We are pleased to announce the release of IcedTea 2.1.2, based on OpenJDK7 u2, and IcedTea 2.2.2, based on OpenJDK7 u4, with additional security fixes.
The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative
virtual machines.
These releases includes fixes for the zero-day issues that arose this week:
- RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed in 6788531.
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
- S7163201, CVE-2012-0547: Simplify toolkit internals references
Patches are welcome; please contact the mailing list (distro-pkg-dev at openjdk.java.net) and/or file bugs under the appropriate component.
Full details of the release can be found below.
What’s New?
New in release 2.2.2 (2012-08-31)
- Security fixes
- RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed in 6788531.
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
- S7163201, CVE-2012-0547: Simplify toolkit internals references
- OpenJDK
- Fix Zero FTBFS issues
- PR1101: Undefined symbols on GNU/Linux SPARC
- S7180036: Build failure in Mac platform caused by fix # 7163201
- S7182135: Impossible to use some editors directly
- S7183701: [TEST] closed/java/beans/security/TestClassFinder.java – compilation failed
- S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
- S7188168: 7071904 broke the DEBUG_BINARIES option on Linux
- S7190813: (launcher) RPATH needs to have additional paths
New in release 2.1.2 (2012-09-02):
- Security fixes
- RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed in 6788531.
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
- S7163201, CVE-2012-0547: Simplify toolkit internals references
- OpenJDK
- PR1101: Undefined symbols on GNU/Linux SPARC
- S7182135: Impossible to use some editors directly
- S7183701: [TEST] closed/java/beans/security/TestClassFinder.java – compilation failed
- S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
- S7190813: (launcher) RPATH needs to have additional paths
- ARM
- ARM: Fix trashed thread ptr after recursive re-entry from
- ARM: Rename a bunch of misleadingly-named functions
- Enable _adapter_opt_spread* jsr 292 code, now passes
- Fix call to handle_special_method(). Fix compareAndSwapLong.
The tarballs can be downloaded from:
- http://icedtea.classpath.org/download/source/icedtea-2.1.2.tar.gz (sig)
- http://icedtea.classpath.org/download/source/icedtea-2.2.2.tar.gz (sig)
SHA256 checksums:
- c7ebdb84581dca48a4389e12790d2d506b9cfc05f16612169284d5a5e3a02269 icedtea-2.1.2.tar.gz
- e645fdcae825e0c60093962cb0a8fbf194c94a5e669162b3b357d99a6e36c86d icedtea-2.2.2.tar.gz
Each tarball is accompanied by a digital signature (see above links). This is produced using my public key. See details below.
- PGP Key: 248BDC07 (https://keys.indymedia.org/)
- Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
The following people helped with these releases:
- Andrew Haley (ARM fixes)
- Andrew John Hughes (all other patches/merging, reproducer testing & release management)
- Chris Phillips (Zero FTBFS & ARM fixes)
- Roman Kennke (Zero FTBFS fix)
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea${ver}.tar.gz
$ cd icedtea${ver}
Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...] $ make