OpenJDK


The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the July 2017 security fixes from OpenJDK 7 u151.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.6.11 (2017-08-08)

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • 5dfbe0f40d8b6004d49add4ec398d1c91d4c02b11716297055e5d73919fb85be icedtea-2.6.11.tar.gz
  • f100c3bfffa5ea0b9a2184346856a1d3db7f8d2a45c74523ad928dcf179ad0e3 icedtea-2.6.11.tar.gz.sig
  • 20063c314535e4ed4b8099e497b880e4f346c85e7315a2573d0f398b973777c5 icedtea-2.6.11.tar.xz
  • 43bf76c60d219ef76b0e03484ee92d0d7657dafae51f21ed088ee5bb5ee654ca icedtea-2.6.11.tar.xz.sig

The checksums can be downloaded from:

A 2.6.11 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.11.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.11.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.11/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

We are pleased to announce the release of IcedTea 3.5.1!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 8 support with the additional fix provided in OpenJDK 8 u144. It also brings in the latest Shenandoah updates.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 3.5.1 (2017-07-27)

  • Import of OpenJDK 8 u144 build 01
    • S8184993: Jar file verification failing with SecurityException: digest missing xxx
  • Shenandoah
    • Amend “ArrayCopy verification code fix” with 8u-specific node hierarchy test
    • Amend “Refactor asm acmp” with a few missing changes
    • [backport] aarch64 store check fix
    • [backport] Account “shared” out-of-LAB allocations separately
    • [backport] Adaptive should not be scared of user-requested System.gc()
    • [backport] Added assertion for page alignment of heap’s base address
    • [backport] Add “verify jcstress” acceptance test
    • [backport] “Allocation failure” cause should not be overwritten
    • [backport] ArrayCopy verification code fix
    • [backport] Assorted cleanups
    • [backport] “Before Full GC” verification is too strong for OOME-during-evac
    • [backport] C1 stores constants without read barriers
    • [backport] Cleanup AArch64 code
    • [backport] Cleanup class unloading and string intern code
    • [backport] Cleanup duplicated Shenandoah task queue declarations
    • [backport] Cleanups
    • [backport] Cleanup ShenandoahBarrierSet::write_barrier
    • [backport] Cleanup ShenandoahHeap::do_evacuation
    • [backport] Clean up unused fields and methods
    • [backport] Cleanup: update-refs check in_collection_set twice
    • [backport] Code cache roots styles
    • [backport] Concurrent code cache evacuation + bugfixes
    • [backport] Concurrent preclean + Fix weakref precleaning
    • [backport] Correct prefetch offset for marked object iteration
    • [backport] Deferred region cleanup.
    • [backport] Dense ShenandoahHeapRegion printout
    • [backport] Detailed ParallelCleanupTask statistics + Split out Full GC stats for parallel cleaning
    • [backport] Disable aggressive+verification test configs (jtreg eats up last configuration)
    • [backport] Do not abandon RP discovery on conc GC cancel, do that only before Full GC
    • [backport] Eliminating _num_regions variable in ShenandoahHeap
    • [backport] Ensure collection set and cset map are consistent
    • [backport] Fallback to shared allocation if GCLAB is not available
    • [backport] Fast synchronizer root scanning
    • [backport] “F: Code Cache Roots” is missing from gc+stats
    • [backport] Fix DerivedPointerTable handling when scanning roots twice in init-evac phase
    • [backport] Fixed a few of early returns that calling register_gc_end()
    • [backport] Fix live data accounting for humongous region
    • [backport] Fix memory Phis with only data uses
    • [backport] Fix recycled regions zapping
    • [backport] Fix up pointer volatility
    • [backport] Generic verification should not trust bitmaps
    • [backport] Heap/matrix verification for all reachable objects
    • [backport] Heap memory usage counting not longer needs to be atomic
    • [backport] Heap region recycling should call explicit clear() and request zapping
    • [backport] Heap region verification
    • [backport] Implementation of interpreter matrix barrier on aarch64
    • [backport] Implement early update references phase.
    • [backport] implicit null checks broken on aarch64
    • [backport] Increase timeout for EvilSyncBug test
    • [backport] Lazy parallel code cache iterator
    • [backport] Make statistics gathering span more operations
    • [backport] Make sure atomic operations are done on “volatile” fields
    • [backport] Make sure new_active_workers is used
    • [backport] Make {T,GC}LAB statistics unconditional
    • [backport] Mark-compact and heuristics should consistently process refs and unload classes
    • [backport] minor fix to optimization of java mirror comparison
    • [backport] more barrier on constant oop fixes + couple small unrelated fixes
    • [backport] More collection set and matrix cleanup
    • [backport] Nit: mark-compact phase 3 (Adjust Pointers) should announce itself as “Phase 3″
    • [backport] Optimize heap region size checks
    • [backport] Optimize heap verification
    • [backport] Out-of-TLAB evacuation should overwrite stale copies
    • [backport] Parallel code cache scanning
    • [backport] Parallel verification
    • [backport] Print correct message about gross times in stats
    • [backport] Print heap changes in phases that actually change heap occupancy
    • [backport] Print more detailed final UR stats
    • [backport] Print more details for weak ref and class unloading stats
    • [backport] Properly react on -ClassUnloading
    • [backport] Purge ealier version of redefined classes during class unloading
    • [backport] Purge ratio, global, connections heuristics.
    • [backport] Purge shenandoahHumongous.hpp
    • [backport] Purge ShenandoahVerify(Reads|Writes)ToFromSpace.
    • [backport] Reduce region retirement during tlab allocation
    • [backport] Refactor asm acmp (x86, aarch64, renames)
    • [backport] Refactor BrooksPointer asserts
    • [backport] Refactor heap verification
    • [backport] Reference processing deadlocks with -ParallelRefProcEnabled
    • [backport] Reference processors might use non-forwarded alive checks
    • [backport] Region sampling may not be enabled because last timetick is uninitialized
    • [backport] Rehash ShenandoahHeap section in hs_err
    • [backport] Reinstate “Purge” block in final-mark stats
    • [backport] Relax assert to not fire at safepoint
    • [backport] Remove heap printing routines from ShenandoahHeap
    • [backport] Remove obsolete compile_resolve_oop_runtime() methods
    • [backport] Rename final mark operations
    • [backport] Rename ShenandoahBarriersForConst
    • [backport] Replace ShHeapRegionSet::get with get_fast
    • [backport] Report correct total garbage data. Print out garbage and cset data with -Xlog:gc+ergo
    • [backport] Report oops and fwdptrs verification failures fully
    • [backport] Result of write barrier on constant not used
    • [backport] Separate Full GC root operations in GC stats
    • [backport] ShenandoahCollectionSet refactor
    • [backport] ShenandoahGCSession used wrong timer for full GC
    • [backport] ShenandoahHeap::evacuate_object() with boolean result flag.
    • [backport] Shenandoah options should be uintx
    • [backport] shenandoah_wb should fallback to slow path with -UseTLAB + Fix aarch64 compilation error due to shenandoah_wb change
    • [backport] ShenandoahWriteBarrierNode::memory_dominates_all_paths() assert failure when compiling methods using unsafe
    • [backport] Shortcut reference processing when no work is available
    • [backport] Simplify parallel synchronizer roots iterator
    • [backport] Skip RESOLVE when references update is not needed
    • [backport] Stats should attribute “Resize TLABs” properly, and mention “Pause” for init/final mark
    • [backport] Stats should not record past-shutdown events
    • [backport] “String/Symbol/CodeCache” -> “Str/Sym, Code Cache”
    • [backport] Tests should use all heuristics and pass heap verification + Disable aggressive+verification test configs
    • [backport] Total pauses should include final-mark pauses
    • [backport] Trim down native GC footprint
    • [backport] Update region sampling to include TLAB/GCLAB allocation data
    • [backport] Update roots should always handle derived pointers
    • [backport] Update ShenandoahHeapSampling to avoid double counting.
    • [backport] Update statistics to capture thread data accurately
    • [backport] Use CollectedHeap::base() instead of ShenandoahHeap::first_region_bottom()
    • [backport] Use lock version heap region memory allocator
    • [backport] Use scoped object for gc session/phases recording
    • [backport] Variable steps in adaptive heuristics
    • [backport] Verification error log is truncated
    • [backport] Verification levels
    • [backport] Verification should assert complete bitmaps in most phases + Disable complete bitmap verification in init mark
    • [backport] Verifier performance improvements: scan objects once, avoid double oop checks
    • [backport] Verifier should not assert cset in forwarded test block
    • [backport] Verifier should print extended info on referenced location
    • [backport] Verifier should use non-optimized root scans
    • [backport] Verify marked objects
    • [backport] Verify TAMS and object sizes
    • [backport] write barrier can get stuck below predicates resulting in unschedulable graph
    • S8140584: nmethod::oops_do_marking_epilogue always runs verification code
    • S8180175, S8180599: Cherry-pick/synchronize
    • Cleanup: Removed redundant ClassLoaderData::clear_claimed_marks() calls
    • Cleanup shared code.
    • Fixed memory leak in region garbage cache
    • Fix return type of ShenandoahHeapRegion::region_size_words_jint()
    • Improved comment about AArch64bit addressing in assembler.
    • Leak mutex in ShenandoahTaskTerminator
    • Make sure C2 arguments are not used when C2 is disabled.
    • Refactor parallel ClassLoaderData iterator
    • Revert G1 changes and bring shared BitMap
    • Add missing cmpoops() declaration to AArch64 macro assembler. Back out matrix related code from AArch64 interpreter.
    • Fix build without precompiled headers.
    • Fixed build issues on Windows

