[SECURITY] IcedTea 2.6.15 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Mon Dec 31 07:04:45 UTC 2018 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the July 2018 security fixes from OpenJDK 7 u191.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are always
welcome.

Full details of the release can be found below.

What's New?
===========
New in release 2.6.15 (2018-12-31):

* Security fixes
  - S8191239: Improve desktop file usage
  - S8193419: Better Internet address support
  - S8197871, CVE-2018-2938: Support Derby connections
  - S8197925, CVE-2018-2940: Better stack walking
  - S8199547, CVE-2018-2952: Exception to Pattern Syntax
  - S8200666, CVE-2018-2973: Improve LDAP support
  - PR3608, CVE-2018-3639 hw: cpu: speculative store bypass mitigation
* New features
  - PR3629: Install symlinks to tapsets in SystemTap directory
  - PR3657: Sync desktop files with Fedora/RHEL versions again
  - PR3659: Support RHEL multilib installations which use the /usr/lib/jvm/java-1.x.0-openjdk.${arch} naming
* Import of OpenJDK 7 u191 build 2
  - S8005661: [parfait] Possible buffer overrun in jdk/src/solaris/native/sun/awt/awt_GraphicsEnv.c
  - S8005695: [parfait] Format string argument mismatch in jdk/src/solaris/native/sun/xawt/XToolkit.c
  - S8005752: [parfait] False positive function call mismatch at jdk/src/solaris/native/sun/xawt/XWindow.c
  - S8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
  - S8034857: gcc warnings compiling src/solaris/native/sun/management
  - S8035054: JarFacade.c should not include ctype.h
  - S8035287: gcc warnings compiling various libraries files
  - S8051972: sun/security/pkcs11/ec/ReadCertificates.java fails intermittently
  - S8076117: EndEntityChecker should not process custom extensions after PKIX validation
  - S8157898: SupportedDSAParamGen.java failed with timeout
  - S8170035: When determining the ciphersuite lists, there is no debug output for disabled suites.
  - S8176183: sun/security/mscapi/SignedObjectChain.java fails on Windows
  - S8187635: On Windows Swing changes keyboard layout on a window activation
  - S8196224: Even better Internet address support
  - S8196854: TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException
  - S8197943: Unable to use JDWP API in JDK 8 to debug JDK 9 VM
  - S8200359: (tz) Upgrade time-zone data to tzdata2018d
  - S8201433: Fix potential crash in BufImg_SetupICM
  - S8202585: JDK 8u181 l10n resource file update
  - S8202996: Remove debug print statements from RMI fix
  - S8203182: Release session if initialization of SunPKCS11 Signature fails
  - S8203233: (tz) Upgrade time-zone data to tzdata2018e
  - S8203368: ObjectInputStream filterCheck method throws NullPointerException
  - S8205491: adjust reflective access checks
  - S8205587, PR3606: Implicit function declaration in jni_util.c
  - S8207151, PR3604: Frequent JVM Crash SIGSEGV same stacktrace location during tomcat start with hibernate init on 7u181-2.6.14-0ubuntu0.1
* Backports
  - S8075942, PR3605: ArrayIndexOutOfBoundsException in sun.java2d.pisces.Dasher.goTo
* Bug fixes
  - PR3616: Don't include timestamps in generated documentation
  - PR3631: Use ${datadir} when specifying default tz.properties location
  - PR3652: Detect whether -Xprefer:source and -J-Xmx<limit> can be used, rather than assuming
  - PR3663: IcedTea installing symlinks to SystemTap directory rather than individual tapsets
* SystemTap
  - PR3633: arc_priority representation creates an implicit limit on character sequence within regexp
* AArch64 port
  - S8207345, PR3614: Trampoline generation code reads from uninitialized memory
  - PR3615: Fix whitespace in hotspot/src/cpu/aarch64

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.15.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.15.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.15.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.15.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

6275b9cb67e82726ddd12ff52103a9114d7d2998a0c21a8024b46607112a86b9  icedtea-2.6.15.tar.gz
64273b5a8c5136368e4f5e0e525f17472684a4c07b54d20e2983923a874d1955  icedtea-2.6.15.tar.gz.sig
fea1f128b09fe18249223e9efe2f8f95af886a22c26e1e8593068dc3dd51a5b9  icedtea-2.6.15.tar.xz
bf814a0f15a9bd94c96639a3fdc3303f672b3f6f031c04107745b76ddb4acffd  icedtea-2.6.15.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.15.sha256

The following people helped with these releases:

* Severin Gehwolf (PR3633)
* Andrew Hughes (all other backports & bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.15.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.15.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.15/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20181231/f97809aa/signature.asc>

More information about the distro-pkg-dev mailing list