March 2013

Monthly Archive

Wed 13 Mar 2013

HotSpot 23 in IcedTea for OpenJDK 6

Posted by gnu_andrew under IcedTea
No Comments 

I meant to blog about this a while back, but the recent deluge of security updates has pushed it to the sidelines. The current HEAD version of IcedTea for building OpenJDK 6 (what will eventually become 1.13) now supports building with HotSpot 23 in preference to the version in the OpenJDK 6 tarball, HotSpot 20. Indeed, this is the default, should you not be building the Zero assembler port. As users of 7 will know, Zero doesn’t work with HotSpot 22 & 23, though signs are good for HotSpot 24, which is currently being tested in the 7 updates forest.

Building OpenJDK 6 with HotSpot 23 was delightfully uneventful in the end, despite earlier warnings from Oracle that they’ve not tested anything beyond 20. We saw no problems during build and a clear run of HotSpot jtreg tests was also a good sign (bar a few JSR292 patches which we’ve since patched out). With luck, things should be good for the 1.13.0 release (which we hope will not take the year that 1.11->1.12 took) and we may even be able to get it upstream into OpenJDK 6 at some point.

Gentoo users can get their hands on this now by using the icedtea-6.9999 ebuild in java-overlay. Other users will need to check out Mercurial repository and build it themselves.

$ /usr/lib/jvm/icedtea-6/bin/java -version
java version "1.6.0_27"
OpenJDK Runtime Environment (IcedTea6 1.13.0pre+re162a16dad26)
(Gentoo build 1.6.0_27-b27)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
 

Tue 12 Mar 2013

[SECURITY] IcedTea 2.1.7, 2.2.7 & 2.3.8 for OpenJDK 7 Released!

Posted by gnu_andrew under IcedTea , OpenJDK , Security
No Comments 

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 7 series: 2.1.7, 2.2.7 & 2.3.8. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The releases contain the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 2.3.8 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

New in release 2.2.7 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

New in release 2.1.7 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • Stop libraries being stripped in the OpenJDK build.
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

The tarballs can be downloaded from:

SHA256 checksums:

  • e23d7715b9b27635f721414614be4bc5e52d32fb9739bc2e5dd1abcd8183dbee icedtea-2.1.7.tar.gz
  • 070a14f450569f98bd7b1ce5c42a9240c81ac5c234e2b39f8897f11d3d625ecc icedtea-2.2.7.tar.gz
  • 750a4c6e3e22369aa7dcfb0751fe85d5ea7a36b32871861c5063dbcadddc7153 icedtea-2.3.8.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

  • Andrew Hughes (applying all security patches & backports, creation & testing of bug fixes, reproducer testing, release management)
  • Matthias Klose (reported & fixed PR1340)
  • Omair Majid (applied security fixes)
  • Bernhard Rosenkränzer (reported issue with PR1303)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you’ve downloaded.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

 

Tue 12 Mar 2013

[SECURITY] IcedTea 1.11.9 & 1.12.4 for OpenJDK 6 Released!

Posted by gnu_andrew under IcedTea , OpenJDK , Security
No Comments 

Original announcement courtesy of Omair Majid.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 6 series: 1.11.9 & 1.12.4. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The releases contain the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 1.11.9 (2013-03-04)

New in release 1.12.4 (2013-03-04)

The tarballs can be downloaded from:

SHA256 checksums:

  • 0c134bea8d48c77ad5d41d4a0f98f471c381faaa0ef0c215d48687e709e93f3f icedtea6-1.11.9.tar.gz
  • eb326c6ae0147ca4abe4bd79e52c1edc2ef08e5e008230e24bee3abb39e14dda icedtea6-1.12.4.tar.gz

The tarballs are accompanied by digital signatures available at the above ‘sig’ link. This is produced using Omair’s public key. See details below.

  • PGP Key: 66484681 (http://pgp.mit.edu/)
  • Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681

The following people helped with these releases:

  • Severin Gehwolf (creation of fix for S8007675)
  • Omair Majid (applying all security patches, reproducer runs, release management)
  • Mario Torre (creation of fix for S8007675)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you’ve downloaded.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!