The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 7 series: 2.1.7, 2.2.7 & 2.3.8. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The releases contain the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 2.3.8 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

New in release 2.2.7 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

New in release 2.1.7 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • Stop libraries being stripped in the OpenJDK build.
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

The tarballs can be downloaded from:

SHA256 checksums:

  • e23d7715b9b27635f721414614be4bc5e52d32fb9739bc2e5dd1abcd8183dbee icedtea-2.1.7.tar.gz
  • 070a14f450569f98bd7b1ce5c42a9240c81ac5c234e2b39f8897f11d3d625ecc icedtea-2.2.7.tar.gz
  • 750a4c6e3e22369aa7dcfb0751fe85d5ea7a36b32871861c5063dbcadddc7153 icedtea-2.3.8.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

  • Andrew Hughes (applying all security patches & backports, creation & testing of bug fixes, reproducer testing, release management)
  • Matthias Klose (reported & fixed PR1340)
  • Omair Majid (applied security fixes)
  • Bernhard Rosenkränzer (reported issue with PR1303)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you’ve downloaded.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!