[ubuntu/eoan-security] openjdk-8 8u252-b09-1~19.10 (Accepted)

Eduardo Barretto eduardo.barretto at canonical.com
Wed Apr 22 15:25:09 UTC 2020

openjdk-8 (8u252-b09-1~19.10) eoan-security; urgency=medium

  * Backport from Focal.

openjdk-8 (8u252-b09-1) unstable; urgency=medium

  * Update to OpenJDK 8u252-b09 (GA). Updated aarch32 to 8u252-b08 (no
    hotspot changes between b08 and b09).
  * Security fixes
    - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
    - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
    - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
    - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
    - JDK-8225603: Enhancement for big integers
    - JDK-8227542: Manifest improved jar headers
    - JDK-8231415, CVE-2020-2773: Better signatures in XML
    - JDK-8233250: Better X11 rendering
    - JDK-8233410: Better Build Scripting
    - JDK-8234027: Better JCEKS key support
    - JDK-8234408, CVE-2020-2781: Improve TLS session handling
    - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
    - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
    - JDK-8235274, CVE-2020-2805: Enhance typing of methods
    - JDK-8236201, CVE-2020-2830: Better Scanner conversions
    - JDK-8238960: linux-i586 builds are inconsistent as the newly build
      jdk is not able to reserve enough space for object heap
  * Other changes
    - JDK-8005819: Support cross-realm MSSFU
    - JDK-8022263: use same Clang warnings on BSD as on Linux
    - JDK-8038631: Create wrapper for awt.Robot with additional functionality
    - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex
      assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor
      is invalid
    - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and
      some unit tests
    - JDK-8068184: Fix for JDK-8032832 caused a deadlock
    - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
    - JDK-8132130: some docs cleanup
    - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
    - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods
      is not optimal
    - JDK-8144446: Automate the Marlin crash test
    - JDK-8144526: Remove Marlin logging use of deleted internal API
    - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
    - JDK-8144654: Improve Marlin logging
    - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with
      huge coordinates and round joins
    - JDK-8166976: TestCipherPBECons has wrong @run line
    - JDK-8167409: Invalid value passed to critical JNI function
    - JDK-8181872: C1: possible overflow when strength reducing integer multiply
       by constant
    - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
    - JDK-8191227: issues with unsafe handle resolution
    - JDK-8197441: Signature#initSign/initVerify for an invalid
      private/public key fails with ClassCastException for SunPKCS11 provider
    - JDK-8204152: SignedObject throws NullPointerException for null keys with
      an initialized Signature object
    - JDK-8215756: Memory leaks in the AWT on macOS
    - JDK-8216472: (se) Stack overflow during selection operation leads to crash
    - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from
      mtInternal to mtThread
    - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected
    - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts
    - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
    - JDK-8229022: BufferedReader performance can be improved by using
    - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
    - JDK-8229872: (fs) Increase buffer size used with getmntent
    - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey
      cause Exception
    - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
    - JDK-8235744: PIT:
      test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in
    - JDK-8235904: Infinite loop when rendering huge lines
    - JDK-8236179: C1 register allocation error with T_ADDRESS
    - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
    - JDK-8240521: Revert backport of 8231584: Deadlock with
      ClassLoader.findLibrary and System.loadLibrary call
    - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
    - JDK-8241307: Marlin renderer should not be the default in 8u252
  * Build using GCC 9 in unstable. Closes: #944184.

openjdk-8 (8u252-b07-1) unstable; urgency=medium

  * Update to 8u252-b07 (early access build).
  * Update ARM32 and AArch64 hotspot to 8u252-b06.
  * Build using GCC 9 in recent releases.

openjdk-8 (8u242-b08-1) unstable; urgency=medium

  * Merge changes from 8u242-b08-0ubuntu3 back into Debian
  * Fix nocheck profile (no profile support) for wheezy
  * Version !nocheck default-jre-headless build dependency
    to ensure at least Java 8 there as well; avoids needing to
    install two JREs when building in pre-{stretch,xenial}
  * Update aarch64 to GA jdk8u242-b08, aarch32 to jdk8u242-ga
  * Bump Policy

openjdk-8 (8u242-b08-0ubuntu3) focal; urgency=medium

  * OpenJDK 8u242-b08 build (release).
    - S8226352, CVE-2020-2590: Improve Kerberos interop capabilities
    - S8228548, CVE-2020-2593: Normalize normalization for all
    - S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets
    - S8229951, CVE-2020-2601: Better Ticket Granting Services
    - S8231422, CVE-2020-2604: Better serial filter handling
    - S8231795, CVE-2020-2659: Enhance datagram socket support
    - S8234037, CVE-2020-2654: Improve Object Identifier Processing
    - S8037550: Update RFC references in javadoc to RFC 5280
    - S8039438: Some tests depend on internal API sun.misc.IOUtils
    - S8044500: Add kinit options and krb5.conf flags that allow users
      to obtain renewable tickets and specify ticket lifetimes
    - S8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic,
      relies on clockskew grace
    - S8080835: Add blocking bulk read to sun.misc.IOUtils
    - S8138978: Examine usages of sun.misc.IOUtils
    - S8139206: Add InputStream readNBytes(int len)
    - S8183591: Incorrect behavior when reading DER value with
      Integer.MAX_VALUE length
    - S8186576: KerberosTicket does not properly handle renewable
      tickets at the end of their lifetime
    - S8186831: Kerberos ignores PA-DATA with a non-null s2kparams
    - S8186884: Test native KDC, Java krb5 lib, and native krb5 lib in
      one test
    - S8193832: Performance of InputStream.readAllBytes() could be improved
    - S8196956: (ch) More channels cleanup
    - S8201627: Kerberos sequence number issues
    - S8215032: Support Kerberos cross-realm referrals (RFC 6806)
    - S8225261: Better method resolutions
    - S8225279: Better XRender interpolation
    - S8226719: Kerberos login to Windows 2000 failed with "Inappropriate
      type of checksum in message"
    - S8227061: KDC.java test behaves incorrectly when AS-REQ contains a
      PAData not PA-ENC-TS-ENC
    - S8227381: GSS login fails with PREAUTH_FAILED
    - S8227437: S4U2proxy cannot continue because server's TGT cannot be found
    - S8227758: More valid PKIX processing
    - S8227816: More Colorful ICC profiles
    - S8230279: Improve Pack200 file reading
    - S8230318: Better trust store usage
    - S8230967: Improve Registry support of clients
    - S8231129: More glyph images
    - S8231139: Improved keystore support
    - S8232381: add result NULL-checking to freetypeScaler.c
    - S8232419: Improve Registry registration
    - S8233944: Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private
    - S8235909: File.exists throws AccessControlException for invalid
      paths when a SecurityManager is installed
    - S8236983: [TESTBUG] Remove pointless catch block in
    - S8236984: Add compatibility wrapper for IOUtils.readFully
  * Use the hotspot arch list to select between hotspot and zero as
    the default VM for autopkgtests. This fixes s390x (zero based)
    autopkgtest support.

Date: 2020-04-15 20:44:39.295850+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Maintainer: OpenJDK <openjdk at lists.launchpad.net>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Eoan-changes mailing list