| Summary: | java.security was not updated in lates (july 2016) CPU security update | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | jiri vanek <jvanek> |
| Component: | java-1.8.0-openjdk | Assignee: | jiri vanek <jvanek> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | ahughes, jvanek |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | java-1.8.0-openjdk-1.8.0.102-3.b14.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-05 06:49:05 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
jiri vanek
2016-08-31 15:42:23 UTC
They weren't missed, there hasn't been a change to java.security since: changeset: 11549:f94285e53b66 user: igerasim date: Tue Dec 15 16:20:09 2015 +0300 summary: 8144773: Further reduce use of MD5 in the January 2016 CPU. An update was missed as part of bug 1302385 for java-1.7.0-openjdk and that's the only one I'm aware of being reported. On RHEL 7.2, I see no rpmnew files for java.security. Are you actually seeing issues with java-1.8.0-openjdk? Yes I do. The same md5sum as is missing in fedora is missing in rhel7.3 In 7.2 different chesum is missing (currentMd5sum=134a37a84983b620f4d8d51a550c0c38) but missing. Thats why the component is jdk8 and not jdk7. jdk7 i affected only in 7.3 Ok, you're not distinguishing here between what is actually a bug and what is nice to have to keep them in sync. In 7.3, removeSunEcProvider-RH1154143.patch was removed which will have changed the java.security there. Hence 134a37a84983b620f4d8d51a550c0c38 needs to be added there so java.security is replaced with the one with SunEC in. The addition of 134a37a84983b620f4d8d51a550c0c38 to 7.2 and the new checksum to 7.3 is good future-proofing, but it's not a bug fix. Hopefully, the new check will catch them earlier. Certainly, none of this is related to the July 2016 CPU but comes from feature changes in RHEL 7.3. Also, I'm not sure what this bug is for, now you've committed this using bug 1295754, the tapset bug. (In reply to Andrew John Hughes from comment #5) > Also, I'm not sure what this bug is for, now you've committed this using bug > 1295754, the tapset bug. You may noticed that it is not built. (In reply to Andrew John Hughes from comment #4) > Ok, you're not distinguishing here between what is actually a bug and what > is nice to have to keep them in sync. > > In 7.3, removeSunEcProvider-RH1154143.patch was removed which will have > changed the java.security there. Hence 134a37a84983b620f4d8d51a550c0c38 > needs to be added there so java.security is replaced with the one with SunEC > in. > > The addition of 134a37a84983b620f4d8d51a550c0c38 to 7.2 and the new checksum > to 7.3 is good future-proofing, but it's not a bug fix. > > Hopefully, the new check will catch them earlier. Thats why I pushed the checks to all possibly affected packages. IMO better to have few more (valid) sums, then miss important one. > > Certainly, none of this is related to the July 2016 CPU but comes from > feature changes in RHEL 7.3. Well the changes necessary to make the test pass in 7.2 are a bit discouraging. http://pkgs.devel.redhat.com/cgit/rpms/java-1.8.0-openjdk/commit/?h=rhel-7.2&id=bd5e5e468ca48b261d285259ab6cf9fc0aead497 (note there is one more compared to 7.3) Thats what this bug is for. to decide if the missing checkusm in currently live packages may have some bad consequences. ANd to fix it if fix it at all. Thank you for confirming that the changes are not CPU related! |