Since this is a patch for meta-java it should be sent to: [email protected]
Also, it shouldn't be tagged for [oe-core], just [meta-java] Steve On Mon, Jul 4, 2022 at 2:45 AM Neetika.Singh via lists.openembedded.org <[email protected]> wrote: > > From: Neetika Singh <[email protected]> > > As per below links CVE-2022-23437 is fixed by upgrade of > xerces-j version to 2.12.2. > https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-23437 > https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=743111a72f39a1b24f87bd1b2fc32ef707b41407 > > Hence upgrade the version. > > Signed-off-by: Neetika Singh <[email protected]> > --- > .../xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb} | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > rename recipes-core/xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb} (88%) > > diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb > b/recipes-core/xerces-j/xerces-j_2.12.2.bb > similarity index 88% > rename from recipes-core/xerces-j/xerces-j_2.11.0.bb > rename to recipes-core/xerces-j/xerces-j_2.12.2.bb > index fda6fe4..bc2780e 100644 > --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb > +++ b/recipes-core/xerces-j/xerces-j_2.12.2.bb > @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = " \ > > file://LICENSE.serializer.txt;md5=d229da563da18fe5d58cd95a6467d584 \ > " > > -SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"; > +SRC_URI = > "http://archive.apache.org/dist/xerces/j/source/Xerces-J-src.${PV}.tar.gz"; > > # CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux > versions. > # Already fixed with updates and closed. > @@ -20,7 +20,7 @@ SRC_URI = > "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"; > # https://bugzilla.redhat.com/show_bug.cgi?id=1567542 > CVE_CHECK_WHITELIST += "CVE-2018-2799" > > -S = "${WORKDIR}/xerces-2_11_0" > +S = "${WORKDIR}/xerces-2_12_2" > > inherit java-library > > @@ -63,7 +63,7 @@ do_compile() { > > } > > -SRC_URI[md5sum] = "d01fc11eacbe43b45681cb85ac112ebf" > -SRC_URI[sha256sum] = > "f59a5ef7b51bd883f2e9bda37a9360692e6c5e439b98d9b6ac1953e1f98b0680" > +SRC_URI[md5sum] = "41dde3c515fca8d307416123bc07a739" > +SRC_URI[sha256sum] = > "6dd1ebd4c88e935c182375346cd7365514bd8dd2ad2f30f0d0b05257bab34ee8" > > BBCLASSEXTEND = "native" > -- > 2.17.1 > > This message contains information that may be privileged or confidential and > is the property of the KPIT Technologies Ltd. It is intended only for the > person to whom it is addressed. If you are not the intended recipient, you > are not authorized to read, print, retain copy, disseminate, distribute, or > use this message or any part thereof. If you receive this message in error, > please notify the sender immediately and delete all copies of this message. > KPIT Technologies Ltd. does not accept any liability for virus infected mails. > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#167615): https://lists.openembedded.org/g/openembedded-core/message/167615 Mute This Topic: https://lists.openembedded.org/mt/92163687/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
