Univention Bugzilla – Bug 53645
openjdk-8: Multiple issues (4.4)
Last modified: 2021-08-11 16:48:35 CEST
New Debian openjdk-8 8u302-b08-1~deb9u1 fixes: This update addresses the following issues: * FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) * Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/openjdk-8_8u292-b10-0+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/openjdk-8_8u302-b08-1~deb9u1.dsc @@ -1,3 +1,74 @@ +8u302-b08-1~deb9u1 [Fri, 30 Jul 2021 03:00:20 +0200] Thorsten Glaser <tg@mirbsd.de>: + + * Non-maintainer upload by the LTS Team. + * Provide builds for wheezy, jessie, stretch, buster, bullseye + * Disable tests (debian/README.source documents why they fail) + * Effort sponsored by ⮡ tarent + +8u302-b08-1 [Thu, 29 Jul 2021 20:45:23 +0200] Thorsten Glaser <tg@mirbsd.de>: + + * New upstream release (GA) + * Security fixes: + - JDK-8256157: Improve bytecode assembly + - JDK-8256491: Better HTTP transport + - JDK-8258432, CVE-2021-2341: Improve file transfers + - JDK-8260453: Improve Font Bounding + - JDK-8260960: Signs of jarsigner signing + - JDK-8260967, CVE-2021-2369: Better jar file validation + - JDK-8262380: Enhance XML processing passes + - JDK-8262403: Enhanced data transfer + - JDK-8262410: Enhanced rules for zones + - JDK-8262477: Enhance String Conclusions + - JDK-8262967: Improve Zip file support + - JDK-8264066, CVE-2021-2388: Enhance compiler validation + - JDK-8264079: Improve abstractions + - JDK-8264460: Improve NTLM support + * Other changes: see + https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-July/014118.html + * Add or update d/copyright lines, based on diffing upstream changes + * Refresh all patches that are actually used and drop no longer needed + d/p/compare-pointer-with-literal.patch + * Fix spelling in d/rules + * Upload sponsored by ⮡ tarent + +8u292-b10-3 [Thu, 24 Jun 2021 00:05:48 +0200] Thorsten Glaser <tg@mirbsd.de>: + + * Re-upload with actually regenerated debian/control, oops + +8u292-b10-2 [Tue, 15 Jun 2021 22:23:01 +0200] Thorsten Glaser <tg@mirbsd.de>: + + * Fix regression in /etc/java-8-openjdk/accessibility.properties + * Drop Suggests nōnexistent icedtea-8-plugin + * Fix binfmts error with patch from bug (Closes: #822348) + * Create /usr/share/man/man1 if it doesn’t exist, for crippled + container images (Closes: #863199) + * Provide java-runtime{,-headless} (Closes: #906111) + * Mark openjdk-8-doc as M-A:foreign + * Update “It was downloaded from” in d/copyright (cf. #970517) + +8u292-b10-1 [Mon, 26 Apr 2021 17:00:54 +0200] Thorsten Glaser <tg@mirbsd.de>: + + * Source-only upload after the previous bootstrap binary one + * Change -Xmx1024m to -Xmx1000m in icedtea-sound compilation + to work with mipsel’s memory layout (and sh4) + * Don’t set old-style ALT_ environment variables, they are ignored + * Create the origtgz in a hopefully reproducible way + * Merge openjdk-8 (8u292-b10-0+deb9u1) + - Revert bogus reversion of changes from previous uploads + - Add missing changelog entry for 8u275 + - Revert *buntu ESM-related changes + - Undo an inconsistency in fetch-orig + * Fix whitespace + * Upgrade aarch32 to 8u292 GA + * Build with reproducible LC_ALL=C setting + * Obtain origtgz from https or, when not possible (icedtea-sound), + check SHA256 against one I manually downloaded and checked, using + the (expired…) key from pyconfigure’s signing keyring, which, + unlike the keyserver network, contains the key used + * Abort fetching origtgz if it fails, don’t soldier on to fail later + * Document reasons some tests fail (more building on older releases) + * Update lintian overrides (for sid) + 8u292-b10-0+deb9u1 [Wed, 21 Apr 2021 13:13:15 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: * Merge with Ubuntu. @@ -15,6 +86,42 @@ - JDK-8253799: Make lists of normal filenames * Other changes: See https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-April/013680.html + +8u282-b08-2 [Fri, 26 Mar 2021 00:48:09 +0100] Thorsten Glaser <tg@mirbsd.de>: + + * Reupload to sid, under new maintainership (Debian Java team); + cf. https://lists.debian.org/debian-java/2021/03/msg00021.html + (and surrounding thread); sponsored by ⮡ tarent + * Readd improvements from 8u275-b01-1, lost changelog entries + * Add NEWS to openjdk-8-jre-headless (because all other depend on + that) regarding OpenJDK 8 not being supported + * Use GCC 10 to build on bullseye, sid, groovy and hirsute (that + means GCC 9 on focal only) (Closes: #978519) + * Silence postinst warning about removed -XX:PermSize option + * Switch to mktemp(1) + * Drop unused patches (keep a couple which just need updating) + * Update README.source a little + * G/C long-dead code from postinst, too + * If the testsuite is disabled during generation of debian/control + omit test-only dependencies + * Upload with binaries built using the previous openjdk-8 binaries + because openjdk-8-jdk is required for bootstrapping; 7 works but + 11 cannot be used :/ a source-only upload will follow + * Skip testsuite for first bootstrap, saving lots of time/CPU + * Address some issues lintian reported; update a number of overrides + +8u282-b08-1 [Sun, 14 Feb 2021 00:42:46 +0100] Thorsten Glaser <t.glaser@tarent.de>: + + * Team upload. + * Provide builds for bullseye/sid (for a personal repository), + buster (for the same), stretch (for LTS), jessie (for ELTS) + and wheezy (also for that personal repository) + * Move @bd_bootstrap@ high up in Build-Depends so the resolver tries + to fulfil it first + * Require an openjdk-8 to bootstrap (a previous build) + * Let openjdk-8-jre-headless fulfill default-jre-headless (>= 2:1.8) + in <!nocheck>; the latter is only used with distros whose default + JRE is older than 8, to avoid accidental use of 11 8u282-b08-0ubuntu1 [Wed, 20 Jan 2021 00:48:04 +0000] Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>: @@ -112,6 +219,11 @@ * Update to 8u272-b09 (early access build). * Update AArch64 hotspot to 8u252-b08 (no hotspot changes to b09). + +8u265-b01-1 [Thu, 13 Aug 2020 21:26:36 +0200] Thorsten Glaser <tg@mirbsd.de>: + + * Team upload. + * Upload to unstable (no comment…). Thanks! 8u265-b01-0+deb9u1 [Wed, 12 Aug 2020 10:17:29 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: <http://piuparts.knut.univention.de/4.4-8/#5212404925645287965>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] b0cdde7398 Bug #53645: openjdk-8 8u302-b08-1~deb9u1 doc/errata/staging/openjdk-8.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) [4.4-8] 28084284a8 Bug #53645: openjdk-8 8u302-b08-1~deb9u1 doc/errata/staging/openjdk-8.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1025>