openjdk-17 (security release): bundle gtest, update problemlists. (!54) · Merge requests · OpenJDK / openjdk

Rationale for bundling gtest:

upstream is aggressive about bumping gtest version and now hardcodes minimum version in master.
we need google test for backports
google test has a large number reverse dependencies
introducing a versioned googletest for openjdk testing has additional overhead and might cause issues between openjdk versions present in the same release.
jammy needs a gtest compatibility patch to fix build issues (which would be strange to apply from openjdk)
there is no known CVE history for google test [1]
binaries that include google test are not included in the deb files

Changes:

   * OpenJDK 17.0.9 release, build 9.
    - CVE-2023-30589, CVE-2023-22081, CVE-2023-22091, CVE-2023-22025.	
      The patch for CVE-2023-30589 also addresses CVE-2023-30585,
      CVE-2023-30588, and CVE-2023-30590.
    - Release notes: 
      https://www.oracle.com/java/technologies/javase/17-0-9-relnotes.html#R17_0_9
  * Backport upstream fix for jexec: can't locate java:
    No such file or directory.  Closes: 1029342.
  * d/rules, d/watch: bundle googltest 1.14.
  * d/test: update problemlist.
  * d/p: exclude-broken-tests.patch.
  * d/p/reproducible-properties-timestamp.diff: use the privileged action
    to read the system property (JDK-8272157, 914278).

Testing:

generate original tarball with uscan
generate original tarball with get-orig target
build in sid chroot
ppa build: https://launchpad.net/~vpa1977/+archive/ubuntu/october-21/+sourcepub/15217424/+listing-archive-extra

[1] https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=%22google+test%22&search_type=all&isCpeNameSearch=false

Edited Oct 18, 2023 by Vladimir Petko

openjdk-17 (security release): bundle gtest, update problemlists.

Merge request reports