The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the October 2015 security fixes from OpenJDK 7 u91.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Please Note: The fix for S8086092 below affects the build of the in-tree copy of LCMS. If the default of using the system LCMS is used, this will not take effect. Users should either switch to in-tree LCMS or (ideally) apply the fix to the system build of LCMS.

Full details of the release can be found below.

What’s New?

New in release 2.6.2 (2015-10-22)

  • Security fixes
  • Import of OpenJDK 7 u85 build 2
    • S8133968: Revert 8014464 on OpenJDK 7
    • S8133993: [TEST_BUG] Make CipherInputStreamExceptions compile on OpenJDK 7
    • S8134248: Fix recently backported tests to work with OpenJDK 7u
    • S8134610: Mac OS X build fails after July 2015 CPU
    • S8134618: test/javax/xml/jaxp/transform/8062923/XslSubstringTest.java has bad license header
  • Import of OpenJDK 7 u91 build 0
    • S6854417: TESTBUG: java/util/regex/RegExTest.java fails intermittently
    • S6966259: Make PrincipalName and Realm immutable
    • S8005226: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java fails intermittently
    • S8014097: add doPrivileged methods with limited privilege scope
    • S8021191: Add isAuthorized check to limited doPrivileged methods
    • S8028780: JDK KRB5 module throws OutOfMemoryError when CCache is corrupt
    • S8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC
    • S8076506: Increment minor version of HSx for 7u91 and initialize the build number
    • S8078822: 8068842 fix missed one new file PrimeNumberSequenceGenerator.java
    • S8079323: Serialization compatibility for Templates: need to exclude Hashtable from serialization
    • S8087118: Remove missing package from java.security files
    • S8098547: (tz) Support tzdata2015e
    • S8130253: ObjectStreamClass.getFields too restrictive
    • S8133321: (tz) Support tzdata2015f
    • S8135043: ObjectStreamClass.getField(String) too restrictive
  • Import of OpenJDK 7 u91 build 1
    • S8072932: Test fails with java.security.AccessControlException: access denied (“java.security.SecurityPermission” “getDomainCombiner”)
  • Backports
    • S6880559, PR2674: Enable PKCS11 64-bit windows builds
    • S6904403, PR2674: assert(f == k->has_finalizer(),"inconsistent has_finalizer") with debug VM
    • S7011441, PR2674: jndi/ldap/Connection.java needs to avoid spurious wakeup
    • S7059542, PR2674: JNDI name operations should be locale independent
    • S7105461, PR2571: Large JTables are not rendered correctly with Xrender pipeline
    • S7105883, PR2560, RH1245855: JDWP: agent crash if there exists a ThreadGroup with null name
    • S7107611, PR2674: sun.security.pkcs11.SessionManager is scalability blocker
    • S7127066, PR2674: Class verifier accepts an invalid class file
    • S7150092, PR2674: NTLM authentication fail if user specified a different realm
    • S7150134, PR2571: JCK api/java_awt/Graphics/index.html#DrawLine fails with OOM for jdk8 with XRender pipeline
    • S7152582, PR2674: PKCS11 tests should use the NSS libraries available in the OS
    • S7156085, PR2674: ArrayIndexOutOfBoundsException throws in UTF8Reader of SAXParser
    • S7177045, PR2674: Rework the TestProviderLeak.java regression test, it is too fragile to low memory errors.
    • S7190945, PR2674: pkcs11 problem loading NSS libs on Ubuntu
    • S8005226, PR2674: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java fails intermittently
    • S8009438, PR2674: sun/security/pkcs11/Secmod tests failing on Ubuntu 12.04
    • S8011709, PR2509: [parfait] False positive: memory leak in jdk/src/share/native/sun/font/layout/CanonShaping.cpp
    • S8012971, PR2674: PKCS11Test hiding exception failures
    • S8016105, PR2560, RH1245855: Add complementary RETURN_NULL allocation macros in allocation.hpp
    • S8020424, PR2674: The NSS version should be detected before running crypto tests
    • S8020443, PR2674: Frame is not created on the specified GraphicsDevice with two monitors
    • S8021897, PR2560, RH1245855: EXCEPTION_ACCESS_VIOLATION on debugging String.contentEquals()
    • S8022683, PR2560, RH1245855: JNI GetStringUTFChars should return NULL on allocation failure not abort the VM
    • S8023052, PR2509: JVM crash in native layout
    • S8025922, PR2560, RH1245855: JNI access to Strings need to check if the value field is non-null
    • S8026119, PR2679: Regression test DHEKeySizing.java failing intermittently
    • S8027624, PR2674: com/sun/crypto/provider/KeyFactory/TestProviderLeak.java unstable again
    • S8033069, PR2674: mouse wheel scroll closes combobox popup
    • S8035150, PR2674: ShouldNotReachHere() in ConstantPool::copy_entry_to
    • S8039212, PR2674: SecretKeyBasic.sh needs to avoid NSS libnss3 and libsoftokn3 version mismatches
    • S8042855, PR2509: [parfait] Potential null pointer dereference in IndicLayoutEngine.cpp
    • S8044364, PR2674: runtime/RedefineFinalizer test fails on windows
    • S8048353, PR2674: jstack -l crashes VM when a Java mirror for a primitive type is locked
    • S8050123, PR2674: Incorrect property name documented in CORBA InputStream API
    • S8056122, PR1896: Upgrade JDK to use LittleCMS 2.6
    • S8056124, PR2674: Hotspot should use PICL interface to get cacheline size on SPARC
    • S8057934, PR1896: Upgrade to LittleCMS 2.6 breaks AIX build
    • S8059200, PR2674: Promoted JDK9 b31 for Solaris-amd64 fails (Error: dl failure on line 744, no picl library) on Solaris 11.1
    • S8059588, PR2674: deadlock in java/io/PrintStream when verbose java.security.debug flags are set
    • S8062518, PR2674: AIOBE occurs when accessing to document function in extended function in JAXP
    • S8062591, PR2674: SPARC PICL causes significantly longer startup times
    • S8072863, PR2674: Replace fatal() with vm_exit_during_initialization() when an incorrect class is found on the bootclasspath
    • S8073453, PR2674: Focus doesn’t move when pressing Shift + Tab keys
    • S8074350, PR2674: Support ISO 4217 “Current funds codes” table (A.2)
    • S8074869, PR2674: C2 code generator can replace -0.0f with +0.0f on Linux
    • S8075609, PR2674: java.lang.IllegalArgumentException: aContainer is not a focus cycle root of aComponent
    • S8075773, PR2674: jps running as root fails after the fix of JDK-8050807
    • S8076040, PR2674: Test com/sun/crypto/provider/KeyFactory/TestProviderLeak.java fails with -XX:+UseG1GC
    • S8076328, PR2679: Enforce key exchange constraints
    • S8076455, PR2674: IME Composition Window is displayed on incorrect position
    • S8076968, PR2674: PICL based initialization of L2 cache line size on some SPARC systems is incorrect
    • S8077102, PR2674: dns_lookup_realm should be false by default
    • S8077409, PR2674: Drawing deviates when validate() is invoked on java.awt.ScrollPane
    • S8078113, PR2674: 8011102 changes may cause incorrect results
    • S8078331, PR1896: Upgrade JDK to use LittleCMS 2.7
    • S8080012, PR2674: JVM times out with vdbench on SPARC M7-16
    • S8081392, PR2674: getNodeValue should return ‘null’ value for Element nodes
    • S8081470, PR2674: com/sun/jdi tests are failing with “Error. failed to clean up files after test” with jtreg 4.1 b12
    • S8081756, PR1896: Mastering Matrix Manipulations
    • S8130297, PR2674: com/sun/crypto/provider/KeyFactory/TestProviderLeak.java still failing after JDK-8076040
    • S8133636, PR2674: [TEST_BUG] Import/add tests for the problem seen in 8076110
  • Bug fixes
    • PR2512: Reset success following calls in LayoutManager.cpp
    • PR2557, G390663: Update Gentoo font configuration and allow font directory to be specified
    • PR2568: openjdk causes a full desktop crash on RHEL 6 i586
    • PR2683: AArch64 port has broken Zero on AArch64
    • PR2684: AArch64 port not selected on architectures where host_cpu != aarch64
    • PR2686: Add generated Fedora & Gentoo font configurations for bootstrap stage
  • CACAO
    • PR2652: Set classLoader field in java.lang.Class as expected by JDK

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this newer key.

SHA256 checksums:

  • c19eafacd23c81179934acab123511c424cd07c094739fa33778bf7cc80e14d0 icedtea-2.6.2.tar.gz
  • 38570f916c85ae77c80da1e3ab3eb5c98266042b5bae89b34894063bb0dcbaa2 icedtea-2.6.2.tar.gz.sig
  • 18d1e0ec86fe4973b890d00e9b9cb2bef109ba8f1ca5a1d8e2958918f1bc955e icedtea-2.6.2.tar.gz.sig.ec
  • bee8565c507a484ea876b62474aec379ac0e434acb9de8213279f47e1fe22076 icedtea-2.6.2.tar.xz
  • 43e5f03e561b52a97015a347de1e0c1a445f3a73dd6e38d29c4b8ca4a71dc033 icedtea-2.6.2.tar.xz.sig
  • aea216e14e5c5389836634285d303728b4cbf93e1ccb974b1a1c458eb8379e43 icedtea-2.6.2.tar.xz.sig.ec

The checksums can be downloaded from:

A 2.6.2 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.2.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.2.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.2/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!