From owner-freebsd-security@freebsd.org Sun Nov 15 15:30:36 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46543A2FDFA for ; Sun, 15 Nov 2015 15:30:36 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1AFA911A3 for ; Sun, 15 Nov 2015 15:30:35 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 87FDB20566 for ; Sun, 15 Nov 2015 10:30:33 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute6.internal (MEProxy); Sun, 15 Nov 2015 10:30:33 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=zKD4pQUVVvkhm6P ylvf6H2Qgmd4=; b=luBxABud7KKeYd2RdRteBpwXXWdKCuUubNR8TPKyBGmSJzu Ph+ZKQ2WSP/3JpeQkz3i0gA4XBETEEUZ/e7HZ/bgLY3B3/ZfWic93frIwnfUVWF7 Zts6Yq/n/5isK/uHWSp6eQd55aakuBHM9P6YuaWg/WEmgoSUe5QydHwV6cA0= Received: by web3.nyi.internal (Postfix, from userid 99) id 5D31010FF7D; Sun, 15 Nov 2015 10:30:33 -0500 (EST) Message-Id: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> X-Sasl-Enc: 1trHMNczWzoEvl47vxKrbqjXMjSZGNwAqmc+dHfP56PJ 1447601433 From: Mark Felder To: Robert Simmons , freebsd-security@freebsd.org Cc: ports-secteam@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-37ba1837 Subject: Re: java/openjdk8 and jre Date: Sun, 15 Nov 2015 09:30:33 -0600 In-Reply-To: References: X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Nov 2015 15:30:36 -0000 On Fri, Nov 13, 2015, at 17:52, Robert Simmons wrote: > Greetings, > > The following security vulnerability bug was reported about a week ago. > Can > someone mark the ports as insecure, please? > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204269 > This is really annoying. 8u72 won't be available until *January* ?! http://openjdk.java.net/projects/jdk8u/releases/8u72.html -- Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-security@freebsd.org Mon Nov 16 05:00:47 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8F1E4A30740; Mon, 16 Nov 2015 05:00:47 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ADB11EDC; Mon, 16 Nov 2015 05:00:47 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by qkda6 with SMTP id a6so28105684qkd.3; Sun, 15 Nov 2015 21:00:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=T65IOR71+D1YANCbXf80s2UP+C4kkWF6/lNsoj64Gek=; b=f3KjuDQ1RZfP15tLG7kBhw0cqkZvV9PIi1edvEm3UJRg/DuQpo8k3fUgR8LoSW+z+D MiUfMFmU0G8zOqpbJ/HWZL1TsDBF4HRdaQCA2zrXpOAXqsWNQhJXPYycv+Yr+gqMtNc2 cwtncKIKb8zidEXL8CoTyXNe4r1gCwDp5KyzjN8qzL0+X3Hbn90ddo42TE5wn4sbRWfg qwPRhFElSP2QavzR1jJlxbPDy2RacyX1EyFrHmO6gbvfKsX0gzmfZkxC0Xe9bEEuiLXw OR1MQfwir8J8KlFdSUHMyCYip34WS8hbjD/pBULfWflTcvQX2u16sj5WLMisEBF3rsS3 oSGA== MIME-Version: 1.0 X-Received: by 10.55.52.142 with SMTP id b136mr34189828qka.100.1447650046222; Sun, 15 Nov 2015 21:00:46 -0800 (PST) Received: by 10.140.32.75 with HTTP; Sun, 15 Nov 2015 21:00:46 -0800 (PST) In-Reply-To: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> References: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> Date: Mon, 16 Nov 2015 00:00:46 -0500 Message-ID: Subject: Re: java/openjdk8 and jre From: Robert Simmons To: freebsd-security@freebsd.org Cc: "ports-secteam@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 05:00:47 -0000 I don't see a problem with that. u65 is the security fix version and u66 is a bugfix that includes u65. The openjdk project appears to have skipped straight to u66 since both were released simultaneously. >From Oracle's website: "Java SE 8u65 includes important security fixes. Oracle strongly recommends that all Java SE 8 users upgrade to this release. Java SE 8u66 is a patch-set update, including all of 8u65 plus additional features (described in the release notes)." The openjdk website lists u66 as released. On Sun, Nov 15, 2015 at 10:30 AM, Mark Felder wrote: > > > On Fri, Nov 13, 2015, at 17:52, Robert Simmons wrote: > > Greetings, > > > > The following security vulnerability bug was reported about a week ago. > > Can > > someone mark the ports as insecure, please? > > > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204269 > > > > This is really annoying. 