Fedora 35: 2022-ec7de69ceb Critical: OpenJDK 19 Security Fixes

The OpenJDK 19 runtime environment.

# New in release OpenJDK 19.0.1 (2022-10-18) * [Full release

notes](https://builds.shipilev.net/backports-monitor/release-notes-19.0.1.html)

* This update depends on [FEDORA-2022-10bb6f119e](https://bodhi.fedoraproject.org/updates/FEDORA-2022-10bb6f119e) ##

CVEs Fixed - CVE-2022-21618 - CVE-2022-21619 - CVE-2022-21624 -CVE-2022-21628 - CVE-2022-39399 ## Security Fixes - JDK-8282252: Improve

BigInteger/Decimal validation - JDK-8285662: Better permission resolution -JDK-8286077: Wider MultiByte conversions - JDK-8286511: Improve macro

allocation - JDK-8286519: Better memory handling - JDK-8286526: Improve NTLM

support - JDK-8286910: Improve JNDI lookups - JDK-8286918: Better HttpServer

service - JDK-8287446: Enhance icon presentations - JDK-8288508: Enhance

ECDSA usage - JDK-8289366: Improve HTTP/2 client usage - JDK-8289853: Update

HarfBuzz to 4.4.1 - JDK-8290334: Update FreeType to 2.12.1 ## Major Changes

### [JDK-8292654](https://bugs.openjdk.org/browse/JDK-8292654): G1 Remembered

set memory footprint regression after

[JDK-8286115](https://bugs.openjdk.org/browse/JDK-8286115) JDK-8286115 changed

ergonomic sizing of a component of the remembered sets in G1. This change causes

increased native memory usage of the Hotspot VM for applications that create

large remembered sets with the G1 collector. In an internal benchmark total GC

component native memory usage rose by almost 10% (from 1.2GB to 1.3GB). This

issue can be worked around by passing double the value of

`G1RemSetArrayOfCardsEntries` as printed by running the application with

`-XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions` to your application.

E.g. pass `-XX:+UnlockExperimentalVMOptions -XX:G1RemSetArrayOfCardsEntries=128`

if a previous run showed a value of `64` for `G1RemSetArrayOfCardsEntries` in

the output of `-XX:+PrintFlagsFinal`. ##

[JDK-8292579](https://bugs.openjdk.org/browse/JDK-8292579): Update Timezone Data

to 2022c This version includes changes from 2022b that merged multiple regions

that have the same timestamp data post-1970 into a single time zone database.

All time zone IDs remain the same but the merged time zones will point to a

shared zone database. As a result, pre-1970 data may not be compatible with

earlier JDK versions. The affected zones are ```Antarctica/Vostok, Asia/Brunei,

Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen,

Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm,

Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion,

Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake,

Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland,

Pacific/Ponape, Pacific/Truk, and Pacific/Yap```. For more details, refer

to the announcement of [2022b](https://mm.icann.org/pipermail/tz-announce/2022-August/000071.html)

* Thu Oct 27 2022 Andrew Hughes - 1:19.0.1.0.10-2.rolling

- Temporarily roll build dependency back to tzdata 2022d for F35 as 2022e is still in testing

* Wed Oct 26 2022 Andrew Hughes - 1:19.0.1.0.10-2.rolling

- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173

- Update CLDR data with Europe/Kyiv (JDK-8293834)

- Drop JDK-8292223 patch which we found to be unnecessary

- Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream

* Thu Oct 20 2022 Andrew Hughes - 1:19.0.1.0.10-1.rolling

- Update to jdk-19.0.1 release

- Update release notes to 19.0.1

* Thu Sep 22 2022 Andrew Hughes - 1:19.0.0.0.36-4.rolling

- Switch buildjdkver back to being featurever, now java-19-openjdk is available in the buildroot

* Wed Sep 21 2022 Andrew Hughes - 1:19.0.0.0.36-3.rolling

- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds

- Remove freetype sources along with zlib sources

* Tue Sep 20 2022 Andrew Hughes - 1:19.0.0.0.36-3.rolling

- Switch buildjdkver temporarily to 18, as java-19-openjdk is not yet available in the buildroot

* Tue Sep 20 2022 Andrew Hughes - 1:19.0.0.0.36-3.rolling

- Flip the use of system libraries back on by default, as in-tree libraries should only be used on Fedora 37+

* Tue Aug 30 2022 Andrew Hughes - 1:19.0.0.0.36-2.rolling

- Switch buildjdkver back to being featurever, now java-19-openjdk is available in the buildroot

su -c 'dnf upgrade --advisory FEDORA-2022-ec7de69ceb' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: