Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Fedora 27: FEDORA-2018-d4bfa98f6a Critical OpenJDK Threat

fedora
Calendar Grey July 31, 2018
Dist Fedora Esm H88
Important patch rollout for OpenJDK tackling security flaws in Fedora, safeguarding operational stability and user safety.
Security critical patch update for OpenJDK (July CPU)

Summary

The OpenJDK runtime environment.

Security critical patch update for OpenJDK (July CPU). See

https://www.oracle.com/security-alerts/cpujul2018.html

* Mon Jul 23 2018 Jiri Vanek - 11:1.8.0.181-7.b13

- updated to u181

- patches aligned according to rhel7 (full credit to gnu_andrew)

- removed upstreamed patch104 pr3458-rh1540242-aarch64.patch

- removed upstreamed patch568 8187577-pr3578.patch

* Tue Jul 17 2018 Jiri Vanek - 11:1.8.0.172-16.b11

- added Recommends gtk2 for main package

- added Suggests lksctp-tools, pcsc-lite-devel, cups for headless package

- see RHBZ1598152

* Tue Jul 10 2018 Severin Gehwolf - 1:1.8.0.172-13.b11

- Fix hook to show hs_err*.log files on failures.

* Mon Jul 2 2018 Severin Gehwolf - 1:1.8.0.172-12.b11

- Fix requires/provides filters for internal libs. See

RHBZ#1590796

* Wed Jun 20 2018 Andrew Hughes - 1:1.8.0.172-11.b11

- Add additional fix (PR3601) to fix -Wreturn-type failures introduced by 8061651

- Backport 8064786 (PR3601) to fix -Wreturn-type failure on debug builds.

- Bring in PR3519 from IcedTea 3.7.0 to fix remaining -Wreturn-type failure on AArch64.

- Sync with IcedTea 3.8.0 patches to use -Wreturn-type.

- Add backports of 8141570, 8143245, 8197981 & 8062808.

- Drop pr3458-rh1540242-zero.patch which is covered by 8143245.

* Wed Jun 20 2018 Jiri Vanek - 11:1.8.0.172-10.b11

- jsa files changed to 444 to pass rpm verification

* Mon Jun 18 2018 Severin Gehwolf - 1:1.8.0.172-9.b11

- Filter private provides/requires: 'lib.so(SUNWprivate_.*'

* Thu Jun 14 2018 Severin Gehwolf - 1:1.8.0.172-8.b11

- Add provides/requires for libjvm.so back. See RHBZ#1591215.

* Wed Jun 13 2018 Severin Gehwolf - 1:1.8.0.172-7.b11

- Fix reg-ex for filtering private libraries' provides/requires.

* Wed Jun 13 2018 Andrew Hughes - 1:1.8.0.172-6.b11

- Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with these flags.

- Remove duplicate -fstack-protector-strong; it is provided by the RHEL cflags.

- Add missing changelog credits

* Mon Jun 11 2018 Jiri Vanek - 1:1.8.0.172-5.b11

- Merge changes from RHEL 7

* Mon Jun 11 2018 Andrew Hughes - 1:1.8.0.172-5.b11

- Read jssecacerts file prior to trying either cacerts file (system or local) (PR3575)

* Mon Jun 11 2018 Andrew Hughes - 1:1.8.0.172-5.b11

- Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546)

* Thu Jun 7 2018 Andrew Hughes - 1:1.8.0.172-5.b11

- Update Shenandoah tarball to include 2018-05-15 merge.

- Split PR3458/RH1540242 fix into AArch64 & Zero sections, so former can be skipped on Shenandoah builds.

- Drop PR3573 patch applied upstream.

- Restrict 8187577 fix to non-Shenandoah builds, as it's included in the new tarball.

* Thu Jun 7 2018 Andrew Hughes - 1:1.8.0.172-5.b11

- Sync with IcedTea 3.8.0.

- Label architecture-specific fixes with architecture concerned

- x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround)

- PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build

- 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode

- 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds

- 8185723, PR3553: Zero: segfaults on Power PC 32-bit

- 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe

- PR3559: Use ldrexd for atomic reads on ARMv7.

- 8187577, PR3578: JVM crash during gc doing concurrent marking

- 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong

- 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile

- PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code

- 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26

* Wed Jun 6 2018 Jiri Vanek - 1:1.8.0.172-1.b11

- updated to u172-b11

- removed patches:

- patch207 8200556-pr3566.patch

- patch104 pr3458-rh1540242.patch

- patch209 8035496-hotspot.patch

- patch700 pr3573.patch

* Fri May 4 2018 Severin Gehwolf - 1:1.8.0.171-5.b10

- Remove duplicate patch rhbz_1538767_fix_linking2.patch. Just use

rhbz_1538767_fix_linking.patch.

* Wed Apr 25 2018 Severin Gehwolf - 1:1.8.0.171-4.b10

- Enable hardened build unconditionally (also for Zero).

Resolves RHBZ#1290936.

* Tue Apr 24 2018 Severin Gehwolf - 1:1.8.0.171-3.b10

- Enable hardened build for Aarch64.

* Tue Apr 24 2018 Severin Gehwolf - 1:1.8.0.171-2.b10

- Update rhbz1548475-LDFLAGSusage.patch to also set linker

flags for libsaproc.so and libjsig.so.

* Wed Apr 18 2018 Jiri Vanek - 1:1.8.0.171-1.b10

- Update to aarch64-jdk8u171-b10 and aarch64-shenandoah-jdk8u171-b10.

- Fix jconsole.desktop.in subcategory, replacing "Monitor" with "Profiling" (PR3550) (gnu_andrew)

- Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add misisng ones (gnu_andrew)

* Wed Apr 18 2018 Jiri Vanek - 1:1.8.0.162-7.b12

- added ownership of policy dir and subdirs

- removed ignored attributes for classes.jsa

* Tue Apr 10 2018 Severin Gehwolf - 1:1.8.0.162-6.b12

- Use correct patch for RHBZ#1538767 (JDK-8196516)

* Mon Apr 2 2018 Andrew Hughes - 1:1.8.0.162-5.b12

- Cleanup from previous commit.

- Remove unused upstream patch 8167200.hotspotAarch64.patch.

* Thu Mar 29 2018 Jiri Vanek - 1:1.8.0.162-3.b12

- returned patch562 rhbz_1540242.patch

- added Patch563 rhbz_1536622-JDK8197429-jdk8.patch

* Mon Mar 26 2018 Jiri Vanek - 1:1.8.0.162-2.b12

- Added patch 540 rhbz1548475-LDFLAGSusage.patch to honor build flags fully

* Wed Mar 21 2018 Andrew Hughes - 1:1.8.0.162-1.b12

- Update to aarch64-jdk8u162-b12 and aarch64-shenandoah-jdk8u162-b12.

- Remove upstreamed patches for 8181055/PR3394/RH1448880,

- 8181419/PR3413/RH1463144, 8145913/PR3466/RH1498309,

- 8168318/PR3466/RH1498320, 8170328/PR3466/RR1498321 and

- 8181810/PR3466/RH1498319.

* Wed Mar 7 2018 Adam Williamson - 1:1.8.0.161-9.b14

- Rebuild to fix GCC 8 mis-compilation

See https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/LV44XSN4MZOROBGHBBK6CHPBEHRPKFVO/ ("GCC 8 ABI change on x86_64")

* Sun Feb 11 2018 Sandro Mani - 1:1.8.0.161-8.b14

- Rebuild (giflib)

* Fri Feb 9 2018 Igor Gnatenko - 1:1.8.0.161-7.b14

- Escape macros in %changelog

* Wed Feb 7 2018 Fedora Release Engineering - 1:1.8.0.161-6.b14

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Wed Jan 31 2018 Severin Gehwolf - 1:1.8.0.161-5.b14

- Additional fix needed for FTBFS bug on aarch64.

Resolves RHBZ#1540242.

* Wed Jan 31 2018 Severin Gehwolf - 1:1.8.0.161-4.b14

- Add fix for FTBFS on aarch64 and armv7hl.

Resolves RHBZ#1540242.

* Tue Jan 30 2018 Severin Gehwolf - 1:1.8.0.161-3.b14

- Include Aarch64 build fixes post January 2018 CPU.

* Mon Jan 29 2018 Severin Gehwolf - 1:1.8.0.161-2.b14

- Work around ppc64le gdb backtrace problem in %check.

See RHBZ#1539664

* Wed Jan 24 2018 Severin Gehwolf - 1:1.8.0.161-1.b14

- Fix FTBFS due to link failure in libfontmanager.so

- See RHBZ#1538767

* Wed Jan 24 2018 jvanek - 1:1.8.0.161-0.b14

- updated to u161, rmeoved upstreamed patches

- removed patch555 8164293-pr3412-rh1459641.patch

- removed patch550 8175813-pr3394-rh1448880.patch

- removed patch547 8173941-pr3326.patch

- removed patch532 8162384-pr3122-rh1358661.patch

- removed patch535 8153711-pr3313-rh1284948.patch

- removed patch561 8075484-pr3473-rh1490713.patch

- removed patch554 8175887-pr3415.patch

* Mon Nov 13 2017 jvanek - 1:1.8.0.151-1.b12

- added ownership of etc dirs

- sysconfdir/.java/.systemPrefs

- sysconfdir/.java

* Wed Oct 25 2017 jvanek - 1:1.8.0.151-1.b12

- updated to aarch64-jdk8u151-b12 (from aarch64-port/jdk8u)

- updated to aarch64-shenandoah-jdk8u151-b12 (from aarch64-port/jdk8u-shenandoah) of hotspot

- used aarch64-port-jdk8u-aarch64-jdk8u151-b12.tar.xz as new sources

- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u151-b12.tar.xz as new sources for hotspot

- tapset updated to 3.6pre02

- policies adapted to new limited/unlimited schmea

- above acomapnied by c-j-c 3.3

- alligned patches and added PPC ones (thanx to gnu_andrew)

- added patch209: 8035496-hotspot.patch

- added patch210: suse_linuxfilestore.patch

[ 1 ] Bug #1509371 - JDK UseCGroupMemoryLimitForHeap not systemd compatible

https://bugzilla.redhat.com/show_bug.cgi?id=1509371

su -c 'dnf upgrade --advisory FEDORA-2018-d4bfa98f6a' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BAGGEZ7NSKJTZLJOX2MCSEKUSKL7FZK/

Topics%20covered

Topics Covered

security advisory Fedora critical update patch runtime environment Java OpenJDK

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 1.8.0.181
Release: 7.b13.fc27
URL: https://openjdk.org/
Summary: OpenJDK Runtime Environment

Topics%20covered

Topics Covered

security advisory Fedora critical update patch runtime environment Java OpenJDK

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here