[SECURITY] IcedTea 2.6.6 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Fri Apr 22 06:11:18 UTC 2016 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the April 2016 security fixes from OpenJDK 7 u101.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are
always welcome.

Full details of the release can be found below.

What’s New?
===========
* Security fixes
  - S8129952, CVE-2016-0686: Ensure thread consistency
  - S8132051, CVE-2016-0687: Better byte behavior
  - S8138593, CVE-2016-0695: Make DSA more fair
  - S8139008: Better state table management
  - S8143167, CVE-2016-3425: Better buffering of XML strings
  - S8144430, CVE-2016-3427: Improve JMX connections
  - S8146494: Better ligature substitution
  - S8146498: Better device table adjustments
* Import of OpenJDK 7 u101 build 0
  - S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command
  - S7127906: (launcher) convert the launcher regression tests to java
  - S8002116: This JdbReadTwiceTest.sh gets an exit 1
  - S8004007: test/sun/tools/jinfo/Basic.sh fails on when runSA is set to true
  - S8007890: [TESTBUG] JcmdWithNMTDisabled.java fails when invoked with NMT explicitly turned on
  - S8027705: com/sun/jdi/JdbMethodExitTest.sh fails when a background thread is generating events.
  - S8028537: PPC64: Updated the JDK regression tests to run on AIX
  - S8036132: Tab characters in test/com/sun/jdi files
  - S8038963: com/sun/jdi tests fail because cygwin's ps sometimes misses processes
  - S8044419: TEST_BUG: com/sun/jdi/JdbReadTwiceTest.sh fails when run under root
  - S8059661: Test SoftReference and OOM behavior
  - S8072753: Nondeterministic wrong answer on arithmetic
  - S8073735: [TEST_BUG] compiler/loopopts/CountedLoopProblem.java got OOME
  - S8074146: [TEST_BUG] jdb has succeded to read an unreadable file
  - S8134297: NPE in GSSNameElement nameType check
  - S8134650: Xsl transformation gives different results in 8u66
  - S8141229: [Parfait] Null pointer dereference in cmsstrcasecmp of cmserr.c
  - S8143002: [Parfait] JNI exception pending in fontpath.c:1300
  - S8146477: [TEST_BUG] ClientJSSEServerJSSE.java failing again
  - S8146967: [TEST_BUG] javax/security/auth/SubjectDomainCombiner/Optimize.java should use 4-args ProtectionDomain constructor
  - S8147567: InterpreterRuntime::post_field_access not updated for boolean in JDK-8132051
  - S8148446: (tz) Support tzdata2016a
  - S8148475: Missing SA Bytecode updates.
  - S8149170: Better byte behavior for native arguments
  - S8149367: PolicyQualifierInfo/index_Ctor JCk test fails with IOE: Invalid encoding for PolicyQualifierInfo
  - S8150012: Better byte behavior for reflection
  - S8150790: 8u75 L10n resource file translation update
  - S8153673: [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command
  - S8154210: Zero: Better byte behaviour
* Bug fixes
  - PR2889: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
  - PR2929: configure: error: "A JDK home directory could not be found."
  - PR2935: Check that freetype defines FT_CONFIG_OPTION_INFINALITY_PATCHSET if enabling infinality
  - PR2938: Fix build of 8148487 backport
  - PR2939: Remove rogue ReleaseStringUTFChars line remaining from merge of 7u101 b00
* PPC & AIX port
  - S8148487: PPC64: Better byte behavior
* AArch64 port
  - S8154413: AArch64: Better byte behaviour
  - PR2914: byte_map_base is not page aligned on OpenJDK 7
* JamVM
  - PR2665: icedtea/jamvm 2.6 fails as a build VM for icedtea

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.6.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.6.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.6.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.6.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

d6d92e9b20e321d51b2f428868b6de3d3ebc2b4eedde19e5cf2e2452da6d0fde  icedtea-2.6.6.tar.gz
765e3dfbaa5eef6fccd9cc53c153681ad2c70384b31fe3691e44709dbeeae3d2  icedtea-2.6.6.tar.gz.sig
79949744436158d9ded3a758c22da7629f843ea3913afdffc65ea0f1a26d544a  icedtea-2.6.6.tar.xz
a8049026f7b7f8503ce7ff25c28b822e97cce5c495fdaa0c9b734315d99596bd  icedtea-2.6.6.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.6.sha256

The following people helped with these releases:

* Andrew Haley (S8154210, S8154413 & PR2914)
* Andrew Hughes (all other backports & bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.6.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.6.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.6/configure
$ make

Full build requirements and instructions are available in the INSTALL file.
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: Digital signature
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20160422/be5cb020/signature.asc>

More information about the distro-pkg-dev mailing list