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • b229f2aa5d743ff850fa695e61f65139bb6eca1a9d10af5306ad3766fcea2eb2 icedtea-3.5.1.tar.gz
  • 801497164168171b7aedae37aabde7821e0df0cfe76736054a2a91f96ae3d0b0 icedtea-3.5.1.tar.gz.sig
  • 8eaa6ac93d4a1989460109246f78427acc5493f847c7b2fc80d3a5d918d811c9 icedtea-3.5.1.tar.xz
  • 9ac863f00398ac51bf62aa4a1e22889baf5a088256755f3dde849849a2bc518f icedtea-3.5.1.tar.xz.sig

The checksums can be downloaded from:

A 3.5.1 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.5.1.tar.gz

or:

$ tar x -I xz -f icedtea-3.5.1.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.5.1/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

We are pleased to announce the release of IcedTea 3.5.0!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 8 support with the July 2017 security fixes from OpenJDK 8 u141.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 3.5.0 (2017-07-20)

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • 2c92e18fa70edaf73517fcf91bc2a7cc2ec2aa8ffdf22bb974fa6f9bc3065f30 icedtea-3.5.0.tar.gz
  • d27c337e87221c9de158f83e43823bf2c5ec2ebf78c8fa5b9a11b182acb68ee1 icedtea-3.5.0.tar.gz.sig
  • 9aa89e00ecc07baa6b37a6b1e363c3d7128253e95374c74d1d2706f36c3ccab5 icedtea-3.5.0.tar.xz
  • 59089156b3ea0973304c6d89d598ca6a149e594f9555fd35c9c0a78101ce7e65 icedtea-3.5.0.tar.xz.sig

The checksums can be downloaded from:

A 3.5.0 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.5.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.5.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.5.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the April 2017 security fixes from OpenJDK 7 u141.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.6.10 (2017-05-16)

  • Security fixes
  • New features
    • PR3347: jstack.stp should support AArch64
  • Import of OpenJDK 7 u141 build 0
    • S4717864: setFont() does not update Fonts of Menus already on screen
    • S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException
    • S6518907: cleanup IA64 specific code in Hotspot
    • S6869327: Add new C2 flag to keep safepoints in counted loops.
    • S7112912: Message “Error occurred during initialization of VM” on boxes with lots of RAM
    • S7124213: [macosx] pack() does ignore size of a component; doesn’t on the other platforms
    • S7124219: [macosx] Unable to draw images to fullscreen
    • S7124552: [macosx] NullPointerException in getBufferStrategy()
    • S7148275: [macosx] setIconImages() not working correctly (distorted icon when minimized)
    • S7154841: [macosx] Popups appear behind taskbar
    • S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8
    • S7160627: [macosx] TextArea has wrong initial size
    • S7167293: FtpURLConnection connection leak on FileNotFoundException
    • S7168851: [macosx] Netbeans crashes in CImage.nativeCreateNSImageFromArray
    • S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed, compile error
    • S8005255: [macosx] Cleanup warnings in sun.lwawt
    • S8006088: Incompatible heap size flags accepted by VM
    • S8007295: Reduce number of warnings in awt classes
    • S8010722: assert: failed: heap size is too big for compressed oops
    • S8011059: [macosx] Support automatic @2x images loading on Mac OS X
    • S8014058: Regression tests for 8006088
    • S8014489: tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags jtreg tests invoke wrong class
    • S8016302: Change type of the number of GC workers to unsigned int (2)
    • S8024662: gc/arguments/TestUseCompressedOopsErgo.java does not compile.
    • S8024669: Native OOME when allocating after changes to maximum heap supporting Coops sizing on sparcv9
    • S8024926: [macosx] AquaIcon HiDPI support
    • S8025974: l10n for policytool
    • S8027025: [macosx] getLocationOnScreen returns 0 if parent invisible
    • S8028212: Custom cursor HiDPI support
    • S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck optimization.
    • S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren’t rendered in high resolution on Retina
    • S8033534: [macosx] Get MultiResolution image from native system
    • S8033786: White flashing when opening Dialogs and Menus using Nimbus with dark background
    • S8035568: [macosx] Cursor management unification
    • S8041734: JFrame in full screen mode leaves empty workspace after close
    • S8059803: Update use of GetVersionEx to get correct Windows version in hs_err files
    • S8066504: GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version 0
    • S8079595: Resizing dialog which is JWindow parent makes JVM crash
    • S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus
    • S8130769: The new menu can’t be shown on the menubar after clicking the “Add” button.
    • S8133357: 8u65 l10n resource file translation update
    • S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException
    • S8147842: IME Composition Window is displayed at incorrect location
    • S8147910: Cache initial active_processor_count
    • S8150490: Update OS detection code to recognize Windows Server 2016
    • S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled
    • S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java
    • S8161993: G1 crashes if active_processor_count changes during startup
    • S8162603: Unrecognized VM option ‘UseCountedLoopSafepoints’
    • S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently
    • S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with “Error while cleaning up threads after test”
    • S8167179: Make XSL generated namespace prefixes local to transformation process
    • S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
    • S8169589: [macosx] Activating a JDialog puts to back another dialog
    • S8170307: Stack size option -Xss is ignored
    • S8170316: (tz) Support tzdata2016j
    • S8170814: Reuse cache entries (part II)
    • S8171388: Update JNDI Thread contexts
    • S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state
    • S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked.
    • S8173931: 8u131 L10n resource file update
    • S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle
    • S8175087: [bsd] Fix build after “8024900: PPC64: Enable new build on AIX (jdk part)”
    • S8175163: [bsd] Fix build after “8005629: javac warnings compiling java.awt.EventDispatchThread…”
    • S8176044: (tz) Support tzdata2017a
  • Import of OpenJDK 7 u141 build 1
    • S8043723: max_heap_for_compressed_oops() declared with size_t, but defined with uintx
  • Import of OpenJDK 7 u141 build 2
    • S8011123: serialVersionUID of java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82
  • Backports
  • Bug fixes
    • PR3349: Architectures unsupported by SystemTap tapsets throw a parse error
    • PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh
    • PR3379: Perl should be mandatory
    • PR3390: javac.in and javah.in should use @PERL@ rather than a hardcoded path
  • CACAO
    • PR2732: Raise javadoc memory limits for CACAO again!
  • AArch64 port
    • S8177661, PR3367: Correct ad rule output register types from iRegX to iRegXNoSp

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • 02af605d4437e314a55c85a334321719d16be3ff670064de8972c15e30f5ceed icedtea-2.6.10.tar.gz
  • 48f7b14d67c9a67e5e29c5ada64e8b9875f3feefacf07df1dc66dd668166d8df icedtea-2.6.10.tar.gz.sig
  • 1c49fd735cc908677044935b6899e59434356b7e65d163bb5033e32f6621a92a icedtea-2.6.10.tar.xz
  • abcd0e05aad77528da4957e5ccebd02282adae0938b02685100244e93da27eac icedtea-2.6.10.tar.xz.sig

The checksums can be downloaded from:

A 2.6.10 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.10.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.10.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.10/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

We are pleased to announce the release of IcedTea 3.4.0: ARMed and Ready!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 8 support with the April 2017 security fixes from OpenJDK 8 u131.

We also add support for building using the AArch32 HotSpot port. This is now
the default on arm[32], which should lead to significant performance increases over the previous default Zero assembler build.

AArch64 also gets some love, with support for this architecture in the Shenandoah HotSpot build (PR3297) and the SystemTap JDK tapsets (PR3340).

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 3.4.0 (2017-05-16)

