openjdk-17-crac (17.0.19+10-0ubuntu1) stonking; urgency=medium

  * New release based on OpenJDK 17.0.19 release, build 10.
    - CVEs:
      + CVE-2026-22016: 8370529: Enhance Path Factories Redux
      + CVE-2026-34282: 8374557: Enhance TLS connection handling
      + CVE-2026-22021: 8371830: Enhance certificate chain validation
      + CVE-2026-22013: 8370615: Improve Kerberos credentialing
      + CVE-2026-23865: 8379158: Update FreeType to 2.14.2
      + CVE-2026-22018: 8370986: Enhance Zip file reading
      + CVE-2026-22007: 8369575: Enhance crypto algorithm support
      + CVE-2026-34268: 8371935: Enhance key generation
  * Ensure that all generated files are up to date:
    - The copyright generator now checks if the current directory contains
      an unpacked OpenJDK tree by verifying the presence of the
      ASSEMBLY_EXCEPTION file.
    - The copyright generator now drops common license text in-memory,
      without running a shell script that modifies the source tree.
    - d/rules: Add targets to generate all files and check that they match
      the ones provided in the source package.
    - d/rules: Add nogen DEB_BUILD_OPTION to disable file regeneration.
  * d/rules: Use '-' instead of '~' in opt version string, swap package
    version and distribution.
  * d/dbg.py: Fix syntax errors in gdb unwinder, do not install unwinder
    for zero, install hotspot unwinder in the correct directory.
    Disable debug traces. Load unwinder in the disabled state.
    Return iterator rather than list from OpenJDKFrameFilter.flatten().
    Remove unused code from NativeMethodInfo.
  * d/p: Refresh patches.
  * d/copyright: Regenerate.
  * d/rules: Synchronize with_check condition with openjdk-17.

 -- Vladimir Petko <vladimir.petko@canonical.com>  Mon, 04 May 2026 14:02:36 +1200

openjdk-17-crac (17.0.18+8-0ubuntu1) resolute; urgency=medium

  * New release based on OpenJDK 17.0.17 release, build 8.
    - CVEs:
      + CVE-2026-21945: 8368032: Enhance Certificate Checking.
      + CVE-2026-21932: 8359501: Enhance Handling of URIs.
      + CVE-2026-21933: 8362632: Improve HttpServer Request handling.
      + CVE-2026-21925: 8341496: Improve JMX connections.

  [ Pushkar Kulkarni ]
  * d/t/jtreg-autopkgtest.*: use locale name "C.UTF-8" on bionic
    and focal.

  [ Vladimir Petko ]
  * d/p/jdk-8369450-proposed.patch: Drop patch applied upstream.
  * Update override comments for unstripped-binary-or-object. We need to
    keep symbols for Native Memory Tracking to work.
  * d/{JB-doc.overrides.in, JB-jre-headless.overrides.in}: Add override
    for old FSF copyright address.
  * d/s/lintian-overrides: Override false positive debian-rules-calls-
    nproc. The utility is used to log the number of processors.
  * d/control: Regenerate.

 -- Vladimir Petko <vladimir.petko@canonical.com>  Mon, 26 Jan 2026 18:45:13 +1300

openjdk-17-crac (17.0.17+10-0ubuntu1) resolute; urgency=medium

  * New release based on OpenJDK 17.0.17 release, build 10.
    - CVEs:
      + CVE-2025-53057, 8360937: Enhance certificate handling.
      + CVE-2025-53066, 8356294: Enhance Path Factories.
  * d/control: enable building with gcc-15.
  * d/t/jtreg-autopkgtest.*: Force utf-8 encoding.
  * d/rules: sync with d/rules from openjdk-17.
  * d/control*,watch.in, rules: support to regenerate d/control.

 -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com>  Mon, 17 Nov 2025 16:55:52 +0530

openjdk-17-crac (17.0.16+8-0ubuntu1) questing; urgency=medium

  * New release based on OpenJDK 17.0.16 release, build 8.
    - Addresses CVE-2025-50059, CVE-2025-30749, CVE-2025-50106,
      CVE-2025-30754. See
      https://openjdk.org/groups/vulnerability/advisories/2025-07-15
    - Release notes:
      https://mail.openjdk.org/pipermail/jdk-updates-dev/2025-July/045614.html
  * d/copyright: regenerate.
  * d/copyright-generator/copyright-gen.py: bump copyright year.
  * d/patches: refresh patches

 -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com>  Mon, 21 Jul 2025 20:16:53 +0530

openjdk-17-crac (17.0.15+6-0ubuntu1) questing; urgency=medium

  * New release based on jdk-17.0.15+6. Release notes:
    https://mail.openjdk.org/pipermail/jdk-updates-dev/2025-April/043307.html

    - CVEs:
      + CVE-2025-21587
      + CVE-2025-30691
      + CVE-2025-30698

  * d/u/signing-key.asc: update signing key
  * d/t/jtreg-autopkgtest{.sh,.in}: Honour DEB_BUILD_OPTIONS=parallel=N
    while running jtreg tests
  * d/t/problems.csv: merge with exclusions from openjdk-17
  * d/patches: remove log-generated-classes-test.patch

 -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com>  Tue, 29 Apr 2025 01:33:42 +0530

openjdk-17-crac (17.0.14+7-0ubuntu1) plucky; urgency=medium

  * New openjdk-17-crac release based on jdk-17.0.14+7.
  * d/copyright, d/rules, d/t/problems.csv: merged latest
    content from the openjdk-17 package.

 -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com>  Wed, 05 Feb 2025 19:19:27 +0530

openjdk-17-crac (17.0.13+11-0ubuntu1) plucky; urgency=medium

  * New openjdk-17-crac release based on jdk-17.0.13+11
  * d/copyright: merge copyright changes from debian/openjdk-17
  * d/{control, test/control, rules}: merge latest changes
    from debian/openjdk-17 related to dtrace and jtreg version
  * d/patches/*: purge unnecessary patches
  * d/tests/problems.csv: update known problems list
  * d/upstream/signing-key.asc - update code verification key

 -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com>  Thu, 21 Nov 2024 01:35:03 +0530

openjdk-17-crac (17.0.13+0-0ubuntu2) oracular; urgency=medium

  * d/t/problems.csv: skip runtime/NMT/* tests (LP: #2078952)
  * d/rules: modify update-alternatives priorities

 -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com>  Wed, 04 Sep 2024 20:57:33 +0530

openjdk-17-crac (17.0.13+0-0ubuntu1) oracular; urgency=medium

  * Initial release (LP: #2073609).

 -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com>  Wed, 10 Jul 2024 10:36:59 +0530
