Security


The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

These releases update our OpenJDK 7 support to include the latest security updates. We recommend that users of the 2.1.x and 2.2.x branches upgrade to the latest release as soon as possible. The security fixes are as follows:

S8001330 is currently only provided for HotSpot 23.7 on 2.3.x, as we’ve found it to be unstable when applied to the older HotSpots. If we find a solution for this, we’ll issue a further update.

This will be the last set of updates for the 2.1.x and 2.2.x branches. Users should upgrade to either 2.3.10 or the upcoming 2.4.1 release. Those users who need ARM32 JIT support should wait for the 2.3.11 release, coming in the next few months, which will add this to the 2.3.x series.

IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures. In this release, use of the system version of LCMS is disabled by default to ensure the most secure version is used. Before using the system version, please ensure it has the S8007925, S8007926, S8007927, S8007929 and S8009654 updates listed above.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below. Note that the unusually large number of backports is due to backporting from the upstream u25 release, which also provides all these.

What’s New?

New in release 2.1.9 (2013-06-29)

  • New features
    • PR1378: Add AArch64 support to Zero
  • Security fixes
  • Backports
    • S7171223, RH967436: Building ExtensionSubtables.cpp should use -fno-strict-aliasing
    • S7053526: Upgrade JDK 8 to use Little CMS 2.4
    • S7077803: java.lang.InternalError in java.lang.invoke.MethodHandleNatives.init
    • S7124347: [macosx] java.lang.InternalError: not implemented yet on call Graphics2D.drawRenderedImage
    • S7142596: RMI JPRT tests are failing
    • S7151434, RH969884: java -jar -XX crashes java launcher
    • S7158483: (tz) Support tzdata2012c
    • S7188114: (launcher) need an alternate command line parser for Windows
    • S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node
    • S7198570: (tz) Support tzdata2012f
    • S7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout
    • S8002070: Remove the stack search for a resource bundle for Logger to use
    • S8002225: (tz) Support tzdata2012i
    • S8006120: Provide “Server JRE” for 7u train
    • S8006536: [launcher] removes trailing slashes on arguments
    • S8009165: Fix for 8006435 needs revision
    • S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03
    • S8009463: Regression test test\java\lang\Runtime\exec\ArgWithSpaceAndFinalBackslash.java failing.
    • S8009610: Blacklist certificate used with malware.
    • S8009987: (tz) Support tzdata2013b
    • S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail
    • S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive
    • S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build
    • S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
    • S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance
    • S8010939: Deadlock in LogManager
    • S8011139: (reflect) Revise checking in getEnclosingClass
    • S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows
    • S8011313: OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined
    • S8011557: Improve reflection utility classes
    • S8011806: 7u25-b05 hotspot fastdebug build failure
    • S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows
    • S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05
    • S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris
    • S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21
    • S8012453: (process) Runtime.exec(String) fails if command contains spaces [win]
    • S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer
    • S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07
    • S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext()
    • S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout
    • S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup
    • S8014205: Most of the Swing dialogs are blank on one win7 MUI
    • S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09
    • S8014618, RH962568: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
    • S8014676: Java debugger may fail to run
    • S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10
    • S8014745: Provide a switch to allow stack walk search of resource bundle
    • S8014968: OCSP and CRL connection timeout is set to four hours by default
  • Bug fixes
    • PR1095, PR1409: Allow -Werror to be turned off (HotSpot repository only).
    • PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel

New in release 2.2.9 (2013-06-29)

  • New features
    • PR1378: Add AArch64 support to Zero
  • Security fixes
  • Backports
    • S7053526: Upgrade JDK 8 to use Little CMS 2.4
    • S7124347: [macosx] java.lang.InternalError: not implemented yet on call Graphics2D.drawRenderedImage
    • S7142091: [macosx] RFE: Refactoring of peer initialization/disposing
    • S7142596: RMI JPRT tests are failing
    • S7150345: [macosx] Can’t type into applets
    • S7151434, RH969884: java -jar -XX crashes java launcher
    • S7156191: [macosx] Can’t type into applet demos in Pivot
    • S7156194: [macosx] Can’t type non-ASCII characters into applets
    • S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing
    • S7174718: [macosx] Regression in 7u6 b12: PopupFactory leaks DefaultFrames.
    • S7188114: (launcher) need an alternate command line parser for Windows
    • S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node
    • S7198570: (tz) Support tzdata2012f
    • S7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout
    • S8001161: mac: EmbeddedFrame doesn’t become active window
    • S8002070: Remove the stack search for a resource bundle for Logger to use
    • S8002225: (tz) Support tzdata2012i
    • S8005932: Java 7 on mac os x only provides text clipboard formats
    • S8006120: Provide “Server JRE” for 7u train
    • S8006417: JComboBox.showPopup(), hidePopup() fails in JRE 1.7 on OS X
    • S8006536: [launcher] removes trailing slashes on arguments
    • S8009165: Fix for 8006435 needs revision
    • S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03
    • S8009463: Regression test test\java\lang\Runtime\exec\ArgWithSpaceAndFinalBackslash.java failing.
    • S8009610: Blacklist certificate used with malware.
    • S8009987: (tz) Support tzdata2013b
    • S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail
    • S8010009: [macosx] Unable type into online word games on MacOSX
    • S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive
    • S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build
    • S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
    • S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance
    • S8010939: Deadlock in LogManager
    • S8011139: (reflect) Revise checking in getEnclosingClass
    • S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows
    • S8011313: OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined
    • S8011557: Improve reflection utility classes
    • S8011806: 7u25-b05 hotspot fastdebug build failure
    • S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows
    • S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05
    • S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris
    • S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21
    • S8012330: [macosx] Sometimes the applet showing the modal dialog itself loses the ability to gain focus
    • S8012453: (process) Runtime.exec(String) fails if command contains spaces [win]
    • S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer
    • S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07
    • S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext()
    • S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout
    • S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup
    • S8014205: Most of the Swing dialogs are blank on one win7 MUI
    • S8014423: [macosx] The scrollbar’s block increment performs incorrectly
    • S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09
    • S8014618, RH962568: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
    • S8014676: Java debugger may fail to run
    • S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10
    • S8014745: Provide a switch to allow stack walk search of resource bundle
    • S8014968: OCSP and CRL connection timeout is set to four hours by default

The tarballs can be downloaded from:

SHA256 checksums:

  • 978bd734103ac3a81476d31801ff9ddc007b4b30bccf13ce83af5f4a5e17604d icedtea-2.1.9.tar.gz
  • e56dbcc3fe783535881aca893ce5cd20e73d9c0f159811b98233042843af756a icedtea-2.2.9.tar.gz

The tarballs are accompanied by a digital signature available at:

respectively. This is produced using my public key. See details below.

The following people helped with these releases:

  • Andreas Schwab (PR1378 patch for AArch64 Zero support
  • Andrew Hughes (all other bug fixes, application of security fixes & backports, release management)
  • Xerxes Rånby (PR1188 ARM fix for 2.1.9)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${ver}.tar.gz
$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${ver}/configure
$ make

where ${ver} is the version used.

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

This release updates our OpenJDK 7 support to include the latest security updates. We recommend that users of the 2.3.x branch upgrade to this latest release as soon as possible. The security fixes are as follows:

The HotSpot part of S8001330 is currently only provided for HotSpot 23.7 on x86, x86_64 and SPARC architectures as we’ve found it to be unstable when applied to the older HotSpot used by Zero. If we find a solution for this, we’ll issue a further update.

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures. In this release, use of the system version of LCMS is disabled by default to ensure the most secure version is used. Before using the system version, please ensure it has the S8007925, S8007926, S8007927, S8007929 and S8009654 updates listed above.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below. Note that the unusually large number of backports is due to syncing with the upstream u25 release, which also provides all these.

What’s New?

New in release 2.3.10 (2013-06-28)

  • Security fixes
  • New features
    • PR1378: Add AArch64 support to Zero
  • Bug fixes
    • PR1409: IcedTea 2.3.9 fails to build Zero due to -Werror
    • PR1410: Icedtea 2.3.9 fails to build using icedtea 1.12.4
  • Backports
    • S6720349: (ch) Channels tests depending on hosts inside Sun
    • S6736316: Timeout value in java/util/concurrent/locks/Lock/FlakyMutex.java is insufficient
    • S6776144: java/lang/ThreadGroup/NullThreadName.java fails with Thread group is not destroyed ,fastdebug LINUX
    • S6818464: TEST_BUG: java/util/Timer/KillThread.java failing intermittently
    • S6860309: TEST_BUG: Insufficient sleep time in java/lang/Runtime/exec/StreamsSurviveDestroy.java
    • S6948101: java/rmi/transport/pinLastArguments/PinLastArguments.java failing intermittently
    • S6957683: test/java/util/concurrent/ThreadPoolExecutor/Custom.java failing
    • S6963102: Testcase failures sun/tools/jstatd/jstatdExternalRegistry.sh and sun/tools/jstatd/jstatdDefaults.sh
    • S6963841: java/util/concurrent/Phaser/Basic.java fails intermittently
    • S6965150: TEST_BUG: java/nio/channels/AsynchronousSocketChannel/Basic.java takes too long
    • S7030573: test/java/io/FileInputStream/LargeFileAvailable.java fails when there is insufficient disk space
    • S7032247: java/net/InetAddress/GetLocalHostWithSM.java fails if hostname resolves to loopback address
    • S7044870: java/nio/channels/DatagramChannel/SelectWhenRefused.java failed on SUSE Linux 10
    • S7053526: Upgrade JDK 8 to use Little CMS 2.4
    • S7054918: jdk_security1 test target cleanup
    • S7055362: jdk_security2 test target cleanup
    • S7055363: jdk_security3 test target cleanup
    • S7072120: No mac os x support in several regression tests
    • S7073295: TEST_BUG: test/java/lang/instrument/ManifestTest.sh causing havoc (win)
    • S7076756: TEST_BUG: com/sun/jdi/BreakpointWithFullGC.sh fails to cleanup in Cygwin
    • S7076791: closed/javax/swing/JColorChooser/Test6827032.java failed on windows
    • S7077259: [TEST_BUG] [macosx] Test work correctly only when default L&F is Metal
    • S7084033: TEST_BUG: test/java/lang/ThreadGroup/Stop.java fails intermittently
    • S7089131: test/java/lang/invoke/InvokeGenericTest.java does not compile
    • S7102106: TEST_BUG: sun/security/util/Oid/S11N.sh should be modified
    • S7104161: test/sun/tools/jinfo/Basic.sh fails on Ubuntu
    • S7104594: [macosx] Test closed/javax/swing/JFrame/4962534/bug4962534 expects Metal L&F by default
    • S7105929: java/util/concurrent/FutureTask/BlockingTaskExecutor.java fails on solaris sparc
    • S7124347: [macosx] “java.lang.InternalError: not implemented yet” on call Graphics2D.drawRenderedImage
    • S7129800: [macosx] Regression test OverrideRedirectWindowActivationTest fails due to timing issue
    • S7132247: java/rmi/registry/readTest/readTest.sh failing with Cygwin
    • S7140868: TEST_BUG: jcmd tests need to use -XX:+UsePerfData
    • S7142596: RMI JPRT tests are failing
    • S7144833: sun/tools/jcmd/jcmd-Defaults.sh failing intermittently
    • S7144861: speed up RMI activation tests
    • S7147408: [macosx] Add autodelay to fix a regression test
    • S7151434, RH969884: java -jar -XX crashes java launcher
    • S7152183: TEST_BUG: java/lang/ProcessBuilder/Basic.java failing intermittently [sol]
    • S7152796: TEST_BUG: java/net/Socks/SocksV4Test.java does not terminate
    • S7152856: TEST_BUG: sun/net/www/protocol/jar/B4957695.java failing on Windows
    • S7154113: jcmd, jps and jstat tests failing when there are unknown Java processes on the system
    • S7154114: jstat tests failing on non-english locales
    • S7161759: TEST_BUG: java/awt/Frame/WindowDragTest/WindowDragTest.java fails to compile, should be modified
    • S7162111: TEST_BUG: change tests run in headless mode [macosx]
    • S7162385: TEST_BUG: sun/net/www/protocol/jar/B4957695.java failing again
    • S7175775: Disable SA options in jinfo/Basic.java test until SA updated for new hash and String count/offset
    • S7178649: TEST BUG: BadKdc3.java needs improvement to ignore the unlikely but possible timeout
    • S7183203: ShortRSAKeynnn.sh tests intermittent failure
    • S7183753: [TEST] Some colon in the diff for this test
    • S7184943: fix failing test com/sun/jndi/rmi/registry/RegistryContext/UnbindIdempotent.java
    • S7184946: fix failing test com/sun/jndi/rmi/registry/RegistryContext/ContextWithNullProperties.java
    • S7185340: TEST_BUG: java/nio/channels/AsynchronousSocketChannel/Leaky.java failing intermittently [win]
    • S7186111: fix bugs in java/rmi/activation/ActivationSystem/unregisterGroup/UnregisterGroup
    • S7187882: TEST_BUG: java/rmi/activation/checkusage/CheckUsage.java fails intermittently
    • S7193219: JComboBox serialization fails in JDK 1.7
    • S7194032: update tests for upcoming changes for jtreg
    • S7194035: update tests for upcoming changes for jtreg
    • S7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout
    • S7199637: TEST_BUG: add serialization tests to jdk7u problem list for macosx
    • S8000817: Reinstate accidentally removed sleep() from ProcessBuilder/Basic.java
    • S8001161: mac: EmbeddedFrame doesn’t become active window