  • Security fixes
  • New features
    • PR1969: Add AArch32 JIT port
    • PR3297: Allow Shenandoah to be used on AArch64
    • PR3340: jstack.stp should support AArch64
  • Import of OpenJDK 8 u131 build 11
    • S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException
    • S6515172, PR3346: Runtime.availableProcessors() ignores Linux taskset command
    • S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8
    • S7167293: FtpURLConnection connection leak on FileNotFoundException
    • S8035568: [macosx] Cursor management unification
    • S8079595: Resizing dialog which is JWindow parent makes JVM crash
    • S8130769: The new menu can’t be shown on the menubar after clicking the “Add” button.
    • S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException
    • S8147842: IME Composition Window is displayed at incorrect location
    • S8147910, PR3346: Cache initial active_processor_count
    • S8150490: Update OS detection code to recognize Windows Server 2016
    • S8160951: [TEST_BUG] javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added into :needs_jre group
    • S8160958: [TEST_BUG] java/net/SetFactoryPermission/SetFactoryPermission.java should be added into :needs_compact2 group
    • S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled
    • S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java
    • S8161993, PR3346: G1 crashes if active_processor_count changes during startup
    • S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently
    • S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails
    • S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with “Error while cleaning up threads after test”
    • S8167179: Make XSL generated namespace prefixes local to transformation process
    • S8168774: Polymorhic signature method check crashes javac
    • S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
    • S8169589: [macosx] Activating a JDialog puts to back another dialog
    • S8170307: Stack size option -Xss is ignored
    • S8170316: (tz) Support tzdata2016j
    • S8170814: Reuse cache entries (part II)
    • S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments
    • S8171388: Update JNDI Thread contexts
    • S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state
    • S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked.
    • S8173030: Temporary backout fix #8035568 from 8u131-b03
    • S8173031: Temporary backout fix #8171952 from 8u131-b03
    • S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups
    • S8173931: 8u131 L10n resource file update
    • S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle
    • S8174985: NTLM authentication doesn’t work with IIS if NTLM cache is disabled
    • S8176044: (tz) Support tzdata2017a
  • Backports
  • Bug fixes
    • PR3348: Architectures unsupported by SystemTap tapsets throw a parse error
    • PR3378: Perl should be mandatory
    • PR3389: javac.in and javah.in should use @PERL@ rather than a hardcoded path
  • AArch64 port
    • S8168699, PR3372: Validate special case invocations [AArch64 support]
    • S8170100, PR3372: AArch64: Crash in C1-compiled code accessing References
    • S8172881, PR3372: AArch64: assertion failure: the int pressure is incorrect
    • S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit instructions
    • S8177661, PR3372: Correct ad rule output register types from iRegX to iRegXNoSp
  • AArch32 port
    • PR3380: Zero should not be enabled by default on arm with the AArch32 HotSpot build
    • PR3384, S8139303, S8167584: Add support for AArch32 architecture to configure and jdk makefiles
    • PR3385: aarch32 does not support -Xshare:dump
    • PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build
    • PR3387: Installation fails on arm with AArch32 port as INSTALL_ARCH_DIR is arm, not aarch32
    • PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build
  • Shenandoah
    • Fix Shenandoah argument checking on 32bit builds.
    • Import from Shenandoah tag aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25
    • Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20
    • Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06
    • Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09
    • Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • 2b606bbbf4ca5bcf2c8e811ea9060da30744860f3d63e1b3149fb5550a90b92b icedtea-3.4.0.tar.gz
  • 15391447e489cb939277a6981ff9dbc2a57d50c6d3682e0159a1dab04a05da02 icedtea-3.4.0.tar.gz.sig
  • b518f389c44d45bb264d7e954b3c0b836d3d23ba9fbd620ff7c68f934a012e9a icedtea-3.4.0.tar.xz
  • 32e80eacf27e3ec31dd698486e2f79a92bc146c4bc37c76bb7e3d8b7e34a7084 icedtea-3.4.0.tar.xz.sig

The checksums can be downloaded from:

A 3.4.0 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.4.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.4.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.4.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the January 2017 security fixes from OpenJDK 7 u131.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.6.9 (2017-02-14)

  • Security fixes
  • Import of OpenJDK 7 u131 build 0
    • S6253144: Long narrowing conversion should describe the algorithm used and implied “risks”
    • S6328537: Improve javadocs for Socket class by adding references to SocketOptions
    • S6978886: javadoc shows stacktrace after print error resulting from disk full
    • S6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
    • S6996372: synchronizing handshaking hash
    • S7027045: (doc) java/awt/Window.java has several typos in javadoc
    • S7054969: Null-check-in-finally pattern in java/security documentation
    • S7072353: JNDI libraries do not build with javac -Xlint:all -Werror
    • S7075563: Broken link in “javax.swing.SwingWorker”
    • S7077672: jdk8_tl nightly fail in step-2 build on 8/10/11
    • S7088502: Security libraries don’t build with javac -Werror
    • S7092447: Clarify the default locale used in each locale sensitive operation
    • S7093640: Enable client-side TLS 1.2 by default
    • S7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed
    • S7117360: Warnings in java.util.concurrent.atomic package
    • S7117465: Warning cleanup for IMF classes
    • S7187144: JavaDoc for ScriptEngineFactory.getProgram() contains an error
    • S8000418: javadoc should used a standard “generated by javadoc” string
    • S8000666: javadoc should write directly to Writer instead of composing strings
    • S8000673: remove dead code from HtmlWriter and subtypes
    • S8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
    • S8001669: javadoc internal DocletAbortException should set cause when appropriate
    • S8008949: javadoc stopped copying doc-files
    • S8011402: Move blacklisting certificate logic from hard code to data
    • S8011547: Update XML Signature implementation to Apache Santuario 1.5.4
    • S8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
    • S8016217: More javadoc warnings
    • S8017325: Cleanup of the javadoc <code> tag in java.security.cert
    • S8017326: Cleanup of the javadoc <code> tag in java.security.spec
    • S8019772: Fix doclint issues in javax.crypto and javax.security subpackages
    • S8020557: javadoc cleanup in javax.security
    • S8020688: Broken links in documentation at http://docs.oracle.com/javase/6/docs/api/index.
    • S8021108: Clean up doclint warnings and errors in java.text package
    • S8021417: Fix doclint issues in java.util.concurrent
    • S8021833: javadoc cleanup in java.net
    • S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods fails
    • S8022175: Fix doclint warnings in javax.print
    • S8022406: Fix doclint issues in java.beans
    • S8022746: List of spelling errors in API doc
    • S8024779: [macosx] SwingNode crashes on exit
    • S8025085: [javadoc] some errors in javax/swing
    • S8025218: [javadoc] some errors in java/awt classes
    • S8025249: [javadoc] fix some javadoc errors in javax/swing/
    • S8025409: Fix javadoc comments errors and warning reported by doclint report
    • S8026021: more fix of javadoc errors and warnings reported by doclint, see the description
    • S8037099: [macosx] Remove all references to GC from native OBJ-C code
    • S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
    • S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits
    • S8049244: XML Signature performance issue caused by unbuffered signature data
    • S8049432: New tests for TLS property jdk.tls.client.protocols
    • S8050893: (smartcardio) Invert reset argument in tests in sun/security/smartcardio
    • S8059212: Modify sun/security/smartcardio manual regression tests so that they do not just fail if no cardreader found
    • S8068279: (typo in the spec) javax.script.ScriptEngineFactory.getLanguageName
    • S8068491: Update the protocol for references of docs.oracle.com to HTTPS.
    • S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210
    • S8076369: Introduce the jdk.tls.client.protocols system property for JDK 7u
    • S8139565: Restrict certificates with DSA keys less than 1024 bits
    • S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
    • S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check
    • S8143959: Certificates requiring blacklisting
    • S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks
    • S8148516: Improve the default strength of EC in JDK
    • S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks
    • S8151893: Add security property to configure XML Signature secure validation mode
    • S8155760: Implement Serialization Filtering
    • S8156802: Better constraint checking
    • S8161228: URL objects with custom protocol handlers have port changed after deserializing
    • S8161571: Verifying ECDSA signatures permits trailing bytes
    • S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar
    • S8164908: ReflectionFactory support for IIOP and custom serialization
    • S8165230: RMIConnection addNotificationListeners failing with specific inputs
    • S8166393: disabledAlgorithms property should not be strictly parsed
    • S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only)
    • S8166739: Improve extensibility of ObjectInputFilter information passed to the filter
    • S8166875: (tz) Support tzdata2016g
    • S8166878: Connection reset during TLS handshake
    • S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed
    • S8167459: Add debug output for indicating if a chosen ciphersuite was legacy
    • S8167472: Chrome interop regression with JDK-8148516
    • S8167591: Add MD5 to signed JAR restrictions
    • S8168861: AnchorCertificates uses hardcoded password for cacerts keystore
    • S8168993: JDK8u121 L10n resource file update
    • S8169191: (tz) Support tzdata2016i
    • S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU
    • S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304
    • S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property
    • S8170268: 8u121 L10n resource file update – msgdrop 20
    • S8173622: Backport of 7180907 is incomplete
    • S8173849: Fix use of java.util.Base64 in test cases
    • S8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760
  • Backports
  • Bug fixes
    • PR3318: Replace ‘infinality’ with ‘improved font rendering’ (–enable-improved-font-rendering)
    • PR3318: Fix compatibility with vanilla Fontconfig
    • PR3318: Fix glyph y advance
    • PR3318: Always round glyph advance in 26.6 space
    • PR3318: Simplify glyph advance handling
    • PR3324: Fix NSS_LIBDIR substitution in make_generic_profile.sh broken by PR1989
  • AArch64 port

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • 86d0fb6182e10f2f92785dce919d03602694928f5e585d42034a3f8ff3bda079 icedtea-2.6.9.tar.gz
  • 6660ee155cd6738cef2b7dcd83ce15eded595c801100900b51906c76d83b5f62 icedtea-2.6.9.tar.gz.sig
  • 8e4f3eb8d41ef66f1797825343141046973c124b18bf7d4698fae0a9a25495ea icedtea-2.6.9.tar.xz
  • ef7b9886ba619bc206a0b540b80ea11f85bac44e0658ea5588833830579c7c81 icedtea-2.6.9.tar.xz.sig

The checksums can be downloaded from:

A 2.6.9 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.9.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.9.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.9/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

We are pleased to announce the release of IcedTea 3.3.0!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 8 support with the October 2016 bug fixes from OpenJDK 8 u112 and the January 2017 security fixes from OpenJDK 8 u121.

The ‘infinality’ feature has been improved and is now known as ‘improved font rendering’. It no longer requires a patched FreeType and we intend to enable it by default from IcedTea 3.4.0 onwards.

