--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-129d8ca6fc
2024-03-07 22:24:39.963937
--------------------------------------------------------------------------------

Name        : java-1.8.0-openjdk
Product     : Fedora 40
Version     : 1.8.0.402.b06
Release     : 1.fc40.1
URL         : https://openjdk.org/
Summary     : OpenJDK 8 Runtime Environment
Description :
The OpenJDK 8 runtime environment.

--------------------------------------------------------------------------------
Update Information:

Change for system JDK from 17 to 21.
upstream security release 122.0.6261.94
High CVE-2024-1938: Type Confusion in V8
High CVE-2024-1939: Type Confusion in V8
fixed bug with requires
Automatic update for lucene-9.9.2-1.fc40.
bump java source/target to 1.8, fixes 2266639
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  2 2024 Jiri Vanek  - 1:1.8.0.402.b06-1.1
- Rebuilt for java-21-openjdk as system jdk
* Tue Jan 30 2024 Jiri Vanek  - 1:1.8.0.402.b06-1
- updated to repack u402.b06
- debuginfo si probably broken due to wrong b05 in source tarball in comapre with b06
-- of the rpm (where b06 was delivered by patch)
- removed wrong release set by rcm bot
* Wed Jan 24 2024 Fedora Release Engineering  - 1:1.8.0.392.b08-7.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering  - 1:1.8.0.392.b08-7.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Dec  9 2023 Jiri Vanek  - 1:1.8.0.392.b08-6
- repacking renamed portable tarballs, thus making the regex more geenric again
* Sat Dec  9 2023 Jiri Vanek  - 1:1.8.0.392.b08-5
- proeprly filing debugsources pkg
  by addedd symlinks restructuring the structure for original build sources
- according to logs, some are still missing
  probably generated during the build, and thus not existing in prep,
  when the sources subpkg is created after patching
* Wed Nov 22 2023 Jiri Vanek  - 1:1.8.0.392.b08-4
- updated to jdk8u392+b08
- adjsuted to use unstripped portables
- temporarily manually turned off debuginfo
- returned setup macro
* Fri Sep 29 2023 Yaakov Selkowitz  - 1:1.8.0.382.b05-3
- Fix flatpak build by handling different installation prefixes of package dependencies
* Thu Aug 10 2023 Jiri Vanek  - 1:1.8.0.382.b05-2
- removed .so files from full_sources
- list executbales in same
* Mon Jul 24 2023 Jayashree Huttanagoudar  - 1:1.8.0.382.b05-1
- updatet to july security update 382.b05
* Mon Jul 24 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-7
- Remove few more binaries from full_sources that were throwing missing build-id warnings
- Resolves: rhbz#2222629
* Thu Jul 20 2023 Fedora Release Engineering  - 1:1.8.0.372.b07-6.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jul 13 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-6
- Fix the symlink for files under lib/security
- Fixing symlink cleared failing test cases
- Return release and NEWS missing lines
- Copy jdk_image and clean-up redundant lines
- Uncommented few lines which were parked earlier
- Fix quotes around vendor information strings
* Thu Jul 13 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-5
- Return missing README.md installation
- Use default macros for LICENSE and README.md installation
* Thu Jul 13 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-4
- Add fix for LICENSE installation
* Wed Jul 12 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-3
- Add missing tzdata related lines
* Thu Jun  1 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-2
- Further chages to trigger a final build
* Thu Jun  1 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-2
- Changes to %description section
* Wed May 31 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-2
- Modified sources file as required.
- Removed unwanted build dependencie.
- Removed unwanted files,patches and scripts. Also the related lines where they were referred.
* Tue May 30 2023 Jayashree Huttanagoudar  - 1:1.8.0.372.b07-2
- Copied rhel-9-main spec as a base for further changes for fedora jdk8 repackaging
* Tue Apr 18 2023 Andrew Hughes  - 1:1.8.0.372.b07-2
- Update to shenandoah-jdk8u372-b07 (GA)
- Update release notes for shenandoah-8u372-b07.
- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07
- Update generate_tarball.sh to add support for passing a boot JDK to the configure run
- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
- Drop JDK-8275535/RH2053256 patch which is now upstream
- Include JDK-8271199 backport early ahead of 8u382 (RH2175317)
- Drop hack for difference in local and portable build version
- Replace local copies of JDK portable binaries with build dependencies
- Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild.
- Remove duplicate use of README.md inside the *-src package (it is no longer about sources)
- Use portable build on x86_32 now one is available
- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. **
- Resolves: rhbz#2185182
- Resolves: rhbz#2189329
* Tue Feb 28 2023 Andrew Hughes  - 1:1.8.0.362.b09-4
- Drop use of portable build on s390x due to libffi compatibility issue (needs libffi.so.6)
- Related: rhbz#2150202
* Tue Feb 28 2023 Andrew Hughes  - 1:1.8.0.362.b09-4
- Add explicit libffi dependency for s390x build
- Related: rhbz#2150202
* Tue Feb 28 2023 Andrew Hughes  - 1:1.8.0.362.b09-4
- On portable architectures, replace build section with extraction of existing builds from portables
- Rewrite ELF files so the source file path is correct and debugsources can be assembled
- Resolves: rhbz#2150202
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2123726 - consoleImageViewer crashes at start
        https://bugzilla.redhat.com/show_bug.cgi?id=2123726
  [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40
        https://bugzilla.redhat.com/show_bug.cgi?id=2261062
  [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk
        https://bugzilla.redhat.com/show_bug.cgi?id=2266639
  [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2266934
  [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2266937
  [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta
        https://bugzilla.redhat.com/show_bug.cgi?id=2267486
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 40: java-1.8.0-openjdk 2024-129d8ca6fc

March 7, 2024
Change for system JDK from 17 to 21

Summary

The OpenJDK 8 runtime environment.

Update Information:

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639

Change Log

* Sat Mar 2 2024 Jiri Vanek - 1:1.8.0.402.b06-1.1 - Rebuilt for java-21-openjdk as system jdk * Tue Jan 30 2024 Jiri Vanek - 1:1.8.0.402.b06-1 - updated to repack u402.b06 - debuginfo si probably broken due to wrong b05 in source tarball in comapre with b06 -- of the rpm (where b06 was delivered by patch) - removed wrong release set by rcm bot * Wed Jan 24 2024 Fedora Release Engineering - 1:1.8.0.392.b08-7.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering - 1:1.8.0.392.b08-7.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Dec 9 2023 Jiri Vanek - 1:1.8.0.392.b08-6 - repacking renamed portable tarballs, thus making the regex more geenric again * Sat Dec 9 2023 Jiri Vanek - 1:1.8.0.392.b08-5 - proeprly filing debugsources pkg by addedd symlinks restructuring the structure for original build sources - according to logs, some are still missing probably generated during the build, and thus not existing in prep, when the sources subpkg is created after patching * Wed Nov 22 2023 Jiri Vanek - 1:1.8.0.392.b08-4 - updated to jdk8u392+b08 - adjsuted to use unstripped portables - temporarily manually turned off debuginfo - returned setup macro * Fri Sep 29 2023 Yaakov Selkowitz - 1:1.8.0.382.b05-3 - Fix flatpak build by handling different installation prefixes of package dependencies * Thu Aug 10 2023 Jiri Vanek - 1:1.8.0.382.b05-2 - removed .so files from full_sources - list executbales in same * Mon Jul 24 2023 Jayashree Huttanagoudar - 1:1.8.0.382.b05-1 - updatet to july security update 382.b05 * Mon Jul 24 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-7 - Remove few more binaries from full_sources that were throwing missing build-id warnings - Resolves: rhbz#2222629 * Thu Jul 20 2023 Fedora Release Engineering - 1:1.8.0.372.b07-6.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jul 13 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-6 - Fix the symlink for files under lib/security - Fixing symlink cleared failing test cases - Return release and NEWS missing lines - Copy jdk_image and clean-up redundant lines - Uncommented few lines which were parked earlier - Fix quotes around vendor information strings * Thu Jul 13 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-5 - Return missing README.md installation - Use default macros for LICENSE and README.md installation * Thu Jul 13 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-4 - Add fix for LICENSE installation * Wed Jul 12 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-3 - Add missing tzdata related lines * Thu Jun 1 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-2 - Further chages to trigger a final build * Thu Jun 1 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-2 - Changes to %description section * Wed May 31 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-2 - Modified sources file as required. - Removed unwanted build dependencie. - Removed unwanted files,patches and scripts. Also the related lines where they were referred. * Tue May 30 2023 Jayashree Huttanagoudar - 1:1.8.0.372.b07-2 - Copied rhel-9-main spec as a base for further changes for fedora jdk8 repackaging * Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-2 - Update to shenandoah-jdk8u372-b07 (GA) - Update release notes for shenandoah-8u372-b07. - Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Drop JDK-8275535/RH2053256 patch which is now upstream - Include JDK-8271199 backport early ahead of 8u382 (RH2175317) - Drop hack for difference in local and portable build version - Replace local copies of JDK portable binaries with build dependencies - Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild. - Remove duplicate use of README.md inside the *-src package (it is no longer about sources) - Use portable build on x86_32 now one is available - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 - Resolves: rhbz#2189329 * Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-4 - Drop use of portable build on s390x due to libffi compatibility issue (needs libffi.so.6) - Related: rhbz#2150202 * Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-4 - Add explicit libffi dependency for s390x build - Related: rhbz#2150202 * Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-4 - On portable architectures, replace build section with extraction of existing builds from portables - Rewrite ELF files so the source file path is correct and debugsources can be assembled - Resolves: rhbz#2150202

References

[ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : java-1.8.0-openjdk
Product : Fedora 40
Version : 1.8.0.402.b06
Release : 1.fc40.1
URL : https://openjdk.org/
Summary : OpenJDK 8 Runtime Environment

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved