[ubuntu/xenial-security] openjdk-8 8u252-b09-1~16.04 (Accepted)
Eduardo Barretto
eduardo.barretto at canonical.com
Wed Apr 22 15:25:15 UTC 2020
openjdk-8 (8u252-b09-1~16.04) xenial-security; urgency=medium
* Backport from Focal.
openjdk-8 (8u252-b09-1) unstable; urgency=medium
* Update to OpenJDK 8u252-b09 (GA). Updated aarch32 to 8u252-b08 (no
hotspot changes between b08 and b09).
* Security fixes
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
- JDK-8225603: Enhancement for big integers
- JDK-8227542: Manifest improved jar headers
- JDK-8231415, CVE-2020-2773: Better signatures in XML
- JDK-8233250: Better X11 rendering
- JDK-8233410: Better Build Scripting
- JDK-8234027: Better JCEKS key support
- JDK-8234408, CVE-2020-2781: Improve TLS session handling
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
- JDK-8235274, CVE-2020-2805: Enhance typing of methods
- JDK-8236201, CVE-2020-2830: Better Scanner conversions
- JDK-8238960: linux-i586 builds are inconsistent as the newly build
jdk is not able to reserve enough space for object heap
* Other changes
- JDK-8005819: Support cross-realm MSSFU
- JDK-8022263: use same Clang warnings on BSD as on Linux
- JDK-8038631: Create wrapper for awt.Robot with additional functionality
- JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex
assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor
is invalid
- JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and
some unit tests
- JDK-8068184: Fix for JDK-8032832 caused a deadlock
- JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
- JDK-8132130: some docs cleanup
- JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
- JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods
is not optimal
- JDK-8144446: Automate the Marlin crash test
- JDK-8144526: Remove Marlin logging use of deleted internal API
- JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
- JDK-8144654: Improve Marlin logging
- JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with
huge coordinates and round joins
- JDK-8166976: TestCipherPBECons has wrong @run line
- JDK-8167409: Invalid value passed to critical JNI function
- JDK-8181872: C1: possible overflow when strength reducing integer multiply
by constant
- JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
- JDK-8191227: issues with unsafe handle resolution
- JDK-8197441: Signature#initSign/initVerify for an invalid
private/public key fails with ClassCastException for SunPKCS11 provider
- JDK-8204152: SignedObject throws NullPointerException for null keys with
an initialized Signature object
- JDK-8215756: Memory leaks in the AWT on macOS
- JDK-8216472: (se) Stack overflow during selection operation leads to crash
- JDK-8219244: NMT: Change ThreadSafepointState's allocation type from
mtInternal to mtThread
- JDK-8219597: (bf) Heap buffer state changes could provoke unexpected
exceptions
- JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts
test
- JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
- JDK-8229022: BufferedReader performance can be improved by using
StringBuilder
- JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
- JDK-8229872: (fs) Increase buffer size used with getmntent
- JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey
cause Exception
- JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
- JDK-8235744: PIT:
test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in
linux-x64
- JDK-8235904: Infinite loop when rendering huge lines
- JDK-8236179: C1 register allocation error with T_ADDRESS
- JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
- JDK-8240521: Revert backport of 8231584: Deadlock with
ClassLoader.findLibrary and System.loadLibrary call
- JDK-8241296: Segfault in JNIHandleBlock::oops_do()
- JDK-8241307: Marlin renderer should not be the default in 8u252
* Build using GCC 9 in unstable. Closes: #944184.
openjdk-8 (8u252-b07-1) unstable; urgency=medium
* Update to 8u252-b07 (early access build).
* Update ARM32 and AArch64 hotspot to 8u252-b06.
* Build using GCC 9 in recent releases.
openjdk-8 (8u242-b08-1) unstable; urgency=medium
* Merge changes from 8u242-b08-0ubuntu3 back into Debian
* Fix nocheck profile (no profile support) for wheezy
* Version !nocheck default-jre-headless build dependency
to ensure at least Java 8 there as well; avoids needing to
install two JREs when building in pre-{stretch,xenial}
* Update aarch64 to GA jdk8u242-b08, aarch32 to jdk8u242-ga
* Bump Policy
openjdk-8 (8u242-b08-0ubuntu3) focal; urgency=medium
* OpenJDK 8u242-b08 build (release).
- S8226352, CVE-2020-2590: Improve Kerberos interop capabilities
- S8228548, CVE-2020-2593: Normalize normalization for all
- S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets
- S8229951, CVE-2020-2601: Better Ticket Granting Services
- S8231422, CVE-2020-2604: Better serial filter handling
- S8231795, CVE-2020-2659: Enhance datagram socket support
- S8234037, CVE-2020-2654: Improve Object Identifier Processing
- S8037550: Update RFC references in javadoc to RFC 5280
- S8039438: Some tests depend on internal API sun.misc.IOUtils
- S8044500: Add kinit options and krb5.conf flags that allow users
to obtain renewable tickets and specify ticket lifetimes
- S8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic,
relies on clockskew grace
- S8080835: Add blocking bulk read to sun.misc.IOUtils
- S8138978: Examine usages of sun.misc.IOUtils
- S8139206: Add InputStream readNBytes(int len)
- S8183591: Incorrect behavior when reading DER value with
Integer.MAX_VALUE length
- S8186576: KerberosTicket does not properly handle renewable
tickets at the end of their lifetime
- S8186831: Kerberos ignores PA-DATA with a non-null s2kparams
- S8186884: Test native KDC, Java krb5 lib, and native krb5 lib in
one test
- S8193832: Performance of InputStream.readAllBytes() could be improved
- S8196956: (ch) More channels cleanup
- S8201627: Kerberos sequence number issues
- S8215032: Support Kerberos cross-realm referrals (RFC 6806)
- S8225261: Better method resolutions
- S8225279: Better XRender interpolation
- S8226719: Kerberos login to Windows 2000 failed with "Inappropriate
type of checksum in message"
- S8227061: KDC.java test behaves incorrectly when AS-REQ contains a
PAData not PA-ENC-TS-ENC
- S8227381: GSS login fails with PREAUTH_FAILED
- S8227437: S4U2proxy cannot continue because server's TGT cannot be found
- S8227758: More valid PKIX processing
- S8227816: More Colorful ICC profiles
- S8230279: Improve Pack200 file reading
- S8230318: Better trust store usage
- S8230967: Improve Registry support of clients
- S8231129: More glyph images
- S8231139: Improved keystore support
- S8232381: add result NULL-checking to freetypeScaler.c
- S8232419: Improve Registry registration
- S8233944: Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private
- S8235909: File.exists throws AccessControlException for invalid
paths when a SecurityManager is installed
- S8236983: [TESTBUG] Remove pointless catch block in
test/jdk/sun/security/util/DerValue/BadValue.java
- S8236984: Add compatibility wrapper for IOUtils.readFully
* Use the hotspot arch list to select between hotspot and zero as
the default VM for autopkgtests. This fixes s390x (zero based)
autopkgtest support.
Date: 2020-04-15 20:44:15.083276+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Maintainer: OpenJDK <openjdk at lists.launchpad.net>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~16.04
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list