We also make the build a little easier on some platforms by removing the requirement for wget to be installed if downloading is disabled,
and supporting older Kerberos installations which don’t use pkg-config. We also add support for picking up the strangely named JVM installation locations on RHEL 6 multilib platforms.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 3.3.0 (2017-01-28)

  • Security fixes
  • New features
    • PR3300: wget not required when downloading is disabled
    • PR3301: Support RHEL multilib installations which use the /usr/lib/jvm/java-1.x.0-openjdk.${arch} naming
    • PR3303: Allow Kerberos to be detected by old libs & headers method if pkg-config check fails
  • Import of OpenJDK 8 u112 build 16
    • S6477756: GraphicsDevice.getConfigurations() is slow taking 3 or more seconds
    • S7172749: Xrender: Class cast exception in 2D code running an AWT regression test
    • S8017629: G1: UseSHM in combination with a G1HeapRegionSize > os::large_page_size() falls back to use small pages
    • S8022203: Intermittent test failures in demo/jvmti/hprof
    • S8022582: Relax response flags checking in sun.security.krb5.KrbKdcRep.check.
    • S8027575: b113 causing a lot of memory allocation and regression for wls_webapp_atomics
    • S8028486: java/awt/Window/WindowsLeak/WindowsLeak.java fails
    • S8030780: test/com/sun/corba/cachedSocket/7056731.sh leaves HelloServer behind
    • S8036630: Null ProtectionDomain in JVM can cause NPE because principals field is not initialized to an empty array
    • S8042660: vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow
    • S8044193: Need to add known answer tests for AES cipher
    • S8044575: testlibrary_tests/whitebox/vm_flags/UintxTest.java failed: assert(!res || TypeEntriesAtCall::arguments_profiling_enabled()) failed: no profiling of arguments
    • S8048601: Tests for JCE crypto ciphers (part 1)
    • S8048621: Implement basic keystore tests
    • S8048622: Enhance tests for PKCS11 keystores with NSS
    • S8049021: Add smartcardio tests with APDU buffer
    • S8049312: AES/CICO test failed with on several modes
    • S8050402: Tests to check for use of policy files
    • S8050409: Test for JAAS getPrivateCredentials
    • S8054326: Confusing message in “Current rem set statistics”
    • S8055772: get_source.sh : version check assumes English localization
    • S8057791: Selection in JList is drawn with wrong colors in Nimbus L&F
    • S8058865: JMX Test Refactoring
    • S8067964: Native2ascii doesn’t close one of the streams it opens
    • S8071487: javax/management/monitor/GaugeMonitorDeadlockTest.java timed out
    • S8071909: Port testlibrary improvments in jdk/test to hotspot/test as required for DCMD test port
    • S8073542: File Leak in jdk/src/java/base/unix/native/libnet/PlainDatagramSocketImpl.c
    • S8074784: Additional tests for XML DSig API
    • S8075007: Additional tests for krb5-related cipher suites with unbound server
    • S8075297: Tests for RFEs 4515853 and 4745056
    • S8075299: Additional tests for krb5 settings
    • S8075301: Tests for sun.security.krb5.principal system property
    • S8077276: allocating heap with UseLargePages and HugeTLBFS may trash existing memory mappings (linux)
    • S8078268: javax.swing.text.html.parser.Parser parseScript incorrectly optimized
    • S8078382: Wrong glyph is displayed for a derived font
    • S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus
    • S8085903: New fix for memory leak in ProtectionDomain cache
    • S8098581: SecureRandom.nextBytes() hurts performance with small size requests
    • S8129740: Incorrect class file created when passing lambda in inner class constructor
    • S8130127: streamline input parameter of Nashorn scripting $EXEC function
    • S8130309: Need to bailout cleanly if creation of stubs fails when codecache is out of space
    • S8130317: “ant test” fails to complete on Windows when run under cygwin shell
    • S8133070: Hot lock on BulkCipher.isAvailable
    • S8133309: Some unicode characters do not display any more after upgrading to Windows 10
    • S8134232: KeyStore.load() throws an IOException with a wrong cause in case of wrong password
    • S8135322: ConstantPool::release_C_heap_structures not run in some circumstances
    • S8136998: JComboBox prevents wheel mouse scrolling of JScrollPane
    • S8137240: Negative lookahead in RegEx breaks backreference
    • S8138906: [TEST_BUG] Test test/script/trusted/JDK-8087292.js intermittently fails.
    • S8141148: LDAP “follow” throws ClassCastException with Java 8
    • S8141541: Simplify Nashorn’s Context class loader handling
    • S8143640: Showing incorrect result while passing specific argument in the Java launcher tools
    • S8143642: Nashorn shebang argument handling is broken
    • S8144160: Regression: two tests fail on Windows with “ant test” target
    • S8144221: fix Nashorn shebang argument handling on Mac/Linux
    • S8144703: ClassCastException: sun.font.CompositeFont cannot be cast to PhysicalFont
    • S8145305: fix Nashorn shebang handling on Cygwin
    • S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks
    • S8146975: NullPointerException in IIOPInputStream.inputClassFields
    • S8147026: Convert an assert in ClassLoaderData to a guarantee
    • S8147451: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
    • S8147585: Annotations with lambda expressions has parameter result in wrong behavior.
    • S8147969: Print size of DH keysize when errors are encountered
    • S8148140: arguments are handled differently in apply for JS functions and AbstractJSObjects
    • S8148984: [macosx] Chinese Comma cannot be entered using Pinyin Input Method on OS X
    • S8150219: ReferenceError in 1.8.0_72
    • S8150234: Windows 10 App Containers disallow access to ICMP calls
    • S8150814: correct package declaration in Nashorn test
    • S8151722: TESTBUG: New test compiler/native/TestDirtyInt.sh should be modified
    • S8153149: Uninitialised memory in WinAccessBridge.cpp:1128
    • S8153192: (se) Selector.select(long) uses wrong timeout after EINTR (lnx)
    • S8153781: Issue in XMLScanner: EXPECTED_SQUARE_BRACKET_TO_CLOSE_INTERNAL_SUBSET when skipping large DOCTYPE section with CRLF at wrong place
    • S8153948: sun/security/mscapi/ShortRSAKey1024.sh fails with “Field length overflow”
    • S8154009: Some methods of java.security.Security require more permissions, than necessary
    • S8154069: Jaws reads wrong values from comboboxes when no element is selected
    • S8154144: Tests in com/sun/jdi fails intermittently with “jdb input stream closed prematurely”
    • S8154469: Update FSF address
    • S8154553: Incorrect GPL header in package-info.java reported
    • S8154558: Incorrect GPL header in ProcessEnvironment_md.c reported
    • S8154816: Caps Lock doesn’t work as expected when using Pinyin Simplified input method
    • S8154831: CastII/ConvI2L for a range check is prematurely eliminated
    • S8155001: SystemTray.remove() leaks GDI Objects in Windows
    • S8155106: MHs.Lookup.findConstructor returns handles for array classes
    • S8155214: java/lang/invoke/PermuteArgsTest.java fails due to exhausted code cache
    • S8156478: 3 Buffer overrun defect groups in jexec.c
    • S8156521: Minor fixes and cleanups in NetworkInterface.c
    • S8156714: Parsing issue with automatic semicolon insertion
    • S8156836: SIGSEGV: Test test/compiler/jsr292/VMAnonymousClasses.java fails with JTREG 4.2 b02
    • S8156896: Script stack trace should display function names
    • S8157160: JSON.stringify does not work on ScriptObjectMirror objects
    • S8157242: Some java/lang/invoke tests miss othervm
    • S8157444: exclude jjs shebang handling test from runs
    • S8157603: TestCipher.java doesn’t check one of the decrypted message as expected
    • S8157680: Callback parameter of any JS builtin implementation should accept any Callable
    • S8157819: TypeError when a java.util.Comparator object is invoked as a function
    • S8158059: The fix for 8050402 was partially committed
    • S8158072: Need a test for JDK-7172749
    • S8158111: Make handling of 3rd party providers more stable
    • S8158178: java.awt.SplashScreen.getSize() returns incorrect size for high dpi splash screens
    • S8158338: Nashorn’s ScriptLoader split delegation has to be adjusted
    • S8158373: SIGSEGV: Metadata::mark_on_stack
    • S8158467: AccessControlException is thrown on public Java class access if “script app loader” is set to null
    • S8158495: CCE: sun.java2d.NullSurfaceData cannot be cast to sun.java2d.opengl.OGLSurfaceData
    • S8158802: com.sun.jndi.ldap.SimpleClientId produces wrong hash code
    • S8158871: Long response times with G1 and StringDeduplication
    • S8159822: Non-synchronized access to shared members of com.sun.jndi.ldap.pool.Pool
    • S8160122: Backport of JDK-8159244 used wrong version of the JDK 9 fix
    • S8160518: Semicolon is not recognized as comment starting character (Kerberos)
    • S8160693: ScriptRunData.java uses bitwise AND instead of logical AND
    • S8161144: Fix for JDK-8147451 failed: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
    • S8162510: 8u112 L10n resource file updates
    • S8164453: 8u112 L10n resource file update – msgdrop 20
  • Import of OpenJDK 8 u121 build 13
    • S8037099: [macosx] Remove all references to GC from native OBJ-C code
    • S8059212: Modify sun/security/smartcardio manual regression tests so that they do not just fail if no cardreader found
    • S8139565: Restrict certificates with DSA keys less than 1024 bits
    • S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
    • S8148516: Improve the default strength of EC in JDK
    • S8151893: Add security property to configure XML Signature secure validation mode
    • S8152438: Threads may do significant work out of the non-shared overflow buffer
    • S8153438: Avoid repeated “Please insert a smart card” popup windows
    • S8154005: Add algorithm constraint that specifies the restriction date
    • S8154015: Apply algorithm constraints to timestamped code
    • S8159410: InetAddress.isReachable returns true for non existing IP adresses
    • S8160108: Implement Serialization Filtering
    • S8161228: URL objects with custom protocol handlers have port changed after deserializing
    • S8161571: Verifying ECDSA signatures permits trailing bytes
    • S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar
    • S8163583: [macosx] Press “To Back” button on the Dialog,the Dialog moves behind the Frame
    • S8164908: ReflectionFactory support for IIOP and custom serialization
    • S8165230: RMIConnection addNotificationListeners failing with specific inputs
    • S8166389: [TEST_BUG] closed/java/security/Security/ReadProp/ReadProp.sh failing
    • S8166393: disabledAlgorithms property should not be strictly parsed
    • S8166432: Bad 8u112 merge of sun/security/tools/jarsigner/warnings/Test.java
    • S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only)
    • S8166739: Improve extensibility of ObjectInputFilter information passed to the filter
    • S8166875: (tz) Support tzdata2016g
    • S8166878: Connection reset during TLS handshake
    • S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed
    • S8167459: Add debug output for indicating if a chosen ciphersuite was legacy
    • S8167472: Chrome interop regression with JDK-8148516
    • S8167591: Add MD5 to signed JAR restrictions
    • S8168861: AnchorCertificates uses hardcoded password for cacerts keystore
    • S8168963: Backout JDK-8154005
    • S8168993: JDK8u121 L10n resource file update
    • S8169072: Backout JDK-8154015
    • S8169191: (tz) Support tzdata2016i
    • S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU
    • S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304
    • S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property
    • S8170268: 8u121 L10n resource file update – msgdrop 20
  • Bug fixes
    • PR3271: Always round glyph advance in 26.6 space
    • PR3271: Fix compatibility with vanilla Fontconfig
    • PR3271: Fix glyph y advance
    • PR3271: Replace ‘infinality’ with ‘improved font rendering’ (–enable-improved-font-rendering)
    • PR3271: Simplify glyph advance handling
    • PR3286: -ffp-contract not available on older GCCs
    • PR3302: zip should be optional, as it’s only used in the manually invoked dist-openjdk and dist-openjdk-fsg rules
    • PR3304: zip still a requirement of the underlying OpenJDK build
  • PPC port
    • S8170873, PR3280: PPC64/aarch64: Poor StrictMath performance due to non-optimized compilation
  • AArch64 port
    • S8130309, PR3280: Need to bailout cleanly if creation of stubs fails when codecache is out of space (AArch64 changes)
    • S8132875, PR3280: AArch64: Fix error introduced into AArch64 CodeCache by commit for 8130309
    • S8165673, PR3280: AArch64: Fix JNI floating point argument handling
    • S8170188, PR3280: jtreg test compiler/types/TestMeetIncompatibleInterfaceArrays.java causes JVM crash
    • S8170873, PR3280: PPC64/aarch64: Poor StrictMath performance due to non-optimized compilation

