Skip to content

[20.09] openjdk: 11.0.8 -> 11.0.9 #102831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 5, 2020
Merged

[20.09] openjdk: 11.0.8 -> 11.0.9 #102831

merged 1 commit into from
Nov 5, 2020
+3 −3

Conversation

asbachb
Copy link
Contributor

@asbachb asbachb commented Nov 4, 2020
edited
Loading

(cherry picked from commit e659537)

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@asbachb
openjdk: 11.0.8 -> 11.0.9
9ff426c 
(cherry picked from commit e659537)
@ofborg ofborg bot requested a review from edwtjo November 4, 2020 23:01
@ofborg ofborg bot added 11.by: package-maintainer This PR was created by the maintainer of the package it changes 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 11-100 labels Nov 4, 2020
@asbachb
Copy link
Contributor Author

asbachb commented Nov 5, 2020

/marvin opt-in
/status needs_reviewer

@marvin-mk2
Copy link

marvin-mk2 bot commented Nov 5, 2020

Hi! I'm an experimental bot. My goal is to guide this PR through its stages, hopefully ending with a merge. You can read up on the usage here.

@marvin-mk2 marvin-mk2 bot added marvin This PR was reviewed by Marvin, a discontinued bot: https://github.com/timokau/marvin-mk2 needs_reviewer (old Marvin label, do not use) labels Nov 5, 2020
@marvin-mk2 marvin-mk2 bot added awaiting_reviewer (old Marvin label, do not use) and removed needs_reviewer (old Marvin label, do not use) labels Nov 5, 2020
@vikanezrimaya
Copy link
Member

vikanezrimaya commented Nov 5, 2020
edited
Loading

/status needs_merger

I hope I'm doing it all right. Not only with the bot, but with the workflow in general.

@marvin-mk2 marvin-mk2 bot added needs_merger (old Marvin label, do not use) and removed awaiting_reviewer (old Marvin label, do not use) labels Nov 5, 2020
@marvin-mk2 marvin-mk2 bot requested a review from timokau November 5, 2020 11:37
@marvin-mk2 marvin-mk2 bot added awaiting_merger (old Marvin label, do not use) and removed needs_merger (old Marvin label, do not use) labels Nov 5, 2020
@timokau
Copy link
Member

timokau commented Nov 5, 2020

Since this is a backport, have you looked at the changelog and made sure that there are no potentially breaking changes? We do not want to disrupt anybody's workflow on a stable system.

@vikanezrimaya
Copy link
Member

@timokau since this is a point release of JDK, I wouldn't expect any breaking changes, only bugfixes and security patches. https://foojay.io/java-11/?quarter=102020&tab=highlights&version=11.0.9 confirms my suspicions - lots of bugfixes, some security patches.

@asbachb
Copy link
Contributor Author

asbachb commented Nov 5, 2020

@timokau @kisik21 I guess the only thing which may generate some trouble is: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8233228

At least this popped in one of my projects.

@vikanezrimaya
Copy link
Member

@asbachb citing the issue you linked:

The risk level of this change is minimal as users can change the security properties to re-enable all or some of the curves. The risk level to the release is minimal as it's very localized to the security APIs.

Can we somehow provide documentation for users to do that on their own if they need those curves?

@asbachb
Copy link
Contributor Author

asbachb commented Nov 5, 2020

@kisik21 I guess normally you'd adjust java.security file. I think in NixOs there's currently no way todo adjustments to that file via configuration. So the only way for an end user would be to pass a system argument java.security.properties to set an own java.security file.

@asbachb
Copy link
Contributor Author

asbachb commented Nov 5, 2020

I guess same would apply to #102839

@vikanezrimaya
Copy link
Member

Then I guess we can merge this one too. Maybe the update disabling less secure curves will make some users migrate to stronger cryptography? 😸

@timokau
Copy link
Member

timokau commented Nov 5, 2020

since this is a point release of JDK, I wouldn't expect any breaking changes

That's reasonable, but it can't hurt to double check. openjdk is a very central package, and not all projects assign the same meaning to "point release".

Thanks for checking! I think the issue you linked is fine, since its a very minor regression and security-relevant.

@timokau timokau merged commit 90b0ae7 into NixOS:release-20.09 Nov 5, 2020
@asbachb asbachb deleted the backport/openjdk11 branch January 25, 2021 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vikanezrimaya vikanezrimaya

@edwtjo edwtjo

@timokau timokau

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 11-100 11.by: package-maintainer This PR was created by the maintainer of the package it changes awaiting_merger (old Marvin label, do not use) marvin This PR was reviewed by Marvin, a discontinued bot: https://github.com/timokau/marvin-mk2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@asbachb @vikanezrimaya @timokau