The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 6 support in the 1.13.x series with the January 2016 security fixes.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 1.13.10 (2016-01-22)

  • Security fixes
  • Import of OpenJDK6 b38
    • OJ69: Windows build broken after b37 changes
    • OJ70: Allow versions of ALSA >= 1.1.0
    • S6720721: CRL check with circular depency support needed
    • S6852744: PIT b61: PKI test suite fails because self signed certificates are being rejected [Tests only]
    • S7166570: JSSE certificate validation has started to fail for certificate chains
    • S7167988: PKIX CertPathBuilder in reverse mode doesn’t work if more than one trust anchor is specified
    • S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing
    • S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java failed with SocketTimeoutException
    • S8074068: Cleanup in src/share/classes/sun/security/x509/
    • S8075773: jps running as root fails after the fix of JDK-8050807
    • S8081297: SSL Problem with Tomcat
    • S8134605: Partial rework of the fix for 8081297
    • S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field’s type is missing
    • S8138716: (tz) Support tzdata2015g
    • S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS
    • S8141287: Add MD5 to jdk.certpath.disabledAlgorithms – Take 2
    • S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java 8u71 failure
    • S8144955: Wrong changes were pushed with 8143942
    • S8145551: Test failed with Crash for Improved font lookups
    • S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp
  • Backports
    • S7169111, PR2757: Unreadable menu bar with Ambiance theme in GTK L&F
    • S8140620, PR2711: Find and load default.sf2 as the default soundbank on Linux

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • e467fbdbae88897c4447b400be32f3176a798d3c7d84a311b7a24420e955e93a icedtea6-1.13.10.tar.gz
  • 59a4eef6f98a1ef5951e3fd64f94a3e8f818513fa2cf721ffb60b20601eed92d icedtea6-1.13.10.tar.gz.sig
  • a08907fa5a99a84c1bb480c9a0438264ff01c6215a7e1618e08e4ae79d4600d7 icedtea6-1.13.10.tar.xz
  • 4dac256f93799aa0e75062c94c242f956bd2372b1fb70c220dcb02d4b2d028a5 icedtea6-1.13.10.tar.xz.sig

The checksums can be downloaded from:

A 1.13.10 ebuild for Gentoo is available.

The following people helped with these releases:

  • Andrew Hughes (all backports and bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.13.10.tar.gz

or:

$ tar x -I xz -f icedtea6-1.13.10.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea6-1.13.10/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the January 2016 security fixes from OpenJDK 7 u95.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.6.4 (2016-01-19)

  • Security fixes
  • Import of OpenJDK 7 u95 build 0
    • S7167988: PKIX CertPathBuilder in reverse mode doesn’t work if more than one trust anchor is specified
    • S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java failed with SocketTimeoutException
    • S8074068: Cleanup in src/share/classes/sun/security/x509/
    • S8075773: jps running as root fails after the fix of JDK-8050807
    • S8081297: SSL Problem with Tomcat
    • S8131181: Increment minor version of HSx for 7u95 and initialize the build number
    • S8132082: Let OracleUcrypto accept RSAPrivateKey
    • S8134605: Partial rework of the fix for 8081297
    • S8134861: XSLT: Extension func call cause exception if namespace URI contains partial package name
    • S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field’s type is missing
    • S8138716: (tz) Support tzdata2015g
    • S8140244: Port fix of JDK-8075773 to MacOSX
    • S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS
    • S8141287: Add MD5 to jdk.certpath.disabledAlgorithms – Take 2
    • S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java 8u71 failure
    • S8143132: L10n resource file translation update
    • S8144955: Wrong changes were pushed with 8143942
    • S8145551: Test failed with Crash for Improved font lookups
    • S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp
  • Backports
    • S8140244: Port fix of JDK-8075773 to AIX

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • ef5dd43c5f87742ac28519420055ad24acaca55b005b5b2e339cf3e451d716c1 icedtea-2.6.4.tar.gz
  • 59acd169e88ab8071f37481351a70b04e4eacd341dba1ecc3588bf5d42ef6b7d icedtea-2.6.4.tar.gz.sig
  • d20a365feea95a4c01c9f9db1f7562f471f638bc672db9de6c6e654d2d826164 icedtea-2.6.4.tar.xz
  • fc90dc9a58db1309d2105766cc9b41f295c1c12981cf1fc0afc04efa860d3f61 icedtea-2.6.4.tar.xz.sig

The checksums can be downloaded from:

A 2.6.4 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.4.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.4.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.4/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with an additional October 2015 security fix from OpenJDK 7 u91.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.6.3 (2015-11-13)

  • Security fixes
    • S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed
  • Backports

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this newer key.

SHA256 checksums:

  • 89183993d3dd794b4e2a428a8a0a35f1ce77c4ae64563e53f3a08c058ea134cc icedtea-2.6.3.tar.gz
  • 2d1b8e71739cc0d3c0afbab61a2093fb501ffa28b92f6d2630c684ae9ac48551 icedtea-2.6.3.tar.gz.sig
  • d89fea821068d38f1ca9e34bbc08ca1f6da985589d7064d7a5734d66dfd20c4f icedtea-2.6.3.tar.gz.sig.ec
  • df38aa10b4d30f3bae089dcc72f4c32fb2385cb541491791c12829960f53c612 icedtea-2.6.3.tar.xz
  • b7c377c64bcc20865a063b397b4c1cd44dad782a433d6da0ce89b690e54a6c94 icedtea-2.6.3.tar.xz.sig
  • f9373d52f121b97330f77e06064753eca949e703a5b32e501a70fd1dd8f007c0 icedtea-2.6.3.tar.xz.sig.ec

The checksums can be downloaded from:

A 2.6.3 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.3.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.3.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.3/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 6 support in the 1.13.x series with the October 2015 security fixes.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 1.13.9 (2015-11-13)

  • Security fixes
  • Import of OpenJDK6 b37
    • OJ64: Backport hashtable to map changes from jaxp
    • OJ65: Remove @Override annotation on interfaces added by 2015/10/20 security fixes
    • OJ66: Revert 7110373 & 7149751 test removals now 6706974 is present (krb5 test infrastructure)
    • OJ67: Fix copyright headers on imported files
    • OJ68: Ensure SharedSecrets are initialised
    • S6570619: (bf) DirectByteBuffer.get/put(byte[]) does not scale well
    • S6590930: reed/write does not match for ccache
    • S6648972: KDCReq.init always read padata
    • S6676075: RegistryContext (com.sun.jndi.url.rmi.rmiURLContext) coding problem
    • S6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
    • S6710360: export Kerberos session key to applications
    • S6733095: Failure when SPNEGO request non-Mutual
    • S6785456: Read Kerberos setting from Windows environment variables
    • S6821190: more InquireType values for ExtendedGSSContext
    • S6843127: krb5 should not try to access unavailable kdc too often
    • S6844193: support max_retries in krb5.conf
    • S6844907: krb5 etype order should be from strong to weak
    • S6844909: support allow_weak_crypto in krb5.conf
    • S6849275: enhance krb5 reg tests
    • S6853328: Support OK-AS-DELEGATE flag
    • S6854308: more ktab options
    • S6856069: PrincipalName.clone() does not invoke super.clone()
    • S6857795: krb5.conf ignored if system properties on realm and kdc are provided
    • S6857802: GSS getRemainingInitLifetime method returns milliseconds not seconds
    • S6858589: more changes to Config on system properties
    • S6862679: ESC: AD Authentication with user with umlauts fails
    • S6877357: IPv6 address does not work
    • S6888701: Change all template java source files to a .java-template file suffix
    • S6893158: AP_REQ check should use key version number
    • S6907425: JCK Kerberos tests fail since b77
    • S6919610: KeyTabInputStream uses static field for per-instance value
    • S6932525: Incorrect encryption types of KDC_REQ_BODY of AS-REQ with pre-authentication
    • S6946669: SSL/Krb5 should not call EncryptedData.reset(data, false)
    • S6950546: “ktab -d name etype” to “ktab -d name [-e etype] [kvno | all | old]“
    • S6951366: kerberos login failure on win2008 with AD set to win2000 compat mode
    • S6952519: kdc_timeout is not being honoured when using TCP
    • S6959292: regression: cannot login if session key and preauth does not use the same etype
    • S6960894: Better AS-REQ creation and processing
    • S6966259: Make PrincipalName and Realm immutable
    • S6975866: api/org_ietf/jgss/GSSContext/index.html#wrapUnwrapIOTest started to fail since jdk7 b102
    • S6984764: kerberos fails if service side keytab is generated using JDK ktab
    • S6997740: ktab entry related test compilation error
    • S7018928: test failure: sun/security/krb5/auto/SSL.java
    • S7032354: no-addresses should not be used on acceptor side
    • S7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem
    • S7142596: RMI JPRT tests are failing
    • S7157610: NullPointerException occurs when parsing XML doc
    • S7158329: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
    • S7197159: accept different kvno if there no match
    • S8004317: TestLibrary.getUnusedRandomPort() fails intermittently, but exception not reported
    • S8005226: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java fails intermittently
    • S8006534: CLONE – TestLibrary.getUnusedRandomPort() fails intermittently-doesn’t retry enough times
    • S8014097: add doPrivileged methods with limited privilege scope
    • S8021191: Add isAuthorized check to limited doPrivileged methods
    • S8022213: Intermittent test failures in java/net/URLClassLoader
    • S8028583: Add helper methods to test libraries
    • S8028780: JDK KRB5 module throws OutOfMemoryError when CCache is corrupt
    • S8058608: JVM crash during Kerberos logins using des3-cbc-md5 on OSX
    • S8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC
    • S8072932: Test fails with java.security.AccessControlException: access denied (“java.security.SecurityPermission” “getDomainCombiner”)
    • S8078822: 8068842 fix missed one new file PrimeNumberSequenceGenerator.java
    • S8079323: Serialization compatibility for Templates: need to exclude Hashtable from serialization
    • S8087118: Remove missing package from java.security files
    • S8098547: (tz) Support tzdata2015e
    • S8130253: ObjectStreamClass.getFields too restrictive
    • S8133196, RH1251935: HTTPS hostname invalid issue with InetAddress
    • S8133321: (tz) Support tzdata2015f
    • S8135043: ObjectStreamClass.getField(String) too restrictive
  • Backports
    • S6440786, PR363: Cannot create a ZIP file containing zero entries
    • S6599383, PR363: Unable to open zip files more than 2GB in size
    • S6763122, PR363: ZipFile ctor does not throw exception when file is not a zip file
    • S6929479, PR363: Add a system property sun.zip.disableMemoryMapping to disable mmap use in ZipFile
    • S7105461, PR2662: Large JTables are not rendered correctly with Xrender pipeline
    • S7150134, PR2662: JCK api/java_awt/Graphics/index.html#DrawLine fails with OOM for jdk8 with XRender pipeline
  • Bug fixes
    • PR2513: Reset success following calls in LayoutManager.cpp

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this newer key.

