Fedora 34 Critical Security Advisory: OpenJDK 8 Enhancements and Fixes

The OpenJDK 8 runtime environment.

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release

notes can be found at: * https://mail.openjdk.org/pipermail/jdk8u-dev/2021-April/013680.html *

https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ##

Security fixes - JDK-8227467: Better class method invocations * JDK-8244473:

Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

abstract classes * JDK-8249906, CVE-2021-2163: Enhance opening JARs *

JDK-8250568, CVE-2021-2161: Less ambiguous processing * JDK-8253799: Make

lists of normal filenames ## Other significant changes *

[JDK-8236730](https://bugs.openjdk.org/browse/JDK-8236730): Weak Named

Curves in TLS, CertPath, and Signed JAR Disabled by Default *

[JDK-8244286](https://bugs.openjdk.org/browse/JDK-8244286): Tools Warn If

Weak Algorithms Are Used *

[JDK-8256490](https://bugs.openjdk.org/browse/JDK-8256490): Disable TLS 1.0

and 1.1 * [JDK-8242147](https://bugs.openjdk.org/browse/JDK-8242147): New

System Properties to Configure the TLS Signature Schemes *

[JDK-8177368](https://bugs.openjdk.org/browse/JDK-8177368): Several

incorporation steps are silently failing when an error should be reported * ATK

accessibility bridge bindings removed Full release notes can also be found in

the `NEWS` file in the installed RPM.

* Tue Apr 13 2021 Andrew Hughes - 1:1.8.0.292.b10-0

- Update to aarch64-shenandoah-jdk8u292-b10 (GA)

- Update release notes for 8u292-b10.

* Tue Mar 30 2021 Andrew Hughes - 1:1.8.0.292.b09-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b09 (EA)

- Update release notes for 8u292-b09.

* Sat Mar 27 2021 Andrew Hughes - 1:1.8.0.292.b08-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b08 (EA)

- Update release notes for 8u292-b08.

- Require tzdata 2021a due to JDK-8260356

* Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b07-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b07 (EA)

- Update release notes for 8u292-b07.

* Wed Mar 24 2021 Jiri Vanek - 1:1.8.0.292.b06-0.1.ea

- removal of atk accessibility bridge bindings:

- removed libatk-wrapper[.]so.* from global _privatelibs

- removed files_accessibility and java_accessibility_rpo macros

- removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and patch3 rh1648644-java_access_bridge_privileged_security.patch

- removal of accessibility{,-slowdebug,-fastdebug} subpackages

- no longer creating symlinks of %{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so and %{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar

- no longer creating %{_jvmdir}/java-1.8.0-openjdk-1.8.0.292.b10-0.fc34.arm$suffix/jre/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"

- removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections

* Mon Mar 22 2021 Andrew Hughes - 1:1.8.0.292.b06-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b06 (EA)

- Update release notes for 8u292-b06.

- Require tzdata 2020f due to JDK-8259048

* Thu Mar 18 2021 Andrew Hughes - 1:1.8.0.292.b05-0.2.ea

- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA)

- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11.

- Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u.

- Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate.

* Thu Mar 18 2021 Andrew Hughes - 1:1.8.0.292.b05-0.1.ea

- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.

- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.

* Mon Mar 8 2021 Andrew Hughes - 1:1.8.0.292.b05-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b05 (EA)

- Update release notes for 8u292-b05.

* Fri Mar 5 2021 Andrew Hughes - 1:1.8.0.292.b04-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b04 (EA)

- Update release notes for 8u292-b04.

* Thu Mar 4 2021 Andrew Hughes - 1:1.8.0.292.b03-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b03 (EA)

- Update release notes for 8u292-b03.

* Tue Mar 2 2021 Andrew Hughes - 1:1.8.0.292.b02-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b02 (EA)

- Update release notes for 8u292-b02.

* Fri Feb 19 2021 Andrew Hughes - 1:1.8.0.292.b01-0.0.ea

- Update to aarch64-shenandoah-jdk8u292-b01 (EA)

- Update release notes for 8u292-b01.

- Switch to EA mode.

- Update tarball generation script to use PR3822 which handles

JDK-8233228 & JDK-8035166 changes

* Thu Feb 18 2021 Stephan Bergmann - 1:1.8.0.282.b08-5

- Hardcode /usr/sbin/alternatives for Flatpak builds

su -c 'dnf upgrade --advisory FEDORA-2021-25b47f16af' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure