March 2009

(Delayed announcement here because this blog was down)

We are pleased to announce the release of IcedTea7 1.9!

IcedTea7 provides a means to build OpenJDK7 build drops using Free software tools, in addition to a number of additional features including additional platform support via the Zero/Shark and CACAO virtual machines, and the only Free 64-bit Java web plugin.

New in release 1.9 (2009-03-20)

  • Security fixes for:

    • CVE-2008-5360 – Temporary files have guessable file names.
    • CVE-2008-5350 – Allows to list files within the user home directory.
    • CVE-2008-5348 – Denial-Of-Service in kerberos authentication.
    • CVE-2008-5359 – Buffer overflow in image processing.
    • CVE-2008-5351 – UTF-8 decoder accepts non-shortest form sequences.
    • CVE-2008-5356 – Font processing vulnerability.
    • CVE-2008-5353 – Calendar object deserialization allows privilege escalation.
    • CVE-2008-5354 – Privilege escalation in command line applications.
    • CVE-2008-5357 – Truetype Font processing vulnerability.
    • CVE-2008-5352 – Jar200 Decompression buffer overflow.
    • CVE-2008-5358 – Buffer Overflow in GIF image processing.
  • Updated to OpenJDK7 b50 build.
  • XRender pipeline support: Java2D are noticably faster and running over a remote X connection feels like it is all local. Build by default (disable with –disable-xrender). Runtime enabled by running java -Dsun.java2d.xrender=True (default is to use the old X renderer for now).
  • IcedTeaPlugin now supports HTTPS sites and adds a user prompt for untrusted https certificates.
  • Use the ALSA ‘default’ device. Makes Java play nicer with PulseAudio.
  • VisualVM integration updated to 1.1.1
  • Gervill soft synthesizer integration updated to latest CVS version.
  • Integrated jtreg upgraded to 4_0-src-b02-15_oct_2008.
  • make check runs much faster now. jtreg -samevm support has been integrated into the langtools and jdk subsystems. Please package the test/jtreg-summary.log file with your distribution package so end users can compare the test results.
  • Shark (–enable-shark) now builds on 64 bit platforms, but is a pre-alpha technology preview and not recommended for use.
  • Better support for bootstrapping with different jar programs (supporting -J options).
  • If –with-pkgversion isn’t given the short mercurial rev node version will be used. Package distributors are encouraged to build packages with –with-pkgversion to uniquely identify their distribution version number when java -version is run to help distribution specific bug reporting.
  • Various freetype font, pisces renderer and awt X window size fixes to fix visual anomalies.
  • Build fixes for gcc 4.3 and 4.4-pre-release.
  • Added support for building against a specific openjdk src dir or hg revision (–with-openjdk-src-dir or –with-hg-revision).
  • Many other Plugin, Zero, Shark and PulseAudio bug fixes.
  • Build clean up.

The tarball can be downloaded here:

The following people helped with this release:
Gary Benson, Deepak Bhole, Andrew Haley, Andrew John Hughes, Tomas Hurka, Ioana Ivan, Matthias Klose, Omair Majid, Mark Reinhold, Christian Thalinger, Mark Wielaard, Lillian Angel

We would also like to thank the bug reporters and testers!

To get started:
$ hg clone
$ cd icedtea

Full build requirements and instructions are in INSTALL:
$ ./configure
$ make

Those carefully watching their many OpenJDK mailing list subscriptions will have noticed the discussion of an OpenJDK IcedTea project on the porters-dev list, culminating with it being made official on Friday the 6th of March. So what’s this all about?

Well, firstly it isn’t about IcedTea6, the version you’ll find lovingly maintained in your copy of Fedora, RHEL, Gentoo or Debian. No, this is about the future of JDK development: 1.7. When the OpenJDK project started back in May 2007, the source code made available was an early snapshot of 1.7, which had branched from 1.6 some time back, in the misty shrouds of proprietary JDK 1.6 development. As 1.7 didn’t look like being ready anytime soon, OpenJDK6 was branched off from this in early 2008 to produce something stable for distros to start deploying to their userbase. Meanwhile, most Sun development effort has continued on 1.7, and it is also the 1.7 branch that sees code Freed from the continuing proprietary JDK 1.6 trees first. We’ve recently seen the announcement of Project Jigsaw to handle the modularisation of the platform and Project Coin to tackle small changes such as allowing Strings to be used in switch blocks.

While all the exciting stuff is happening in 1.7, most people just want a stable platform to develop on and so 1.6 will be with us for some time to come and we’ll continue to see lots of updates to IcedTea6, along with (hopefully) a lot of the changes going upstream to OpenJDK6. However, OpenJDK6 is clearly a stop-gap until 1.7 is ready. As such, we’ve also been tracking 1.7 development in IcedTea7 so we’ll be ready for when this goes ‘prime time’. 1.7 development works quite differently from 1.6 development. Primarily, there’s a lot more of it, especially now build drops are appearing on a weekly basis (there hasn’t been one for IcedTea6 for about six months). If you hop over to the OpenJDK Mercurial repositories, you’ll also find that there are lots and lots of JDK7 forests and only one JDK6 one. This is because development on 1.7 goes on separately within each project team and is then merged into the master jdk7 repository which is used for the build drops. HotSpot even has multiple sub-teams which merge into a master HotSpot repository.

The main idea with the IcedTea project is to enable us to work in the same way, rather than keeping our changes as patches in an external repository. If you look again at that list of repositories, you’ll see there is now an IcedTea forest. At present, it is just a copy of the jdk7 b50 drop, but the plan is to turn eligible (i.e. ones where the author has signed the Sun Contributor Agreement) patches from the IcedTea repository into changesets against the tree. This will hopefully make life easier for those using the IcedTea tree (no more need to apply these patches yourself), those developing it (no need to completely reroll patches with every new build drop) and maybe even for developers on other OpenJDK projects (who will now be able to pull in IcedTea changes). One area this may be useful is with the BSD port; I know some people have been trying to get IcedTea working with the BSD tree, and this should make it easier to create a hybrid of the two. It would of course be great if the BSD developers took on some of our patches too!

There will shortly be a release of the existing IcedTea7 using the b50 drop. This incorporates the NIO2 changes that are currently duplicated locally by IcedTea7. Note that those wanting to play around with NIO2 also have the option of building IcedTea6 with the –enable-nio2 option. This still needs some work but please give it a try and report bugs to the usual place.

After this release, we’ll move development to the forest as much as possible. If you want to track what’s happening, be sure to subscribe to the distro-pkg-dev mailing list for discussion and icedtea-changes for commit messages.

Video Updates

A lot about 1.7 was announced at FOSDEM 2009. Both of Mark Reinhold’s talks are now available:

You can also find them on my channel.

This work is funded by Red Hat.