Fedora 28: 2019-C701E6605A Critical: OpenJDK Security Issue

The OpenJDK runtime environment 8.

Update to April 2019 CPU. See:

https://mail.openjdk.org/pipermail/jdk8u-dev/2019-April/009115.html

* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b04-0

- Update to aarch64-shenandoah-jdk8u212-b04.

* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b03-0

- Update to aarch64-shenandoah-jdk8u212-b03.

* Tue Apr 9 2019 Andrew Hughes - 1:1.8.0.212.b02-0

- Update to aarch64-shenandoah-jdk8u212-b02.

- Remove patches included upstream

- JDK-8197429/PR3546/RH153662{2,3}

- JDK-8184309/PR3596

- JDK-8210647/RH1632174

- JDK-8029661/PR3642/RH1477159

- JDK-8145096/PR3693

- Re-generate patches

- JDK-8203030

- Add casts to resolve s390 ambiguity in calls to log2_intptr

- Move JDK-8219772 to correct section as not yet upstreamed

- Add new clhsdb and hsdb binaries.

- Resolves: rhbz#1680640

* Sun Apr 7 2019 Andrew Hughes - 1:1.8.0.202.b08-0

- Update to aarch64-shenandoah-jdk8u202-b08.

- Remove patches included upstream

- JDK-8211387/PR3559

- JDK-8207057/PR3613

- JDK-8165852/PR3468

- JDK-8073139/PR1758/RH1191652

- JDK-8044235

- JDK-8172850/RH1640127

- JDK-8209639/RH1640127

- JDK-8131048/PR3574/RH1498936

- JDK-8164920/PR3574/RH1498936

- Re-generate patches

- JDK-8210647/RH1632174

* Thu Apr 4 2019 Andrew Hughes - 1:1.8.0.201.b13-0

- Update to aarch64-shenandoah-jdk8u201-b13.

- Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream.

* Fri Mar 29 2019 Andrew John Hughes - 1:1.8.0.201.b09-8

- Sync SystemTap & desktop files with upstream IcedTea release using new script

* Tue Feb 19 2019 Severin Gehwolf - 1:1.8.0.201.b09-5

- Add a test verifying system crypto policies can be disabled

* Tue Feb 19 2019 Andrew Hughes - 1:1.8.0.201.b09-4

- Add PR3655 to allow the system crypto policy to be turned off.

* Mon Feb 11 2019 Jiri Vanek - 1:1.8.0.201.b09-3

- config files to etc

* Wed Feb 6 2019 Andrew John Hughes - 1:1.8.0.201.b09-2

- Add backport of JDK-8145096 (PR3693) to fix undefined behaviour issues on newer GCCs

* Tue Feb 5 2019 Andrew Hughes - 1:1.8.0.201.b09-1

- Update to aarch64-shenandoah-jdk8u201-b09.

* Tue Feb 5 2019 Nicolas De Amicis - 1:1.8.0.192.b12-1

- Added FX link of libglassgtk3.so

* Wed Jan 30 2019 Andrew Hughes - 1:1.8.0.192.b12-0

- Update to aarch64-shenandoah-jdk8u192-b12.

- Remove patches included upstream

- JDK-8031668/PR2842

- JDK-8148351/PR2842

- JDK-6260348/PR3066

- JDK-8061305/PR3335/RH1423421

- JDK-8188030/PR3459/RH1484079

- JDK-8205104/PR3539/RH1548475

- JDK-8185723/PR3553

- JDK-8186461/PR3557

- JDK-8201509/PR3579

- JDK-8075942/PR3602

- JDK-8203182/PR3603

- JDK-8206406/PR3610/RH1597825

- JDK-8206425

- JDK-8036003

- JDK-8201495/PR2415

- JDK-8150954/PR2866/RH1176206

- Re-generate patches (mostly due to upstream build changes)

- JDK-8073139/PR1758/RH1191652

- JDK-8143245/PR3548 (due to JDK-8202600)

- JDK-8197429/PR3546/RH1536622 (due to JDK-8189170)

- JDK-8199936/PR3533

- JDK-8199936/PR3591

- JDK-8207057/PR3613

- JDK-8210761/RH1632174 (due to JDK-8207402)

- PR3559 (due to JDK-8185723/JDK-8186461/JDK-8201509)

- PR3593 (due to JDK-8081202)

- RH1566890/CVE-2018-3639 (due to JDK-8189170)

- RH1649664 (due to JDK-8196516)

- Add 8160748 for AArch64 which is missing from upstream 8u version.

