[SECURITY] IcedTea 3.9.0 for OpenJDK 8 Released!
Andrew Hughes
gnu_andrew at member.fsf.org
Thu Sep 27 16:52:20 UTC 2018
We are pleased to announce the release of IcedTea 3.9.0!
The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.
This release updates our OpenJDK 8 support with the July 2018
security fixes from OpenJDK 8 u181.
If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are always
welcome.
Full details of the release can be found below.
What’s New?
===========
New in release 3.9.0 (2018-09-27):
* Security fixes
- S8191239: Improve desktop file usage
- S8193419: Better Internet address support
- S8197871, CVE-2018-2938: Support Derby connections
- S8197925, CVE-2018-2940: Better stack walking
- S8199547, CVE-2018-2952: Exception to Pattern Syntax
- S8200666, CVE-2018-2973: Improve LDAP support
- PR3607, CVE-2018-3639: hw: cpu: speculative store bypass mitigation
* New features
- PR3623: Allow Shenandoah to be used on all architectures
- PR3624: Sync desktop files with Fedora/RHEL versions again
- PR3628: Install symlinks to tapsets in SystemTap directory
* Import of OpenJDK 8 u172 build 11
- S8031304: Add dcmd to print all loaded dynamic libraries.
- S8044107: Add Diagnostic Command to list all ClassLoaders
- S8055755: Information about loaded dynamic libraries is wrong on MacOSX
- S8059036: Implement Diagnostic Commands for heap and finalizerinfo
- S8130400: Test java/awt/image/DrawImage/IncorrectClipXorModeSurface2Surface.java fails with ClassCastException
- S8136356: Add time zone mappings on Windows
- S8139673: NMT stack traces in output should show mtcomponent
- S8147542: ClassCastException when repainting after display resolution change
- S8154017: Shutdown hooks are racing against shutdown sequence, if System.exit()-calling thread is interrupted
- S8165466: DecimalFormat percentage format can contain unexpected %
- S8166772: Touch keyboard is not shown for text components on a screen touch
- S8169424: src/share/sample/scripting/scriptpad/src/scripts/memory.sh missing #!
- S8170358: [REDO] 8k class metaspace chunks misallocated from 4k chunk Freelist
- S8170395: Metaspace initialization queries the wrong chunk freelist
- S8176072: READING attributes are not available on TSF
- S8177721: Improve diagnostics in sun.management.Agent#startAgent()
- S8177758: Regression in java.awt.FileDialog
- S8183504: 8u131 Win 10, issue with wrong position of Sogou IME popup
- S8184991: NMT detail diff should take memory type into account
- S8187331: VirtualSpaceList tracks free space on wrong node
- S8187629: NMT: Memory miscounting in compiler (C2)
- S8187658: Bigger buffer for GetAdaptersAddresses
- S8187685: NMT: Tracking compiler memory usage of thread's resource area
- S8187803: JDK part of JavaFX-Swing dialogs appearing behind main stage
- S8187985: Broken certificate number in debug output
- S8188855: Fix VS10 build after "8187658: Bigger buffer for GetAdaptersAddresses"
- S8189599: InitialBootClassLoaderMetaspaceSize and CompressedClassSpaceSize should be checked consistent from MaxMetaspaceSize
- S8189646: sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java failed with "java.net.SocketTimeoutException: Read timed out"
- S8190442: Backout changes for JDK-8087291 from 8u-dev as it didn't use main CR id
- S8190690: Impact on krb5 test cases in the 8u-CPU nightly
- S8191969: javac produces incorrect RuntimeInvisibleTypeAnnotations length attribute
- S8192987: keytool should remember real storetype if it is not provided
- S8193156: Need to backout fixes for JDK-8058547, JDK-8055753, JDK-8085903
- S8193807: Avoid UnsatisfiedLinkError on AIX by providing empty basic implementations of getSystemCpuLoad and getProcessCpuLoad
* Import of OpenJDK 8 u181 build 13
- S8038636: speculative traps break when classes are redefined
- S8051972: sun/security/pkcs11/ec/ReadCertificates.java fails intermittently
- S8055008: Clean up code that saves the previous versions of redefined classes
- S8057570: RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid
- S8074373: NMT is not enabled if NMT option is specified after class path specifiers
- S8076117: EndEntityChecker should not process custom extensions after PKIX validation
- S8156137: SIGSEGV in ReceiverTypeData::clean_weak_klass_links
- S8157898: SupportedDSAParamGen.java failed with timeout
- S8169201: Montgomery multiply intrinsic should use correct name
- S8170035: When determining the ciphersuite lists, there is no debug output for disabled suites.
