openjdk-lts (11.0.25+9-1ubuntu1~22.04) jammy-security; urgency=medium
* OpenJDK 11.0.25 release, build 9.
- CVEs
+ CVE-2024-21208, 8328286: Enhance HTTP client
+ CVE-2024-21210, 8328544: Improve handling of vectorization
+ CVE-2024-21217, 8331446: Improve deserialization support
+ CVE-2024-21235, 8332644: Improve graph optimizations
- Security fixes
+ JDK-8290367, JDK-8332643: Update default value and extend the scope
of the com.sun.jndi.ldap.object.trustSerialData system property
+ JDK-8307383: Enhance DTLS connections
+ JDK-8328286: Enhance HTTP client
+ JDK-8328544: Improve handling of vectorization
+ JDK-8328726: Better Kerberos support
+ JDK-8331446: Improve deserialization support
+ JDK-8332644: Improve graph optimizations
+ JDK-8335713: Enhance vectorization analysis
[ Vladimir Petko ]
* d/rules: do not include dtrace support for S390x (JDK-8305174).
* d/t/problems.csv: Disable jdk/sun/security/util/Debug/DebugOptions.java
due to JDK-8339713.
[ Pushkar Kulkarni ]
* d/rules: Add CFLAG to avert FTBFS on armhf due
to GCC-11 ICE reported by LP-1953128
* d/{control, watch}: regenerate for upload to Ubuntu 22.04
* Upload to Ubuntu 22.04
-- Pushkar Kulkarni <pushkar.kulkarni@canonical.com> Thu, 17 Oct 2024 22:51:26 +0530
openjdk-lts (11.0.25~5ea-1ubuntu1) oracular; urgency=medium
* OpenJDK 11.0.25+5 build (early access) (LP: #2080298).
* d/copyright-generator/strip-common-licenses.sh: Add GPLv3 to the
list of common licenses.
* d/rules, d/control.in: Depend on pkgconf rather than pkg-config in
bookworm and later releases. This resolves lintian warning
build-depends-on-obsolete-package Build-Depends: pkg-config => pkgconf.
* Build using GCC 14 on development versions.
* d/t/problemlist.csv: Update problemlist.csv for July release.
* d/copyright-generator/copyright-gen.py: remove spurious whitespaces.
* Enable dtrace support.
* Regenerate control files.
-- Vladimir Petko <vladimir.petko@canonical.com> Tue, 10 Sep 2024 08:53:42 +1200
openjdk-lts (11.0.24+8-1ubuntu3) oracular; urgency=medium
* OpenJDK 11.0.24 release, build 8. Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-July/035797.html
- CVEs
+ CVE-2024-21147: 8323231, RangeCheckElimination array index overflow.
+ CVE-2024-21145: 8324559, Out-of-bounds access in 2D image handling.
+ CVE-2024-21140: 8320548, Range Check Elimination (RCE) pre-loop limit
overflow.
+ CVE-2024-21144: 8322106, Pack200 increase loading time due to improper
header validation.
+ CVE-2024-21131: 8314794, potential UTF8 size overflow.
+ CVE-2024-21138: 8319859, Excessive symbol length can lead to infinite loop.
- Security fixes
+ JDK-8303466: C2: failed: malformed control flow.
Limit type made precise with MaxL/MinL.
+ JDK-8314794: Improve UTF8 String supports.
+ JDK-8319859: Better symbol storage.
+ JDK-8320097: Improve Image transformations.
+ JDK-8320548: Improved loop handling.
+ JDK-8322106: Enhance Pack 200 loading.
+ JDK-8323231: Improve array management.
+ JDK-8323390: Enhance mask blit functionality.
+ JDK-8324559: Improve 2D image handling.
+ JDK-8325600: Better symbol storage.
+ JDK-8327413: Enhance compilation efficiency.
* No-Change upload to include OpenJDK bugs related to CVEs.
-- Vladimir Petko <vladimir.petko@canonical.com> Mon, 22 Jul 2024 08:41:26 +1200
openjdk-lts (11.0.24+8-1ubuntu2) oracular; urgency=medium
* OpenJDK 11.0.24 release, build 8. Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-July/035797.html
+ CVEs
- CVE-2024-21147
- CVE-2024-21145
- CVE-2024-21140
- CVE-2024-21144
- CVE-2024-21131
- CVE-2024-21138
+ Security fixes
- JDK-8303466: C2: failed: malformed control flow.
Limit type made precise with MaxL/MinL.
- JDK-8314794: Improve UTF8 String supports.
- JDK-8319859: Better symbol storage.
- JDK-8320097: Improve Image transformations.
- JDK-8320548: Improved loop handling.
