-2017-7484, CVE-2017-7485 + 9.3.16: (no CVEs) + 9.3.15: (no CVEs) Sha256 checked against https://ftp.postgresql.org/pub/source/v9.3.18/postgresql-9.3.18.tar.bz2.sha256 Signed-off-by: Robb Kidd <robb@thekidds.org>
Signed-off-by: Tim Smith <tsmith@chef.io>
Signed-off-by: Tim Smith <tsmith@chef.io>
Signed-off-by: Kartik Null Cating-Subramanian <ksubramanian@chef.io>
Signed-off-by: Kartik Null Cating-Subramanian <ksubramanian@chef.io>
Lists::MoreUtils is a transitive dependency of sqitch. In the default configuration, it depends on Lists::MoreUtils::XS. The Lists::MoreUtils::XS perl module fails to install correctly. The issue is bad assumptions in its configuration script leading to a duplicate definition of ssize_t leading to a failed compilation. The PUREPERL_ONLY option avoids this module by substituting a pure perl implementation. Signed-off-by: Steven Danna <steve@chef.io>
Signed-off-by: Prajakta Purohit <prajakta@opscode.com>
Signed-off-by: Prajakta Purohit <prajakta@opscode.com>
Based on the work done in the nokogiri project to address multiple CVEs in libxml2 and libxslt. https://usn.ubuntu.com/usn/usn-3424-1/ CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050 sparklemotion/nokogiri#1673 sparklemotion/nokogiri#1670 SHA256 generated from downloads. Downloads verified with GPG: gpg --verify libxml2-2.9.5.tar.gz.asc libxml2-2.9.5.tar.gz gpg: Signature made Mon Sep 4 09:00:53 2017 EDT using RSA key ID 596BEA5D gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown] gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D gpg --verify libxslt-1.1.30.tar.gz.asc libxslt-1.1.30.tar.gz gpg: Signature made Mon Sep 4 09:36:06 2017 EDT using RSA key ID 596BEA5D gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown] gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D Signed-off-by: Robb Kidd <robb@thekidds.org>
Signed-off-by: Prajakta Purohit <prajakta@opscode.com>
Signed-off-by: echohack <echohack@users.noreply.github.com>
Signed-off-by: Tim Smith <tsmith@chef.io>
Signed-off-by: Thom May <thom@chef.io>
Signed-off-by: Tim Smith <tsmith@chef.io>
Signed-off-by: Tim Smith <tsmith@chef.io>
Signed-off-by: Alex Pop <apop@chef.io>
The previous patch would fail on machines with no IPv6 support (i.e. no support for the AF_INET6 address family) when ERL_EPMD_ADDRESS is not in use. Signed-off-by: Steven Danna <steve@chef.io>
Signed-off-by: Julien 'Lta' BALLET <contact@lta.io>
elthariel
force-pushed
the
update_jre_8u151
branch
from
292039b
to
262a262
Compare
|
Wut the .... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
jre 144 is 404, so here's the latest version
TODOs
Was a software definition added? Or a new version to an existing definition?