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • ce74a343759bfe6a7332301835e7c6e77d01db588a1dab672816c9ce338474b1 icedtea-3.3.0.tar.gz
  • efed173fa928897f02eed70c63b0e764800593c4800cb0e055a450df0d1aa045 icedtea-3.3.0.tar.gz.sig
  • b764ff09674f9139f94dfe9df8f6393ed55af149c7bb1033fbf119f68cea750b icedtea-3.3.0.tar.xz
  • 4ca9acdbec277afe2028508d36f30309a06a4317125f9207c9e95dce9335a0a0 icedtea-3.3.0.tar.xz.sig

The checksums can be downloaded from:

A 3.3.0 ebuild for Gentoo is available.

The following people helped with these releases:

  • Matthias Dahl (PR3271 font rendering improvements)
  • Andrew Hughes (all other bug fixes and backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.3.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.3.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.3.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 6 support in the 1.13.x series with the October 2016 security fixes from OpenJDK 6 b41.

This is the final security update to IcedTea 1.x. Users should upgrade to IcedTea 2.x for OpenJDK 7 or 3.x for OpenJDK 8. See the earlier post on this for further details.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. There will be a final 1.14.0 release at some point and this can include fixes for any issues with this release. However, it will not include any further security backports.

Full details of the release can be found below.

What’s New?

New in release 1.13.13 (2017-01-09)

  • Security fixes
  • Import of OpenJDK6 b41
    • S4787377: VK_STOP key on Solaris generates wrong Key Code
    • S4947220: (process)Runtime.exec() cannot invoke applications with unicode parameters(win)
    • S5036807: Pressing action keys “STOP/AGAIN/COMPOSE” generates keycode of F11/F12 keys.
    • S5099725: AWT doesn’t seem to handle MappingNotify events under X11.
    • S5100701: Toolkit.getLockingKeyState() does not work on XToolkit, but works on Motif
    • S6324292: keytool -help is unhelpful
    • S6464022: Memory leak in JOptionPane.createDialog
    • S6501385: ColorChooser demo – two elemets have same mnemonic in it locale, GTK L&F
    • S6535697: keytool can be more flexible on format of PEM-encoded X.509 certificates
    • S6561126: keytool should use larger default keysize for keypairs
    • S6566218: l10n of 6476932
    • S6606396: Notepad and Stylepad demos don’t run in Japanese locale.
    • S6608456: need API to define RepaintManager per components hierarchy
    • S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java
    • S6675400: “Details” in English has to be “Details” in German
    • S6680988: KeyEvent is still missing VK values for many keyboards
    • S6683775: Painting artifacts is seen when panel is made setOpaque(false) for a translucent window
    • S6693507: There are unnecessary compilation warnings in the com.sun.java.swing.plaf.motif package
    • S6709758: keytool default cert fingerprint algorithm should be SHA1, not MD5
    • S6711676: Numpad keys trigger more than one KeyEvent.
    • S6719382: Printing of AWT components on windows is not working
    • S6726866: Repainting artifacts when resizing or dragging JInternalFrames in non-opaque toplevel
    • S6727661: Code improvement and warnings removing from the swing/plaf packages
    • S6727662: Code improvement and warnings removing from swing packages
    • S6794764: Translucent windows are completely repainted on every paint event, on Windows
    • S6796710: Html content in JEditorPane is overlapping on swing components while resizing the application. [TEST FRAMEWORK ONLY]
    • S6802846: jarsigner needs enhanced cert validation(options)
    • S6867657: Many JSN tests do not run under cygwin
    • S6870812: enhance security tools to use ECC algorithms
    • S6871299: Shift+Tab no longer generates a KEY_TYPED event; used to with JRE 1.5
    • S6871847: AlgorithmId.get(“SHA256withECDSA”) not available
    • S6882559: new JEditorPane(“text/plain”,”") fails for null context class loader
    • S6894719: (launcher)The option -no-jre-restrict-search is expected when -jre-no-restrict-search is documented.
    • S6901170: HttpCookie parsing of version and max-age mis-handled
    • S6911129: These tests do not work with CYGWIN: java/lang
    • S6922482: keytool’s help on -file always shows ‘output file’
    • S6923681: Jarsigner crashes during timestamping
    • S6939248: Jarsigner can’t extract Extended Key Usage from Timestamp Reply correctly
    • S6959252: convert the anonymous arrays to named arrays in Java List Resource files
    • S6969683: Generify ResolverConfiguration codes
    • S6980510: Fix for 6959252 broke JConsole mnemonic keys
    • S6982840: sun/security/tools/jarsigner/emptymanifest.sh fails
    • S6987827: security/util/Resources.java needs improvement
    • S6988163: sun.security.util.Resources dup and a keytool doc typo
    • S7004168: jarsigner -verify checks for KeyUsage codesigning ext on all certs instead of just signing cert
    • S7013850: Please change the mnemonic assignment system to avoid translation issue
    • S7017818: NLS: JConsoleResources.java cannot be handled by translation team
    • S7019937: Translatability bug – Remove Unused String – String ID , read end of file
    • S7019938: Translatability bug – Remove Unused String – String ID can not specify Principal with a
    • S7019940: Translatability bug – Remove unused string – String ID: provided null name
    • S7019942: Translatability bug – String ID: trustedCertEntry,
    • S7019945: Translatability bug – Translatability issue – String ID: * has NOT been verified! In order to veri
    • S7019947: Translatability bug – Translatability issue – String ID: * The integrity of the information stored i
    • S7019949: Translatability bug – Translatability issue – String ID: * you must provide your keystore password.
    • S7020531: test: java/security/cert/CertificateFactory/openssl/OpenSSLCert.java file not closed after run
    • S7021693: [ja, zh_CN] jconsole throws exception and fail to start in ja and zh_CN locales
    • S7022005: [ja,zh_CN] javadoc, part of navigation bar in generated html are not translated.
    • S7024118: possible hardcoded mnemonic for JFileChooser metal and motif l&f
    • S7025267: NLS: t13y fix for 7021689 [ja] Notepad demo throws NPE
    • S7028447: security-related resources Chinese translation errors
    • S7028490: better suggestion for jarsigner when TSA is not accessible
    • S7030174: Jarsigner should accept TSACert with an HTTPS id-ad-timeStamping SIA
    • S7032018: The file list in JFileChooser does not have an accessible name
    • S7032436: When running with the Nimbus look and feel, the JFileChooser does not display mnemonics
    • S7034259: [all] incorrect mnemonic keys in JCP automatic update advanced settings dialog.
    • S7034940: message drop 2 translation integration
    • S7035843: [zh_CN, ja] JConsole mnemonic keys don’t work
    • S7038803: [CCJK] Incorrect mnemonic key (0) is displayed on cancel button on messagedialog of JOptionPane
    • S7038807: [CCJK] OK button on message dialog of JOptionpane is not translated
    • S7040228: [zh_TW] extra (C) on cancel button on File Chooser dialog
    • S7040257: [pt_BR,fr] Print dialog has duplicate mnemonic key.
    • S7042323: [sv, de, es, it] Print dialog has duplicate mnemonic key
    • S7042475: [ja,zh_CN] extra mnemonic key in jconsole
    • S7043548: message drop 3 translation integration
    • S7045132: sun.security.util.Resources_pt_BR.java translation error
    • S7045184: GTK L&F doesn’t have hotkeys in jdk7 b141, while b139 has.
    • S7062969: java -help still shows http://java.sun.com/javase/reference
    • S7090158: Networking Libraries don’t build with javac -Werror
    • S7090832: Some locale info are not localized for some languages.
    • S7093156: NLS Please change the mnemonic assignment system to avoid translation issue (Swing files)
    • S7102686: Restructure timestamp code so that jars and modules can more easily share the same code
    • S7109085: Test use hotkeys not intended for Mac
    • S7116786: RFE: Detailed information on VerifyErrors
    • S7124171: 7u4 l10n message update related to Mac OS X port
    • S7125055: ContentHandler.getContent API changed in error
    • S7132247: java/rmi/registry/readTest/readTest.sh failing with Cygwin
    • S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done
    • S7145375: 7u4 l10n message update related to langtools
    • S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows
    • S7146099: NLS: [de,es,it,ko,pt_BR]launcher_**.properties, double backslash issue.
    • S7149012: jarsigner needs not warn about cert expiration if the jar has a TSA timestamp
    • S7158712: Synth Property “ComboBox.popupInsets” is ignored
    • S7169226: NLS: Please change the mnemonic assignment system for windows and motif properties
    • S7174970: NLS [ccjk] Extra mnemonic keys at standard filechooserdialog (open and save) in metal L&F
    • S7175367: NLS: 7u6 message drop10 integration
    • S7176894: back out LocaleNames_xx.properties files from 7u6 message drop10
    • S7178145: Change constMethodOop::_exception_table to optionally inlined u2 table.
    • S7181632: nsk classLoad001_14 failure and CompileTheWorld crash after 7178145.
    • S7182226: NLS: jdk7u6 message drop20 integration
    • S7183203: ShortRSAKeynnn.sh tests intermittent failure
    • S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test
    • S7194449: String resources for Key Tool and Policy Tool should be in their respective packages
    • S8000626: Implement dead key detection for KeyEvent on Linux
    • S8003890: corelibs test scripts should pass TESTVMOPTS
    • S8008764: 7uX l10n resource file translation update
    • S8009168: accessibility.properties syntax issue
    • S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161
    • S8010297: Missing isLoggable() checks in logging code
    • S8010782: clean up source files containing carriage return characters
    • S8014048: Online user guide of jconsole points incorrect link
    • S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux
    • S8015265: revise the fix for 8007037
    • S8016579: (process) IOException thrown by ProcessBuilder.start() method is incorrectly encoded
    • S8019541: 7u40 l10n resource file translation update
    • S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo
    • S8023338: Update jarsigner to encourage timestamping
    • S8024302: Clarify jar verifications
    • S8024756: method grouping tabs are not selectable
    • S8026741: jdk8 l10n resource file translation update 5
    • S8027787: 7u51 l10n resource file translation update 1
    • S8030698: Several GUI labels in jconsole need correction
    • S8030878: JConsole issues meaningless message if SSL connection fails
    • S8035988: 7u60 l10n resource file translation update 1
    • S8038837: Add support to jarsigner for specifying timestamp hash algorithm
    • S8048147: Privilege tests with JAAS Subject.doAs
    • S8048357: PKCS basic tests
    • S8049171: Additional tests for jarsigner’s warnings
    • S8055176: 7u71 l10n resource file translation update
    • S8057530: (process) Runtime.exec throws garbled message in jp locale
    • S8059177: jdk8u40 l10n resource file translation update 1
    • S8065609: 7u76 l10n resource file translation update
    • S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given
    • S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387
    • S8078628, PR3152: Zero build fails with pre-compiled headers disabled
    • S8080628: No mnemonics on Open and Save buttons in JFileChooser
    • S8083601: jdk8u60 l10n resource file translation update 2
    • S8140530, PR3276: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString
    • S8142926: OutputAnalyzer’s shouldXXX() calls return this
    • S8143134: L10n resource file translation update
    • S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General
    • S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline
    • S8150611: Security problem on sun.misc.resources.Messages*
    • S8157077: 8u101 L10n resource file updates
    • S8157653: [Parfait] Uninitialised variable in awt_Font.cpp
    • S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559
    • S8159684: (tz) Support tzdata2016f
    • S8162411: Service Menu services 2
    • S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968
    • S8162511: 8u111 L10n resource file updates
    • S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8
    • S8164452: 8u111 L10n resource file update – msgdrop 20
    • S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm
    • S8166381: Back out changes to the java.security file to not disable MD5
    • S8169448, PR3205: OpenJDK 6 fails to build without pre-compiled headers
    • S8171415: Remove Java 7 features from testlibrary
    • S8171954: Add stubs for sun.security.tools.KeyTool and sun.security.tools.JarSigner
    • S8172159: Remove @Override annotation on interfaces added by b41 updates
    • S8172252: Remove over-zealous switch to for-each loop in SortingFocusTraversalPolicy
  • Backports
    • S6974985, PR3276: Java2Demo threw exceptions when xrender enabled in OEL5.5
    • S6985593, PR3276: Crash in Java_sun_java2d_loops_MaskBlit_MaskBlit on oel5.5-x64
  • Bug fixes
    • PR3174: systemtap: type definition ‘symbolOopDesc’ not found
    • PR3175: invalid zip timestamp handling leads to error updating JAR files
    • PR3213: Disable ARM32 JIT by default
    • PR3275: Update generated files after OpenJDK 6 b41 update

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • b0456b5efaa2cd884943287256ec7bd9945ac02d49d8e3295141391cc376f96b icedtea6-1.13.13.tar.gz
  • 057be0084bd1730505e55c4e1b3302dd35a0e508f64e4fda28f0f709b1a9e30c icedtea6-1.13.13.tar.gz.sig
  • 4fcfd0a4114f7b116e7a429894819b40bd43ee0935b90fd83978e1e3c8d2e92d icedtea6-1.13.13.tar.xz
  • 9040dda8279bc709104c5c028a5849bc880784343408391b09f9b52961df9bde icedtea6-1.13.13.tar.xz.sig

The checksums can be downloaded from:

A 1.13.13 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.13.13.tar.gz

or:

$ tar x -I xz -f icedtea6-1.13.13.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea6-1.13.13/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the October 2016 security fixes from OpenJDK 7 u121.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.6.8 (2016-11-13)

