Discover Government News

--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-d26586b419
2022-08-03 01:48:48.037712
--------------------------------------------------------------------------------Name        : java-11-openjdk
Product     : Fedora 35
Version     : 11.0.16.0.8
Release     : 1.fc35
URL         : https://openjdk.org/
Summary     : OpenJDK 11 Runtime Environment
Description :
The OpenJDK 11 runtime environment.

--------------------------------------------------------------------------------Update Information:

# New in release OpenJDK 11.0.16 (2022-07-19)   * The release announcement can
be found at https://bit.ly/openjdk11016 *  Full release details can be found at
https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt  ##
Security fixes    - JDK-8277608: Address IP Addressing   - JDK-8272243: Improve
DER parsing   - JDK-8272249: Better properties of loaded Properties   -JDK-8281859, CVE-2022-21540: Improve class compilation   - JDK-8281866,
CVE-2022-21541: Enhance MethodHandle invocations   - JDK-8283190: Improve MIDI
processing   - JDK-8284370: Improve zlib usage   - JDK-8285407, CVE-2022-34169:
Improve Xalan supports  ## FIPS Changes  *
[RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey
generate/import operations don't add the CKA_SIGN attribute in FIPS mode *
[RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462):
sun.security.pkcs11.wrapper.PKCS11.getInstance breakage *
[RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to
disabling system security properties and FIPS mode support together * Depend on
`crypto-policies` package at build-time and run-time  ## Other Changes  * Add
javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD
(Frank Dana) )  ## JDK-8285240: HTTPS Channel Binding support
for Java GSS/Kerberos  Support has been added for TLS channel binding tokens for
Negotiate/Kerberos authentication over HTTPS through
`javax.net.HttpsURLConnection`.  Channel binding tokens are increasingly
required as an enhanced form of security which can mitigate certain kinds of
socially engineered, man in the middle (MITM) attacks. They work by
communicating from a client to a server the client's understanding of the
binding between connection security (as represented by a TLS server cert) and
higher level authentication credentials (such as a username and password). The
server can then detect if the client has been fooled by a MITM and shutdown the
session/connection.  The feature is controlled through a new system property
`jdk.https.negotiate.cbt` which is described fully at the following page:
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt  ## JDK-8278386: Default JDK
compressor will be closed when IOException is encountered
`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods have been
modified to close out the associated default JDK compressor before propagating a
`Throwable` up the stack. `ZIPOutputStream.closeEntry()` method has been
modified to close out the associated default JDK compressor before propagating
an `IOException`, not of type `ZipException`, up the stack.  ## JDK-8277157:
Vector should throw ClassNotFoundException for a missing class of an element
`java.util.Vector` is updated to correctly report `ClassNotFoundException that
occurs during deserialization using
`java.io.ObjectInputStream.GetField.get(name, object)` when the class of an
element of the Vector is not found. Without this fix, a
`StreamCorruptedException` is thrown that does not provide information about the
missing class.
--------------------------------------------------------------------------------ChangeLog:

* Fri Jul 22 2022 Andrew Hughes  - 1:11.0.16.0.8-1
- Update to jdk-11.0.16+8
- Update release notes to 11.0.16+8
- Switch to GA mode for release
- Exclude x86 where java_arches is undefined, in order to unbreak build
* Fri Jul 22 2022 Jiri Vanek  - 1:11.0.16.0.7-0.4.ea
- moved to build only on %{java_arches}
-- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch:  %{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was  backported proeprly (with i686 included)
- https://bugzilla.redhat.com/show_bug.cgi?id=2104126
* Thu Jul 21 2022 Fedora Release Engineering  - 1:11.0.16.0.7-0.3.ea.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jul 18 2022 Andrew Hughes  - 1:11.0.16.0.7-0.3.ea
- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
* Sun Jul 17 2022 Andrew Hughes  - 1:11.0.16.0.7-0.2.ea
- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
* Thu Jul 14 2022 Andrew Hughes  - 1:11.0.16.0.7-0.1.ea
- Update to jdk-11.0.16+7
- Update release notes to 11.0.16+7
- Switch to EA mode for 11.0.16 pre-release builds.
- Use same tarball naming style as java-17-openjdk and java-latest-openjdk
- Drop JDK-8282004 patch which is now upstreamed under JDK-8282231
- Drop JDK-8257794 patch now upstreamed
- Print release file during build, which should now include a correct SOURCE value from .src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Use "git apply" with patches in the tarball script to allow binary diffs
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
* Thu Jul 14 2022 Jiri Vanek  - 1:11.0.16.0.7-0.1.ea
- Add additional patch during tarball generation to align tests with ECC changes
* Thu Jul 14 2022 Andrew Hughes  - 1:11.0.15.0.10-7
- Explicitly require crypto-policies during build and runtime for system security properties
* Thu Jul 14 2022 Jiri Vanek  - 1:11.0.15.0.10-6
- Replaced binaries and .so files with bash-stubs on i686 in preparation of the removal on that architecture:
- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
* Thu Jul 14 2022 FeRD (Frank Dana)  - 1:11.0.15.0.10-5
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
* Thu Jul 14 2022 Andrew Hughes  - 1:11.0.15.0.10-4
- Make use of the vendor version string to store our version & release rather than an upstream release date
* Thu Jul  7 2022 Andrew Hughes  - 1:11.0.15.0.10-3
- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
* Thu Jun 30 2022 Francisco Ferrari Bihurriet  - 1:11.0.15.0.10-2
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-d26586b419' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 35: java-11-openjdk 2022-d26586b419

August 2, 2022
# New in release OpenJDK 11.0.16 (2022-07-19) * The release announcement can be found at https://bit.ly/openjdk11016 * Full release details can be found at https://builds.shipilev...

Summary

The OpenJDK 11 runtime environment.

# New in release OpenJDK 11.0.16 (2022-07-19) * The release announcement can

be found at https://bit.ly/openjdk11016 * Full release details can be found at

https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt ##

Security fixes - JDK-8277608: Address IP Addressing - JDK-8272243: Improve

DER parsing - JDK-8272249: Better properties of loaded Properties -JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866,

CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI

processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169:

Improve Xalan supports ## FIPS Changes *

[RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey

generate/import operations don't add the CKA_SIGN attribute in FIPS mode *

[RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462):

sun.security.pkcs11.wrapper.PKCS11.getInstance breakage *

[RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to

disabling system security properties and FIPS mode support together * Depend on

`crypto-policies` package at build-time and run-time ## Other Changes * Add

javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD

(Frank Dana) ) ## JDK-8285240: HTTPS Channel Binding support

for Java GSS/Kerberos Support has been added for TLS channel binding tokens for

Negotiate/Kerberos authentication over HTTPS through

`javax.net.HttpsURLConnection`. Channel binding tokens are increasingly

required as an enhanced form of security which can mitigate certain kinds of

socially engineered, man in the middle (MITM) attacks. They work by

communicating from a client to a server the client's understanding of the

binding between connection security (as represented by a TLS server cert) and

higher level authentication credentials (such as a username and password). The

server can then detect if the client has been fooled by a MITM and shutdown the

session/connection. The feature is controlled through a new system property

`jdk.https.negotiate.cbt` which is described fully at the following page:

https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt ## JDK-8278386: Default JDK

compressor will be closed when IOException is encountered

`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods have been

modified to close out the associated default JDK compressor before propagating a

`Throwable` up the stack. `ZIPOutputStream.closeEntry()` method has been

modified to close out the associated default JDK compressor before propagating

an `IOException`, not of type `ZipException`, up the stack. ## JDK-8277157:

Vector should throw ClassNotFoundException for a missing class of an element

`java.util.Vector` is updated to correctly report `ClassNotFoundException that

occurs during deserialization using

`java.io.ObjectInputStream.GetField.get(name, object)` when the class of an

element of the Vector is not found. Without this fix, a

`StreamCorruptedException` is thrown that does not provide information about the

missing class.

