SECURITY: Fedora 35 Update: java-1.8.0-openjdk-1.8.0.342.b07-1.fc35
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-80afe2304a
2022-08-03 01:48:48.037742
--------------------------------------------------------------------------------
Name : java-1.8.0-openjdk
Product : Fedora 35
Version : 1.8.0.342.b07
Release : 1.fc35
URL : http://openjdk.java.net/
Summary : OpenJDK 8 Runtime Environment
Description :
The OpenJDK 8 runtime environment.
--------------------------------------------------------------------------------
Update Information:
# New in release OpenJDK 8u342 (2022-07-19) * The release announcement can be
found at: https://bitly.com/openjdk8u342 * Full release details can be found at
https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt ##
Security Fixes - JDK-8272243: Improve DER parsing - JDK-8272249: Better
properties of loaded Properties - JDK-8277608: Address IP Addressing -
JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866,
CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI
processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169:
Improve Xalan supports ## FIPS Changes *
[RH2007331]( https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey
generate/import operations don't add the CKA_SIGN attribute in FIPS mode *
[RH2051605]( https://bugzilla.redhat.com/show_bug.cgi?id=2051605): Detect NSS at
Runtime for FIPS detection *
[RH2036462]( https://bugzilla.redhat.com/show_bug.cgi?id=2036462):
sun.security.pkcs11.wrapper.PKCS11.getInstance breakage *
[RH2090378]( https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to
disabling system security properties and FIPS mode support together * Depend on
`crypto-policies` package at build-time and run-time ## Other Changes * Add
javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD
(Frank Dana) ) ## JDK-8215293: Customizing PKCS12 keystore
Generation New system and security properties have been added to enable users
to customize the generation of PKCS #12 keystores. This includes algorithms and
parameters for key protection, certificate protection, and MacData. The detailed
explanation and possible values for these properties can be found in the "PKCS12
KeyStore properties" section of the `java.security` file. Also, support for the
following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider:
* HmacPBESHA224 * HmacPBESHA256 * HmacPBESHA384 * HmacPBESHA512 *
HmacPBESHA512/224 * HmacPBESHA512/256
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 24 2022 Andrew Hughes - 1:1.8.0.342.b07-1
- Update to shenandoah-jdk8u342-b07 (GA)
- Update release notes for 8u342-b07.
- Switch to GA mode for final release.
- Exclude x86 where java_arches is undefined, in order to unbreak build
* Fri Jul 22 2022 Jiri Vanek - 1:1.8.0.342.b06-0.4.ea
- moved to build only on %{java_arches}
-- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Reinstate demo package on x86
-- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch: %{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was backported proeprly (with i686 included)
- https://bugzilla.redhat.com/show_bug.cgi?id=2104129
* Thu Jul 21 2022 Fedora Release Engineering - 1:1.8.0.342.b06-0.3.ea.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Andrew Hughes - 1:1.8.0.342.b06-0.3.ea
- Reinstate demo package on x86
* Mon Jul 18 2022 Andrew Hughes - 1:1.8.0.342.b06-0.2.ea
- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ
* Mon Jul 18 2022 Andrew Hughes - 1:1.8.0.342.b06-0.2.ea
- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b06-0.1.ea
- Update to shenandoah-jdk8u342-b06 (EA)
- Update release notes for shenandoah-8u342-b06.
- Switch to EA mode for 8u342 pre-release builds.
- Print release file during build, which should now include a correct SOURCE value from .src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Use "git apply" with patches in the tarball script to allow binary diffs
- Remove redundant "REPOS" variable from tarball script
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.332.b09-2
- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository
- * RH2051605: Detect NSS at Runtime for FIPS detection
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
* Thu Jul 14 2022 Andrew Hughes - 1:1.8.0.332.b09-2
- Explicitly require crypto-policies during build and runtime for system security properties
* Thu Jul 14 2022 FeRD (Frank Dana) - 1:1.8.0.332.b09-2
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
* Fri Jul 1 2022 Stephan Bergmann - 1:1.8.0.332.b09-2
- Disable copy-jdk-configs for Flatpak builds
- Fix flatpak builds by exempting them from bootstrap
* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:1.8.0.332.b09-2
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036462 - rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance()
https://bugzilla.redhat.com/show_bug.cgi?id=2036462
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-80afe2304a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
A java-1.8.0-openjdk secruity update has been released for Fedora 35.