    • S8001621: Update awk scripts that check output from jps/jcmd
    • S8002070: Remove the stack search for a resource bundle for Logger to use
    • S8002297: sun/net/www/protocol/http/StackTraceTest.java fails intermittently
    • S8002313: TEST_BUG : jdk/test/java/security/Security/ClassLoaderDeadlock/ClassLoaderDeadlock.java should run in headless mode
    • S8003597: TEST_BUG: Eliminate dependency on javaweb from closed net tests
    • S8003982: new test javax/swing/AncestorNotifier/7193219/bug7193219.java failed on macosx
    • S8004317: TestLibrary.getUnusedRandomPort() fails intermittently, but exception not reported
    • S8004748: clean up @build tags in RMI tests
    • S8004925: java/net/Socks/SocksV4Test.java failing on all platforms
    • S8005290: remove -showversion from RMI test library subprocess mechanism
    • S8005556: java/net/Socks/SocksV4Test.java is missing @run tag
    • S8005646: TEST_BUG: java/rmi/activation/ActivationSystem/unregisterGroup/UnregisterGroup leaves process running
    • S8005920: After pressing combination Windows Key and M key, the frame, the instruction and the dialog can’t be minimized.
    • S8005932: Java 7 on mac os x only provides text clipboard formats
    • S8006120: Provide “Server JRE” for 7u train
    • S8006417: JComboBox.showPopup(), hidePopup() fails in JRE 1.7 on OS X
    • S8006534: CLONE – TestLibrary.getUnusedRandomPort() fails intermittently-doesn’t retry enough times
    • S8006536: [launcher] removes trailing slashes on arguments
    • S8006560: java/net/ipv6tests/B6521014.java fails intermittently
    • S8006564: Test sun/security/util/Oid/S11N.sh fails with timeout on Linux 32-bit
    • S8006669: sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh fails on mac
    • S8007515: TEST_BUG: update ProblemList.txt and TEST.ROOT in jdk7u-dev to match jdk8
    • S8007699: Move some tests from test/sun/security/provider/certpath/X509CertPath to closed repo
    • S8008223: java/net/BindException/Test.java fails rarely
    • S8008249: Sync ICU into JDK :
    • S8008379: TEST_BUG: Fail automatically with java.lang.NullPointerException.
    • S8008815: [TEST_BUG] Add back tests to the Problemlist files post the jdk7u -> 7u-cpu test sync up
    • S8009165: Fix for 8008817 needs revision
    • S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03
    • S8009463: Regression test test\java\lang\Runtime\exec\ArgWithSpaceAndFinalBackslash.java failing.
    • S8009530: ICU Kern table support broken
    • S8009610: Blacklist certificate used with malware.
    • S8009634: TEST_BUG: sun/misc/Version/Version.java handle 2 digit minor in VM version
    • S8009750: javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java should run in other vm mode
    • S8009987: (tz) Support tzdata2013b
    • S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail
    • S8009999: Test sun/tools/jcmd/jcmd-f.sh failing after JDK-8008820
    • S8010009: [macosx] Unable type into online word games on MacOSX
    • S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive
    • S8010166: TEST_BUG: fix for 8009634 overlooks possible version strings (sun/misc/Version/Version.java)
    • S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build
    • S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
    • S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance
    • S8010939: Deadlock in LogManager
    • S8011139: (reflect) Revise checking in getEnclosingClass
    • S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows
    • S8011313: OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined
    • S8011557: Improve reflection utility classes
    • S8011695: [tck-red] Application can not be run, the Security Warning dialog is gray.
    • S8011806: 7u25-b05 hotspot fastdebug build failure
    • S8011896: Add check for invalid offset for new AccessControlContext isAuthorized field
    • S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows
    • S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05
    • S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris
    • S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21
    • S8012330: [macosx] Sometimes the applet showing the modal dialog itself loses the ability to gain focus
    • S8012453: (process) Runtime.exec(String) fails if command contains spaces [win]
    • S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer
    • S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07
    • S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext()
    • S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout
    • S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup
    • S8014205: Most of the Swing dialogs are blank on one win7 MUI
    • S8014423: [macosx] The scrollbar’s block increment performs incorrectly
    • S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09
    • S8014618, RH962568: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
    • S8014676: Java debugger may fail to run
    • S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10
    • S8014745: Provide a switch to allow stack walk search of resource bundle
    • S8014968: OCSP and CRL connection timeout is set to four hours by default

