Format: 1.8 Date: Mon, 23 Oct 2017 22:43:02 +0000 Source: openjdk-8 Binary: openjdk-8-jdk-headless openjdk-8-jre-headless openjdk-8-jdk openjdk-8-jre openjdk-8-demo openjdk-8-source openjdk-8-doc openjdk-8-dbg openjdk-8-jre-zero Architecture: amd64 all Version: 8u151-b12-1 Distribution: artful Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Tiago Stürmer Daitx Description: openjdk-8-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-8-demo - Java runtime based on OpenJDK (demos and examples) openjdk-8-doc - OpenJDK Development Kit (JDK) documentation openjdk-8-jdk - OpenJDK Development Kit (JDK) openjdk-8-jdk-headless - OpenJDK Development Kit (JDK) (headless) openjdk-8-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-8-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-8-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-8-source - OpenJDK Development Kit (JDK) source files Closes: 863199 Launchpad-Bugs-Fixed: 1723860 1723861 1723862 1723893 Changes: openjdk-8 (8u151-b12-1) UNRELEASED; urgency=medium . * Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot patches. * Security patches: - S8169026: Handle smartcard clean up better. If a CardImpl can be recovered via finalization, then separate instances pointing to the same device can be created. - S8174109: Better queuing priorities. PriorityQueue's readObject allocates an array based on data in the stream which could cause an OOM. - S8174966: Unreferenced references. RMI's Unreferenced thread can be used as the root of a Trusted Method Chain. - S8176751: Better URL connections. On Ubuntu (and possibly other Linux flavors) CR-NL in the host field are ignored and can be used to inject headers in an HTTP request stream. - S8178794: Correct Kerberos ticket grants. Kerberos implementations can incorrectly take information from the unencrypted portion of the ticket from the KDC. This can lead to an MITM attack impersonating Kerberos services. - S8180711: Better alignment of special invocations. A missing load constraint for some invokespecial cases can allow invoking a method from an unrelated class. - S8181100: Better Base Exceptions. An array is allocated based on data in the serial stream without a limit onthe size. - S8181323: Better timezone processing. An array is allocated based on data in the serial stream without a limit on the size. - S8181327: Better Node predications. An array is allocated based on data in the serial stream without a limit onthe size. - S8181370: Better keystore handling. A malicious serialized object in a keystore can cause a DoS when using keytool. - S8181432: Better processing of unresolved permissions. An array is allocated based on data in the serial stream without a limit onthe size. - S8181597: Process Proxy presentation. A malicious serialized stream could cause an OOM due to lack on checking on the number of interfaces read from the stream for a Proxy. - S8181612: More stable connection processing. If an attack can cause an application to open a connection to a malicious FTP server (e.g., via XML), then a thread can be tied up indefinitely in accept(2). - S8181692: Update storage implementations. Per items 2 & 3, above, JKS and JCEKS keystores should be retired from common use in favor of more modern keystore protections. - S8183028: Improve CMS header processing. Missing bounds check could lead to leaked memory contents. - S8184682: Upgrade compression library. There were four off by one errors found in the zlib library. Two of them are long typed which could lead to RCE. * debian/rules: - own /usr/share/man/man1 since we use it in the postinst script. Closes: #863199. - openjdk8 now ships limited and unlimited policy.jar files (S8157561) into their own directories under jre/lib/security/policy, thus we must to copy those directories instead of the policy.jar files. * debian/rules, debian/patches/sec-webrev-8u151-hotspot-8179084.patch, debian/patches/sec-webrev-8u151-hotspot-8180711.patch: apply hotspot security updates to both aarch32 and aarch64. * debian/patches/gcc6.diff, debian/patches/aarch64.diff, debian/patches/aarch32.diff, debian/patches/m68k-support.diff, debian/patches/system-libjpeg.diff: removed hunks related to the common/autoconf/generated-configure.sh file as we regenerate it, no need to keep maintaining those. * debian/patches/hotspot-ppc64el-S8168318-cmpldi.patch: use cmpldi instead of li/cmpld. LP: #1723893. * debian/patches/hotspot-ppc64el-S8170328-andis.patch: use andis instead of lis/and. LP: #1723862. * debian/patches/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch: add Montgomery multiply intrinsic. LP: #1723860. * debian/patches/hotspot-ppc64el-S8181810-leverage-extrdi.patch: leverage extrdi for bitfield extract is absent in OpenJDK 8. LP: #1723861. * debian/patches/jdk-S8165852-overlayfs.patch: mount point not found for a file which is present in overlayfs. Checksums-Sha1: 12b600593c2786363367985385b7eb34672df2d9 197104872 openjdk-8-dbg_8u151-b12-1_amd64.deb 2914180b402498c0db5220060a0224f8a27b755f 1825492 openjdk-8-demo_8u151-b12-1_amd64.deb 04256304c8c9dc97a648c21313bf1863312f11f0 11976240 openjdk-8-doc_8u151-b12-1_all.deb 7115279d48577b168f8940704739fb1d5c4c7f3d 8247250 openjdk-8-jdk-headless_8u151-b12-1_amd64.deb cc0a5e94786243538a63d40a7617222077f5cf74 459296 openjdk-8-jdk_8u151-b12-1_amd64.deb cdde5e97b466a2e8cea30b6facf2ad3119d7af72 27278862 openjdk-8-jre-headless_8u151-b12-1_amd64.deb e3134b2d8e3d0ca44a77abf3398ed98c2e57ee35 2016854 openjdk-8-jre-zero_8u151-b12-1_amd64.deb ae5c2751bb0a94c2915a314ae22ceed990c25424 69550 openjdk-8-jre_8u151-b12-1_amd64.deb 1b305b617070bde87626cb3b109d478e528d5760 46298266 openjdk-8-source_8u151-b12-1_all.deb 70c01742482aa8b4beb9fbba0b7e3339032296d1 16762 openjdk-8_8u151-b12-1_amd64.buildinfo Checksums-Sha256: d8cc767773f048a44ace93a83fc9d1dd7f0aa0fe31d7f670b56fefc1f747dfe3 197104872 openjdk-8-dbg_8u151-b12-1_amd64.deb 79e208ef0c62cc36a074f1edfade8b5cae08d2df1b74febcaadb95ead2a86af3 1825492 openjdk-8-demo_8u151-b12-1_amd64.deb fd85a0e01cb90f2ad4042ab964e993e36797644f11c58fffe4d3cdee36fb8e8c 11976240 openjdk-8-doc_8u151-b12-1_all.deb 1d3319fa8105c0c51484491a23674d3c2342b38399a806862d959952c8ebda5a 8247250 openjdk-8-jdk-headless_8u151-b12-1_amd64.deb aa196acc0ecbf716a0c583f635eb5c8b423f5183098b7d4f7626855fe3f8608b 459296 openjdk-8-jdk_8u151-b12-1_amd64.deb 8b599558e74f4966a87bf4bfc1ede033275f86c90d33d334df1311ade4262d9c 27278862 openjdk-8-jre-headless_8u151-b12-1_amd64.deb b5c0c5e8d4553edf9cd3eaf09923a07efd0f433c73bde2194d9bc4999cd5a154 2016854 openjdk-8-jre-zero_8u151-b12-1_amd64.deb 2b30716e254e8df267e4e0c2a436fe1c97adfe2b1324666e3f73ce08e717e32b 69550 openjdk-8-jre_8u151-b12-1_amd64.deb 0e3a98ba475675d43c5526e23b0b650b28cd2c63d580dcdabaa58d05479a61ca 46298266 openjdk-8-source_8u151-b12-1_all.deb 24f6f30613be9ffcf0b7cff47142e244e35614e96aa5290334904b528257f1bc 16762 openjdk-8_8u151-b12-1_amd64.buildinfo Files: 8facb961f5d322e7943f803326480d7e 197104872 debug extra openjdk-8-dbg_8u151-b12-1_amd64.deb 51881a132980c03b7aedb609b6a3e99e 1825492 java extra openjdk-8-demo_8u151-b12-1_amd64.deb dfb46946e99f4d56644e90cf24e2eb15 11976240 doc extra openjdk-8-doc_8u151-b12-1_all.deb 837cfadfb50ff9458047548f6320b4d2 8247250 java optional openjdk-8-jdk-headless_8u151-b12-1_amd64.deb 32b5b18af1e1309117b4f362fafed37d 459296 java optional openjdk-8-jdk_8u151-b12-1_amd64.deb 9511e550a7b6e66d653df4c85efdf6c0 27278862 java optional openjdk-8-jre-headless_8u151-b12-1_amd64.deb 688cfc3b10f29bbadf33f2e404fe0eb5 2016854 java extra openjdk-8-jre-zero_8u151-b12-1_amd64.deb 62203d4cda0b4782dbaacd21a57b629f 69550 java optional openjdk-8-jre_8u151-b12-1_amd64.deb ccab27b57cb06afc6648a6f53a1fa17f 46298266 java extra openjdk-8-source_8u151-b12-1_all.deb 81d2c305125dce59bb110b131a7aacd0 16762 java optional openjdk-8_8u151-b12-1_amd64.buildinfo