[CentOS] Java versions in CentOS

Wed Feb 19 19:10:58 UTC 2014
Tom Cartwright <tom.cartwright at bbc.co.uk>

Thanks Johnny,

I've raised the question with RHEL too: https://www.redhat.com/archives/rhelv6-list/2014-February/msg00027.html

It looks like the RHEL-6.5 package is also b02, so there's consistency, but it does mean that there are patches missing from the release, such as the one i linked to.

>From the JDK bug tracker it looks like the issue i mentioned was fixed in a build made in December (https://bugs.openjdk.java.net/browse/JDK-8029404) so its a surprise to see an older package come out with the security advisory in January.

________________________________________
From: centos-bounces at centos.org [centos-bounces at centos.org] on behalf of Johnny Hughes [johnny at centos.org]
Sent: 19 February 2014 17:56
To: centos at centos.org
Subject: Re: [CentOS] Java versions in CentOS

On 02/19/2014 11:12 AM, Tom Cartwright wrote:
> Hi All,
>
> Following the latest security updates from Oracle, the version of OpenJDK package is currently listed as:
>
> java-1.7.0-openjdk-1.7.0.51-2.4.4.1.el6_5.x86_64.rpm
>
> The Redhat security advisory lists these packages: https://rhn.redhat.com/errata/RHSA-2014-0026.html
> but it makes no reference to the build number, which it turns out is important.
>
> The build on the package in centos 6.5 is currently listed as b02:
>
> [........]$ java -version
> java version "1.7.0_51"
> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
> OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>
> However changes were being made in at least b10: https://bugs.openjdk.java.net/browse/JDK-8028111
>
> I guess this raises three questions:
>
> 1. How is the build of the JDK selected for a security update in RHEL/CentOS?
> 2. Could the b number be made more clear in the release information given its importance?
> 3. Is it possible to JDK package be updated to the latest build number, given the current one has missing backports?
>
> Thanks,
>
> Tom

Well, the answer to this question in relation to CentOS is easy.  When
Red Hat releases a package for RHEL (any package, java-1.7.0-openjdk or
anything else), then we build it.

As to what Red Hat selects, when they select it or why, or any of the
other questions you have ... we have no idea.  We build what they
release when they release it on our build system.

Someone who has RHEL-6.5 might be able to post the java -version from
that package as a comparison.



-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------