We are pleased to announce a new security release from the IcedTea6 1.7 branch, 1.7.4.

This update contains the following security updates:

The IcedTea project provides a harness to build the source code from OpenJDK6 using Free Software build tools. It also includes the only Free Java plugin and Web Start implementation, and support for additional architectures over and above x86, x86_64 and SPARC via the Zero assembler port.

Please note that the new NPPlugin is now the default as of this release. The old plugin is no longer supported and will be removed in any future 1.7 releases. Please only report bugs against NPPlugin.

What’s New?

—————–

  • NetX security issues:
  • Backport –with-tzdata-dir support from IcedTea6 1.8 to ensure that external timezone data works again.
  • Restore icedtea-override-metacity.patch to allow full screen apps and other expected behavioral improvements.
  • S6678385, RH551835: Fixes JVM crashes when window is resized.
  • S6668231: Presence of a critical subjectAltName causes JSSE’s SunX509 to fail trusted checks.
  • S6963870: Eliminate NullPointerEx in swing class CompoundBorder method getBorderInsets.
  • S4891262: API spec, javax/accessibility: few invalid javadoc tags.
  • S6737212: Fixed javadoc warning messages in RowSet classes.
  • S6875861: javadoc build warning on java.util.Properites from unconventional @see ordering.
  • S6909563: Javadoc build warnings in rmi, security, management.
  • S6879689: Fix warning about ignored return value when compiling with -O2
  • S6917485: Corba doc warnings.
  • S6921068: Remove javadoc build warnings from specdefault tag.
  • PR453, OJ100142: Fix policy evaluation to match the proprietary JDK.
  • Make the new plugin the default. This is now the main supported plugin. Use –disable-npplugin –enable-plugin to use the old one.
  • New plugin:
    • Added support for JSObject.finalize()
    • Liveconnect message processing design changes.
    • Message protocol overhaul to fix race conditions
    • PR166: Create FIFO pies in temp dir instead of ~/.icedteaplugin
    • Profiled memory usage and implemented proper cleanup for C++ side.
    • Update debug output string and function/structure names to change ‘GCJ’ references to ITNP/IcedTea NP Plugin
    • PR461: plugin working for NSS enabled builds with firefox including a private NSS copy
    • Removed unncessary debug and trace output
    • PR474: Patch from Paulo Cesar Pereira de Andrade, incrementing malloc size to account for NULL terminator.
    • RH524387: javax.net.ssl.SSLKeyException: RSA premaster secret error
    • Set context classloader for all threads in an applet’s threadgroup
    • PR436: Close all applet threads on exit
    • PR480: NPPlugin with NoScript extension.
    • PR488: Question mark changing into underscore in URL.
    • RH592553: Fix bug causing 100% CPU usage.
    • Don’t generate a random pointer from a pthread_t in the debug output.
    • Add ForbiddenTargetException for legacy support.
    • Use variadic macro for plugin debug message printing.
    • Don’t link the plugin with libxul libraries.
    • Fix race conditions in plugin initialization code that were causing hangs.
    • RH506730: BankID (Norwegian common online banking authentication system) applet fails to load.
    • PR491: pass java_{code,codebase,archive} parameters to Java.
    • Adds javawebstart.version property and give user permission to read that property.
  • NetX:
    • Make path sanitization consistent; use a blacklisting approach.
    • Make the SingleInstanceServer thread a daemon thread.
    • Handle JNLP files which use native libraries but do not indicate it
    • Allow JNLP classloaders to share native libraries
    • Added encoding support
  • PulseAudio provider:
    • Eliminate spurious exception throwing.
  • SystemTap support:
    • PR476: Enable building SystemTap support on GCC 4.5.
    • Fix HotSpot tapset object_alloc size variable.
  • NIO2 support:
    • Fix UnixNativeDispatcher to build on all systems, not just x86 and x86_64.



The tarball can be downloaded from:

The following people helped with the 1.7 release series:

Lillian Angel, Gary Benson, Deepak Bhole, Andrew Haley, Andrew John Hughes, Nobuhiro Iwamatsu, Matthias Klose, Martin Matejovic, Omair Majid, Edward Nevill, Xerxes Rånby, Robert Schuster, Pavel Tisnovsky, Jon VanAlten, Mark Wielaard and Man Lung Wong.

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.7.4.tar.gz
$ cd icedtea6-1.7.4

Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-zero --with-openjdk --enable-pulse-java
--enable-systemtap ...]
$ make