SHA256 checksums:

  • 41baf774c52c1d2a0a094a6355635942e8ecb80cf7853fb6827da80f7818ba33 icedtea6-1.13.9.tar.gz
  • 49a01399630b5477af4ac7e240aaddb04d93578d54d659b560f5f02e687fd98c icedtea6-1.13.9.tar.gz.sig
  • 3a18bb1e540a0694ca1359e5adebaa5e1af66b4ba739b4e0d3ea733683a8330a icedtea6-1.13.9.tar.gz.sig.ec
  • 61e0fb2ed0fc2d793a42e24d2192423f8a7ccb04f130d82d5889a0ecf52bc965 icedtea6-1.13.9.tar.xz
  • bf4c66cd3f64c2ca7510f8584c7bdd67012f4307d73e1f6232a1475df64c1caa icedtea6-1.13.9.tar.xz.sig
  • 51acad266f7c8a6cfd0662a1deab21a91acea88c46af2de2521897e81077b902 icedtea6-1.13.9.tar.xz.sig.ec

The checksums can be downloaded from:

A 1.13.9 ebuild for Gentoo is available.

The following people helped with these releases:

  • Andrew Hughes (all backports and bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.13.9.tar.gz

or:

$ tar x -I xz -f icedtea6-1.13.9.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea6-1.13.9/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the October 2015 security fixes from OpenJDK 7 u91.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Please Note: The fix for S8086092 below affects the build of the in-tree copy of LCMS. If the default of using the system LCMS is used, this will not take effect. Users should either switch to in-tree LCMS or (ideally) apply the fix to the system build of LCMS.

Full details of the release can be found below.

What’s New?

New in release 2.6.2 (2015-10-22)

  • Security fixes
  • Import of OpenJDK 7 u85 build 2
    • S8133968: Revert 8014464 on OpenJDK 7
    • S8133993: [TEST_BUG] Make CipherInputStreamExceptions compile on OpenJDK 7
    • S8134248: Fix recently backported tests to work with OpenJDK 7u
    • S8134610: Mac OS X build fails after July 2015 CPU
    • S8134618: test/javax/xml/jaxp/transform/8062923/XslSubstringTest.java has bad license header
  • Import of OpenJDK 7 u91 build 0
    • S6854417: TESTBUG: java/util/regex/RegExTest.java fails intermittently
    • S6966259: Make PrincipalName and Realm immutable
    • S8005226: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java fails intermittently
    • S8014097: add doPrivileged methods with limited privilege scope
    • S8021191: Add isAuthorized check to limited doPrivileged methods
    • S8028780: JDK KRB5 module throws OutOfMemoryError when CCache is corrupt
    • S8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC
    • S8076506: Increment minor version of HSx for 7u91 and initialize the build number
    • S8078822: 8068842 fix missed one new file PrimeNumberSequenceGenerator.java
    • S8079323: Serialization compatibility for Templates: need to exclude Hashtable from serialization
    • S8087118: Remove missing package from java.security files
    • S8098547: (tz) Support tzdata2015e
    • S8130253: ObjectStreamClass.getFields too restrictive
    • S8133321: (tz) Support tzdata2015f
    • S8135043: ObjectStreamClass.getField(String) too restrictive
  • Import of OpenJDK 7 u91 build 1
    • S8072932: Test fails with java.security.AccessControlException: access denied (“java.security.SecurityPermission” “getDomainCombiner”)
  • Backports
    • S6880559, PR2674: Enable PKCS11 64-bit windows builds
    • S6904403, PR2674: assert(f == k->has_finalizer(),"inconsistent has_finalizer") with debug VM
    • S7011441, PR2674: jndi/ldap/Connection.java needs to avoid spurious wakeup
    • S7059542, PR2674: JNDI name operations should be locale independent
    • S7105461, PR2571: Large JTables are not rendered correctly with Xrender pipeline
    • S7105883, PR2560, RH1245855: JDWP: agent crash if there exists a ThreadGroup with null name
    • S7107611, PR2674: sun.security.pkcs11.SessionManager is scalability blocker
    • S7127066, PR2674: Class verifier accepts an invalid class file
    • S7150092, PR2674: NTLM authentication fail if user specified a different realm
    • S7150134, PR2571: JCK api/java_awt/Graphics/index.html#DrawLine fails with OOM for jdk8 with XRender pipeline
    • S7152582, PR2674: PKCS11 tests should use the NSS libraries available in the OS
    • S7156085, PR2674: ArrayIndexOutOfBoundsException throws in UTF8Reader of SAXParser
    • S7177045, PR2674: Rework the TestProviderLeak.java regression test, it is too fragile to low memory errors.
    • S7190945, PR2674: pkcs11 problem loading NSS libs on Ubuntu
    • S8005226, PR2674: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java fails intermittently
    • S8009438, PR2674: sun/security/pkcs11/Secmod tests failing on Ubuntu 12.04
    • S8011709, PR2509: [parfait] False positive: memory leak in jdk/src/share/native/sun/font/layout/CanonShaping.cpp
    • S8012971, PR2674: PKCS11Test hiding exception failures
    • S8016105, PR2560, RH1245855: Add complementary RETURN_NULL allocation macros in allocation.hpp
    • S8020424, PR2674: The NSS version should be detected before running crypto tests
    • S8020443, PR2674: Frame is not created on the specified GraphicsDevice with two monitors
    • S8021897, PR2560, RH1245855: EXCEPTION_ACCESS_VIOLATION on debugging String.contentEquals()
    • S8022683, PR2560, RH1245855: JNI GetStringUTFChars should return NULL on allocation failure not abort the VM
    • S8023052, PR2509: JVM crash in native layout
    • S8025922, PR2560, RH1245855: JNI access to Strings need to check if the value field is non-null
    • S8026119, PR2679: Regression test DHEKeySizing.java failing intermittently
    • S8027624, PR2674: com/sun/crypto/provider/KeyFactory/TestProviderLeak.java unstable again
    • S8033069, PR2674: mouse wheel scroll closes combobox popup
    • S8035150, PR2674: ShouldNotReachHere() in ConstantPool::copy_entry_to
    • S8039212, PR2674: SecretKeyBasic.sh needs to avoid NSS libnss3 and libsoftokn3 version mismatches
    • S8042855, PR2509: [parfait] Potential null pointer dereference in IndicLayoutEngine.cpp
    • S8044364, PR2674: runtime/RedefineFinalizer test fails on windows
    • S8048353, PR2674: jstack -l crashes VM when a Java mirror for a primitive type is locked
    • S8050123, PR2674: Incorrect property name documented in CORBA InputStream API
    • S8056122, PR1896: Upgrade JDK to use LittleCMS 2.6
    • S8056124, PR2674: Hotspot should use PICL interface to get cacheline size on SPARC
    • S8057934, PR1896: Upgrade to LittleCMS 2.6 breaks AIX build
    • S8059200, PR2674: Promoted JDK9 b31 for Solaris-amd64 fails (Error: dl failure on line 744, no picl library) on Solaris 11.1
    • S8059588, PR2674: deadlock in java/io/PrintStream when verbose java.security.debug flags are set
    • S8062518, PR2674: AIOBE occurs when accessing to document function in extended function in JAXP
    • S8062591, PR2674: SPARC PICL causes significantly longer startup times
    • S8072863, PR2674: Replace fatal() with vm_exit_during_initialization() when an incorrect class is found on the bootclasspath
    • S8073453, PR2674: Focus doesn’t move when pressing Shift + Tab keys
    • S8074350, PR2674: Support ISO 4217 “Current funds codes” table (A.2)
    • S8074869, PR2674: C2 code generator can replace -0.0f with +0.0f on Linux
    • S8075609, PR2674: java.lang.IllegalArgumentException: aContainer is not a focus cycle root of aComponent
    • S8075773, PR2674: jps running as root fails after the fix of JDK-8050807
    • S8076040, PR2674: Test com/sun/crypto/provider/KeyFactory/TestProviderLeak.java fails with -XX:+UseG1GC
    • S8076328, PR2679: Enforce key exchange constraints
    • S8076455, PR2674: IME Composition Window is displayed on incorrect position
    • S8076968, PR2674: PICL based initialization of L2 cache line size on some SPARC systems is incorrect
    • S8077102, PR2674: dns_lookup_realm should be false by default
    • S8077409, PR2674: Drawing deviates when validate() is invoked on java.awt.ScrollPane
    • S8078113, PR2674: 8011102 changes may cause incorrect results
    • S8078331, PR1896: Upgrade JDK to use LittleCMS 2.7
    • S8080012, PR2674: JVM times out with vdbench on SPARC M7-16
    • S8081392, PR2674: getNodeValue should return ‘null’ value for Element nodes
    • S8081470, PR2674: com/sun/jdi tests are failing with “Error. failed to clean up files after test” with jtreg 4.1 b12
    • S8081756, PR1896: Mastering Matrix Manipulations
    • S8130297, PR2674: com/sun/crypto/provider/KeyFactory/TestProviderLeak.java still failing after JDK-8076040
    • S8133636, PR2674: [TEST_BUG] Import/add tests for the problem seen in 8076110
  • Bug fixes
    • PR2512: Reset success following calls in LayoutManager.cpp
    • PR2557, G390663: Update Gentoo font configuration and allow font directory to be specified
    • PR2568: openjdk causes a full desktop crash on RHEL 6 i586
    • PR2683: AArch64 port has broken Zero on AArch64
    • PR2684: AArch64 port not selected on architectures where host_cpu != aarch64
    • PR2686: Add generated Fedora & Gentoo font configurations for bootstrap stage
  • CACAO
    • PR2652: Set classLoader field in java.lang.Class as expected by JDK

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this newer key.