- JDK-8322106: Enhance Pack 200 loading.
- JDK-8323231: Improve array management.
- JDK-8323390: Enhance mask blit functionality.
- JDK-8324559: Improve 2D image handling.
- JDK-8325600: Better symbol storage.
- JDK-8327413: Enhance compilation efficiency.
* No-Change upload to include upstream release notes.
-- Vladimir Petko <vladimir.petko@canonical.com> Mon, 22 Jul 2024 08:17:12 +1200
openjdk-lts (11.0.24+8-1ubuntu1) oracular; urgency=medium
* OpenJDK 11.0.24 release, build 8.
- CVEs:
+ CVE-2024-21147
+ CVE-2024-21145
+ CVE-2024-21140
+ CVE-2024-21144
+ CVE-2024-21131
+ CVE-2024-21138
- Security Fixes:
+ JDK-8281658: New Security Category for -XshowSettings Launcher
Option.
+ JDK-8316138: Added GlobalSign R46 and E46 Root CA Certificates.
+ JDK-8256660: Disabled DTLS 1.0.
+ JDK-8326891: Native Executables and Libraries on Linux Use
RPATH Instead of RUNPATH.
* d/copyright: regenerate copyright.
* d/rules, d/t/*: collate all excluded tests into d/problemlist.csv.
* d/p/jdk-8336529-proposed.patch: fix time_t migration issue on armhf -
openjdk is unable to set file last modified timestamp.
* d/p/jdk-8334895-proposed.patch: refresh patch.
* d/rules: enable upstream release.
* d/rules: relax jtreg7 version condition for backports.
* d/rules: use gcc-10 for focal to resolve riscv gcc crash.
-- Vladimir Petko <vladimir.petko@canonical.com> Thu, 18 Jul 2024 19:36:07 +1200
openjdk-lts (11.0.24~6ea-1ubuntu2) oracular; urgency=medium
* d/rules: include /usr/share/dpkg/buildflags.mk to avoid configure
failure due to the undefined variables.
-- Vladimir Petko <vladimir.petko@canonical.com> Wed, 26 Jun 2024 08:34:02 +1200
openjdk-lts (11.0.24~6ea-1ubuntu1) oracular; urgency=medium
* New upstream snapshot 11.0.24~6ea (LP: #2069917).
* d/p/*: refresh patches.
* d/rules, d/control: use jtreg7, enable jtreg.
* d/JB-demo.overrides.in: add jar-contains-source override for
SwingSet demo jar.
* d/rules, d/copyright-generator/copyright-gen.py, d/copyright:
exclude test/jdk/sun/management/windows/revokeall.exe from orig
tarball, format d/copyright-generator/copyright-gen.py.
* d/p/8307977-proposed.diff: rename to jdk-8307977-proposed.patch.
* d/p/jdk-8334502.patch: fix iso8601_utctime armhf function.
* d/p/jtreg-location.diff: drop patch as it is no longer needed for
jtreg7.
-- Vladimir Petko <vladimir.petko@canonical.com> Thu, 20 Jun 2024 10:30:43 +1200
openjdk-lts (11.0.23+9-1ubuntu1) noble; urgency=high
* OpenJDK 11.0.23 release, build 9.
- CVE-2024-21011, 8319851: Improve exception logging.
- CVE-2024-21068, 8322122: Enhance generation of addresses.
- 8318340: Improve RSA key implementations.
- CVE-2024-21012, 8315708: Enhance HTTP/2 client usage.
- CVE-2024-21094, 8317507: Already fixed in November 2023:
C2 compilation fails with "Exceeded _node_regs array".
- CVE-2024-21085, 8322114: Improve Pack 200 handling.
[ Pushkar Kulkarni ]
* Use 64-bit clock_* function on archs like armhf.
-- Matthias Klose <doko@ubuntu.com> Wed, 17 Apr 2024 16:23:29 +0200
openjdk-lts (11.0.23~7ea-1ubuntu4) noble; urgency=medium
* d/rules: disable jtreg tests due to jtreg i386 uninstallability.
-- Vladimir Petko <vladimir.petko@canonical.com> Wed, 17 Apr 2024 08:28:35 +1200
openjdk-lts (11.0.23~7ea-1ubuntu3) noble; urgency=medium
* d/patches: Use clock_*64 functions on archs like armhf
(LP: #2059005)
-- Pushkar Kulkarni <pushkar.kulkarni@canonical.com> Thu, 11 Apr 2024 20:16:13 +0530
# For older changelog entries, run 'apt-get changelog openjdk-11-doc'
Generated by dwww version 1.14 on Thu Jan 23 08:50:38 CET 2025.