8u72 won't be available until *January* ?! > > http://openjdk.java.net/projects/jdk8u/releases/8u72.html > > -- > Mark Felder > ports-secteam member > feld@FreeBSD.org > From owner-freebsd-security@freebsd.org Mon Nov 16 09:24:02 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C480A30DB6 for ; Mon, 16 Nov 2015 09:24:02 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from smtp.digiware.nl (smtp.digiware.nl [31.223.170.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 61E431620 for ; Mon, 16 Nov 2015 09:24:01 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from rack1.digiware.nl (unknown [127.0.0.1]) by smtp.digiware.nl (Postfix) with ESMTP id 7C6AA153418 for ; Mon, 16 Nov 2015 10:23:53 +0100 (CET) X-Virus-Scanned: amavisd-new at digiware.nl Received: from smtp.digiware.nl ([127.0.0.1]) by rack1.digiware.nl (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S4tz9c81R2Lk; Mon, 16 Nov 2015 10:23:34 +0100 (CET) Received: from [IPv6:2001:4cb8:3:1:cd02:b817:b723:fb2f] (unknown [IPv6:2001:4cb8:3:1:cd02:b817:b723:fb2f]) by smtp.digiware.nl (Postfix) with ESMTP id 316EB153413 for ; Mon, 16 Nov 2015 10:23:34 +0100 (CET) To: freebsd security From: Willem Jan Withagen Subject: OpenBSD Net-snmp Default File Permissions Let Local Users View SNMP Passwords Organization: Digiware Management b.v. Message-ID: <5649A07B.2010109@digiware.nl> Date: Mon, 16 Nov 2015 10:23:07 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 09:24:02 -0000 Hi, Dependant on whether we care for the snmp-passwords in our network. But: http://securitytracker.com/id/1034099 holds both for the /etc/snmpd.conf that is in base as well as for the net-snmp /usr/local/etc/snmpd/snmpd.conf version we have in ports. Most likely the ports version will be fixed when a new net-snmp release is issued, but the base version needs to be fixed in base. --WjW From owner-freebsd-security@freebsd.org Mon Nov 16 14:20:21 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9AC0BA30BB0; Mon, 16 Nov 2015 14:20:21 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 53DED1A23; Mon, 16 Nov 2015 14:20:21 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by qkas77 with SMTP id s77so113814359qka.0; Mon, 16 Nov 2015 06:20:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3roZfz2XpnxypmI7k3fu2yhokgqzUnPPiVviml3yo+0=; b=DO5kLxVaVX2KPrwjMTvMABZnyTSHqk1Hxu+NsVoihotXiiiuyZYMn/Viuqt7VkkY5I BVIN/tJwD3uclqw9DENPOvM36XS3F9DdhcwYeIXkIxExevWbQqt6cMZtPPXbtwhNJIai ssmJ3N6KQdY+0zqEA/asqHlryIPa1+53O7pXPd/65vpkQ5mPeILBVlNhyC1kKG7f//o6 q60IjDMPHeWgCvcqgifMnlXtIUaxiKVXGuj8q6tRE3OoIcHGdjwr9YHC1nmEeBz3gYqV omAYXJty5aegMoCmlCdeHLzfpX8ieAxQ97hDyDunfN15mJwMbRjnSYzZguxBU6YEFWUS o5ig== MIME-Version: 1.0 X-Received: by 10.55.52.142 with SMTP id b136mr36313367qka.100.1447683620319; Mon, 16 Nov 2015 06:20:20 -0800 (PST) Received: by 10.140.32.75 with HTTP; Mon, 16 Nov 2015 06:20:20 -0800 (PST) Received: by 10.140.32.75 with HTTP; Mon, 16 Nov 2015 06:20:20 -0800 (PST) In-Reply-To: <1447682799.243430.441054785.7914EFBA@webmail.messagingengine.com> References: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> <1447682799.243430.441054785.7914EFBA@webmail.messagingengine.com> Date: Mon, 16 Nov 2015 09:20:20 -0500 Message-ID: Subject: Re: java/openjdk8 and jre From: Robert Simmons To: Mark Felder Cc: freebsd-security@freebsd.org, ports-secteam@freebsd.org, java@freebsd.org, Jung-uk Kim Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 14:20:21 -0000 http://openjdk.java.net/projects/jdk8u/ That page lists it as released. On Nov 16, 2015 9:06 AM, "Mark Felder" wrote: > > > On Sun, Nov 15, 2015, at 23:00, Robert Simmons wrote: > > I don't see a problem with that. u65 is the security fix version and u66 > > is > > a bugfix that includes u65. The openjdk project appears to have skipped > > straight to u66 since both were released simultaneously. > > > > From Oracle's website: "Java SE 8u65 includes important security fixes. > > Oracle strongly recommends that all Java SE 8 users upgrade to this > > release. Java SE 8u66 is a patch-set update, including all of 8u65 plus > > additional features (described in the release notes)." > > > > The openjdk website lists u66 as released. > > > > Where did you see u66 on the OpenJDK site? I tried to browse the site > and find the latest release and it was a futile attempt. Their website > is terrible. (openjdk.java.net) > > > CC'ing jkim@ as he has more Java port knowledge than I do... I don't > foresee myself updating the port, but I can get a vuxml entry added. > > > -- > Mark Felder > feld@feld.me > From owner-freebsd-security@freebsd.org Mon Nov 16 14:06:45 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 01205A307A5 for ; Mon, 16 Nov 2015 14:06:45 +0000 (UTC) (envelope-from feld@feld.me) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C22AE1F79 for ; Mon, 16 Nov 2015 14:06:43 +0000 (UTC) (envelope-from feld@feld.me) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 3049820926 for ; Mon, 16 Nov 2015 09:06:40 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Mon, 16 Nov 2015 09:06:40 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=feld.me; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=g6Mdd5hAdJ63FXdWC2Y/geHw0Jw=; b=VLw/xa V6oGZnqz4Zh1T6+tvi1IdLfiNSloVcIsSfvqK0WeYPzDjPo423vfNcNH3WraqO1p dvaG8njAjA9Aw86VsXb7DlZ8K3eARDxqdoc3UnPHeag5gIN48PT5lOweUY8vULIr PEgm/eWPiGfG7PET3DX4V42ZI0klFllD8WPZg= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=g6Mdd5hAdJ63FXd WC2Y/geHw0Jw=; b=CqhuQ/iaJd6uirAc6WkyssrylRjqDuEbkG0yX8H8yE9dlDe lnPvsUU430SsRILz/uI5sh1+6A18mGfpZDWG5Xke9I3DIxuURkU/do88DJcWuE7m TqzFxfnfVGfPmuxTd6p8d5icRtUMot9yf9PmjAljqAp3ak7el8Y2KUXA+jD4= Received: by web3.nyi.internal (Postfix, from userid 99) id 030DF10448C; Mon, 16 Nov 2015 09:06:39 -0500 (EST) Message-Id: <1447682799.243430.441054785.7914EFBA@webmail.messagingengine.com> X-Sasl-Enc: FXLvMJK0mtmY01uZBbRoP56bYeu/iz2yK4TPeUvIRvV8 1447682799 From: Mark Felder To: Robert Simmons , freebsd-security@freebsd.org Cc: ports-secteam@freebsd.org, "Jung-uk Kim" , java@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-37ba1837 Subject: Re: java/openjdk8 and jre Date: Mon, 16 Nov 2015 08:06:39 -0600 In-Reply-To: References: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> X-Mailman-Approved-At: Mon, 16 Nov 2015 17:27:13 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 14:06:45 -0000 On Sun, Nov 15, 2015, at 23:00, Robert Simmons wrote: > I don't see a problem with that. u65 is the security fix version and u66 > is > a bugfix that includes u65. The openjdk project appears to have skipped > straight to u66 since both were released simultaneously. > > From Oracle's website: "Java SE 8u65 includes important security fixes. > Oracle