Fedora 30: java-1.8.0-openjdk FEDORA-2019-d03db48dca

    Date25 Oct 2019
    CategoryFedora
    89
    Posted ByLinuxSecurity Advisories
    OpenJDK October CPU security update. See: https://openjdk.java.net/groups/vulnerability/advisories/2019-10-15 http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-October/010452.html
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-d03db48dca
    2019-10-25 16:59:13.269895
    --------------------------------------------------------------------------------
    
    Name        : java-1.8.0-openjdk
    Product     : Fedora 30
    Version     : 1.8.0.232.b09
    Release     : 0.fc30
    URL         : http://openjdk.java.net/
    Summary     : OpenJDK Runtime Environment 8
    Description :
    The OpenJDK runtime environment 8.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    OpenJDK October CPU security update. See:
    https://openjdk.java.net/groups/vulnerability/advisories/2019-10-15
    http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-October/010452.html
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Fri Oct 11 2019 Andrew Hughes  - 1:1.8.0.232.b09-0
    - Update to aarch64-shenandoah-jdk8u232-b09.
    - Switch to GA mode for final release.
    - Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream.
    * Fri Oct 11 2019 Andrew Hughes  - 1:1.8.0.232.b08-0.0.ea
    - Update to aarch64-shenandoah-jdk8u232-b08.
    * Fri Oct 11 2019 Andrew Hughes  - 1:1.8.0.232.b05-0.1.ea
    - Update to aarch64-shenandoah-jdk8u232-b05-shenandoah-merge-2019-09-09.
    * Thu Oct 10 2019 Andrew Hughes  - 1:1.8.0.232.b05-0.0.ea
    - Update to aarch64-shenandoah-jdk8u232-b05.
    - Drop upstreamed patch JDK-8141570/PR3548.
    - Adjust context of JDK-8143245/PR3548 to apply against upstream JDK-8141570.
    * Fri Sep 27 2019 Andrew Hughes  - 1:1.8.0.232.b01-0.0.ea
    - Update to aarch64-shenandoah-jdk8u232-b01.
    - Switch to EA mode.
    - Drop JDK-8210761/RH1632174 as now upstream.
    - Drop JDK-8223219 as now upstream.
    - JDK-8226870 removed clhsdb and hdsdb from the JRE bin directory, so we should do likewise.
    - Add alternatives support for these two new SDK binaries.
    * Thu Aug 15 2019 Andrew Hughes  - 1:1.8.0.222.b10-3
    - Switch to in-tree SunEC code, dropping NSS runtime dependencies and patches to link against it.
    * Thu Aug  8 2019 Andrew Hughes  - 1:1.8.0.222.b10-2
    - Drop unnecessary build requirement on gtk2-devel, as OpenJDK searches for Gtk+ at runtime.
    - Add missing build requirements for libXext-devel and libXrender-devel, previously masked by Gtk2+ dependency.
    - fontconfig build requirement should be fontconfig-devel, previously masked by Gtk2+ dependency
    * Wed Jul 31 2019 Andrew Hughes  - 1:1.8.0.222.b10-1
    - Obsolete javadoc-debug and javadoc-debug-zip packages via javadoc and javadoc-zip respectively.
    * Wed Jul 31 2019 Severin Gehwolf  - 1:1.8.0.222.b10-1
    - Don't produce javadoc/javadoc-zip sub packages for the debug variant build.
    - Don't perform a bootcycle build for the debug variant build.
    * Thu Jul 11 2019 Andrew Hughes  - 1:1.8.0.222.b10-0
    - Update to aarch64-shenandoah-jdk8u222-b10.
    - Adjust PR3083/RH134640 to apply after JDK-8182999
    - Switch to GA mode for final release.
    * Mon Jul  8 2019 Andrew Hughes  - 1:1.8.0.222.b07-0.0.ea
    - Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13.
    - Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream.
    * Mon Jul  8 2019 Andrew Hughes  - 1:1.8.0.222.b03-0.0.ea
    - Update to aarch64-shenandoah-jdk8u222-b03.
    - Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u.
    - Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes.
    * Mon Jul  8 2019 Andrew Hughes  - 1:1.8.0.222.b02-0.0.ea
    - Update to aarch64-shenandoah-jdk8u222-b02.
    - Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100).
    * Sun Jul  7 2019 Andrew Hughes  - 1:1.8.0.222.b01-0.2.ea
    - Make use of Recommends and Suggests dependent on Fedora or RHEL 8+ environment.
    * Sun Jul  7 2019 Andrew Hughes  - 1:1.8.0.222.b01-0.1.ea
    - Update to aarch64-shenandoah-jdk8u222-b01.
    - Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575.
    - Drop 8171000 & 8197546 as applied upstream.
    * Wed Jul  3 2019 Severin Gehwolf  - 1:1.8.0.212.b04-6
    - Include 'ea' designator in Release when appropriate.
    * Wed Jul  3 2019 Andrew Hughes  - 1:1.8.0.212.b04-6
    - Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately.
    - Drop unused use_shenandoah_hotspot variable.
    * Fri Jun 14 2019 Andrew John Hughes  - 1:1.8.0.212.b04-5
    - Update to aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30.
    - Update version logic to handle -shenandoah* tag suffix.
    - Drop PR3634 as applied upstream.
    - Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp
    - Update 8214206 to use log2_long rather than casting to intptr_t, which may be smaller than size_t.
    * Wed May 22 2019 Andrew John Hughes  - 1:1.8.0.212.b04-4
    - Remove additions to EXTRA_CFLAGS and EXTRA_CPP_FLAGS which are now made by upstream.
    - Remove -mstackrealign addition which is handled by PR3533 & PR3591 patches.
    * Wed May 22 2019 Andrew Hughes  - 1:1.8.0.212.b04-3
    - Add JDK-8223219 to avoid -fstack-protector overriding -fstack-protector-strong
    * Wed May 15 2019 James Cassell  - 1:1.8.0.212.b04-2
    - mark net.properties as a config file
    * Mon May 13 2019 Severin Gehwolf  - 1:1.8.0.212.b04-1
    - Update patch for RH1566890.
      - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to
        rh1566890-CVE_2018_3639-speculative_store_bypass.patch
      - Added dependent patch,
        rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
    * Thu Apr 11 2019 Andrew Hughes  - 1:1.8.0.212.b04-0
    - Update to aarch64-shenandoah-jdk8u212-b04.
    * Thu Apr 11 2019 Andrew Hughes  - 1:1.8.0.212.b03-0
    - Update to aarch64-shenandoah-jdk8u212-b03.
    * Tue Apr  9 2019 Andrew Hughes  - 1:1.8.0.212.b02-0
    - Update to aarch64-shenandoah-jdk8u212-b02.
    - Remove patches included upstream
      - JDK-8197429/PR3546/RH153662{2,3}
      - JDK-8184309/PR3596
      - JDK-8210647/RH1632174
      - JDK-8029661/PR3642/RH1477159
      - JDK-8145096/PR3693
    - Re-generate patches
      - JDK-8203030
    - Add casts to resolve s390 ambiguity in calls to log2_intptr
    - Move JDK-8219772 to correct section as not yet upstreamed
    - Add new clhsdb and hsdb binaries.
    - Resolves: rhbz#1680640
    * Sun Apr  7 2019 Andrew Hughes  - 1:1.8.0.202.b08-0
    - Update to aarch64-shenandoah-jdk8u202-b08.
    - Remove patches included upstream
      - JDK-8211387/PR3559
      - JDK-8207057/PR3613
      - JDK-8165852/PR3468
      - JDK-8073139/PR1758/RH1191652
      - JDK-8044235
      - JDK-8172850/RH1640127
      - JDK-8209639/RH1640127
      - JDK-8131048/PR3574/RH1498936
      - JDK-8164920/PR3574/RH1498936
    - Re-generate patches
      - JDK-8210647/RH1632174
    * Thu Apr  4 2019 Andrew Hughes  - 1:1.8.0.201.b13-0
    - Update to aarch64-shenandoah-jdk8u201-b13.
    - Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream.
    * Fri Mar 29 2019 Andrew John Hughes  - 1:1.8.0.201.b09-8
    - Sync SystemTap & desktop files with upstream IcedTea release using new script
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-d03db48dca' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.