[SECURITY] IcedTea 2.2.2 Released!
Andïï
gnu_andrew at member.fsf.org
Fri Aug 31 14:27:46 PDT 2012
We are pleased to announce the release of IcedTea 2.2.2, based on
OpenJDK7 u4 with additional security fixes.
The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as a
PulseAudio sound driver and support for alternative virtual machines.
This 2.2.2 release includes a fix for the zero-day issues that arose this week:
* RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible
checks removed in 6788531.
* S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
* S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
* S7163201, CVE-2012-0547: Simplify toolkit internals references
A similar 2.1.2 update is in progress and will follow at the beginning
of next week.
Patches are welcome; please contact the mailing list (distro-pkg-dev
at openjdk.java.net) and/or file bugs
(http://icedtea.classpath.org/bugzilla) under the appropriate
component.
Full details of the release can be found below.
What’s New?
—————–
New in release 2.2.2 (2012-08-31):
* Security fixes
- RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible
checks removed in 6788531.
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
- S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
- Fix Zero FTBFS issues
- PR1101: Undefined symbols on GNU/Linux SPARC
- S7180036: Build failure in Mac platform caused by fix # 7163201
- S7182135: Impossible to use some editors directly
- S7183701: [TEST] closed/java/beans/security/TestClassFinder.java -
compilation failed
- S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java
failed with NPE
- S7188168: 7071904 broke the DEBUG_BINARIES option on Linux
- S7190813: (launcher) RPATH needs to have additional paths
The tarball can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea-2.2.2.tar.gz
SHA256 checksums:
e645fdcae825e0c60093962cb0a8fbf194c94a5e669162b3b357d99a6e36c86d
icedtea-2.2.2.tar.gz
Each tarball is accompanied by a digital signature (available at the
above URL + '.sig'). This is produced using my public key. See
details below.
* Andrew John Hughes (all other patches/merging, reproducer testing &
release management)
* Chris Phillips (Zero FTBFS fix)
* Roman Kennke (Zero FTBFS fix)
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea-2.2.2.tar.gz
$ cd icedtea-2.2.2
Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap...]
$ make
Happy hacking!
--
Andii :-)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the distro-pkg-dev
mailing list