January 2017


We are pleased to announce the release of IcedTea 3.3.0!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 8 support with the October 2016 bug fixes from OpenJDK 8 u112 and the January 2017 security fixes from OpenJDK 8 u121.

The ‘infinality’ feature has been improved and is now known as ‘improved font rendering’. It no longer requires a patched FreeType and we intend to enable it by default from IcedTea 3.4.0 onwards.

We also make the build a little easier on some platforms by removing the requirement for wget to be installed if downloading is disabled,
and supporting older Kerberos installations which don’t use pkg-config. We also add support for picking up the strangely named JVM installation locations on RHEL 6 multilib platforms.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 3.3.0 (2017-01-28)

  • Security fixes
  • New features
    • PR3300: wget not required when downloading is disabled
    • PR3301: Support RHEL multilib installations which use the /usr/lib/jvm/java-1.x.0-openjdk.${arch} naming
    • PR3303: Allow Kerberos to be detected by old libs & headers method if pkg-config check fails
  • Import of OpenJDK 8 u112 build 16
    • S6477756: GraphicsDevice.getConfigurations() is slow taking 3 or more seconds
    • S7172749: Xrender: Class cast exception in 2D code running an AWT regression test
    • S8017629: G1: UseSHM in combination with a G1HeapRegionSize > os::large_page_size() falls back to use small pages
    • S8022203: Intermittent test failures in demo/jvmti/hprof
    • S8022582: Relax response flags checking in sun.security.krb5.KrbKdcRep.check.
    • S8027575: b113 causing a lot of memory allocation and regression for wls_webapp_atomics
    • S8028486: java/awt/Window/WindowsLeak/WindowsLeak.java fails
    • S8030780: test/com/sun/corba/cachedSocket/7056731.sh leaves HelloServer behind
    • S8036630: Null ProtectionDomain in JVM can cause NPE because principals field is not initialized to an empty array
    • S8042660: vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow
    • S8044193: Need to add known answer tests for AES cipher
    • S8044575: testlibrary_tests/whitebox/vm_flags/UintxTest.java failed: assert(!res || TypeEntriesAtCall::arguments_profiling_enabled()) failed: no profiling of arguments
    • S8048601: Tests for JCE crypto ciphers (part 1)
    • S8048621: Implement basic keystore tests
    • S8048622: Enhance tests for PKCS11 keystores with NSS
    • S8049021: Add smartcardio tests with APDU buffer
    • S8049312: AES/CICO test failed with on several modes
    • S8050402: Tests to check for use of policy files
    • S8050409: Test for JAAS getPrivateCredentials
    • S8054326: Confusing message in “Current rem set statistics”
    • S8055772: get_source.sh : version check assumes English localization
    • S8057791: Selection in JList is drawn with wrong colors in Nimbus L&F
    • S8058865: JMX Test Refactoring
    • S8067964: Native2ascii doesn’t close one of the streams it opens
    • S8071487: javax/management/monitor/GaugeMonitorDeadlockTest.java timed out
    • S8071909: Port testlibrary improvments in jdk/test to hotspot/test as required for DCMD test port
    • S8073542: File Leak in jdk/src/java/base/unix/native/libnet/PlainDatagramSocketImpl.c
    • S8074784: Additional tests for XML DSig API
    • S8075007: Additional tests for krb5-related cipher suites with unbound server
    • S8075297: Tests for RFEs 4515853 and 4745056
    • S8075299: Additional tests for krb5 settings
    • S8075301: Tests for sun.security.krb5.principal system property
    • S8077276: allocating heap with UseLargePages and HugeTLBFS may trash existing memory mappings (linux)
    • S8078268: javax.swing.text.html.parser.Parser parseScript incorrectly optimized
    • S8078382: Wrong glyph is displayed for a derived font
    • S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus
    • S8085903: New fix for memory leak in ProtectionDomain cache
    • S8098581: SecureRandom.nextBytes() hurts performance with small size requests
    • S8129740: Incorrect class file created when passing lambda in inner class constructor
    • S8130127: streamline input parameter of Nashorn scripting $EXEC function
    • S8130309: Need to bailout cleanly if creation of stubs fails when codecache is out of space
    • S8130317: “ant test” fails to complete on Windows when run under cygwin shell
    • S8133070: Hot lock on BulkCipher.isAvailable
    • S8133309: Some unicode characters do not display any more after upgrading to Windows 10
