[ubuntu/focal-security] openjdk-lts 11.0.9+11-0ubuntu1~20.04 (Accepted)

Eduardo Barretto eduardo.barretto at canonical.com
Tue Oct 27 22:35:27 UTC 2020 

openjdk-lts (11.0.9+11-0ubuntu1~20.04) focal-security; urgency=medium

  * Backport from Groovy.

openjdk-lts (11.0.9+11-0ubuntu1) groovy; urgency=medium

  * OpenJDK 11.0.9+11 build (release).
  * Security fixes:
    - JDK-8233624: Enhance JNI linkage
    - JDK-8236196: Improve string pooling
    - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
    - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
    - JDK-8237995, CVE-2020-14782: Enhance certificate processing
    - JDK-8240124: Better VM Interning
    - JDK-8241114, CVE-2020-14792: Better range handling
    - JDK-8242680, CVE-2020-14796: Improved URI Support
    - JDK-8242685, CVE-2020-14797: Better Path Validation
    - JDK-8242695, CVE-2020-14798: Enhanced buffer support
    - JDK-8243302: Advanced class supports
    - JDK-8244136, CVE-2020-14803: Improved Buffer supports
    - JDK-8244479: Further constrain certificates
    - JDK-8244955: Additional Fix for JDK-8240124
    - JDK-8245407: Enhance zoning of times
    - JDK-8245412: Better class definitions
    - JDK-8245417: Improve certificate chain handling
    - JDK-8248574: Improve jpeg processing
    - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
    - JDK-8253019: Enhanced JPEG decoding

  [ Matthias Klose ]
  * Call strip-nondeterminism before computing jmod hashes (Julian Gilbey).
    Closes: #944738.
  * Build with GCC 10 in current development versions. Closes: #972288.

  [ Tiago Stürmer Daitx ]
  * debian/rules:
    - remove get-orig, gbp import-orig uses uscan and is configured
      to clean the orig package.
    - sanitize v_pkgrel to use in version-opt as it deletes
      any character not in [-.a-zA-Z0-9].
    - prevent deletion of test file on dh_clean.
  * debian/generate-debian-orig.sh, debian/update-hgrev.sh: remove
    outdated files that no longer work.
  * debian/watch: fetch from github and only scan for numeric tags.
  * debian/patches/jdk-8254177-tzdata2020b.patch: update to latest
    tzdata.
  * debian/JB-jre-headless.postinst.in: replace tempfile calls with
    mktemp. Closes: #972245.

openjdk-lts (11.0.9+10-0ubuntu1) groovy; urgency=medium

  * OpenJDK 11.0.9+9 build (early access).
  * debian/rules:
    - copy apport hook to source_$(PKGSOURCE).py.
    - untar upstream tarball directly and avoid the unnecessary
      intermediate directory.
    - get tar to clamp mtime based on changelog's date entry and
      name the origtarball from $PKGSOURCE instead of basename.
  * debian/patches/Don-t-optimize-fdlibm-fork-for-Zero-on-linux-sparc-Z.patch,
    debian/patches/generated-headers.patch,
    debian/patches/icc_loading_with_symlink.diff,
    debian/patches/jdk-getAccessibleValue.diff,
    debian/patches/jexec.diff, debian/patches/jtreg-location.diff, 
    debian/patches/reproducible-build-user.diff, debian/patches/riscv64.diff,
    debian/patches/s390x-opt.diff, debian/patches/system-pcsclite.diff,
    debian/patches/workaround_expand_exec_shield_cs_limit.diff,
    debian/patches/zero-x32.diff: refresh patches.

openjdk-lts (11.0.8+10-0ubuntu1) groovy; urgency=medium

  * OpenJDK 11.0.8+10 build (release).
  * Security fixes:
    - JDK-8233239, CVE-2020-14562: Enhance TIFF support
    - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling
    - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
    - JDK-8237592, CVE-2020-14577: Enhance certificate verification
    - JDK-8238002, CVE-2020-14581: Better matrix operations
    - JDK-8238920, CVE-2020-14583: Better Buffer support
    - JDK-8240119, CVE-2020-14593: Less Affine Transformations
    - JDK-8242136, CVE-2020-14621: Better XML namespace handling
    - JDK-8230613: Better ASCII conversions
    - JDK-8231800: Better listing of arrays
    - JDK-8232014: Expand DTD support
    - JDK-8233234: Better Zip Naming
    - JDK-8233255: Better Swing Buttons
    - JDK-8234032: Improve basic calendar services
    - JDK-8234042: Better factory production of certificates
    - JDK-8234418: Better parsing with CertificateFactory
    - JDK-8234836: Improve serialization handling
    - JDK-8236191: Enhance OID processing
    - JDK-8238013: Enhance String writing
    - JDK-8238804: Enhance key handling process
    - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
    - JDK-8238843: Enhanced font handing
    - JDK-8238925: Enhance WAV file playback
    - JDK-8240482: Improved WAV file playback
    - JDK-8241379: Update JCEKS support
    - JDK-8241522: Manifest improved jar headers redux
   * d/p/default-jvm-cfg.diff: updated patch.
   * d/p/8214571.diff, d/p/8228407.diff: applied by upstream, removed patches.

Date: 2020-10-22 15:12:14.173192+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.9+11-0ubuntu1~20.04
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list