Tue 15 Apr 2014
The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.
This release updates our OpenJDK 6 support in the 1.13.x series with the April 2014 security fixes.
If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.
Full details of the release can be found below.
New in release 1.13.3 (2014-04-15)
- Security fixes
- S8023046: Enhance splashscreen support
- S8025005: Enhance CORBA initializations
- S8025010, CVE-2014-2412: Enhance AWT contexts
- S8025030, CVE-2014-2414: Enhance stream handling
- S8025152, CVE-2014-0458: Enhance activation set up
- S8026067: Enhance signed jar verification
- S8026163, CVE-2014-2427: Enhance media provisioning
- S8026188, CVE-2014-2423: Enhance envelope factory
- S8026200: Enhance RowSet Factory
- S8026736, CVE-2014-2398: Enhance Javadoc pages
- S8026797, CVE-2014-0451: Enhance data transfers
- S8026801, CVE-2014-0452: Enhance endpoint addressing
- S8027766, CVE-2014-0453: Enhance RSA processing
- S8027775: Enhance ICU code.
- S8027841, CVE-2014-0429: Enhance pixel manipulations
- S8028385: Enhance RowSet Factory
- S8029282, CVE-2014-2403: Enhance CharInfo set up
- S8029286: Enhance subject delegation
- S8029699: Update Poller demo
- S8029730: Improve audio device additions
- S8029735: Enhance service mgmt natives
- S8029740, CVE-2014-0446: Enhance handling of loggers
- S8029750: Enhance LCMS color processing (LCMS 2 only)
- S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg)
- S8029854, CVE-2014-2421: Enhance JPEG decodings
- S8029858, CVE-2014-0456: Enhance array copies
- S8030731, CVE-2014-0460: Improve name service robustness
- S8031330: Refactor ObjectFactory
- S8031335, CVE-2014-0459: Better color profiling (LCMS 2 only)
- S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng)
- S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader
- S8031395: Enhance LDAP processing
- S8033618, CVE-2014-1876: Correct logging output
- S8034926, CVE-2014-2397: Attribute classes properly
- Import of OpenJDK6 b31
- OJ27: Change summary generator can leave out last changeset
- OJ28: Report generator should not include old changes
- OJ30: Remove @Override annotation on interfaces added by 2014/04/15 security fixes.
- S6680198: UnmarshalException caused by incompatible serialVersionUID
- S6742654: Code insertion/replacement attacks against signed jars
- S6779717: A Window does not show applet security warning icon on X platforms
- S6785058: Parent dn’t get the focus after dialog is closed if security warning is applied
- S6799345: JFC demos threw exception in the Java Console when applets are closed
- S6828273: javax/swing/system/6799345/TestShutdown.java test fails with RuntimeException.
- S6867515: Reduce impact of D3D initializion on startup time
- S6891435: Improve D3D preloading
- S6911041: JCK api/signaturetest tests fails for Mixed Code PIT builds (b91) for all trains
- S6921823: JarVerifier csdomain field not initialized
- S6921839: Update trusted.libraries list
- S6924497: HotSpotDiagnosticsMXBean.getDiagnosticOptions throws NPE
- S6936389: FontManager.fileCloser may cause memory leak in applets
- S6946559: AWTToolKit thread crashes in JNU_GetEnv
- S6955783: ServiceUnavailableException caught even the secondary DNS is available
- S6987967: D3D preloading thread should initialize COM
- S7011446: ./windows/classes/sun/awt/windows/WToolkit.java needs to avoid spurious wakeup
- S7015232: missing copyright header in CheckZOrderChange.java
- S7119760: [macosx] The OpenGL queue flusher thread is created in the wrong thread group
- S7155051: DNS provider may return incorrect results
- S8002191: AWT-Shutdown thread does not start with the AppletSecurity on Linux
- S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException
- S8031032: SQE test failures after JDK-8025010 was fixed
- S8031477: [macosx] Loading AWT native library fails
- S8032370: No “Truncated file” warning from IIOReadWarningListener on JPEGImageReader
- S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed
The tarballs can be downloaded from:
We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.
The tarballs are accompanied by digital signatures available at:
These are produced using my public key. See details below.
- PGP Key: 248BDC07 (https://keys.indymedia.org/)
- Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
- 15a5a9b4ff52f67a3dffd264e75d6f984bc196f47899376c206b1e51000fd072 icedtea6-1.13.3.tar.gz
- 00e7f7083fa907b9a39dfbae1a5461afe741d0cbf80456c8dbcefa37fa8f14da icedtea6-1.13.3.tar.gz.sig
- 0149ffffcfb55739357a2c720421cbc311e4ccb248c0c185ed67671d2c45f748 icedtea6-1.13.3.tar.xz
- a36f43665bfcfe0e03ae08507a7db7a09892f14cc9defe345ad344134cc3c17c icedtea6-1.13.3.tar.xz.sig
The checksums can be downloaded from:
The following people helped with these releases:
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea6-1.13.3.tar.gz
$ tar x -I xz -f icedtea6-1.13.3.tar.xz
$ mkdir icedtea-build
$ cd icedtea-build
Full build requirements and instructions are available in the INSTALL file.