    • S8134232: KeyStore.load() throws an IOException with a wrong cause in case of wrong password
    • S8135322: ConstantPool::release_C_heap_structures not run in some circumstances
    • S8136998: JComboBox prevents wheel mouse scrolling of JScrollPane
    • S8137240: Negative lookahead in RegEx breaks backreference
    • S8138906: [TEST_BUG] Test test/script/trusted/JDK-8087292.js intermittently fails.
    • S8141148: LDAP “follow” throws ClassCastException with Java 8
    • S8141541: Simplify Nashorn’s Context class loader handling
    • S8143640: Showing incorrect result while passing specific argument in the Java launcher tools
    • S8143642: Nashorn shebang argument handling is broken
    • S8144160: Regression: two tests fail on Windows with “ant test” target
    • S8144221: fix Nashorn shebang argument handling on Mac/Linux
    • S8144703: ClassCastException: sun.font.CompositeFont cannot be cast to PhysicalFont
    • S8145305: fix Nashorn shebang handling on Cygwin
    • S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks
    • S8146975: NullPointerException in IIOPInputStream.inputClassFields
    • S8147026: Convert an assert in ClassLoaderData to a guarantee
    • S8147451: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
    • S8147585: Annotations with lambda expressions has parameter result in wrong behavior.
    • S8147969: Print size of DH keysize when errors are encountered
    • S8148140: arguments are handled differently in apply for JS functions and AbstractJSObjects
    • S8148984: [macosx] Chinese Comma cannot be entered using Pinyin Input Method on OS X
    • S8150219: ReferenceError in 1.8.0_72
    • S8150234: Windows 10 App Containers disallow access to ICMP calls
    • S8150814: correct package declaration in Nashorn test
    • S8151722: TESTBUG: New test compiler/native/TestDirtyInt.sh should be modified
    • S8153149: Uninitialised memory in WinAccessBridge.cpp:1128
    • S8153192: (se) Selector.select(long) uses wrong timeout after EINTR (lnx)
    • S8153781: Issue in XMLScanner: EXPECTED_SQUARE_BRACKET_TO_CLOSE_INTERNAL_SUBSET when skipping large DOCTYPE section with CRLF at wrong place
    • S8153948: sun/security/mscapi/ShortRSAKey1024.sh fails with “Field length overflow”
    • S8154009: Some methods of java.security.Security require more permissions, than necessary
    • S8154069: Jaws reads wrong values from comboboxes when no element is selected
    • S8154144: Tests in com/sun/jdi fails intermittently with “jdb input stream closed prematurely”
    • S8154469: Update FSF address
    • S8154553: Incorrect GPL header in package-info.java reported
    • S8154558: Incorrect GPL header in ProcessEnvironment_md.c reported
    • S8154816: Caps Lock doesn’t work as expected when using Pinyin Simplified input method
    • S8154831: CastII/ConvI2L for a range check is prematurely eliminated
    • S8155001: SystemTray.remove() leaks GDI Objects in Windows
    • S8155106: MHs.Lookup.findConstructor returns handles for array classes
    • S8155214: java/lang/invoke/PermuteArgsTest.java fails due to exhausted code cache
    • S8156478: 3 Buffer overrun defect groups in jexec.c
    • S8156521: Minor fixes and cleanups in NetworkInterface.c
    • S8156714: Parsing issue with automatic semicolon insertion
    • S8156836: SIGSEGV: Test test/compiler/jsr292/VMAnonymousClasses.java fails with JTREG 4.2 b02
    • S8156896: Script stack trace should display function names
    • S8157160: JSON.stringify does not work on ScriptObjectMirror objects
    • S8157242: Some java/lang/invoke tests miss othervm
    • S8157444: exclude jjs shebang handling test from runs
    • S8157603: TestCipher.java doesn’t check one of the decrypted message as expected
    • S8157680: Callback parameter of any JS builtin implementation should accept any Callable
    • S8157819: TypeError when a java.util.Comparator object is invoked as a function
    • S8158059: The fix for 8050402 was partially committed
    • S8158072: Need a test for JDK-7172749
    • S8158111: Make handling of 3rd party providers more stable
    • S8158178: java.awt.SplashScreen.getSize() returns incorrect size for high dpi splash screens
    • S8158338: Nashorn’s ScriptLoader split delegation has to be adjusted
    • S8158373: SIGSEGV: Metadata::mark_on_stack
    • S8158467: AccessControlException is thrown on public Java class access if “script app loader” is set to null
    • S8158495: CCE: sun.java2d.NullSurfaceData cannot be cast to sun.java2d.opengl.OGLSurfaceData
    • S8158802: com.sun.jndi.ldap.SimpleClientId produces wrong hash code
    • S8158871: Long response times with G1 and StringDeduplication
    • S8159822: Non-synchronized access to shared members of com.sun.jndi.ldap.pool.Pool
    • S8160122: Backport of JDK-8159244 used wrong version of the JDK 9 fix
    • S8160518: Semicolon is not recognized as comment starting character (Kerberos)
    • S8160693: ScriptRunData.java uses bitwise AND instead of logical AND
    • S8161144: Fix for JDK-8147451 failed: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
    • S8162510: 8u112 L10n resource file updates
    • S8164453: 8u112 L10n resource file update – msgdrop 20
  • Import of OpenJDK 8 u121 build 13
    • S8037099: [macosx] Remove all references to GC from native OBJ-C code
    • S8059212: Modify sun/security/smartcardio manual regression tests so that they do not just fail if no cardreader found
    • S8139565: Restrict certificates with DSA keys less than 1024 bits
    • S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
    • S8148516: Improve the default strength of EC in JDK
    • S8151893: Add security property to configure XML Signature secure validation mode
    • S8152438: Threads may do significant work out of the non-shared overflow buffer
    • S8153438: Avoid repeated “Please insert a smart card” popup windows
    • S8154005: Add algorithm constraint that specifies the restriction date
    • S8154015: Apply algorithm constraints to timestamped code
    • S8159410: InetAddress.isReachable returns true for non existing IP adresses
    • S8160108: Implement Serialization Filtering
    • S8161228: URL objects with custom protocol handlers have port changed after deserializing
    • S8161571: Verifying ECDSA signatures permits trailing bytes
    • S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar
    • S8163583: [macosx] Press “To Back” button on the Dialog,the Dialog moves behind the Frame
    • S8164908: ReflectionFactory support for IIOP and custom serialization
    • S8165230: RMIConnection addNotificationListeners failing with specific inputs
    • S8166389: [TEST_BUG] closed/java/security/Security/ReadProp/ReadProp.sh failing
    • S8166393: disabledAlgorithms property should not be strictly parsed
    • S8166432: Bad 8u112 merge of sun/security/tools/jarsigner/warnings/Test.java
    • S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only)
    • S8166739: Improve extensibility of ObjectInputFilter information passed to the filter
    • S8166875: (tz) Support tzdata2016g
    • S8166878: Connection reset during TLS handshake
    • S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed
    • S8167459: Add debug output for indicating if a chosen ciphersuite was legacy
    • S8167472: Chrome interop regression with JDK-8148516
    • S8167591: Add MD5 to signed JAR restrictions
    • S8168861: AnchorCertificates uses hardcoded password for cacerts keystore
    • S8168963: Backout JDK-8154005
    • S8168993: JDK8u121 L10n resource file update
    • S8169072: Backout JDK-8154015
    • S8169191: (tz) Support tzdata2016i
    • S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU
    • S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304
    • S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property
    • S8170268: 8u121 L10n resource file update – msgdrop 20
  • Bug fixes
    • PR3271: Always round glyph advance in 26.6 space
    • PR3271: Fix compatibility with vanilla Fontconfig
    • PR3271: Fix glyph y advance
    • PR3271: Replace ‘infinality’ with ‘improved font rendering’ (–enable-improved-font-rendering)
    • PR3271: Simplify glyph advance handling
    • PR3286: -ffp-contract not available on older GCCs
    • PR3302: zip should be optional, as it’s only used in the manually invoked dist-openjdk and dist-openjdk-fsg rules
    • PR3304: zip still a requirement of the underlying OpenJDK build
  • PPC port
    • S8170873, PR3280: PPC64/aarch64: Poor StrictMath performance due to non-optimized compilation
  • AArch64 port
    • S8130309, PR3280: Need to bailout cleanly if creation of stubs fails when codecache is out of space (AArch64 changes)
    • S8132875, PR3280: AArch64: Fix error introduced into AArch64 CodeCache by commit for 8130309
    • S8165673, PR3280: AArch64: Fix JNI floating point argument handling
    • S8170188, PR3280: jtreg test compiler/types/TestMeetIncompatibleInterfaceArrays.java causes JVM crash
    • S8170873, PR3280: PPC64/aarch64: Poor StrictMath performance due to non-optimized compilation

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • ce74a343759bfe6a7332301835e7c6e77d01db588a1dab672816c9ce338474b1 icedtea-3.3.0.tar.gz
  • efed173fa928897f02eed70c63b0e764800593c4800cb0e055a450df0d1aa045 icedtea-3.3.0.tar.gz.sig
  • b764ff09674f9139f94dfe9df8f6393ed55af149c7bb1033fbf119f68cea750b icedtea-3.3.0.tar.xz
  • 4ca9acdbec277afe2028508d36f30309a06a4317125f9207c9e95dce9335a0a0 icedtea-3.3.0.tar.xz.sig

The checksums can be downloaded from:

A 3.3.0 ebuild for Gentoo is available.

The following people helped with these releases:

  • Matthias Dahl (PR3271 font rendering improvements)
  • Andrew Hughes (all other bug fixes and backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.3.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.3.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.3.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 6 support in the 1.13.x series with the October 2016 security fixes from OpenJDK 6 b41.

This is the final security update to IcedTea 1.x. Users should upgrade to IcedTea 2.x for OpenJDK 7 or 3.x for OpenJDK 8. See the earlier post on this for further details.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. There will be a final 1.14.0 release at some point and this can include fixes for any issues with this release. However, it will not include any further security backports.

Full details of the release can be found below.

What’s New?

New in release 1.13.13 (2017-01-09)

  • Security fixes
  • Import of OpenJDK6 b41
    • S4787377: VK_STOP key on Solaris generates wrong Key Code
    • S4947220: (process)Runtime.exec() cannot invoke applications with unicode parameters(win)
    • S5036807: Pressing action keys “STOP/AGAIN/COMPOSE” generates keycode of F11/F12 keys.
    • S5099725: AWT doesn’t seem to handle MappingNotify events under X11.
    • S5100701: Toolkit.getLockingKeyState() does not work on XToolkit, but works on Motif
    • S6324292: keytool -help is unhelpful
    • S6464022: Memory leak in JOptionPane.createDialog
    • S6501385: ColorChooser demo – two elemets have same mnemonic in it locale, GTK L&F
    • S6535697: keytool can be more flexible on format of PEM-encoded X.509 certificates
    • S6561126: keytool should use larger default keysize for keypairs
    • S6566218: l10n of 6476932
    • S6606396: Notepad and Stylepad demos don’t run in Japanese locale.
    • S6608456: need API to define RepaintManager per components hierarchy
    • S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java
    • S6675400: “Details” in English has to be “Details” in German
    • S6680988: KeyEvent is still missing VK values for many keyboards
    • S6683775: Painting artifacts is seen when panel is made setOpaque(false) for a translucent window
    • S6693507: There are unnecessary compilation warnings in the com.sun.java.swing.plaf.motif package
    • S6709758: keytool default cert fingerprint algorithm should be SHA1, not MD5
    • S6711676: Numpad keys trigger more than one KeyEvent.
    • S6719382: Printing of AWT components on windows is not working
    • S6726866: Repainting artifacts when resizing or dragging JInternalFrames in non-opaque toplevel
    • S6727661: Code improvement and warnings removing from the swing/plaf packages
    • S6727662: Code improvement and warnings removing from swing packages
    • S6794764: Translucent windows are completely repainted on every paint event, on Windows
    • S6796710: Html content in JEditorPane is overlapping on swing components while resizing the application. [TEST FRAMEWORK ONLY]
    • S6802846: jarsigner needs enhanced cert validation(options)
    • S6867657: Many JSN tests do not run under cygwin
    • S6870812: enhance security tools to use ECC algorithms
    • S6871299: Shift+Tab no longer generates a KEY_TYPED event; used to with JRE 1.5
    • S6871847: AlgorithmId.get(“SHA256withECDSA”) not available
    • S6882559: new JEditorPane(“text/plain”,”") fails for null context class loader
    • S6894719: (launcher)The option -no-jre-restrict-search is expected when -jre-no-restrict-search is documented.
    • S6901170: HttpCookie parsing of version and max-age mis-handled
    • S6911129: These tests do not work with CYGWIN: java/lang
    • S6922482: keytool’s help on -file always shows ‘output file’
    • S6923681: Jarsigner crashes during timestamping
    • S6939248: Jarsigner can’t extract Extended Key Usage from Timestamp Reply correctly
    • S6959252: convert the anonymous arrays to named arrays in Java List Resource files
    • S6969683: Generify ResolverConfiguration codes
    • S6980510: Fix for 6959252 broke JConsole mnemonic keys
    • S6982840: sun/security/tools/jarsigner/emptymanifest.sh fails
    • S6987827: security/util/Resources.java needs improvement
    • S6988163: sun.security.util.Resources dup and a keytool doc typo
    • S7004168: jarsigner -verify checks for KeyUsage codesigning ext on all certs instead of just signing cert
    • S7013850: Please change the mnemonic assignment system to avoid translation issue
    • S7017818: NLS: JConsoleResources.java cannot be handled by translation team
    • S7019937: Translatability bug – Remove Unused String – String ID , read end of file
    • S7019938: Translatability bug – Remove Unused String – String ID can not specify Principal with a
    • S7019940: Translatability bug – Remove unused string – String ID: provided null name
    • S7019942: Translatability bug – String ID: trustedCertEntry,
    • S7019945: Translatability bug – Translatability issue – String ID: * has NOT been verified! In order to veri
    • S7019947: Translatability bug – Translatability issue – String ID: * The integrity of the information stored i
    • S7019949: Translatability bug – Translatability issue – String ID: * you must provide your keystore password.
    • S7020531: test: java/security/cert/CertificateFactory/openssl/OpenSSLCert.java file not closed after run
    • S7021693: [ja, zh_CN] jconsole throws exception and fail to start in ja and zh_CN locales
    • S7022005: [ja,zh_CN] javadoc, part of navigation bar in generated html are not translated.
    • S7024118: possible hardcoded mnemonic for JFileChooser metal and motif l&f
    • S7025267: NLS: t13y fix for 7021689 [ja] Notepad demo throws NPE
    • S7028447: security-related resources Chinese translation errors
    • S7028490: better suggestion for jarsigner when TSA is not accessible
    • S7030174: Jarsigner should accept TSACert with an HTTPS id-ad-timeStamping SIA
    • S7032018: The file list in JFileChooser does not have an accessible name
    • S7032436: When running with the Nimbus look and feel, the JFileChooser does not display mnemonics
    • S7034259: [all] incorrect mnemonic keys in JCP automatic update advanced settings dialog.
    • S7034940: message drop 2 translation integration
    • S7035843: [zh_CN, ja] JConsole mnemonic keys don’t work
    • S7038803: [CCJK] Incorrect mnemonic key (0) is displayed on cancel button on messagedialog of JOptionPane
    • S7038807: [CCJK] OK button on message dialog of JOptionpane is not translated
    • S7040228: [zh_TW] extra (C) on cancel button on File Chooser dialog
    • S7040257: [pt_BR,fr] Print dialog has duplicate mnemonic key.
    • S7042323: [sv, de, es, it] Print dialog has duplicate mnemonic key
    • S7042475: [ja,zh_CN] extra mnemonic key in jconsole
    • S7043548: message drop 3 translation integration
    • S7045132: sun.security.util.Resources_pt_BR.java translation error
    • S7045184: GTK L&F doesn’t have hotkeys in jdk7 b141, while b139 has.
    • S7062969: java -help still shows http://java.sun.com/javase/reference
    • S7090158: Networking Libraries don’t build with javac -Werror
    • S7090832: Some locale info are not localized for some languages.
    • S7093156: NLS Please change the mnemonic assignment system to avoid translation issue (Swing files)
    • S7102686: Restructure timestamp code so that jars and modules can more easily share the same code
    • S7109085: Test use hotkeys not intended for Mac
    • S7116786: RFE: Detailed information on VerifyErrors
    • S7124171: 7u4 l10n message update related to Mac OS X port
    • S7125055: ContentHandler.getContent API changed in error
    • S7132247: java/rmi/registry/readTest/readTest.sh failing with Cygwin
    • S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done
    • S7145375: 7u4 l10n message update related to langtools
    • S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows
    • S7146099: NLS: [de,es,it,ko,pt_BR]launcher_**.properties, double backslash issue.
    • S7149012: jarsigner needs not warn about cert expiration if the jar has a TSA timestamp
    • S7158712: Synth Property “ComboBox.popupInsets” is ignored
    • S7169226: NLS: Please change the mnemonic assignment system for windows and motif properties
    • S7174970: NLS [ccjk] Extra mnemonic keys at standard filechooserdialog (open and save) in metal L&F
    • S7175367: NLS: 7u6 message drop10 integration
    • S7176894: back out LocaleNames_xx.properties files from 7u6 message drop10
    • S7178145: Change constMethodOop::_exception_table to optionally inlined u2 table.
    • S7181632: nsk classLoad001_14 failure and CompileTheWorld crash after 7178145.
    • S7182226: NLS: jdk7u6 message drop20 integration
    • S7183203: ShortRSAKeynnn.sh tests intermittent failure
    • S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test
    • S7194449: String resources for Key Tool and Policy Tool should be in their respective packages
    • S8000626: Implement dead key detection for KeyEvent on Linux
    • S8003890: corelibs test scripts should pass TESTVMOPTS
    • S8008764: 7uX l10n resource file translation update
    • S8009168: accessibility.properties syntax issue
    • S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161
    • S8010297: Missing isLoggable() checks in logging code
    • S8010782: clean up source files containing carriage return characters
    • S8014048: Online user guide of jconsole points incorrect link
    • S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux
    • S8015265: revise the fix for 8007037
    • S8016579: (process) IOException thrown by ProcessBuilder.start() method is incorrectly encoded
    • S8019541: 7u40 l10n resource file translation update
    • S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo
    • S8023338: Update jarsigner to encourage timestamping
    • S8024302: Clarify jar verifications
    • S8024756: method grouping tabs are not selectable
    • S8026741: jdk8 l10n resource file translation update 5
    • S8027787: 7u51 l10n resource file translation update 1
    • S8030698: Several GUI labels in jconsole need correction
    • S8030878: JConsole issues meaningless message if SSL connection fails
    • S8035988: 7u60 l10n resource file translation update 1
    • S8038837: Add support to jarsigner for specifying timestamp hash algorithm
    • S8048147: Privilege tests with JAAS Subject.doAs
    • S8048357: PKCS basic tests
    • S8049171: Additional tests for jarsigner’s warnings
    • S8055176: 7u71 l10n resource file translation update
    • S8057530: (process) Runtime.exec throws garbled message in jp locale
    • S8059177: jdk8u40 l10n resource file translation update 1
    • S8065609: 7u76 l10n resource file translation update
    • S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given
    • S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387
    • S8078628, PR3152: Zero build fails with pre-compiled headers disabled
    • S8080628: No mnemonics on Open and Save buttons in JFileChooser
    • S8083601: jdk8u60 l10n resource file translation update 2
    • S8140530, PR3276: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString
    • S8142926: OutputAnalyzer’s shouldXXX() calls return this
    • S8143134: L10n resource file translation update
    • S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General
    • S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline
    • S8150611: Security problem on sun.misc.resources.Messages*
    • S8157077: 8u101 L10n resource file updates
    • S8157653: [Parfait] Uninitialised variable in awt_Font.cpp
    • S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559
    • S8159684: (tz) Support tzdata2016f
    • S8162411: Service Menu services 2
    • S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968
    • S8162511: 8u111 L10n resource file updates
    • S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8
    • S8164452: 8u111 L10n resource file update – msgdrop 20
    • S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm
    • S8166381: Back out changes to the java.security file to not disable MD5
    • S8169448, PR3205: OpenJDK 6 fails to build without pre-compiled headers
    • S8171415: Remove Java 7 features from testlibrary
    • S8171954: Add stubs for sun.security.tools.KeyTool and sun.security.tools.JarSigner
    • S8172159: Remove @Override annotation on interfaces added by b41 updates
    • S8172252: Remove over-zealous switch to for-each loop in SortingFocusTraversalPolicy
  • Backports
    • S6974985, PR3276: Java2Demo threw exceptions when xrender enabled in OEL5.5
    • S6985593, PR3276: Crash in Java_sun_java2d_loops_MaskBlit_MaskBlit on oel5.5-x64
  • Bug fixes
    • PR3174: systemtap: type definition ‘symbolOopDesc’ not found
    • PR3175: invalid zip timestamp handling leads to error updating JAR files
    • PR3213: Disable ARM32 JIT by default
    • PR3275: Update generated files after OpenJDK 6 b41 update

