You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa java-1.8.0-openjdk

Sigurnosni nedostatak programskog paketa java-1.8.0-openjdk

——————————————————————————–
Fedora Update Notification
FEDORA-2019-146b81efba
2019-08-11 01:11:43.672665
——————————————————————————–

Name : java-1.8.0-openjdk
Product : Fedora 30
Version : 1.8.0.222.b10
Release : 0.fc30
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

——————————————————————————–
Update Information:

July CPU update. See:
http://openjdk.java.net/groups/vulnerability/advisories/2019-07-16 and
http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-July/009840.html
——————————————————————————–
ChangeLog:

* Thu Jul 11 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b10-0
– Update to aarch64-shenandoah-jdk8u222-b10.
– Adjust PR3083/RH134640 to apply after JDK-8182999
– Switch to GA mode for final release.
* Mon Jul 8 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b07-0.0.ea
– Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13.
– Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream.
* Mon Jul 8 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b03-0.0.ea
– Update to aarch64-shenandoah-jdk8u222-b03.
– Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u.
– Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes.
* Mon Jul 8 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b02-0.0.ea
– Update to aarch64-shenandoah-jdk8u222-b02.
– Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100).
* Sun Jul 7 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b01-0.2.ea
– Make use of Recommends and Suggests dependent on Fedora or RHEL 8+ environment.
* Sun Jul 7 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b01-0.1.ea
– Update to aarch64-shenandoah-jdk8u222-b01.
– Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575.
– Drop 8171000 & 8197546 as applied upstream.
* Wed Jul 3 2019 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.212.b04-6
– Include ‘ea’ designator in Release when appropriate.
* Wed Jul 3 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-6
– Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately.
– Drop unused use_shenandoah_hotspot variable.
* Fri Jun 14 2019 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-5
– Update to aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30.
– Update version logic to handle -shenandoah* tag suffix.
– Drop PR3634 as applied upstream.
– Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp
– Update 8214206 to use log2_long rather than casting to intptr_t, which may be smaller than size_t.
* Wed May 22 2019 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-4
– Remove additions to EXTRA_CFLAGS and EXTRA_CPP_FLAGS which are now made by upstream.
– Remove -mstackrealign addition which is handled by PR3533 & PR3591 patches.
* Wed May 22 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-3
– Add JDK-8223219 to avoid -fstack-protector overriding -fstack-protector-strong
* Wed May 15 2019 James Cassell <cyberpear@fedoraproject.org> – 1:1.8.0.212.b04-2
– mark net.properties as a config file
* Mon May 13 2019 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.212.b04-1
– Update patch for RH1566890.
– Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to
rh1566890-CVE_2018_3639-speculative_store_bypass.patch
– Added dependent patch,
rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
* Thu Apr 11 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-0
– Update to aarch64-shenandoah-jdk8u212-b04.
* Thu Apr 11 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b03-0
– Update to aarch64-shenandoah-jdk8u212-b03.
* Tue Apr 9 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b02-0
– Update to aarch64-shenandoah-jdk8u212-b02.
– Remove patches included upstream
– JDK-8197429/PR3546/RH153662{2,3}
– JDK-8184309/PR3596
– JDK-8210647/RH1632174
– JDK-8029661/PR3642/RH1477159
– JDK-8145096/PR3693
– Re-generate patches
– JDK-8203030
– Add casts to resolve s390 ambiguity in calls to log2_intptr
– Move JDK-8219772 to correct section as not yet upstreamed
– Add new clhsdb and hsdb binaries.
– Resolves: rhbz#1680640
* Sun Apr 7 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.202.b08-0
– Update to aarch64-shenandoah-jdk8u202-b08.
– Remove patches included upstream
– JDK-8211387/PR3559
– JDK-8207057/PR3613
– JDK-8165852/PR3468
– JDK-8073139/PR1758/RH1191652
– JDK-8044235
– JDK-8172850/RH1640127
– JDK-8209639/RH1640127
– JDK-8131048/PR3574/RH1498936
– JDK-8164920/PR3574/RH1498936
– Re-generate patches
– JDK-8210647/RH1632174
* Thu Apr 4 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.201.b13-0
– Update to aarch64-shenandoah-jdk8u201-b13.
– Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream.
* Fri Mar 29 2019 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.201.b09-8
– Sync SystemTap & desktop files with upstream IcedTea release using new script
——————————————————————————–
References:

[ 1 ] Bug #1712370 – [F30] java-1.8.0-openjdk SEGVs on i686 in G1 code due to a race condition
https://bugzilla.redhat.com/show_bug.cgi?id=1712370
[ 2 ] Bug #1734149 – java-1.8.0-openjdk-1.8.0.222.b10 missing
https://bugzilla.redhat.com/show_bug.cgi?id=1734149
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-146b81efba’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-3854a1727e
2019-08-11 01:41:42.943635
——————————————————————————–

Name : java-1.8.0-openjdk
Product : Fedora 29
Version : 1.8.0.222.b10
Release : 0.fc29
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

——————————————————————————–
Update Information:

July CPU update. See:
http://openjdk.java.net/groups/vulnerability/advisories/2019-07-16 and
http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-July/009840.html
——————————————————————————–
ChangeLog:

* Thu Jul 11 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b10-0
– Update to aarch64-shenandoah-jdk8u222-b10.
– Adjust PR3083/RH134640 to apply after JDK-8182999
– Switch to GA mode for final release.
* Mon Jul 8 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b07-0.0.ea
– Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13.
– Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream.
* Mon Jul 8 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b03-0.0.ea
– Update to aarch64-shenandoah-jdk8u222-b03.
– Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u.
– Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes.
* Mon Jul 8 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b02-0.0.ea
– Update to aarch64-shenandoah-jdk8u222-b02.
– Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100).
* Sun Jul 7 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b01-0.2.ea
– Make use of Recommends and Suggests dependent on Fedora or RHEL 8+ environment.
* Sun Jul 7 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.222.b01-0.1.ea
– Update to aarch64-shenandoah-jdk8u222-b01.
– Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575.
– Drop 8171000 & 8197546 as applied upstream.
* Wed Jul 3 2019 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.212.b04-6
– Include ‘ea’ designator in Release when appropriate.
* Wed Jul 3 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-6
– Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately.
– Drop unused use_shenandoah_hotspot variable.
* Fri Jun 14 2019 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-5
– Update to aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30.
– Update version logic to handle -shenandoah* tag suffix.
– Drop PR3634 as applied upstream.
– Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp
– Update 8214206 to use log2_long rather than casting to intptr_t, which may be smaller than size_t.
* Wed May 22 2019 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-4
– Remove additions to EXTRA_CFLAGS and EXTRA_CPP_FLAGS which are now made by upstream.
– Remove -mstackrealign addition which is handled by PR3533 & PR3591 patches.
* Wed May 22 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-3
– Add JDK-8223219 to avoid -fstack-protector overriding -fstack-protector-strong
* Wed May 15 2019 James Cassell <cyberpear@fedoraproject.org> – 1:1.8.0.212.b04-2
– mark net.properties as a config file
* Mon May 13 2019 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.212.b04-1
– Update patch for RH1566890.
– Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to
rh1566890-CVE_2018_3639-speculative_store_bypass.patch
– Added dependent patch,
rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
* Thu Apr 11 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b04-0
– Update to aarch64-shenandoah-jdk8u212-b04.
* Thu Apr 11 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b03-0
– Update to aarch64-shenandoah-jdk8u212-b03.
* Tue Apr 9 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.212.b02-0
– Update to aarch64-shenandoah-jdk8u212-b02.
– Remove patches included upstream
– JDK-8197429/PR3546/RH153662{2,3}
– JDK-8184309/PR3596
– JDK-8210647/RH1632174
– JDK-8029661/PR3642/RH1477159
– JDK-8145096/PR3693
– Re-generate patches
– JDK-8203030
– Add casts to resolve s390 ambiguity in calls to log2_intptr
– Move JDK-8219772 to correct section as not yet upstreamed
– Add new clhsdb and hsdb binaries.
– Resolves: rhbz#1680640
* Sun Apr 7 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.202.b08-0
– Update to aarch64-shenandoah-jdk8u202-b08.
– Remove patches included upstream
– JDK-8211387/PR3559
– JDK-8207057/PR3613
– JDK-8165852/PR3468
– JDK-8073139/PR1758/RH1191652
– JDK-8044235
– JDK-8172850/RH1640127
– JDK-8209639/RH1640127
– JDK-8131048/PR3574/RH1498936
– JDK-8164920/PR3574/RH1498936
– Re-generate patches
– JDK-8210647/RH1632174
* Thu Apr 4 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.201.b13-0
– Update to aarch64-shenandoah-jdk8u201-b13.
– Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream.
* Fri Mar 29 2019 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.201.b09-8
– Sync SystemTap & desktop files with upstream IcedTea release using new script
* Mon Mar 11 2019 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.201.b09-6
– Add -Wa,–generate-missing-build-notes=yes C flags and patch
jdk8219772-extra_c_cxx_flags_not_picked_for_assembler_source.patch. So
as to fix annocheck warnings for assembler source files.
* Tue Feb 19 2019 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.201.b09-5
– Add a test verifying system crypto policies can be disabled
* Tue Feb 19 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.201.b09-4
– Add PR3655 to allow the system crypto policy to be turned off.
* Mon Feb 11 2019 Jiri Vanek <jvanek@redhat.com> – 1:1.8.0.201.b09-3
– config files to etc
* Wed Feb 6 2019 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.201.b09-2
– Add backport of JDK-8145096 (PR3693) to fix undefined behaviour issues on newer GCCs
* Tue Feb 5 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.201.b09-1
– Update to aarch64-shenandoah-jdk8u201-b09.
* Tue Feb 5 2019 Nicolas De Amicis <deamicis@bluewin.ch> – 1:1.8.0.192.b12-1
– Added FX link of libglassgtk3.so
* Wed Jan 30 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.192.b12-0
– Update to aarch64-shenandoah-jdk8u192-b12.
– Remove patches included upstream
– JDK-8031668/PR2842
– JDK-8148351/PR2842
– JDK-6260348/PR3066
– JDK-8061305/PR3335/RH1423421
– JDK-8188030/PR3459/RH1484079
– JDK-8205104/PR3539/RH1548475
– JDK-8185723/PR3553
– JDK-8186461/PR3557
– JDK-8201509/PR3579
– JDK-8075942/PR3602
– JDK-8203182/PR3603
– JDK-8206406/PR3610/RH1597825
– JDK-8206425
– JDK-8036003
– JDK-8201495/PR2415
– JDK-8150954/PR2866/RH1176206
– Re-generate patches (mostly due to upstream build changes)
– JDK-8073139/PR1758/RH1191652
– JDK-8143245/PR3548 (due to JDK-8202600)
– JDK-8197429/PR3546/RH1536622 (due to JDK-8189170)
– JDK-8199936/PR3533
– JDK-8199936/PR3591
– JDK-8207057/PR3613
– JDK-8210761/RH1632174 (due to JDK-8207402)
– PR3559 (due to JDK-8185723/JDK-8186461/JDK-8201509)
– PR3593 (due to JDK-8081202)
– RH1566890/CVE-2018-3639 (due to JDK-8189170)
– RH1649664 (due to JDK-8196516)
– Add 8160748 for AArch64 which is missing from upstream 8u version.
– Add port of 8189170 to AArch64 which is missing from upstream 8u version.
* Mon Jan 28 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b14-1
– Add 8131048 & 8164920 (PR3574/RH1498936) to provide a CRC32 intrinsic for PPC64.
* Thu Jan 24 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b14-0
– Introduce sa_arches for architectures with sa-jdi.jar and include aarch64
* Thu Jan 10 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b14-0
– Update to aarch64-shenandoah-jdk8u191-b14.
– Adjust JDK-8073139/PR1758/RH1191652 to apply following 8155627 backport.
* Wed Jan 9 2019 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b13-0
– Update to aarch64-shenandoah-jdk8u191-b13.
– Update tarball generation script in preparation for PR3667/RH1656676 SunEC changes.
– Use remove-intree-libraries.sh to remove the remaining SunEC code for now.
* Wed Dec 19 2018 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b12-13
– Fix jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_jdk.patch paths to pass git apply
* Mon Dec 10 2018 Jiri Vanek <jvanek@redhat.com> – 1:1.8.0.191.b12-12
– adde fx link of libglassgtk2.so (rhbz1657485)
* Thu Nov 22 2018 Andrew John Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b12-11
– Add backport of JDK-8029661 which adds TLSv1.2 support to the PKCS11 provider.
* Tue Nov 13 2018 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b12-10
– Revise Shenandoah PR3634 patch following upstream discussion.
* Wed Nov 7 2018 Jiri Vanek <jvanek@redhat.com> – 1:1.8.0.191.b12-9
– headfull suggests of cups, replaced by Requires of cups-libs in headless
* Wed Nov 7 2018 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b12-9
– Note why PR1834/RH1022017 is not suitable to go upstream in its current form.
* Mon Nov 5 2018 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b12-9
– Document patch sections.
* Mon Nov 5 2018 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.191.b12-9
– Fix patch organisation in the spec file:
– * Move ECC patches back to upstreamable section
– * Move system cacerts & crypto policy patches to upstreamable section
– * Merge “Local fixes” and “RPM fixes” which amount to the same thing
– * Move system libpng & lcms patches back to 8u upstreamable section
* Fri Oct 26 2018 Jiri Vanek <jvanek@redhat.com> – 1:1.8.0.191.b12-8
– added Patch583 jdk8172850-rh1640127-01-register_allocator_crash.patch
– added Patch584 jdk8209639-rh1640127-02-coalesce_attempted_spill_non_spillable.patch
* Tue Oct 23 2018 Jiri Vanek <jvanek@redhat.com> – 1:1.8.0.191.b12-2
– cups moved to headful package
* Tue Oct 23 2018 Jiri Vanek <jvanek@redhat.com> – 1:1.8.0.191.b12-1
– updated to aarch64-shenandoah-jdk8u191-b12
– deleted 8146115-pr3508-rh1463098.patch, pr3619.patch, pr3620.patch – should be upstreamed
– create pr3634-fix_shenandoah_for_size_t_on_s390.patch to fix build failure on s390
* Fri Oct 12 2018 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.181.b15-7
– Add patch jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch:
– Annother fix for optimization gaps (annocheck issues)
– Zero 8u version fix was missing. Hence, only shows up on Zero arches.
* Mon Oct 8 2018 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.181.b15-6
– Refreshed upstreamed patches (from 8u202):
– jdk8044235-src_zip_should_include_all_sources.patch: src.zip should include all sources.
– jdk8073139-pr2236-rh1191652–use_ppc64le_as_the_arch_directory_on_that_platform_and_report_it_in_os_arch_aarch64_forest.patch,
jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_jdk.patch,
jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_root.patch: PPC64LE JVM reporting issues.
– Moved both patch series to 8u202 sections.
——————————————————————————–
References:

[ 1 ] Bug #1712370 – [F30] java-1.8.0-openjdk SEGVs on i686 in G1 code due to a race condition
https://bugzilla.redhat.com/show_bug.cgi?id=1712370
[ 2 ] Bug #1734149 – java-1.8.0-openjdk-1.8.0.222.b10 missing
https://bugzilla.redhat.com/show_bug.cgi?id=1734149
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-3854a1727e’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libslirp

Otkriven je sigurnosni nedostatak programske biblioteke libslirp za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close