[SECURITY] IcedTea 2.6.14 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Thu May 24 04:26:45 UTC 2018 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the April 2018 security fixes from OpenJDK 7 u181.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are always
welcome.

Full details of the release can be found below.

What's New?
===========
New in release 2.6.14 (2018-05-23):

* Security fixes
  - S8162488: JDK should be updated to use LittleCMS 2.8
  - S8180881: Better packaging of deserialization
  - S8182362: Update CipherOutputStream Usage
  - S8183032: Upgrade to LittleCMS 2.9
  - S8189123: More consistent classloading
  - S8189969, CVE-2018-2790: Manifest better manifest entries
  - S8189977, CVE-2018-2795: Improve permission portability
  - S8189981, CVE-2018-2796: Improve queuing portability
  - S8189985, CVE-2018-2797: Improve tabular data portability
  - S8189989, CVE-2018-2798: Improve container portability
  - S8189993, CVE-2018-2799: Improve document portability
  - S8189997, CVE-2018-2794: Enhance keystore mechanisms
  - S8190478: Improved interface method selection
  - S8190877: Better handling of abstract classes
  - S8191696: Better mouse positioning
  - S8192025, CVE-2018-2814: Less referential references
  - S8192030: Better MTSchema support
  - S8192757, CVE-2018-2815: Improve stub classes implementation
  - S8193409: Improve AES supporting classes
  - S8193414: Improvements in MethodType lookups
  - S8193833, CVE-2018-2800: Better RMI connection support
* Import of OpenJDK 7 u181 build 0
  - S7132338: Use @code friendly idiom for '\' in javadoc
  - S8001419: Build the JCE portion of JDK-8000970
  - S8019360: Cleanup of the javadoc <code> tag in java.security.*
  - S8020842: IDN do not throw IAE when hostname ends with a trailing dot
  - S8024068: sun/security/ssl/javax/net/ssl/ServerName/IllegalSNIName.java fails
  - S8026982: javadoc errors in core libs
  - S8029020: Check src/share/native/java/util/zip code for JNI pending exceptions
  - S8029475: Fix more doclint issues in javax.security
  - S8034031: [parfait] JNI exception pending in jdk/src/macosx/native/apple/security/KeystoreImpl.m
  - S8054213: Class name repeated in output of Type.toString()
  - S8064524: Compiler code generation improvements
  - S8150530: Improve javax.crypto.BadPaddingException messages
  - S8153955: increase java.util.logging.FileHandler MAX_LOCKS limit
  - S8169080: Improve documentation examples for crypto applications
  - S8175075: Add 3DES to the default disabled algorithm security property
  - S8179665: [Windows] java.awt.IllegalComponentStateException: component must be showing on the screen to determine its location
  - S8186032: Disable XML Signatures signed with EC keys less than 224 bits
  - S8187496: Possible memory leak in java.apple.security.KeychainStore.addItemToKeychain
  - S8189789: tomcat gzip-compressed response bodies appear to be broken in update 151
  - S8191358: Restore TSA certificate expiration check
  - S8191909: Nightly failures in nashorn suite
  - S8192789: Avoid using AtomicReference in sun.security.provider.PolicyFile
  - S8194259: keytool error: java.io.IOException: Invalid secret key format
  - S8198494: 8u171 and 8u172 - Build failure on non-SE Linux Platforms
  - S8198963: Fix new rmi property name
  - S8200760: java.security-linux was missed in backport of JDK-8160104
* Import of OpenJDK 7 u181 build 1
  - S8200314: JDK 8u171 l10n resource file update - msg drop 40
  - S8202850: Fix for 8189123 doesn't include precompiled header
* Backports
  - S8185723, PR3555: Zero: segfaults on Power PC 32-bit
  - S8186461, PR3558: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe
  - S8197429, PR3547, RH1536622: Increased stack guard causes segfaults on x86-32
  - S8200556, PR3567: AArch64 port crashes on slowdebug builds
  - S8201509, PR3580: Zero's atomic_copy64() broken on s390
* Bug fixes
  - PR3551: Additional category used in jconsole.desktop.in is incorrect
  - PR3576, RH1567204: System cacerts database handling should not affect jssecacerts
  - PR3595: Bootstrapping with IcedTea 2.x as the bootstrap JDK broken by import of 7u181-b01

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.14.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.14.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.14.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.14.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

a486ceedb439218b4a88875665a9523e0795d621abc162f9c370c2785e7cec02  icedtea-2.6.14.tar.gz
266c5a91794c4eba40341c66a8b9087cc81f5272cabbc17ef15200a12f46dd5f  icedtea-2.6.14.tar.gz.sig
d4ecb24eb1c7fa08d35ee0893476256732a49dccd2b98fa38fc8257106a6f69a  icedtea-2.6.14.tar.xz
363de40dfcf53b1fab45413cbc7b8ce4167ba22a947410082e317a88a096734f  icedtea-2.6.14.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.14.sha256

The following people helped with these releases:

* Andrew Dinn (S8189123)
* Andrew Hughes (all other backports & bug fixes, release management)
* Martin Balao (S8189123)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.14.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.14.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.14/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: Digital signature
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20180524/9e2e2951/signature.asc>

More information about the distro-pkg-dev mailing list