SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2480-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.18 , bci/openjdk:latest Container Release : 10.18 Severity : important Type : security References : 1207922 1213473 1213474 1213475 1213479 1213481 1213482 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3023-1 Released: Fri Jul 28 21:59:48 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8294323: Improve Shared Class Data - JDK-8296565: Enhanced archival support - JDK-8298676, JDK-8300891: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304460: Improve array usages - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8178806: Better exception logging in crypto code - JDK-8201516: DebugNonSafepoints generates incorrect information - JDK-8224768: Test ActalisCA.java fails - JDK-8227060: Optimize safepoint cleanup subtask order - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel - JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java doesn' initialize eName - JDK-8245877: assert(_value != __null) failed: resolving NULL _value in JvmtiExport::post_compiled_method_load - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken - JDK-8252990: Intrinsify Unsafe.storeStoreFence - JDK-8254711: Add java.security.Provider.getService JFR Event - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8261495: Shenandoah: reconsider update references memory ordering - JDK-8268288: jdk/jfr/api/consumer/streaming/ /TestOutOfProcessMigration.java fails with 'Error: ShouldNotReachHere()' - JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java fails: unexpected log message - JDK-8268582: javadoc throws NPE with --ignore-source-errors option - JDK-8269821: Remove is-queue-active check in inner loop of write_ref_array_pre_work - JDK-8270434: JDI+UT: Unexpected event in JDI tests - JDK-8270859: Post JEP 411 refactoring: client libs with maximum covering > 10K - JDK-8270869: G1ServiceThread may not terminate - JDK-8271519: java/awt/event/SequencedEvent/ /MultipleContextsFunctionalTest.java failed with 'Total [200] - Expected [400]' - JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can still fail with 'ERROR: new event is not ThreadStartEvent' - JDK-8274243: Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 - JDK-8274615: Support relaxed atomic add for linux-aarch64 - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275287: Relax memory ordering constraints on updating instance class and array class counters - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276058: Some swing test fails on specific CI macos system - JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/ /bug6276188.java fails to compile after JDK-8276058 - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly identify it as pause - JDK-8278434: timeouts in test java/time/test/java/time/ /format/TestZoneTextPrinterParser.java - JDK-8278834: Error 'Cannot read field 'sym' because 'this.lvar[od]' is null' when compiling - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282227: Locale information for nb is not working properly - JDK-8282704: runtime/Thread/StopAtExit.java may leak memory - JDK-8283057: Update GCC to version 11.2.0 for Oracle builds on Linux - JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2 - JDK-8283520: JFR: Memory leak in dcmd_arena - JDK-8283566: G1: Improve G1BarrierSet::enqueue performance - JDK-8284331: Add sanity check for signal handler modification warning. - JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel - JDK-8285987: executing shell scripts without #! fails on Alpine linux - JDK-8286191: misc tests fail due to JDK-8285987 - JDK-8286287: Reading file as UTF-16 causes Error which 'shouldn't happen' - JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator - JDK-8286346: 3-parameter version of AllocateHeap should not ignore AllocFailType - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287541: Files.writeString fails to throw IOException for charset 'windows-1252' - JDK-8287854: Dangling reference in ClassVerifier::verify_class - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8288589: Files.readString ignores encoding errors for UTF-16 - JDK-8289509: Improve test coverage for XPath Axes: descendant, descendant-or-self, following, following-sibling - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8289949: Improve test coverage for XPath: operators - JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is subject to undefined behavior - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8292301: [REDO v2] C2 crash when allocating array of size too large - JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests resilience under spurious failures - JDK-8292713: Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses - JDK-8292755: Non-default method in interface leads to a stack overflow in JShell - JDK-8292990: Improve test coverage for XPath Axes: parent - JDK-8293295: Add type check asserts to java_lang_ref_Reference accessors - JDK-8293492: ShenandoahControlThread missing from hs-err log and thread dump - JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG - JDK-8293887: AArch64 build failure with GCC 12 due to maybe-uninitialized warning in libfdlibm k_rem_pio2.c - JDK-8294183: AArch64: Wrong macro check in SharedRuntime::generate_deopt_blob - JDK-8294281: Allow warnings to be disabled on a per-file basis - JDK-8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java - JDK-8294717: (bf) DirectByteBuffer constructor will leak if allocating Deallocator or Cleaner fails with OOME - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295564: Norwegian Nynorsk Locale is missing formatting - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM - JDK-8296318: use-def assert: special case undetected loops nested in infinite loops - JDK-8296343: CPVE thrown on missing content-length in OCSP response - JDK-8296412: Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts - JDK-8296545: C2 Blackholes should allow load optimizations - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297154: Improve safepoint cleanup logging - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8297587: Upgrade JLine to 3.22.0 - JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs - JDK-8298488: [macos13] tools/jpackage tests failing with 'Exit code: 137' on macOS - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299179: ArrayFill with store on backedge needs to reduce length by 1 - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8299544: Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs - JDK-8299570: [JVMCI] Insufficient error handling when CodeBuffer is exhausted - JDK-8299959: C2: CmpU::Value must filter overflow computation against local sub computation - JDK-8300042: Improve CPU related JFR events descriptions - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300823: UB: Compile::_phase_optimize_finished is initialized too late - JDK-8300939: sun/security/provider/certpath/OCSP/ /OCSPNoContentLength.java fails due to network errors - JDK-8301050: Detect Xen Virtualization on Linux aarch64 - JDK-8301119: Support for GB18030-2022 - JDK-8301123: Enable Symbol refcounting underflow checks in PRODUCT - JDK-8301190: [vectorapi] The typeChar of LaneType is incorrect when default locale is tr - JDK-8301216: ForkJoinPool invokeAll() ignores timeout - JDK-8301338: Identical branch conditions in CompileBroker::print_heapinfo - JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument - JDK-8301637: ThreadLocalRandom.current().doubles().parallel() contention - JDK-8301661: Enhance os::pd_print_cpu_info on macOS and Windows - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined must respect ForceInline - JDK-8302320: AsyncGetCallTrace obtains too few frames in sanity test - JDK-8302491: NoClassDefFoundError omits the original cause of an error - JDK-8302508: Add timestamp to the output TraceCompilerThreads - JDK-8302594: use-after-free in Node::destruct - JDK-8302595: use-after-free related to GraphKit::clone_map - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8302849: SurfaceManager might expose partially constructed object - JDK-8303069: Memory leak in CompilerOracle::parse_from_line - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303130: Document required Accessibility permissions on macOS - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8 - JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303508: Vector.lane() gets wrong value on x86 - JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling - JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi - JDK-8303575: adjust Xen handling on Linux aarch64 - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303588: [JVMCI] make JVMCI source directories conform with standard layout - JDK-8303809: Dispose context in SPNEGO NegotiatorImpl - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8303949: gcc10 warning Linux ppc64le - note: the layout of aggregates containing vectors with 8-byte alignment has changed in GCC 5 - JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed - JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java fails when checking LD_LIBRARY_PATH - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304671: javac regression: Compilation with --release 8 fails on underscore in enum identifiers - JDK-8304683: Memory leak in WB_IsMethodCompatible - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8304867: Explicitly disable dtrace for ppc builds - JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with ZGC - JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305403: Shenandoah evacuation workers may deadlock - JDK-8305481: gtest is_first_C_frame failing on ARM - JDK-8305690: [X86] Do not emit two REX prefixes in Assembler::prefix - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8305993: Add handleSocketErrorWithMessage to extend nio Net.c exception message - JDK-8305994: Guarantee eventual async monitor deflation - JDK-8306072: Open source several AWT MouseInfo related tests - JDK-8306133: Open source few AWT Drag & Drop related tests - JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests - JDK-8306432: Open source several AWT Text Component related tests - JDK-8306466: Open source more AWT Drag & Drop related tests - JDK-8306489: Open source AWT List related tests - JDK-8306543: GHA: MSVC installation is failing - JDK-8306640: Open source several AWT TextArea related tests - JDK-8306652: Open source AWT MenuItem related tests - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306681: Open source more AWT DnD related tests - JDK-8306683: Open source several clipboard and color AWT tests - JDK-8306752: Open source several container and component AWT tests - JDK-8306753: Open source several container AWT tests - JDK-8306755: Open source few Swing JComponent and AbstractButton tests - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306774: Make runtime/Monitor/ /GuaranteedAsyncDeflationIntervalTest.java more reliable - JDK-8306825: Monitor deflation might be accidentally disabled by zero intervals - JDK-8306850: Open source AWT Modal related tests - JDK-8306871: Open source more AWT Drag & Drop tests - JDK-8306883: Thread stacksize is reported with wrong units in os::create_thread logging - JDK-8306941: Open source several datatransfer and dnd AWT tests - JDK-8306943: Open source several dnd AWT tests - JDK-8306954: Open source five Focus related tests - JDK-8306955: Open source several JComboBox jtreg tests - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8306996: Open source Swing MenuItem related tests - JDK-8307080: Open source some more JComboBox jtreg tests - JDK-8307128: Open source some drag and drop tests 4 - JDK-8307130: Open source few Swing JMenu tests - JDK-8307133: Open source some JTable jtreg tests - JDK-8307134: Add GTS root CAs - JDK-8307135: java/awt/dnd/NotReallySerializableTest/ /NotReallySerializableTest.java failed - JDK-8307331: Correctly update line maps when class redefine rewrites bytecodes - JDK-8307346: Add missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code - JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could leave files owned by root on macOS - JDK-8307378: Allow collectors to provide specific values for GC notifications' actions - JDK-8307381: Open Source JFrame, JIF related Swing Tests - JDK-8307425: Socket input stream read burns CPU cycles with back-to-back poll(0) calls - JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause - JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not removed from ExternalEditorTest - JDK-8308880: [17u] micro bench ZoneStrings missed in backport of 8278434 - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8311467: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8 The following package changes have been done: - java-17-openjdk-headless-17.0.8.0-150400.3.27.1 updated - java-17-openjdk-17.0.8.0-150400.3.27.1 updated

