Univention Bugzilla – Bug 57234
openjdk-11: Multiple issues (5.0)
Last modified: 2024-04-24 14:56:14 CEST
New Debian openjdk-11 11.0.23+9-1~deb10u1 fixes: This update addresses the following issues: 11.0.23+9-1~deb10u1 (Thu, 18 Apr 2024 14:41:46 +0200) * Backport to buster. * Re-enable test suite, there's no t64 transition here. 11.0.23+9-1 (Wed, 17 Apr 2024 15:39:11 +0200) * OpenJDK 11.0.23 release, build 9. - CVE-2024-21011, 8319851: Improve exception logging. - CVE-2024-21068, 8322122: Enhance generation of addresses. - 8318340: Improve RSA key implementations. - CVE-2024-21012, 8315708: Enhance HTTP/2 client usage. - CVE-2024-21094, 8317507: Already fixed in November 2023: C2 compilation fails with "Exceeded _node_regs array". - CVE-2024-21085, 8322114: Improve Pack 200 handling. [ Pushkar Kulkarni ] * Use 64-bit clock_* function on archs like armhf. 11.0.23~7ea-1 (Thu, 21 Mar 2024 01:56:26 +0100) * OpenJDK 11.0.23+7 build (early access). [ Matthias Klose ] * Update cups dependencies for time_t64. * copyright-generator: Derive release from debian/rules. 11.0.22+7-3 (Mon, 11 Mar 2024 16:32:39 +0100) * libcups2, libfontconfig1: Make it a recommends in jre-headless, a dependency in jre. * Make the dependencies for libfontmanager.so and libjsound.so recommendations in jre-headless, and dependencies in jre. * Drop build dependencies on libgtk2 | libgtk3. * Disable running the tests for the time_t64 bootstrap. 11.0.22+7-2 (Fri, 26 Jan 2024 21:04:10 +0100) * Add zero support for loong64 (Leslie Zhai).. * d/changelog: Whitespace cleanup. * Update build dependency on libfontconfig-dev. * Apply proposed patch for JDK-8307977.. [ Vladimir Petko ] * d/t/jtreg-autopkgtest.*: Set jtreg home property correctly.
--- mirror/ftp/pool/main/o/openjdk-11/openjdk-11_11.0.22+7-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-7/source/openjdk-11_11.0.23+9-1~deb10u1.dsc @@ -1,3 +1,52 @@ +11.0.23+9-1~deb10u1 [Thu, 18 Apr 2024 14:41:46 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to buster. + * Re-enable test suite, there's no t64 transition here. + +11.0.23+9-1 [Wed, 17 Apr 2024 15:39:11 +0200] Matthias Klose <doko@ubuntu.com>: + + * OpenJDK 11.0.23 release, build 9. + - CVE-2024-21011, 8319851: Improve exception logging. + - CVE-2024-21068, 8322122: Enhance generation of addresses. + - 8318340: Improve RSA key implementations. + - CVE-2024-21012, 8315708: Enhance HTTP/2 client usage. + - CVE-2024-21094, 8317507: Already fixed in November 2023: + C2 compilation fails with "Exceeded _node_regs array". + - CVE-2024-21085, 8322114: Improve Pack 200 handling. + + [ Pushkar Kulkarni ] + * Use 64-bit clock_* function on archs like armhf. + +11.0.23~7ea-1 [Thu, 21 Mar 2024 01:56:26 +0100] Matthias Klose <doko@ubuntu.com>: + + * OpenJDK 11.0.23+7 build (early access). + + [ Matthias Klose ] + * Update cups dependencies for time_t64. + + [ Pushkar Kulkarni ] + * copyright-generator: Derive release from debian/rules. + +11.0.22+7-3 [Mon, 11 Mar 2024 16:32:39 +0100] Matthias Klose <doko@ubuntu.com>: + + * libcups2, libfontconfig1: Make it a recommends in jre-headless, + a dependency in jre. + * Make the dependencies for libfontmanager.so and libjsound.so + recommendations in jre-headless, and dependencies in jre. + * Drop build dependencies on libgtk2 | libgtk3. + * Disable running the tests for the time_t64 bootstrap. + +11.0.22+7-2 [Fri, 26 Jan 2024 21:04:10 +0100] Matthias Klose <doko@ubuntu.com>: + + [ Matthias Klose ] + * Add zero support for loong64 (Leslie Zhai). Closes: #1060821. + * d/changelog: Whitespace cleanup. + * Update build dependency on libfontconfig-dev. + * Apply proposed patch for JDK-8307977. Closes: #1034600. + + [ Vladimir Petko ] + * d/t/jtreg-autopkgtest.*: Set jtreg home property correctly. + 11.0.22+7-1~deb10u1 [Mon, 22 Jan 2024 14:16:55 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Non-maintainer upload by the LTS Team. @@ -448,7 +497,7 @@ [ Tiago Stürmer Daitx ] * debian/rules: - copy apport hook to source_$(PKGSOURCE).py, fixes apport on - Ubuntu where source name is openjdk-lts instead of openjdk-11. + Ubuntu where source name is openjdk-lts instead of openjdk-11. * Refresh patches. [ Matthias Klose ] @@ -2503,7 +2552,7 @@ - debian/patches/gcc-4.7.diff [ James Page ] - * Cherry picked patch from openjdk-6 to fix handling of + * Cherry picked patch from openjdk-6 to fix handling of ICC profiles (LP: #888123, #888129) (Closes: #676351). [ Damien Raude-Morvan ] @@ -2572,7 +2621,7 @@ [ Matthias Klose ] * Use NanumMyeongjo as the preferred korean font. LP: #792471. - * Fix crash in java.net.NetworkInterface.getNetworkInterfaces() when + * Fix crash in java.net.NetworkInterface.getNetworkInterfaces() when ifr_ifindex exceeds 255. LP: #925218. S7078386. * Use IPAfont as the preferred japanesse font. Closes: #646054. * Build using gcj on alpha and armel. Closes: #655750. <http://piuparts.knut.univention.de/5.0-7/#374184781301752263>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts fails for "openjdk-11-source", which depends on a broken version of "ca-certificates-java", which itself depends again on OpenJDK → cirtular dependency https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929685 [5.0-7] e332cd8eae Bug #57234: openjdk-11 11.0.23+9-1~deb10u1 doc/errata/staging/openjdk-11.yaml | 39 ++++++++------------------------------ 1 file changed, 8 insertions(+), 31 deletions(-) [5.0-7] 5fd23824b0 Bug #57234: openjdk-11 11.0.23+9-1~deb10u1 doc/errata/staging/openjdk-11.yaml | 46 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1026>