- Add port of 8189170 to AArch64 which is missing from upstream 8u version.

* Mon Jan 28 2019 Andrew Hughes - 1:1.8.0.191.b14-1

- Add 8131048 & 8164920 (PR3574/RH1498936) to provide a CRC32 intrinsic for PPC64.

* Thu Jan 24 2019 Andrew Hughes - 1:1.8.0.191.b14-0

- Introduce sa_arches for architectures with sa-jdi.jar and include aarch64

* Thu Jan 10 2019 Andrew Hughes - 1:1.8.0.191.b14-0

- Update to aarch64-shenandoah-jdk8u191-b14.

- Adjust JDK-8073139/PR1758/RH1191652 to apply following 8155627 backport.

* Wed Jan 9 2019 Andrew Hughes - 1:1.8.0.191.b13-0

- Update to aarch64-shenandoah-jdk8u191-b13.

- Update tarball generation script in preparation for PR3667/RH1656676 SunEC changes.

- Use remove-intree-libraries.sh to remove the remaining SunEC code for now.

* Wed Dec 19 2018 Andrew John Hughes - 1:1.8.0.191.b12-13

- Fix jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_jdk.patch paths to pass git apply

* Mon Dec 10 2018 Jiri Vanek - 1:1.8.0.191.b12-12

- adde fx link of libglassgtk2.so (rhbz1657485)

* Thu Nov 22 2018 Andrew John Hughes - 1:1.8.0.191.b12-11

- Add backport of JDK-8029661 which adds TLSv1.2 support to the PKCS11 provider.

* Tue Nov 13 2018 Andrew Hughes - 1:1.8.0.191.b12-10

- Revise Shenandoah PR3634 patch following upstream discussion.

* Wed Nov 7 2018 Jiri Vanek - 1:1.8.0.191.b12-9

- headfull suggests of cups, replaced by Requires of cups-libs in headless

* Wed Nov 7 2018 Andrew Hughes - 1:1.8.0.191.b12-9

- Note why PR1834/RH1022017 is not suitable to go upstream in its current form.

* Mon Nov 5 2018 Andrew Hughes - 1:1.8.0.191.b12-9

- Document patch sections.

* Mon Nov 5 2018 Andrew Hughes - 1:1.8.0.191.b12-9

- Fix patch organisation in the spec file:

- * Move ECC patches back to upstreamable section

- * Move system cacerts & crypto policy patches to upstreamable section

- * Merge "Local fixes" and "RPM fixes" which amount to the same thing

- * Move system libpng & lcms patches back to 8u upstreamable section

* Fri Oct 26 2018 Jiri Vanek - 1:1.8.0.191.b12-8

- added Patch583 jdk8172850-rh1640127-01-register_allocator_crash.patch

- added Patch584 jdk8209639-rh1640127-02-coalesce_attempted_spill_non_spillable.patch

* Tue Oct 23 2018 Jiri Vanek - 1:1.8.0.191.b12-2

- cups moved to headful package

* Tue Oct 23 2018 Jiri Vanek - 1:1.8.0.191.b12-1

- updated to aarch64-shenandoah-jdk8u191-b12

- deleted 8146115-pr3508-rh1463098.patch, pr3619.patch, pr3620.patch - should be upstreamed

- create pr3634-fix_shenandoah_for_size_t_on_s390.patch to fix build failure on s390

* Fri Oct 12 2018 Severin Gehwolf - 1:1.8.0.181.b15-7

- Add patch jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch:

- Annother fix for optimization gaps (annocheck issues)

- Zero 8u version fix was missing. Hence, only shows up on Zero arches.

* Mon Oct 8 2018 Severin Gehwolf - 1:1.8.0.181.b15-6

- Refreshed upstreamed patches (from 8u202):

- jdk8044235-src_zip_should_include_all_sources.patch: src.zip should include all sources.

- jdk8073139-pr2236-rh1191652--use_ppc64le_as_the_arch_directory_on_that_platform_and_report_it_in_os_arch_aarch64_forest.patch,

jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_jdk.patch,

jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_root.patch: PPC64LE JVM reporting issues.

- Moved both patch series to 8u202 sections.

