Fedora Linux 8782 Published by

A java-1.8.0-openjdk security update has been released for Fedora 34.



SECURITY: Fedora 34 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc34


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-25b47f16af
2021-04-27 00:29:47.283959
--------------------------------------------------------------------------------

Name : java-1.8.0-openjdk
Product : Fedora 34
Version : 1.8.0.292.b10
Release : 0.fc34
URL :   http://openjdk.java.net/
Summary : OpenJDK 8 Runtime Environment
Description :
The OpenJDK 8 runtime environment.

--------------------------------------------------------------------------------
Update Information:

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release
notes can be found at: *   https://bitly.com/openjdk8u292 *
  https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ##
Security fixes - JDK-8227467: Better class method invocations * JDK-8244473:
Contextualize registration for JNDI * JDK-8244543: Enhanced handling of
abstract classes * JDK-8249906, CVE-2021-2163: Enhance opening JARs *
JDK-8250568, CVE-2021-2161: Less ambiguous processing * JDK-8253799: Make
lists of normal filenames ## Other significant changes *
[JDK-8236730](  https://bugs.openjdk.java.net/browse/JDK-8236730): Weak Named
Curves in TLS, CertPath, and Signed JAR Disabled by Default *
[JDK-8244286](  https://bugs.openjdk.java.net/browse/JDK-8244286): Tools Warn If
Weak Algorithms Are Used *
[JDK-8256490](  https://bugs.openjdk.java.net/browse/JDK-8256490): Disable TLS 1.0
and 1.1 * [JDK-8242147](  https://bugs.openjdk.java.net/browse/JDK-8242147): New
System Properties to Configure the TLS Signature Schemes *
[JDK-8177368](  https://bugs.openjdk.java.net/browse/JDK-8177368): Several
incorporation steps are silently failing when an error should be reported * ATK
accessibility bridge bindings removed Full release notes can also be found in
the `NEWS` file in the installed RPM.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 13 2021 Andrew Hughes - 1:1.8.0.292.b10-0
- Update to aarch64-shenandoah-jdk8u292-b10 (GA)
- Update release notes for 8u292-b10.
* Tue Mar 30 2021 Andrew Hughes - 1:1.8.0.292.b09-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b09 (EA)
- Update release notes for 8u292-b09.
* Sat Mar 27 2021 Andrew Hughes - 1:1.8.0.292.b08-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b08 (EA)
- Update release notes for 8u292-b08.
- Require tzdata 2021a due to JDK-8260356
* Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b07-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b07 (EA)
- Update release notes for 8u292-b07.
* Wed Mar 24 2021 Jiri Vanek - 1:1.8.0.292.b06-0.1.ea
- removal of atk accessibility bridge bindings:
- removed libatk-wrapper[.]so.* from global _privatelibs
- removed files_accessibility and java_accessibility_rpo macros
- removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and patch3 rh1648644-java_access_bridge_privileged_security.patch
- removal of accessibility{,-slowdebug,-fastdebug} subpackages
- no longer creating symlinks of %{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so and %{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar
- no longer creating %{_jvmdir}/java-1.8.0-openjdk-1.8.0.292.b10-0.fc34.arm$suffix/jre/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
- removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
* Mon Mar 22 2021 Andrew Hughes - 1:1.8.0.292.b06-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b06 (EA)
- Update release notes for 8u292-b06.
- Require tzdata 2020f due to JDK-8259048
* Thu Mar 18 2021 Andrew Hughes - 1:1.8.0.292.b05-0.2.ea
- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA)
- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11.
- Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u.
- Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate.
* Thu Mar 18 2021 Andrew Hughes - 1:1.8.0.292.b05-0.1.ea
- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.
- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.
* Mon Mar 8 2021 Andrew Hughes - 1:1.8.0.292.b05-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b05 (EA)
- Update release notes for 8u292-b05.
* Fri Mar 5 2021 Andrew Hughes - 1:1.8.0.292.b04-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b04 (EA)
- Update release notes for 8u292-b04.
* Thu Mar 4 2021 Andrew Hughes - 1:1.8.0.292.b03-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b03 (EA)
- Update release notes for 8u292-b03.
* Tue Mar 2 2021 Andrew Hughes - 1:1.8.0.292.b02-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b02 (EA)
- Update release notes for 8u292-b02.
* Fri Feb 19 2021 Andrew Hughes - 1:1.8.0.292.b01-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b01 (EA)
- Update release notes for 8u292-b01.
- Switch to EA mode.
- Update tarball generation script to use PR3822 which handles
JDK-8233228 & JDK-8035166 changes
* Thu Feb 18 2021 Stephan Bergmann - 1:1.8.0.282.b08-5
- Hardcode /usr/sbin/alternatives for Flatpak builds
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-25b47f16af' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys