We are pleased to announce the release of IcedTea6 1.7.2 (2010/03/31)!

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.

What’s New?

Security Updates and Hardening Patches

  • (CVE-2010-0837): JAR “unpack200″ must verify input parameters (6902299)
  • (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807
  • (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
  • (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)
  • (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
  • (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)
  • (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)
  • (CVE-2010-0088): Inflater/Deflater clone issues (6745393)
  • (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
  • (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
  • (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
  • (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
  • (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
  • (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
  • (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)
  • (CVE-2009-3555): TLS: MITM attacks via session renegotiation
  • 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
  • 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
  • 6910590: Application can modify command array in ProcessBuilder
  • 6909597: JPEGImageReader stepX Integer Overflow Vulnerability
  • 6932480: Crash in CompilerThread/Parser. Unloaded array klass?

Bug fixes

  • Backport of 6822370: ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock
  • Increase ThreadStackSize by 512kb on 32-bit Zero platforms
  • Check cacerts database is valid

The tarball can be downloaded from:

The following people helped with the 1.7 release series:

Lillian Angel, Gary Benson, Deepak Bhole, Andrew Haley, Andrew John Hughes, Nobuhiro Iwamatsu, Matthias Klose, Martin Matejovic, Edward Nevill, Xerxes RĂ„nby, Robert Schuster,Jon VanAlten, Mark Wielaard and Man Lung Wong.

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.7.2.tar.gz
$ cd icedtea6-1.7.2

Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-zero --with-openjdk --enable-pulse-java --enable-systemtap ...]
$ make