[SECURITY] IcedTea 2.6.5 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Fri Mar 25 07:58:26 UTC 2016

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the March 2016 interim security fix from OpenJDK 7 u99.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are
always welcome.

Full details of the release can be found below.

What's New?
New in release 2.6.5 (2016-03-24):

* Security fixes
  - S8152335, CVE-2016-0636: Improve MethodHandle consistency
* Import of OpenJDK 7 u99 build 0
  - S6425769, PR2858: Allow specifying an address to bind JMX remote connector
  - S6961123: setWMClass fails to null-terminate WM_CLASS string
  - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently
  - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses
* Backports
  - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions
  - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
  - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically
  - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell
* Bug fixes
  - PR2803: Make system CUPS optional
  - PR2886: Location of 'stap' executable is hard-coded
  - PR2893: test/tapset/jstaptest.pl should be executable
  - PR2894: Add missing test directory in make check.
  - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed
* AArch64 port
  - PR2852: Add support for large code cache
  - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.
  - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter
  - S8131483, PR2852: aarch64: illegal stlxr instructions
  - S8133352, PR2852: aarch64: generates constrained unpredictable instructions
  - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32
  - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation
  - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0
  - S8138575, PR2852: Improve generated code for profile counters
  - S8138641, PR2852: Disable C2 peephole by default for aarch64
  - S8138966, PR2852: Intermittent SEGV running ParallelGC
  - S8143067, PR2852: aarch64: guarantee failure in javac
  - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved
  - S8143584, PR2852: Load constant pool tag and class status with load acquire
  - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto
  - S8144582, PR2852: AArch64 does not generate correct branch profile data
  - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base
  - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject
  - S8148240, PR2852: aarch64: random infrequent null pointer exceptions in javac
* PPC & AIX port
  - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280
  - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call
  - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.5.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.5.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.5.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.5.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

d8bce93bd33b299a52236f03fb57d42ae9de808c8337e6185930799dbfc78795  icedtea-2.6.5.tar.gz
0a12f5916c144879812dc086bfbb506569ee3abb056a81031287d00914652313  icedtea-2.6.5.tar.gz.sig
e752304496bb11ae9952beb11e6743dd84e55b340eaca716f310c5a0f48b53f7  icedtea-2.6.5.tar.xz
7bd1b00d3f59e32e80ba41a705a5730de87dd76f138d94dd94995b9a394d9dad  icedtea-2.6.5.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.5.sha256

The following people helped with these releases:

* Andrew Dinn (S8134322 AArch64 fix & AArch64 backporting)
* Martin Doerr (S8139421 ppc64le fix)
* Severin Gehwolf (S6425769)
* Andrew Haley (AArch64 fixes)
* Andrew Hughes (all other backports & bug fixes, release management)
* Goetz Lindenmaier (S8139258 ppc64le fix & S8034797 AIX fix)
* Edward Nevill (AArch64 fixes)
* Stefan Ring (CA195)
* Hui Shi (AArch64 fixes)
* Mario Torre (S8150954 & S8071705)
* Fei Yang (S8144201 AArch64 fix)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.5.tar.gz


$ tar x -I xz -f icedtea-2.6.5.tar.xz


$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.5/configure
$ make

Full build requirements and instructions are available in the INSTALL file.
Happy hacking!
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: Digital signature
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20160325/e1659b8f/signature-0001.asc>

More information about the distro-pkg-dev mailing list