GNU/Andrew's Blog http://blog.fuseyism.com GNU Classpath, OpenJDK and Other FOSS Development Work Fri, 10 May 2013 20:13:49 +0000 en hourly 1 http://wordpress.org/?v=3.0.5 [SECURITY] IcedTea 2.1.8 for OpenJDK 7 Released! http://blog.fuseyism.com/index.php/2013/05/10/security-icedtea-2-1-8-for-openjdk-7-released/ http://blog.fuseyism.com/index.php/2013/05/10/security-icedtea-2-1-8-for-openjdk-7-released/#comments Fri, 10 May 2013 20:13:49 +0000 gnu_andrew http://blog.fuseyism.com/?p=551 The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

This release updates our OpenJDK 7 support to include the latest security updates. We recommend that users of the 2.1.x branch upgrade to this latest release as soon as possible. The security fixes are as follows:

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.1.8 (2013-05-02)

The tarball can be downloaded from:

SHA256 checksum:

  • ea68180fe8b40732ccea41cdd6c628de4f660b20fccb4cd87ab35f0727c08b11 icedtea-2.1.8.tar.gz

The tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.1.8.tar.gz
$ cd icedtea-2.1.8

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.1.8/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

]]> http://blog.fuseyism.com/index.php/2013/05/10/security-icedtea-2-1-8-for-openjdk-7-released/feed/ 0 [SECURITY] IcedTea 2.2.8 for OpenJDK 7 Released! http://blog.fuseyism.com/index.php/2013/05/01/security-icedtea-2-2-8-for-openjdk-7-released/ http://blog.fuseyism.com/index.php/2013/05/01/security-icedtea-2-2-8-for-openjdk-7-released/#comments Wed, 01 May 2013 00:14:43 +0000 gnu_andrew http://blog.fuseyism.com/?p=546 The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

This release updates our OpenJDK 7 support to include the latest security updates. We recommend that users of the 2.2.x branch upgrade to this latest release as soon as possible. The security fixes are as follows:

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.2.8 (2013-04-30)

The tarball can be downloaded from:

SHA256 checksum:

  • f51a3b317a2d2877c2891050305805eb7be257c9e5892eecc04e1cb0e582cd84 icedtea-2.2.8.tar.gz

The tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

  • Andrew Hughes (application of security fixes & backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.2.8.tar.gz
$ cd icedtea-2.2.8

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.2.8/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

]]> http://blog.fuseyism.com/index.php/2013/05/01/security-icedtea-2-2-8-for-openjdk-7-released/feed/ 0 [SECURITY] IcedTea 1.11.11 & 1.12.5 for OpenJDK 6 Released! http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/ http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/#comments Thu, 25 Apr 2013 07:19:31 +0000 gnu_andrew http://blog.fuseyism.com/?p=538 The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

The 1.12.5 release updates our OpenJDK 6 support on the 1.12.x branch to include the latest security updates. We recommend that users of this branch upgrade to the latest release as soon as possible. The security fixes are as follows:

The 1.11.11 release is an amendment for the previous 1.11.10 security release, adding a number of build fixes and resolutions for issues found when running the OpenJDK 6 TCK. Most notable is:

  • RH952389: Temporary files created with insecure permissions

which amends the fix for S8003543 to work correctly with OpenJDK 6.

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more estoric architectures.

If you find an issue with one of these releases, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the releases can be found below.

What’s New?

New in release 1.12.5 (2013-04-24)

New in release 1.11.11 (2013-04-24)

  • Security fixes
    • RH952389: Temporary files created with insecure permissions
  • Backports
  • Bug fixes
    • PR1402: Support glibc < 2.17 with AArch64 patch
    • Give xalan/xerces access to their own internal packages.

The tarballs can be downloaded from:

SHA256 checksums:

  • 6db6124645686ab5e91d2952d8b601bc0789b8fd5f1af86e46a5242ec60dc8e6 icedtea6-1.11.11.tar.gz

  • c61d6eb2f98d5c4059bb6eb6d808dd0954cf7d35c14290e5c77c3d7db75d2b35 icedtea6-1.12.5.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version being used (1.11.11 or 1.12.5).

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

]]> http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/feed/ 0 [SECURITY] IcedTea 2.3.9 for OpenJDK 7 Released! http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/ http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/#comments Mon, 22 Apr 2013 11:29:07 +0000 gnu_andrew http://blog.fuseyism.com/?p=531 The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

This release updates our OpenJDK 7 support to include the latest security updates. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The security fixes are as follows:

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more estoric architectures.

If you find an issue with one of these releases, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the releases can be found below.

What’s New?

