[SECURITY] IcedTea 1.13.6 for OpenJDK 6 Released!
Fridrich Strba
fridrich.strba at suse.com
Sun Jan 25 20:31:13 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, for those that try to build against giflib-5.1.0, there is a
need of the attached little tiny patch. It is needed for 1.7.0 too.
Cheers
Fridrich
On 24/01/15 01:39, Andrew Hughes wrote:
> The IcedTea project provides a harness to build the source code
> from OpenJDK using Free Software build tools, along with
> additional features such as a PulseAudio sound driver, the ability
> to build against system libraries and support for alternative
> virtual machines and architectures beyond those supported by
> OpenJDK.
>
> This release updates our OpenJDK 6 support in the 1.13.x series
> with the January 2015 security fixes.
>
> If you find an issue with the release, please report it to our bug
> database (http://icedtea.classpath.org/bugzilla) under the
> appropriate component. Development discussion takes place on the
> distro-pkg-dev at openjdk.java.net mailing list and patches are
> always welcome.
>
> Full details of the release can be found below.
>
> What's New? =========== New in release 1.13.6 (2015-01-23):
>
> * Security fixes - S8046656: Update protocol support - S8047125,
> CVE-2015-0395: (ref) More phantom object references - S8047130:
> Fewer escapes from escape analysis - S8048035, CVE-2015-0400:
> Ensure proper proxy protocols - S8049253: Better GC validation -
> S8050807, CVE-2015-0383: Better performing performance data
> handling - S8054367, CVE-2015-0412: More references for endpoints -
> S8055304, CVE-2015-0407: More boxing for DirectoryComboBoxModel -
> S8055309, CVE-2015-0408: RMI needs better transportation
> considerations - S8055479: TLAB stability - S8055489,
> CVE-2014-6585: Better substitution formats - S8056264,
> CVE-2014-6587: Multicast support improvements - S8056276,
> CVE-2014-6591: Fontmanager feature improvements - S8057555,
> CVE-2014-6593: Less cryptic cipher suite management - S8058982,
> CVE-2014-6601: Better verification of an exceptional invokespecial
> - S8059485, CVE-2015-0410: Resolve parsing ambiguity - S8061210,
> CVE-2014-3566: Issues in TLS * Import of OpenJDK6 b34 - OJ43:
> Backport JAX_WS-945; Socket backlog may be limiting lwhs
> performance - OJ44: Add missing TimeZone test cases included in
> OpenJDK 7 revision 0. - OJ45: Fix copyright headers on imported
> files - OJ46: Fix lost Classpath exception - OJ47: Remove @Override
> annotation on interfaces added by 2015/01/20 security fixes. -
> OJ48: Fix substitution error. - OJ49: Fix placement of 8023956
> fix. - OJ50: Fix reference to missing pd_attempt_reserve_memory_at
> - S4873188: Support TLS 1.1 - S6364329: jstat displays "invalid
> argument count" with usage - S6461635: [TESTBUG] BasicTests.sh test
> fails intermittently - S6507067: TimeZone country/area message
> error - S6545422: [TESTBUG] NativeErrors.java uses wrong path name
> in exec - S6578647: Undefined requesting URL in
> java.net.Authenticator.getPasswordAuthentication() - S6585666:
> Spanish language names not compliant with CLDR - S6587676:
> Krb5LoginModule failure if useTicketCache=true on Vista - S6608572:
> Currency change for Malta and Cyprus - S6610748: Dateformat - AM-PM
> indicator in Finnish appears to be from English - S6627549: ISO
> 3166 code addition: Saint Barthelemy and Saint Martin - S6631048:
> Problem when writing on output stream of HttpURLConnection -
> S6641309: Wrong Cookie separator used in HttpURLConnection -
> S6641312: Fix krb5 codes indentation problems - S6645271: Wrong
> date format for Croatian (hr) locale - S6646611: Incorrect spelling
> of month name in locale for Belarusian language ("be", "BY") -
> S6647452: Remove obfuscation, framework and provider
> self-verification checking - S6653795: C2 intrinsic for
> Unsafe.getAddress performs pointer sign extension on 32-bit
> systems - S6659779: HttpURLConnections logger should log tunnel
> requests - S6670362: HTTP/SPNEGO should work across realms -
