[OE-core] [meta-java][dunfell] [PATCH] xerces-j: Upgrade to 2.12.2

Mon, 04 Jul 2022 05:45:40 -0700 

From: Neetika Singh <neetika.si...@kpit.com>

As per below links CVE-2022-23437 is fixed by upgrade of
xerces-j version to 2.12.2.
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-23437
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=743111a72f39a1b24f87bd1b2fc32ef707b41407

Hence upgrade the version.

Signed-off-by: Neetika Singh <neetika.si...@kpit.com>
---
 .../xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb}   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename recipes-core/xerces-j/{xerces-j_2.11.0.bb => xerces-j_2.12.2.bb} (88%)

diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb 
b/recipes-core/xerces-j/xerces-j_2.12.2.bb
similarity index 88%
rename from recipes-core/xerces-j/xerces-j_2.11.0.bb
rename to recipes-core/xerces-j/xerces-j_2.12.2.bb
index fda6fe4..bc2780e 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.12.2.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = " \
                     
file://LICENSE.serializer.txt;md5=d229da563da18fe5d58cd95a6467d584 \
                    "

-SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz";
+SRC_URI = 
"http://archive.apache.org/dist/xerces/j/source/Xerces-J-src.${PV}.tar.gz";

 # CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux 
versions.
 # Already fixed with updates and closed.
@@ -20,7 +20,7 @@ SRC_URI = 
"http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz";
 # https://bugzilla.redhat.com/show_bug.cgi?id=1567542
 CVE_CHECK_WHITELIST += "CVE-2018-2799"

-S = "${WORKDIR}/xerces-2_11_0"
+S = "${WORKDIR}/xerces-2_12_2"

 inherit java-library

@@ -63,7 +63,7 @@ do_compile() {

 }

-SRC_URI[md5sum] = "d01fc11eacbe43b45681cb85ac112ebf"
-SRC_URI[sha256sum] = 
"f59a5ef7b51bd883f2e9bda37a9360692e6c5e439b98d9b6ac1953e1f98b0680"
+SRC_URI[md5sum] = "41dde3c515fca8d307416123bc07a739"
+SRC_URI[sha256sum] = 
"6dd1ebd4c88e935c182375346cd7365514bd8dd2ad2f30f0d0b05257bab34ee8"

 BBCLASSEXTEND = "native"
--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167604): 
https://lists.openembedded.org/g/openembedded-core/message/167604
Mute This Topic: https://lists.openembedded.org/mt/92163687/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to