strongly recommends that all Java SE 8 users upgrade to this > release. Java SE 8u66 is a patch-set update, including all of 8u65 plus > additional features (described in the release notes)." > > The openjdk website lists u66 as released. > Where did you see u66 on the OpenJDK site? I tried to browse the site and find the latest release and it was a futile attempt. Their website is terrible. (openjdk.java.net) CC'ing jkim@ as he has more Java port knowledge than I do... I don't foresee myself updating the port, but I can get a vuxml entry added. -- Mark Felder feld@feld.me From owner-freebsd-security@freebsd.org Mon Nov 16 14:57:25 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5FE4A301F8 for ; Mon, 16 Nov 2015 14:57:25 +0000 (UTC) (envelope-from feld@feld.me) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A71BC1896 for ; Mon, 16 Nov 2015 14:57:25 +0000 (UTC) (envelope-from feld@feld.me) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 95B5F207C6 for ; Mon, 16 Nov 2015 09:57:24 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute6.internal (MEProxy); Mon, 16 Nov 2015 09:57:24 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=feld.me; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=FdSQK4pU/zluqFfj1k8gzT99G0U=; b=s+0pew xLM6ukgR4qwSV0V30PvPjsxc9DbBbsS+YnY582ecCkzlhLLzmWc8m1uFAGekVLUi 4Q+IIAwC6nDbFbHEbmb3kW81+rCwGR7U6fMuBz+VdwrzU40D9vNUHBOt0Al4KQ7D wAp7WiwuuK/DMx/5U+FPjN4F7oWmH7iCPAEfg= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=FdSQK4pU/zluqFf j1k8gzT99G0U=; b=d34DzV2s1tzj6IkmkEUSgKHp6lXkO7PwUR4KC8Oa+oo0n1e QRBHI29jBFBHWN4D9xxZUvpYDBli9XK6PWDbbqBI0J3CeIbl3d/IsWGDR3Pgp+7C asPA/gwGT88l05HAIJpi/UKeE42l3V7OLzj4LE2qSwrSzgOjzaf3GsUwgJ+Y= Received: by web3.nyi.internal (Postfix, from userid 99) id 5C85B102F34; Mon, 16 Nov 2015 09:57:24 -0500 (EST) Message-Id: <1447685844.882362.441101225.09D0492D@webmail.messagingengine.com> X-Sasl-Enc: A61Ns9jtufAkNUZSJIuJJ7P8H6T6Zy2wFJShZNVXtAOm 1447685844 From: Mark Felder To: Robert Simmons Cc: freebsd-security@freebsd.org, ports-secteam@freebsd.org, "Jung-uk Kim" , java@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-37ba1837 Subject: Re: java/openjdk8 and jre Date: Mon, 16 Nov 2015 08:57:24 -0600 In-Reply-To: References: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> <1447682799.243430.441054785.7914EFBA@webmail.messagingengine.com> X-Mailman-Approved-At: Mon, 16 Nov 2015 17:27:29 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 14:57:26 -0000 On Mon, Nov 16, 2015, at 08:20, Robert Simmons wrote: > http://openjdk.java.net/projects/jdk8u/ > That page lists it as released. Ok, here's the actual Oracle release notes on it which is a far more useful reference. http://www.oracle.com/technetwork/java/javase/8u66-relnotes-2692847.html The most frustrating part of this is not understanding their crazy version scheme. I get that the next release is 8u66, but it took far too long to find that the patch file is b17 (patch-8u66-b17.xz) and now I still don't know what JDK_BUILD_NUMBER is supposed to be incremented to as that gets updated every time there's a new release. -- Mark Felder feld@feld.me From owner-freebsd-security@freebsd.org Mon Nov 16 19:52:17 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34DC2A3062C; Mon, 16 Nov 2015 19:52:17 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:1900:2254:206a::19:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx2.freebsd.org", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1FFBB1ED7; Mon, 16 Nov 2015 19:52:17 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from