openjdk-11 (11.0.22+7-2) unstable; urgency=medium [ Matthias Klose ] * Add zero support for loong64 (Leslie Zhai). Closes: #1060821. * d/changelog: Whitespace cleanup. * Update build dependency on libfontconfig-dev. * Apply proposed patch for JDK-8307977. Closes: #1034600. [ Vladimir Petko ] * d/t/jtreg-autopkgtest.*: Set jtreg home property correctly. -- Matthias Klose <doko@ubuntu.com> Fri, 26 Jan 2024 21:04:10 +0100 openjdk-11 (11.0.22+7-1) unstable; urgency=high * OpenJDK 11.0.22 release, build 7. - CVEs: + CVE-2024-20918 + CVE-2024-20919 + CVE-2024-20921 + CVE-2024-20945 + CVE-2024-20952 - Security fixes: + JDK-8308204: Enhanced certificate processing. + JDK-8314295: Enhance verification of verifier. + JDK-8314307: Improve loop handling. + JDK-8314468: Improve Compiler loops. + JDK-8316976: Improve signature handling. + JDK-8317547: Enhance TLS connection support. + JDK-8314284: Enhance Nashorn performance (CVE-2024-20926). [ Vladimir Petko ] * Generate d/watch to cope with early access and release builds. * d/rules: Trim trailing whitespaces from debian/control. [ Pushkar Kulkarni ] * Minor improvements to the copyright-generator. -- Matthias Klose <doko@ubuntu.com> Wed, 17 Jan 2024 16:28:29 +0100 openjdk-11 (11.0.22~6ea-1) unstable; urgency=medium * OpenJDK 11.0.22+6 build (early access). [ Pushkar Kulkarni ] * debian/copyright: Update copyrights and notices, using a generator script. [ Vladimir Petko ] * d/copyright: Fix lintian warning. [ Matthias Klose ] * d/copyright: Fix source location. -- Matthias Klose <doko@ubuntu.com> Tue, 26 Dec 2023 13:23:50 +0100 openjdk-11 (11.0.21+9-1) unstable; urgency=high * OpenJDK 11.0.21 release, build 9. - CVE-2023-22081. - Release notes: https://www.oracle.com/java/technologies/javase/11-0-21-relnotes.html#R11_0_21 [ Vladimir Petko ] * d/test: update problemlist. * d/p: drop exclude-broken-tests.patch. * d/p/reproducible-properties-timestamp.diff: use the privileged action to read the system property (JDK-8272157, 914278). [ Matthias Klose ] * Build using GCC 13 on development versions. [ Pushkar Kulkarni ] * Handle limited ECC capabilities of NSS on older releases. -- Matthias Klose <doko@ubuntu.com> Wed, 18 Oct 2023 09:28:04 +0200 openjdk-11 (11.0.21~4ea-1) unstable; urgency=medium * OpenJDK 11.0.21 release, build 4 (early access). [ Vladimir Petko ] * d/copyright: remove liblcms from excluded files. * Refresh patch for 11.0.21+2 ea. * d/t/jtreg-autopkgtest.{sh,in}: JDK-8232153 - set NSS_DEFAULT_DB_TYPE to let sun/security/pkcs11/Secmod/AddTrustedCert.java pass. [ Matthias Klose ] * Explicitly configure --without-jtreg with the nocheck profile -- Matthias Klose <doko@ubuntu.com> Thu, 24 Aug 2023 12:53:49 +0200 openjdk-11 (11.0.20+8-1) unstable; urgency=high * OpenJDK 11.0.20 release, build 8. - CVE-2023-22041, CVE-2023-25193, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006. - Release notes: https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html#R11_0_20 * Link with --no-as-needed. Closes: #1031521. * Refresh patches. -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jul 2023 08:40:22 +0200 openjdk-11 (11.0.20~7-1) unstable; urgency=medium * OpenJDK 11.0.20+7 build (early access). [ Vladimir Petko ] * debian/copyright: convert to a machine-readable format. * debian/copyright: align excludes statement with openjdk-17. * Provide versioned java-runtime, java-runtime-headless, java-sdk and java-sdk-headless virtual packages (Emmanuel Bourg). * Configure --with-stdc++lib=static on ia64. * Bump standards version. -- Matthias Klose <doko@ubuntu.com> Sat, 01 Jul 2023 09:11:49 +0200 openjdk-11 (11.0.19+7-1) unstable; urgency=high * OpenJDK 11.0.19 release, build 7. - CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968. - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-April/021900.html - d/p/*: refresh patches. [ Vladimir Petko ] * debian/JB-jre-headless.postinst.in: trigger ca-certificates-java after jre is set up. * d/p: drop obsolete patches (LP: #2011653). - workaround_expand_exec_shield_cs_limit.diff: obsoleted by hotspot-disable-exec-shield-workaround.diff. - generated-headers.patch: include is already added by openjdk makefile. - parallel-build-fix.diff: include is not necessary. * d/copyright, d/watch: implement uscan repackaging (LP: #2011749). * d/rules: use --with-debug-symbols=none (LP: #2003820). * d/control: add jtreg6 dependencies, regenerate control. * d/t/{jdk,hotspot,jaxp,langtools}: run tier1 and tier2 jtreg tests only, add test options from OpenJDK makefile. * d/t/*: fix test environment: add missing -nativepath (LP: #2001563). * d/t/jdk: provide dbus session for the window manager (LP: #2001576). * d/p/*: add patches for jtreg tests: - disable-thumb-assertion.patch: fix JDK-8305481. - update-assertion-for-armhf.patch: fix JDK-8305480. - log-generated-classes-test.patch: workaround JDK-8166162. - update-permission-test.patch: add security permissions for testng 7. - ldap-timeout-test-use-ip.patch, test-use-ip-address.patch: Ubuntu-specific patches to workaround missing DNS resolver on the build machines. - exclude_broken_tests.patch: quarantine failing tests. * d/rules: package external debug symbols (LP: #2015835). * drop d/p/{jaw-classpath.diff, jaw-optional.diff}: the atk wrapper is disabled and these patches cause class data sharing tests to fail (LP: #2016194). * d/p/exclude-broken-tests.patch: add OpenJDK 11 failures. * d/t/jtreg-autopkgtest.in: pass JTREG home to locate junit.jar, regenerate d/t/jtreg-autopkgtest.sh (LP: #2016206). * d/t/control.in: disable jtreg autopkgtests in line with openjdk 17, regenerate control (LP: #2016438). * d/rules: pack external debug symbols with build-id, do not pack duplicate symbols, do not strip JVM shared libraries (LP: #2012326, LP: #2016739). * d/rules: always use jtreg6. [ Matthias Klose ] * d/rules: Fix using CC/CXX for recent releases. -- Matthias Klose <doko@ubuntu.com> Sun, 11 Jun 2023 12:55:28 +0200 openjdk-11 (11.0.18+10-1) unstable; urgency=high * OpenJDK 11.0.18+10 build (release). - CVE-2023-21835, CVE-2023-21843 - Release notes: https://www.oracle.com/java/technologies/javase/11-0-18-relnotes.html [ Matthias Klose ] * Handle jtreg package name for backports. [ Vladimir Petko ] * debian/patches/*: Refreshed patches for the new release and dropped unused patches. * debian/watch: use jdk11u repository as upstream. * debian/rules: add lunar to jtreg version selection. -- Matthias Klose <doko@ubuntu.com> Thu, 26 Jan 2023 10:46:52 +0100 openjdk-11 (11.0.17+8-2) unstable; urgency=medium * Bump build dependencies on jtreg. -- Matthias Klose <doko@ubuntu.com> Wed, 19 Oct 2022 16:06:55 +0200 openjdk-11 (11.0.17+8-1) unstable; urgency=high * OpenJDK 11.0.17+8 build (release). * Security fixes - JDK-8289366: Improve HTTP/2 client usage. - JDK-8288508: Enhance ECDSA usage. - JDK-8286918: Better HttpServer service. - JDK-8287446: Enhance icon presentations. - JDK-8286910: Improve JNDI lookups. - JDK-8286511: Improve macro allocation. - JDK-8286526: Improve NTLM support. - JDK-8286533: Key X509 usages. - JDK-8286077: Wider MultiByte conversions. - JDK-8286519: Better memory handling. - JDK-8285662: Better permission resolution. - JDK-8282252: Improve BigInteger/Decimal validation. * Build using GCC 12 in recent development distros. * Don't install the security/blacklisted.certs symlink anymore. Closes: #1021866. -- Matthias Klose <doko@ubuntu.com> Wed, 19 Oct 2022 06:48:12 +0200 openjdk-11 (11.0.16+8-1) unstable; urgency=high * OpenJDK 11.0.16+8 build (release). * Security fixes - JDK-8277608: Address IP Addressing. - JDK-8272243: Improve DER parsing. - JDK-8272249: Better properties of loaded Properties. - JDK-8281859, CVE-2022-21540: Improve class compilation. - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations. - JDK-8283190: Improve MIDI processing. - JDK-8284370: Improve zlib usage. - JDK-8285407, CVE-2022-34169: Improve Xalan supports. -- Matthias Klose <doko@ubuntu.com> Wed, 20 Jul 2022 10:54:16 +0200 openjdk-11 (11.0.15+10-1) unstable; urgency=high * OpenJDK 11.0.15+10 build (release). * Security fixes - JDK-8269938: Enhance XML processing passes redux. - JDK-8270504, CVE-2022-21426: Better XPath expression handling. - JDK-8272255: Completely handle MIDI files. - JDK-8272261: Improve JFR recording file processing. - JDK-8272594: Better record of recordings. - JDK-8274221: More definite BER encodings. - JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0. - JDK-8275151, CVE-2022-21443: Improved Object Identification. - JDK-8277227: Better identification of OIDs. - JDK-8277672, CVE-2022-21434: Better invocation handler handling. - JDK-8278356: Improve file creation. - JDK-8278449: Improve keychain support. - JDK-8278798: Improve supported intrinsic. - JDK-8278805: Enhance BMP image loading. - JDK-8278972, CVE-2022-21496: Improve URL supports. - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo. * Refresh patches. -- Matthias Klose <doko@ubuntu.com> Mon, 02 May 2022 19:42:14 +0200 openjdk-11 (11.0.14.1+1-1) unstable; urgency=medium * OpenJDK 11.0.14.1+1 build (release). - Fix JDK-8218546. LP: #1966338. -- Matthias Klose <doko@ubuntu.com> Sun, 27 Mar 2022 11:16:07 +0200 openjdk-11 (11.0.14+9-1) unstable; urgency=high * OpenJDK 11.0.14+9 build (release). * Security fixes - JDK-8217375: jarsigner breaks old signature with long lines in manifest. - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside. - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization. - JDK-8268488: More valuable DerValues. - JDK-8268494: Better inlining of inlined interfaces. - JDK-8268512: More content for ContentInfo. - JDK-8268795: Enhance digests of Jar files. - JDK-8268801: Improve PKCS attribute handling. - JDK-8268813, CVE-2022-21283: Better String matching. - JDK-8269151: Better construction of EncryptedPrivateKeyInfo. - JDK-8269944: Better HTTP transport redux. - JDK-8270386, CVE-2022-21291: Better verification of scan methods. - JDK-8270392, CVE-2022-21293: Improve String constructions. - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps. - JDK-8270492, CVE-2022-21282: Better resolution of URIs. - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management. - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities. - JDK-8270952, CVE-2022-21277: Improve TIFF file handling. - JDK-8271962: Better TrueType font loading. - JDK-8271968: Better canonical naming. - JDK-8271987: Manifest improved manifest entries. - JDK-8272014, CVE-2022-21305: Better array indexing. - JDK-8272026, CVE-2022-21340: Verify Jar Verification. - JDK-8272236, CVE-2022-21341: Improve serial forms for transport. - JDK-8272272: Enhance jcmd communication. - JDK-8272462: Enhance image handling. - JDK-8273290: Enhance sound handling. - JDK-8273756, CVE-2022-21360: Enhance BMP image support. - JDK-8273838, CVE-2022-21365: Enhanced BMP processing. - JDK-8274096, CVE-2022-21366: Improve decoding of image files. - JDK-8279541: Improve HarfBuzz. -- Matthias Klose <doko@debian.org> Wed, 19 Jan 2022 11:05:38 +0100 openjdk-11 (11.0.13+8-1) unstable; urgency=medium * OpenJDK 11.0.13+8 build (release). * Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268205: Enhance DTLS client handshake - JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support - JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization * Remove patches applied upstream. -- Matthias Klose <doko@ubuntu.com> Wed, 20 Oct 2021 11:01:48 +0200 openjdk-11 (11.0.12+7-2) unstable; urgency=high * OpenJDK 11.0.12+7 build (release). * Security fixes: - JDK-8256157: Improve bytecode assembly. - JDK-8256491: Better HTTP transport. - JDK-8258432, CVE-2021-2341: Improve file transfers. - JDK-8260453: Improve Font Bounding. - JDK-8260960: Signs of jarsigner signing. - JDK-8260967, CVE-2021-2369: Better jar file validation. - JDK-8262380: Enhance XML processing passes. - JDK-8262403: Enhanced data transfer. - JDK-8262410: Enhanced rules for zones. - JDK-8262477: Enhance String Conclusions. - JDK-8262967: Improve Zip file support. - JDK-8264066, CVE-2021-2388: Enhance compiler validation. - JDK-8264079: Improve abstractions. - JDK-8264460: Improve NTLM support. * Encode the early-access status into the package version. LP: #1934895. -- Matthias Klose <doko@ubuntu.com> Wed, 21 Jul 2021 09:03:54 +0200 openjdk-11 (11.0.12+6-1) unstable; urgency=medium * OpenJDK 11.0.12+6 build (early access). -- Matthias Klose <doko@ubuntu.com> Wed, 07 Jul 2021 12:00:44 +0200 openjdk-11 (11.0.12+4-1) unstable; urgency=medium * OpenJDK 11.0.12+4 build (early access). * Don't apply the m68k-support patch, needs an update. -- Matthias Klose <doko@ubuntu.com> Thu, 27 May 2021 11:37:31 +0200 openjdk-11 (11.0.11+9-1) unstable; urgency=high * OpenJDK 11.0.11+9 build (release). * Security fixes: - JDK-8244473: Contextualize registration for JNDI. - JDK-8244543: Enhanced handling of abstract classes. - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543. - JDK-8250568: Less ambiguous processing (CVE-2021-2161). - JDK-8253799: Make lists of normal filenames. - JDK-8261183: Follow on to Make lists of normal filenames. - JDK-8249906: Enhance opening JARs (CVE-2021-2163). - JDK-8258247: Couple of issues in fix for JDK-8249906. - JDK-8259428: AlgorithmId.getEncodedParams() should return copy. - JDK-8257001: Improve HTTP client support. -- Matthias Klose <doko@ubuntu.com> Tue, 20 Apr 2021 20:21:22 +0200 openjdk-11 (11.0.11+8-1) unstable; urgency=medium * OpenJDK 11.0.11+8 build (early access). * Set DEB_BUILD_MAINT_OPTIONS = optimize=-lto, not yet ready. Looks like 16 and 17 are buildable with lto. * Remove dangling jfr alternative on upgrades if no jdk is installed (Andreas Beckmann). Closes: #985060. * Use mktemp instead of tempfile in maintainer scripts (Andreas Beckmann). * Backport fix for JDK-8262085, hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux. Closes: #967049. -- Matthias Klose <doko@ubuntu.com> Thu, 01 Apr 2021 12:24:55 +0200 openjdk-11 (11.0.11+7-1) unstable; urgency=medium * OpenJDK 11.0.11+7 build (early access). * Simplify compiler selection for backports. * Don't use the triplet-prefixed binutils tools for backports. -- Matthias Klose <doko@ubuntu.com> Thu, 18 Mar 2021 09:49:54 +0100 openjdk-11 (11.0.11+4-1) unstable; urgency=medium * OpenJDK 11.0.11+4 build (early access). * reproducible-build-jmod.diff: Fall back to the unpatched behavior for backports. * Only build with system harfbuzz for recent releases. * Configure --with-copyright-year. Closes: #956154. -- Matthias Klose <doko@ubuntu.com> Thu, 25 Feb 2021 11:54:00 +0100 openjdk-11 (11.0.11+3-3) experimental; urgency=medium * Fix the build logic, jaotc and jhsdb tools not available on all archs. * Ship the jfc files used by jfr. * Move libawt_xawt.so, libjawt.so into the jre package. Closes: #908058. -- Matthias Klose <doko@ubuntu.com> Sat, 20 Feb 2021 09:12:35 +0100 openjdk-11 (11.0.11+3-2) experimental; urgency=medium * OpenJDK 11.0.11+3 build (early access). * Use debugedit to generate unique build-id's and remove the openjdk-N-dbg file conflicts. Closes: #919671. * Remove KFreeBSD build support and patches, not updated since OpenJDK 8. * Backport JDK-8222825. Closes: #960153. * Build with Rules-Requires-Root: no. * Move the jfr binary from -jre-headless to -jdk-headless. Development tool. -- Matthias Klose <doko@ubuntu.com> Fri, 19 Feb 2021 13:54:09 +0100 openjdk-11 (11.0.10+9-1) unstable; urgency=high * OpenJDK 11.0.10+9 build (release). * Security fixes: - JDK-8247619: Improve Direct Buffering of Characters. * Other changes: See https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2021-January/004689.html * Update copyright years. -- Matthias Klose <doko@ubuntu.com> Wed, 20 Jan 2021 10:42:16 +0100 openjdk-11 (11.0.10+8-1) unstable; urgency=medium * OpenJDK 11.0.10+8 build (early access). * Build with system harfbuzz. * Refresh patches. * Don't run the autopkg tests. There's no value running all the internal tests as an autopkg test, when these are already run during the build. * Update VCS attributes. * Bump standards version. -- Matthias Klose <doko@ubuntu.com> Wed, 30 Dec 2020 13:50:32 +0100 openjdk-11 (11.0.9.1+1-1) unstable; urgency=medium * OpenJDK 11.0.9.1+1 build (release). * Configure --with-jvm-features=shenandoahgc for hotspot builds. LP: #1902029. -- Matthias Klose <doko@ubuntu.com> Thu, 05 Nov 2020 14:32:42 +0100 openjdk-11 (11.0.9+11-1) unstable; urgency=medium * OpenJDK 11.0.9+11 build (release). * Security fixes: - JDK-8233624: Enhance JNI linkage - JDK-8236196: Improve string pooling - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - JDK-8237995, CVE-2020-14782: Enhance certificate processing - JDK-8240124: Better VM Interning - JDK-8241114, CVE-2020-14792: Better range handling - JDK-8242680, CVE-2020-14796: Improved URI Support - JDK-8242685, CVE-2020-14797: Better Path Validation - JDK-8242695, CVE-2020-14798: Enhanced buffer support - JDK-8243302: Advanced class supports - JDK-8244136, CVE-2020-14803: Improved Buffer supports - JDK-8244479: Further constrain certificates - JDK-8244955: Additional Fix for JDK-8240124 - JDK-8245407: Enhance zoning of times - JDK-8245412: Better class definitions - JDK-8245417: Improve certificate chain handling - JDK-8248574: Improve jpeg processing - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit - JDK-8253019: Enhanced JPEG decoding [ Tiago Stürmer Daitx ] * debian/rules: - copy apport hook to source_$(PKGSOURCE).py, fixes apport on Ubuntu where source name is openjdk-lts instead of openjdk-11. * Refresh patches. [ Matthias Klose ] * Don't run the jdk tests as an autopkg test, taking too long. * Call strip-nondeterminism before computing jmod hashes (Julian Gilbey). Closes: #944738. * Build with GCC 10 in current development versions. Closes: #972288. -- Matthias Klose <doko@ubuntu.com> Wed, 21 Oct 2020 19:38:16 +0200 openjdk-11 (11.0.8+10-1) unstable; urgency=high * OpenJDK 11.0.8+10 build (release). * Security fixes: - JDK-8233239, CVE-2020-14562: Enhance TIFF support - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233234: Better Zip Naming - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8238013: Enhance String writing - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238925: Enhance WAV file playback - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux [ Tiago Stürmer Daitx ] * d/p/default-jvm-cfg.diff: updated patch. * d/p/8214571.diff, d/p/8228407.diff: applied by upstream, removed patches. [ Matthias Klose ] * Don't try to run autopkg tests on armel, mipsel, mips64el. * debian/copyright (remove licenses not found anymore in the sources): - Little CMS, libpng, GIFLIB. * Prepare to Build using GCC 10. -- Matthias Klose <doko@ubuntu.com> Wed, 22 Jul 2020 14:26:43 +0200 openjdk-11 (11.0.7+10-3) unstable; urgency=high * Backport the fix for JDK-8214571, -Xdoclint of array serialField gives "error: array type not allowed here". Introduced with 11.0.7. * Enable running the testsuite on release architectures. -- Matthias Klose <doko@ubuntu.com> Thu, 16 Apr 2020 14:40:58 +0200 openjdk-11 (11.0.7+10-2) unstable; urgency=high * Backport the fix for 8228407, JVM crashes with shared archive file mismatch. * Enable again bootcycle build for all hotspot architectures. * Build again with -march=zEC12 on Ubuntu/s390x. -- Matthias Klose <doko@ubuntu.com> Wed, 15 Apr 2020 16:03:23 +0200 openjdk-11 (11.0.7+10-1) unstable; urgency=high * OpenJDK 11.0.7+10 build (release). * Security fixes - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8226346: Build better binary builders - JDK-8227467: Better class method invocations - JDK-8227542: Manifest improved jar headers - JDK-8229733: TLS message handling improvements - JDK-8231415, CVE-2020-2773: Better signatures in XML - JDK-8231785: Improved socket permissions - JDK-8232424, CVE-2020-2778: More constrained algorithms - JDK-8232581, CVE-2020-2767: Improve TLS verification - JDK-8233250: Better X11 rendering - JDK-8233410: Better Build Scripting - JDK-8234027: Better JCEKS key support - JDK-8234408, CVE-2020-2781: Improve TLS session handling - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - JDK-8235274, CVE-2020-2805: Enhance typing of methods - JDK-8235691, CVE-2020-2816: Enhance TLS connectivity - JDK-8236201, CVE-2020-2830: Better Scanner conversions - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap [ Matthias Klose ] * Refresh patches. * Configure --with-jtreg=/usr/share/jtreg. * Enable the buildwatch script on sh4 (Adrian Glaubitz). Closes: #956728. * Build with -march=z13 -mtune=z15 on Ubuntu/s390x. -- Matthias Klose <doko@ubuntu.com> Wed, 15 Apr 2020 11:11:42 +0200 openjdk-11 (11.0.7+9-1) unstable; urgency=medium * OpenJDK 11.0.7+9 build (early access). * Make autopkgtests cross-test-friendly (Steve Langasek). LP: #1861467. * d/tests/jtreg-autopkgtest.in: keep generated hs_err log files with test artifacts to improve later debug (Tiago Stürmer Daitx). * d/tests/jtdiff-autopkgtest.in: set default vm to correctly locate (Tiago Stürmer Daitx) * jhsdb isn't built on sh4 (Adrian Glaubitz). Closes: #951774. -- Matthias Klose <doko@ubuntu.com> Thu, 26 Mar 2020 08:33:35 +0100 openjdk-11 (11.0.6+10-2) unstable; urgency=medium * Fix FTCBFS (Helmut Grohne). Addresses: #949460. - Missing Build-Depends: zlib1g-dev:native. - Use triplet-prefixed objcopy and strip. * Bump standards version. -- Matthias Klose <doko@ubuntu.com> Wed, 12 Feb 2020 08:40:22 +0100 openjdk-11 (11.0.6+10-1) unstable; urgency=high * OpenJDK 11.0.6+10 build (release). - S8220598: Malformed copyright year range in a few files in java.base. - S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets. - S8225261: Better method resolutions. - S8225279: Better XRender interpolation. - S8226352, CVE-2020-2590: Improve Kerberos interop capabilities. - S8227758: More valid PKIX processing. - S8227816: More Colorful ICC profiles. - S8228548, CVE-2020-2593: Normalize normalization for all. - S8229728: Implement negotiation parameters. - S8229951, CVE-2020-2601: Better Ticket Granting Services. - S8230279: Improve Pack200 file reading. - S8230318: Better trust store usage. - S8230967: Improve Registry support of clients. - S8231139: Improved keystore support. - S8231422, CVE-2020-2604: Better serial filter handling. - S8231780, CVE-2020-2655: Better TLS messaging support. - S8231790: Provide better FileSystemProviders. - S8232419: Improve Registry registration. - S8234037, CVE-2020-2654: Improve Object Identifier Processing. * Disable zero on sparc64 (Adrian Glaubitz). Closes: #942030. * Make the generated character data source files reproducible (Emmanuel Bourg). Closes: #933339. * Make the generated module-info.java files reproducible (Emmanuel Bourg). Closes: #933342. * Make the generated copyright headers reproducible (Emmanuel Bourg). Closes: #933349. * Make the build user reproducible (Emmanuel Bourg). Closes: #933373. -- Matthias Klose <doko@ubuntu.com> Wed, 15 Jan 2020 01:09:36 +0100 openjdk-11 (11.0.6+7-1) unstable; urgency=medium * OpenJDK 11.0.6+7 build (early access). -- Matthias Klose <doko@ubuntu.com> Fri, 13 Dec 2019 14:52:21 +0100 openjdk-11 (11.0.5+10-2) unstable; urgency=medium * Fix the jtreg consistency check when building without jtreg. * Don't call dh_strip_nondeterminism when building for older releases. * Fix disabling the zero build on arm64 on trusty. -- Matthias Klose <doko@ubuntu.com> Thu, 17 Oct 2019 22:04:30 +0200 openjdk-11 (11.0.5+10-1) unstable; urgency=high * OpenJDK 11.0.5+10 build (release). - S8209901: Canonical file handling. - S8213429, CVE-2019-2933: Windows file handling redux. - S8218573, CVE-2019-2945: Better socket support. - S8218877: Help transform transformers. - S8219914: Change the environment variable for Java Access Bridge logging to have a directory. - S8220186: Improve use of font temporary files. - S8220302, CVE-2019-2949: Better Kerberos ccache handling. - S8221497: Optional Panes in Swing. - S8221858, CVE-2019-2958: Build Better Processes. - S8222684, CVE-2019-2964: Better support for patterns. - S8222690, CVE-2019-2962: Better Glyph Images. - S8223163: Better pattern recognition. - S8223505, CVE-2019-2973: Better pattern compilation. - S8223518, CVE-2019-2975: Unexpected exception in jjs. - S8223886: Add in font table referene. - S8223892, CVE-2019-2978: Improved handling of jar files. - S8224025: Fix for JDK-8220302 is not complete. - S8224062, CVE-2019-2977: Improve String index handling. - S8224532, CVE-2019-2981: Better Path supports. - S8224915, CVE-2019-2983: Better serial attributes. - S8225286, CVE-2019-2987: Better rendering of native glyphs. - S8225292, CVE-2019-2988: Better Graphics2D drawing. - S8225298, CVE-2019-2989: Improve TLS connection support. - S8225597, CVE-2019-2992: Enhance font glyph mapping. - S8226765, CVE-2019-2999: Commentary on Javadoc comments. - S8227601: Better collection of references. - S8228825, CVE-2019-2894: Enhance ECDSA operations. -- Matthias