* Mon Oct 1 2018 Severin Gehwolf - 1:1.8.0.181.b15-5

- Add explicit requirement for libXcomposite which is used when performing

screenshots from Java.

- Add explicit BR unzip required for building OpenJDK.

* Thu Sep 27 2018 Severin Gehwolf - 1:1.8.0.181.b15-4

- Add fixes for optimization gaps (annocheck issues):

- 8210761: libjsig is being compiled without optimization

- 8210647: libsaproc is being compiled without optimization

- 8210416: [linux] Poor StrictMath performance due to non-optimized compilation

- 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization

8u upstream and aarch64/jdk8u upstream versions.

* Wed Sep 26 2018 Severin Gehwolf - 1:1.8.0.181.b15-3

- Renamed more patches for clarity:

include-all-srcs.patch => jdk8044235-src_zip_should_include_all_sources.patch

java-1.8.0-openjdk-rh1191652-hotspot-aarch64.patch => jdk8073139-pr2236-rh1191652--use_ppc64le_as_the_arch_directory_on_that_platform_and_report_it_in_os_arch_aarch64_forest.patch

java-1.8.0-openjdk-rh1191652-jdk.patch => jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_jdk.patch

java-1.8.0-openjdk-rh1191652-root.patch => jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_root.patch

* Tue Sep 18 2018 Severin Gehwolf - 1:1.8.0.181.b15-2

- Update(s) from upstreamed patches:

- 8036003-dont-add-unnecessary-debug-links.patch =>

jdk8036003-add_with_native_debug_symbols_configure_flag.patch

- rh1176206-jdk.patch =>

jdk8150954-pr2866-rh1176206-screenshot_xcomposite_jdk.patch =>

Deleted rh1176206-root.patch as thats no longer needed with

upstream 8150954.

- Refreshed jdk8165852-pr3468-mount_point_not_found_for_a_file_which_is_present_in_overlayfs.patch from upstream.

- Refreshed jdk8201495-zero_reduce_limits_of_max_heap_size_for_boot_JDK_on_s390.patch from upstream.

- 8207057-pr3613-hotspot-assembler-debuginfo.patch =>

jdk8207057-pr3613-no_debug_info_for_assembler_files_hotspot.patch and

jdk8207057-pr3613-no_debug_info_for_assembler_files_root.patch. From JDK 8u

review.

- Renamed pr2842-02.patch => jdk8148351-pr2842-02-only_display_resolved_symlink_for_compiler_do_not_change_path.patch.

- Renamed spec-only patch:

pr3183.patch => pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch

- Renamed java-1.8.0-openjdk-size_t.patch =>

jdk8201495-zero_reduce_limits_of_max_heap_size_for_boot_JDK_on_s390.patch

- Moved SunEC provider via system NSS to RPM specific patches section.

- Moved upstream 8u patches to appropriate sections (8u192/8u202).

- Removed rh1214835.patch since it's invalid. See:

- Use --with-native-debug-symbols=internal which JDK-8036003 adds.

* Tue Sep 11 2018 Jiri Vanek - 1:1.8.0.181.b15-1

- fixed unexpanded arch in policy tool desktop file

- fixed versions (8->1.8.0) of images used in desktop files

* Mon Aug 27 2018 Severin Gehwolf - 1:1.8.0.181.b13-9

- Adjust system jpeg patch, jdk8043805-allow_using_system_installed_libjpeg.patch, so as to filter

-Wl,--as-needed. Resolves RHBZ#1622186.

* Mon Aug 27 2018 Severin Gehwolf - 1:1.8.0.181.b13-8

- Adjust system NSS patch, pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch, so as to filter

-Wl,--as-needed. Resolves RHBZ#1622186.

* Thu Aug 23 2018 Andrew Hughes - 1:1.8.0.181.b15-0

- Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u.

- Update to aarch64-shenandoah-jdk8u181-b15.

- Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds.

- Move buildver to where it should be in the OpenJDK version.

- Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620).

- Update pr3539-rh1548475.patch to apply after 8187045.

- Resolves: rhbz#1594249

* Sat Aug 11 2018 Andrew Hughes - 1:1.8.0.181-8.b13

- Remove unneeded functions from ppc shenandoahBarrierSet.

- Resolves: rhbz#1594249

* Wed Aug 8 2018 Andrew Hughes - 1:1.8.0.181-8.b13

- Add missing shenandoahBarrierSet implementation for ppc64{be,le}.

- Resolves: rhbz#1594249

* Tue Aug 7 2018 Andrew Hughes - 1:1.8.0.181-8.b13

- Fix wrong format specifiers in Shenandoah code.

- Resolves: rhbz#1594249

* Tue Aug 7 2018 Andrew Hughes - 1:1.8.0.181-8.b13

- Avoid changing variable types to fix size_t, at least for now.

- Resolves: rhbz#1594249

* Tue Aug 7 2018 Andrew Hughes - 1:1.8.0.181-8.b13

- More size_t fixes for Shenandoah.

- Resolves: rhbz#1594249

* Fri Aug 3 2018 Andrew Hughes - 1:1.8.0.181-8.b13

- Add additional s390 size_t case for Shenandoah.

- Resolves: rhbz#1594249

* Wed Aug 1 2018 Jiri Vanek - 1:1.8.0.181.b13-7

- build number moved from release to version

* Mon Jul 23 2018 Jiri Vanek - 1:1.8.0.181-7.b13

- updated to u181

- patches aligned according to rhel7 (full credit to gnu_andrew)

- removed upstreamed patch104 pr3458-rh1540242-aarch64.patch

- removed upstreamed patch568 8187577-pr3578.patch

* Tue Jul 17 2018 Jiri Vanek - 1:1.8.0.172-16.b11

- added Recommends gtk2 for main package

- added Suggests lksctp-tools, pcsc-lite-devel, cups for headless package

- see RHBZ1598152

* Tue Jul 10 2018 Severin Gehwolf - 1:1.8.0.172-13.b11

- Fix hook to show hs_err*.log files on failures.

* Mon Jul 2 2018 Severin Gehwolf - 1:1.8.0.172-12.b11

- Fix requires/provides filters for internal libs. See

RHBZ#1590796

* Mon Jun 25 2018 Severin Gehwolf - 1:1.8.0.172-12.b11

- Add hook to show hs_err*.log files on failures.

* Wed Jun 20 2018 Severin Gehwolf - 1:1.8.0.172-11.b11

- Expose release/slowdebug builds being produced via conditionals.

* Wed Jun 20 2018 Andrew Hughes - 1:1.8.0.172-11.b11

- Add additional fix (PR3601) to fix -Wreturn-type failures introduced by 8061651

- Backport 8064786 (PR3601) to fix -Wreturn-type failure on debug builds.

- Bring in PR3519 from IcedTea 3.7.0 to fix remaining -Wreturn-type failure on AArch64.

- Sync with IcedTea 3.8.0 patches to use -Wreturn-type.

- Add backports of 8141570, 8143245, 8197981 & 8062808.

- Drop pr3458-rh1540242-zero.patch which is covered by 8143245.

* Wed Jun 20 2018 Jiri Vanek - 11:1.8.0.172-10.b11

- jsa files changed to 444 to pass rpm verification

* Mon Jun 18 2018 Severin Gehwolf - 1:1.8.0.172-9.b11

- Filter private provides/requires: 'lib.so(SUNWprivate_.*'

* Thu Jun 14 2018 Severin Gehwolf - 1:1.8.0.172-8.b11

- Add provides/requires for libjvm.so back. See RHBZ#1591215.

* Wed Jun 13 2018 Severin Gehwolf - 1:1.8.0.172-7.b11

- Fix reg-ex for filtering private libraries' provides/requires.

* Wed Jun 13 2018 Andrew Hughes - 1:1.8.0.172-6.b11

- Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with these flags.

- Remove duplicate -fstack-protector-strong; it is provided by the RHEL cflags.

- Add missing changelog credits

* Mon Jun 11 2018 Jiri Vanek - 1:1.8.0.172-5.b11

- Merge changes from RHEL 7

* Mon Jun 11 2018 Andrew Hughes - 1:1.8.0.172-5.b11

- Read jssecacerts file prior to trying either cacerts file (system or local) (PR3575)

* Mon Jun 11 2018 Andrew Hughes - 1:1.8.0.172-5.b11

- Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546)

* Thu Jun 7 2018 Andrew Hughes - 1:1.8.0.172-5.b11

- Update Shenandoah tarball to include 2018-05-15 merge.

- Split PR3458/RH1540242 fix into AArch64 & Zero sections, so former can be skipped on Shenandoah builds.

- Drop PR3573 patch applied upstream.