  • Security fixes
  • Import of OpenJDK 7 u121 build 0
    • S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java
    • S6882559: new JEditorPane(“text/plain”,”") fails for null context class loader
    • S7090158: Networking Libraries don’t build with javac -Werror
    • S7125055: ContentHandler.getContent API changed in error
    • S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows
    • S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test
    • S8000626: Implement dead key detection for KeyEvent on Linux
    • S8003890: corelibs test scripts should pass TESTVMOPTS
    • S8005629: javac warnings compiling java.awt.EventDispatchThread and sun.awt.X11.XIconWindow
    • S8010297: Missing isLoggable() checks in logging code
    • S8010782: clean up source files containing carriage return characters
    • S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux
    • S8015265: revise the fix for 8007037
    • S8016747: Replace deprecated PlatformLogger isLoggable(int) with isLoggable(Level)
    • S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo
    • S8024756: method grouping tabs are not selectable
    • S8026741: jdk8 l10n resource file translation update 5
    • S8048147: Privilege tests with JAAS Subject.doAs
    • S8048357: PKCS basic tests
    • S8049171: Additional tests for jarsigner’s warnings
    • S8059177: jdk8u40 l10n resource file translation update 1
    • S8075584: test for 8067364 depends on hardwired text advance
    • S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given
    • S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387
    • S8080628: No mnemonics on Open and Save buttons in JFileChooser
    • S8083601: jdk8u60 l10n resource file translation update 2
    • S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString
    • S8142926: OutputAnalyzer’s shouldXXX() calls return this
    • S8143134: L10n resource file translation update
    • S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General
    • S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline
    • S8150611: Security problem on sun.misc.resources.Messages*
    • S8157653: [Parfait] Uninitialised variable in awt_Font.cpp
    • S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559
    • S8159684: (tz) Support tzdata2016f
    • S8160934: isnan() is not available on older MSVC compilers
    • S8162411: Service Menu services 2
    • S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968
    • S8162511: 8u111 L10n resource file updates
    • S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8
    • S8164452: 8u111 L10n resource file update – msgdrop 20
    • S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm
    • S8166381: Back out changes to the java.security file to not disable MD5
  • Backports
    • S6604109, PR3162: javax.print.PrintServiceLookup.lookupPrintServices fails SOMETIMES for Cups
    • S6907252, PR3162: ZipFileInputStream Not Thread-Safe
    • S8024046, PR3162: Test sun/security/krb5/runNameEquals.sh failed on 7u45 Embedded linux-ppc*
    • S8028479, PR3162: runNameEquals still cannot precisely detect if a usable native krb5 is available
    • S8034057, PR3162: Files.getFileStore and Files.isWritable do not work with SUBST’ed drives (win)
    • S8038491, PR3162: Improve synchronization in ZipFile.read()
    • S8038502, PR3162: Deflater.needsInput() should use synchronization
    • S8059411, PR3162: RowSetWarning does not correctly chain warnings
    • S8062198, PR3162: Add RowSetMetaDataImpl Tests and add column range validation to isdefinitlyWritable
    • S8066188, PR3162: BaseRowSet returns the wrong default value for escape processing
    • S8072466, PR3162: Deadlock when initializing MulticastSocket and DatagramSocket
    • S8075118, PR3162: JVM stuck in infinite loop during verification
    • S8076579, PR3162: Popping a stack frame after exception breakpoint sets last method param to exception
    • S8078495, PR3162: End time checking for native TGT is wrong
    • S8078668, PR3162: jar usage string mentions unsupported option ‘-n’
    • S8080115, PR3162: (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads
    • S8081794, PR3162: ParsePosition getErrorIndex returns 0 for TimeZone parsing problem
    • S8129957, PR3162: Deadlock in JNDI LDAP implementation when closing the LDAP context
    • S8130136, PR3162: Swing window sometimes fails to repaint partially when it becomes exposed
    • S8130274, PR3162: java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal
    • S8132551, PR3162: Initialize local variables before returning them in p11_convert.c
    • S8133207, PR3162: [TEST_BUG] ParallelProbes.java test fails after changes for JDK-8080115
    • S8133666, PR3162: OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux
    • S8135002, PR3162: Fix or remove broken links in objectMonitor.cpp comments
    • S8137121, PR3162: (fc) Infinite loop FileChannel.truncate
    • S8137230, PR3162: TEST_BUG: java/nio/channels/FileChannel/LoopingTruncate.java timed out
    • S8139373, PR3162: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout
    • S8140249, PR3162: JVM Crashing During startUp If Flight Recording is enabled
    • S8141491, PR3160, G592292: Unaligned memory access in Bits.c
    • S8144483, PR3162: One long Safepoint pause directly after each GC log rotation
    • S8149611, PR3160, G592292: Add tests for Unsafe.copySwapMemory
  • Bug fixes
    • S8078628, PR3151: Zero build fails with pre-compiled headers disabled
    • PR3128: pax-mark-vm script calls “exit -1″ which is invalid in dash
    • PR3131: PaX marking fails on filesystems which don’t support extended attributes
    • PR3135: Makefile.am rule stamps/add/tzdata-support-debug.stamp has a typo in add-tzdata dependency
    • PR3141: Pass $(CC) and $(CXX) to OpenJDK build
    • PR3166: invalid zip timestamp handling leads to error building bootstrap-javac
    • PR3202: Update infinality configure test
    • PR3212: Disable ARM32 JIT by default
  • CACAO
    • PR3136: CACAO is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260)
  • JamVM
    • PR3134: JamVM is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260)
  • AArch64 port
    • S8167200, PR3204: AArch64: Broken stack pointer adjustment in interpreter
    • S8168888: Port S8160591: Improve internal array handling to AArch64.
    • PR3211: AArch64 build fails with pre-compiled headers disabled

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • e5f0a14077de47a1e6bcba672042880f1cb28859468fe95570555593a28fe02b icedtea-2.6.8.tar.gz
  • 65628538255b2657b1228b534c18ffb74e52be11d1d25cf694d02f39efabf70d icedtea-2.6.8.tar.gz.sig
  • 854030ff1b580d896dbabbdb0e64dc0ef3537786285808a7b3cdfcb80520255d icedtea-2.6.8.tar.xz
  • 23336d9d5aa7256cfc267f9b86eb46b69e0439af3b479405d215f12932ebbe63 icedtea-2.6.8.tar.xz.sig

The checksums can be downloaded from:

A 2.6.8 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.8.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.8.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.8/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

We are pleased to announce the release of IcedTea 3.2.0!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 8 support with the July 2016 bug fixes from OpenJDK 8 u102 and the October 2016 security fixes from OpenJDK 8 u111. It also adds a number of features familiar from IcedTea 2.x:

  • Support for toggling the inclusion of native (--disable-native-debuginfo) and Java (--disable-java-debuginfo) debugging information.
  • Support for splitting native debuginfo into separate files (--enable-split-debuginfo)
  • Allow linking against the system Kerberos installation in order to obtain the cache location. (--enable-system-kerberos)
  • Allow linking against the system libpcsclite at compile-time. (--enable-system-pcsc)
  • Allow linking against the system libsctp at compile-time. (--enable-system-sctp)

and introduces a number of new features:

  • Support for building without pre-compiled headers (--disable-precompiled-headers)
  • The ability to use the system cryptography policies provided by the crypto-policies package on Fedora.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 3.2.0 (2016-11-08)

  • Security fixes
  • New features
    • PR1370: Provide option to build without debugging
    • PR1375: Provide option to strip and link debugging info after build
    • PR1537: Handle alternative Kerberos credential cache locations
    • PR1978: Allow use of system PCSC
    • PR2445: Support system libsctp
    • PR3182: Support building without pre-compiled headers
    • PR3183: Support Fedora/RHEL system crypto policy
    • PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries
  • Import of OpenJDK 8 u102 build 14
    • S4515292: ReferenceType.isStatic() returns true for arrays
    • S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command
    • S6976636: JVM/TI test ex03t001 fails assertion
    • S7185591: jcmd-big-script.sh ERROR: could not find app’s Java pid.
    • S8017462: G1: guarantee fails with UseDynamicNumberOfGCThreads
    • S8034168: ThreadMXBean/Locks.java failed, blocked on wrong object
    • S8036006: [TESTBUG] sun/tools/native2ascii/NativeErrors.java fails: Process exit code was 0, but error was expected.
    • S8041781: Need new regression tests for PBE keys
    • S8041787: Need new regressions tests for buffer handling for PBE algorithms
    • S8043836: Need new tests for AES cipher
    • S8044199: Tests for RSA keys and key specifications
    • S8044772: TempDirTest.java still times out with -Xcomp
    • S8046339: sun.rmi.transport.DGCAckHandler leaks memory
    • S8047031: Add SocketPermission tests for legacy socket types
    • S8048052: Permission tests for setFactory
    • S8048138: Tests for JAAS callbacks
    • S8048147: Privilege tests with JAAS Subject.doAs
    • S8048356: SecureRandom default provider tests
    • S8048357: PKCS basic tests
    • S8048360: Test signed jar files
    • S8048362: Tests for doPrivileged with accomplice
    • S8048596: Tests for AEAD ciphers
    • S8048599: Tests for key wrap and unwrap operations
    • S8048603: Additional tests for MAC algorithms
    • S8048604: Tests for strong crypto ciphers
    • S8048607: Test key generation of DES and DESEDE
    • S8048610: Implement regression test for bug fix of 4686632 in JCE
    • S8048617: Tests for PKCS12 read operations
    • S8048618: Tests for PKCS12 write operations.
    • S8048619: Implement tests for converting PKCS12 keystores
    • S8048624: Tests for SealedObject
    • S8048819: Implement reliability test for DH algorithm
    • S8048820: Implement tests for SecretKeyFactory
    • S8048830: Implement tests for new functionality provided in JEP 166
    • S8049237: Need new tests for X509V3 certificates
    • S8049321: Support SHA256WithDSA in JSSE
    • S8049429: Tests for java client server communications with various TLS/SSL combinations.
    • S8049432: New tests for TLS property jdk.tls.client.protocols
    • S8049814: Additional SASL client-server tests
    • S8050281: New permission tests for JEP 140
    • S8050370: Need new regressions tests for messageDigest with DigestIOStream
    • S8050371: More MessageDigest tests
    • S8050374: More Signature tests
    • S8050427: LoginContext tests to cover JDK-4703361
    • S8050460: JAAS login/logout tests with LoginContext
    • S8050461: Tests for syntax checking of JAAS configuration file
    • S8054278: Refactor jps utility tests
    • S8055530: assert(_exits.control()->is_top() || !_gvn.type(ret_phi)->empty()) failed: return value must be well defined
    • S8055844: [TESTBUG] test/runtime/NMT/VirtualAllocCommitUncommitRecommit.java fails on Solaris Sparc due to incorrect page size being used
    • S8059677: Thread.getName() instantiates Strings
    • S8061464: A typo in CipherTestUtils test
    • S8062536: [TESTBUG] Conflicting GC combinations in jdk tests
    • S8065076: java/net/SocketPermission/SocketPermissionTest.java fails intermittently
    • S8065078: NetworkInterface.getNetworkInterfaces() triggers intermittent test failures
    • S8066871: java.lang.VerifyError: Bad local variable type – local final String
    • S8068427: Hashtable deserialization reconstitutes table with wrong capacity
    • S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210
    • S8069253: javax/net/ssl/TLS/TestJSSE.java failed on Mac
    • S8071125: Improve exception messages in URLPermission
    • S8072081: Supplementary characters are rejected in comments
    • S8072463: Remove requirement that AKID and SKID have to match when building certificate chain
    • S8072725: Provide more granular levels for GC verification
    • S8073400: Some Monospaced logical fonts have a different width
    • S8073872: Schemagen fails with StackOverflowError if element references containing class
    • S8074931: Additional tests for CertPath API
    • S8075286: Additional tests for signature algorithm OIDs and transformation string
    • S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given
    • S8076545: Text size is twice bigger under Windows L&F on Win 8.1 with HiDPI display
    • S8076995: gc/ergonomics/TestDynamicNumberOfGCThreads.java failed with java.lang.RuntimeException: ‘new_active_workers’ missing from stdout/stderr
    • S8079138: Additional negative tests for XML signature processing
    • S8081512: Remove sun.invoke.anon classes, or move / co-locate them with tests
    • S8081771: ProcessTool.createJavaProcessBuilder() needs new addTestVmAndJavaOptions argument
    • S8129419: heapDumper.cpp: assert(length_in_bytes > 0) failed: nothing to copy
    • S8130150: Implement BigInteger.montgomeryMultiply intrinsic
    • S8130242: DataFlavorComparator transitivity exception
    • S8130304: Inference: NodeNotFoundException thrown with deep generic method call chain
    • S8130425: libjvm crash due to stack overflow in executables with 32k tbss/tdata
    • S8133023: ParallelGCThreads is not calculated correctly
    • S8134111: Unmarshaller unmarshalls XML element which doesn’t have the expected namespace
    • S8135259: InetAddress.getAllByName only reports “unknown error” instead of actual cause
    • S8136506: Include sun.arch.data.model as a property that can be queried by jtreg
    • S8137068: Tests added in JDK-8048604 fail to compile
    • S8139040: Fix initializations before ShouldNotReachHere() etc. and enable -Wuninitialized on linux.
    • S8139581: AWT components are not drawn after removal and addition to a container
    • S8141243: Unexpected timezone returned after parsing a date
    • S8141420: Compiler runtime entries don’t hold Klass* from being GCed
    • S8141445: Use of Solaris/SPARC M7 libadimalloc.so can generate unknown signal in hs_err file
    • S8141551: C2 can not handle returns with inccompatible interface arrays
    • S8143377: Test PKCS8Test.java fails
    • S8143647: Javac compiles method reference that allows results in an IllegalAccessError
    • S8144144: ORB destroy() leaks filedescriptors after unsuccessful connection
    • S8144593: Suppress not recognized property/feature warning messages from SAXParser
    • S8144957: Remove PICL warning message
    • S8145039: JAXB marshaller fails with ClassCastException on classes generated by xjc
    • S8145228: Java Access Bridge, getAccessibleStatesStringFromContext doesn’t wrap the call to getAccessibleRole
    • S8145388: URLConnection.guessContentTypeFromStream returns image/jpg for some JPEG images
    • S8145974: XMLStreamWriter produces invalid XML for surrogate pairs on OutputStreamWriter
    • S8146035: Windows – With LCD antialiasing, some glyphs are not rendered correctly
    • S8146192: Add test for JDK-8049321
    • S8146274: Thread spinning on WeakHashMap.getEntry() with concurrent use of nashorn
    • S8147468: Allow users to bound the size of buffers cached in the per-thread buffer caches
    • S8147645: get_ctrl_no_update() code is wrong
    • S8147807: crash in libkcms.so on linux-sparc
    • S8148379: jdk.nashorn.api.scripting spec. adjustments, clarifications
    • S8148627: RestrictTestMaxCachedBufferSize.java to 64-bit platforms
    • S8148820: Missing @since Javadoc tag in Logger.log(Level, Supplier)
    • S8148926: Call site profiling fails on braces-wrapped anonymous function
    • S8149017: Delayed provider selection broken in RSA client key exchange
    • S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks
    • S8149330: Capacity of StringBuilder should not get close to Integer.MAX_VALUE unless necessary
    • S8149334: JSON.parse(JSON.stringify([])).push(10) creates an array containing two elements
    • S8149368: [hidpi] JLabel font is twice bigger than JTextArea font on Windows 7,HiDPI, Windows L&F
    • S8149411: PKCS12KeyStore cannot extract AES Secret Keys
    • S8149417: Use final restricted flag
    • S8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception
    • S8149453: [hidpi] JFileChooser does not scale properly on Windows with HiDPI display and Windows L&F
    • S8149543: range check CastII nodes should not be split through Phi
    • S8149743: JVM crash after debugger hotswap with lambdas
    • S8149744: fix testng.jar delivery in Nashorn build.xml
    • S8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE
    • S8150002: Check for the validity of oop before printing it in verify_remembered_set
    • S8150470: JCK: api/xsl/conf/copy/copy19 test failure
    • S8150518: G1 GC crashes at G1CollectedHeap::do_collection_pause_at_safepoint(double)
    • S8150533: Test java/util/logging/LogManagerAppContextDeadlock.java times out intermittently.
    • S8150704: XALAN: ERROR: ‘No more DTM IDs are available’ when transforming with lots of temporary result trees
    • S8150780: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError
    • S8151064: com/sun/jdi/RedefineAddPrivateMethod.sh fails intermittently
    • S8151197: [TEST_BUG] Need to backport fix for test/javax/net/ssl/TLS/TestJSSE.java
    • S8151352: jdk/test/sample fails with “effective library path is outside the test suite”
    • S8151431: DateFormatSymbols triggers this.clone() in the constructor
    • S8151535: TESTBUG: java/lang/invoke/AccessControlTest.java should be modified to run with JTREG 4.1 b13
    • S8151731: Add new jtreg keywords to jdk 8
    • S8151998: VS2010 ThemeReader.cpp(758) : error C3861: ’round’: identifier not found
    • S8152927: Incorrect GPL header in StubFactoryDynamicBase.java reported
    • S8153252: SA: Hotspot build on Windows fails if make/closed folder does not exist
    • S8153531: Improve exception messaging for RSAClientKeyExchange
    • S8153641: assert(thread_state == _thread_in_native) failed: Assumed thread_in_native while heap dump
    • S8153673: [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command
    • S8154304: NullpointerException at LdapReferralException.getReferralContext
    • S8154722: Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails
    • S8157078: 8u102 L10n resource file updates
    • S8157838: Personalized Windows Font Size is not taken into account in Java8u102
  • Import of OpenJDK 8 u111 build 14
    • S6882559: new JEditorPane(“text/plain”,”") fails for null context class loader
    • S8049171: Additional tests for jarsigner’s warnings
    • S8063086: Math.pow yields different results upon repeated calls
    • S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString
    • S8142926: OutputAnalyzer’s shouldXXX() calls return this
    • S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General
    • S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline
    • S8150611: Security problem on sun.misc.resources.Messages*
    • S8153399: Constrain AppCDS behavior (back port)
    • S8157653: [Parfait] Uninitialised variable in awt_Font.cpp
    • S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559
    • S8158994: Service Menu services
    • S8159684: (tz) Support tzdata2016f
    • S8160904: Typo in code from 8079718 fix : enableCustomValueHanlde
    • S8160934: isnan() is not available on older MSVC compilers
    • S8161141: correct bugId for JDK-8158994 fix push
    • S8162411: Service Menu services 2
    • S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968
    • S8162511: 8u111 L10n resource file updates
    • S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8
    • S8164452: 8u111 L10n resource file update – msgdrop 20
    • S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm
    • S8166381: Back out changes to the java.security file to not disable MD5
  • Backports
    • S8078628, PR3208: Zero build fails with pre-compiled headers disabled
    • S8141491, PR3159, G592292: Unaligned memory access in Bits.c
    • S8157306, PR3121: Random infrequent null pointer exceptions in javac (enabled on AArch64 only)
    • S8162384, PR3122: Performance regression: bimorphic inlining may be bypassed by type speculation
  • Bug fixes
    • PR3123: Some object files built without -fPIC on x86 only
    • PR3126: pax-mark-vm script calls “exit -1″ which is invalid in dash
    • PR3127, G590348: Only apply PaX markings by default on running PaX kernels
    • PR3199: Invalid nashorn URL
    • PR3201: Update infinality configure test
    • PR3218: PR3159 leads to build failure on clean tree
  • AArch64 port
    • S8131779, PR3220: AARCH64: add Montgomery multiply intrinsic
    • S8167200, PR3220: AArch64: Broken stack pointer adjustment in interpreter
    • S8167421, PR3220: AArch64: in one core system, fatal error: Illegal threadstate encountered
    • S8167595, PR3220: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt
    • S8168888, PR3220: Port 8160591: Improve internal array handling to AArch64.
  • Shenandoah
    • PR3224: Shenandoah broken when building without pre-compiled headers

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • 88cc563d5cf4d7d0e8a394800ba580c922c5703dded4922551eb1a2425010b86 icedtea-3.2.0.tar.gz
  • 4cfd6876c99e5717b604e70460006e869ca77dea43fb97b3a697a2deb389b066 icedtea-3.2.0.tar.gz.sig
  • f2a197734cc1f820f14a6ba0aef0f198c24c77e9f026d14ddf185b684b178f80 icedtea-3.2.0.tar.xz
  • b92db947d9ba1b71c917bb16d7a312d1b01c1d99682a6b476c8302f9d2a981ae icedtea-3.2.0.tar.xz.sig

The checksums can be downloaded from:

A 3.2.0 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.2.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.2.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.2.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

Next Page »