GNU/Andrew’s Blog

We are pleased to announce the release of IcedTea6 1.7!

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.

What’s New?

• Updated to OpenJDK6 b17.
• Alpha version of the new IcedTea NPRuntime based plugin with support for Firefox >= 3.5, Chromium, and other browsers that support NPRuntime (use –enable-npplugin to build it). For xulrunner >= 1.9.2 (used by Firefox >= 3.6), the new plugin is required and the build will automatically enable it if the old plugin is requested.
• Support added for building with HotSpot 16 using –with-hotspot-build=hs16. This is the same as was released in the proprietary JDK6 update 18.
• Zero port updated to match the version submitted to OpenJDK as closely as possible.
• libjpeg7, libjpeg8, libpng 1.4 and libXext >= 1.1.0 supported.
• Added JNI call tracing using systemtap version 1.0+ when configuring with –enable-systemtap. See tapset/hotspot_jni.stp.
• Add support for building the Zero assembler port on Hitachi SH.

The tarball can be downloaded from:

• http://icedtea.classpath.org/download/source/icedtea6-1.7.tar.gz

The following people helped with the 1.7 release:

Lillian Angel, Gary Benson, Deepak Bhole, Andrew Haley, Andrew John Hughes, Nobuhiro Iwamatsu, Matthias Klose, Martin Matejovic, Edward Nevill, Xerxes Rånby, Robert Schuster,Jon VanAlten, Mark Wielaard and Man Lung Wong.

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.7.tar.gz
$ cd icedtea6-1.7

Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-visualvm --with-openjdk --enable-pulse-java
--enable-systemtap ...]
$ make

The BBC currently have a proposal before OfCom entitled Content Management on the HD FreeView platform. This proposes that OfCom allow them to compress the service information data and only provide the necessary Huffman table to those who license it from the BBC.

Not only does this not prevent anyone from using the service without the table — the video and audio are not encrypted, and the table could be worked out by brute force — but the BBC pretty much acknowledge this in their proposal. It’s all part of taking a chance that this will then allow them to enforce the inclusion of encryption technology on receivers, which will then cause more media companies to buy into HD on FreeView. That itself may or may not happen, but in the process they will make FOSS implementations illegal as they won’t be able to publish source code which includes the Huffman table (despite the idea in 5.28 of the OfCom consultion that FOSS will be fine because FreeSat receivers running Linux exist!)

I strongly suggest that you write a response to the consultation (you have until April the 2nd) so that OfCom understand the negative effect that allowing this will have on the usage of FreeView HD.

We are pleased to announce the release of IcedTea7 1.12 - Bigger and Bolder and Rougher and Tougher!

The IcedTea project provides a harness to build the source code from
OpenJDK7 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.

What’s New?
—————–

• Updated to OpenJDK7 milestone 5; includes:
  • From Project Coin:
    • 6860965: Support for binary literals (e.g. 2 can be written 0b10)
    • 6860965: Support for underscored literals (e.g. 123456 can be
      written 123_456)
    • 6827009: Support for strings in switch statements (e.g. case “a”)
    • 6840638: Improved inferencing with generics, e.g.
      Map map = new HashMap<>();
  • jsr166y from http://gee.cs.oswego.edu/dl/concurrency-interest/:
    • 6865571: Add a lightweight task framework known as ForkJoin
    • 6445158: Phaser - an improved CyclicBarrier
    • 6865579: Add TransferQueue/LinkedTransferQueue
  • 6890308, 6891677: The Zero assembler port
  • JIBX is no longer required to build Nimbus.
  • Many bug fixes
• Security fixes:
  • (CVE-2009-3728) ICC_Profile file existence detection information leak (6631533)
  • (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445)
  • (CVE-2009-3881) resurrected classloaders can still have children (6636650)
  • (CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026)
  • (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138)
  • (CVE-2009-3880) UI logging information leakage (6664512)
  • (CVE-2009-3879) GraphicsConfiguration information leak (6822057)
  • (CVE-2009-3884) zoneinfo file existence information leak (6824265)
  • (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062)
  • (CVE-2009-3873) JPEG Image Writer quantization problem (6862968)
  • (CVE-2009-3875) MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)
  • (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser denial of service (6864911)
  • (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357)
  • (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643)
  • (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358)
• The NSS crypto. provider may be turned on with –enable-nss if
  the NSS libraries and headers are available via pkg-config.
• Makefile reorganisation
  • icedtea-ecj is now icedtea-boot and patches/ecj is now
    patches/boot.
  • The icedtea-against-icedtea target is now icedtea-stage2.
    The icedtea-against-ecj target is now icedtea-stage1.
  • The Java code for the plugin is now built by the
    liveconnect.stamp and liveconnect-dist.stamp targets
    rather than hijacking the OpenJDK build.
• Upgraded to VisualVM 1.2.1

—————–

The tarball can be downloaded from:

• http://icedtea.classpath.org/download/source/icedtea-1.12.tar.gz

The following people helped with the release:

Gary Benson, Deepak Bhole, Andrew Haley, Andrew John Hughes, Thomas Hurka, Matthias Klose, Xerxes Rånby, Jon VonAlten, Mark Wielaard and many others.

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-1.12.tar.gz
$ cd icedtea6-1.12


Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-zero --enable-shark --enable-visualvm --with-jdk-home --enable-pulse-java --enable-systemtap etc...]
$ make


Happy hacking!

We are pleased to announce two new security releases, IcedTea6 1.5.3 and 1.6.2.

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.

What’s New?
—————–
- Security fixes for:
—————–

• (CVE-2009-3728) ICC_Profile file existence detection information leak (6631533)
• (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445)
• (CVE-2009-3881) resurrected classloaders can still have children (6636650)
• (CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026)
• (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138)
• (CVE-2009-3880) UI logging information leakage (6664512)
• (CVE-2009-3879) GraphicsConfiguration information leak (6822057)
• (CVE-2009-3884) zoneinfo file existence information leak (6824265)
• (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062)
• (CVE-2009-3873) JPEG Image Writer quantization problem (6862968)
• (CVE-2009-3875) MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)
• (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser denial of service (6864911)
• (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357)
• (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643)
• (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358)

The tarballs and 1.6 nosrc RPM can be downloaded from:

• http://icedtea.classpath.org/download/source/icedtea6-1.5.3.tar.gz
• http://icedtea.classpath.org/download/source/icedtea6-1.6.2.tar.gz
• http://icedtea.classpath.org/download/fedora/java-1.6.0-openjdk-1.6.0.0-30.b16.fc11.nosrc.rpm

The following people helped with the 1.5 and 1.6 release series:

Lillian Angel, Gary Benson, Deepak Bhole, Andrew Haley, Andrew John Hughes, Matthias Klose, Martin Matejovic, Ed Nevill, Mark Wielaard and many others.

We would also like to thank the bug reporters and testers!

To get started:
$ tar xzf icedtea6-1.6.2.tar.gz
$ cd icedtea6-1.6.2

Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-visualvm --with-openjdk --enable-pulse-java
--enable-systemtap ...]
$ make

OpenJDK7 b75 was just promoted, but it seems nothing from the build forest made it, due to bootstrap issues caused by a HotSpot change that wasn’t fully tested. Hence, you’ll find a changeset for the Zero assembler port in the HotSpot tree, but not the corresponding changeset for the JDK tree.

Similarly, a changeset I committed to fix building OpenJDK7 with itself, following the FontManager refactoring, was also missed. If your build fails due to a missing method in the sun.awt.FontManager class, this is why.

Both fixes have been integrated into the IcedTea forest so users of either that, or its downstream IcedTea7 will have both Zero and a working bootstrap. I’ve alerted the JDK7 project to both these issues, so hopefully these two changesets will appear in milestone 5.

Update

The changes will be in M5; the initial set of patches for b76 is available in this webrev from Tim Bell.

Update 2

Second part of Zero is in b76.

The Nimbus look and feel made it into OpenJDK6 yesterday:

http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/bdb2f5f4ac86

and I’m about to post a further slew of backported bug fixes for approval.

You can check out OpenJDK6 from Mercurial now and try it. You need to run the VM with the option -Dswing.defaultlaf=com.sun.java.swing.plaf.nimbus.NimbusLookAndFeel. Refer to my previous blog on the subject for some example code.

Congratulations to Gary Benson of Red Hat whose Zero assembler port (which allows OpenJDK to build on a range of additional platforms such as ppc, ppc64, s390 and arm) was accepted and pushed upstream over the last few days.

For those who want the grisly details:

• http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/354d3184f6b2
• http://hg.openjdk.java.net/jdk7/build/rev/608937d41381
• http://hg.openjdk.java.net/jdk7/build/corba/rev/34a68fa0680b
• http://hg.openjdk.java.net/jdk7/build/jdk/rev/e2de121c27c4

The HotSpot changes are in the hotspot-comp forest. The JDK build changes are in the build forest. You can either clone one of the forests and pull the other into it, or use one we made earlier:

• http://hg.openjdk.java.net/icedtea/jdk7

to get upstream Zero today!

The entire OpenJDK infrastructure seems to be down at present. Not to fear, you can still build IcedTea6 with the latest OpenJDK6 build drop, b17, right now:

$ hg fclone http://classpath.wildebeest.org/hg/jdk6
$ hg clone http://icedtea.classpath.org/people/andrew/icedtea6
$ cd icedtea6; ./autogen.sh; cd ..
$ mkdir icedtea6-build
$ cd icedtea6-build
$ ../icedtea6/configure --with-openjdk-src-dir=$PWD/../jdk6
$ make

Thanks to Mark Wielaard for supplying the OpenJDK6 forest backups.

Happy hacking!

You may have already heard about Gordon Brown’s apology to Alan Turing (see my previous blog). I felt these empty words were worth little, and so posted a follow-up petition asking for Turing and others like him to be formally pardoned; they are still criminals in the eyes of the law in the UK. This was accepted today. If you are a British citizen and agree that Alan Turing and the thousands of others like him who were persecuted under the same law should no longer be viewed as a criminal, then please sign the petition.

Thanks.

If you came here looking for news on OpenJDK, then I’ll shortly be providing an update on NSS support in IcedTea. Stay tuned.

He apologises in response to the petition, but there’s no pardon for Turing or for the thousands of others who suffered under such a vile law; instead the apology is misused as an opportunity to pat him and his party on the back for how ‘this Government has done so much to make life fairer and more equal for our LGBT community’.