Klose <doko@ubuntu.com> Wed, 16 Oct 2019 10:41:31 +0200 openjdk-11 (11.0.5+9-1) unstable; urgency=medium * OpenJDK 11.0.5+9 build (early access). * Bump standards version. * Use dh_strip_nondeterminism (Emmanuel Bourg). Closes: #933389. * Fix 8230708, server build on sparc64 (Adrian Glaubitz). Closes: #939565. * Fix FTBFS with DEB_BUILD_PROFILES=nocheck (Helmut Grohne). Closes: #939521. * Add more breaks to the openjdk-11-jre-headless package. Closes: #935624. * Fix debug and src symlinks. Closes: #893134, #910694, #910696. -- Matthias Klose <doko@ubuntu.com> Mon, 07 Oct 2019 11:00:49 +0200 openjdk-11 (11.0.5+6-2) unstable; urgency=medium * Fix 8230708, build failure on sparc64 (Adrian Glaubitz). * Disable the zero build on armhf. -- Matthias Klose <doko@ubuntu.com> Fri, 06 Sep 2019 17:54:18 +0200 openjdk-11 (11.0.5+6-1) unstable; urgency=medium * OpenJDK 11.0.5+6 build (early access). [ Matthias Klose ] * Tighten dependency on jtreg. * Build using GCC 9 on recent development releases. * Refresh patches. [ Tiago Stürmer Daitx ] * Properly generate Breaks: rules for bionic (fix typo). * Remove libgtk-3-dev from build-deps: libgtk-3-dev is not actually required, package builds fine without it; libgtk2.0-0 or libgtk-3-0 should be explicitly declared instead in bdeps and tests; libxrandr-dev should be explicitly added as it is required and was being included due to libgtk-3-dev dependency. * Set minimum dependency on jtreg based on testsuite requirements. * Fail during pre-build if installed jtreg version is lower then the minimum required version. * Improve and fix build tests and autopkgtests: - Depend on default-jre-headless so jtreg will use the JRE from /usr/default-java; remove JT_JAVA exports as it no longer needs to be set. - Update debian/tests/hotspot,jdk,langtools to ignore jtreg-autopkgtest.sh return code. - Create debian/tests/jtdiff-autopkgtest.in as it depends on debian/rules variables. - debian/tests/jtreg-autopkgtest.sh: + Enable retry of failed tests to trim out flaky tests. + Fix unbound variable. + Keep .jtr files from failed tests only. - debian/tests/jtdiff-autopkgtest.sh: + Fail only if an actual regression is detected. + Add the super-diff comparison from jtdiff. - debian/rules: + Preserve all JTreport directories in the test output directory. + Use JDK_DIR instead of JDK_TO_TEST for autopkgtest generation. + Package all .jtr files from JTwork as jtreg-autopkgtest.sh makes sure it contains only failing tests. -- Matthias Klose <doko@ubuntu.com> Wed, 04 Sep 2019 16:48:18 +0200 openjdk-11 (11.0.4+11-1) unstable; urgency=high * OpenJDK 11.0.4+11 build (release). - S8212328, CVE-2019-2762: Exceptional throw cases. - S8213431, CVE-2019-2766: Improve file protocol handling. - S8213432, CVE-2019-2769: Better copies of CopiesList. - S8216381, CVE-2019-2786: More limited privilege usage. - S8217563: Improve realm maintenance. - S8218863: Better endpoint checks. - S8218873: Improve JSSE endpoint checking. - S8218876, CVE-2019-7317: Improve PNG support options. - S8219775: Certificate validation improvements. - S8220517: Enhanced GIF support. - S8221345, CVE-2019-2818: Better Poly1305 support. - S8221518, CVE-2019-2816: Normalize normalization. - S8222678, CVE-2019-2821: Improve TLS negotiation. * Fix more build issues for Ubuntu precise builds. * Bump standards version. -- Matthias Klose <doko@ubuntu.com> Wed, 17 Jul 2019 02:28:36 +0200 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog openjdk-11-jre-headless`.
Generated by dwww version 1.15 on Thu Jun 27 23:09:31 CEST 2024.