* Fri Jul 22 2022 Andrew Hughes - 1:11.0.16.0.8-1

- Update to jdk-11.0.16+8

- Update release notes to 11.0.16+8

- Switch to GA mode for release

- Exclude x86 where java_arches is undefined, in order to unbreak build

* Fri Jul 22 2022 Jiri Vanek - 1:11.0.16.0.7-0.4.ea

- moved to build only on %{java_arches}

-- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs

- reverted :

-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release)

-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself

-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable

-- Replaced binaries and .so files with bash-stubs on i686

- added ExclusiveArch: %{java_arches}

-- this now excludes i686

-- this is safely backport-able to older fedoras, as the macro was backported proeprly (with i686 included)

- https://bugzilla.redhat.com/show_bug.cgi?id=2104126

* Thu Jul 21 2022 Fedora Release Engineering - 1:11.0.16.0.7-0.3.ea.1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Mon Jul 18 2022 Andrew Hughes - 1:11.0.16.0.7-0.3.ea

- Try to build on x86 again by creating a husk of a JDK which does not depend on itself

* Sun Jul 17 2022 Andrew Hughes - 1:11.0.16.0.7-0.2.ea

- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable

* Thu Jul 14 2022 Andrew Hughes - 1:11.0.16.0.7-0.1.ea

- Update to jdk-11.0.16+7

- Update release notes to 11.0.16+7

- Switch to EA mode for 11.0.16 pre-release builds.

- Use same tarball naming style as java-17-openjdk and java-latest-openjdk

- Drop JDK-8282004 patch which is now upstreamed under JDK-8282231

- Drop JDK-8257794 patch now upstreamed

- Print release file during build, which should now include a correct SOURCE value from .src-rev

- Update tarball script with IcedTea GitHub URL and .src-rev generation

- Use "git apply" with patches in the tarball script to allow binary diffs

- Include script to generate bug list for release notes

- Update tzdata requirement to 2022a to match JDK-8283350

* Thu Jul 14 2022 Jiri Vanek - 1:11.0.16.0.7-0.1.ea

- Add additional patch during tarball generation to align tests with ECC changes

* Thu Jul 14 2022 Andrew Hughes - 1:11.0.15.0.10-7

- Explicitly require crypto-policies during build and runtime for system security properties

* Thu Jul 14 2022 Jiri Vanek - 1:11.0.15.0.10-6

- Replaced binaries and .so files with bash-stubs on i686 in preparation of the removal on that architecture:

- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs

* Thu Jul 14 2022 FeRD (Frank Dana) - 1:11.0.15.0.10-5

- Add javaver- and origin-specific javadoc and javadoczip alternatives.

* Thu Jul 14 2022 Andrew Hughes - 1:11.0.15.0.10-4

- Make use of the vendor version string to store our version & release rather than an upstream release date

* Thu Jul 7 2022 Andrew Hughes - 1:11.0.15.0.10-3

- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository

- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage

- * RH2090378: Revert to disabling system security properties and FIPS mode support together

- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch

- Enable system security properties in the RPM (now disabled by default in the FIPS repo)

- Improve security properties test to check both enabled and disabled behaviour

- Run security properties test with property debugging on

* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:11.0.15.0.10-2

- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode

su -c 'dnf upgrade --advisory FEDORA-2022-d26586b419' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: https://pagure.io/login/

FEDORA-2022-d26586b419 2022-08-03 01:48:48.037712 Product : Fedora 35 Version : 11.0.16.0.8 Release : 1.fc35 URL : https://openjdk.org/ Summary : OpenJDK 11 Runtime Environment Description : The OpenJDK 11 runtime environment. # New in release OpenJDK 11.0.16 (2022-07-19) * The release announcement can be found at https://bit.ly/openjdk11016 * Full release details can be found at https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt ## Security fixes - JDK-8277608: Address IP Addressing - JDK-8272243: Improve DER parsing - JDK-8272249: Better properties of loaded Properties -JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169: Improve Xalan supports ## FIPS Changes * [RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode * [RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462): sun.security.pkcs11.wrapper.PKCS11.getInstance breakage * [RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to disabling system security properties and FIPS mode support together * Depend on `crypto-policies` package at build-time and run-time ## Other Changes * Add javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD (Frank Dana) ) ## JDK-8285240: HTTPS Channel Binding support for Java GSS/Kerberos Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through `javax.net.HttpsURLConnection`. Channel binding tokens are increasingly required as an enhanced form of security which can mitigate certain kinds of socially engineered, man in the middle (MITM) attacks. They work by communicating from a client to a server the client's understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection. The feature is controlled through a new system property `jdk.https.negotiate.cbt` which is described fully at the following page: https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt ## JDK-8278386: Default JDK compressor will be closed when IOException is encountered `DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods have been modified to close out the associated default JDK compressor before propagating a `Throwable` up the stack. `ZIPOutputStream.closeEntry()` method has been modified to close out the associated default JDK compressor before propagating an `IOException`, not of type `ZipException`, up the stack. ## JDK-8277157: Vector should throw ClassNotFoundException for a missing class of an element `java.util.Vector` is updated to correctly report `ClassNotFoundException that occurs during deserialization using `java.io.ObjectInputStream.GetField.get(name, object)` when the class of an element of the Vector is not found. Without this fix, a `StreamCorruptedException` is thrown that does not provide information about the missing class. * Fri Jul 22 2022 Andrew Hughes - 1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Switch to GA mode for release - Exclude x86 where java_arches is undefined, in order to unbreak build * Fri Jul 22 2022 Jiri Vanek - 1:11.0.16.0.7-0.4.ea - moved to build only on %{java_arches} -- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs - reverted : -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release) -- Try to build on x86 again by creating a husk of a JDK which does not depend on itself -- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable -- Replaced binaries and .so files with bash-stubs on i686 - added ExclusiveArch: %{java_arches} -- this now excludes i686 -- this is safely backport-able to older fedoras, as the macro was backported proeprly (with i686 included) - https://bugzilla.redhat.com/show_bug.cgi?id=2104126 * Thu Jul 21 2022 Fedora Release Engineering - 1:11.0.16.0.7-0.3.ea.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jul 18 2022 Andrew Hughes - 1:11.0.16.0.7-0.3.ea - Try to build on x86 again by creating a husk of a JDK which does not depend on itself * Sun Jul 17 2022 Andrew Hughes - 1:11.0.16.0.7-0.2.ea - Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable * Thu Jul 14 2022 Andrew Hughes - 1:11.0.16.0.7-0.1.ea - Update to jdk-11.0.16+7 - Update release notes to 11.0.16+7 - Switch to EA mode for 11.0.16 pre-release builds. - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8282004 patch which is now upstreamed under JDK-8282231 - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use "git apply" with patches in the tarball script to allow binary diffs - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 * Thu Jul 14 2022 Jiri Vanek - 1:11.0.16.0.7-0.1.ea - Add additional patch during tarball generation to align tests with ECC changes * Thu Jul 14 2022 Andrew Hughes - 1:11.0.15.0.10-7 - Explicitly require crypto-policies during build and runtime for system security properties * Thu Jul 14 2022 Jiri Vanek - 1:11.0.15.0.10-6 - Replaced binaries and .so files with bash-stubs on i686 in preparation of the removal on that architecture: - https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs * Thu Jul 14 2022 FeRD (Frank Dana) - 1:11.0.15.0.10-5 - Add javaver- and origin-specific javadoc and javadoczip alternatives. * Thu Jul 14 2022 Andrew Hughes - 1:11.0.15.0.10-4 - Make use of the vendor version string to store our version & release rather than an upstream release date * Thu Jul 7 2022 Andrew Hughes - 1:11.0.15.0.10-3 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on * Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:11.0.15.0.10-2 - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode su -c 'dnf upgrade --advisory FEDORA-2022-d26586b419' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/

Change Log

References

Update Instructions

Severity
Product : Fedora 35
Version : 11.0.16.0.8
Release : 1.fc35
URL : https://openjdk.org/
Summary : OpenJDK 11 Runtime Environment

Related News