hammer.pct.niksun.com (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx2.freebsd.org (Postfix) with ESMTP id 6652565D24; Mon, 16 Nov 2015 19:52:16 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Subject: Re: java/openjdk8 and jre To: Mark Felder , Robert Simmons References: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> <1447682799.243430.441054785.7914EFBA@webmail.messagingengine.com> <1447685844.882362.441101225.09D0492D@webmail.messagingengine.com> Cc: freebsd-security@freebsd.org, ports-secteam@freebsd.org, java@freebsd.org, Greg Lewis From: Jung-uk Kim X-Enigmail-Draft-Status: N1110 Message-ID: <564A33F0.9010902@FreeBSD.org> Date: Mon, 16 Nov 2015 14:52:16 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <1447685844.882362.441101225.09D0492D@webmail.messagingengine.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 19:52:17 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/16/15 09:57 AM, Mark Felder wrote: > > > On Mon, Nov 16, 2015, at 08:20, Robert Simmons wrote: >> http://openjdk.java.net/projects/jdk8u/ That page lists it as >> released. > > Ok, here's the actual Oracle release notes on it which is a far > more useful reference. > > http://www.oracle.com/technetwork/java/javase/8u66-relnotes-2692847.ht ml > > The most frustrating part of this is not understanding their > crazy version scheme. I get that the next release is 8u66, but it > took far too long to find that the patch file is b17 > (patch-8u66-b17.xz) and now I still don't know what > JDK_BUILD_NUMBER is supposed to be incremented to as that gets > updated every time there's a new release. Oracle does not release OpenJDK source tarballs except for GA release. http://download.java.net/openjdk/jdk8 Patches for FreeBSD ports tree are maintained by glewis and it is directly generated from public Mercurial, AFAIK. http://hg.openjdk.java.net/jdk8u/jdk8u Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWSjPrAAoJEHyflib82/FGR78H/jxcI8IKJxS3DdgwoM5fUPXe Bs46EiYp+HrkKCai4tT6bRHBb8VY/9BrgJf2S0nsaGqr39RUtJkT3C17acDM+gYl miYf07fV41GXhComREGkQW23WkEvWC3XpD/UG2LhKwm7GgVu7pEKNd/cbnVU1Pzl 7GG5Gi479dyM3piTWIkwoXV+UkBh60u2qZ/h5UhTI3K8EQea3yNOTznUlVsG4aAu NJIMtgohrccszD8nOG36ohE8POWLVmODKrXVtTFEdra5IHnJPeKSHYEUJDkPlxxb gnhu9XXjSIu3uVWMhgJI207K9x4psh+Isg9l7mdCiTuNa0RtSQ/+/nF3VqPq0d4= =Rkye -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Mon Nov 16 19:57:48 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4759AA308A4; Mon, 16 Nov 2015 19:57:48 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:1900:2254:206a::19:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx2.freebsd.org", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2F7CA1158; Mon, 16 Nov 2015 19:57:48 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from hammer.pct.niksun.com (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx2.freebsd.org (Postfix) with ESMTP id 6ADEE65F8F; Mon, 16 Nov 2015 19:57:47 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Subject: Re: java/openjdk8 and jre To: Mark Felder , Robert Simmons References: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> <1447682799.243430.441054785.7914EFBA@webmail.messagingengine.com> <1447685844.882362.441101225.09D0492D@webmail.messagingengine.com> <564A33F0.9010902@FreeBSD.org> Cc: freebsd-security@freebsd.org, ports-secteam@freebsd.org, java@freebsd.org, Greg Lewis From: Jung-uk Kim Message-ID: <564A353B.3040102@FreeBSD.org> Date: Mon, 16 Nov 2015 14:57:47 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <564A33F0.9010902@FreeBSD.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 19:57:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/16/15 02:52 PM, Jung-uk Kim wrote: > Patches for FreeBSD ports tree are maintained by glewis and it is > directly generated from public Mercurial, AFAIK. > > http://hg.openjdk.java.net/jdk8u/jdk8u and its modules: http://hg.openjdk.java.net/jdk8u/jdk8u/corba http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp http://hg.openjdk.java.net/jdk8u/jdk8u/jaxws http://hg.openjdk.java.net/jdk8u/jdk8u/jdk http://hg.openjdk.java.net/jdk8u/jdk8u/langtools http://hg.openjdk.java.net/jdk8u/jdk8u/nashorn Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWSjU3AAoJEHyflib82/FGmb4IAJMas/6CEua73OIlXUsie7PC muG+XJpCjLS5ekIfqC67miTYobBb5I1aXN2R7fEsKBP28lPd3/G0/t4HS+rT03IA So/Y2D5lrO8lhw0SojwLcky3Zqb9cjxSKmtFO7dbNpLKxXhbTgl3MemKz1jmmGmu v2qc0BKJIrltj0gk9F+I9/6K42ySfbBqIDCiPuOxN97/Ks7oRNB0OKJ57/8anp/I GOCAGRAhDfm0fuME2Po/icueF2ddWVgL67+nuYJRV64KHhvRE+Nv1cM/6FKgWNpS XzUZQNYnCRA7hjitE04yT6dLYqhwh9cIfmBhpEs1n/+KfkcdJ+aRFg3p1AYrDv8= =uaU4 -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Tue Nov 17 13:36:09 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE951A319EE for ; Tue, 17 Nov 2015 13:36:09 +0000 (UTC) (envelope-from glewis@eyesbeyond.com) Received: from misty.eyesbeyond.com (gerbercreations.com [71.39.140.16]) by mx1.freebsd.org (Postfix) with ESMTP id 800501F24; Tue, 17 Nov 2015 13:36:09 +0000 (UTC) (envelope-from glewis@eyesbeyond.com) Received: from misty.eyesbeyond.com (localhost.eyesbeyond.com [127.0.0.1]) by misty.eyesbeyond.com (8.15.2/8.15.2) with ESMTP id tAHDZrR3040313; Tue, 17 Nov 2015 05:35:53 -0800 (PST) (envelope-from glewis@eyesbeyond.com) Received: (from glewis@localhost) by misty.eyesbeyond.com (8.15.2/8.15.2/Submit) id tAHDZrqw040312; Tue, 17 Nov 2015 05:35:53 -0800 (PST) (envelope-from glewis@eyesbeyond.com) X-Authentication-Warning: misty.eyesbeyond.com: glewis set sender to glewis@eyesbeyond.com using -f Date: Tue, 17 Nov 2015 05:35:53 -0800 From: Greg Lewis To: Jung-uk Kim Cc: Mark Felder , Robert Simmons , freebsd-security@FreeBSD.org, ports-secteam@FreeBSD.org, java@FreeBSD.org, Greg Lewis Subject: Re: java/openjdk8 and jre Message-ID: <20151117133552.GA37538@misty.eyesbeyond.com> References: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> <1447682799.243430.441054785.7914EFBA@webmail.messagingengine.com> <1447685844.882362.441101225.09D0492D@webmail.messagingengine.com> <564A33F0.9010902@FreeBSD.org> <564A353B.3040102@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <564A353B.3040102@FreeBSD.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2015 13:36:09 -0000 On Mon, Nov 16, 2015 at 02:57:47PM -0500, Jung-uk Kim wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 11/16/15 02:52 PM, Jung-uk Kim wrote: > > Patches for FreeBSD ports tree are maintained by glewis and it is > > directly generated from public Mercurial, AFAIK. > > > > http://hg.openjdk.java.net/jdk8u/jdk8u > > and its modules: > > http://hg.openjdk.java.net/jdk8u/jdk8u/corba > http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot > http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp > http://hg.openjdk.java.net/jdk8u/jdk8u/jaxws > http://hg.openjdk.java.net/jdk8u/jdk8u/jdk > http://hg.openjdk.java.net/jdk8u/jdk8u/langtools > http://hg.openjdk.java.net/jdk8u/jdk8u/nashorn That is correct. I'm a little behind since my diff generating script didn't cope with 8u66 terribly well. I'll see if I can generate a good diff for it today. -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org