--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-80afe2304a
2022-08-03 01:48:48.037742
--------------------------------------------------------------------------------Name        : java-1.8.0-openjdk
Product     : Fedora 35
Version     : 1.8.0.342.b07
Release     : 1.fc35
URL         : https://openjdk.org/
Summary     : OpenJDK 8 Runtime Environment
Description :
The OpenJDK 8 runtime environment.

--------------------------------------------------------------------------------Update Information:

# New in release OpenJDK 8u342 (2022-07-19)  * The release announcement can be
found at:  * Full release details can be found at
https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt  ##
Security Fixes    - JDK-8272243: Improve DER parsing   - JDK-8272249: Better
properties of loaded Properties   - JDK-8277608: Address IP Addressing   -JDK-8281859, CVE-2022-21540: Improve class compilation   - JDK-8281866,
CVE-2022-21541: Enhance MethodHandle invocations   - JDK-8283190: Improve MIDI
processing   - JDK-8284370: Improve zlib usage   - JDK-8285407, CVE-2022-34169:
Improve Xalan supports  ## FIPS Changes  *
[RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey
generate/import operations don't add the CKA_SIGN attribute in FIPS mode *
[RH2051605](https://bugzilla.redhat.com/show_bug.cgi?id=2051605): Detect NSS at
Runtime for FIPS detection *
[RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462):
sun.security.pkcs11.wrapper.PKCS11.getInstance breakage *
[RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to
disabling system security properties and FIPS mode support together * Depend on
`crypto-policies` package at build-time and run-time  ## Other Changes  * Add
javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD
(Frank Dana) )  ## JDK-8215293: Customizing PKCS12 keystore
Generation  New system and security properties have been added to enable users
to customize the generation of PKCS #12 keystores. This includes algorithms and
parameters for key protection, certificate protection, and MacData. The detailed
explanation and possible values for these properties can be found in the "PKCS12
KeyStore properties" section of the `java.security` file.  Also, support for the
following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider:
* HmacPBESHA224 * HmacPBESHA256 * HmacPBESHA384 * HmacPBESHA512 *
HmacPBESHA512/224 * HmacPBESHA512/256
--------------------------------------------------------------------------------ChangeLog:

* Sun Jul 24 2022 Andrew Hughes  - 1:1.8.0.342.b07-1
- Update to shenandoah-jdk8u342-b07 (GA)
- Update release notes for 8u342-b07.
- Switch to GA mode for final release.
- Exclude x86 where java_arches is undefined, in order to unbreak build
* Fri Jul 22 2022 Jiri Vanek  - 1:1.8.0.342.b06-0.4.ea
- moved to build only on %{java_arches}
-- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Reinstate demo package on x86
-- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch:  %{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was  backported proeprly (with i686 included)
- https://bugzilla.redhat.com/show_bug.cgi?id=2104129
* Thu Jul 21 2022 Fedora Release Engineering  - 1:1.8.0.342.b06-0.3.ea.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Andrew Hughes  - 1:1.8.0.342.b06-0.3.ea
- Reinstate demo package on x86
* Mon Jul 18 2022 Andrew Hughes  - 1:1.8.0.342.b06-0.2.ea
- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ
* Mon Jul 18 2022 Andrew Hughes  - 1:1.8.0.342.b06-0.2.ea
- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
* Sun Jul 17 2022 Andrew Hughes  - 1:1.8.0.342.b06-0.1.ea
- Update to shenandoah-jdk8u342-b06 (EA)
- Update release notes for shenandoah-8u342-b06.
- Switch to EA mode for 8u342 pre-release builds.
- Print release file during build, which should now include a correct SOURCE value from .src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Use "git apply" with patches in the tarball script to allow binary diffs
- Remove redundant "REPOS" variable from tarball script
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
* Sun Jul 17 2022 Andrew Hughes  - 1:1.8.0.332.b09-2
- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository
- * RH2051605: Detect NSS at Runtime for FIPS detection
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
* Thu Jul 14 2022 Andrew Hughes  - 1:1.8.0.332.b09-2
- Explicitly require crypto-policies during build and runtime for system security properties
* Thu Jul 14 2022 FeRD (Frank Dana)  - 1:1.8.0.332.b09-2
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
* Fri Jul  1 2022 Stephan Bergmann  - 1:1.8.0.332.b09-2
- Disable copy-jdk-configs for Flatpak builds
- Fix flatpak builds by exempting them from bootstrap
* Thu Jun 30 2022 Francisco Ferrari Bihurriet  - 1:1.8.0.332.b09-2
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2036462 - rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance()
        https://bugzilla.redhat.com/show_bug.cgi?id=2036462
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-80afe2304a' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 35: java-1.8.0-openjdk 2022-80afe2304a

August 2, 2022
# New in release OpenJDK 8u342 (2022-07-19) * The release announcement can be found at: * Full release details can be found at https://builds.shipilev.net/backports-monitor/releas...

