--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-2dbede31eb
2021-06-19 01:13:49.915793
--------------------------------------------------------------------------------
Name : java-1.8.0-openjdk
Product : Fedora 33
Version : 1.8.0.292.b10
Release : 4.fc33
URL :
http://openjdk.java.net/
Summary : OpenJDK 8 Runtime Environment
Description :
The OpenJDK 8 runtime environment.
--------------------------------------------------------------------------------
Update Information:
FIPS Support for OpenJDK on Fedora ============================== This update
allows OpenJDK to operate using a single FIPS security provider (PKCS11 using
NSS) when the system is detected to be in FIPS mode. At present, this is when
the FIPS crypto policy is enabled, but we intend to change this to query the NSS
library in our next update. This change has been in RHEL 8 for some time and is
now available to Fedora users as well. FIPS mode can be disabled for OpenJDK
using the property `-Dcom.redhat.fips=false`.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 7 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b03-0.1.ea
- Backport FIPS mode patch (RH1655466) to java-1.8.0-openjdk, simplifying provider
removal.
- nss.fips.cfg needs to be moved to %{etcjavadir} and symlinked into the JDK, like
nss.cfg
- SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the
name in the config file.
- Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with
nss.cfg.
- Disable FIPS mode support unless com.redhat.fips is set to "true".
- Add JDK-8195607/PR3776 to support NSS SQLite databases.
- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to
disable).
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs
(RH1906862)
- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
* Mon Jun 7 2021 Martin Balao <mbalao(a)redhat.com> - 1:1.8.0.302.b03-0.1.ea
- Support the FIPS mode crypto policy on RHEL 8 (RH1655466)
- Use appropriate keystore types when in FIPS mode (RH1760838)
- Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
* Mon May 10 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b10-3
- removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in
transaction
* Mon May 3 2021 S��rgio Basto <sergio(a)serjux.com> - 1:1.8.0.292.b10-2
- Fix upgrade path after removal of accessibility subpackage. As main accessibility was
requiring main package,
main package now have to obsolete java-1.8.0-openjdk-accessibility-{release, slowdebug,
fastdebug} < 1:1.8.0.292.b06
otherwise update fails
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-2dbede31eb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------