- S8176183: sun/security/mscapi/SignedObjectChain.java fails on Windows
- S8187045: [linux] Not all libraries in the VM are linked with -z,noexecstack
- S8187635: On Windows Swing changes keyboard layout on a window activation
- S8188223: IfNode::range_check_trap_proj() should handler dying subgraph with single if proj
- S8196224: Even better Internet address support
- S8196491: Newlines in JAXB string values of SOAP-requests are escaped to "
"
- S8196854: TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException
- S8197943: Unable to use JDWP API in JDK 8 to debug JDK 9 VM
- S8198605: Touch keyboard is shown for a non-focusable text component
- S8198606: Touch keyboard does not hide, when a text component looses focus
- S8198794: Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3
- S8199406: Performance drop with Java JDK 1.8.0_162-b32
- S8199748: Touch keyboard is not shown, if text component gets focus from other text component
- S8200359: (tz) Upgrade time-zone data to tzdata2018d
- S8201433: Fix potential crash in BufImg_SetupICM
- S8202585: JDK 8u181 l10n resource file update
- S8202996: Remove debug print statements from RMI fix
- S8203233: (tz) Upgrade time-zone data to tzdata2018e
- S8203368: ObjectInputStream filterCheck method throws NullPointerException
- S8204874: Update THIRDPARTYREADME file
- S8205491: adjust reflective access checks
* Backports
- S8008321, PR3599: compile.cpp verify_graph_edges uses bool as int
- S8064786, PR3601: Fix debug build after 8062808: Turn on the -Wreturn-type warning
- S8075942, PR3602, RH1582032: ArrayIndexOutOfBoundsException in sun.java2d.pisces.Dasher.goTo
- S8146115, PR3508, RH1463098: Improve docker container detection and resource configuration usage
- S8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26
- S8203182, PR3603: Release session if initialization of SunPKCS11 Signature fails
- S8206406, PR3610, RH1597825: StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list
- S8207057, PR3613: No debug info for assembler files
* Bug fixes
- PR3597: Potential bogus -Wformat-overflow warning with -Wformat enabled
- PR3600: jni_util.c does not import header file which declares getLastErrorString
- PR3601: Fix additional -Wreturn-type issues introduced by 8061651
- PR3630: Use ${datadir} when specifying default tz.properties location
- PR3632: IcedTea installing symlinks to SystemTap directory rather than individual tapsets
* AArch64 port
- S8207345, PR3626: Trampoline generation code reads from uninitialized memory
* Shenandoah
- PR3619: Shenandoah broken on s390
- PR3620: Shenandoah broken on ppc64
- Allocation failure injection machinery
- [backport] AArch64 shenandoah_store_check should read evacuation_in_progress as byte
- [backport] Account trashed regions from coalesced CM-with-UR
- [backport] Adaptive collection set selection in adaptive policy
- [backport] Adaptive heuristics accounts trashed cset twice
- [backport] Adapt upstream object pinning API
- [backport] Add comments in shenandoah_store_check on direct heap field use
- [backport] Added diagnostic flag ShenandoahOOMDuringEvacALot
- [backport] Added missing header file for non-PCH build
- [backport] Add missing barrier in C1 NIOCheckIndex intrinsic
- [backport] Add new pinned/cset region state for evac-failure-path
- [backport] Add ShenandoahRootProcessor API to report threads while scanning roots
- [backport] Add test to verify Shenandoah is not enabled by default, and enabled with the flag
- [backport] Add -XX:+ShenandoahVerify to more interesting tests
- [backport] AESCrypt.implEncryptBlock/AESCrypt.implDecryptBlock intrinsics assume non null inputs
- [backport] Allow use of fp spills around write barrier
- [backport] Arraycopy fixes (tests and infrastructure)
- [backport] Assert Shenandoah-specific safepoints instead of generic ones
- [backport] Asynchronous region recycling
- [backport] Avoid notifying about zero waste
- [backport] barrier moved due to null checks needs to always fix memory edges
- [backport] Basic support for x86_32: build and run in STW configuration
- [backport] Bitmap based ShHeapRegionSet
- [backport] Break heuristics out from ShCollectorPolicy into their own source files
- [backport] C2 should use heapword-sized object math
- [backport] Check BS type in immByteMapBase predicate
- [backport] Cleanup allocation tracking in heuristics
- [backport] Cleanup and refactor Full GC code
- [backport] Cleanup and strengthen BrooksPointer verification
- [backport] Clean up dead code
- [backport] Cleanup: removed unused code
- [backport] Cleanup reset_{next|complete}_mark_bitmap
- [backport] Cleanup SHH::should_start_normal_gc
- [backport] "Compact" heuristics for dense footprint scenarios
- [backport] Compact heuristics should not shortcut on immediate garbage, but aggressively compact
- [backport] Conditionalize PerfDataMemorySize on enabled heap sampling
- [backport] Consistent liveness for humongous regions
- [backport] Control loop should wait before starting another GC cycle
- [backport] Critical native tests should only be ran on x86_64 platforms
- [backport] Degenerated GC
- [backport] Degenerated GC: rename enum, report degen reasons in stats
- [backport] Demote ShenandoahAllocImplicitLive to diagnostic
- [backport] Demote warning message about OOM-during-evac to informational
- [backport] Denser ShHeapRegion status line
- [backport] Disable verification from non-Shenandoah VMOps.
