Wed 16 Jul 2014
The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.
This release updates our OpenJDK 7 support in the 2.5.x series with the July 2014 security fixes.
If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.
Full details of the release can be found below.
New in release 2.5.1 (2014-07-16)
- Security fixes
- S8029755, CVE-2014-4209: Enhance subject class
- S8030763: Validate global memory allocation
- S8031340, CVE-2014-4264: Better TLS/EC management
- S8031346, CVE-2014-4244: Enhance RSA key handling
- S8031540: Introduce document horizon
- S8032536: JVM resolves wrong method in some unusual cases
- S8033055: Issues in 2d
- S8033301, CVE-2014-4266: Build more informative InfoBuilder
- S8034267: Probabilistic native crash
- S8034272: Do not cram data into CRAM arrays
- S8034985, CVE-2014-2483: Better form for Lambda Forms
- S8035004, CVE-2014-4252: Provider provides less service
- S8035009, CVE-2014-4218: Make Proxy representations consistent
- S8035119, CVE-2014-4219: Fix exceptions to bytecode verification
- S8035699, CVE-2014-4268: File choosers should be choosier
- S8035788. CVE-2014-4221: Provide more consistency for lookups
- S8035793, CVE-2014-4223: Maximum arity maxed out
- S8036571: (process) Process process arguments carefully
- S8036800: Attribute OOM to correct part of code
- S8037046: Validate libraries to be loaded
- S8037076, CVE-2014-2490: Check constant pool constants
- S8037157: Verify <init> call
- S8037162, CVE-2014-4263: More robust DH exchanges
- S8037167, CVE-2014-4216: Better method signature resolution
- S8039520, CVE-2014-4262: More atomicity of atomic updates
- S8001108: an attempt to use “<init>” as a method name should elicit NoSuchMethodException
- S8001109: arity mismatch on a call to spreader method handle should elicit IllegalArgumentException
- S8013611: Modal dialog fails to obtain keyboard focus
- S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
- S8019990: IM candidate window appears on the South-East corner of the display.
- S8023990: Regression: postscript size increase from 6u18
- S8024283: 10 nashorn tests fail with similar stack trace InternalError with cause being NoClassDefFoundError
- S8024616: JSR292: lazily initialize core NamedFunctions used for bootstrapping
- S8025030: Enhance stream handling
- S8026188: Enhance envelope factory
- S8027212: java/nio/channels/Selector/SelectAfterRead.java fails intermittently
- S8028285: RMI Thread can no longer call out to AWT
- S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending
- S8031075: [Regression] focus disappears with shift+tab on dialog having one focus component
- S8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package
- S8032686: Issues with method invoke
- S8033278: Missed access checks for Lookup.unreflect* after 8032585
- S8033618: Correct logging output
- S8034926: Attribute classes properly
- S8035613: With active Securitymanager JAXBContext.newInstance fails
- S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed
- S8035923: Set minor version for hotspot in 7u65 to 65 and build number to b01
- S8036786: Update jdk7 testlibrary to match jdk8
- S8039324: Increment hsx 24.65 build to b02 for 7u65-b07
- S8040156: Increment hsx 24.65 build to b03 for 7u65-b08
- S8041264: Increment hsx 24.65 build to b04 for 7u65-b09
- S8042264: 7u65 l10n resource file translation update 1
- S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64
- S8042590: Running form URL throws NPE
- S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader
- S8043012: (tz) Support tzdata2014c
- Bug fixes
- AArch64 port
- Common frame handling for C1/C2 which correctly handle all frame sizes
- Fix register misuse in verify_method_data_pointer
- Fix register usage in generate_verify_oop().
- Restrict default ReservedCodeCacheSize to 128M
- Use explicit barrier instructions in C1.
The tarballs can be downloaded from:
We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.
The tarballs are accompanied by digital signatures available at:
These are produced using my public key. See details below.
- PGP Key: 248BDC07 (https://keys.indymedia.org/)
- Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
- 06483c252099d41e33eade8ceee9231a15ba1e9594f90e2d32943d17c8802acd icedtea-2.5.1.tar.gz
- ce9aad813b3e1fd2d08ad1755e973e22271eb13a3cbff612b8f6e6660301d2fa icedtea-2.5.1.tar.gz.sig
- 9471b4e143807df75655d113618dafcdc1a67d3183364fceaaf139014b778913 icedtea-2.5.1.tar.xz
- 3633fa56b0c0e1f4ef91f93cf5025f06d90d03bcdbc8beaf0476007815a2cfd6 icedtea-2.5.1.tar.xz.sig
The checksums can be downloaded from:
The following people helped with these releases:
- Andrew Hughes (all backports & bug fixes, release management)
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea-2.5.1.tar.gz
$ tar x -I xz -f icedtea-2.5.1.tar.xz
$ mkdir icedtea-build
$ cd icedtea-build
Full build requirements and instructions are available in the INSTALL file.