Summary

The OpenJDK 8 runtime environment.

# New in release OpenJDK 8u342 (2022-07-19) * The release announcement can be

found at: * Full release details can be found at

https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt ##

Security Fixes - JDK-8272243: Improve DER parsing - JDK-8272249: Better

properties of loaded Properties - JDK-8277608: Address IP Addressing -JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866,

CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI

processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169:

Improve Xalan supports ## FIPS Changes *

[RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey

generate/import operations don't add the CKA_SIGN attribute in FIPS mode *

[RH2051605](https://bugzilla.redhat.com/show_bug.cgi?id=2051605): Detect NSS at

Runtime for FIPS detection *

[RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462):

sun.security.pkcs11.wrapper.PKCS11.getInstance breakage *

[RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to

disabling system security properties and FIPS mode support together * Depend on

`crypto-policies` package at build-time and run-time ## Other Changes * Add

javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD

(Frank Dana) ) ## JDK-8215293: Customizing PKCS12 keystore

Generation New system and security properties have been added to enable users

to customize the generation of PKCS #12 keystores. This includes algorithms and

parameters for key protection, certificate protection, and MacData. The detailed

explanation and possible values for these properties can be found in the "PKCS12

KeyStore properties" section of the `java.security` file. Also, support for the

following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider:

* HmacPBESHA224 * HmacPBESHA256 * HmacPBESHA384 * HmacPBESHA512 *

HmacPBESHA512/224 * HmacPBESHA512/256

* Sun Jul 24 2022 Andrew Hughes - 1:1.8.0.342.b07-1

- Update to shenandoah-jdk8u342-b07 (GA)

- Update release notes for 8u342-b07.

- Switch to GA mode for final release.

- Exclude x86 where java_arches is undefined, in order to unbreak build

* Fri Jul 22 2022 Jiri Vanek - 1:1.8.0.342.b06-0.4.ea

- moved to build only on %{java_arches}

-- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs

- reverted :

-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release)

-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself

-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable

-- Reinstate demo package on x86

-- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ

-- Replaced binaries and .so files with bash-stubs on i686

- added ExclusiveArch: %{java_arches}

-- this now excludes i686

-- this is safely backport-able to older fedoras, as the macro was backported proeprly (with i686 included)

- https://bugzilla.redhat.com/show_bug.cgi?id=2104129

* Thu Jul 21 2022 Fedora Release Engineering - 1:1.8.0.342.b06-0.3.ea.1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Tue Jul 19 2022 Andrew Hughes - 1:1.8.0.342.b06-0.3.ea

- Reinstate demo package on x86

* Mon Jul 18 2022 Andrew Hughes - 1:1.8.0.342.b06-0.2.ea

- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ

* Mon Jul 18 2022 Andrew Hughes - 1:1.8.0.342.b06-0.2.ea

- Try to build on x86 again by creating a husk of a JDK which does not depend on itself

* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b06-0.1.ea

- Update to shenandoah-jdk8u342-b06 (EA)

- Update release notes for shenandoah-8u342-b06.

- Switch to EA mode for 8u342 pre-release builds.

- Print release file during build, which should now include a correct SOURCE value from .src-rev

- Update tarball script with IcedTea GitHub URL and .src-rev generation

- Use "git apply" with patches in the tarball script to allow binary diffs

- Remove redundant "REPOS" variable from tarball script

- Include script to generate bug list for release notes

- Update tzdata requirement to 2022a to match JDK-8283350

* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.332.b09-2

- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository

- * RH2051605: Detect NSS at Runtime for FIPS detection

- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage

- * RH2090378: Revert to disabling system security properties and FIPS mode support together

- Turn off build-time NSS linking and go back to an explicit Requires on NSS

- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch

- Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk

- Enable system security properties in the RPM (now disabled by default in the FIPS repo)

- Improve security properties test to check both enabled and disabled behaviour

- Run security properties test with property debugging on

- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable

* Thu Jul 14 2022 Andrew Hughes - 1:1.8.0.332.b09-2

- Explicitly require crypto-policies during build and runtime for system security properties

* Thu Jul 14 2022 FeRD (Frank Dana) - 1:1.8.0.332.b09-2

- Add javaver- and origin-specific javadoc and javadoczip alternatives.