SHA256 checksums:

  • c19eafacd23c81179934acab123511c424cd07c094739fa33778bf7cc80e14d0 icedtea-2.6.2.tar.gz
  • 38570f916c85ae77c80da1e3ab3eb5c98266042b5bae89b34894063bb0dcbaa2 icedtea-2.6.2.tar.gz.sig
  • 18d1e0ec86fe4973b890d00e9b9cb2bef109ba8f1ca5a1d8e2958918f1bc955e icedtea-2.6.2.tar.gz.sig.ec
  • bee8565c507a484ea876b62474aec379ac0e434acb9de8213279f47e1fe22076 icedtea-2.6.2.tar.xz
  • 43e5f03e561b52a97015a347de1e0c1a445f3a73dd6e38d29c4b8ca4a71dc033 icedtea-2.6.2.tar.xz.sig
  • aea216e14e5c5389836634285d303728b4cbf93e1ccb974b1a1c458eb8379e43 icedtea-2.6.2.tar.xz.sig.ec

The checksums can be downloaded from:

A 2.6.2 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.2.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.2.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.2/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 6 support in the 1.13.x series with the July 2015 security fixes.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

Please Note: This release includes a backport of jdk.tls.ephemeralDHKeySize which changes the default for Diffee-Hellman ephemeral keys to 1024-bit (CVE-2015-4000). To use the previous default (768-bit keys), pass -Djdk.tls.ephemeralDHKeySize=legacy on the command-line. All current releases of IcedTea 1.x and 2.x, along with OpenJDK 8, allow the use of “matched” mode which creates an ephemeral DH key matching the size of the authentication key, or the specification of an explicit key size between 1024 and 2048 bits inclusive (e.g. -Djdk.tls.ephemeralDHKeySize=1536).

What’s New?

New in release 1.13.8 (2015-07-29)

  • Security fixes
  • Import of OpenJDK6 b36
    • OJ58: Allow OpenJDK to build on PaX-enabled kernels
    • OJ59: Only apply PaX-marking when needed by a running PaX kernel
    • OJ61: Remove translation strings for ErrorMsg.JAXP_INVALID_ATTR_VALUE_ERR which doesn’t exist in OpenJDK 6
    • OJ62, PR2552: Restrict key size of RSA certificates to >= 1024
    • OJ63: Remove @Override annotation on interfaces added by 2015/07/14 security fixes.
    • S6787645: CRL validation code should permit some clock skew when checking validity of CRLs
    • S6996365: Evaluate the priorities of cipher suites
    • S7185471: Avoid key expansion when AES cipher is re-init w/ the same key
    • S8007142: Add utility classes for writing better multiprocess tests in jtreg
    • S8008089: Delete OS dependent check in JdkFinder.getExecutable()
    • S8024861: Incomplete token triggers GSS-API NullPointerException
    • S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh Failed to initialize connector
    • S8036786: Update jdk7 testlibrary to match jdk8
    • S8042205: javax/management/monitor/*: some tests didn’t get all the notifications
    • S8042982: Unexpected RuntimeExceptions being thrown by SSLEngine
    • S8043200, PR2485: Decrease the preference mode of RC4 in the enabled cipher suite list
    • S8043201: Deprecate RC4 in SunJSSE provider
    • S8046817: JDK 8 schemagen tool does not generate xsd files for enum types
    • S8048194: GSSContext.acceptSecContext fails when a supported mech is not initiator preferred
    • S8050158: Introduce system property to maintain RC4 preference order
    • S8062923: XSL: Run-time internal error in ‘substring()’
    • S8062924: XSL: wrong answer from substring() function
    • S8064546: CipherInputStream throws BadPaddingException if stream is not fully read
    • S8065764: javax/management/monitor/CounterMonitorTest.java hangs
    • S8066952: [TEST-BUG] javax/management/monitor/CounterMonitorTest.java hangs
    • S8073357: schema1.xsd has wrong content. Sequence of the enum values has been changed
    • S8073385: Bad error message on parsing illegal character in XML attribute
    • S8074098: 2D_Font/Bug8067699 test fails with SIGBUS crash on Solaris Sparc
    • S8074297: substring in XSLT returns wrong character if string contains supplementary chars
    • S8075575: com/sun/security/auth/login/ConfigFile/InconsistentError.java failed in certain env.
    • S8075576: com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java failed in certain env.
    • S8075667: (tz) Support tzdata2015b
    • S8076290: JCK test api/xsl/conf/string/string17 starts failing after JDK-8074297
    • S8077685: (tz) Support tzdata2015d
    • S8078348: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java fails with BindException
    • S8078439: SPNEGO auth fails if client proposes MS krb5 OID
    • S8078666, PR2327: JVM fastdebug build compiled with GCC 5 asserts with “widen increases”
    • S8080318: jdk8u51 l10n resource file translation update
    • S8081386: Test sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh test has RC4 dependencies
    • S8081775: two lib/testlibrary tests are failing with “Error. failed to clean up files after test” with jtreg 4.1 b12
  • Backports
    • S4890063,PR2306, RH1214835: HPROF: default text truncated when using doe=n option
    • S6562614, PR2555: Compiler warnings for gettimeofday in Inet4/Inet6AddressImpl.c
    • S6956398, PR2486: make ephemeral DH key match the length of the certificate key
    • S6989466, PR2555: Miscellaneous compiler warnings in java/lang, java/util, java/io, sun/misc native code
    • S6991580, PR2309: IPv6 Nameservers in resolv.conf throws NumberFormatException
    • S6997561, PR2479: A request for better error handling in JNDI
    • S7007905, PR2298: javazic produces wrong line numbers
    • S7017176, PR2479: Several JNDI tests are mssing GPL header
    • S7058708, PR2298: Eliminate JDK build tools build warnings
    • S7069870, PR2298: Parts of the JDK erroneously rely on generic array initializers with diamond
    • S7090844, PR2298: Support a timezone whose offset is changed more than once in the future
    • S7094377, PR2479: Com.sun.jndi.ldap.read.timeout doesn’t work with ldaps.
    • S7133138, PR2298: Improve io performance around timezone lookups
    • S7170638, PR2495: Use DTRACE_PROBE[N] in JNI Set and SetStatic Field.
    • S8000487, PR2479: Java JNDI connection library on ldap conn is not honoring configured timeout
    • S8011709, PR2510: [parfait] False positive: memory leak in jdk/src/share/native/sun/font/layout/CanonShaping.cpp
    • S8023052, PR2510: JVM crash in native layout
    • S8039921, PR2468: SHA1WithDSA with key > 1024 bits not working
    • S8041451, PR2480: com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request
    • S8042855, PR2510: [parfait] Potential null pointer dereference in IndicLayoutEngine.cpp
    • S8042857, PR2479: 14 stuck threads waiting for notification on LDAPRequest
    • S8065238, PR2479: javax.naming.NamingException after upgrade to JDK 8
    • S8074761, PR2469: Empty optional parameters of LDAP query are not interpreted as empty
    • S8078654, PR2334: CloseTTFontFileFunc callback should be removed
    • S8081315, PR2406: Avoid giflib interlacing workaround with giflib 5.0.0 on
    • S8081475, PR2495: SystemTap does not work when JDK is compiled with GCC 5
    • S8087120, RH1206656, PR2554: [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms.
  • Bug fixes
    • PR2319: Checksum of policy JAR files changes on every build
    • PR2340: Fail early if there is no native HotSpot JIT & all other options are disabled
    • PR2342: Update README & INSTALL files
    • PR2360: Ensure all stamp targets have aliases
    • PR2391: Make elliptic curve removal optional
    • PR2460: Policy JAR files should be timestamped with the date of the policy file they hold
    • PR2481, RH489586, RH1236619: OpenJDK can’t handle spaces in zone names in /etc/sysconfig/clock
    • PR2486: JSSE server is still limited to 768-bit DHE
    • PR2508, G541462: Only apply PaX markings by default on running PaX kernels
    • PR2556, G390663: Update Gentoo font configuration and allow font directory to be specified
    • PR2559: generated directory gets confused with generated alias
    • PR2565: Replace ipv4-mapped-ipv6-addresses.patch with upstream fix 6882910
  • CACAO
    • PR829: Raise javadoc and JAVAC_FLAGS memory limits for CACAO
  • JamVM
    • PR2522: Add executable stack markings to callNative.S on JamVM

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this newer key.

SHA256 checksums:

  • 05fd1584e458ddaaf1d464842431dbcbcbaf7f9ef9f92f9cebaa180ccbbc5d1b icedtea6-1.13.8.tar.gz
  • 27fe15966c69d40f3ccec392b6725aafe81fcbd14fd698067a46eff23cb94620 icedtea6-1.13.8.tar.gz.sig
  • 1af0e21b109b58d27ce063696b42f1cdded0f829f51440f716540bec138355ed icedtea6-1.13.8.tar.gz.sig.ec
  • fcbc623957e393a00d6189cb88288fed21c21860485092ea7719a12fbbc00adb icedtea6-1.13.8.tar.xz
  • 95dad7fbcb133e461e557fbe343f0cf27aeb2972cce58ad9184c71e0bc9431c1 icedtea6-1.13.8.tar.xz.sig
  • 2b4f32188d5631c0bc3f0168099cd903b09f7b6832b82c2060b6b8003de1567c icedtea6-1.13.8.tar.xz.sig.ec

The checksums can be downloaded from:

A 1.13.8 ebuild for Gentoo is available.

The following people helped with these releases:

  • James Le Cuirot (PR829 CACAO work)
  • Andrew Hughes (all backports and other bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.13.8.tar.gz

or:

$ tar x -I xz -f icedtea6-1.13.8.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea6-1.13.8/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.5.x series with the July 2015 security fixes. This is the last release in the 2.5.x series.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

Please Note: The backport of jdk.tls.ephemeralDHKeySize now defaults to 1024-bit keys (CVE-2015-4000). To use the previous default (768-bit keys), pass -Djdk.tls.ephemeralDHKeySize=legacy on the command-line. Both OpenJDK 7 & 8 allow the use of “matched” mode which creates an ephemeral DH key matching the size of the authentication key, or the specification of a key size between 1024 and 2048 bits inclusive.

What’s New?

New in release 2.5.6 (2015-07-22)

  • Security fixes
  • Backports
    • S4890063, PR2305, RH1214835: HPROF: default text truncated when using doe=n option
    • S6991580, PR2308: IPv6 Nameservers in resolv.conf throws NumberFormatException
    • S7124253: [macosx] Flavor change notification not coming
    • S8007219: [macosx] Frame size reverts meaning of maximized attribute if frame size close to display
    • S8013581: [macosx] Key Bindings break with awt GraphicsEnvironment setFullScreenWindow
    • S8020210: [macosx] JVM crashes in CWrapper$NSWindow.screen(long)
    • S8021120, PR2301: TieredCompilation can be enabled even if TIERED is undefined
    • S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh Failed to initialize connector
    • S8027561: [macosx] Cleanup “may not respond to selector” warnings in native code
    • S8029607, PR2418: Type of Service (TOS) cannot be set in IPv6 header
    • S8029868: Fix KSS issues in sun.lwawt.macosx
    • S8039921, PR2421: SHA1WithDSA with key > 1024 bits not working
    • S8042205: javax/management/monitor/*: some tests didn’t get all the notifications
    • S8042982: Unexpected RuntimeExceptions being thrown by SSLEngine
    • S8043201: Deprecate RC4 in SunJSSE provider
    • S8043129, PR2338: JAF initialisation in SAAJ clashing with the one in javax.mail
    • S8046817: JDK 8 schemagen tool does not generate xsd files for enum types
    • S8048194: GSSContext.acceptSecContext fails when a supported mech is not initiator preferred
    • S8048212, PR2418: Two tests failed with “java.net.SocketException: Bad protocol option” on Windows after 8029607
    • S8048214, PR2357: Linker error when compiling G1SATBCardTableModRefBS after include order changes
    • S8062923: XSL: Run-time internal error in ‘substring()’
    • S8062924: XSL: wrong answer from substring() function
    • S8064546: CipherInputStream throws BadPaddingException if stream is not fully read
    • S8065238, PR2478: javax.naming.NamingException after upgrade to JDK 8
    • S8065764: javax/management/monitor/CounterMonitorTest.java hangs
    • S8066952: [TEST-BUG] javax/management/monitor/CounterMonitorTest.java hangs
    • S8071668: [macosx] Clipboard does not work with 3rd parties Clipboard Managers
    • S8072385, PR2387: Only the first DNSName entry is checked for endpoint identification
    • S8073357: schema1.xsd has wrong content. Sequence of the enum values has been changed
    • S8073385: Bad error message on parsing illegal character in XML attribute
    • S8074098: 2D_Font/Bug8067699 test fails with SIGBUS crash on Solaris Sparc
    • S8074297: substring in XSLT returns wrong character if string contains supplementary chars
    • S8074761, PR2470: Empty optional parameters of LDAP query are not interpreted as empty
    • S8075575: com/sun/security/auth/login/ConfigFile/InconsistentError.java failed in certain env.
    • S8075576: com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java failed in certain env.
    • S8075667: (tz) Support tzdata2015b
    • S8076290: JCK test api/xsl/conf/string/string17 starts failing after JDK-8074297
    • S8077685: (tz) Support tzdata2015d
    • S8078348: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java fails with BindException
    • S8078439: SPNEGO auth fails if client proposes MS krb5 OID
    • S8078562: Add modified dates
    • S8078654, PR2333: CloseTTFontFileFunc callback should be removed
    • S8078666, PR2326: JVM fastdebug build compiled with GCC 5 asserts with “widen increases”
    • S8080318: jdk8u51 l10n resource file translation update
    • S8081315, PR2405: Avoid giflib interlacing workaround with giflib 5.0.0 on
    • S8081386: Test sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh test has RC4 dependencies
    • S8081475, PR2494: SystemTap does not work when JDK is compiled with GCC 5
    • S8081775: two lib/testlibrary tests are failing with “Error. failed to clean up files after test” with jtreg 4.1 b12
    • S8087120, RH1206656, PR2553: [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms.
    • S8133970: Only apply PaX-marking when needed by a running PaX kernel
    • S8133990: Revert introduction of lambda expression in sun.lwawt.macosx.LWCToolkit
    • S8133991: Fix mistake in 8075374 backport
  • Bug fixes
    • PR2328: GCJ uses ppc64el named libarch directory on ppc64le
    • PR2341: Update README & INSTALL files
    • PR2367: 7 no longer builds with 6 – Util is not public in sun.management
    • PR2390: Make elliptic curve removal optional
    • PR2395: Path to jvm.cfg is wrong in add-systemtap-boot
    • PR2458: Policy JAR files should be timestamped with the date of the policy file they hold
    • PR2482, RH489586, RH1236619: OpenJDK can’t handle spaces in zone names in /etc/sysconfig/clock
    • PR2499: Update remove-intree-libraries.sh script
    • PR2502: Remove -fno-tree-vectorize workaround now http://gcc.gnu.org/PR63341 is fixed
    • PR2507, G541462: Only apply PaX markings by default on running PaX kernels
  • CACAO
    • PR2380: Raise javadoc and JAVAC_FLAGS memory limits for CACAO
  • JamVM
    • PR2500: Add executable stack markings to callNative.S on JamVM
  • AArch64 port
    • Changes to make aix compile after the merge
    • S8025613, PR2437: clang: remove -Wno-unused-value
    • S8035938: Memory leak in JvmtiEnv::GetConstantPool
    • S8058113: Execution of OnOutOfMemoryError command hangs on linux-sparc
    • S8068674: Increment minor version of HSx for 7u85 and initialize the build number
    • S8069593: Changes to JavaThread::_thread_state must use acquire and release
    • S8071423: Increment hsx 24.80 build to b08 for 7u80-b07
    • S8071807: Increment hsx 24.80 build to b09 for 7u80-b08
    • S8072639: Increment hsx 24.80 build to b10 for 7u80-b09
    • S8074349: AARCH64: C2 generates poor code for some byte and character stores
    • S8075045: AARCH64: Stack banging should use store rather than load
    • S8075136: Unnecessary sign extension for byte array access
    • S8075324: Costs of memory operands in aarch64.ad are inconsistent
    • S8075443: AARCH64: Missed L2I optimizations in C2
    • S8075930: AARCH64: Use FP Register in C2
    • S8076212, PR2314: AllocateHeap() and ReallocateHeap() should be inlined.
    • S8076467: AARCH64: assertion fail with -XX:+UseG1GC
    • S8078529: Increment the build value to b02 for hs24.85 in 8u85
    • S8079203: AARCH64: Need to cater for different partner implementations
    • S8080586: aarch64: hotspot test compiler/codegen/7184394/TestAESMain.java fails
    • S8081622: Increment the build value to b03 for hs24.85 in 8u51
  • PPC & AIX port
    • S8069590: AIX port of “8050807: Better performing performance data handling”
    • S8078482, PR2307: ppc: pass thread to throw_AbstractMethodError
    • S8080190: PPC64: Fix wrong rotate instructions in the .ad file

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this newer key.

SHA256 checksums:

  • 055fccbb0e5f25382c89d1bd71d50a5a34ffae32859375bb3dcc048a98ef4726 icedtea-2.5.6.tar.gz
  • e4caa7def2561918e79e5778ec9f793ed0a28fc4cafd10675fa1ed7d7133f032 icedtea-2.5.6.tar.gz.sig
  • 2f0bab310ad177669a0724aa1b0fc32094ff435e8afd930f9d132e505ab99543 icedtea-2.5.6.tar.gz.sig.ec
  • bb3c7e9fd372c737849d9d3129d935174492a0d924a2801223c822426338b8c4 icedtea-2.5.6.tar.xz
  • e5b4f9c7890051c3e209c3dd606e8da0d74e215c05d08369cf19cbdd6e57a4d5 icedtea-2.5.6.tar.xz.sig
  • ac4ed71aed0ade86a3253aae8f52f9e1e651237e5a1ae4dddfe216c58495be51 icedtea-2.5.6.tar.xz.sig.ec

The checksums can be downloaded from:

A 2.5.6 ebuild for Gentoo is available.

The following people helped with these releases:

  • James Le Cuirot (PR2380 CACAO work)
  • Tiago Sturmer Diatx (PR2328 ppc64le work)
  • Andrew Dinn (AArch64 integration work)
  • Andrew Hughes (all other backports & bug fixes, release management)
  • Omair Majid (OJ05)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.5.6.tar.gz

or:

$ tar x -I xz -f icedtea-2.5.6.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.5.6/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the July 2015 security fixes.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

Please Note: The backport of jdk.tls.ephemeralDHKeySize now defaults to 1024-bit keys (CVE-2015-4000). To use the previous default (768-bit keys), pass -Djdk.tls.ephemeralDHKeySize=legacy on the command-line. Both OpenJDK 7 & 8 allow the use of “matched” mode which creates an ephemeral DH key matching the size of the authentication key, or the specification of a key size between 1024 and 2048 bits inclusive.

What’s New?

New in release 2.6.1 (2015-07-21)

  • Security fixes
  • OpenJDK
    • S7124253: [macosx] Flavor change notification not coming
    • S8007219: [macosx] Frame size reverts meaning of maximized attribute if frame size close to display
    • S8013581: [macosx] Key Bindings break with awt GraphicsEnvironment setFullScreenWindow
    • S8014464: Update jcheck for OpenJDK 7
    • S8020210: [macosx] JVM crashes in CWrapper$NSWindow.screen(long)
    • S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh Failed to initialize connector
    • S8027561: [macosx] Cleanup “may not respond to selector” warnings in native code
    • S8029868: Fix KSS issues in sun.lwawt.macosx
    • S8042205: javax/management/monitor/*: some tests didn’t get all the notifications
    • S8043201: Deprecate RC4 in SunJSSE provider
    • S8046817: JDK 8 schemagen tool does not generate xsd files for enum types
    • S8048194: GSSContext.acceptSecContext fails when a supported mech is not initiator preferred
    • S8064546: CipherInputStream throws BadPaddingException if stream is not fully read
    • S8065764: javax/management/monitor/CounterMonitorTest.java hangs
    • S8066952: [TEST-BUG] javax/management/monitor/CounterMonitorTest.java hangs
    • S8068674: Increment minor version of HSx for 7u85 and initialize the build number
    • S8071668: [macosx] Clipboard does not work with 3rd parties Clipboard Managers
    • S8073357: schema1.xsd has wrong content. Sequence of the enum values has been changed
    • S8073385: Bad error message on parsing illegal character in XML attribute
    • S8074098: 2D_Font/Bug8067699 test fails with SIGBUS crash on Solaris Sparc
    • S8074297: substring in XSLT returns wrong character if string contains supplementary chars
    • S8075575: com/sun/security/auth/login/ConfigFile/InconsistentError.java failed in certain env.
    • S8075576: com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java failed in certain env.
    • S8075667: (tz) Support tzdata2015b
    • S8076290: JCK test api/xsl/conf/string/string17 starts failing after JDK-8074297
    • S8077685: (tz) Support tzdata2015d
    • S8078348: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java fails with BindException
    • S8078439: SPNEGO auth fails if client proposes MS krb5 OID
    • S8078529: Increment the build value to b02 for hs24.85 in 7u85
    • S8078562: Add modified dates
    • S8080318: jdk8u51 l10n resource file translation update
    • S8081386: Test sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh test has RC4 dependencies
    • S8081622: Increment the build value to b03 for hs24.85 in 7u85
    • S8081775: two lib/testlibrary tests are failing with “Error. failed to clean up files after test” with jtreg 4.1 b12
    • S8133966: Allow OpenJDK to build on PaX-enabled kernels
    • S8133967: Fix build where PAX_COMMAND is not specified
    • S8133970: Only apply PaX-marking when needed by a running PaX kernel
    • S8133990: Revert introduction of lambda expression in sun.lwawt.macosx.LWCToolkit
    • S8133991: Fix mistake in 8075374 backport
  • Backports
    • S8087120, RH1206656, PR2553: [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms.
  • Bug fixes
    • PR2501: libjavasctp.so doesn’t need to link against libdl when linking against libsctp
    • PR2502: Remove -fno-tree-vectorize workaround now http://gcc.gnu.org/PR63341 is fixed
    • PR2503: Add existence check for all optional dependencies in jdk_generic_profile.sh
    • PR2521: Systems with a GLib without libgio segfault when obtaining proxy information

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this newer key.

SHA256 checksums:

  • 491866e57199b0bc99d716be3eabaab97d9f6a698d1a652d748baeddeedfe963 icedtea-2.6.1.tar.gz
  • 8c16de4a0cd2301fb63aebe393d2c715a077f992ee1f97a5bf626d4b69162b22 icedtea-2.6.1.tar.gz.sig
  • fd5813b6b3fb0f2f973bfe247daa460a64bae1483330ebfe162e62d2d80712e3 icedtea-2.6.1.tar.gz.sig.ec
  • cce4fac1e729690e986ef6f6d1c47b507f622a61da33d57d2b0a8c12e23e2068 icedtea-2.6.1.tar.xz
  • dd894de3b06f90ef5e12618ccc971811388b440ff0d00151fdabe3c35b64e7f4 icedtea-2.6.1.tar.xz.sig
  • 144af57a421f941c50d01c3a6a527e9bc90f78fc621bd1c5af5b73272e7fe851 icedtea-2.6.1.tar.xz.sig.ec

The checksums can be downloaded from:

A 2.6.1 ebuild for Gentoo is available.

The following people helped with these releases:

  • Andrew Hughes (all other backports & bug fixes, release management)
  • Omair Majid (OJ05)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.1.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.1.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.1/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

We are pleased to announce the release of IcedTea 2.6.0.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support with the first release of the 2.6.x series, based on OpenJDK u80.

There will be one further release of the 2.5.x series, 2.5.6, for the July 2015 security updates, in tandem with 2.6.1, both coming in the next few days. In October, the 2.5.x branch will be rendered obsolete, with only the 2.6.x series being updated for that security update. Please use the intervening period to transition to the 2.6.x series.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Note: this version integrates the AArch64 port into the main tree and uses the same HotSpot tree as has been shipping as the AArch64/ARM32 version in the 2.5.x series. Thus, there is no longer a need for a separate HotSpot tarball on AArch64 and ARM32.

Full details of the release can be found below.

What’s New?

New in release 2.6.0 (2015-07-17)

  • OpenJDK
    • S4792059: test/java/io/pathNames/GeneralSolaris.java fails on symbolic links
    • S4991647: PNGMetadata.getAsTree() sets bitDepth to invalid value
    • S5036554: unmarshal error on CORBA alias type in CORBA any
    • S6458027: Disabling IPv6 on a specific network interface causes problems
    • S6642881: Improve performance of Class.getClassLoader()
    • S6695379: Copy method annotations and parameter annotations to synthetic bridge methods
    • S6883953: java -client -XX:ValueMapInitialSize=0 crashes
    • S6931564: Incorrect display name of Locale for south africa
    • S6976528: PS: assert(!limit_exceeded || softrefs_clear) failed: Should have been cleared
    • S6984762: Invalid close of file descriptor ‘-1′ in findZoneinfoFile
    • S6993873: java/awt/Focus/FocusOwnerFrameOnClick/FocusOwnerFrameOnClick.java test indicates “.a frame wasn’t focused on click” jdk7 issue on linux
    • S7010989: Duplicate closure of file descriptors leads to unexpected and incorrect closure of sockets
    • S7017962: Obsolete link is used in URL class level spec
    • S7033533: realSync() doesn’t work with Xfce
    • S7036518: TEST_BUG: add cygwin support to test/java/nio/charset/coders/CheckSJISMappingProp.sh
    • S7052170: javadoc -charset option generates wrong meta tag
    • S7145454: JVM wide monitor lock in Currency.getInstance(String)
    • S7152892: some jtreg tests fail with permission denied
    • S7153157: ClassValue.get does not return if computeValue calls remove
    • S7156459: Remove unnecessary get() from Currency.getInstance()
    • S7158636: InterfaceAddress.getBroadcast() returns invalid broadcast address on WLAN
    • S7160604: Using non-opaque windows – popups are initially not painted correctly
    • S7161320: TEST_BUG: java/awt/event/KeyEvent/SwallowKeyEvents/SwallowKeyEvents.java fails (Invalid key code)
    • S7164841: Improvements to the GC log file rotation
    • S7172176: test/sun/tools/jconsole/ImmutableResourceTest.sh failing
    • S7172865: PropertyDescriptor fails to work with setter method name if setter is non-void
    • S7178362: Socket impls should ignore unsupported proxy types rather than throwing
    • S7180038: regression test failure, SSLEngineBadBufferArrayAccess.java
    • S7180557: InetAddress.getLocalHost throws UnknownHostException on java7u5 on OSX
    • S7196009: SunPkcs11 provider fails to parse config path containing parenthesis
    • S7199674: (props) user.home property does not return an accessible location in sandboxed environment [macosx]
    • S8001633: Wrong alt processing during switching between windows.
    • S8002148: [TEST_BUG] The four lines printed are not the bold typeface.
    • S8004488: wrong permissions checked in krb5
    • S8006023: Embedded Builds fail management test because of requirement for UsePerfData being enabled.
    • S8008328: [partfait] Null pointer defererence in hotspot/src/cpu/x86/vm/frame_x86.inline.hpp
    • S8008386: (cs) Unmappable leading should be decoded to replacement.
    • S8008759: Do not let internal JDK zlib symbols leak out of fastdebug libzip.so
    • S8009258: TEST_BUG:java/io/pathNames/GeneralWin32.java fails intermittently
    • S8010371: getaddrinfo can fail with EAI_SYSTEM/EAGAIN, causes UnknownHostException to be thrown
    • S8010738: G1: Output for full GCs with +PrintGCDetails should contain perm gen/meta data size change info
    • S8011795: DOM Serializer prints stack traces to System.err
    • S8012625: Incorrect handling of HTTP/1.1 ” Expect: 100-continue ” in HttpURLConnection
    • S8012941: JSR 292: too deep inlining might crash compiler because of stack overflow
    • S8013098: [macosx] localized aqua_xx.properties are not included in rt.jar
    • S8013485: javac can’t handle annotations with a <clinit> from a previous compilation unit
    • S8013849: Awt assert on Hashtable.cpp:124
    • S8014254: Selector in HttpServer introduces a 1000 ms delay when using KeepAlive
    • S8015586: [macosx] Test closed/java/awt/print/PrinterJob/PrintToDir.java fails on MacOSX
    • S8015628: Test Failure in closed/java/io/pathNames/GeneralSolaris.java
    • S8015780: java/lang/reflect/Method/GenericStringTest.java failing
    • S8016579: (process) IOException thrown by ProcessBuilder.start() method is incorrectly encoded
    • S8017212: File.createTempFile requires unnecessary “read” permission
    • S8019800: Test sun/tools/jcmd/jcmd-f.sh failing after JDK-8017011
    • S8019834: InetAddress.getByName hangs for bad IPv6 literals
    • S8020675: invalid jar file in the bootclasspath could lead to jvm fatal error
    • S8020829: NMT tests fail on platforms if NMT detail is not supported
    • S8022229: Intermittent test failures in sun/tools/jstatd
    • S8022531: [TEST_BUG] After double-click on the folder names , there is no ‘OK’ button in the dialog.
    • S8022836: JVM crashes in JVMTIENVBASE::GET_CURRENT_CONTENDED_MONITOR and GET_OWNED_MONITOR
    • S8024675: java/net/NetworkInterface/UniqueMacAddressesTest.java fails on Windows
    • S8024677: [TESTBUG] Move tests for classes in /testlibrary
    • S8024932: [TEST_BUG] [macosx] javax/swing/text/StyledEditorKit/8016833/bug8016833.java failed
    • S8025644: java/util/stream/test/org/openjdk/tests/java/util/stream/ToArrayOpTest.java fails with TestData): failure java.lang.AssertionError: expected [true] but found [false]
    • S8025710: Proxied HTTPS connections reused by HttpClient can send CONNECT to the server
    • S8025917: JDK demo applets not running with >=7u40 or (JDK 8 and JDK 9)
    • S8026245: InetAddress.getLocalHost crash if IPv6 disabled (macosx)
    • S8026303: CMS: JVM intermittently crashes with “FreeList of size 258 violates Conservation Principle” assert
    • S8027026: Change keytool -genkeypair to use -keyalg RSA
    • S8027348: (process) Enhancement of handling async close of ProcessInputStream
    • S8027695: There should be a space before % sign in Swedish locale
    • S8027961: Inet[4|6]Address native initializing code should check field/MethodID values
    • S8028073: race condition in ObjectMonitor implementation causing deadlocks
    • S8028074: InetAddress.getByName fails with UHE “invalid IPv6 address” if host name starts with a-f
    • S8028159: C2: compiler stack overflow during inlining of @ForceInline methods
    • S8028280: ParkEvent leak when running modified runThese which only loads classes
    • S8028484: [TEST_BUG][macosx] closed/java/awt/MouseInfo/JContainerMousePositionTest fails
    • S8029073: (corba) New connection reclaimed when number of connection is greater than highwatermark
    • S8029190: VM_Version::determine_features() asserts on Fujitsu Sparc64 CPUs
    • S8029302: Performance regression in Math.pow intrinsic
    • S8029607, RH1230702, PR2418: Type of Service (TOS) cannot be set in IPv6 header
    • S8029775: Solaris code cleanup
    • S8030114: [parfait] warnings from b119 for jdk.src.share.native.sun.security.smartcardio: JNI exception pending
    • S8030192: TESTFAIL: java/util/logging/TestLoggerBundleSync.java failed with NPE
    • S8030712: TEST_BUG : java/lang/ProcessBuilder/BasicLauncher.java fails if java output contains VM warning
    • S8030878: JConsole issues meaningless message if SSL connection fails
    • S8030976: Untaken paths should be more vigorously pruned at highest optimization level
    • S8031061: new hotspot build – hs24.60-b07
    • S8031068: java/util/logging/ParentLoggersTest.java: checkLoggers: getLoggerNames() returned unexpected loggers
    • S8031435: Ftp download does not work properly for ftp user without password
    • S8031471: Test closed/java/awt/dnd/FileDialogDropTargetTest/FileDialogDropTargetTest.java fails on Solaris zones virtual hosts
    • S8031566: regression test failure, SSLEngineBadBufferArrayAccess.java
    • S8031572: jarsigner -verify exits with 0 when a jar file is not properly signed
    • S8031743: C2: loadI2L_immI broken for negative memory values
    • S8031764: tmtools/jmap/heap_config tests fail on Linux-ia32 because it Cant attach to the core file
    • S8031765: Child process error stream is not empty!
    • S8032466: serviceability/sa/jmap-hashcode/Test8028623.java fails with compilation errors
    • S8032573: CertificateFactory.getInstance(“X.509″).generateCertificates(InputStream) does not throw CertificateException for invalid input
    • S8032808: Support Solaris SO_FLOW_SLA socket option
    • S8032832: Applet/browser deadlocks, when IIS integrated authentication is used
    • S8032864: [macosx] sigsegv (0Xb) Being Generated When Starting JDev With Voiceover Running
    • S8032901: WaitForMultipleObjects() return value not handled appropriately
    • S8032908: getTextContent doesn’t return string in JAXP
    • S8033524: Set minor version for hotspot in 7u80 to 80 and build number to b01
    • S8033571: [parfait] warning from b128 for security/smartcardio/pcsc_md.c: JNI exception pending
    • S8033627: UTC+02:00 time zones are not detected correctly on Windows
    • S8033699: Incorrect radio button behavior
    • S8033970: new hotspot build – hs24.80-b02
    • S8034118: [parfait] JNI exception pending in macosx/native/sun/awt/JavaComponentAccessibility.m
    • S8034262: Test java/lang/ProcessBuilder/CloseRace.java fails
    • S8034768: [parfait] JNI exception pending in jdk/src/macosx/native/sun/awt/JavaTextAccessibility.m
    • S8034920: new hotspot build – hs24.80-b03
    • S8035435: new hotspot build – hs24.80-b04
    • S8035973: NPE in ForwardBuilder
    • S8035938: Memory leak in JvmtiEnv::GetConstantPool
    • S8036778: new hotspot build – hs24.80-b05
    • S8036823: Stack trace sometimes shows ‘locked’ instead of ‘waiting to lock’
    • S8036981: JAXB not preserving formatting for xsd:any Mixed content
    • S8037502: build.tools.javazic.Zoneinfo incorrectly calculates raw GMT offset change time
    • S8037945: Paths.get(“”).normalize() throws ArrayIndexOutOfBoundsException
    • S8038274: update 8u fix for 8028073 now that 8028280 is backported to 8u
    • S8038440: backport few C2 fixes
    • S8038481: CMM Testing: Min/MaxHeapFreeRatio flags should be manageable through the API
    • S8038640: new hotspot build – hs24.80-b06
    • S8038785: hot workaround fix for a crash in C2 compiler at Node::rematerialize
    • S8038919: Requesting focus to a modeless dialog doesn’t work on Safari
    • S8038961: kinit, klist and ktab aren’t built from jdk7u51 in licensee src bundles
    • S8038966: JAX-WS handles wrongly xsd:any arguments for Web services
    • S8039042: G1: Phantom zeros in cardtable
    • S8039118: Windows build failure (j2pcsc.dll : fatal error unresolved external symbol throwByName)
    • S8039292: new hotspot build – hs24.80-b07
    • S8039368: Remove testcase from npt utf.c
    • S8039891: Remove ppcsflt builds from JPRT
    • S8039899: Missing licence headers in test for JDK-8033113
    • S8040076: Memory leak: java.awt.List objects allowing multiple selections are not GC-ed.
    • S8040664: Revert temporary fix JDK-8038785
    • S8041351: Crash in src/share/vm/opto/loopnode.cpp:3215 – assert(! had_error) failed: bad dominance
    • S8041507: Java Access Bridge version strings need to be fixed
    • S8041725: Nimbus JList selection colors persist across L&F changes
    • S8041791: String.toLowerCase regression – violates Unicode standard
    • S8041918: BootstrapMethods attribute cannot be empty.
    • S8041931: test/sun/net/www/http/HttpClient/B8025710.java fails with cannot find keystore
    • S8041980: (hotspot) sun/jvmstat/monitor/MonitoredVm/CR6672135.java failing on all platforms
    • S8041984: CompilerThread seems to occupy all CPU in a very rare situation
    • S8042052: assert(t != NULL) failed: must set before get
    • S8042235: redefining method used by multiple MethodHandles crashes VM
    • S8042247: Make 7u60 the default jprt release for hs24.80
    • S8042250: Misleading command line output for ReservedCodeCacheSize validation
    • S8042465: Applet menus not rendering when browser is full screen on Mac
    • S8042835: Remove mnemonic character from open, save and open directory JFileChooser’s buttons
    • S8042982: Unexpected RuntimeExceptions being thrown by SSLEngine
    • S8043129: JAF initialisation in SAAJ clashing with the one in javax.mail
    • S8043354: OptimizePtrCompare too aggressive when allocations are present
    • S8043413: REGRESSION: Hotspot causes segmentation fault in jdk8ux, but not in jdk7ux
    • S8043720: (smartcardio) Native memory should be handled more accurately
    • S8044406: JVM crash with JDK8 (build 1.8.0-b132) with G1 GC
    • S8044614: [macosx] Focus issue with 2 applets in firefox
    • S8044725: Bug in zlib 1.2.5 prevents inflation of some gzipped files (zlib 1.2.8 port)
    • S8046007: Java app receives javax.print.PrintException: Printer is not accepting job
    • S8046024: JDI shared memory transport failed with “Observed abandoned IP mutex”
    • S8046233: VerifyError on backward branch
    • S8046269: Build broken : THIS_FILE : undeclared identifier
    • S8046275: Fastdebug build failing on jdk9/hs/ control jobs after pulling some hs-comp changes
    • S8046287: [TESTBUG] runtime/Thread/TestThreadDumpMonitorContention.java failed error_cnt=12
    • S8046289: compiler/6340864/TestLongVect.java timeout with
    • S8046495: KeyEvent can not be accepted in quick mouse clicking
    • S8046516: Segmentation fault in JVM (easily reproducible)
    • S8046559: NPE when changing Windows theme
    • S8046588: test for SO_FLOW_SLA availability does not check for EACCESS
    • S8047186: jdk.net.Sockets throws InvocationTargetException instead of original runtime exceptions
    • S8047187: Test jdk/net/Sockets/Test.java fails to compile after fix JDK-8046588
    • S8047340: (process) Runtime.exec() fails in Turkish locale
    • S8048050: Agent NullPointerException when rmi.port in use
    • S8048110: Using tables in JTextPane leads to infinite loop in FlowLayout.layoutRow
    • S8048170: Test closed/java/text/Normalizer/ConformanceTest.java failed
    • S8048212, PR2418: Two tests failed with “java.net.SocketException: Bad protocol option” on Windows after 8029607
    • S8048271: Minor GC times doubled from JDK 6u35 to JDK 7u51
    • S8048506: [macosx] javax.swing.PopupFactory issue with null owner
    • S8048887: SortingFocusTraversalPolicy throws IllegalArgumentException from the sort method
    • S8049514: FEATURE_SECURE_PROCESSING can not be turned off on a validator through SchemaFactory
    • S8049684: pstack crashes on java core dump
    • S8050022: linux-sparcv9: assert(SharedSkipVerify || obj->is_oop()) failed: sanity check
    • S8050386: javac, follow-up of fix for JDK-8049305
    • S8050983: Misplaced parentheses in sun.net.www.http.HttpClient break HTTP PUT streaming
    • S8051004: javac, incorrect bug id in tests for JDK-8050386
    • S8051844: BootstrapMethods attribute cannot be empty again
    • S8051857: OperationTimedOut exception inside from XToolkit.syncNativeQueue call
    • S8052159: TEST_BUG: javax/swing/JTextField/8036819/bug8036819.java fails to compile
    • S8052406: SSLv2Hello protocol may be filter out unexpectedly
    • S8054019: Keytool Error publicKey’s is not X.509, but X509
    • S8054478: C2: Incorrectly compiled char[] array access crashes JVM
    • S8054530: C2: assert(res == old_res) failed: Inconsistency between old and new
    • S8054817: File ccache only recognizes Linux and Solaris defaults
    • S8054841: (process) ProcessBuilder leaks native memory
    • S8054883: Segmentation error while running program
    • S8055045: StringIndexOutOfBoundsException while reading krb5.conf
    • S8055421: (fs) bad error handling in java.base/unix/native/libnio/fs/UnixNativeDispatcher.c
    • S8055731: sun/security/smartcardio/TestDirect.java throws java.lang.IndexOutOfBoundsException
    • S8055949: ByteArrayOutputStream capacity should be maximal array size permitted by VM
    • S8056026: Debug security logging should print Provider used for each crypto operation
    • S8056156: [TEST_BUG] Test javax/swing/JFileChooser/8046391/bug8046391.java fails in Windows
    • S8056309: Set minor version for hotspot in 7u76 to 76 and build number to b01
    • S8056914: Right Click Menu for Paste not showing after upgrading to java 7
    • S8057008: [TEST_BUG] Test java/awt/Focus/SortingFPT/JDK8048887.java fails with compilation error
    • S8057530: (process) Runtime.exec throws garbled message in jp locale
    • S8057564: JVM hangs at getAgentProperties after attaching to VM with lower
    • S8057813: Alterations to jdk_security3 test target
    • S8058113: Execution of OnOutOfMemoryError command hangs on linux-sparc
    • S8058120: Rendering / caret errors with HTMLDocument
    • S8058473: “Comparison method violates its general contract” when using Clipboard
    • S8058583: Remove CompilationRepeat
    • S8058608: JVM crash during Kerberos logins using des3-cbc-md5 on OSX
    • S8058927: ATG throws ClassNotFoundException
    • S8058932: java/net/InetAddress/IPv4Formats.java failed because hello.foo.bar does exist
    • S8058935: CPU detection gives 0 cores per cpu, 2 threads per core in Amazon EC2 environment
    • S8058936: hotspot/test/Makefile should use jtreg script from $JT_HOME/bin/jreg (instead of $JT_HOME/win32/bin/jtreg)
    • S8059216: Make PrintGCApplicationStoppedTime print information about stopping threads
    • S8059299: assert(adr_type != NULL) failed: expecting TypeKlassPtr
    • S8059327: XML parser returns corrupt attribute value
    • S8059563: (proxy) sun.misc.ProxyGenerator.generateProxyClass should create intermediate directories
    • S8060006: No Russian time zones mapping for Windows
    • S8060169: Update the Crash Reporting URL in the Java crash log
    • S8060170: Support SIO_LOOPBACK_FAST_PATH option on Windows
    • S8061507: Increment hsx 24.76 build to b02 for 7u76-b05
    • S8061694: Increment hsx 24.76 build to b03 for 7u76-b06
    • S8061954: 7u76 – deployment warning dialogs do not work on Linux
    • S8062021: NPE in sun/lwawt/macosx/CPlatformWindow::toFront after JDK-8060146
    • S8062170: java.security.ProviderException: Error parsing configuration with space
    • S8062178: merge issue: Test closed/java/util/TimeZone/Bug6329116.java fails in 7u-cpu nightly
    • S8062608: BCEL corrupts debug data of methods that use generics
    • S8062672: JVM crashes during GC on various asserts which checks that HeapWord ptr is an oop
    • S8062744: jdk.net.Sockets.setOption/getOption does not support IP_TOS
    • S8062771: Core reflection should use final fields whenever possible
    • S8062923: XSL: Run-time internal error in ‘substring()’
    • S8062924: XSL: wrong answer from substring() function
    • S8064391: More thread safety problems in core reflection
    • S8064407: (fc) FileChannel transferTo should use TransmitFile on Windows
    • S8064493: Increment the build value to b04 for hs24.76 in 7u76-b08
    • S8064516: BCEL still corrupts generic methods if bytecode offsets are modified
    • S8064533: Remove and retag jdk7u76-b08 tag in 7u76/jdk repo
    • S8064667: Add -XX:+CheckEndorsedAndExtDirs flag to JDK 8
    • S8064846: Lazy-init thread safety problems in core reflection
    • S8065098: JColorChooser no longer supports drag and drop between two JVM instances
    • S8065238, PR2478: javax.naming.NamingException after upgrade to JDK 8
    • S8065552: setAccessible(true) on fields of Class may throw a SecurityException
    • S8065553: Failed Java web start via IPv6 (Java7u71 or later)
    • S8065609: 7u76 l10n resource file translation update
    • S8065618: C2 RA incorrectly removes kill projections
    • S8065674: javac generates incorrect LVT table for trivial cases
    • S8065765: Missing space in output message from -XX:+CheckEndorsedAndExtDirs
    • S8065994: HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive
    • S8066045: opto/node.hpp:355, assert(i < _max) failed: oob: i=1, _max=1
    • S8066103: C2′s range check smearing allows out of bound array accesses
    • S8066612: Add a test that will call getDeclaredFields() on all classes and try to set them accessible.
    • S8066649: 8u backport for 8065618 is incorrect
    • S8066756: Test test/sun/awt/dnd/8024061/bug8024061.java fails
    • S8066775: opto/node.hpp:355, assert(i < _max) failed: oob: i=1, _max=1
    • S8068338: Better message about incompatible zlib in Deflater.init
    • S8068507: (fc) Rename the new jdk.net.enableFastFileTransfer system property to jdk.nio.enableFastFileTransfer
    • S8068625: Remove extra year check for GenerateCurrencyData fix
    • S8068639: Make certain annotation classfile warnings opt-in
    • S8071423: Increment hsx 24.80 build to b08 for 7u80-b07
    • S8071499: java/net/InetAddress/B5087907.java fails with jdk7u85
    • S8071807: Increment hsx 24.80 build to b09 for 7u80-b08
    • S8072040: jdk7u80 l10n resource file translation update
    • S8072458: jdk/test/Makefile references (to be removed) win32 directory in jtreg
    • S8072639: Increment hsx 24.80 build to b10 for 7u80-b09
    • S8074855: [Regression] Test closed/java/awt/image/Raster/IncorrectScanlineStrideTest.java fails
    • S8075092: Remove erroneous println statement from DoubleByteDecoder
  • Backports
  • Bug fixes
    • PR94: empty install target in Makefile.am
    • PR1374: Provide option to strip and link debugging info after build
    • PR1661: Cleanup SYSTEM_GCONF option and allow it to be set false
    • PR1786: Allow x86 build to occur on x86_64 using a previously built x86_64 build
    • PR1816: Split download/extraction rules for OpenJDK so they can run in parallel
    • PR1846: Build fails when using IcedTea7 as bootstrap JDK with native ecj
    • PR1847: Synchronise javac.in with IcedTea6
    • PR1883: Search Debian multiarch paths when looking for pcsclite
    • PR1888: Allow tarball checksumming to be disabled
    • PR2060: Fix warnings found by Gentoo ebuild QA with gcc 4.9.1
    • PR2144: make dist fails due to lack of HotSpot-specific patches
    • PR2161: RHEL 6 has a version of GIO which meets the version criteria, but has no g_settings_*
    • PR2233, RH1190835: Discover gsettings symbols separately so early versions of GLib can be used (e.g. on RHEL 6)
    • PR2236, RH1191652: ppc64le should report its os.arch as ppc64le so tools can detect it
    • PR2320: Allow use of system GConf
    • PR2323: System GConf without system GIO configuration broken
    • PR2328: GCJ uses ppc64el named libarch directory on ppc64le
    • PR2341: Update README & INSTALL files
    • PR2359: Ensure all stamp targets have aliases
    • PR2390: Make elliptic curve removal optional
    • PR2394: ppc64le does not support -Xshare:dump
    • PR2395: Path to jvm.cfg is wrong in add-systemtap-boot
    • PR2446: Support system libsctp
    • PR2458: Policy JAR files should be timestamped with the date of the policy file they hold
    • PR2482, RH489586, RH1236619: OpenJDK can’t handle spaces in zone names in /etc/sysconfig/clock
    • PR2496: Enable system PCSC support by default
    • PR2499: Update remove-intree-libraries.sh script
    • PR2507, G541462: Only apply PaX markings by default on running PaX kernels
    • PR2530: PaX mark the installed JDK so it runs on hardened systems
    • PR2531: Location of docs directory in install-data-local is incorrect
    • PR2532: install stage fails where BUILD_ARCH_DIR != INSTALL_ARCH_DIR
    • PR2533: Allow greater control of Javadoc installation directory
    • PR2534: Install TRADEMARK, COPYING and ChangeLog as RPM spec file does
    • PR2535: install-data-local needs to check that classes.jsa actually exists
    • PR2537: Desktop files do not allow installation from multiple versions of IcedTea
    • PR2539: Libraries in some subdirectories of jre/lib/{arch} are not installed
    • PR2540: Specify a cacerts file for the OpenJDK build as we do for OpenJDK 8
    • PR2545: Extend tarball checksumming option to allow the checksum to be specified
    • PR2548: install stage doesn’t install symbolic links
    • PR2550: Desktop file doesn’t reference versioned icon
  • CACAO
    • PR2380: Raise javadoc and JAVAC_FLAGS memory limits for CACAO
    • PR2519: Update to latest CACAO
    • PR2520: –enable-cacao builds broken, missing JVM_GetTemporaryDirectory impl.
  • JamVM
    • PR2172: –enable-jamvm builds broken, missing JVM_GetTemporaryDirectory impl
    • PR2500: Add executable stack markings to callNative.S on JamVM
  • AArch64 port
    • Add copyright to aarch64_ad.m4
    • S8069593: Changes to JavaThread::_thread_state must use acquire and release
    • S8074349: AARCH64: C2 generates poor code for some byte and character stores
    • S8075045: AARCH64: Stack banging should use store rather than load
    • S8075324: Costs of memory operands in aarch64.ad are inconsistent
    • S8075443: AARCH64: Missed L2I optimizations in C2
    • S8075930: AARCH64: Use FP Register in C2
    • S8076467: AARCH64: assertion fail with -XX:+UseG1GC
    • S8079203: AARCH64: Need to cater for different partner implementations
    • S8080586: aarch64: hotspot test compiler/codegen/7184394/TestAESMain.java fails
  • PPC & AIX port
    • Changes to make aix compile after the merge
    • S8069590: AIX port of “8050807: Better performing performance data handling”
    • S8078482, PR2307, RH1201393: ppc: pass thread to throw_AbstractMethodError
    • S8080190: PPC64: Fix wrong rotate instructions in the .ad file

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this newer key.

SHA256 checksums:

  • b45c829dc937360ed7fbd19505be42007a3abfa8df4afeb77cd9ef70abcdc7a9 icedtea-2.6.0.tar.gz
  • 91c024c6f87cffd7759a79533fa3c7714976f4144d49a142ea27005ee5297874 icedtea-2.6.0.tar.gz.sig
  • ee433e52c29bd66c7714137c71efc47b38aaca7d6e5bb9b5a5a7f00de1e2b103 icedtea-2.6.0.tar.gz.sig.ec
  • 873e92d212530bf573b97976e115f262fef49a6f1ee708d4e5b955643ee970c5 icedtea-2.6.0.tar.xz
  • 058322ffee20ceacf286b634fb1f54f1fde91951f2817e23d4c9071770a32d94 icedtea-2.6.0.tar.xz.sig
  • ae87c622f650a291c83b110cb8bd09b8ba3b61f257a0d248cefb23eae271a40e icedtea-2.6.0.tar.xz.sig.ec

The checksums can be downloaded from:

A 2.6.0 ebuild for Gentoo is available.

The following people helped with these releases:

  • James Le Cuirot (PR2380 CACAO work)
  • Tiago Sturmer Diatx (ppc64le work)
  • Andrew Dinn (AArch64 integration work)
  • Andrew Hughes (all other backports & bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.0.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.5.x series with the April 2015 security fixes.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

Please Note: The backport of jdk.tls.ephemeralDHKeySize is currently modified so as to retain “legacy” mode as the default, which uses 768-bit keys. To use the OpenJDK 8 default (1024-bit keys), pass -Djdk.tls.ephemeralDHKeySize=jdk8 on the command-line. Both OpenJDK 7 & 8 allow the use of “matched” mode which creates an ephemeral DH key matching the size of the authentication key, or the specification of a key size between 1024 and 2048 bits inclusive.

What’s New?

New in release 2.5.5 (2015-04-14)

  • Security fixes
  • Backports
    • S6584008, PR2193, RH1173326: jvmtiStringPrimitiveCallback should not be invoked when string value is null
    • S6956398, PR2250: make ephemeral DH key match the length of the certificate key
    • S7090424: TestGlyphVectorLayout failed automately with java.lang.StackOverflowError
    • S7142035: assert in j.l.instrument agents during shutdown when daemon thread is running
    • S7195480: javax.smartcardio does not detect cards on Mac OS X
    • S8001472: api/java_awt/Window/indexTGF_* tests fail because expected colors aren’t equal
    • S8011646: SEGV in compiled code with loop predication
    • S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
    • S8016545: java.beans.XMLEncoder.writeObject output is wrong
    • S8019324: assert(_f2 == 0 || _f2 == f2) failed: illegal field change
    • S8019623: Lack of synchronization in AppContext.getAppContext()
    • S8021804: Certpath validation fails if validity period of root cert does not include validity period of intermediate cert
    • S8022070: Compilation error in stubGenerator_sparc.cpp with some compilers
    • S8024061: Exception thrown when drag and drop between two components is executed quickly
    • S8028616: Htmleditorkit parser doesn’t handle leading slash (/)
    • S8028617: Dvorak keyboard mapping not honored when ctrl key pressed
    • S8029837: NPE seen in XMLDocumentFragmentScannerImpl.setProperty since 7u40b33
    • S8031290: Adjust call to getisax() for additional words returned
    • S8032872: [macosx] Cannot select from JComboBox in a JWindow
    • S8032874: ArrayIndexOutOfBoundsException in JTable while clearing data in JTable
    • S8032878: Editable combos in table do not behave as expected
    • S8033113: wsimport fails on WSDL:header parameter name customization
    • S8033696: “assert(thread != NULL) failed: just checking” due to Thread::current() and JNI pthread interaction
    • S8036022: D3D: rendering with XOR composite causes InternalError.
    • S8036709: Java 7 jarsigner displays warning about cert policy tree
    • S8036819: JAB: mneumonics not read for textboxes
    • S8036983: JAB:Multiselection Ctrl+CursorUp/Down and ActivateDescenderPropertyChanged event
    • S8037477: Reproducible hang of JAWS and webstart application with JAB 2.0.4
    • S8038925: Java with G1 crashes in dump_instance_fields using jmap or jcmd without fullgc
    • S8039050: Crash in C2 compiler at Node::rematerialize
    • S8039298: assert(base == NULL || t_adr->isa_rawptr() || ! phase->type(base)->higher_equal(TypePtr::NULL_PTR))
    • S8039319: (smartcardio) Card.transmitControlCommand() does not work on Mac OS X
    • S8040228: TransformerConfigurationException occurs with security manager, FSP and XSLT Ext
    • S8040790: [TEST_BUG] tools/javac/innerClassFile/Driver.sh fails to cleanup files after it
    • S8041451: com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request
    • S8041740: Test sun/security/tools/keytool/ListKeychainStore.sh fails on Mac
    • S8041979: sun/jvmstat/monitor/MonitoredVm/CR6672135.java failing on all platforms
    • S8042059: Various fixes to linux/sparc
    • S8042857: 14 stuck threads waiting for notification on LDAPRequest
    • S8043123: Hard crash with access violation exception when blitting to very large image
    • S8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
    • S8043205: Incorrect system traps.h include path
    • S8043206: Fix signed vs. unsigned comparison warning in copy_sparc.hpp
    • S8043207: Add const to Address argument for Assembler::swap
    • S8043210: Add _BIG_ENDIAN define on linux/sparc
    • S8043507: javax.smartcardio.CardTerminals.list() fails on MacOSX
    • S8044602: Increment minor version of HSx for 7u72 and initialize the build number
    • S8044659: Java SecureRandom on SPARC T4 much slower than on x86/Linux
    • S8046769: Set T family feature bit on Niagara systems
    • S8048080: (smartcardio) javax.smartcardio.Card.openLogicalChannel() dosn’t work on MacOSX
    • S8049081: Increment hsx 24.72 build to b02 for 7u72-b03
    • S8049542: C2: assert(size_in_words <= (julong)max_jint) failed: no overflow
    • S8049787: Increment hsx 24.72 build to b03 for 7u72-b04
    • S8050158: Introduce system property to maintain RC4 preference order
    • S8050165: linux-sparcv9: NMT detail causes assert((intptr_t*)younger_sp[FP->sp_offset_in_saved_window()] == (intptr_t*)((intptr_t)sp – STACK_BIAS)) failed: younger_sp must be valid
    • S8050167: linux-sparcv9: hs_err file does not show any stack information
    • S8055714: Increment hsx 24.72 build to b04 for 7u72-b11
    • S8056211: api/java_awt/Event/InputMethodEvent/serial/index.html#Input[serial2002] failure
    • S8060072: Increment minor version of HSx for 7u79 and initialize the build number
    • S8064454: [TEST_BUG] Test tools/javac/innerClassFile/Driver.sh fails for Mac and Linux
    • S8064532: 7u76 build failed with # 8041979
    • S8065072: sun/net/www/http/HttpClient/StreamingRetry.java failed intermittently
    • S8065373: [macosx] jdk8, jdk7u60 Regression in Graphics2D drawing of derived Fonts
    • S8065709: Deadlock in awt/logging apparently introduced by 8019623
    • S8065991: LogManager unecessarily calls JavaAWTAccess from within a critical section
    • S8068405: GenerateCurrencyData throws RuntimeException for old data
    • S8071591: java/util/logging/LogManagerAppContextDeadlock.java test started to fail due to JDK-8065991
    • S8072039: jdk7u79 l10n resource file translation update
    • S8072042: (tz) Support tzdata2015a
    • S8073226: Increment hsx 24.79 build to b02 for 7u79-b10
    • S8074312, PR2254, G541270: Enable hotspot builds on 4.x Linux kernels
    • S8074662: Update 3rd party readme and license for LibPNG v 1.6.16
    • S8075211: [TEST_BUG] Test sun/net/www/http/HttpClient/StreamingRetry.java fails with compilation error
  • Bug fixes
    • PR2196, RH1164762: jhat man page has broken URL
    • PR2200, G531686: Support giflib 5.1.0
    • PR2210: DGifCloseFile call should check the return value, not the error code, for failure
    • PR2225: giflib 5.1 conditional excludes 6.0, 7.0, etc.
    • PR2250: JSSE server is still limited to 768-bit DHE
  • ARM32 port
    • PR2228: Add ARM32 JIT
    • PR2297: Use the IcedTea 2.6.0 HotSpot on ARM32 by default
    • Several bug fixes to get Eclipse working
  • AArch64 port
    • Add java.lang.ref.Reference.get intrinsic to template interpreter
    • Fix implementation of InterpreterMacroAssembler::increment_mdp_data_at().
    • Remove insanely large stack allocation in entry frame.
    • S6976528: PS: assert(!limit_exceeded || softrefs_clear) failed: Should have been cleared
    • S8020675: invalid jar file in the bootclasspath could lead to jvm fatal error
    • S8020829: NMT tests fail on platforms if NMT detail is not supported
    • S8026303: CMS: JVM intermittently crashes with “FreeList of size 258 violates Conservation Principle” assert
    • S8029775: Solaris code cleanup
    • S8041980: (hotspot) sun/jvmstat/monitor/MonitoredVm/CR6672135.java failing on all platforms
    • S8042235: redefining method used by multiple MethodHandles crashes VM
    • S8044406: JVM crash with JDK8 (build 1.8.0-b132) with G1 GC
    • S8046233: VerifyError on backward branch
    • S8046289: compiler/6340864/TestLongVect.java timeout with
    • S8048170: Test closed/java/text/Normalizer/ConformanceTest.java failed
    • S8050022: linux-sparcv9: assert(SharedSkipVerify || obj->is_oop()) failed: sanity check
    • S8054478: C2: Incorrectly compiled char[] array access crashes JVM
    • S8054530: C2: assert(res == old_res) failed: Inconsistency between old and new
    • S8054883: Segmentation error while running program
    • S8056309: Set minor version for hotspot in 7u76 to 76 and build number to b01
    • S8058583: Remove CompilationRepeat
    • S8058935: CPU detection gives 0 cores per cpu, 2 threads per core in Amazon EC2 environment
    • S8059216: Make PrintGCApplicationStoppedTime print information about stopping threads
    • S8060169: Update the Crash Reporting URL in the Java crash log
    • S8061507: Increment hsx 24.76 build to b02 for 7u76-b05
    • S8061694: Increment hsx 24.76 build to b03 for 7u76-b06
    • S8062229: Test failure of test_loggc_filename in 7u-cpu
    • S8062672: JVM crashes during GC on various asserts which checks that HeapWord ptr is an oop
    • S8064493: Increment the build value to b04 for hs24.76 in 7u76-b08
    • S8064667: Add -XX:+CheckEndorsedAndExtDirs flag to JDK 8
    • S8065618: C2 RA incorrectly removes kill projections
    • S8065765: Missing space in output message from -XX:+CheckEndorsedAndExtDirs
    • S8066045: opto/node.hpp:355, assert(i < _max) failed: oob: i=1, _max=1
    • S8066103: C2′s range check smearing allows out of bound array accesses
    • S8066649: 8u backport for 8065618 is incorrect
    • S8066775: opto/node.hpp:355, assert(i < _max) failed: oob: i=1, _max=1
    • S8071947: AARCH64: frame::safe_for_sender() computes incorrect sender_sp value for interpreted frames
    • S8072129: [AARCH64] missing fix for 8066900
    • S8072483: AARCH64: aarch64.ad uses the wrong operand class for some operations

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

SHA256 checksums:

  • f05b1db06021f4cd3a39647f358a47130136d189431fb55f79855f627b1d6619 icedtea-2.5.5.tar.gz
  • 4863db17fa8afbbedf8bb4d19d9e520652d859e806b7abf27a86d71c483172f6 icedtea-2.5.5.tar.gz.sig/li>
  • 738dfcdbd59cf9093203934d4efa94281fb2e28cff1c9ec6d9b588ad42bac66f icedtea-2.5.5.tar.gz.sig.ec/li>
  • 09e7aeb739a468dec8357f4b0757624b6c7ef38065fdf50323d369deac983dc7 icedtea-2.5.5.tar.xz/li>
  • c47744296d5569a251d2ef8ed891fd91a223adb0ac460db5270583d3fa6d4288 icedtea-2.5.5.tar.xz.sig/li>
  • 61e1c6c89f3fb4623bef5a3375ecebf185d713b5460c6ca1ac87f1328cecb2a9 icedtea-2.5.5.tar.xz.sig.ec/li>

The checksums can be downloaded from:

A 2.5.5 ebuild for Gentoo is available.

The following people helped with these releases:

  • Andrew Dinn (AArch64 work)
  • Severin Gehwolf (S8074312)
  • Andrew Haley (S6584008)
  • Andrew Hughes (all other backports & bug fixes, release management)
  • Edward Nevill (ARM32 work including PR2228)
  • Fridrich Strba (PR2200)
  • Jiri Vanek (PR2196)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.5.5.tar.gz

or:

$ tar x -I xz -f icedtea-2.5.5.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.5.5/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

« Previous PageNext Page »