Hi All,
Following the latest security updates from Oracle, the version of OpenJDK package is currently listed as:
java-1.7.0-openjdk-1.7.0.51-2.4.4.1.el6_5.x86_64.rpm
The Redhat security advisory lists these packages: https://rhn.redhat.com/errata/RHSA-2014-0026.html but it makes no reference to the build number, which it turns out is important.
The build on the package in centos 6.5 is currently listed as b02:
[........]$ java -version java version "1.7.0_51" OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02) OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
However changes were being made in at least b10: https://bugs.openjdk.java.net/browse/JDK-8028111
I guess this raises three questions:
1. How is the build of the JDK selected for a security update in RHEL/CentOS? 2. Could the b number be made more clear in the release information given its importance? 3. Is it possible to JDK package be updated to the latest build number, given the current one has missing backports?
Thanks,
Tom
----------------------------- http://www.bbc.co.uk This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -----------------------------
On 02/19/2014 11:12 AM, Tom Cartwright wrote:
Hi All,
Following the latest security updates from Oracle, the version of OpenJDK package is currently listed as:
java-1.7.0-openjdk-1.7.0.51-2.4.4.1.el6_5.x86_64.rpm
The Redhat security advisory lists these packages: https://rhn.redhat.com/errata/RHSA-2014-0026.html but it makes no reference to the build number, which it turns out is important.
The build on the package in centos 6.5 is currently listed as b02:
[........]$ java -version java version "1.7.0_51" OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02) OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
However changes were being made in at least b10: https://bugs.openjdk.java.net/browse/JDK-8028111
I guess this raises three questions:
- How is the build of the JDK selected for a security update in RHEL/CentOS?
- Could the b number be made more clear in the release information given its importance?
- Is it possible to JDK package be updated to the latest build number, given the current one has missing backports?
Thanks,
Tom
Well, the answer to this question in relation to CentOS is easy. When Red Hat releases a package for RHEL (any package, java-1.7.0-openjdk or anything else), then we build it.
As to what Red Hat selects, when they select it or why, or any of the other questions you have ... we have no idea. We build what they release when they release it on our build system.
Someone who has RHEL-6.5 might be able to post the java -version from that package as a comparison.
Thanks Johnny,
I've raised the question with RHEL too: https://www.redhat.com/archives/rhelv6-list/2014-February/msg00027.html
It looks like the RHEL-6.5 package is also b02, so there's consistency, but it does mean that there are patches missing from the release, such as the one i linked to.
From the JDK bug tracker it looks like the issue i mentioned was fixed in a build made in December (https://bugs.openjdk.java.net/browse/JDK-8029404) so its a surprise to see an older package come out with the security advisory in January.
________________________________________ From: centos-bounces@centos.org [centos-bounces@centos.org] on behalf of Johnny Hughes [johnny@centos.org] Sent: 19 February 2014 17:56 To: centos@centos.org Subject: Re: [CentOS] Java versions in CentOS
On 02/19/2014 11:12 AM, Tom Cartwright wrote:
Hi All,
Following the latest security updates from Oracle, the version of OpenJDK package is currently listed as:
java-1.7.0-openjdk-1.7.0.51-2.4.4.1.el6_5.x86_64.rpm
The Redhat security advisory lists these packages: https://rhn.redhat.com/errata/RHSA-2014-0026.html but it makes no reference to the build number, which it turns out is important.
The build on the package in centos 6.5 is currently listed as b02:
[........]$ java -version java version "1.7.0_51" OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02) OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
However changes were being made in at least b10: https://bugs.openjdk.java.net/browse/JDK-8028111
I guess this raises three questions:
- How is the build of the JDK selected for a security update in RHEL/CentOS?
- Could the b number be made more clear in the release information given its importance?
- Is it possible to JDK package be updated to the latest build number, given the current one has missing backports?
Thanks,
Tom
Well, the answer to this question in relation to CentOS is easy. When Red Hat releases a package for RHEL (any package, java-1.7.0-openjdk or anything else), then we build it.
As to what Red Hat selects, when they select it or why, or any of the other questions you have ... we have no idea. We build what they release when they release it on our build system.
Someone who has RHEL-6.5 might be able to post the java -version from that package as a comparison.
----------------------------- http://www.bbc.co.uk This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -----------------------------
--On Wednesday, February 19, 2014 11:56:40 AM -0600 Johnny Hughes johnny@centos.org wrote:
Someone who has RHEL-6.5 might be able to post the java -version from that package as a comparison.
% cat /etc/redhat-release Red Hat Enterprise Linux Workstation release 6.5 (Santiago)
% java -version java version "1.7.0_40" Java(TM) SE Runtime Environment (build 1.7.0_40-b43) Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode)
Devin
--On Wednesday, February 19, 2014 01:30:49 PM -0700 Devin Reade gdr@gno.org wrote:
java version "1.7.0_40"
Disregard that. That is from a development machine that for other reasons is running that specific (non-default) version.
Devin
On Wed, Feb 19, 2014 at 12:33 PM, Devin Reade gdr@gno.org wrote:
--On Wednesday, February 19, 2014 01:30:49 PM -0700 Devin Reade gdr@gno.org wrote:
java version "1.7.0_40"
Disregard that. That is from a development machine that for other reasons is running that specific (non-default) version.
Here it is:
$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.5 (Santiago)
$ java -version java version "1.7.0_51" OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-i386 u51-b02) OpenJDK Client VM (build 24.45-b08, mixed mode, sharing)
Akemi
On 02/19/2014 02:47 PM, Akemi Yagi wrote:
On Wed, Feb 19, 2014 at 12:33 PM, Devin Reade gdr@gno.org wrote:
--On Wednesday, February 19, 2014 01:30:49 PM -0700 Devin Reade gdr@gno.org wrote:
java version "1.7.0_40"
Disregard that. That is from a development machine that for other reasons is running that specific (non-default) version.
Here it is:
$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.5 (Santiago)
$ java -version java version "1.7.0_51" OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-i386 u51-b02) OpenJDK Client VM (build 24.45-b08, mixed mode, sharing)
Looks the same as the CentOS version .. looks good to me.
Now, Red Hat would need to answer if they have all the updates rolled in.
-
Akemi Yagi -
Devin Reade -
Johnny Hughes -
Tom Cartwright