> S6716626: Integrate contributed language and country names for NL -
> S6720866: Slow performance using HttpURLConnection for upload -
> S6726695: HttpURLConnection shoul support 'Expect: 100-continue'
> headers for PUT - S6729881: Compiler warning in networking native
> code - S6765491: Krb5LoginModule a little too restrictive, and the
> doc is not clear. - S6776102:
> sun/util/resources/TimeZone/Bug6317929.java test failed against
> 6u12b01 and passed against 6u11b03 - S6786276:
> Locale.getISOCountries() still contains country code "CS" -
> S6792180: Enhance to reject weak algorithms or conform to crypto
> recommendations - S6811297: Add more logging to HTTP protocol
> handler - S6822460: support self-issued certificate - S6830658:
> Changeset 67e5d3e41b5b breaks the fastdebug build in NativeCreds.c
> - S6835668: Use of /usr/include/linux/ files creates a dependence
> on kernel-headers - S6855297: Windows build breaks after 6811297 -
> S6856856: NPE in HTTP protocol handler logging - S6868106:
> Ukrainian currency has wrong format - S6870908: reopen bug 4244752:
> month names in Estonian should be lowercase - S6873931: New Turkish
> currency since 2009 - S6882594: Remove static dependancy on NTLM
> authentication - S6899503: Security code issue using Verisign root
> certificate - S6910489: Slovenia Locale, wrong firstDayOfWeek
> number - S6911104: Tests do not work with CYGWIN: tools, sun/tools,
> and com/sun/tools - S6914413: abbreviation name for November is not
> correct in be_BY - S6916787: Ukrainian currency name needs to be
> fixed - S6919624: minimalDaysInFirstWeek ressource for hungarian is
> wrong - S6931564: Incorrect display name of Locale for south
> africa - S6931566: NetworkInterface is not working when interface
> name is more than 15 characters long - S6938454: 2 new testcases
> for bug: Unable to determine generic type in program that compiles
> under Java 6 - S6938454: Unable to determine generic type in
> program that compiles under Java 6 - S6945604: wrong error message
> in CardImpl.java - S6962617: Testcase changes, cleanup of problem
> list for jdk_tools targets - S6964714: NetworkInterface
> getInetAddresses enumerates IPv6 addresses if
> java.net.preferIPvStack property set - S6967937: Scope id no longer
> being set after 6931566 - S6972374:
> NetworkInterface.getNetworkInterfaces throws
> "java.net.SocketException" on Solaris zone - S6976117:
> SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
> without TLSv1.1 enabled - S7001720: copyright templates not
> rebranded - S7019267: Currency Display Names are not localized into
> pt_BR. - S7020583: Some currency names are missing in some locales
> - S7020960: CurrencyNames_sr_RS.properties is missing. - S7022269:
> clean up fscanf usage in Linux networking native code - S7025837:
> fix plural currency display names in sr_Latn_(BA|ME|RS).properties
> - S7028073: The currency symbol for Peru is wrong - S7035555: 4/4
> attach/BasicTests.sh needs another tweak for Cygwin - S7036025:
> java.security.AccessControlException when creating JFileChooser in
> signed applet - S7036905: [de] dem - the german mark display name
> is incorrect - S7047033: (smartcardio) Card.disconnect(boolean
> reset) does not reset when reset is true - S7066203: Update
> currency data to the latest ISO 4217 standard - S7077119: remove
> past transition dates from CurrencyData.properties file - S7085757:
> Currency Data: ISO 4217 Amendment 152 - S7122142, RH1151372: (ann)
> Race condition between isAnnotationPresent and getAnnotations -
> S7153184: NullPointerException when calling
> SSLEngineImpl.getSupportedCipherSuites - S7161796, RH1151372:
> PhaseStringOpts::fetch_static_field tries to fetch field from the
> Klass instead of the mirror - S7171028: dots are missed in the
> datetime for Slovanian - S7174244: NPE in
> Krb5ProxyImpl.getServerKeys() - S7185456: (ann) Optimize Annotation
> handling in java/sun.reflect.* code for small number of
> annotations - S7189611: Venezuela current Currency should be Bs.F.
> - S7195759: ISO 4217 Amendment 154 - S7199066: Typo in method name
> - S7201205: Add Makefile configuration option to build with
> unlimited crypto in OpenJDK. - S8005232: (JEP-149) Class Instance
> size reduction - S8006748: getISO3Country() returns wrong value -
> S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale -
> S8015421: NegativeArraySizeException occurs in
> ChunkedOutputStream() with Integer.MAX_VALUE - S8015570: Use long
> comparison in Rule.getRules(). - S8021121: ISO 4217 Amendment
> Number 156 - S8021372: NetworkInterface.getNetworkInterfaces()
> returns duplicate hardware address - S8022721: TEST_BUG:
> AnnotationTypeDeadlockTest.java throws
> java.lang.IllegalStateException: unexpected condition - S8023956:
> Provide a work-around to broken Linux 32 bit "Exec Shield" using CS
> for NX emulation (crashing with SI_KERNEL) - S8025051: Update
> resource files for TimeZone display names - S8026772:
> test/sun/util/resources/TimeZone/Bug6317929.java failing -
> S8027359: XML parser returns incorrect parsing results - S8027370:
> Support tzdata2013h - S8027695: There should be a space before %
> sign in Swedish locale - S8028627: Unsynchronized code path from
> javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store
> codebase mappings - S8028726: (prefs) Check
> src/solaris/native/java/util/FileSystemPreferences.c for JNI
> pending exceptions - S8029153: [TESTBUG]
> test/compiler/7141637/SpreadNullArg.java fails because it expects
> NullPointerException - S8029318: Native Windows ccache still reads
> DES tickets - S8030822: (tz) Support tzdata2013i - S8031046: Native
> Windows ccache might still get unsupported ticket - S8032788:
> ImageIcon constructor throws an NPE and hangs when passed a null
> String parameter - S8032909: XSLT string-length returns incorrect
> length when string includes complementary chars - S8035613: With
> active Securitymanager JAXBContext.newInstance fails - S8037012:
> (tz) Support tzdata2014a - S8038306: (tz) Support tzdata2014b -
> S8040617: [macosx] Large JTable cell results in a
> OutOfMemoryException - S8041990: [macosx] Language specific keys
> does not work in applets when opened outside the browser -
> S8043012: (tz) Support tzdata2014c - S8046343: (smartcardio)
> CardTerminal.connect('direct') does not work on MacOSX - S8049250:
> Need a flag to invert the Card.disconnect(reset) argument -
> S8049343: (tz) Support tzdata2014g - S8050485: super() in a try
> block in a ctor causes VerifyError - S8051012: Regression in
> verifier for <init> method call from inside of a branch - S8051614:
> smartcardio TCK tests fail due to lack of 'reset' permission -
> S8054367: More references for endpoints - S8055222: Currency update
> needed for ISO 4217 Amendment #159 - S8056211:
> api/java_awt/Event/InputMethodEvent/serial/index.html#Input[serial2002]
> failure - S8058715: stability issues when being launched as an
> embedded JVM via JNI - S8059206: (tz) Support tzdata2014i -
> S8060474: Resolve more parsing ambiguity - S8061826: Part of
> JDK-8060474 should be reverted - S8062561: Test bug8055304 fails if
> file system default directory has read access - S8062807: Exporting
> RMI objects fails when run under restrictive SecurityManager -
> S8064560: (tz) Support tzdata2014j * Backports - OJ51, PR2187: Sync
> patch for 4873188 with 7 version - OJ52, PR2185: Application of
> 6786276 introduces compatibility issue - OJ53, PR2181:
> strict-aliasing warnings issued on PPC32 - OJ54, PR2182: 6911104
> reintroduces test fragment removed in existing 6964018 backport -
> S6730740, PR2186: Fix for 6729881 has apparently broken several 64
> bit tests: "Bad address" - S7031830, PR2183: bad_record_mac
> failure on TLSv1.2 enabled connection with SSLEngine - S8000897,
> PR2173, RH1155012: VM crash in CompileBroker - S8020190, PR2174,
> RH1176718: Fatal: Bug in native code: jfieldID must match object -
> S8028623, PR2177, RH1168693: SA: hash codes in SymbolTable
> mismatching java_lang_String::hash_code for extended characters. -
> S8061785, PR2177: [TEST_BUG]
> serviceability/sa/jmap-hashcode/Test8028623.java has utf8 character
> corrupted by earlier merge * Bug fixes - PR1831: Drop version
> requirement for LCMS 2 - PR1832, RH1022017: Report elliptic curves
> supported by NSS, not the SunEC library - PR2033:
> patches/ecj/jaxws-getdtdtype.patch no longer applies since removal
> of JAXWS drop - PR2062: Unset OS before running OpenJDK build -
> PR2070: Type-punning warnings still evident on RHEL 5 - PR2082:
> Cast should use same type as GCDrainStackTargetSize (uintx). -
> PR2096, RH1163501: 2048-bit DH upper bound too small for Fedora
> infrastructure - PR2125: Synchronise elliptic curves in
> sun.security.ec.NamedCurve with those listed by NSS - PR2179: Avoid
> x86 workaround when running Zero rather than a JIT - PR2180: Old
> autotools dislike $(builddir)/fsg.sh * CACAO - PR2184: CACAO lacks
> JVM_FindClassFromCaller introduced by security patch in 1.13.6 *
> JamVM - PR2190: JamVM lacks JVM_FindClassFromCaller introduced by
> security patch in 1.13.6
>
> The tarballs can be downloaded from:
>
> http://icedtea.classpath.org/download/source/icedtea6-1.13.6.tar.gz
>
>
http://icedtea.classpath.org/download/source/icedtea6-1.13.6.tar.xz
>
> We provide both gzip and xz tarballs, so that those who are able to
> make use of the smaller tarball produced by xz may do so.
>
> The tarballs are accompanied by digital signatures available at:
>
> http://icedtea.classpath.org/download/source/icedtea6-1.13.6.tar.gz.sig
>
>
http://icedtea.classpath.org/download/source/icedtea6-1.13.6.tar.xz.sig
>
> These are produced using my public key. See details below.
>
> PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net) Fingerprint = EC5A
> 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
>
> I'm transitioning to the use of a new key for signing releases
> over the next year. Signatures made with this key are available
> at:
>
> http://icedtea.classpath.org/download/source/icedtea6-1.13.6.tar.gz.sig.ec
>
>
http://icedtea.classpath.org/download/source/icedtea6-1.13.6.tar.xz.sig.ec
>
> and the new key is:
>
> PGP Key: ed25519/35964222 (hkp://keys.gnupg.net) Fingerprint = 5132
> 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
>
> SHA256 checksums:
>
> eb06a1e9a16f6473ffac4072c753e8e0fd1c39ad00016bcbd984534a93189e52
> icedtea6-1.13.6.tar.gz
> 1e62fe97d4a6dfe641373889534741ec5f06d268e2ea14a8f4ff505560e1c3f8
> icedtea6-1.13.6.tar.gz.sig
> 356edb04945690e216f0569e9dc8afd8f55c2a0dfc8816a904e63506220cb523
> icedtea6-1.13.6.tar.gz.sig.ec
> 2090f3a9e4b045073f8fcd147848e3b94b389fa2740b20ded4c5d2398f1b4c99
> icedtea6-1.13.6.tar.xz
> ac02dc6515afcf2aac2d731e56b7aa6c987e98b7c7a9ed214e4e4a08d2b21528
> icedtea6-1.13.6.tar.xz.sig
> 1fa7b55a960cbf3db4000e170c95b3e78413fef45655609de05f55a7c5012347
> icedtea6-1.13.6.tar.xz.sig.ec
>
> The checksums can be downloaded from:
>
> http://icedtea.classpath.org/download/source/icedtea6-1.13.6.sha256
>
>
>
> The following people helped with these releases:
>
> * Andrew Dinn (backport of S8047125) * Andrew Hughes (all other
> backports, release management)
>
> We would also like to thank the bug reporters and testers!
>
> To get started:
>
> $ tar xzf icedtea6-1.13.6.tar.gz
>
> or:
>
> $ tar x -I xz -f icedtea6-1.13.6.tar.xz
>
> then:
>
> $ mkdir icedtea-build $ cd icedtea-build $
> ../icedtea6-1.13.6/configure $ make
>
> Full build requirements and instructions are available in the
> INSTALL file.
>
> Happy hacking!
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlTFUpEACgkQu9a1imXPdA/2ZQCfTm4+HXQ2c9RJZFLirGyf4Gi3
li0Ani1v9GcoWD7aQHj+lnBlHCEF5gNy
=XMNi
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: java-1_7_0-openjdk-giflib5.patch
Type: text/x-patch
Size: 484 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150125/6e8af54d/java-1_7_0-openjdk-giflib5.patch>
More information about the distro-pkg-dev
mailing list