SUSE: 2023:2480-1 bci/openjdk Security Update

August 1, 2023

The container bci/openjdk was updated

Summary

Advisory ID: SUSE-SU-2023:3023-1 Released: Fri Jul 28 21:59:48 2023 Summary: Security update for java-17-openjdk Type: security Severity: important

References

References : 1207922 1213473 1213474 1213475 1213479 1213481 1213482 CVE-2023-22006

CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049

CVE-2023-25193

1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193

This update for java-17-openjdk fixes the following issues:

Updated to version jdk-17.0.8+7 (July 2023 CPU):

- CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473).

- CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474).

- CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475).

- CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479).

- CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481).

- CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482).

- CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922).

- JDK-8294323: Improve Shared Class Data

- JDK-8296565: Enhanced archival support

- JDK-8298676, JDK-8300891: Enhanced Look and Feel

- JDK-8300285: Enhance TLS data handling

- JDK-8300596: Enhance Jar Signature validation

- JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1

- JDK-8302475: Enhance HTTP client file downloading

- JDK-8302483: Enhance ZIP performance

- JDK-8303376: Better launching of JDI

- JDK-8304460: Improve array usages

- JDK-8304468: Better array usages

- JDK-8305312: Enhanced path handling

- JDK-8308682: Enhance AES performance

Bugfixes:

- JDK-8178806: Better exception logging in crypto code

- JDK-8201516: DebugNonSafepoints generates incorrect

information

- JDK-8224768: Test ActalisCA.java fails

- JDK-8227060: Optimize safepoint cleanup subtask order

- JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java

fails with AssertionError

- JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel

- JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java

doesn' initialize eName

- JDK-8245877: assert(_value != __null) failed: resolving NULL

_value in JvmtiExport::post_compiled_method_load

- JDK-8248001: javadoc generates invalid HTML pages whose

ftp:// links are broken

- JDK-8252990: Intrinsify Unsafe.storeStoreFence

- JDK-8254711: Add java.security.Provider.getService JFR Event

- JDK-8257856: Make ClassFileVersionsTest.java robust to JDK

version updates

- JDK-8261495: Shenandoah: reconsider update references memory

ordering

- JDK-8268288: jdk/jfr/api/consumer/streaming/

/TestOutOfProcessMigration.java fails with 'Error:

ShouldNotReachHere()'

- JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java

fails: unexpected log message

- JDK-8268582: javadoc throws NPE with --ignore-source-errors

option

- JDK-8269821: Remove is-queue-active check in inner loop of

write_ref_array_pre_work

- JDK-8270434: JDI+UT: Unexpected event in JDI tests

- JDK-8270859: Post JEP 411 refactoring: client libs with

maximum covering > 10K

- JDK-8270869: G1ServiceThread may not terminate

- JDK-8271519: java/awt/event/SequencedEvent/

/MultipleContextsFunctionalTest.java failed with 'Total [200]

- Expected [400]'

- JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can

still fail with 'ERROR: new event is not ThreadStartEvent'

- JDK-8274243: Implement fast-path for ASCII-compatible

CharsetEncoders on aarch64

- JDK-8274615: Support relaxed atomic add for linux-aarch64

- JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile

- JDK-8275233: Incorrect line number reported in exception

stack trace thrown from a lambda expression

- JDK-8275287: Relax memory ordering constraints on updating

instance class and array class counters

- JDK-8275721: Name of UTC timezone in a locale changes

depending on previous code

- JDK-8275735: [linux] Remove deprecated Metrics api (kernel

memory limit)

- JDK-8276058: Some swing test fails on specific CI macos system

- JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/

/bug6276188.java fails to compile after JDK-8276058

- JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java -

add 4357905

- JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly

identify it as pause

- JDK-8278434: timeouts in test java/time/test/java/time/

/format/TestZoneTextPrinterParser.java

- JDK-8278834: Error 'Cannot read field 'sym' because

'this.lvar[od]' is null' when compiling

- JDK-8282077: PKCS11 provider C_sign() impl should handle

CKR_BUFFER_TOO_SMALL error

- JDK-8282201: Consider removal of expiry check in

VerifyCACerts.java test

- JDK-8282227: Locale information for nb is not working properly

- JDK-8282704: runtime/Thread/StopAtExit.java may leak memory

- JDK-8283057: Update GCC to version 11.2.0 for Oracle builds

on Linux

- JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2

- JDK-8283520: JFR: Memory leak in dcmd_arena

- JDK-8283566: G1: Improve G1BarrierSet::enqueue performance

- JDK-8284331: Add sanity check for signal handler modification

warning.

- JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java

failed with Default Button not pressed for L&F:

com.sun.java.swing.plaf.motif.MotifLookAndFeel

- JDK-8285987: executing shell scripts without #! fails on

Alpine linux

- JDK-8286191: misc tests fail due to JDK-8285987

- JDK-8286287: Reading file as UTF-16 causes Error which

'shouldn't happen'

- JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator

- JDK-8286346: 3-parameter version of AllocateHeap should not

ignore AllocFailType

- JDK-8286398: Address possibly lossy conversions in

jdk.internal.le

- JDK-8287007: [cgroups] Consistently use stringStream

throughout parsing code

- JDK-8287246: DSAKeyValue should check for missing params

instead of relying on KeyFactory provider

- JDK-8287541: Files.writeString fails to throw IOException for

charset 'windows-1252'