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • b0456b5efaa2cd884943287256ec7bd9945ac02d49d8e3295141391cc376f96b icedtea6-1.13.13.tar.gz
  • 057be0084bd1730505e55c4e1b3302dd35a0e508f64e4fda28f0f709b1a9e30c icedtea6-1.13.13.tar.gz.sig
  • 4fcfd0a4114f7b116e7a429894819b40bd43ee0935b90fd83978e1e3c8d2e92d icedtea6-1.13.13.tar.xz
  • 9040dda8279bc709104c5c028a5849bc880784343408391b09f9b52961df9bde icedtea6-1.13.13.tar.xz.sig

The checksums can be downloaded from:

A 1.13.13 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.13.13.tar.gz

or:

$ tar x -I xz -f icedtea6-1.13.13.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea6-1.13.13/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

Following the proposed end-of-life of OpenJDK 6 upstream, we will be concluding support for the IcedTea 1.x series with the following upcoming releases:

  • 1.13.13, containing the October 2016 security updates in the upcoming OpenJDK 6 b41 release.
  • 1.14.0, based on the same b41 release but containing the changes from IcedTea 1.x HEAD which were thought too disruptive for the stable branch release. The remaining proposed changes for 1.14.0 will be reviewed and the more extensive tasks dropped, given the upcoming discontinuation of this major release series.

We have no plans to produce backports of the security updates for January 2017 and beyond, either upstream in OpenJDK 6 or in IcedTea 1.x.

Others are, of course, welcome to take over maintainership of IcedTea 1.x if they wish to do so.

Many thanks for your support over the years.