[ubuntu/focal-security] openjdk-21 21.0.3+9-1ubuntu1~20.04.1 (Accepted)

Evan Caville evan.caville at canonical.com
Thu Jun 6 02:21:09 UTC 2024 

openjdk-21 (21.0.3+9-1ubuntu1~20.04.1) focal-security; urgency=medium

  * Modify changelog entry for 21.0.3+9-1:
       remove an invalid entry from the CVE list.

openjdk-21 (21.0.3+9-1ubuntu1~20.04) focal-security; urgency=medium

  * d/rules: enable jtreg tests.
  * Regenerate control files.

  [ Pushkar Kulkarni ]
  * Upload to Ubuntu 20.04
  * d/rules, d/control: Use gcc 10 to work around LP: #2044899

openjdk-21 (21.0.3+9-1) unstable; urgency=high

  * OpenJDK 21.0.3 release, build 9.

    * CVEs
    - CVE-2024-21011, 8319851: Improve exception logging.
    - CVE-2024-21068, 8322122: Enhance generation of addresses.
    - CVE-2024-21012, 8315708: Enhance HTTP/2 client usage.
    - CVE-2024-21094, 8317507: Already fixed in November 2023:
        C2 compilation fails with "Exceeded _node_regs array".

    * Security fixes
    - JDK-8315708: Enhance HTTP/2 client usage
    - JDK-8318340: Improve RSA key implementations
    - JDK-8319851: Improve exception logging
    - JDK-8322122: Enhance generation of addresses

  [ Vladimir Petko ]
  * d/p/jdk-8329983.patch: apply workaround for JDK-8329983, link failure
    against libjvm.so on armhf due to undefined symbol.

  [ Matthias Klose ]
  * Update the m68k-support patch. Closes: #1068873.

openjdk-21 (21.0.3~7ea-1) unstable; urgency=medium

  * OpenJDK 21.0.3, build 7 (early access).

  [ Matthias Klose ]
  * Don't try to install jhsdb on armhf with a zero-only build.
  * Remove the GTK 2.x bits.
  * Update cups dependencies for time_t64.

  [ Pushkar Kulkarni ]
  * Corrections to patch arch-add-ports.diff.
  * Fix a typo in the vendor name derivation logic.
  * Copyright generator fixes.

  [ Vladimir Petko ]
  * d/p/jdk-8325028.patch: Apply upstream patch so that pipe channels
    lazily set socket to non-blocking mode on first use by virtual thread.
  * Fix installing the s390x build.
  * Emit warning to install openjdk-*-jre package when fontmanager is
    used, but only openjdk-*-jre-headless is installed.
  * Add support to build --with-hsdis=binutils, but keep it off by default.
  * Run the hotspot and jdk autopkg tests on all architectures.
  * Add bash, lsb-release and xauth as dependencies for autopkg tests.
  * Build openjdk-21-testsupport packages, containing the binaries
    required to run the autopkg tests.
  * d/t/{hotspot,jdk}-autopkgtest.{sh, in}: Set default arguments to
    tier1 tests, otherwise pass user's arguments while setting correct
    test directory and native path.
  * Fix lintian override package name.

openjdk-21 (21.0.3~6ea-1) unstable; urgency=medium

  * OpenJDK 21.0.3, build 6 (early access).

openjdk-21 (21.0.2+13-3) unstable; urgency=medium

  * libcups2, libfontconfig1: Make it a recommends in jre-headless,
    a dependency in jre.
  * Make the dependencies for libfontmanager.so and libjsound.so
    recommendations in jre-headless, and dependencies in jre.
  * Drop build dependencies on libgtk2 | libgtk3.
  * Disable running the tests for the time_t64 bootstrap.

openjdk-21 (21.0.2+13-2) unstable; urgency=medium

  [ Matthias Klose ]
  * d/changelog: Whitespace cleanup.
  * Update build dependency on libfontconfig-dev.
  * Apply proposed patch for JDK-8307977. Addresses: #1034600.

  [ Vladimir Petko ]
  * Apply proposed fix for JDK-8242564 to resolve Java 21 FTBFSes.
    Closes: #1057500, #1057508, #1057519.

openjdk-21 (21.0.2+13-1) unstable; urgency=high

  * OpenJDK 21.0.2 release, build 13.
    - CVEs:
      + CVE-2024-20918
      + CVE-2024-20919
      + CVE-2024-20921
      + CVE-2024-20945
      + CVE-2024-20952
    - Security fixes:
      + JDK-8308204: Enhanced certificate processing.
      + JDK-8314295: Enhance verification of verifier.
      + JDK-8314307: Improve loop handling.
      + JDK-8314468: Improve Compiler loops.
      + JDK-8316976: Improve signature handling.
      + JDK-8317547: Enhance TLS connection support.

  [ Pushkar Kulkarni ]
  * debian/copyright: Fix whitespace issues.
  * Minor improvements to the copyright-generator.

  [ Vladimir Petko ]
  * d/copyright: Fix lintian warning.
  * Generate d/watch to cope with early access and release builds.

  [ Matthias Klose ]
  * Add sparc64 defines (patch by Adrian Glaubitz). Closes: #1057390.
  * d/copyright: Fix source location.
  * Update the arch-add-ports patch, taken from 22.
  * Regenerate debian files.

Date: 2024-05-29 15:04:10.953105+00:00
Changed-By: Pushkar Kulkarni <pushkar.kulkarni at canonical.com>
Signed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.3+9-1ubuntu1~20.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list