- [backport] Disallow pinned_cset region moves and allocations during Full GC
- [backport] Disambiguate "upgrade to Full GC" GCause
- [backport] Do not add non-allocatable regions to the freeset
- [backport] Don't treat allocation regions implicitely live during some GCs
- [backport] Double check for UseShenandoahGC in WB expand
- [backport] Drop distinction between immediate garbage and free in heuristics
- [backport] Dynamic worker refactoring
- [backport] Eagerly drop CSet state from regions during Full GC
- [backport] Eliminate write-barrier assembly stub (part 1)
- [backport] Enable biased locking for Shenandoah by default
- [backport] Ensure tasks use correct number of workers
- [backport] Excessive assert in ShHeap::mark_next
- [backport] Excessive asserts in marked_object_iterate
- [backport] FinalEvac pause to turn off evacuation
- [backport] Fix || and && chaining warnings in memnode.cpp
- [backport] Fix broken asserts in ShenandoahSharedEnumFlag
- [backport] Fixed code roots scanning that might be bypassed during degenerated cycle
- [backport] Fixed compilation error of libTestHeapDump.c on Windows with VS2010
- [backport] Fixed missing ResourceMark in ShenandoahAsserts::print_obj
- [backport] Fixed pinned region handling in mark-compact
- [backport] Fix (external) heap iteration + TestHeapDump should unlock aggressive heuristics
- [backport] fix for alias analysis with ShenandoahBarriersForConst
- [backport] Fix/improve CLD processing
- [backport] Fixing Windows and ARM32 build
- [backport] Fix Mac OS build warnings
- [backport] Fix Minimal VM build
- [backport] Fix ShFreeSet boundary case
- [backport] fix TCK crash with shenandoah
- [backport] Forcefully update counters when GC cycle is running
- [backport] FreeSet and HeapRegion should have the reference to ShenandoahHeap
- [backport] FreeSet refactor: bitmaps, cursors, biasing
- [backport] FreeSet should accept responsibility over trashed regions
- [backport] FreeSet should report its internal state before/after GC cycle
- [backport] Full GC should compact humongous regions
- [backport] Full GC should not trash empty regions
- [backport] GC state testers (infra)
- [backport] Generic verification is possible only at Shenandoah safepoints
- [backport] Get easy on template instantiations in ShConcMark
- [backport] Heap region sampling should publish region states
- [backport] Humongous regions should support explicit pinning
- [backport] Immediate garbage ratio should not go over 100%
- [backport] Implement flag to generate write-barriers without membars
- [backport] Implement protocol for safe OOM during evacuation handling + Use jint in oom-evac-handler to match older JDKs Atomic support better + Missing OOMScope in ShenandoahFixRootsTask
- [backport] Improve assertion/verification messages a bit
- [backport] Improve/more detailed timing stats for root queue work
- [backport] Incorrect constant folding with final field and -ShenandoahOptimizeFinals
- [backport] Increase test timeouts
- [backport] Introduce assert_in_correct_region to verify object is in correct region
- [backport] Isolate shenandoahVerifier from stray headers
- [backport] keep read barriers for final instance/stable field accesses
- [backport] Keep track of per-cycle mutator/collector allocs. Fix mutator/collector alloc region overlap in traversal.