- JDK-8287854: Dangling reference in ClassVerifier::verify_class

- JDK-8287876: The recently de-problemlisted

TestTitledBorderLeak test is unstable

- JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md

with information on 4th party dependencies

- JDK-8288589: Files.readString ignores encoding errors for

UTF-16

- JDK-8289509: Improve test coverage for XPath Axes:

descendant, descendant-or-self, following, following-sibling

- JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space

- JDK-8289949: Improve test coverage for XPath: operators

- JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is

subject to undefined behavior

- JDK-8291226: Create Test Cases to cover scenarios for

JDK-8278067

- JDK-8291637: HttpClient default keep alive timeout not

followed if server sends invalid value

- JDK-8291638: Keep-Alive timeout of 0 should close connection

immediately

- JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage()

is lower than expected

- JDK-8292301: [REDO v2] C2 crash when allocating array of size

too large

- JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests

resilience under spurious failures

- JDK-8292713: Unsafe.allocateInstance should be intrinsified

without UseUnalignedAccesses

- JDK-8292755: Non-default method in interface leads to a stack

overflow in JShell

- JDK-8292990: Improve test coverage for XPath Axes: parent

- JDK-8293295: Add type check asserts to

java_lang_ref_Reference accessors

- JDK-8293492: ShenandoahControlThread missing from hs-err log

and thread dump

- JDK-8293858: Change PKCS7 code to use default SecureRandom

impl instead of SHA1PRNG

- JDK-8293887: AArch64 build failure with GCC 12 due to

maybe-uninitialized warning in libfdlibm k_rem_pio2.c

- JDK-8294183: AArch64: Wrong macro check in

SharedRuntime::generate_deopt_blob

- JDK-8294281: Allow warnings to be disabled on a per-file basis

- JDK-8294673: JFR: Add SecurityProviderService#threshold to

TestActiveSettingEvent.java

- JDK-8294717: (bf) DirectByteBuffer constructor will leak if

allocating Deallocator or Cleaner fails with OOME

- JDK-8294906: Memory leak in PKCS11 NSS TLS server

- JDK-8295564: Norwegian Nynorsk Locale is missing formatting

- JDK-8295974: jni_FatalError and Xcheck:jni warnings should

print the native stack when there are no Java frames

- JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java

fails intermittently on a VM

- JDK-8296318: use-def assert: special case undetected loops

nested in infinite loops

- JDK-8296343: CPVE thrown on missing content-length in OCSP

response

- JDK-8296412: Special case infinite loops with unmerged

backedges in IdealLoopTree::check_safepts

- JDK-8296545: C2 Blackholes should allow load optimizations

- JDK-8296934: Write a test to verify whether Undecorated Frame

can be iconified or not

- JDK-8297000: [jib] Add more friendly warning for proxy issues

- JDK-8297154: Improve safepoint cleanup logging

- JDK-8297450: ScaledTextFieldBorderTest.java fails when run

with -show parameter

- JDK-8297587: Upgrade JLine to 3.22.0

- JDK-8297730: C2: Arraycopy intrinsic throws incorrect

exception

- JDK-8297955: LDAP CertStore should use LdapName and not

String for DNs

- JDK-8298488: [macos13] tools/jpackage tests failing with

'Exit code: 137' on macOS

- JDK-8298887: On the latest macOS+XCode the Robot API may

report wrong colors

- JDK-8299179: ArrayFill with store on backedge needs to reduce

length by 1

- JDK-8299259: C2: Div/Mod nodes without zero check could be

split through iv phi of loop resulting in SIGFPE

- JDK-8299544: Improve performance of CRC32C intrinsics

(non-AVX-512) for small inputs

- JDK-8299570: [JVMCI] Insufficient error handling when

CodeBuffer is exhausted

- JDK-8299959: C2: CmpU::Value must filter overflow computation

against local sub computation

- JDK-8300042: Improve CPU related JFR events descriptions

- JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy

due to constant NULL src argument

- JDK-8300823: UB: Compile::_phase_optimize_finished is

initialized too late

- JDK-8300939: sun/security/provider/certpath/OCSP/

/OCSPNoContentLength.java fails due to network errors

- JDK-8301050: Detect Xen Virtualization on Linux aarch64

- JDK-8301119: Support for GB18030-2022

- JDK-8301123: Enable Symbol refcounting underflow checks in

PRODUCT

- JDK-8301190: [vectorapi] The typeChar of LaneType is

incorrect when default locale is tr

- JDK-8301216: ForkJoinPool invokeAll() ignores timeout

- JDK-8301338: Identical branch conditions in

CompileBroker::print_heapinfo

- JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic

called with negative character argument

- JDK-8301637: ThreadLocalRandom.current().doubles().parallel()

contention

- JDK-8301661: Enhance os::pd_print_cpu_info on macOS and

Windows

- JDK-8302151: BMPImageReader throws an exception reading BMP

images

- JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined

must respect ForceInline

- JDK-8302320: AsyncGetCallTrace obtains too few frames in

sanity test

- JDK-8302491: NoClassDefFoundError omits the original cause of

an error

- JDK-8302508: Add timestamp to the output TraceCompilerThreads

- JDK-8302594: use-after-free in Node::destruct

- JDK-8302595: use-after-free related to GraphKit::clone_map

- JDK-8302791: Add specific ClassLoader object to Proxy

IllegalArgumentException message

- JDK-8302849: SurfaceManager might expose partially

constructed object

- JDK-8303069: Memory leak in CompilerOracle::parse_from_line

- JDK-8303102: jcmd: ManagementAgent.status truncates the text

longer than O_BUFLEN

- JDK-8303130: Document required Accessibility permissions on

macOS

- JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m

needs CFRelease call in early potential CHECK_NULL return

- JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8

- JDK-8303440: The 'ZonedDateTime.parse' may not accept the

'UTC+XX' zone id

- JDK-8303465: KeyStore of type KeychainStore, provider Apple

does not show all trusted certificates

- JDK-8303476: Add the runtime version in the release file of a

JDK image

- JDK-8303482: Update LCMS to 2.15

- JDK-8303508: Vector.lane() gets wrong value on x86

- JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during

unrolling

- JDK-8303564: C2: 'Bad graph detected in build_loop_late'

after a CMove is wrongly split thru phi

- JDK-8303575: adjust Xen handling on Linux aarch64

- JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs

CFRelease call in early potential CHECK_NULL return

- JDK-8303588: [JVMCI] make JVMCI source directories conform

with standard layout

- JDK-8303809: Dispose context in SPNEGO NegotiatorImpl

- JDK-8303822: gtestMain should give more helpful output

- JDK-8303861: Error handling step timeouts should never be

blocked by OnError and others

- JDK-8303937: Corrupted heap dumps due to missing retries for

os::write()

- JDK-8303949: gcc10 warning Linux ppc64le - note: the layout

of aggregates containing vectors with 8-byte alignment has

changed in GCC 5

- JDK-8304054: Linux: NullPointerException from

FontConfiguration.getVersion in case no fonts are installed

- JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java

fails when checking LD_LIBRARY_PATH

- JDK-8304134: jib bootstrapper fails to quote filename when

checking download filetype

- JDK-8304291: [AIX] Broken build after JDK-8301998

- JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998

- JDK-8304350: Font.getStringBounds calculates wrong width for

TextAttribute.TRACKING other than 0.0

- JDK-8304671: javac regression: Compilation with --release 8

fails on underscore in enum identifiers

- JDK-8304683: Memory leak in WB_IsMethodCompatible

- JDK-8304760: Add 2 Microsoft TLS roots

- JDK-8304867: Explicitly disable dtrace for ppc builds

- JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with

ZGC

- JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic

- JDK-8305113: (tz) Update Timezone Data to 2023c

- JDK-8305400: ISO 4217 Amendment 175 Update

- JDK-8305403: Shenandoah evacuation workers may deadlock

- JDK-8305481: gtest is_first_C_frame failing on ARM

- JDK-8305690: [X86] Do not emit two REX prefixes in

Assembler::prefix

- JDK-8305711: Arm: C2 always enters slowpath for monitorexit

- JDK-8305721: add `make compile-commands` artifacts to

.gitignore

- JDK-8305975: Add TWCA Global Root CA

- JDK-8305993: Add handleSocketErrorWithMessage to extend nio

Net.c exception message

- JDK-8305994: Guarantee eventual async monitor deflation

- JDK-8306072: Open source several AWT MouseInfo related tests

- JDK-8306133: Open source few AWT Drag & Drop related tests

- JDK-8306409: Open source AWT KeyBoardFocusManger,

LightWeightComponent related tests

- JDK-8306432: Open source several AWT Text Component related

tests

- JDK-8306466: Open source more AWT Drag & Drop related tests

- JDK-8306489: Open source AWT List related tests

- JDK-8306543: GHA: MSVC installation is failing

- JDK-8306640: Open source several AWT TextArea related tests

- JDK-8306652: Open source AWT MenuItem related tests

- JDK-8306658: GHA: MSVC installation could be optional since

it might already be pre-installed

- JDK-8306664: GHA: Update MSVC version to latest stepping

- JDK-8306681: Open source more AWT DnD related tests

- JDK-8306683: Open source several clipboard and color AWT tests

- JDK-8306752: Open source several container and component AWT

tests

- JDK-8306753: Open source several container AWT tests

- JDK-8306755: Open source few Swing JComponent and

AbstractButton tests

- JDK-8306768: CodeCache Analytics reports wrong threshold

- JDK-8306774: Make runtime/Monitor/

/GuaranteedAsyncDeflationIntervalTest.java more reliable

- JDK-8306825: Monitor deflation might be accidentally disabled

by zero intervals

- JDK-8306850: Open source AWT Modal related tests

- JDK-8306871: Open source more AWT Drag & Drop tests

- JDK-8306883: Thread stacksize is reported with wrong units in

os::create_thread logging

- JDK-8306941: Open source several datatransfer and dnd AWT

tests

- JDK-8306943: Open source several dnd AWT tests

- JDK-8306954: Open source five Focus related tests

- JDK-8306955: Open source several JComboBox jtreg tests

- JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep

- JDK-8306996: Open source Swing MenuItem related tests

- JDK-8307080: Open source some more JComboBox jtreg tests

- JDK-8307128: Open source some drag and drop tests 4

- JDK-8307130: Open source few Swing JMenu tests

- JDK-8307133: Open source some JTable jtreg tests

- JDK-8307134: Add GTS root CAs

- JDK-8307135: java/awt/dnd/NotReallySerializableTest/

/NotReallySerializableTest.java failed

- JDK-8307331: Correctly update line maps when class redefine

rewrites bytecodes

- JDK-8307346: Add missing gc+phases logging for

ObjectCount(AfterGC) JFR event collection code

- JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could

leave files owned by root on macOS

- JDK-8307378: Allow collectors to provide specific values for

GC notifications' actions

- JDK-8307381: Open Source JFrame, JIF related Swing Tests

- JDK-8307425: Socket input stream read burns CPU cycles with

back-to-back poll(0) calls

- JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has

invalid jtreg `@requires` clause

- JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not

removed from ExternalEditorTest

- JDK-8308880: [17u] micro bench ZoneStrings missed in backport

of 8278434

- JDK-8308884: [17u/11u] Backout JDK-8297951

- JDK-8311467: [17u] Remove designator

DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8

The following package changes have been done:

- java-17-openjdk-headless-17.0.8.0-150400.3.27.1 updated

- java-17-openjdk-17.0.8.0-150400.3.27.1 updated

Severity

Container Advisory ID : SUSE-CU-2023:2480-1

Container Tags : bci/openjdk:17 , bci/openjdk:17-10.18 , bci/openjdk:latest

Container Release : 10.18

Severity : important

Type : security

SUSE: 2023:2480-1 bci/openjdk Security Update

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By