[SECURITY] IcedTea 2.1.2 Released!

[Andïï]

We are pleased to announce the release of IcedTea 2.1.2, based on
OpenJDK7 u2 with additional security fixes.

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as a PulseAudio sound driver and support for alternative
virtual machines.

This 2.1.2 release includes a fix for the zero-day issues that arose this week:

* RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible
checks removed in 6788531.
* S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
* S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
* S7163201, CVE-2012-0547: Simplify toolkit internals references

Patches are welcome; please contact the mailing list (distro-pkg-dev
at openjdk.java.net) and/or file bugs
(http://icedtea.classpath.org/bugzilla) under the appropriate
component.

Full details of the release can be found below.

What’s New?
—————–
New in release 2.1.2 (2012-09-02):

* Security fixes
  - RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible
checks removed in 6788531.
  - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
  - S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
  - S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
  - PR1101: Undefined symbols on GNU/Linux SPARC
  - S7182135: Impossible to use some editors directly
  - S7183701: [TEST] closed/java/beans/security/TestClassFinder.java -
compilation failed
  - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java
failed with NPE
  - S7190813: (launcher) RPATH needs to have additional paths
* ARM
  - ARM: Fix trashed thread ptr after recursive re-entry from
  - ARM: Rename a bunch of misleadingly-named functions
  - Enable _adapter_opt_spread* jsr 292 code, now passes
  - Fix call to handle_special_method().  Fix compareAndSwapLong.

The tarball can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.1.2.tar.gz

SHA256 checksums:

c7ebdb84581dca48a4389e12790d2d506b9cfc05f16612169284d5a5e3a02269
icedtea-2.1.2.tar.gz

Each tarball is accompanied by a digital signature (available at the
above URL + '.sig').  This is produced using my public key.  See
details below.

* Andrew Haley (ARM fixes)
* Andrew John Hughes (all other patches/merging, reproducer testing &
release management)
* Chris Phillips (Zero FTBFS & ARM fixes)
* Roman Kennke (Zero FTBFS fix)

We would also like to thank the bug reporters and testers!

To get started:
$ tar xzf icedtea-2.1.2.tar.gz
$ cd icedtea-2.1.2

Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap...]
$ make

Happy hacking!
--
Andii :-)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07