[SECURITY] IcedTea 1.11.15 for OpenJDK 6 Released!

Andrew Hughes gnu.andrew at redhat.com
Thu Jan 30 09:47:14 PST 2014

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as a PulseAudio sound driver, the ability to build
against system libraries and support for alternative virtual machines
and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 6 support in the 1.11.x series with
the January 2014 security errata and a number of bug fixes.

This is the final update for the 1.11.x series (1.11.15), following
the release of the 1.13.x series (see the release policy). Users are
advised to migrate to the 1.13.x series as soon as possible.

If you find an issue with the release, please report it to our bug
database under the appropriate component. Development discussion takes
place on the distro-pkg-dev OpenJDK mailing list and patches are
always welcome.

Full details of the release can be found below.

What's New?
New in release 1.11.15 (2014-01-21):

* Security fixes
  - S6727821: Enhance JAAS Configuration
  - S7068126, CVE-2014-0373: Enhance SNMP status
  - S8010935: Better XML handling
  - S8011786, CVE-2014-0368: Better applet networking
  - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list
  - S8022904: Enhance JDBC Parsers
  - S8022927: Input validation for byte/endian conversions
  - S8022935: Enhance Apache resolver classes
  - S8022945: Enhance JNDI implementation classes
  - S8023057: Enhance start up image display
  - S8023069, CVE-2014-0411: Enhance TLS connections
  - S8023245, CVE-2014-0423: Enhance Beans decoding
  - S8023301: Enhance generic classes
  - S8023672: Enhance jar file validation
  - S8024306, CVE-2014-0416: Enhance Subject consistency
  - S8024530: Enhance font process resilience
  - S8024867: Enhance logging start up
  - S8025014: Enhance Security Policy
  - S8025018, CVE-2014-0376: Enhance JAX-P set up
  - S8025026, CVE-2013-5878: Enhance canonicalization
  - S8025034, CVE-2013-5907: Improve layout lookups
  - S8025448: Enhance listening events
  - S8025758, CVE-2014-0422: Enhance Naming management
  - S8025767, CVE-2014-0428: Enhance IIOP Streams
  - S8026172: Enhance UI Management
  - S8026176: Enhance document printing
  - S8026193, CVE-2013-5884: Enhance CORBA stub factories
  - S8026204: Enhance auth login contexts
  - S8026417, CVE-2013-5910: Enhance XML canonicalization
  - S8027201, CVE-2014-0376: Enhance JAX-P set up
* Backports
  - S6763340: memory leak in com.sun.corba.se.* classes
  - S6873605: Missing finishedDispatch() call in ORBImpl causes test failures after 5u20 b04
  - S6893617: JDK 6 CNCtx always uses the default ORB
  - S6980681: CORBA deadlock in Java SE believed to be related to CR 6238477
  - S6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile 
  - S7162902: Umbrella port of a number of corba bug fixes from JDK 6 to jdk7u/8
  - S8026826: JDK 7 fix for 8010935 broke the build
  - S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms
* Bug fixes
  - D729448: 32-bit alignment on mips and mipsel
  - Fail if a C and C++ compiler are not detected.
  - Only copy tz.properties if the destination directory exists.
  - Fix GenerateBreakIteratorData tool so that crashes have stack traces.
  - Fix path in nss-not-enabled-config.patch.
* SystemTap support:
  - Add garbage collection dtrace/SystemTap probes to HotSpot.

The tarballs can be downloaded from:




We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:


These are produced using my public key. See details below.

    PGP Key: 248BDC07 (https://keys.indymedia.org/)
    Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

SHA256 checksums:

20c0028148fb39bdd6effedb0f3d7d2cf08fc5dc7b65be5e36bccd6771a33e1f  icedtea6-1.11.15.tar.gz
39b0873bb1a4168376eb3b382ad22c8718228237bb438529abffe269e06e29a6  icedtea6-1.11.15.tar.gz.sig
4bd083ceb51da976b6f135780067cee8c84908db0143482ab743101bd0a2458a  icedtea6-1.11.15.tar.xz
ca8639bfc41bec784cf19963d63ac95e779dd21299cd34b16e2ceed076f06d90  icedtea6-1.11.15.tar.xz.sig

The following people helped with these releases:

* Lukas Berk (garbage collection probe support)
* Andrew Hughes (all other backports & fixes & release management)
* Aurelien Jarno (D729448)
* Omair Majid (security backports & NSS config fix)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.11.15.tar.gz


$ tar x -I xz -f icedtea6-1.11.15.tar.xz


$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea6-1.11.15/configure
$ make

Full build requirements and instructions are available in the INSTALL file.
Happy hacking!
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140130/a0f12bed/attachment-0001.bin 

More information about the distro-pkg-dev mailing list