The tarball can be downloaded from:

SHA256 checksum:

  • d1c3b9423867b41508050e1d32b38e4a090f84a96b864b09936a4281ff01f5da icedtea-2.3.10.tar.gz

The tarball is accompanied by a digital signature available at:

This is produced using my public key. See details below.

The following people helped with these releases:

  • Andreas Schwab (PR1378 patch for AArch64 Zero support
  • Andrew Hughes (all other bug fixes, application of security fixes & backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.3.10.tar.gz
$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.3.10/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

This release updates our OpenJDK 7 support to include the latest security updates. We recommend that users of the 2.1.x branch upgrade to this latest release as soon as possible. The security fixes are as follows:

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.1.8 (2013-05-02)

The tarball can be downloaded from:

SHA256 checksum:

  • ea68180fe8b40732ccea41cdd6c628de4f660b20fccb4cd87ab35f0727c08b11 icedtea-2.1.8.tar.gz

The tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.1.8.tar.gz
$ cd icedtea-2.1.8

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.1.8/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

This release updates our OpenJDK 7 support to include the latest security updates. We recommend that users of the 2.2.x branch upgrade to this latest release as soon as possible. The security fixes are as follows:

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.2.8 (2013-04-30)

The tarball can be downloaded from:

SHA256 checksum:

  • f51a3b317a2d2877c2891050305805eb7be257c9e5892eecc04e1cb0e582cd84 icedtea-2.2.8.tar.gz

The tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

  • Andrew Hughes (application of security fixes & backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.2.8.tar.gz
$ cd icedtea-2.2.8

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.2.8/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

The 1.12.5 release updates our OpenJDK 6 support on the 1.12.x branch to include the latest security updates. We recommend that users of this branch upgrade to the latest release as soon as possible. The security fixes are as follows:

The 1.11.11 release is an amendment for the previous 1.11.10 security release, adding a number of build fixes and resolutions for issues found when running the OpenJDK 6 TCK. Most notable is:

  • RH952389: Temporary files created with insecure permissions

which amends the fix for S8003543 to work correctly with OpenJDK 6.

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more estoric architectures.

If you find an issue with one of these releases, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the releases can be found below.

What’s New?

New in release 1.12.5 (2013-04-24)

New in release 1.11.11 (2013-04-24)

  • Security fixes
    • RH952389: Temporary files created with insecure permissions
  • Backports
  • Bug fixes
    • PR1402: Support glibc < 2.17 with AArch64 patch
    • Give xalan/xerces access to their own internal packages.

The tarballs can be downloaded from:

SHA256 checksums:

  • 6db6124645686ab5e91d2952d8b601bc0789b8fd5f1af86e46a5242ec60dc8e6 icedtea6-1.11.11.tar.gz
  • c61d6eb2f98d5c4059bb6eb6d808dd0954cf7d35c14290e5c77c3d7db75d2b35 icedtea6-1.12.5.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version being used (1.11.11 or 1.12.5).

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

This release updates our OpenJDK 7 support to include the latest security updates. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The security fixes are as follows:

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more estoric architectures.

If you find an issue with one of these releases, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the releases can be found below.

What’s New?

New in release 2.3.9 (2013-04-21)

The tarballs can be downloaded from:

SHA256 checksums:

  • 7e1fdd4c53c9772337c971b6f6f8058dabd99d7f4c4fcc85c88d836c9005c6da icedtea-2.3.9.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.3.9.tar.gz
$ cd icedtea-2.3.9

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new security release, 1.11.10. This contains the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 1.11.10 (2013-04-17)

The tarball can be downloaded from:

SHA256 checksums:

  • 6c362135db9e0477eb9308b02a2adef26fc56cdabf2eda3286ce4301eb6e951e icedtea6-1.11.10.tar.gz

The tarballs are accompanied by digital signatures available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-1.11.10.tar.gz

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea6-build
$ cd icedtea6-build
$ ../icedtea6-1.11.10/configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 7 series: 2.1.7, 2.2.7 & 2.3.8. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The releases contain the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 2.3.8 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

New in release 2.2.7 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

New in release 2.1.7 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • Stop libraries being stripped in the OpenJDK build.
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

The tarballs can be downloaded from:

SHA256 checksums:

  • e23d7715b9b27635f721414614be4bc5e52d32fb9739bc2e5dd1abcd8183dbee icedtea-2.1.7.tar.gz
  • 070a14f450569f98bd7b1ce5c42a9240c81ac5c234e2b39f8897f11d3d625ecc icedtea-2.2.7.tar.gz
  • 750a4c6e3e22369aa7dcfb0751fe85d5ea7a36b32871861c5063dbcadddc7153 icedtea-2.3.8.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

  • Andrew Hughes (applying all security patches & backports, creation & testing of bug fixes, reproducer testing, release management)
  • Matthias Klose (reported & fixed PR1340)
  • Omair Majid (applied security fixes)
  • Bernhard Rosenkränzer (reported issue with PR1303)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you’ve downloaded.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

Original announcement courtesy of Omair Majid.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 6 series: 1.11.9 & 1.12.4. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The releases contain the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 1.11.9 (2013-03-04)

New in release 1.12.4 (2013-03-04)

The tarballs can be downloaded from:

SHA256 checksums:

  • 0c134bea8d48c77ad5d41d4a0f98f471c381faaa0ef0c215d48687e709e93f3f icedtea6-1.11.9.tar.gz
  • eb326c6ae0147ca4abe4bd79e52c1edc2ef08e5e008230e24bee3abb39e14dda icedtea6-1.12.4.tar.gz

The tarballs are accompanied by digital signatures available at the above ‘sig’ link. This is produced using Omair’s public key. See details below.

  • PGP Key: 66484681 (http://pgp.mit.edu/)
  • Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681

The following people helped with these releases:

  • Severin Gehwolf (creation of fix for S8007675)
  • Omair Majid (applying all security patches, reproducer runs, release management)
  • Mario Torre (creation of fix for S8007675)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you’ve downloaded.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 7 series: 2.1.6, 2.2.6 & 2.3.7. These contain the following security fixes:

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more estoric architectures.

If you find an issue with one of these releases, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the releases can be found below.

What’s New?

New in release 2.3.7 (2013-02-20)

New in release 2.2.6 (2013-02-20)

New in release 2.1.6 (2013-02-20)

The tarballs can be downloaded from:

SHA256 checksums:

  • e6a65923acb29b87b9f8492adc6f00152b489441e788b64e2869301cc7fa29ba icedtea-2.1.6.tar.gz
  • 90adf40e725d7a301c3e23efdb75fcb992b0e645d8be0250cd4d058d85488f33 icedtea-2.2.6.tar.gz
  • 378f67f6f84bfb6c705f600b47b68a61b18d67648dd7eaf8498b152587695940 icedtea-2.3.7.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

  • Elliott Baron (production of reproducer for S8006439)
  • Severin Gehwolf (production of reproducer for S8006777)
  • Andrew John Hughes (application of security fixes & backports, creation & testing of bug fixes, reproducer testing, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz

where ${version} is the version of IcedTea being used.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

« Previous PageNext Page »