--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2023-585aca2233
2023-01-31 01:56:19.880520
--------------------------------------------------------------------------------Name        : java-17-openjdk
Product     : Fedora 37
Version     : 17.0.6.0.10
Release     : 1.fc37
URL         : https://openjdk.org/
Summary     : OpenJDK 17 Runtime Environment
Description :
The OpenJDK 17 runtime environment.

--------------------------------------------------------------------------------Update Information:

# New in release [OpenJDK 17.0.6](https://bit.ly/openjdk1706) (2023-01-17)  ##
CVEs Fixed    - CVE-2023-21835   - CVE-2023-21843  ## Security Fixes    -JDK-8286070: Improve UTF8 representation   - JDK-8286496: Improve Thread labels
- JDK-8287411: Enhance DTLS performance   - JDK-8288516: Enhance font creation
- JDK-8289350: Better media supports   - JDK-8293554: Enhanced DH Key Exchanges
- JDK-8293598: Enhance InetAddress address handling   - JDK-8293717: Objective
view of ObjectView   - JDK-8293734: Improve BMP image handling   - JDK-8293742:
Better Banking of Sounds   - JDK-8295687: Better BMP bounds  ## Major Changes
### JDK-8295687: Better BMP bounds  Loading a linked ICC profile within a BMP
image is now disabled by default. To re-enable it, set the new system property
`sun.imageio.bmp.enabledLinkedProfiles` to `true`.  This new property replaces
the old property, `sun.imageio.plugins.bmp.disableLinkedProfiles`.  ###
JDK-8293742: Better Banking of Sounds  Previously, the SoundbankReader
implementation, `com.sun.media.sound.JARSoundbankReader`, would download a JAR
soundbank from a URL.  This behaviour is now disabled by default. To re-enable
it, set the new system property `jdk.sound.jarsoundbank` to `true`.  ###
[JDK-8282730](https://bugs.openjdk.org/browse/JDK-8282730): New Implementation
Note for LoginModule on Removing Null from a Principals or Credentials Set  Back
in OpenJDK 9, [JDK-8015081](https://bugs.openjdk.org/browse/JDK-8015081) changed
the `Set` implementation used to hold principals and credentials so that it
rejected `null` values. Attempts to call `add(null)`, `contains(null)` or
`remove(null)` were changed to throw a `NullPointerException`.  However, the
`logout()` methods in the `LoginModule` implementations within the JDK were not
updated to check for `null` values, which may occur in the event of a failed
login. As a result, a `logout()` call may throw a `NullPointerException`.  The
`LoginModule` implementations have now been updated with such checks and an
implementation note added to the specification to suggest that the same change
is made in third party modules.  Developers of third party modules are advised
to verify that their `logout()` method does not throw a `NullPointerException`.
### JDK-8287411: Enhance DTLS performance  The JDK now exchanges DTLS cookies
for all handshakes, new and resumed. The previous behaviour can be re-enabled by
setting the new system property `jdk.tls.enableDtlsResumeCookie` to `false`.
### FIPS Changes  Previous releases hardcoded the NSS database password used in
FIPS mode to be the empty string, preventing the use of databases which had
another PIN set. This release now allows both the database location and its PIN
to be configured using the properties `fips.nssdb.path` and `fips.nssdb.pin`
respectively. The properties can be set either permanently in the
`java.security` file or at runtime using the `-Dfips.nssdb.path` or
`-Dfips.nssdb.pin` arguments to the JVM. The default values of both remain as
before.
--------------------------------------------------------------------------------ChangeLog:

* Thu Jan 26 2023 Andrew Hughes  - 1:17.0.6.0.10-1
- Update to jdk-17.0.6.0+10
- Update release notes to 17.0.6.0+10
- Switch to GA mode for release
* Thu Jan 19 2023 Fedora Release Engineering  - 1:17.0.6.0.9-0.2.ea.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jan 13 2023 Andrew Hughes  - 1:17.0.6.0.9-0.2.ea
- Update FIPS support to bring in latest changes
- * OJ1357: Fix issue on FIPS with a SecurityManager in place
* Wed Jan  4 2023 Andrew Hughes  - 1:17.0.6.0.9-0.1.ea
- Update to jdk-17.0.6+9
- Update release notes to 17.0.6+9
- Drop local copy of JDK-8293834 now this is upstream
- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone
* Wed Dec  7 2022 Stephan Bergmann  - 1:17.0.6.0.1-0.3.ea
- Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat
* Wed Nov 23 2022 Andrew Hughes  - 1:17.0.6.0.1-0.2.ea
- Update FIPS support to bring in latest changes
- * Add nss.fips.cfg support to OpenJDK tree
- * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
- * Remove forgotten dead code from RH2020290 and RH2104724
- Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build
* Wed Nov  9 2022 Andrew Hughes  - 1:17.0.6.0.1-0.1.ea
- Update to jdk-17.0.6+1
- Update release notes to 17.0.6+1
- Switch to EA mode for 17.0.6 pre-release builds.
- Re-enable EA upstream status check now it is being actively maintained.
- Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream
- Bump tzdata requirement to 2022e now the package is available in Fedora
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-585aca2233' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 37: java-17-openjdk 2023-585aca2233

January 31, 2023

# New in release [OpenJDK 17.0.6](https://bit.ly/openjdk1706) (2023-01-17) ## CVEs Fixed - CVE-2023-21835 - CVE-2023-21843 ## Security Fixes - JDK-8286070: Improve UTF8 represen...

