[ubuntu/questing-security] openjdk-25 25.0.3+9-2~25.10.2 (Accepted)

Kyle Kernick kyle.kernick at canonical.com
Thu May 28 16:09:25 UTC 2026 

openjdk-25 (25.0.3+9-2~25.10.2) questing-security; urgency=medium

  * Upload to Ubuntu 25.10.

openjdk-25 (25.0.3+9-2) unstable; urgency=medium

  * d/rules: Strip man page formatting before comparing d/man and
    generated content.
  * d/man: Regenerate man pages.

openjdk-25 (25.0.3+9-1) unstable; urgency=medium

  * OpenJDK 25.0.3 release, Build 9.
    - CVEs:
      + CVE-2026-22016: 8370529: Enhance Path Factories Redux
      + CVE-2026-34282: 8374557: Enhance TLS connection handling
      + CVE-2026-22021: 8371830: Enhance certificate chain validation
      + CVE-2026-22013: 8370615: Improve Kerberos credentialing
      + CVE-2026-23865: 8379158: Update FreeType to 2.14.2
      + CVE-2026-22008: 8367463: Improved Arena allocations
      + CVE-2026-22018: 8370986: Enhance Zip file reading
      + CVE-2026-22007: 8369575: Enhance crypto algorithm support
      + CVE-2026-34268: 8371935: Enhance key generation
  * d/rules: Check generated files only on amd64. This resolves riscv64
    ftbfs, as some architectures change with_check flag.
  * Remove openjdk-25-jvmci-jdk binary package.
  * d/t/problems.csv: Fix typo in loong64 excluded tests lists.
  * Add common GPL and Apache license headers to copyright generator.
  * d/copyright: Regenerate.

openjdk-25 (25.0.3~8ea-2) unstable; urgency=medium

  * Ensure that all generated files are up to date:
    - The copyright generator now checks if the current directory contains
      an unpacked OpenJDK tree by verifying the presence of the
      ASSEMBLY_EXCEPTION file.
    - The copyright generator now drops common license text in-memory,
      without running a shell script that modifies the source tree.
    - d/rules: Add targets to generate all files and check that they match
      the ones provided in the source package.
    - d/rules: Add nogen DEB_BUILD_OPTION to disable file regeneration.
  * d/rules: Use '-' instead of '~' in opt version string, swap package
    version and distribution.

openjdk-25 (25.0.3~8ea-1) unstable; urgency=medium

  * OpenJDK 25.0.3 snapshot, Build 8.
  * d/p/jdk-8369817.diff: Apply upstream patch to resolve failing
    EmptyPath test (JDK-8369817).
  * d/p/jdk-8381555.diff: Apply upstream patch to disable G1 Compressed
    Oops test on 32 bit architectures (JDK-8381555).
  * d/t/problems.csv: Update problem list.

openjdk-25 (25.0.3~7ea-2) unstable; urgency=medium

  * d/t/dependencies.sh: Regenerate.

openjdk-25 (25.0.3~7ea-1) unstable; urgency=medium

  * OpenJDK 25.0.3 snapshot, Build 7.

  [ Vladimir Petko ]
  * d/rules: Revert optional version string changes.
    This should be resolved upstream.

  [ Matthias Klose ]
  * d/t/jtreg-autopkgtest.in: Increase the timeout from 10 to 30 seconds 
    on loong64 (zero VM).

openjdk-25 (25.0.3~5ea-2) unstable; urgency=medium

  [ Vladimir Petko ]
  * d/rules: Remove '[' separator in version string, it makes the version
    string invalid.
  * d/t/dependencies.{in,sh}: Relax test assertion and regenerate.

  [ Matthias Klose ]
  * Regenerate test scripts. Closes: #1127309.
  * Move pandoc and graphviz to general build dependencies, needed for
    man page generation.
  * Use pre-generated man pages on architectures where pandoc is not
    available. Closes: #1128485.

openjdk-25 (25.0.3~5ea-1) unstable; urgency=medium

  * OpenJDK 25.0.3 snapshot, Build 5.

  [ Miao Wang ]
  * d/t/problems.csv: Add tests which take too long to finish on
    loong64.

  [ Vladimir Petko ]
  * d/rules: Separate package version in version string.
  * d/dbg.py: Fix syntax errors in gdb unwinder, do not install unwinder
    for zero, install hotspot unwinder in the correct directory.
  * d/t/jtreg-autopkgtest.{in,sh}: Do not force agentvm for s390x jtreg
    tests to resolve the build crash on Launchpad.
    Disable debug traces. Load unwinder in the disabled state.
    Return iterator rather than list from OpenJDKFrameFilter.flatten().
    Remove unused code from NativeMethodInfo.

  [ Matthias Klose ]
  * Refresh patches.

openjdk-25 (25.0.2+10-1) unstable; urgency=medium

  * OpenJDK 25.0.2 release, build 10.
    - CVEs:
      + CVE-2026-21945: 8368032: Enhance Certificate Checking.
      + CVE-2026-21932: 8359501: Enhance Handling of URIs.
      + CVE-2026-21933: 8362632: Improve HttpServer Request handling.
      + CVE-2026-21925: 8341496: Improve JMX connections.
  * d/rules: Use jtreg8 package for the tests.
  * d/p/power-opt.diff: Refresh patch.
  * Drop patches applied upstream:
     - d/p/jdk-8359735.patch.
     - d/p/jdk-8369450-proposed.patch.
     - d/p/jdk-8370049-proposed.patch.

Date: 2026-04-26 09:49:10.657583+00:00
Changed-By: Vladimir Petko <vladimir.petko at canonical.com>
Signed-By: Kyle Kernick <kyle.kernick at canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-25/25.0.3+9-2~25.10.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list