New in release 2.3.9 (2013-04-21)

The tarballs can be downloaded from:

SHA256 checksums:

  • 7e1fdd4c53c9772337c971b6f6f8058dabd99d7f4c4fcc85c88d836c9005c6da icedtea-2.3.9.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.3.9.tar.gz
$ cd icedtea-2.3.9

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

]]> http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/feed/ 1 Issue With 1.11.10 and Older Versions of glibc http://blog.fuseyism.com/index.php/2013/04/17/issue-with-1-11-10-and-older-versions-of-glibc/ http://blog.fuseyism.com/index.php/2013/04/17/issue-with-1-11-10-and-older-versions-of-glibc/#comments Wed, 17 Apr 2013 20:49:31 +0000 gnu_andrew http://blog.fuseyism.com/?p=528 It seems our latest release, 1.11.10, unwittingly depends on the latest glibc, 2.17, as this is the only one that provides the ELF definition for AArch64 in /usr/include/elf.h. This will lead to some systems failing on EM_AARCH64.

We already have a bug (PR1402) for this issue and fix. We’ll look at getting an update out for it as soon as we’ve given it a bit more testing, in case there are any further issues. Sorry for any inconvenience caused.

]]> http://blog.fuseyism.com/index.php/2013/04/17/issue-with-1-11-10-and-older-versions-of-glibc/feed/ 0 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released! http://blog.fuseyism.com/index.php/2013/04/17/security-icedtea-1-11-10-for-openjdk-6-released/ http://blog.fuseyism.com/index.php/2013/04/17/security-icedtea-1-11-10-for-openjdk-6-released/#comments Wed, 17 Apr 2013 17:35:24 +0000 gnu_andrew http://blog.fuseyism.com/?p=517 The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new security release, 1.11.10. This contains the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 1.11.10 (2013-04-17)

The tarball can be downloaded from:

SHA256 checksums:

  • 6c362135db9e0477eb9308b02a2adef26fc56cdabf2eda3286ce4301eb6e951e icedtea6-1.11.10.tar.gz

The tarballs are accompanied by digital signatures available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-1.11.10.tar.gz

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea6-build
$ cd icedtea6-build
$ ../icedtea6-1.11.10/configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make

Happy hacking!

]]> http://blog.fuseyism.com/index.php/2013/04/17/security-icedtea-1-11-10-for-openjdk-6-released/feed/ 0 HotSpot 23 in IcedTea for OpenJDK 6 http://blog.fuseyism.com/index.php/2013/03/13/hotspot-23-in-icedtea-for-openjdk-6/ http://blog.fuseyism.com/index.php/2013/03/13/hotspot-23-in-icedtea-for-openjdk-6/#comments Wed, 13 Mar 2013 18:49:10 +0000 gnu_andrew http://blog.fuseyism.com/?p=513 I meant to blog about this a while back, but the recent deluge of security updates has pushed it to the sidelines. The current HEAD version of IcedTea for building OpenJDK 6 (what will eventually become 1.13) now supports building with HotSpot 23 in preference to the version in the OpenJDK 6 tarball, HotSpot 20. Indeed, this is the default, should you not be building the Zero assembler port. As users of 7 will know, Zero doesn’t work with HotSpot 22 & 23, though signs are good for HotSpot 24, which is currently being tested in the 7 updates forest.

Building OpenJDK 6 with HotSpot 23 was delightfully uneventful in the end, despite earlier warnings from Oracle that they’ve not tested anything beyond 20. We saw no problems during build and a clear run of HotSpot jtreg tests was also a good sign (bar a few JSR292 patches which we’ve since patched out). With luck, things should be good for the 1.13.0 release (which we hope will not take the year that 1.11->1.12 took) and we may even be able to get it upstream into OpenJDK 6 at some point.

Gentoo users can get their hands on this now by using the icedtea-6.9999 ebuild in java-overlay. Other users will need to check out Mercurial repository and build it themselves.

$ /usr/lib/jvm/icedtea-6/bin/java -version
java version "1.6.0_27"
OpenJDK Runtime Environment (IcedTea6 1.13.0pre+re162a16dad26)
(Gentoo build 1.6.0_27-b27)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
]]> http://blog.fuseyism.com/index.php/2013/03/13/hotspot-23-in-icedtea-for-openjdk-6/feed/ 0 [SECURITY] IcedTea 2.1.7, 2.2.7 & 2.3.8 for OpenJDK 7 Released! http://blog.fuseyism.com/index.php/2013/03/12/security-icedtea-2-1-7-2-2-7-2-3-8-for-openjdk-7-released/ http://blog.fuseyism.com/index.php/2013/03/12/security-icedtea-2-1-7-2-2-7-2-3-8-for-openjdk-7-released/#comments Tue, 12 Mar 2013 19:57:47 +0000 gnu_andrew http://blog.fuseyism.com/?p=507 The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 7 series: 2.1.7, 2.2.7 & 2.3.8. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The releases contain the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 2.3.8 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

New in release 2.2.7 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

New in release 2.1.7 (2013-03-11)

  • Security fixes
  • Backports
    • S8002344: Krb5LoginModule config class does not return proper KDC list from DNS
    • S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c
    • S8006179: JSR292 MethodHandles lookup with interface using findVirtual()
    • S8006882: Proxy generated classes in sun.proxy package breaks JMockit
  • Bug fixes
    • PR1303: Correct #ifdef to #if
    • Stop libraries being stripped in the OpenJDK build.
    • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
    • Revert S7017193 and add the missing free call, until a better fix is ready.

The tarballs can be downloaded from:

SHA256 checksums:

  • e23d7715b9b27635f721414614be4bc5e52d32fb9739bc2e5dd1abcd8183dbee icedtea-2.1.7.tar.gz
  • 070a14f450569f98bd7b1ce5c42a9240c81ac5c234e2b39f8897f11d3d625ecc icedtea-2.2.7.tar.gz
  • 750a4c6e3e22369aa7dcfb0751fe85d5ea7a36b32871861c5063dbcadddc7153 icedtea-2.3.8.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

  • Andrew Hughes (applying all security patches & backports, creation & testing of bug fixes, reproducer testing, release management)
  • Matthias Klose (reported & fixed PR1340)
  • Omair Majid (applied security fixes)
  • Bernhard Rosenkränzer (reported issue with PR1303)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you’ve downloaded.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

]]> http://blog.fuseyism.com/index.php/2013/03/12/security-icedtea-2-1-7-2-2-7-2-3-8-for-openjdk-7-released/feed/ 0 [SECURITY] IcedTea 1.11.9 & 1.12.4 for OpenJDK 6 Released! http://blog.fuseyism.com/index.php/2013/03/12/security-icedtea-1-11-9-1-12-4-for-openjdk-6-released/ http://blog.fuseyism.com/index.php/2013/03/12/security-icedtea-1-11-9-1-12-4-for-openjdk-6-released/#comments Tue, 12 Mar 2013 18:47:50 +0000 gnu_andrew http://blog.fuseyism.com/?p=501 Original announcement courtesy of Omair Majid.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 6 series: 1.11.9 & 1.12.4. We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible. The releases contain the following security fixes:

Full details of each release can be found below.

What’s New?

New in release 1.11.9 (2013-03-04)

New in release 1.12.4 (2013-03-04)

The tarballs can be downloaded from:

SHA256 checksums:

  • 0c134bea8d48c77ad5d41d4a0f98f471c381faaa0ef0c215d48687e709e93f3f icedtea6-1.11.9.tar.gz
  • eb326c6ae0147ca4abe4bd79e52c1edc2ef08e5e008230e24bee3abb39e14dda icedtea6-1.12.4.tar.gz

The tarballs are accompanied by digital signatures available at the above ‘sig’ link. This is produced using Omair’s public key. See details below.

  • PGP Key: 66484681 (http://pgp.mit.edu/)
  • Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681

The following people helped with these releases:

  • Severin Gehwolf (creation of fix for S8007675)
  • Omair Majid (applying all security patches, reproducer runs, release management)
  • Mario Torre (creation of fix for S8007675)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you’ve downloaded.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

]]> http://blog.fuseyism.com/index.php/2013/03/12/security-icedtea-1-11-9-1-12-4-for-openjdk-6-released/feed/ 0 [SECURITY] IcedTea 2.1.6, 2.2.6 & 2.3.7 for OpenJDK 7 Released! http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/ http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/#comments Wed, 20 Feb 2013 18:32:01 +0000 gnu_andrew http://blog.fuseyism.com/?p=495 The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 7 series: 2.1.6, 2.2.6 & 2.3.7. These contain the following security fixes:

In addition, IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more estoric architectures.

If you find an issue with one of these releases, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the releases can be found below.

What’s New?

New in release 2.3.7 (2013-02-20)

New in release 2.2.6 (2013-02-20)

New in release 2.1.6 (2013-02-20)

The tarballs can be downloaded from:

SHA256 checksums:

  • e6a65923acb29b87b9f8492adc6f00152b489441e788b64e2869301cc7fa29ba icedtea-2.1.6.tar.gz
  • 90adf40e725d7a301c3e23efdb75fcb992b0e645d8be0250cd4d058d85488f33 icedtea-2.2.6.tar.gz
  • 378f67f6f84bfb6c705f600b47b68a61b18d67648dd7eaf8498b152587695940 icedtea-2.3.7.tar.gz

Each tarball is accompanied by a digital signature available at the above ‘sig’ link. This is produced using my public key. See details below.

The following people helped with these releases:

  • Elliott Baron (production of reproducer for S8006439)
  • Severin Gehwolf (production of reproducer for S8006777)
  • Andrew John Hughes (application of security fixes & backports, creation & testing of bug fixes, reproducer testing, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz

where ${version} is the version of IcedTea being used.

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-${version}/configure [--enable-zero --enable-pulse-java
--enable-systemtap ...]
$ make

Happy hacking!

]]> http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/feed/ 1