-
openjdk-17 (17.0.12+7-1ubuntu2~22.04) jammy-security; urgency=medium
* Upload to Ubuntu 22.04.
openjdk-17 (17.0.12+7-1ubuntu2) oracular; urgency=medium
* OpenJDK 17.0.12 release, build 7. Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-July/035798.html
- CVEs:
+ CVE-2024-21147: 8323231, RangeCheckElimination array index overflow.
+ CVE-2024-21145: 8324559, Out-of-bounds access in 2D image handling.
+ CVE-2024-21140: 8320548, Range Check Elimination (RCE) pre-loop limit
overflow.
+ CVE-2024-21131: 8314794, potential UTF8 size overflow.
+ CVE-2024-21138: 8319859, Excessive symbol length can lead to infinite loop.
- Security Fixes:
+ JDK-8303466: C2: failed: malformed control flow. Limit type made precise
with MaxL/MinL.
+ JDK-8314794: Improve UTF8 String supports.
+ JDK-8319859: Better symbol storage.
+ JDK-8320097: Improve Image transformations.
+ JDK-8320548: Improved loop handling.
+ JDK-8323231: Improve array management.
+ JDK-8323390: Enhance mask blit functionality.
+ JDK-8324559: Improve 2D image handling.
+ JDK-8325600: Better symbol storage.
+ JDK-8327413: Enhance compilation efficiency.
* No-Change upload to include upstream release notes.
-- Vladimir Petko <email address hidden> Mon, 22 Jul 2024 08:56:25 +1200
-
openjdk-17 (17.0.11+9-1~22.04.1) jammy-security; urgency=medium
* Modify the previous changelog entry:
remove an invalid entry from the CVE list.
openjdk-17 (17.0.11+9-1~22.04) jammy-security; urgency=high
* OpenJDK 17.0.11 release, build 9.
* CVEs
- CVE-2024-21011, 8319851: Improve exception logging.
- CVE-2024-21068, 8322122: Enhance generation of addresses.
- CVE-2024-21012, 8315708: Enhance HTTP/2 client usage.
- CVE-2024-21094, 8317507: Already fixed in November 2023:
C2 compilation fails with "Exceeded _node_regs array".
* Security fixes
- JDK-8315708: Enhance HTTP/2 client usage
- JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array"
- JDK-8318340: Improve RSA key implementations
- JDK-8319851: Improve exception logging
- JDK-8322122: Enhance generation of addresses
[ Pushkar Kulkarni ]
* Upload to Ubuntu 22.04
openjdk-17 (17.0.11~7ea-1) unstable; urgency=medium
* OpenJDK 17.0.11 early access, build 7.
[ Matthias Klose ]
* Don't try to install jhsdb on armhf with a zero-only build.
* Update cups dependencies for time_t64.
[ Pushkar Kulkarni ]
* Fix a typo in the vendor name derivation logic.
* copyright-generator: Derive release from debian/rules.
[ Vladimir Petko ]
* Fix installing the s390x build.
openjdk-17 (17.0.11~6ea-1) unstable; urgency=medium
* OpenJDK 17.0.11 early access, build 6.
openjdk-17 (17.0.10+7-3) unstable; urgency=medium
* d/changelog: Whitespace cleanup.
* Update build dependency on libfontconfig-dev.
* Apply proposed patch for JDK-8307977. Addresses: #1034600.
* libcups2, libfontconfig1: Make it a recommends in jre-headless,
a dependency in jre.
* Make the dependencies for libfontmanager.so and libjsound.so
recommendations in jre-headless, and dependencies in jre.
* Drop build dependencies on libgtk2 | libgtk3.
* Disable running the tests for the time_t64 bootstrap.
-- Pushkar Kulkarni <email address hidden> Wed, 29 May 2024 17:12:42 +0530
-
openjdk-17 (17.0.10+7-1~22.04.1) jammy-security; urgency=high
* OpenJDK 17.0.10 release, build 7.
- CVEs:
+ CVE-2024-20918
+ CVE-2024-20919
+ CVE-2024-20921
+ CVE-2024-20932
+ CVE-2024-20945
+ CVE-2024-20952
- Security fixes:
+ JDK-8276123, JDK-8316613: ZipFile::getEntry will not return a file entry
when there is a directory entry of the same name within a Zip File.
+ JDK-8308204: Enhanced certificate processing.
+ JDK-8314295: Enhance verification of verifier.
+ JDK-8314307: Improve loop handling.
+ JDK-8314468: Improve Compiler loops.
+ JDK-8316976: Improve signature handling.
+ JDK-8317547: Enhance TLS connection support.
[ Vladimir Petko ]
* d/t/jtreg-autopkgtest.sh: Regenerate test script.
* Generate d/watch to cope with early access and release builds.
* d/rules: Trim trailing whitespaces from debian/control.
[ Matthias Klose ]
* Build again zero on amd64 (accidental change in 6ea-1).
[ Pushkar Kulkarni ]
* Minor improvements to the copyright-generator.
[ Pushkar Kulkarni ]
* Upload to Ubuntu 22.04
* d/rules, d/control: relax jtreg version check for repacked orig tarballs
-- Matthias Klose <email address hidden> Wed, 17 Jan 2024 12:09:47 +0100
-
openjdk-17 (17.0.9+9-1~22.04) jammy-security; urgency=high
* Upload to Ubuntu 22.04.
* Release notes correction:
- CVE-2023-22081, CVE-2023-22025.
- Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-October/026352.html
openjdk-17 (17.0.9+9-1) unstable; urgency=high
* OpenJDK 17.0.9 release, build 9.
- CVE-2023-30589, CVE-2023-22081, CVE-2023-22091, CVE-2023-22025.
The patch for CVE-2023-30589 also addresses CVE-2023-30585,
CVE-2023-30588, and CVE-2023-30590.
- Release notes:
https://www.oracle.com/java/technologies/javase/17-0-9-relnotes.html#R17_0_9
[ Vladimir Petko ]
* Backport upstream fix for jexec: can't locate java:
No such file or directory. Closes: #1029342.
* d/rules, d/watch: Bundle googletest 1.14.
* d/copyright: Add googletest copyright.
* d/test: Update problemlist.
* d/p: exclude-broken-tests.patch.
* d/p/reproducible-properties-timestamp.diff: Use the privileged action
to read the system property (JDK-8272157, 914278).
-- Vladimir Petko <email address hidden> Thu, 19 Oct 2023 20:43:47 +1300
-
openjdk-17 (17.0.8.1+1~us1-0ubuntu1~22.04) jammy-security; urgency=high
* Upload to Ubuntu 22.04.
openjdk-17 (17.0.8.1+1~us1-0ubuntu1) mantic; urgency=high
* OpenJDK 17.0.8.1 release, build 1.
- REGRESSION UPDATE: 8313765: Invalid CEN header (invalid zip64 extra data
field size) (LP: #2032865).
* d/t/jtreg-autopkgtest.{sh,in}: JDK-8232153 - set NSS_DEFAULT_DB_TYPE
to let sun/security/pkcs11/Secmod/AddTrustedCert.java pass.
* d/p/exclude-broken-tests.patch: disable pkcs11 tests failing with
NSS 3.91.
* d/t/problems-armhf.txt: disable armf tests -
java/util/Random/RandomTestBsi1999.java (deadlock in CI),
java/net/httpclient/ManyRequestsLegacy.java (SSL request timeout).
* Enable jtreg tests for bionic and focal.
-- Vladimir Petko <email address hidden> Fri, 25 Aug 2023 10:57:54 +1200
-
openjdk-17 (17.0.8+7-1~22.04) jammy-security; urgency=high
* Upload to Ubuntu 22.04.
* d/t/jtreg-autopkgtest.{sh,in}: JDK-8232153 - set NSS_DEFAULT_DB_TYPE
to let sun/security/pkcs11/Secmod/AddTrustedCert.java pass.
* d/p/exclude-broken-tests.patch: disable pkcs11 tests failing with
NSS 3.91.
* d/t/problems-armhf.txt: disable armf tests -
java/util/Random/RandomTestBsi1999.java (deadlock in CI),
java/net/httpclient/ManyRequestsLegacy.java (SSL request timeout).
* Enable jtreg tests for bionic and focal.
openjdk-17 (17.0.8+7-1) unstable; urgency=high
* OpenJDK 17.0.8 release, build 7.
- CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044,
CVE-2023-22045, CVE-2023-22049, CVE-2023-25193.
- Release notes:
https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html#R17_0_8
* Don't run the tests on powerpc, hangs on the buildd.
* Refresh patches.
-- Vladimir Petko <email address hidden> Thu, 20 Jul 2023 21:09:12 +1200
-
openjdk-17 (17.0.7+7~us1-0ubuntu1~22.04.2) jammy-security; urgency=medium
* Upload to Ubuntu 22.04.
openjdk-17 (17.0.7+7~us1-0ubuntu1) mantic; urgency=medium
* OpenJDK 17.0.7 release, build 7.
- CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939,
CVE-2023-21954, CVE-2023-21967, CVE-2023-21968.
- Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021899.html
* d/rules: update jquery to 3.6.1.
* d/p/*: refresh patches.
* d/rules: pack external debug symbols with build-id, do not pack duplicate
symbols, do not strip JVM shared libraries (LP: #2012326, LP: #2016739).
* d/p/system-pcsclite.diff: disable built-in pcsclite version assertion.
* d/rules: always use jtreg6.
* d/rules: only compile google tests when with_check is enabled, disable them
for bullseye and jammy.
-- Vladimir Petko <email address hidden> Wed, 10 May 2023 15:46:43 +1200
-
openjdk-17 (17.0.6+10-0ubuntu1~22.04) jammy-security; urgency=medium
* Upload to Ubuntu 22.04.
openjdk-17 (17.0.6+10-0ubuntu1) lunar; urgency=medium
* OpenJDK 17.0.6 release, build 10.
- CVE-2023-21835, CVE-2023-21843
- Release notes:
https://www.oracle.com/java/technologies/javase/17-0-6-relnotes.html
* debian/patches/*: Refreshed patches for the new release and dropped unused
patches.
* debian/rules: add lunar to jtreg version selection.
-- Vladimir Petko <email address hidden> Fri, 20 Jan 2023 21:56:27 +1300
-
openjdk-17 (17.0.5+8-2ubuntu1~22.04) jammy-security; urgency=medium
* Upload to Ubuntu 22.04 LTS.
openjdk-17 (17.0.5+8-2) unstable; urgency=medium
* Fix the binary-indep only build.
openjdk-17 (17.0.5+8-1) unstable; urgency=high
* OpenJDK 17.0.5+8 (release).
* Security fixes
- JDK-8289366: Improve HTTP/2 client usage.
- JDK-8288508: Enhance ECDSA usage.
- JDK-8286918: Better HttpServer service.
- JDK-8287446: Enhance icon presentations.
- JDK-8286910: Improve JNDI lookups.
- JDK-8286511: Improve macro allocation.
- JDK-8286526: Improve NTLM support.
- JDK-8286533: Key X509 usages.
- JDK-8286077: Wider MultiByte conversions.
- JDK-8286519: Better memory handling.
- JDK-8285662: Better permission resolution.
- JDK-8282252: Improve BigInteger/Decimal validation.
* Build using GCC 12 in recent development distros.
-- Matthias Klose <email address hidden> Mon, 24 Oct 2022 14:44:46 +0200
-
openjdk-17 (17.0.4+8-1~22.04) jammy-security; urgency=medium
* OpenJDK 17.0.4 release, build 8.
* Addresses security issues: CVE-2022-34169, CVE-2022-21541,
CVE-2022-21540, CVE-2022-21549.
openjdk-17 (17.0.4+8-1) unstable; urgency=high
* OpenJDK 17.0.4+8 (release).
* Disable the reproducible-copyright-headers patch.
* Only try to re-run failed tests once instead of three times.
-- Matthias Klose <email address hidden> Fri, 22 Jul 2022 10:57:45 +0200
-
openjdk-17 (17.0.3+7-0ubuntu0.22.04.1) jammy-security; urgency=medium
* OpenJDK 17.0.3+7 build (release).
- CVE-2022-21476, CVE-2022-21496, CVE-2022-21434, CVE-2022-21426,
CVE-2022-21443, CVE-2022-21449
-- Marc Deslauriers <email address hidden> Sun, 24 Apr 2022 09:50:52 -0400
-
openjdk-17 (17.0.2+8-1) unstable; urgency=high
* OpenJDK 17.0.2+8 (release).
* Addresses security issues: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21299,
CVE-2022-21296, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291,
CVE-2022-21283, CVE-2022-21282, CVE-2022-21277, CVE-2022-21248.
-- Matthias Klose <email address hidden> Thu, 20 Jan 2022 17:13:47 +0100
-
openjdk-17 (17.0.1+12-1) unstable; urgency=medium
* OpenJDK 17.0.1+12 (release).
* Remove patches applied upstream.
-- Matthias Klose <email address hidden> Wed, 20 Oct 2021 16:47:06 +0200
-
openjdk-17 (17+35-1) unstable; urgency=medium
* Fix JDK-8272472, ftbfs with glibc 2.24.
-- Matthias Klose <email address hidden> Wed, 15 Sep 2021 07:22:52 +0200