- Restrict 8187577 fix to non-Shenandoah builds, as it's included in the new tarball.

* Thu Jun 7 2018 Andrew Hughes - 1:1.8.0.172-5.b11

- Sync with IcedTea 3.8.0.

- Label architecture-specific fixes with architecture concerned

- x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround)

- PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build

- 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode

- 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds

- 8185723, PR3553: Zero: segfaults on Power PC 32-bit

- 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe

- PR3559: Use ldrexd for atomic reads on ARMv7.

- 8187577, PR3578: JVM crash during gc doing concurrent marking

- 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong

- 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile

- PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code

- 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26

* Wed Jun 6 2018 Jiri Vanek - 1:1.8.0.172-1.b11

- updated to u172-b11

- removed patches:

- patch207 8200556-pr3566.patch

- patch104 pr3458-rh1540242.patch

- patch209 8035496-hotspot.patch

- patch700 pr3573-fix_TCK_crash_with_shenandoah_in_shenandoahsupport_cpp_in_case_of_dead_brnach_in_is_independent.patch

- fixed issue with atkwrapper wrongly palced broken symlink

- fixed libjvm path for system tap

- returned patch104 pr3458-rh1540242.patch

* Wed Jun 6 2018 Jiri Vanek - 1:1.8.0.172-2.b11

- quoted sed expressions, changed possibly confussing # by @

- added vendor(origin) into icons

- removed last trace of relative symlinks

- added BuildRequires of javapackages-tools to fix build failure after Requires change to javapackages-filesystem

- aligning with java-openjdk in fedora:

- slowdebug instead simply debug subpackage

- purged provides

- many macros renamed

- typos correction

- bumped jstack (may be wrong)

- fixed issue with atkwrapper wrongly palced broken symlink

* Wed Jun 6 2018 Jiri Vanek - 1:1.8.0.172-1.b11

- updated to u172-b11

- removed patches:

- patch207 8200556-pr3566.patch

- patch104 pr3458-rh1540242.patch

- patch209 8035496-hotspot.patch

- patch700 pr3573-fix_TCK_crash_with_shenandoah_in_shenandoahsupport_cpp_in_case_of_dead_brnach_in_is_independent.patch

* Thu May 17 2018 Severin Gehwolf - 1:1.8.0.171-6.b10

- Move to javapackages-filesystem over javapackages-tools

for directory ownership. Resolves RHBZ#1500288.

* Fri May 4 2018 Severin Gehwolf - 1:1.8.0.171-5.b10

- Remove duplicate patch rhbz_1538767_fix_linking2.patch. Just use

rhbz_1538767_fix_linking.patch.

* Wed Apr 25 2018 Severin Gehwolf - 1:1.8.0.171-4.b10

- Enable hardened build unconditionally (also for Zero).

Resolves RHBZ#1290936.

* Tue Apr 24 2018 Severin Gehwolf - 1:1.8.0.171-3.b10

- Enable hardened build for Aarch64.

* Tue Apr 24 2018 Severin Gehwolf - 1:1.8.0.171-2.b10

- Update rhbz1548475-LDFLAGSusage.patch to also set linker

flags for libsaproc.so and libjsig.so.

* Wed Apr 18 2018 Jiri Vanek - 1:1.8.0.171-1.b10

- Update to aarch64-jdk8u171-b10 and aarch64-shenandoah-jdk8u171-b10.

- Fix jconsole.desktop.in subcategory, replacing "Monitor" with "Profiling" (PR3550) (gnu_andrew)

- Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add misisng ones (gnu_andrew)

* Wed Apr 18 2018 Jiri Vanek - 1:1.8.0.162-7.b12

- added ownership of policy dir and subdirs

- removed ignored attributes for classes.jsa

* Tue Apr 10 2018 Severin Gehwolf - 1:1.8.0.162-6.b12

- Use correct patch for RHBZ#1538767 (JDK-8196516)

* Mon Apr 2 2018 Andrew Hughes - 1:1.8.0.162-5.b12

- Cleanup from previous commit.

- Remove unused upstream patch 8167200.hotspotAarch64.patch.

[ 1 ] Bug #1680640 - Crash in freetypescaler.c due to double free

https://bugzilla.redhat.com/show_bug.cgi?id=1680640

su -c 'dnf upgrade --advisory FEDORA-2019-c701e6605a' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/