* Fri Jul 1 2022 Stephan Bergmann - 1:1.8.0.332.b09-2

- Disable copy-jdk-configs for Flatpak builds

- Fix flatpak builds by exempting them from bootstrap

* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:1.8.0.332.b09-2

- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode

[ 1 ] Bug #2036462 - rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance()

https://bugzilla.redhat.com/show_bug.cgi?id=2036462

su -c 'dnf upgrade --advisory FEDORA-2022-80afe2304a' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: https://pagure.io/login/

FEDORA-2022-80afe2304a 2022-08-03 01:48:48.037742 Product : Fedora 35 Version : 1.8.0.342.b07 Release : 1.fc35 URL : https://openjdk.org/ Summary : OpenJDK 8 Runtime Environment Description : The OpenJDK 8 runtime environment. # New in release OpenJDK 8u342 (2022-07-19) * The release announcement can be found at: * Full release details can be found at https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt ## Security Fixes - JDK-8272243: Improve DER parsing - JDK-8272249: Better properties of loaded Properties - JDK-8277608: Address IP Addressing -JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169: Improve Xalan supports ## FIPS Changes * [RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode * [RH2051605](https://bugzilla.redhat.com/show_bug.cgi?id=2051605): Detect NSS at Runtime for FIPS detection * [RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462): sun.security.pkcs11.wrapper.PKCS11.getInstance breakage * [RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to disabling system security properties and FIPS mode support together * Depend on `crypto-policies` package at build-time and run-time ## Other Changes * Add javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD (Frank Dana) ) ## JDK-8215293: Customizing PKCS12 keystore Generation New system and security properties have been added to enable users to customize the generation of PKCS #12 keystores. This includes algorithms and parameters for key protection, certificate protection, and MacData. The detailed explanation and possible values for these properties can be found in the "PKCS12 KeyStore properties" section of the `java.security` file. Also, support for the following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider: * HmacPBESHA224 * HmacPBESHA256 * HmacPBESHA384 * HmacPBESHA512 * HmacPBESHA512/224 * HmacPBESHA512/256 * Sun Jul 24 2022 Andrew Hughes - 1:1.8.0.342.b07-1 - Update to shenandoah-jdk8u342-b07 (GA) - Update release notes for 8u342-b07. - Switch to GA mode for final release. - Exclude x86 where java_arches is undefined, in order to unbreak build * Fri Jul 22 2022 Jiri Vanek - 1:1.8.0.342.b06-0.4.ea - moved to build only on %{java_arches} -- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs - reverted : -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release) -- Try to build on x86 again by creating a husk of a JDK which does not depend on itself -- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable -- Reinstate demo package on x86 -- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ -- Replaced binaries and .so files with bash-stubs on i686 - added ExclusiveArch: %{java_arches} -- this now excludes i686 -- this is safely backport-able to older fedoras, as the macro was backported proeprly (with i686 included) - https://bugzilla.redhat.com/show_bug.cgi?id=2104129 * Thu Jul 21 2022 Fedora Release Engineering - 1:1.8.0.342.b06-0.3.ea.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Andrew Hughes - 1:1.8.0.342.b06-0.3.ea - Reinstate demo package on x86 * Mon Jul 18 2022 Andrew Hughes - 1:1.8.0.342.b06-0.2.ea - Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ * Mon Jul 18 2022 Andrew Hughes - 1:1.8.0.342.b06-0.2.ea - Try to build on x86 again by creating a husk of a JDK which does not depend on itself * Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b06-0.1.ea - Update to shenandoah-jdk8u342-b06 (EA) - Update release notes for shenandoah-8u342-b06. - Switch to EA mode for 8u342 pre-release builds. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use "git apply" with patches in the tarball script to allow binary diffs - Remove redundant "REPOS" variable from tarball script - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 * Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.332.b09-2 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2051605: Detect NSS at Runtime for FIPS detection - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Turn off build-time NSS linking and go back to an explicit Requires on NSS - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable * Thu Jul 14 2022 Andrew Hughes - 1:1.8.0.332.b09-2 - Explicitly require crypto-policies during build and runtime for system security properties * Thu Jul 14 2022 FeRD (Frank Dana) - 1:1.8.0.332.b09-2 - Add javaver- and origin-specific javadoc and javadoczip alternatives. * Fri Jul 1 2022 Stephan Bergmann - 1:1.8.0.332.b09-2 - Disable copy-jdk-configs for Flatpak builds - Fix flatpak builds by exempting them from bootstrap * Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:1.8.0.332.b09-2 - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode [ 1 ] Bug #2036462 - rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() https://bugzilla.redhat.com/show_bug.cgi?id=2036462 su -c 'dnf upgrade --advisory FEDORA-2022-80afe2304a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/

Change Log

References

Update Instructions

Severity
Product : Fedora 35
Version : 1.8.0.342.b07
Release : 1.fc35
URL : https://openjdk.org/
Summary : OpenJDK 8 Runtime Environment

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved