[SECURITY] IcedTea 3.8.0 for OpenJDK 8 Released!
Andrew Hughes
gnu_andrew at member.fsf.org
Wed May 30 06:14:11 UTC 2018
We are pleased to announce the release of IcedTea 3.8.0!
The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.
This release updates our OpenJDK 8 support with the April 2018
security fixes from OpenJDK 8 u171.
If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are always
welcome.
Full details of the release can be found below.
What's New?
===========
New in release 3.8.0 (2018-05-29):
* Security fixes
- S8180881: Better packaging of deserialization
- S8182362: Update CipherOutputStream Usage
- S8183032: Upgrade to LittleCMS 2.9
- S8189123: More consistent classloading
- S8189969, CVE-2018-2790: Manifest better manifest entries
- S8189977, CVE-2018-2795: Improve permission portability
- S8189981, CVE-2018-2796: Improve queuing portability
- S8189985, CVE-2018-2797: Improve tabular data portability
- S8189989, CVE-2018-2798: Improve container portability
- S8189993, CVE-2018-2799: Improve document portability
- S8189997, CVE-2018-2794: Enhance keystore mechanisms
- S8190478: Improved interface method selection
- S8190877: Better handling of abstract classes
- S8191696: Better mouse positioning
- S8192025, CVE-2018-2814: Less referential references
- S8192030: Better MTSchema support
- S8192757, CVE-2018-2815: Improve stub classes implementation
- S8193409: Improve AES supporting classes
- S8193414: Improvements in MethodType lookups
- S8193833, CVE-2018-2800: Better RMI connection support
* New features
- PR3493: Run AES test to test intrinsics
* Import of OpenJDK 8 u162 build 12
- S4354680: Runtime.runFinalization() silently clears interrupted flag in the calling thread
- S6618335: ThreadReference.stop(null) throws NPE instead of InvalidTypeException
- S6651256: jstack: DeleteGlobalRef method call doesn't lead to descreasing of global refs count shown by jstack
- S6656031: SA: jmap -permstat number of classes is off by 1
- S6977426: sun/tools tests can intermittently fail to find app's Java pid
- S6988950: JDWP exit error JVMTI_ERROR_WRONG_PHASE(112)
- S7124271: [macosx] RealSync test failure
- S7162125: [macosx] A font has different behaviour for ligatures depending on its creation mod
- S8023667: SA: ExceptionBlob and other C2 classes not available in client VM
- S8031661: java/net/Authenticator/B4769350.java failed intermittently
- S8046778: Better error messages when starting JMX agent via attach or jcmd
- S8066185: VM crashed with SIGSEGV VirtualMemoryTracker::add_reserved_region
- S8072428: Enable UseLoopCounter ergonomically if on-stack-replacement is enabled
- S8073670: TypeF::eq and TypeD::eq do not handle NaNs correctly
- S8074812: More specific error message when the .java_pid well-known file is not secure
- S8078269: JTabbedPane UI Property TabbedPane.tabAreaBackground no longer works
- S8080504: [macosx] SunToolkit.realSync() may hang
- S8087291: InitialBootClassLoaderMetaspaceSize and CompressedClassSpaceSize should be checked consistent from MaxMetaspaceSize
- S8132374: AIX: fix value of os.version property
- S8134103: JVMTI_ERROR_WRONG_PHASE(112): on checking for an interface
- S8139218: Dialog that opens and closes quickly changes focus in original focusowner
- S8147002: [macosx] Arabic character cannot be rendered on MacOS X
- S8148786: xml.tranform fails on x86-64
- S8155197: Focus transition issue
- S8157896: TestDSAGenParameterSpec.java test fails with timeout
- S8158633: BASE64 encoded cert not correctly parsed with UTF-16
- S8159432: [PIT][macosx] StackOverflow in closed/java/awt/Dialog/DialogDeadlock/DialogDeadlockTest
- S8162530: src/jdk.management/share/native/libmanagement_ext/GcInfoBuilder.c doesn't handle JNI exceptions properly
- S8164954: split_if creates empty phi and region nodes
- S8166742: SIGFPE in C2 Loop IV elimination
- S8169961: Memory leak after debugging session
- S8172751: OSR compilation at unreachable bci causes C1 crash
- S8175340: Possible invalid memory accesses due to ciMethodData::bci_to_data() returning NULL
- S8177026: jvm.dll file version not updated since 8u72
- S8177414: Missing key events on Mac Os
- S8177958: Possible uninitialized char* in vm_version_solaris_sparc.cpp
- S8178047: Aliasing problem with raw memory accesses
- S8179086: java.time.temporal.ValueRange has poor hashCode()
- S8180370: Characters are skipped on input of Korean text on OS X
- S8180855: Null pointer dereference in OopMapSet::all_do of oopMap.cpp:394
- S8181659: Create an alternative fix for JDK-8167102, whose fix was backed out
- S8181786: Extra runLater causes impossible states to be possible using javafx.embed.singleThread=true
- S8182402: Tooltip for Desktop button is in English when non-English locale is set
- S8182996: Incorrect mapping Long type to JavaScript equivalent
- S8184009: Missing null pointer check in InterpreterRuntime::update_mdp_for_ret()
- S8184271: Time related C1 intrinsics produce inconsistent results when floating around
- S8184328: JDK 8u131 socketRead0 hang at SSL read
- S8184893: jdk8u152 b06 : issues with nashorn when running kraken benchmarks
- S8185346: Relax RMI Registry Serial Filter to allow arrays of any type
- S8187023: Cannot read pkcs11 config file in UTF-16 environment
- S8189918: Remove Trailing whitespace from file while syncing 8u into 8u162-b03
- S8190280: [macos] Font2DTest demo started failing for Arabic range from JDK 8 u162 b01 on Mac
- S8190542: 8u162 L10n resource file update
- S8192794: 8u162 L10n resource file update md20
* Import of OpenJDK 8 u171 build 11
- S8054213: Class name repeated in output of Type.toString()
- S8068778: [TESTBUG] CompressedClassSpaceSizeInJmapHeap.java fails if SA not available
- S8150530: Improve javax.crypto.BadPaddingException messages
- S8153955: increase java.util.logging.FileHandler MAX_LOCKS limit
- S8169080: Improve documentation examples for crypto applications
- S8175075: Add 3DES to the default disabled algorithm security property
- S8179665: [Windows] java.awt.IllegalComponentStateException: component must be showing on the screen to determine its location
- S8186032: Disable XML Signatures signed with EC keys less than 224 bits
- S8186441: Change of behavior in the getMessage () method of the SOAPMessageContextImpl class
- S8187496: Possible memory leak in java.apple.security.KeychainStore.addItemToKeychain
- S8189851: [TESTBUG] runtime/RedefineTests/RedefineInterfaceCall.java fails
- S8191358: Restore TSA certificate expiration check
- S8191909: Nightly failures in nashorn suite
- S8192789: Avoid using AtomicReference in sun.security.provider.PolicyFile
- S8194259: keytool error: java.io.IOException: Invalid secret key format
- S8196952: Bad primeCertainty value setting in DSAParameterGenerator
- S8197030: Perf regression on all platforms with 8u171-b03 - early lambda use
- S8198494: 8u171 and 8u172 - Build failure on non-SE Linux Platforms
- S8198662: Incompatible internal API change in JDK8u161: signature of method exportObject()
- S8198963: Fix new rmi property name
- S8199001: [TESTBUG] RMIConnectionFilterTest.java test fails in compilation
- S8199141: Windows: new warning messaging for JRE installer UI in non-MOS cases
- S8200314: JDK 8u171 l10n resource file update - msg drop 40
* Backports
- S8062808, PR3548: Turn on the -Wreturn-type warning
- S8141570, PR3548: Fix Zero interpreter build for --disable-precompiled-headers
- S8143245, PR3548: Zero build requires disabled warnings
- S8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile
- S8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode
_ S8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26
- S8185723, PR3553: Zero: segfaults on Power PC 32-bit
- S8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe
- S8187577, PR3578: JVM crash during gc doing concurrent marking
- S8197429, PR3546, RH1536622: Increased stack guard causes segfaults on x86-32
- S8197546, PR3542: Fix for 8171000 breaks Solaris + Linux builds
- S8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8
- S8200556, PR3566: AArch64: assertion failure in slowdebug builds
- S8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong
* Bug fixes
- S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations
- S8199936, PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
- PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build
- PR3549: Desktop file doesn't reference versioned icon
- PR3550: Additional category used in jconsole.desktop.in is incorrect
- PR3559: Use ldrexd for atomic reads on ARMv7.
- PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
- PR3592: Skip AES test on AArch64 due to VM crash
- PR3593: s390 needs to use '%z' format specifier for size_t arguments as size_t != int
- PR3594: Patch for bug 3593 breaks Shenandoah build
- PR3597: Potential bogus -Wformat-overflow warning with -Wformat enabled
* Shenandoah
- PR3573: Fix TCK crash with Shenandoah
- Remove oop cast in oopMap.cpp again, as oopDesc::operator== has additional checking in Shenandoah.
- Fix new code for Shenandoah after the 8u171 merge
- Revert accidental OpSpinWait matching
- UseBiasedLocking should be disabled only for Shenandoah
* AArch32 port
- PR3548: Add missing return values for AArch32 port
The tarballs can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea-3.8.0.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.8.0.tar.xz
We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.
The tarballs are accompanied by digital signatures available at:
* http://icedtea.classpath.org/download/source/icedtea-3.8.0.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.8.0.tar.xz.sig
These are produced using my public key. See details below.
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
GnuPG >= 2.1 is required to be able to handle this key.
SHA256 checksums:
ef1a9110294d0a905833f1db30da0c8a88bd2bde8d92ddb711d72ec763cd25b0 icedtea-3.8.0.tar.gz
5ed72a7475d91e6ef863449f39c12f810d1352d815b4dd4d9a0b8b04d8604949 icedtea-3.8.0.tar.gz.sig
ff9d3737ca5cc8712bad31c565c50939d8b062234d3d49c5efa083bbaa24c3e6 icedtea-3.8.0.tar.xz
cb93df3c4b632d75b0b7c4e5280b868f109a0aef26f59f0455d5e6a1992b344c icedtea-3.8.0.tar.xz.sig
The checksums can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea-3.8.0.sha256
The following people helped with these releases:
* Andrew Hughes (all bug fixes and backports, release management)
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea-3.8.0.tar.gz
or:
$ tar x -I xz -f icedtea-3.8.0.tar.xz
then:
$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.8.0/configure
$ make
Full build requirements and instructions are available in the INSTALL file.
Happy hacking!
--
Andrew :)
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: Digital signature
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20180530/e9465ee5/signature.asc>
More information about the distro-pkg-dev
mailing list