[SECURITY] IcedTea 3.0.1 for OpenJDK 8 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Sun Apr 24 07:19:59 UTC 2016 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 8 support in the 3.0.x series with
the April 2016 security fixes from OpenJDK 8 u91.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are
always welcome.

Full details of the release can be found below.

What's New?
===========
New in release 3.0.1 (2016-04-23):

* Security fixes
  - S8129952, CVE-2016-0686: Ensure thread consistency
  - S8132051, CVE-2016-0687: Better byte behavior
  - S8138593, CVE-2016-0695: Make DSA more fair
  - S8139008: Better state table management
  - S8143167, CVE-2016-3425: Better buffering of XML strings
  - S8143945, CVE-2016-3426: Better GCM validation
  - S8144430, CVE-2016-3427: Improve JMX connections
  - S8146494: Better ligature substitution
  - S8146498: Better device table adjustments
* Import of OpenJDK 8 u91 build 14
  - S8002116: This JdbReadTwiceTest.sh gets an exit 1
  - S8007890: [TESTBUG] JcmdWithNMTDisabled.java fails when invoked with NMT explicitly turned on
  - S8036132: Tab characters in test/com/sun/jdi files
  - S8038963: com/sun/jdi tests fail because cygwin's ps sometimes misses processes
  - S8044419: TEST_BUG: com/sun/jdi/JdbReadTwiceTest.sh fails when run under root
  - S8059661: Test SoftReference and OOM behavior
  - S8067422: Lambda method names are unnecessarily unstable
  - S8073735: [TEST_BUG] compiler/loopopts/CountedLoopProblem.java got OOME
  - S8074146: [TEST_BUG] jdb has succeded to read an unreadable file
  - S8130212: Thread::current() might access freed memory on Solaris
  - S8132890: Text Overlapping on Dot Matrix Printers
  - S8134297: NPE in GSSNameElement nameType check
  - S8134650: Xsl transformation gives different results in 8u66
  - S8134828: Scrollbar thumb disappears with Nimbus L&F
  - S8138589: Correct limits on unlimited cryptography
  - S8138811: Construction of static protection domains
  - S8140268: Generate link to specification license for JavaDoc API documentation
  - S8141229: [Parfait] Null pointer dereference in cmsstrcasecmp of cmserr.c
  - S8143002: [Parfait] JNI exception pending in fontpath.c:1300
  - S8143959: Certificates requiring blacklisting
  - S8146477: [TEST_BUG] ClientJSSEServerJSSE.java failing again
  - S8146518: Zero interpreter broken with better byte behaviour
  - S8146967: [TEST_BUG] javax/security/auth/SubjectDomainCombiner/Optimize.java should use 4-args ProtectionDomain constructor
  - S8147567: InterpreterRuntime::post_field_access not updated for boolean in JDK-8132051
  - S8148446: (tz) Support tzdata2016a
  - S8148475: Missing SA Bytecode updates.
  - S8148487: PPC64: Better byte behavior
  - S8148522: Backout JDK-8138811 from 2016 Apr CPU repo
  - S8149170: Better byte behavior for native arguments
  - S8149367: PolicyQualifierInfo/index_Ctor JCk test fails with IOE: Invalid encoding for PolicyQualifierInfo
  - S8150012: Better byte behavior for reflection
  - S8150790: 8u75 L10n resource file translation update
* Backports
  - S8148752, PR2943: Compiled StringBuilder code throws StringIndexOutOfBoundsException
  - S8154210: Zero: Better byte behaviour
  - S8154413: AArch64: Better byte behaviour
* Bug fixes
  - PR2933: Support ccache 3.2 and later
  - PR2934: SunEC provider throwing KeyException with current NSS

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.0.1.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.0.1.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-3.0.1.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.0.1.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

8babade1717fff48bcc4e1e2f3159c2c7d97cfb44ef10124bbab3f7dc34a0582  icedtea-3.0.1.tar.gz
8a5e702a114117ed301a632b1a41651d0577c9c59cfae4d10ff41f6a52185fc7  icedtea-3.0.1.tar.gz.sig
346ce30de1de6c493729b79b246f250438fc5b8df7eae47229a97f9000a73af2  icedtea-3.0.1.tar.xz
b440f83a05788157b752cc3b1a239261bcbb52bf82211c93173e93cb4f3fa760  icedtea-3.0.1.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.0.1.sha256

The following people helped with these releases:

* James Le Cuirot (PR2933)
* Andrew Haley (S8154210 & S8154413)
* Andrew Hughes (all other backports & bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.0.1.tar.gz

or:

$ tar x -I xz -f icedtea-3.0.1.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.0.1/configure
$ make

Full build requirements and instructions are available in the INSTALL file.
Happy hacking!
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: Digital signature
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20160424/9527c40d/signature.asc>

More information about the distro-pkg-dev mailing list