Bug#1110155: unblock: openjdk-21/21.0.8+9-1
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: openjdk-21@packages.debian.org, security@debian.org
Control: affects -1 + src:openjdk-21
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package openjdk-21
openjdk-21 is one of the packages where we are following
an upstream branch for security fixes.
The attached debdiff only covers debian/
"Test in progress" in the britney output is due to the package
being in the REJECT list on these architectures.
unblock openjdk-21/21.0.8+9-1
diff -Nru openjdk-21-21.0.7+6/debian/changelog openjdk-21-21.0.8+9/debian/changelog
--- openjdk-21-21.0.7+6/debian/changelog 2025-04-24 02:57:46.000000000 +0300
+++ openjdk-21-21.0.8+9/debian/changelog 2025-07-17 15:34:13.000000000 +0300
@@ -1,3 +1,19 @@
+openjdk-21 (21.0.8+9-1) unstable; urgency=high
+
+ * OpenJDK 21.0.8 release, build 9.
+ - Addresses CVE-2025-5010, CVE-2025-50059, CVE-2025-30754, CVE-2025-30749.
+
+ [ Vladimir Petko ]
+ * d/p/jdk-8359735-proposed.patch: Fix process tests failing in Ubuntu 25.10.
+
+ -- Matthias Klose <doko@ubuntu.com> Thu, 17 Jul 2025 16:12:28 +0200
+
+openjdk-21 (21.0.8~5ea-1) unstable; urgency=medium
+
+ * OpenJDK 21.0.8 early access, build 5.
+
+ -- Matthias Klose <doko@ubuntu.com> Tue, 03 Jun 2025 13:05:25 +0200
+
openjdk-21 (21.0.7+6-1) unstable; urgency=high
* OpenJDK 21.0.7 release, build 6.
diff -Nru openjdk-21-21.0.7+6/debian/patches/jdk-8334895-proposed.patch openjdk-21-21.0.8+9/debian/patches/jdk-8334895-proposed.patch
--- openjdk-21-21.0.7+6/debian/patches/jdk-8334895-proposed.patch 2024-08-08 09:25:10.000000000 +0300
+++ openjdk-21-21.0.8+9/debian/patches/jdk-8334895-proposed.patch 1970-01-01 02:00:00.000000000 +0200
@@ -1,20 +0,0 @@
-Description: set default compatible cds alignment to auto for arm64
- ARM64 requires cds alignment option to be enabled if CDS is enabled.
- Setting it to true will enable the option even if CDS is disabled
- causing a configuration error. Setting option to auto allows one to
- enable it only when CDS is enabled.
-Author: Vladimir Petko <vladimir.petko@canonical.com>
-Bug: https://bugs.openjdk.org/browse/JDK-8334895
-Last-Update: 2024-06-25
-
---- a/make/autoconf/jdk-options.m4
-+++ b/make/autoconf/jdk-options.m4
-@@ -197,7 +197,7 @@ AC_DEFUN_ONCE([JDKOPT_SETUP_JDK_OPTIONS]
- # three different page sizes: 4K, 64K, and if run on Mac m1 hardware, 16K.
- COMPATIBLE_CDS_ALIGNMENT_DEFAULT=false
- if test "x$OPENJDK_TARGET_OS" = "xlinux" && test "x$OPENJDK_TARGET_CPU" = "xaarch64"; then
-- COMPATIBLE_CDS_ALIGNMENT_DEFAULT=true
-+ COMPATIBLE_CDS_ALIGNMENT_DEFAULT=auto
- fi
- AC_SUBST(COMPATIBLE_CDS_ALIGNMENT_DEFAULT)
-
diff -Nru openjdk-21-21.0.7+6/debian/patches/jdk-8359735.patch openjdk-21-21.0.8+9/debian/patches/jdk-8359735.patch
--- openjdk-21-21.0.7+6/debian/patches/jdk-8359735.patch 1970-01-01 02:00:00.000000000 +0200
+++ openjdk-21-21.0.8+9/debian/patches/jdk-8359735.patch 2025-07-17 15:32:27.000000000 +0300
@@ -0,0 +1,63 @@
+Description: Process tests fail due to rust-coreutils
+ To accommodate systems like Ubuntu 25.10 that use Rust coreutils,
+ this PR updates tests that previously assumed busybox was the only
+ environment to use symlinks for core utilities.
+ - java/lang/ProcessBuilder/Basic.java: The test is updated to simply
+ verify that /bin/true and /bin/false are symlinks,
+ removing the hardcoded check for a /bin/busybox target.
+ - java/lang/ProcessHandle/InfoTest.java: The test logic is relaxed.
+ It now confirms that /bin/sleep is a symlink and then uses the
+ symlink's target as the expected executable name.
+Author: Vladimir Petko <vladimir.petko@canonical.com>
+Origin: upstream, https://github.com/openjdk/jdk/pull/25838
+Bug: https://bugs.openjdk.org/browse/JDK-8359735
+Reviewed-by: Roger Riggs <roger.riggs@oracle.com>
+Last-Update: 2025-06-19
+---
+
+--- a/test/jdk/java/lang/ProcessBuilder/Basic.java
++++ b/test/jdk/java/lang/ProcessBuilder/Basic.java
+@@ -696,7 +696,7 @@
+ public static String path() { return path; }
+ private static final String path = path0();
+ private static String path0(){
+- if (!Platform.isBusybox("/bin/true")) {
++ if (!Files.isSymbolicLink(Paths.get("/bin/true"))) {
+ return "/bin/true";
+ } else {
+ File trueExe = new File("true");
+@@ -711,7 +711,7 @@
+ public static String path() { return path; }
+ private static final String path = path0();
+ private static String path0(){
+- if (!Platform.isBusybox("/bin/false")) {
++ if (!Files.isSymbolicLink(Paths.get("/bin/false"))) {
+ return "/bin/false";
+ } else {
+ File falseExe = new File("false");
+--- a/test/jdk/java/lang/ProcessHandle/InfoTest.java
++++ b/test/jdk/java/lang/ProcessHandle/InfoTest.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2014, 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -295,10 +295,12 @@
+ String expected = "sleep";
+ if (Platform.isWindows()) {
+ expected = "sleep.exe";
+- } else if (Platform.isBusybox("/bin/sleep")) {
+- // With busybox sleep is just a sym link to busybox.
+- // The busbox executable is seen as ProcessHandle.Info command.
+- expected = "busybox";
++ } else if (Files.isSymbolicLink(Paths.get("/bin/sleep"))) {
++ // Busybox sleep is a symbolic link to /bin/busybox.
++ // Rust coreutils sleep is a symbolic link to coreutils
++ // The busbox/coreutils executables are seen as ProcessHandle.Info command.
++ Path executable = Files.readSymbolicLink(Paths.get("/bin/sleep"));
++ expected = executable.getFileName().toString();
+ }
+ Assert.assertTrue(command.endsWith(expected), "Command: expected: \'" +
+ expected + "\', actual: " + command);
diff -Nru openjdk-21-21.0.7+6/debian/patches/misalign-pointer-for-armhf.patch openjdk-21-21.0.8+9/debian/patches/misalign-pointer-for-armhf.patch
--- openjdk-21-21.0.7+6/debian/patches/misalign-pointer-for-armhf.patch 2024-03-21 00:00:09.000000000 +0200
+++ openjdk-21-21.0.8+9/debian/patches/misalign-pointer-for-armhf.patch 2025-07-17 17:12:13.000000000 +0300
@@ -3,7 +3,7 @@
Add 1 to address type rather than aligned structure to produce misaligned pointer.
