-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-80afe2304a 2022-08-03 01:48:48.037742 --------------------------------------------------------------------------------
Name : java-1.8.0-openjdk Product : Fedora 35 Version : 1.8.0.342.b07 Release : 1.fc35 URL : http://openjdk.java.net/ Summary : OpenJDK 8 Runtime Environment Description : The OpenJDK 8 runtime environment.
-------------------------------------------------------------------------------- Update Information:
# New in release OpenJDK 8u342 (2022-07-19) * The release announcement can be found at: https://bitly.com/openjdk8u342 * Full release details can be found at https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt ## Security Fixes - JDK-8272243: Improve DER parsing - JDK-8272249: Better properties of loaded Properties - JDK-8277608: Address IP Addressing - JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169: Improve Xalan supports ## FIPS Changes * [RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode * [RH2051605](https://bugzilla.redhat.com/show_bug.cgi?id=2051605): Detect NSS at Runtime for FIPS detection * [RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462): sun.security.pkcs11.wrapper.PKCS11.getInstance breakage * [RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to disabling system security properties and FIPS mode support together * Depend on `crypto-policies` package at build-time and run-time ## Other Changes * Add javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD (Frank Dana) ferdnyc@gmail.com) ## JDK-8215293: Customizing PKCS12 keystore Generation New system and security properties have been added to enable users to customize the generation of PKCS #12 keystores. This includes algorithms and parameters for key protection, certificate protection, and MacData. The detailed explanation and possible values for these properties can be found in the "PKCS12 KeyStore properties" section of the `java.security` file. Also, support for the following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider: * HmacPBESHA224 * HmacPBESHA256 * HmacPBESHA384 * HmacPBESHA512 * HmacPBESHA512/224 * HmacPBESHA512/256 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 24 2022 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.342.b07-1 - Update to shenandoah-jdk8u342-b07 (GA) - Update release notes for 8u342-b07. - Switch to GA mode for final release. - Exclude x86 where java_arches is undefined, in order to unbreak build * Fri Jul 22 2022 Jiri Vanek gnu.andrew@redhat.com - 1:1.8.0.342.b06-0.4.ea - moved to build only on %{java_arches} -- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs - reverted : -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release) -- Try to build on x86 again by creating a husk of a JDK which does not depend on itself -- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable -- Reinstate demo package on x86 -- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ -- Replaced binaries and .so files with bash-stubs on i686 - added ExclusiveArch: %{java_arches} -- this now excludes i686 -- this is safely backport-able to older fedoras, as the macro was backported proeprly (with i686 included) - https://bugzilla.redhat.com/show_bug.cgi?id=2104129 * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1:1.8.0.342.b06-0.3.ea.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.342.b06-0.3.ea - Reinstate demo package on x86 * Mon Jul 18 2022 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.342.b06-0.2.ea - Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ * Mon Jul 18 2022 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.342.b06-0.2.ea - Try to build on x86 again by creating a husk of a JDK which does not depend on itself * Sun Jul 17 2022 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.342.b06-0.1.ea - Update to shenandoah-jdk8u342-b06 (EA) - Update release notes for shenandoah-8u342-b06. - Switch to EA mode for 8u342 pre-release builds. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use "git apply" with patches in the tarball script to allow binary diffs - Remove redundant "REPOS" variable from tarball script - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 * Sun Jul 17 2022 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.332.b09-2 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2051605: Detect NSS at Runtime for FIPS detection - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Turn off build-time NSS linking and go back to an explicit Requires on NSS - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable * Thu Jul 14 2022 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.332.b09-2 - Explicitly require crypto-policies during build and runtime for system security properties * Thu Jul 14 2022 FeRD (Frank Dana) ferdnyc@gmail.com - 1:1.8.0.332.b09-2 - Add javaver- and origin-specific javadoc and javadoczip alternatives. * Fri Jul 1 2022 Stephan Bergmann sbergman@redhat.com - 1:1.8.0.332.b09-2 - Disable copy-jdk-configs for Flatpak builds - Fix flatpak builds by exempting them from bootstrap * Thu Jun 30 2022 Francisco Ferrari Bihurriet fferrari@redhat.com - 1:1.8.0.332.b09-2 - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2036462 - rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() https://bugzilla.redhat.com/show_bug.cgi?id=2036462 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-80afe2304a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------