[SECURITY] IcedTea 2.1.4, 2.2.4 & 2.3.4 Released!

Andrew John Hughes gnu.andrew at member.fsf.org
Tue Jan 15 12:32:29 PST 2013 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as a PulseAudio sound driver and support for alternative
virtual machines.

These releases update our OpenJDK7 support to include the
latest security updates just released:

* S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries
* S8006017, CVE-2013-0422: Improve lookup resolutions
* S8006125: Update MethodHandles library interactions

In addition, IcedTea includes the usual IcedTea patches to allow builds against
system libraries and to support more estoric architectures.

If you find an issue with one of these releases, please report it at
http://icedtea.classpath.org/bugzilla under the appropriate component.
Development discussion takes place on distro-pkg-dev at openjdk.java.net
and patches are always welcome.

Full details of the releases can be found below.

What's New?
===========

New in release 2.3.4 (2013-01-15):

* Security fixes
  - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries
  - S8006017, CVE-2013-0422: Improve lookup resolutions
  - S8006125: Update MethodHandles library interactions
* Backports
  - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts
* Bug fixes
  - G422525: Fix building with PaX enabled kernels.

New in release 2.2.4 (2013-01-15):

* Security fixes
  - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries
  - S8006017, CVE-2013-0422: Improve lookup resolutions
  - S8006125: Update MethodHandles library interactions
* Bug fixes
  - G422525: Fix building with PaX enabled kernels.

New in release 2.1.4 (2013-01-15):

* Security fixes
  - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries
  - S8006017, CVE-2013-0422: Improve lookup resolutions
  - S8006125: Update MethodHandles library interactions

The tarball can be downloaded from:
 
* http://icedtea.classpath.org/download/source/icedtea-2.1.4.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.2.4.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.3.4.tar.gz

SHA256 checksums:

7762ce53479e49f8afffc81621515eb6c3f765c578ff13d4c601ce4af8935db6  icedtea-2.1.4.tar.gz
6fd07ef223de0a24428384f56c848ce5e33e1030749de920adade570218f9ef3  icedtea-2.2.4.tar.gz
ea859f37fb20904ffd40802a41396326f7e301fa6873d88d01bf4afef5a60ca8  icedtea-2.3.4.tar.gz

Each tarball is accompanied by a digital signature (available at the
above URL + '.sig').  This is produced using my public key.  See
details below.

The following people helped with these releases:

* Andrew John Hughes (application of security fixes, testing & release management)

We would also like to thank the bug reporters and testers!
 
To get started:
$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you've downloaded.
 
Full build requirements and instructions are in INSTALL:
$ ./configure [--with-parallel-jobs --enable-pulse-java --enable-systemtap ...]
$ make

Happy hacking!
-- 
Andrew :)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20130115/885f8b35/attachment.bin

More information about the distro-pkg-dev mailing list