[SECURITY] IcedTea 1.13.10 for OpenJDK 6 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Fri Jan 22 17:52:16 UTC 2016 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as a PulseAudio sound driver, the ability to build
against system libraries and support for alternative virtual machines
and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 6 support in the 1.13.x series with
the January 2016 security fixes.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are
always welcome.

Full details of the release can be found below.

What’s New?
===========
New in release 1.13.10 (2016-01-22):

* Security fixes
  - S8059054, CVE-2016-0402: Better URL processing
  - S8130710, CVE-2016-0448: Better attributes processing
  - S8133962, CVE-2016-0466: More general limits
  - S8137060: JMX memory management improvements
  - S8139012: Better font substitutions
  - S8139017, CVE-2016-0483: More stable image decoding
  - S8140543, CVE-2016-0494: Arrange font actions
  - S8143185: Cleanup for handling proxies
  - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
* Import of OpenJDK6 b38
  - OJ69: Windows build broken after b37 changes
  - OJ70: Allow versions of ALSA >= 1.1.0
  - S6720721: CRL check with circular depency support needed
  - S6852744: PIT b61: PKI test suite fails because self signed certificates are being rejected [Tests only]
  - S7166570: JSSE certificate validation has started to fail for certificate chains
  - S7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified
  - S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing
  - S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java failed with SocketTimeoutException
  - S8074068: Cleanup in src/share/classes/sun/security/x509/
  - S8075773: jps running as root fails after the fix of JDK-8050807
  - S8081297: SSL Problem with Tomcat
  - S8134605: Partial rework of the fix for 8081297
  - S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing
  - S8138716: (tz) Support tzdata2015g
  - S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS
  - S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2
  - S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java 8u71 failure
  - S8144955: Wrong changes were pushed with 8143942
  - S8145551: Test failed with Crash for Improved font lookups
  - S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp
* Backports
  - S7169111, PR2757: Unreadable menu bar with Ambiance theme in GTK L&F
  - S8140620, PR2711: Find and load default.sf2 as the default soundbank on Linux

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea6-1.13.10.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.13.10.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea6-1.13.10.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea6-1.13.10.tar.xz.sig

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

e467fbdbae88897c4447b400be32f3176a798d3c7d84a311b7a24420e955e93a  icedtea6-1.13.10.tar.gz
59a4eef6f98a1ef5951e3fd64f94a3e8f818513fa2cf721ffb60b20601eed92d  icedtea6-1.13.10.tar.gz.sig
a08907fa5a99a84c1bb480c9a0438264ff01c6215a7e1618e08e4ae79d4600d7  icedtea6-1.13.10.tar.xz
4dac256f93799aa0e75062c94c242f956bd2372b1fb70c220dcb02d4b2d028a5  icedtea6-1.13.10.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea6-1.13.10.sha256

The following people helped with these releases:

* Andrew Hughes (all backports and bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-1.13.10.tar.gz

or:

$ tar x -I xz -f icedtea6-1.13.10.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea6-1.13.10/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: Digital signature
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20160122/f04c9b62/signature.asc>

More information about the distro-pkg-dev mailing list