openjdk-11 (11.0.22+7-2) unstable; urgency=medium
[ Matthias Klose ]
* Add zero support for loong64 (Leslie Zhai). Closes: #1060821.
* d/changelog: Whitespace cleanup.
* Update build dependency on libfontconfig-dev.
* Apply proposed patch for JDK-8307977. Closes: #1034600.
[ Vladimir Petko ]
* d/t/jtreg-autopkgtest.*: Set jtreg home property correctly.
-- Matthias Klose <doko@ubuntu.com> Fri, 26 Jan 2024 21:04:10 +0100
openjdk-11 (11.0.22+7-1) unstable; urgency=high
* OpenJDK 11.0.22 release, build 7.
- CVEs:
+ CVE-2024-20918
+ CVE-2024-20919
+ CVE-2024-20921
+ CVE-2024-20945
+ CVE-2024-20952
- Security fixes:
+ JDK-8308204: Enhanced certificate processing.
+ JDK-8314295: Enhance verification of verifier.
+ JDK-8314307: Improve loop handling.
+ JDK-8314468: Improve Compiler loops.
+ JDK-8316976: Improve signature handling.
+ JDK-8317547: Enhance TLS connection support.
+ JDK-8314284: Enhance Nashorn performance (CVE-2024-20926).
[ Vladimir Petko ]
* Generate d/watch to cope with early access and release builds.
* d/rules: Trim trailing whitespaces from debian/control.
[ Pushkar Kulkarni ]
* Minor improvements to the copyright-generator.
-- Matthias Klose <doko@ubuntu.com> Wed, 17 Jan 2024 16:28:29 +0100
openjdk-11 (11.0.22~6ea-1) unstable; urgency=medium
* OpenJDK 11.0.22+6 build (early access).
[ Pushkar Kulkarni ]
* debian/copyright: Update copyrights and notices, using a generator script.
[ Vladimir Petko ]
* d/copyright: Fix lintian warning.
[ Matthias Klose ]
* d/copyright: Fix source location.
-- Matthias Klose <doko@ubuntu.com> Tue, 26 Dec 2023 13:23:50 +0100
openjdk-11 (11.0.21+9-1) unstable; urgency=high
* OpenJDK 11.0.21 release, build 9.
- CVE-2023-22081.
- Release notes:
https://www.oracle.com/java/technologies/javase/11-0-21-relnotes.html#R11_0_21
[ Vladimir Petko ]
* d/test: update problemlist.
* d/p: drop exclude-broken-tests.patch.
* d/p/reproducible-properties-timestamp.diff: use the privileged action
to read the system property (JDK-8272157, 914278).
[ Matthias Klose ]
* Build using GCC 13 on development versions.
[ Pushkar Kulkarni ]
* Handle limited ECC capabilities of NSS on older releases.
-- Matthias Klose <doko@ubuntu.com> Wed, 18 Oct 2023 09:28:04 +0200
openjdk-11 (11.0.21~4ea-1) unstable; urgency=medium
* OpenJDK 11.0.21 release, build 4 (early access).
[ Vladimir Petko ]
* d/copyright: remove liblcms from excluded files.
* Refresh patch for 11.0.21+2 ea.
* d/t/jtreg-autopkgtest.{sh,in}: JDK-8232153 - set NSS_DEFAULT_DB_TYPE
to let sun/security/pkcs11/Secmod/AddTrustedCert.java pass.
[ Matthias Klose ]
* Explicitly configure --without-jtreg with the nocheck profile
-- Matthias Klose <doko@ubuntu.com> Thu, 24 Aug 2023 12:53:49 +0200
openjdk-11 (11.0.20+8-1) unstable; urgency=high
* OpenJDK 11.0.20 release, build 8.
- CVE-2023-22041, CVE-2023-25193, CVE-2023-22045,
CVE-2023-22049, CVE-2023-22036, CVE-2023-22006.
- Release notes:
https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html#R11_0_20
* Link with --no-as-needed. Closes: #1031521.
* Refresh patches.
-- Matthias Klose <doko@ubuntu.com> Wed, 19 Jul 2023 08:40:22 +0200
openjdk-11 (11.0.20~7-1) unstable; urgency=medium
* OpenJDK 11.0.20+7 build (early access).
[ Vladimir Petko ]
* debian/copyright: convert to a machine-readable format.
* debian/copyright: align excludes statement with openjdk-17.
* Provide versioned java-runtime, java-runtime-headless, java-sdk
and java-sdk-headless virtual packages (Emmanuel Bourg).
* Configure --with-stdc++lib=static on ia64.
* Bump standards version.
-- Matthias Klose <doko@ubuntu.com> Sat, 01 Jul 2023 09:11:49 +0200
openjdk-11 (11.0.19+7-1) unstable; urgency=high
* OpenJDK 11.0.19 release, build 7.
- CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939,
CVE-2023-21954, CVE-2023-21967, CVE-2023-21968.
- Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021900.html
- d/p/*: refresh patches.
[ Vladimir Petko ]
* debian/JB-jre-headless.postinst.in: trigger ca-certificates-java after jre
is set up.
* d/p: drop obsolete patches (LP: #2011653).
- workaround_expand_exec_shield_cs_limit.diff: obsoleted by
hotspot-disable-exec-shield-workaround.diff.
- generated-headers.patch: include is already added by openjdk makefile.
- parallel-build-fix.diff: include is not necessary.
* d/copyright, d/watch: implement uscan repackaging (LP: #2011749).
* d/rules: use --with-debug-symbols=none (LP: #2003820).
* d/control: add jtreg6 dependencies, regenerate control.
* d/t/{jdk,hotspot,jaxp,langtools}: run tier1 and tier2 jtreg tests only,
add test options from OpenJDK makefile.
* d/t/*: fix test environment: add missing -nativepath (LP: #2001563).
* d/t/jdk: provide dbus session for the window manager (LP: #2001576).
* d/p/*: add patches for jtreg tests:
- disable-thumb-assertion.patch: fix JDK-8305481.
- update-assertion-for-armhf.patch: fix JDK-8305480.
- log-generated-classes-test.patch: workaround JDK-8166162.
- update-permission-test.patch: add security permissions for testng 7.
- ldap-timeout-test-use-ip.patch, test-use-ip-address.patch: Ubuntu-specific
patches to workaround missing DNS resolver on the build machines.
- exclude_broken_tests.patch: quarantine failing tests.
* d/rules: package external debug symbols (LP: #2015835).
* drop d/p/{jaw-classpath.diff, jaw-optional.diff}: the atk wrapper is disabled
and these patches cause class data sharing tests to fail (LP: #2016194).
* d/p/exclude-broken-tests.patch: add OpenJDK 11 failures.
* d/t/jtreg-autopkgtest.in: pass JTREG home to locate junit.jar, regenerate
d/t/jtreg-autopkgtest.sh (LP: #2016206).
* d/t/control.in: disable jtreg autopkgtests in line with openjdk 17,
regenerate control (LP: #2016438).
* d/rules: pack external debug symbols with build-id, do not pack duplicate
symbols, do not strip JVM shared libraries (LP: #2012326, LP: #2016739).
* d/rules: always use jtreg6.
[ Matthias Klose ]
* d/rules: Fix using CC/CXX for recent releases.
-- Matthias Klose <doko@ubuntu.com> Sun, 11 Jun 2023 12:55:28 +0200
openjdk-11 (11.0.18+10-1) unstable; urgency=high
* OpenJDK 11.0.18+10 build (release).
- CVE-2023-21835, CVE-2023-21843
- Release notes:
https://www.oracle.com/java/technologies/javase/11-0-18-relnotes.html
[ Matthias Klose ]
* Handle jtreg package name for backports.
[ Vladimir Petko ]
* debian/patches/*: Refreshed patches for the new release and dropped unused
patches.
* debian/watch: use jdk11u repository as upstream.
* debian/rules: add lunar to jtreg version selection.
-- Matthias Klose <doko@ubuntu.com> Thu, 26 Jan 2023 10:46:52 +0100
openjdk-11 (11.0.17+8-2) unstable; urgency=medium
* Bump build dependencies on jtreg.
-- Matthias Klose <doko@ubuntu.com> Wed, 19 Oct 2022 16:06:55 +0200
openjdk-11 (11.0.17+8-1) unstable; urgency=high
* OpenJDK 11.0.17+8 build (release).
* Security fixes
- JDK-8289366: Improve HTTP/2 client usage.
- JDK-8288508: Enhance ECDSA usage.
- JDK-8286918: Better HttpServer service.
- JDK-8287446: Enhance icon presentations.
- JDK-8286910: Improve JNDI lookups.
- JDK-8286511: Improve macro allocation.
- JDK-8286526: Improve NTLM support.
- JDK-8286533: Key X509 usages.
- JDK-8286077: Wider MultiByte conversions.
- JDK-8286519: Better memory handling.
- JDK-8285662: Better permission resolution.
- JDK-8282252: Improve BigInteger/Decimal validation.
* Build using GCC 12 in recent development distros.
* Don't install the security/blacklisted.certs symlink anymore.
Closes: #1021866.
-- Matthias Klose <doko@ubuntu.com> Wed, 19 Oct 2022 06:48:12 +0200
openjdk-11 (11.0.16+8-1) unstable; urgency=high
* OpenJDK 11.0.16+8 build (release).
* Security fixes
- JDK-8277608: Address IP Addressing.
- JDK-8272243: Improve DER parsing.
- JDK-8272249: Better properties of loaded Properties.
- JDK-8281859, CVE-2022-21540: Improve class compilation.
- JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations.
- JDK-8283190: Improve MIDI processing.
- JDK-8284370: Improve zlib usage.
- JDK-8285407, CVE-2022-34169: Improve Xalan supports.
-- Matthias Klose <doko@ubuntu.com> Wed, 20 Jul 2022 10:54:16 +0200
openjdk-11 (11.0.15+10-1) unstable; urgency=high
* OpenJDK 11.0.15+10 build (release).
* Security fixes
- JDK-8269938: Enhance XML processing passes redux.
- JDK-8270504, CVE-2022-21426: Better XPath expression handling.
- JDK-8272255: Completely handle MIDI files.
- JDK-8272261: Improve JFR recording file processing.
- JDK-8272594: Better record of recordings.
- JDK-8274221: More definite BER encodings.
- JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java
to 2.3.0.
- JDK-8275151, CVE-2022-21443: Improved Object Identification.
- JDK-8277227: Better identification of OIDs.
- JDK-8277672, CVE-2022-21434: Better invocation handler handling.
- JDK-8278356: Improve file creation.
- JDK-8278449: Improve keychain support.
- JDK-8278798: Improve supported intrinsic.
- JDK-8278805: Enhance BMP image loading.
- JDK-8278972, CVE-2022-21496: Improve URL supports.
- JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo.
* Refresh patches.
-- Matthias Klose <doko@ubuntu.com> Mon, 02 May 2022 19:42:14 +0200
openjdk-11 (11.0.14.1+1-1) unstable; urgency=medium
* OpenJDK 11.0.14.1+1 build (release).
- Fix JDK-8218546. LP: #1966338.
-- Matthias Klose <doko@ubuntu.com> Sun, 27 Mar 2022 11:16:07 +0200
openjdk-11 (11.0.14+9-1) unstable; urgency=high
* OpenJDK 11.0.14+9 build (release).
* Security fixes
- JDK-8217375: jarsigner breaks old signature with long lines in manifest.
- JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir
named "." inside.
- JDK-8264934, CVE-2022-21248: Enhance cross VM serialization.
- JDK-8268488: More valuable DerValues.
- JDK-8268494: Better inlining of inlined interfaces.
- JDK-8268512: More content for ContentInfo.
- JDK-8268795: Enhance digests of Jar files.
- JDK-8268801: Improve PKCS attribute handling.
- JDK-8268813, CVE-2022-21283: Better String matching.
- JDK-8269151: Better construction of EncryptedPrivateKeyInfo.
- JDK-8269944: Better HTTP transport redux.
- JDK-8270386, CVE-2022-21291: Better verification of scan methods.
- JDK-8270392, CVE-2022-21293: Improve String constructions.
- JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps.
- JDK-8270492, CVE-2022-21282: Better resolution of URIs.
- JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management.
- JDK-8270646, CVE-2022-21299: Improved scanning of XML entities.
- JDK-8270952, CVE-2022-21277: Improve TIFF file handling.
- JDK-8271962: Better TrueType font loading.
- JDK-8271968: Better canonical naming.
- JDK-8271987: Manifest improved manifest entries.
- JDK-8272014, CVE-2022-21305: Better array indexing.
- JDK-8272026, CVE-2022-21340: Verify Jar Verification.
- JDK-8272236, CVE-2022-21341: Improve serial forms for transport.
- JDK-8272272: Enhance jcmd communication.
- JDK-8272462: Enhance image handling.
- JDK-8273290: Enhance sound handling.
- JDK-8273756, CVE-2022-21360: Enhance BMP image support.
- JDK-8273838, CVE-2022-21365: Enhanced BMP processing.
- JDK-8274096, CVE-2022-21366: Improve decoding of image files.
- JDK-8279541: Improve HarfBuzz.
-- Matthias Klose <doko@debian.org> Wed, 19 Jan 2022 11:05:38 +0100
openjdk-11 (11.0.13+8-1) unstable; urgency=medium
* OpenJDK 11.0.13+8 build (release).
* Security fixes
- JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
- JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
- JDK-8263314: Enhance XML Dsig modes
- JDK-8265167, CVE-2021-35556: Richer Text Editors
- JDK-8265574: Improve handling of sheets
- JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
- JDK-8265776: Improve Stream handling for SSL
- JDK-8266097, CVE-2021-35561: Better hashing support
- JDK-8266103: Better specified spec values
- JDK-8266109: More Resilient Classloading
- JDK-8266115: More Manifest Jar Loading
- JDK-8266137, CVE-2021-35564: Improve Keystore integrity
- JDK-8266689, CVE-2021-35567: More Constrained Delegation
- JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
- JDK-8267712: Better LDAP reference processing
- JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
- JDK-8267735, CVE-2021-35586: Better BMP support
- JDK-8268193: Improve requests of certificates
- JDK-8268199: Correct certificate requests
- JDK-8268205: Enhance DTLS client handshake
- JDK-8268506: More Manifest Digests
- JDK-8269618, CVE-2021-35603: Better session identification
- JDK-8269624: Enhance method selection support
- JDK-8270398: Enhance canonicalization
- JDK-8270404: Better canonicalization
* Remove patches applied upstream.
-- Matthias Klose <doko@ubuntu.com> Wed, 20 Oct 2021 11:01:48 +0200
openjdk-11 (11.0.12+7-2) unstable; urgency=high
* OpenJDK 11.0.12+7 build (release).
* Security fixes:
- JDK-8256157: Improve bytecode assembly.
- JDK-8256491: Better HTTP transport.
- JDK-8258432, CVE-2021-2341: Improve file transfers.
- JDK-8260453: Improve Font Bounding.
- JDK-8260960: Signs of jarsigner signing.
- JDK-8260967, CVE-2021-2369: Better jar file validation.
- JDK-8262380: Enhance XML processing passes.
- JDK-8262403: Enhanced data transfer.
- JDK-8262410: Enhanced rules for zones.
- JDK-8262477: Enhance String Conclusions.
- JDK-8262967: Improve Zip file support.
- JDK-8264066, CVE-2021-2388: Enhance compiler validation.
- JDK-8264079: Improve abstractions.
- JDK-8264460: Improve NTLM support.
* Encode the early-access status into the package version. LP: #1934895.
-- Matthias Klose <doko@ubuntu.com> Wed, 21 Jul 2021 09:03:54 +0200
openjdk-11 (11.0.12+6-1) unstable; urgency=medium
* OpenJDK 11.0.12+6 build (early access).
-- Matthias Klose <doko@ubuntu.com> Wed, 07 Jul 2021 12:00:44 +0200
openjdk-11 (11.0.12+4-1) unstable; urgency=medium
* OpenJDK 11.0.12+4 build (early access).
* Don't apply the m68k-support patch, needs an update.
-- Matthias Klose <doko@ubuntu.com> Thu, 27 May 2021 11:37:31 +0200
openjdk-11 (11.0.11+9-1) unstable; urgency=high
* OpenJDK 11.0.11+9 build (release).
* Security fixes:
- JDK-8244473: Contextualize registration for JNDI.
- JDK-8244543: Enhanced handling of abstract classes.
- JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE
after JDK-8244543.
- JDK-8250568: Less ambiguous processing (CVE-2021-2161).
- JDK-8253799: Make lists of normal filenames.
- JDK-8261183: Follow on to Make lists of normal filenames.
- JDK-8249906: Enhance opening JARs (CVE-2021-2163).
- JDK-8258247: Couple of issues in fix for JDK-8249906.
- JDK-8259428: AlgorithmId.getEncodedParams() should return copy.
- JDK-8257001: Improve HTTP client support.
-- Matthias Klose <doko@ubuntu.com> Tue, 20 Apr 2021 20:21:22 +0200
openjdk-11 (11.0.11+8-1) unstable; urgency=medium
* OpenJDK 11.0.11+8 build (early access).
* Set DEB_BUILD_MAINT_OPTIONS = optimize=-lto, not yet ready. Looks
like 16 and 17 are buildable with lto.
* Remove dangling jfr alternative on upgrades if no jdk is installed (Andreas
Beckmann). Closes: #985060.
* Use mktemp instead of tempfile in maintainer scripts (Andreas Beckmann).
* Backport fix for JDK-8262085, hovering Metal HTML Tooltips in different
windows cause IllegalArgExc on Linux. Closes: #967049.
-- Matthias Klose <doko@ubuntu.com> Thu, 01 Apr 2021 12:24:55 +0200
openjdk-11 (11.0.11+7-1) unstable; urgency=medium
* OpenJDK 11.0.11+7 build (early access).
* Simplify compiler selection for backports.
* Don't use the triplet-prefixed binutils tools for backports.
-- Matthias Klose <doko@ubuntu.com> Thu, 18 Mar 2021 09:49:54 +0100
openjdk-11 (11.0.11+4-1) unstable; urgency=medium
* OpenJDK 11.0.11+4 build (early access).
* reproducible-build-jmod.diff: Fall back to the unpatched behavior
for backports.
* Only build with system harfbuzz for recent releases.
* Configure --with-copyright-year. Closes: #956154.
-- Matthias Klose <doko@ubuntu.com> Thu, 25 Feb 2021 11:54:00 +0100
openjdk-11 (11.0.11+3-3) experimental; urgency=medium
* Fix the build logic, jaotc and jhsdb tools not available on all archs.
* Ship the jfc files used by jfr.
* Move libawt_xawt.so, libjawt.so into the jre package. Closes: #908058.
-- Matthias Klose <doko@ubuntu.com> Sat, 20 Feb 2021 09:12:35 +0100
openjdk-11 (11.0.11+3-2) experimental; urgency=medium
* OpenJDK 11.0.11+3 build (early access).
* Use debugedit to generate unique build-id's and remove the openjdk-N-dbg
file conflicts. Closes: #919671.
* Remove KFreeBSD build support and patches, not updated since OpenJDK 8.
* Backport JDK-8222825. Closes: #960153.
* Build with Rules-Requires-Root: no.
* Move the jfr binary from -jre-headless to -jdk-headless. Development tool.
-- Matthias Klose <doko@ubuntu.com> Fri, 19 Feb 2021 13:54:09 +0100
openjdk-11 (11.0.10+9-1) unstable; urgency=high
* OpenJDK 11.0.10+9 build (release).
* Security fixes:
- JDK-8247619: Improve Direct Buffering of Characters.
* Other changes:
See https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2021-January/004689.html
* Update copyright years.
-- Matthias Klose <doko@ubuntu.com> Wed, 20 Jan 2021 10:42:16 +0100
openjdk-11 (11.0.10+8-1) unstable; urgency=medium
* OpenJDK 11.0.10+8 build (early access).
* Build with system harfbuzz.
* Refresh patches.
* Don't run the autopkg tests. There's no value running all the internal
tests as an autopkg test, when these are already run during the build.
* Update VCS attributes.
* Bump standards version.
-- Matthias Klose <doko@ubuntu.com> Wed, 30 Dec 2020 13:50:32 +0100
openjdk-11 (11.0.9.1+1-1) unstable; urgency=medium
* OpenJDK 11.0.9.1+1 build (release).
* Configure --with-jvm-features=shenandoahgc for hotspot builds.
LP: #1902029.
-- Matthias Klose <doko@ubuntu.com> Thu, 05 Nov 2020 14:32:42 +0100
openjdk-11 (11.0.9+11-1) unstable; urgency=medium
* OpenJDK 11.0.9+11 build (release).
* Security fixes:
- JDK-8233624: Enhance JNI linkage
- JDK-8236196: Improve string pooling
- JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
- JDK-8237995, CVE-2020-14782: Enhance certificate processing
- JDK-8240124: Better VM Interning
- JDK-8241114, CVE-2020-14792: Better range handling
- JDK-8242680, CVE-2020-14796: Improved URI Support
- JDK-8242685, CVE-2020-14797: Better Path Validation
- JDK-8242695, CVE-2020-14798: Enhanced buffer support
- JDK-8243302: Advanced class supports
- JDK-8244136, CVE-2020-14803: Improved Buffer supports
- JDK-8244479: Further constrain certificates
- JDK-8244955: Additional Fix for JDK-8240124
- JDK-8245407: Enhance zoning of times
- JDK-8245412: Better class definitions
- JDK-8245417: Improve certificate chain handling
- JDK-8248574: Improve jpeg processing
- JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
- JDK-8253019: Enhanced JPEG decoding
[ Tiago Stürmer Daitx ]
* debian/rules:
- copy apport hook to source_$(PKGSOURCE).py, fixes apport on
Ubuntu where source name is openjdk-lts instead of openjdk-11.
* Refresh patches.
[ Matthias Klose ]
* Don't run the jdk tests as an autopkg test, taking too long.
* Call strip-nondeterminism before computing jmod hashes (Julian Gilbey).
Closes: #944738.
* Build with GCC 10 in current development versions. Closes: #972288.
-- Matthias Klose <doko@ubuntu.com> Wed, 21 Oct 2020 19:38:16 +0200
openjdk-11 (11.0.8+10-1) unstable; urgency=high
* OpenJDK 11.0.8+10 build (release).
* Security fixes:
- JDK-8233239, CVE-2020-14562: Enhance TIFF support
- JDK-8236867, CVE-2020-14573: Enhance Graal interface handling
- JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
- JDK-8238002, CVE-2020-14581: Better matrix operations
- JDK-8238920, CVE-2020-14583: Better Buffer support
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
- JDK-8230613: Better ASCII conversions
- JDK-8231800: Better listing of arrays
- JDK-8232014: Expand DTD support
- JDK-8233234: Better Zip Naming
- JDK-8233255: Better Swing Buttons
- JDK-8234032: Improve basic calendar services
- JDK-8234042: Better factory production of certificates
- JDK-8234418: Better parsing with CertificateFactory
- JDK-8234836: Improve serialization handling
- JDK-8236191: Enhance OID processing
- JDK-8238013: Enhance String writing
- JDK-8238804: Enhance key handling process
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- JDK-8238843: Enhanced font handing
- JDK-8238925: Enhance WAV file playback
- JDK-8240482: Improved WAV file playback
- JDK-8241379: Update JCEKS support
- JDK-8241522: Manifest improved jar headers redux
[ Tiago Stürmer Daitx ]
* d/p/default-jvm-cfg.diff: updated patch.
* d/p/8214571.diff, d/p/8228407.diff: applied by upstream, removed patches.
[ Matthias Klose ]
* Don't try to run autopkg tests on armel, mipsel, mips64el.
* debian/copyright (remove licenses not found anymore in the sources):
- Little CMS, libpng, GIFLIB.
* Prepare to Build using GCC 10.
-- Matthias Klose <doko@ubuntu.com> Wed, 22 Jul 2020 14:26:43 +0200
openjdk-11 (11.0.7+10-3) unstable; urgency=high
* Backport the fix for JDK-8214571, -Xdoclint of array serialField gives
"error: array type not allowed here". Introduced with 11.0.7.
* Enable running the testsuite on release architectures.
-- Matthias Klose <doko@ubuntu.com> Thu, 16 Apr 2020 14:40:58 +0200
openjdk-11 (11.0.7+10-2) unstable; urgency=high
* Backport the fix for 8228407, JVM crashes with shared archive file mismatch.
* Enable again bootcycle build for all hotspot architectures.
* Build again with -march=zEC12 on Ubuntu/s390x.
-- Matthias Klose <doko@ubuntu.com> Wed, 15 Apr 2020 16:03:23 +0200
openjdk-11 (11.0.7+10-1) unstable; urgency=high
* OpenJDK 11.0.7+10 build (release).
* Security fixes
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
- JDK-8225603: Enhancement for big integers
- JDK-8226346: Build better binary builders
- JDK-8227467: Better class method invocations
- JDK-8227542: Manifest improved jar headers
- JDK-8229733: TLS message handling improvements
- JDK-8231415, CVE-2020-2773: Better signatures in XML
- JDK-8231785: Improved socket permissions
- JDK-8232424, CVE-2020-2778: More constrained algorithms
- JDK-8232581, CVE-2020-2767: Improve TLS verification
- JDK-8233250: Better X11 rendering
- JDK-8233410: Better Build Scripting
- JDK-8234027: Better JCEKS key support
- JDK-8234408, CVE-2020-2781: Improve TLS session handling
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
- JDK-8235274, CVE-2020-2805: Enhance typing of methods
- JDK-8235691, CVE-2020-2816: Enhance TLS connectivity
- JDK-8236201, CVE-2020-2830: Better Scanner conversions
- JDK-8238960: linux-i586 builds are inconsistent as the newly build
jdk is not able to reserve enough space for object heap
[ Matthias Klose ]
* Refresh patches.
* Configure --with-jtreg=/usr/share/jtreg.
* Enable the buildwatch script on sh4 (Adrian Glaubitz). Closes: #956728.
* Build with -march=z13 -mtune=z15 on Ubuntu/s390x.
-- Matthias Klose <doko@ubuntu.com> Wed, 15 Apr 2020 11:11:42 +0200
openjdk-11 (11.0.7+9-1) unstable; urgency=medium
* OpenJDK 11.0.7+9 build (early access).
* Make autopkgtests cross-test-friendly (Steve Langasek). LP: #1861467.
* d/tests/jtreg-autopkgtest.in: keep generated hs_err log files
with test artifacts to improve later debug (Tiago Stürmer Daitx).
* d/tests/jtdiff-autopkgtest.in: set default vm to correctly locate (Tiago
Stürmer Daitx)
* jhsdb isn't built on sh4 (Adrian Glaubitz). Closes: #951774.
-- Matthias Klose <doko@ubuntu.com> Thu, 26 Mar 2020 08:33:35 +0100
openjdk-11 (11.0.6+10-2) unstable; urgency=medium
* Fix FTCBFS (Helmut Grohne). Addresses: #949460.
- Missing Build-Depends: zlib1g-dev:native.
- Use triplet-prefixed objcopy and strip.
* Bump standards version.
-- Matthias Klose <doko@ubuntu.com> Wed, 12 Feb 2020 08:40:22 +0100
openjdk-11 (11.0.6+10-1) unstable; urgency=high
* OpenJDK 11.0.6+10 build (release).
- S8220598: Malformed copyright year range in a few files in java.base.
- S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets.
- S8225261: Better method resolutions.
- S8225279: Better XRender interpolation.
- S8226352, CVE-2020-2590: Improve Kerberos interop capabilities.
- S8227758: More valid PKIX processing.
- S8227816: More Colorful ICC profiles.
- S8228548, CVE-2020-2593: Normalize normalization for all.
- S8229728: Implement negotiation parameters.
- S8229951, CVE-2020-2601: Better Ticket Granting Services.
- S8230279: Improve Pack200 file reading.
- S8230318: Better trust store usage.
- S8230967: Improve Registry support of clients.
- S8231139: Improved keystore support.
- S8231422, CVE-2020-2604: Better serial filter handling.
- S8231780, CVE-2020-2655: Better TLS messaging support.
- S8231790: Provide better FileSystemProviders.
- S8232419: Improve Registry registration.
- S8234037, CVE-2020-2654: Improve Object Identifier Processing.
* Disable zero on sparc64 (Adrian Glaubitz). Closes: #942030.
* Make the generated character data source files reproducible (Emmanuel
Bourg). Closes: #933339.
* Make the generated module-info.java files reproducible (Emmanuel Bourg).
Closes: #933342.
* Make the generated copyright headers reproducible (Emmanuel Bourg).
Closes: #933349.
* Make the build user reproducible (Emmanuel Bourg). Closes: #933373.
-- Matthias Klose <doko@ubuntu.com> Wed, 15 Jan 2020 01:09:36 +0100
openjdk-11 (11.0.6+7-1) unstable; urgency=medium
* OpenJDK 11.0.6+7 build (early access).
-- Matthias Klose <doko@ubuntu.com> Fri, 13 Dec 2019 14:52:21 +0100
openjdk-11 (11.0.5+10-2) unstable; urgency=medium
* Fix the jtreg consistency check when building without jtreg.
* Don't call dh_strip_nondeterminism when building for older releases.
* Fix disabling the zero build on arm64 on trusty.
-- Matthias Klose <doko@ubuntu.com> Thu, 17 Oct 2019 22:04:30 +0200
openjdk-11 (11.0.5+10-1) unstable; urgency=high
* OpenJDK 11.0.5+10 build (release).
- S8209901: Canonical file handling.
- S8213429, CVE-2019-2933: Windows file handling redux.
- S8218573, CVE-2019-2945: Better socket support.
- S8218877: Help transform transformers.
- S8219914: Change the environment variable for Java Access Bridge
logging to have a directory.
- S8220186: Improve use of font temporary files.
- S8220302, CVE-2019-2949: Better Kerberos ccache handling.
- S8221497: Optional Panes in Swing.
- S8221858, CVE-2019-2958: Build Better Processes.
- S8222684, CVE-2019-2964: Better support for patterns.
- S8222690, CVE-2019-2962: Better Glyph Images.
- S8223163: Better pattern recognition.
- S8223505, CVE-2019-2973: Better pattern compilation.
- S8223518, CVE-2019-2975: Unexpected exception in jjs.
- S8223886: Add in font table referene.
- S8223892, CVE-2019-2978: Improved handling of jar files.
- S8224025: Fix for JDK-8220302 is not complete.
- S8224062, CVE-2019-2977: Improve String index handling.
- S8224532, CVE-2019-2981: Better Path supports.
- S8224915, CVE-2019-2983: Better serial attributes.
- S8225286, CVE-2019-2987: Better rendering of native glyphs.
- S8225292, CVE-2019-2988: Better Graphics2D drawing.
- S8225298, CVE-2019-2989: Improve TLS connection support.
- S8225597, CVE-2019-2992: Enhance font glyph mapping.
- S8226765, CVE-2019-2999: Commentary on Javadoc comments.
- S8227601: Better collection of references.
- S8228825, CVE-2019-2894: Enhance ECDSA operations.
-- Matthias Klose <doko@ubuntu.com> Wed, 16 Oct 2019 10:41:31 +0200
openjdk-11 (11.0.5+9-1) unstable; urgency=medium
* OpenJDK 11.0.5+9 build (early access).
* Bump standards version.
* Use dh_strip_nondeterminism (Emmanuel Bourg). Closes: #933389.
* Fix 8230708, server build on sparc64 (Adrian Glaubitz). Closes: #939565.
* Fix FTBFS with DEB_BUILD_PROFILES=nocheck (Helmut Grohne). Closes: #939521.
* Add more breaks to the openjdk-11-jre-headless package. Closes: #935624.
* Fix debug and src symlinks. Closes: #893134, #910694, #910696.
-- Matthias Klose <doko@ubuntu.com> Mon, 07 Oct 2019 11:00:49 +0200
openjdk-11 (11.0.5+6-2) unstable; urgency=medium
* Fix 8230708, build failure on sparc64 (Adrian Glaubitz).
* Disable the zero build on armhf.
-- Matthias Klose <doko@ubuntu.com> Fri, 06 Sep 2019 17:54:18 +0200
openjdk-11 (11.0.5+6-1) unstable; urgency=medium
* OpenJDK 11.0.5+6 build (early access).
[ Matthias Klose ]
* Tighten dependency on jtreg.
* Build using GCC 9 on recent development releases.
* Refresh patches.
[ Tiago Stürmer Daitx ]
* Properly generate Breaks: rules for bionic (fix typo).
* Remove libgtk-3-dev from build-deps: libgtk-3-dev is not actually
required, package builds fine without it; libgtk2.0-0 or libgtk-3-0
should be explicitly declared instead in bdeps and tests;
libxrandr-dev should be explicitly added as it is required and was
being included due to libgtk-3-dev dependency.
* Set minimum dependency on jtreg based on testsuite requirements.
* Fail during pre-build if installed jtreg version is lower then
the minimum required version.
* Improve and fix build tests and autopkgtests:
- Depend on default-jre-headless so jtreg will use the
JRE from /usr/default-java; remove JT_JAVA exports as it
no longer needs to be set.
- Update debian/tests/hotspot,jdk,langtools to ignore
jtreg-autopkgtest.sh return code.
- Create debian/tests/jtdiff-autopkgtest.in as it depends
on debian/rules variables.
- debian/tests/jtreg-autopkgtest.sh:
+ Enable retry of failed tests to trim out flaky tests.
+ Fix unbound variable.
+ Keep .jtr files from failed tests only.
- debian/tests/jtdiff-autopkgtest.sh:
+ Fail only if an actual regression is detected.
+ Add the super-diff comparison from jtdiff.
- debian/rules:
+ Preserve all JTreport directories in the test output
directory.
+ Use JDK_DIR instead of JDK_TO_TEST for autopkgtest
generation.
+ Package all .jtr files from JTwork as jtreg-autopkgtest.sh
makes sure it contains only failing tests.
-- Matthias Klose <doko@ubuntu.com> Wed, 04 Sep 2019 16:48:18 +0200
openjdk-11 (11.0.4+11-1) unstable; urgency=high
* OpenJDK 11.0.4+11 build (release).
- S8212328, CVE-2019-2762: Exceptional throw cases.
- S8213431, CVE-2019-2766: Improve file protocol handling.
- S8213432, CVE-2019-2769: Better copies of CopiesList.
- S8216381, CVE-2019-2786: More limited privilege usage.
- S8217563: Improve realm maintenance.
- S8218863: Better endpoint checks.
- S8218873: Improve JSSE endpoint checking.
- S8218876, CVE-2019-7317: Improve PNG support options.
- S8219775: Certificate validation improvements.
- S8220517: Enhanced GIF support.
- S8221345, CVE-2019-2818: Better Poly1305 support.
- S8221518, CVE-2019-2816: Normalize normalization.
- S8222678, CVE-2019-2821: Improve TLS negotiation.
* Fix more build issues for Ubuntu precise builds.
* Bump standards version.
-- Matthias Klose <doko@ubuntu.com> Wed, 17 Jul 2019 02:28:36 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog openjdk-11-jre-headless`.
Generated by dwww version 1.15 on Thu Jun 27 23:09:31 CEST 2024.