Fedora Update Notification
2021-10-28 19:30:40.168257

Name        : java-1.8.0-openjdk
Product     : Fedora 34
Version     :
Release     : 1.fc34
URL         : https://openjdk.java.net/
Summary     : OpenJDK 8 Runtime Environment
Description :
The OpenJDK 8 runtime environment.

Update Information:

# New in release OpenJDK 8u312 (2021-10-19):  Live versions of these release
notes can be found at:  * https://bitly.com/openjdk8u312 *
https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt  ##
Security fixes * JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong
Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 *
JDK-8161016: Strange behavior of URLConnection with proxy *  JDK-8163326,
CVE-2021-35550: Update the default enabled cipher suites preference *
JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
* JDK-8263314: Enhance XML Dsig modes * JDK-8265167, CVE-2021-35556: Richer Text
Editors * JDK-8265574: Improve handling of sheets  * JDK-8265580,
CVE-2021-35559: Enhanced style for RTF kit  * JDK-8265776: Improve Stream
handling for SSL  * JDK-8266097, CVE-2021-35561: Better hashing support  *
JDK-8266103: Better specified spec values  * JDK-8266109: More Resilient
Classloading   - JDK-8266115: More Manifest Jar Loading   - JDK-8266137,
CVE-2021-35564: Improve Keystore integrity   - JDK-8266689, CVE-2021-35567: More
Constrained Delegation   - JDK-8267086: ArrayIndexOutOfBoundsException in
java.security.KeyFactory.generatePublic   - JDK-8267712: Better LDAP reference
processing   - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking   -
JDK-8267735, CVE-2021-35586: Better BMP support   - JDK-8268193: Improve
requests of certificates   - JDK-8268199: Correct certificate requests   -
JDK-8268506: More Manifest Digests   - JDK-8269618, CVE-2021-35603: Better
session identification   - JDK-8269624: Enhance method selection support   -
JDK-8270398: Enhance canonicalization   - JDK-8270404: Better canonicalization
## Major Changes   -
[JDK-8164200](https://bugs.openjdk.java.net/browse/JDK-8164200): Modified
HttpURLConnection behavior when no suitable proxy is found   -
[JDK-8219551](https://bugs.openjdk.java.net/browse/JDK-8219551): Updated the
Default Enabled Cipher Suites Preference  ## FIPS Mode Changes - FIPS mode
detection now takes place via a call to the NSS library - The `SunPKCS11`
provider in FIPS mode will now eagerly login to the NSS software token on
initialisation - `keytool` in FIPS mode now supports importing plain private
keys by the provider adding them to the NSS database. This can be disabled using

* Fri Oct 15 2021 Andrew Hughes  - 1:
- Update to aarch64-shenandoah-jdk8u312-b07 (GA)
- Update release notes for 8u312-b07.
- Remove "-clean" suffix as no 8u312 builds are unclean.
- Port FIPS system detection support to OpenJDK 8u
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
- Reduce disk footprint by removing build artifacts by default.
* Thu Oct  7 2021 Martin Balao  - 1:
- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
- Add patch to login to the NSS software token when in FIPS mode.
- Add patch to allow plain key import.

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-7701833090' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure