GNU/Andrew’s Blog

We are pleased to announce a new set of security releases, IcedTea6 1.7.7, IcedTea6 1.8.4 and IcedTea6 1.9.4.

This update contains the following security updates:

• RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass

The IcedTea project provides a harness to build the source code from OpenJDK6 using Free Software build tools. It also includes the only Free Java plugin and Web Start implementation, and support for additional architectures over and above x86, x86_64 and SPARC via the Zero assembler port.

What’s New?

IcedTea6 1.7.7

• Security updates
  • RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
• Backports
  • S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
  • S4356282: RFE: JDK should support OpenType/CFF fonts
  • S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
  • S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc
  • S6967436, RH597227: lines longer than 2^15 can fill window.
  • S6967433: dashed lines broken when using scaling transforms.
  • S6976265: No STROKE_CONTROL
  • S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
• Fixes:
  • S7003777, RH647674: JTextPane produces incorrect content after parsing the html text

IcedTea6 1.8.4

• Security updates
  • RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
• Backports
  • S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
  • S4356282: RFE: JDK should support OpenType/CFF fonts
  • S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
  • S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc
  • S6967436, RH597227: lines longer than 2^15 can fill window.
  • S6967433: dashed lines broken when using scaling transforms.
  • S6976265: No STROKE_CONTROL
  • S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
• Fixes:
  • S7003777, RH647674: JTextPane produces incorrect content after parsing the html text

IcedTea6 1.9.4

• Security updates
  • RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
• Backports
  • S4356282: RFE: JDK should support OpenType/CFF fonts
  • S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
  • S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc
  • S6967436, RH597227: lines longer than 2^15 can fill window.
  • S6967433: dashed lines broken when using scaling transforms.
  • S6976265: No STROKE_CONTROL
  • S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
  • S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
• Fixes
  • S7003777, RH647674: JTextPane produces incorrect content after parsing the html text

The tarballs can be downloaded from:

• http://icedtea.classpath.org/download/source/icedtea6-1.7.7.tar.gz
• http://icedtea.classpath.org/download/source/icedtea6-1.8.4.tar.gz
• http://icedtea.classpath.org/download/source/icedtea6-1.9.4.tar.gz

SHA256 sums:

• 4c35574df1214c2e2533b282d6045f79f61eb702d59cd4ac73eec973f4c51fb6 icedtea6-1.7.7.tar.gz
• 0f89e920a829f3f1a6057065c85520b910504a0be1fbc94f8db2390242edc784 icedtea6-1.8.4.tar.gz
• 2194b59d8c17ad6ff2fb495e10f9e6023993df5f8ce8a3739bf057f6562ef077 icedtea6-1.9.4.tar.gz

The following people helped with these releases:

• Andrew John Hughes
• Denis Lila
• Omair Majid

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-.tar.gz
$ cd icedtea6-

Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make

Happy hacking!

We are pleased to announce the release of version 1.1 of the VisualVM harness!

The main changes are the addition of support for VisualVM 1.3.1 and the ability to install VisualVM outside the JDK directory structure.

What’s New

• Support for VisualVM 1.3.1.
• Make VisualVM work outside the JVM directory structure.
• Remove the invalid Version field from visualvm.desktop.
• Install visualvm.desktop in the correct location under $(datadir)/applications.
• Add debugging information to the native shared libraries.
• Provide uninstallation support.

The tarball can be downloaded from:

• http://icedtea.classpath.org/download/source/visualvm_harness-1.1.tar.gz
• sha256sum: 69ed2ec8867052757ea2ee416a87a2f636553dbeaa36b452dc5036817672177a

The following people helped with the 1.1 release:

• Andrew John Hughes
• Tomas Hurka
• Jiri Vanek

We would also like to thank all the bug reporters and testers!

To get started:

$ tar xzf visualvm_harness-1.1.tar.gz
$ ./configure
$ make
$ make install

Full build requirements and instructions are in INSTALL. To build VisualVM 1.3, the option --with-visualvm-version=1.3 should be specified. To build VisualVM 1.3.1, the option --with-visualvm-version=1.3.1 should be specified. The default remains 1.2.2.