-
openjdk-17 (17.0.11+9-1~23.10.1) mantic-security; urgency=medium
* Modify the previous changelog entry:
remove an invalid entry from the CVE list.
openjdk-17 (17.0.11+9-1~23.10) mantic-security; urgency=high
* OpenJDK 17.0.11 release, build 9.
* CVEs
- CVE-2024-21011, 8319851: Improve exception logging.
- CVE-2024-21068, 8322122: Enhance generation of addresses.
- CVE-2024-21012, 8315708: Enhance HTTP/2 client usage.
- CVE-2024-21094, 8317507: Already fixed in November 2023:
C2 compilation fails with "Exceeded _node_regs array".
* Security fixes
- JDK-8315708: Enhance HTTP/2 client usage
- JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array"
- JDK-8318340: Improve RSA key implementations
- JDK-8319851: Improve exception logging
- JDK-8322122: Enhance generation of addresses
[ Pushkar Kulkarni ]
* Upload to Ubuntu 23.10
openjdk-17 (17.0.11~7ea-1) unstable; urgency=medium
* OpenJDK 17.0.11 early access, build 7.
[ Matthias Klose ]
* Don't try to install jhsdb on armhf with a zero-only build.
* Update cups dependencies for time_t64.
[ Pushkar Kulkarni ]
* Fix a typo in the vendor name derivation logic.
* copyright-generator: Derive release from debian/rules.
[ Vladimir Petko ]
* Fix installing the s390x build.
openjdk-17 (17.0.11~6ea-1) unstable; urgency=medium
* OpenJDK 17.0.11 early access, build 6.
openjdk-17 (17.0.10+7-3) unstable; urgency=medium
* d/changelog: Whitespace cleanup.
* Update build dependency on libfontconfig-dev.
* Apply proposed patch for JDK-8307977. Addresses: #1034600.
* libcups2, libfontconfig1: Make it a recommends in jre-headless,
a dependency in jre.
* Make the dependencies for libfontmanager.so and libjsound.so
recommendations in jre-headless, and dependencies in jre.
* Drop build dependencies on libgtk2 | libgtk3.
* Disable running the tests for the time_t64 bootstrap.
-- Pushkar Kulkarni <email address hidden> Wed, 29 May 2024 17:14:26 +0530
-
openjdk-17 (17.0.10+7-1~23.10.1) mantic-security; urgency=high
* OpenJDK 17.0.10 release, build 7.
- CVEs:
+ CVE-2024-20918
+ CVE-2024-20919
+ CVE-2024-20921
+ CVE-2024-20932
+ CVE-2024-20945
+ CVE-2024-20952
- Security fixes:
+ JDK-8276123, JDK-8316613: ZipFile::getEntry will not return a file entry
when there is a directory entry of the same name within a Zip File.
+ JDK-8308204: Enhanced certificate processing.
+ JDK-8314295: Enhance verification of verifier.
+ JDK-8314307: Improve loop handling.
+ JDK-8314468: Improve Compiler loops.
+ JDK-8316976: Improve signature handling.
+ JDK-8317547: Enhance TLS connection support.
[ Vladimir Petko ]
* d/t/jtreg-autopkgtest.sh: Regenerate test script.
* Generate d/watch to cope with early access and release builds.
* d/rules: Trim trailing whitespaces from debian/control.
[ Matthias Klose ]
* Build again zero on amd64 (accidental change in 6ea-1).
[ Pushkar Kulkarni ]
* Minor improvements to the copyright-generator.
[ Pushkar Kulkarni ]
* Upload to Ubuntu 23.10
* d/rules, d/control: relax jtreg version check for repacked orig tarballs
-- Matthias Klose <email address hidden> Wed, 17 Jan 2024 12:09:47 +0100
-
openjdk-17 (17.0.9+9-1) unstable; urgency=high
* OpenJDK 17.0.9 release, build 9.
- CVE-2023-30589, CVE-2023-22081, CVE-2023-22091, CVE-2023-22025.
The patch for CVE-2023-30589 also addresses CVE-2023-30585,
CVE-2023-30588, and CVE-2023-30590.
- Release notes:
https://www.oracle.com/java/technologies/javase/17-0-9-relnotes.html#R17_0_9
[ Vladimir Petko ]
* Backport upstream fix for jexec: can't locate java:
No such file or directory. Closes: #1029342.
* d/rules, d/watch: Bundle googletest 1.14.
* d/copyright: Add googletest copyright.
* d/test: Update problemlist.
* d/p: exclude-broken-tests.patch.
* d/p/reproducible-properties-timestamp.diff: Use the privileged action
to read the system property (JDK-8272157, 914278).
-- Matthias Klose <email address hidden> Wed, 18 Oct 2023 09:07:04 +0200
-
openjdk-17 (17.0.9+9-1~23.10) mantic-security; urgency=high
* Upload to Ubuntu 23.10.
* Release notes correction:
- CVE-2023-22081, CVE-2023-22025.
- Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-October/026352.html
openjdk-17 (17.0.9+9-1) unstable; urgency=high
* OpenJDK 17.0.9 release, build 9.
- CVE-2023-30589, CVE-2023-22081, CVE-2023-22091, CVE-2023-22025.
The patch for CVE-2023-30589 also addresses CVE-2023-30585,
CVE-2023-30588, and CVE-2023-30590.
- Release notes:
https://www.oracle.com/java/technologies/javase/17-0-9-relnotes.html#R17_0_9
[ Vladimir Petko ]
* Backport upstream fix for jexec: can't locate java:
No such file or directory. Closes: #1029342.
* d/rules, d/watch: Bundle googletest 1.14.
* d/copyright: Add googletest copyright.
* d/test: Update problemlist.
* d/p: exclude-broken-tests.patch.
* d/p/reproducible-properties-timestamp.diff: Use the privileged action
to read the system property (JDK-8272157, 914278).
-- Vladimir Petko <email address hidden> Thu, 19 Oct 2023 20:44:58 +1300
-
openjdk-17 (17.0.9~6ea-1) unstable; urgency=medium
* OpenJDK 17.0.9 early access, build 6.
[ Matthias Klose ]
* Build-depend on the unversioned libfreetype-dev.
* Backport the openjdk-17 zero support for loong64 (Xuefeng Pan).
Closes: #1051906.
* Build using GCC 13 on development versions.
[ Vladimir Petko ]
* Fix jquery-min.js symlink. Closes: #998763.
-- Matthias Klose <email address hidden> Sat, 16 Sep 2023 13:35:34 +0200
-
openjdk-17 (17.0.9~4ea-1) unstable; urgency=medium
* OpenJDK 17.0.9 early access, build 4.
[ Vladimir Petko ]
* d/t/jtreg-autopkgtest.{sh,in}: JDK-8232153 - set NSS_DEFAULT_DB_TYPE
to let sun/security/pkcs11/Secmod/AddTrustedCert.java pass.
* d/p/exclude-broken-tests.patch: quarantine pkcs11 tests failing with NSS 3.91.
* d/t/problems-armhf.txt: quarantine armhf failing tests:
- java/net/httpclient/ManyRequestsLegacy.java: SSL request timeout.
- java/util/Random/RandomTestBsi1999.java: deadlock in CI.
* d/copyright: Remove liblcms from excluded files.
* d/rules: Enable jtreg tests for bionic and focal.
* d/p/build_gtest.patch: Update patch to work with earlier versions
of google-test.
[ Matthias Klose ]
* Explicitly configure --without-jtreg with the nocheck profile
-- Matthias Klose <email address hidden> Thu, 24 Aug 2023 08:29:32 +0200
-
openjdk-17 (17.0.8+7-1) unstable; urgency=high
* OpenJDK 17.0.8 release, build 7.
- CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044,
CVE-2023-22045, CVE-2023-22049, CVE-2023-25193.
- Release notes:
https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html#R17_0_8
* Don't run the tests on powerpc, hangs on the buildd.
* Refresh patches.
-- Matthias Klose <email address hidden> Wed, 19 Jul 2023 08:29:02 +0200
-
openjdk-17 (17.0.8~6-5) unstable; urgency=medium
* Revert back to the riscv64 hotspot patch to v7.
-- Matthias Klose <email address hidden> Wed, 12 Jul 2023 14:33:08 +0200
-
openjdk-17 (17.0.8~6-4) unstable; urgency=medium
[ Matthias Klose ]
* Update the riscv64 hotspot patch to v9.
* Run the hotspot tests on riscv64.
* Link with --no-as-needed. Closes: #1031521.
* d/rules: Remove EXTRA_.*FLAGS_JDK macros.
* Fix FTCBFS: Add libffi-dev:native to B-D (Helmut Grohne).
[ Vladimir Petko ]
* Disable runtime/jni/nativeStack/TestNativeStack.java for armhf pending
upstream fix.
-- Matthias Klose <email address hidden> Mon, 10 Jul 2023 16:41:54 +0200
-
openjdk-17 (17.0.8~6-3) unstable; urgency=medium
[ Vladimir Petko ]
* Use libtestng7-java as jtreg6 dependency as TestNG 7.x is required
at runtime.
* Regenerate the control file.
-- Matthias Klose <email address hidden> Sat, 01 Jul 2023 09:19:52 +0200
-
openjdk-17 (17.0.7+7~us1-0ubuntu1) mantic; urgency=medium
* OpenJDK 17.0.7 release, build 7.
- CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939,
CVE-2023-21954, CVE-2023-21967, CVE-2023-21968.
- Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021899.html
* d/rules: update jquery to 3.6.1.
* d/p/*: refresh patches.
* d/rules: pack external debug symbols with build-id, do not pack duplicate
symbols, do not strip JVM shared libraries (LP: #2012326, LP: #2016739).
* d/p/system-pcsclite.diff: disable built-in pcsclite version assertion.
* d/rules: always use jtreg6.
* d/rules: only compile google tests when with_check is enabled, disable them
for bullseye and jammy.
-- Vladimir Petko <email address hidden> Thu, 20 Apr 2023 08:28:30 +1200
-
openjdk-17 (17.0.6+10-1ubuntu3) lunar; urgency=medium
* d/control: add jtreg6 dependencies, regenerate control.
* d/t/{jdk,hotspot,jaxp,lantools}: run tier1 and tier2 jtreg tests only,
add test options from OpenJDK makefile.
* d/t/*: fix test environment: add missing -nativepath (LP: #2001563).
* d/t/jdk: provide dbus session for the window manager (LP: #2001576).
* d/p/build_gtest.patch: build OpenJDK with the system googletest
(LP: #2012316).
* d/p/*: add patches for jtreg tests:
- disable-thumb-assertion.patch: fix JDK-8305481.
- update-assertion-for-armhf.patch: fix JDK-8305480.
- misalign-pointer-for-armhf.patch: packaging-specific patch to fix test
failure introduced by d/p/m68k-support.diff.
- log-generated-classes-test.patch: workaround JDK-8166162.
- update-permission-test.patch: add security permissions for testng 7.
- ldap-timeout-test-use-ip.patch, test-use-ip-address.patch: Ubuntu-specific
patches to workaround missing DNS resolver on the build machines.
- exclude_broken_tests.patch: quarantine failing tests.
* d/rules: package external debug symbols (LP: #2015835).
* drop d/p/{jaw-classpath.diff, jaw-optional.diff}: the atk wrapper is disabled
and these patches cause class data sharing tests to fail (LP: #2016194).
* d/p/exclude-broken-tests.patch: add OpenJDK 17 failures.
* d/t/jtreg-autopkgtest.in: pass JTREG home to locate junit.jar, regenerate
d/t/jtreg-autopkgtest.sh (LP: #2016206).
-- Vladimir Petko <email address hidden> Mon, 27 Mar 2023 11:41:46 +1300
-
openjdk-17 (17.0.6+10-1ubuntu2) lunar; urgency=medium
* d/p: drop obsolete patches (LP: #2011653).
- workaround_expand_exec_shield_cs_limit.diff: obsoleted by
hotspot-disable-exec-shield-workaround.diff.
- generated-headers.patch: include is already added by openjdk makefile.
* d/copyright, d/watch: implement uscan repackaging (LP: #2011749).
* d/rules: use --with-debug-symbols=none (LP: #2003820).
-- Vladimir Petko <email address hidden> Thu, 16 Mar 2023 15:04:36 +1300