--- a/test/hotspot/gtest/metaspace/test_is_metaspace_obj.cpp
+++ b/test/hotspot/gtest/metaspace/test_is_metaspace_obj.cpp
-@@ -61,7 +61,7 @@
+@@ -61,7 +61,7 @@ public:
ASSERT_TRUE(MetaspaceObj::is_valid(p));
// A misaligned object shall not be recognized
@@ -12,7 +12,7 @@
ASSERT_FALSE(MetaspaceObj::is_valid(p_misaligned));
// Test VirtualSpaceList::contains
-@@ -72,7 +72,7 @@
+@@ -72,7 +72,7 @@ public:
ASSERT_TRUE(vslist->contains((MetaWord*)p));
// A misaligned pointer shall still be recognized by list::contains
@@ -20,4 +20,4 @@
+ ASSERT_TRUE(vslist->contains((MetaWord*)((address)p + 1)));
// Now for some bogus values
- ASSERT_FALSE(MetaspaceObj::is_valid((MetaspaceObj*)NULL));
+ ASSERT_FALSE(MetaspaceObj::is_valid((MetaspaceObj*)nullptr));
diff -Nru openjdk-21-21.0.7+6/debian/patches/series openjdk-21-21.0.8+9/debian/patches/series
--- openjdk-21-21.0.7+6/debian/patches/series 2025-01-17 09:51:04.000000000 +0200
+++ openjdk-21-21.0.8+9/debian/patches/series 2025-07-17 15:32:18.000000000 +0300
@@ -42,10 +42,10 @@
hsdis-fpic.patch
jdk-8329983.patch
jdk-8334502-proposed.patch
-jdk-8334895-proposed.patch
jdk-8331541.patch
jdk-8336529-proposed.patch
jdk-8312488.patch
# FIXME: which one of these two?
zero-alpha-workaround.diff
#jdk-8347014-proposed.patch
+jdk-8359735.patch
diff -Nru openjdk-21-21.0.7+6/debian/patches/test-use-ip-address.patch openjdk-21-21.0.8+9/debian/patches/test-use-ip-address.patch
--- openjdk-21-21.0.7+6/debian/patches/test-use-ip-address.patch 2024-03-21 01:08:28.000000000 +0200
+++ openjdk-21-21.0.8+9/debian/patches/test-use-ip-address.patch 2025-07-17 17:12:13.000000000 +0300
@@ -4,25 +4,14 @@
Author: Vladimir Petko <vladimir.petko@canonical.com>
Forwarded: not-needed
Last-Update: 2023-03-27
---- a/test/jdk/java/net/InetAddress/IsReachableViaLoopbackTest.java
-+++ b/test/jdk/java/net/InetAddress/IsReachableViaLoopbackTest.java
-@@ -36,7 +36,7 @@
- public static void main(String[] args) {
- try {
- InetAddress addr = InetAddress.getByName("localhost");
-- InetAddress remoteAddr = InetAddress.getByName("bugs.openjdk.org");
-+ InetAddress remoteAddr = InetAddress.getByName("8.8.8.8");
- if (!addr.isReachable(10000))
- throw new RuntimeException("Localhost should always be reachable");
- NetworkInterface inf = NetworkInterface.getByInetAddress(addr);
--- a/test/jdk/java/net/InetAddress/getOriginalHostName.java
+++ b/test/jdk/java/net/InetAddress/getOriginalHostName.java
-@@ -39,7 +39,7 @@
+@@ -39,7 +39,7 @@ public class getOriginalHostName {
SharedSecrets.getJavaNetInetAddressAccess();
public static void main(String[] args) throws Exception {
- final String HOST = "dummyserver.java.net";
+ final String HOST = "localhost";
InetAddress ia = null;
- ia = InetAddress.getByName(HOST);
- testInetAddress(ia, HOST);
+ ia = getInetAddress(HOST);
+ if (ia != null) testInetAddress(ia, HOST);
diff -Nru openjdk-21-21.0.7+6/debian/rules openjdk-21-21.0.8+9/debian/rules
--- openjdk-21-21.0.7+6/debian/rules 2025-04-23 07:43:49.000000000 +0300
+++ openjdk-21-21.0.8+9/debian/rules 2025-07-17 17:12:28.000000000 +0300
@@ -2035,7 +2035,7 @@
dh_builddeb -a $(nodemo) $(nojrez) #$(bd_options)
git_project = jdk21u
-git_tag = jdk-21.0.7+6
+git_tag = jdk-21.0.8+9
package_version = $(shell echo $(PKGVERSION) | sed 's/-[^-][^-]*$$//')
ifneq ($(is_upstream_release),yes)
package_version := $(subst +,~,$(package_version))
Reply to: