[SECURITY] IcedTea 2.6.4 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Wed Jan 20 14:50:38 UTC 2016 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the January 2016 security fixes from OpenJDK 7 u95.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are always
welcome.

Full details of the release can be found below.

What’s New?
===========

New in release 2.6.4 (2016-01-19):

* Security fixes
  - S8059054, CVE-2016-0402: Better URL processing
  - S8130710, CVE-2016-0448: Better attributes processing
  - S8132210: Reinforce JMX collector internals
  - S8132988: Better printing dialogues
  - S8133962, CVE-2016-0466: More general limits
  - S8137060: JMX memory management improvements
  - S8139012: Better font substitutions
  - S8139017, CVE-2016-0483: More stable image decoding
  - S8140543, CVE-2016-0494: Arrange font actions
  - S8143185: Cleanup for handling proxies
  - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
  - S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
* Import of OpenJDK 7 u95 build 0
  - S7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified
  - S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java failed with SocketTimeoutException
  - S8074068: Cleanup in src/share/classes/sun/security/x509/
  - S8075773: jps running as root fails after the fix of JDK-8050807
  - S8081297: SSL Problem with Tomcat
  - S8131181: Increment minor version of HSx for 7u95 and initialize the build number
  - S8132082: Let OracleUcrypto accept RSAPrivateKey
  - S8134605: Partial rework of the fix for 8081297
  - S8134861: XSLT: Extension func call cause exception if namespace URI contains partial package name
  - S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing
  - S8138716: (tz) Support tzdata2015g
  - S8140244: Port fix of JDK-8075773 to MacOSX
  - S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS
  - S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2
  - S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java 8u71 failure
  - S8143132: L10n resource file translation update
  - S8144955: Wrong changes were pushed with 8143942
  - S8145551: Test failed with Crash for Improved font lookups
  - S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp
* Backports
  - S8140244: Port fix of JDK-8075773 to AIX

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.4.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.4.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.4.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.4.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

ef5dd43c5f87742ac28519420055ad24acaca55b005b5b2e339cf3e451d716c1  icedtea-2.6.4.tar.gz
59acd169e88ab8071f37481351a70b04e4eacd341dba1ecc3588bf5d42ef6b7d  icedtea-2.6.4.tar.gz.sig
d20a365feea95a4c01c9f9db1f7562f471f638bc672db9de6c6e654d2d826164  icedtea-2.6.4.tar.xz
fc90dc9a58db1309d2105766cc9b41f295c1c12981cf1fc0afc04efa860d3f61  icedtea-2.6.4.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.4.sha256

The following people helped with these releases:

* Andrew Hughes (all backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.4.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.4.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.4/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: Digital signature
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20160120/89eaffb2/signature.asc>

More information about the distro-pkg-dev mailing list