——————————————————————————–
Fedora Update Notification
FEDORA-2020-e418151dc3
2020-07-23 01:04:57.639298
——————————————————————————–

Name : java-1.8.0-openjdk
Product : Fedora 32
Version : 1.8.0.262.b10
Release : 1.fc32
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

——————————————————————————–
Update Information:

# July 2020 OpenJDK security update for OpenJDK 8. Full release notes:
https://bitly.com/oj8u262 ## New features *
[JDK-8223147](https://bugs.openjdk.java.net/browse/JDK-8223147): JFR Backport
## Security fixes – JDK-8028431, CVE-2020-14579: NullPointerException in
DerValue.equals(DerValue) – JDK-8028591, CVE-2020-14578:
NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString() – JDK-8230613: Better
ASCII conversions – JDK-8231800: Better listing of arrays – JDK-8232014:
Expand DTD support – JDK-8233255: Better Swing Buttons – JDK-8234032:
Improve basic calendar services – JDK-8234042: Better factory production of
certificates – JDK-8234418: Better parsing with CertificateFactory –
JDK-8234836: Improve serialization handling – JDK-8236191: Enhance OID
processing – JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior –
JDK-8237592, CVE-2020-14577: Enhance certificate verification – JDK-8238002,
CVE-2020-14581: Better matrix operations – JDK-8238804: Enhance key handling
process – JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable –
JDK-8238843: Enhanced font handing – JDK-8238920, CVE-2020-14583: Better
Buffer support – JDK-8238925: Enhance WAV file playback – JDK-8240119,
CVE-2020-14593: Less Affine Transformations – JDK-8240482: Improved WAV file
playback – JDK-8241379: Update JCEKS support – JDK-8241522: Manifest
improved jar headers redux – JDK-8242136, CVE-2020-14621: Better XML namespace
handling ## [JDK-8240687](https://bugs.openjdk.java.net/browse/JDK-8240687):
JDK Flight Recorder Integrated to OpenJDK 8u OpenJDK 8u now contains the
backport of JEP 328: Flight Recorder (https://openjdk.java.net/jeps/328) from
later versions of OpenJDK. JFR is a low-overhead framework to collect and
provide data helpful to troubleshoot the performance of the OpenJDK runtime and
of Java applications. It consists of a new API to define custom events under the
jdk.jfr namespace and a JMX interface to interact with the framework. The
recording can also be initiated with the application startup using the
-XX:+FlightRecorder flag or via jcmd. JFR replaces the +XX:EnableTracing feature
introduced in JEP 167, providing a more efficient way to retrieve the same
information. For compatibility reasons, +XX:EnableTracing is still accepted,
however no data will be printed. While JFR is not built by default upstream, it
is included in Fedora binaries for supported architectures (x86_64, AArch64 &
PowerPC 64) ## [JDK-8205622](https://bugs.openjdk.java.net/browse/JDK-8205622):
JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
JFR will be disabled with a warning message if it is enabled during CDS dumping.
The user will see the following warning message: OpenJDK 64-Bit Server VM
warning: JFR will be disabled during CDS dumping if JFR is enabled during CDS
dumping such as in the following command line: $ java -Xshare:dump
-XX:StartFlightRecording=dumponexit=true ##
[JDK-8244167](https://bugs.openjdk.java.net/browse/JDK-8244167): Removal of
Comodo Root CA Certificate The following expired Comodo root CA certificate was
removed from the `cacerts` keystore: + alias name “addtrustclass1ca [jdk]”
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network,
O=AddTrust AB, C=SE ##
[JDK-8244166](https://bugs.openjdk.java.net/browse/JDK-8244166): Removal of
DocuSign Root CA Certificate The following expired DocuSign root CA certificate
was removed from the `cacerts` keystore: + alias name “keynectisrootca [jdk]”
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR ##
[JDK-8240191](https://bugs.openjdk.java.net/browse/JDK-8240191): Allow SunPKCS11
initialization with NSS when external FIPS modules are present in the Security
Modules Database The SunPKCS11 security provider can now be initialized with
NSS when FIPS-enabled external modules are configured in the Security Modules
Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a
RuntimeException with the message: “FIPS flag set for non-internal module” when
such a library was configured for NSS in non-FIPS mode. This change allows the
JDK to work properly with recent NSS releases on GNU/Linux operating systems
when the system-wide FIPS policy is turned on. Further information can be found
in [JDK-8238555](https://bugs.openjdk.java.net/browse/JDK-8238555).
——————————————————————————–
ChangeLog:

* Mon Jul 13 2020 Jiri Vanek <jvanek@redhat.com> – 1:1.8.0.262.b10-1
– Set vendor property and vendor URLs
– Made URLs to be preconfigured by OS
* Sun Jul 12 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.262.b10-0
– Update to aarch64-shenandoah-jdk8u262-b10.
– Update release notes for 8u262 release.
– Remove issues in NEWS file duplicated between 8u252 & 8u262 releases.
– Update generate_source_tarball.sh script to use the PR3756 patch and retain the secp256k1 curve.
– Add the -‘4curve’ suffix to the tarball name.
– Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR
– Adjust RH1648644 following context changes due to introduction of JFR packages
– Split JDK-8042159 patch into per-repo patches as upstream.
– Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk
– Remove JDK-8244461 & JDK-8233880 backports included upstream in 8u262-b03.
– Enable JFR in our builds, ahead of upstream default.
– Only enable JFR for JIT builds, as it is not supported with Zero.
– Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash.
– Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file.
– Introduce jfr_arches for architectures which support JFR.
– Fix typo in jfr_arches which leads to ppc64 being wrongly excluded.
– Add jfr binary to devel package and alternatives set
– With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR.
– Require tzdata 2020a so system tzdata matches resource updates in b07
– Use sa_arches for libsaproc.so inclusion.
* Wed May 27 2020 Jiri Andrlik <jandrlik@redhat.com> – 1:1.8.0.252.b09-2
– backports of provides fixes from master
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-e418151dc3’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org