Summary

The OpenJDK 17 runtime environment.

# New in release [OpenJDK 17.0.6](https://bit.ly/openjdk1706) (2023-01-17) ##

CVEs Fixed - CVE-2023-21835 - CVE-2023-21843 ## Security Fixes -JDK-8286070: Improve UTF8 representation - JDK-8286496: Improve Thread labels

- JDK-8287411: Enhance DTLS performance - JDK-8288516: Enhance font creation

- JDK-8289350: Better media supports - JDK-8293554: Enhanced DH Key Exchanges

- JDK-8293598: Enhance InetAddress address handling - JDK-8293717: Objective

view of ObjectView - JDK-8293734: Improve BMP image handling - JDK-8293742:

Better Banking of Sounds - JDK-8295687: Better BMP bounds ## Major Changes

### JDK-8295687: Better BMP bounds Loading a linked ICC profile within a BMP

image is now disabled by default. To re-enable it, set the new system property

`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property replaces

the old property, `sun.imageio.plugins.bmp.disableLinkedProfiles`. ###

JDK-8293742: Better Banking of Sounds Previously, the SoundbankReader

implementation, `com.sun.media.sound.JARSoundbankReader`, would download a JAR

soundbank from a URL. This behaviour is now disabled by default. To re-enable

it, set the new system property `jdk.sound.jarsoundbank` to `true`. ###

[JDK-8282730](https://bugs.openjdk.org/browse/JDK-8282730): New Implementation

Note for LoginModule on Removing Null from a Principals or Credentials Set Back

in OpenJDK 9, [JDK-8015081](https://bugs.openjdk.org/browse/JDK-8015081) changed

the `Set` implementation used to hold principals and credentials so that it

rejected `null` values. Attempts to call `add(null)`, `contains(null)` or

`remove(null)` were changed to throw a `NullPointerException`. However, the

`logout()` methods in the `LoginModule` implementations within the JDK were not

updated to check for `null` values, which may occur in the event of a failed

`LoginModule` implementations have now been updated with such checks and an

implementation note added to the specification to suggest that the same change

is made in third party modules. Developers of third party modules are advised

to verify that their `logout()` method does not throw a `NullPointerException`.

### JDK-8287411: Enhance DTLS performance The JDK now exchanges DTLS cookies

for all handshakes, new and resumed. The previous behaviour can be re-enabled by

setting the new system property `jdk.tls.enableDtlsResumeCookie` to `false`.

### FIPS Changes Previous releases hardcoded the NSS database password used in

FIPS mode to be the empty string, preventing the use of databases which had

another PIN set. This release now allows both the database location and its PIN

to be configured using the properties `fips.nssdb.path` and `fips.nssdb.pin`

respectively. The properties can be set either permanently in the

`java.security` file or at runtime using the `-Dfips.nssdb.path` or

`-Dfips.nssdb.pin` arguments to the JVM. The default values of both remain as

before.

* Thu Jan 26 2023 Andrew Hughes - 1:17.0.6.0.10-1

- Update to jdk-17.0.6.0+10

- Update release notes to 17.0.6.0+10

- Switch to GA mode for release

* Thu Jan 19 2023 Fedora Release Engineering - 1:17.0.6.0.9-0.2.ea.1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

* Fri Jan 13 2023 Andrew Hughes - 1:17.0.6.0.9-0.2.ea

- Update FIPS support to bring in latest changes

- * OJ1357: Fix issue on FIPS with a SecurityManager in place

* Wed Jan 4 2023 Andrew Hughes - 1:17.0.6.0.9-0.1.ea

- Update to jdk-17.0.6+9

- Update release notes to 17.0.6+9

- Drop local copy of JDK-8293834 now this is upstream

- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804

- Update TestTranslations.java to test the new America/Ciudad_Juarez zone

* Wed Dec 7 2022 Stephan Bergmann - 1:17.0.6.0.1-0.3.ea

- Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat

* Wed Nov 23 2022 Andrew Hughes - 1:17.0.6.0.1-0.2.ea

- Update FIPS support to bring in latest changes

- * Add nss.fips.cfg support to OpenJDK tree

- * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode

- * Remove forgotten dead code from RH2020290 and RH2104724

- Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build

* Wed Nov 9 2022 Andrew Hughes - 1:17.0.6.0.1-0.1.ea

- Update to jdk-17.0.6+1

- Update release notes to 17.0.6+1

- Switch to EA mode for 17.0.6 pre-release builds.

- Re-enable EA upstream status check now it is being actively maintained.

- Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream

- Bump tzdata requirement to 2022e now the package is available in Fedora

su -c 'dnf upgrade --advisory FEDORA-2023-585aca2233' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: https://pagure.io/login/

FEDORA-2023-585aca2233 2023-01-31 01:56:19.880520 Product : Fedora 37 Version : 17.0.6.0.10 Release : 1.fc37 URL : https://openjdk.org/ Summary : OpenJDK 17 Runtime Environment Description : The OpenJDK 17 runtime environment. # New in release [OpenJDK 17.0.6](https://bit.ly/openjdk1706) (2023-01-17) ## CVEs Fixed - CVE-2023-21835 - CVE-2023-21843 ## Security Fixes -JDK-8286070: Improve UTF8 representation - JDK-8286496: Improve Thread labels - JDK-8287411: Enhance DTLS performance - JDK-8288516: Enhance font creation - JDK-8289350: Better media supports - JDK-8293554: Enhanced DH Key Exchanges - JDK-8293598: Enhance InetAddress address handling - JDK-8293717: Objective view of ObjectView - JDK-8293734: Improve BMP image handling - JDK-8293742: Better Banking of Sounds - JDK-8295687: Better BMP bounds ## Major Changes ### JDK-8295687: Better BMP bounds Loading a linked ICC profile within a BMP image is now disabled by default. To re-enable it, set the new system property `sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property replaces the old property, `sun.imageio.plugins.bmp.disableLinkedProfiles`. ### JDK-8293742: Better Banking of Sounds Previously, the SoundbankReader implementation, `com.sun.media.sound.JARSoundbankReader`, would download a JAR soundbank from a URL. This behaviour is now disabled by default. To re-enable it, set the new system property `jdk.sound.jarsoundbank` to `true`. ### [JDK-8282730](https://bugs.openjdk.org/browse/JDK-8282730): New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set Back in OpenJDK 9, [JDK-8015081](https://bugs.openjdk.org/browse/JDK-8015081) changed the `Set` implementation used to hold principals and credentials so that it rejected `null` values. Attempts to call `add(null)`, `contains(null)` or `remove(null)` were changed to throw a `NullPointerException`. However, the `logout()` methods in the `LoginModule` implementations within the JDK were not updated to check for `null` values, which may occur in the event of a failed login. As a result, a `logout()` call may throw a `NullPointerException`. The `LoginModule` implementations have now been updated with such checks and an implementation note added to the specification to suggest that the same change is made in third party modules. Developers of third party modules are advised to verify that their `logout()` method does not throw a `NullPointerException`. ### JDK-8287411: Enhance DTLS performance The JDK now exchanges DTLS cookies for all handshakes, new and resumed. The previous behaviour can be re-enabled by setting the new system property `jdk.tls.enableDtlsResumeCookie` to `false`. ### FIPS Changes Previous releases hardcoded the NSS database password used in FIPS mode to be the empty string, preventing the use of databases which had another PIN set. This release now allows both the database location and its PIN to be configured using the properties `fips.nssdb.path` and `fips.nssdb.pin` respectively. The properties can be set either permanently in the `java.security` file or at runtime using the `-Dfips.nssdb.path` or `-Dfips.nssdb.pin` arguments to the JVM. The default values of both remain as before. * Thu Jan 26 2023 Andrew Hughes - 1:17.0.6.0.10-1 - Update to jdk-17.0.6.0+10 - Update release notes to 17.0.6.0+10 - Switch to GA mode for release * Thu Jan 19 2023 Fedora Release Engineering - 1:17.0.6.0.9-0.2.ea.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jan 13 2023 Andrew Hughes - 1:17.0.6.0.9-0.2.ea - Update FIPS support to bring in latest changes - * OJ1357: Fix issue on FIPS with a SecurityManager in place * Wed Jan 4 2023 Andrew Hughes - 1:17.0.6.0.9-0.1.ea - Update to jdk-17.0.6+9 - Update release notes to 17.0.6+9 - Drop local copy of JDK-8293834 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone * Wed Dec 7 2022 Stephan Bergmann - 1:17.0.6.0.1-0.3.ea - Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat * Wed Nov 23 2022 Andrew Hughes - 1:17.0.6.0.1-0.2.ea - Update FIPS support to bring in latest changes - * Add nss.fips.cfg support to OpenJDK tree - * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode - * Remove forgotten dead code from RH2020290 and RH2104724 - Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build * Wed Nov 9 2022 Andrew Hughes - 1:17.0.6.0.1-0.1.ea - Update to jdk-17.0.6+1 - Update release notes to 17.0.6+1 - Switch to EA mode for 17.0.6 pre-release builds. - Re-enable EA upstream status check now it is being actively maintained. - Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream - Bump tzdata requirement to 2022e now the package is available in Fedora su -c 'dnf upgrade --advisory FEDORA-2023-585aca2233' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/