- [backport] Little cleanup
- [backport] Log message on ref processing, class unload, update refs for mark events
- [backport] LotsOfCycles test timeouts
- [backport] Make concurrent precleaning log message optional again
- [backport] Make control loop more responsive under allocation pressure
- [backport] Make degenerated update-refs use region-set cursor to hand over work
- [backport] Make heap counters update completely asynchronous
- [backport] Make major GC phases exclusive from each other
- [backport] Make sure selective barriers enabling/disabling works
- [backport] Make sure -XX:+ShenandoahVerify comes first in the tests
- [backport] Mark bitmap slices commit/uncommit + Aggregated bitmap slicing
- [backport] Match barrier fastpath checks better
- [backport] Minor cleanups
- [backport] Minor cleanup, uses latest Atomic API
- [backport] Move barriers into typeArrayOop.hpp direct memory accessors
- [backport] Move ShHeap::used increment out of locked allocation path
- [backport] No need for fence in control loop: flags are now ShSharedVariables
- [backport] Only report GC pause time to GC MXBean + Re-fix memory managers and memory pools usage and pause reporting
- [backport] Optimize fwdptr region handling in ShenandoahVerifyOopClosure::verify_oop
- [backport] Optimize oop/fwdptr/hr_index verification a bit
- [backport] overflow integer during size calculation
- [backport] Pacer should account allocation waste and unsuccessful pacing in the budget
- [backport] Pacer should poll FreeSet to figure out actually available space
- [backport] Passive should opt-in the barriers, not opt-out
- [backport] Pauses that do not affect heap occupancy should not report heap
- [backport] Print message when heuristics changes the setting ergonomically
- [backport] Protect C2 matchers with UseShenandoahGC
- [backport] Provide non-taxable allocation slack at the beginning of the cycle
- [backport] Record cycle start/end to avoid continuous periodic GC
- [backport] Record Shenandoah events in hs_err events section
- [backport] Refactor allocation failure and explicit GC handling
- [backport] Refactor allocation metadata handling
- [backport] Refactor FreeSet rebuilding into the single source
- [backport] Refactoring GC phase and heap allocation tracking out of policy
- [backport] Refactor uncommit handling: react on explicit GCs, feature kill flag, etc
- [backport] Refactor worker timings into ShenandoahPhaseTimings
- [backport] ReferenceProcessor is_alive setup is racy
- [backport] Region sampling should lock while gathering region data
- [backport] Rehash VMOperations and cycle driver mechanics for consistency
- [backport] Relax assert in SBS::is_safe()
- [backport] Remove BS:is_safe in favor of logged BS::verify_safe_oop
- [backport] Remove CSetThreshold handling from heuristics
- [backport] Remove FreeSet::add_region, inline into FreeSet::rebuild
- [backport] Remove obsolete check in FreeSet::allocate
- [backport] Remove ShenandoahGCWorkerPerJavaThread flag
- [backport] Remove ShenandoahMarkCompactBarrierSet
- [backport] Rename and cleanup _regions and _free_set uses
- [backport] Rename dynamic heuristics to static
- [backport] Rename *_oop_static/oop_ref to *_forwarded
- [backport] Rename ShenandoahConcurrentThread to ShenandoahControlThread
- [backport] Report all GC status flags in hs_err
- [backport] Report fwdptr size in JNI GetObjectSize
- [backport] Report how much we have failed to allocate during Allocation Failure
- [backport] Report illegal transitions verbosely, and remove some no-op transitions
- [backport] Rewire control loop to avoid double cleanup work
- [backport] Rework shared bool/enum flags with proper types and synchronization
- [backport] Rewrite and fix ShenandoahHeap::marked_object_iterate
- [backport] Rich assertion failure logging
- [backport] Roots verification should take the special roots first
- [backport] RP closures should accept NULL referents
- [backport] Set ShenandoahMinFreeThreshold default to 10%
- [backport] Setup process references and class unloading once before the cycle
- [backport] ShConcurrentThread races with set_gc_state_bit
- [backport] Shenandoah critical native support
- [backport] Shenandoah region/set iterators should not allow copying
- [backport] Shenandoah SA implementation
- [backport] Shenandoah/SPARC barrier stubs
- [backport] ShenandoahVerifyOptoBarriers should not fail with disabled barriers
- [backport] ShenandoahWriteBarrierNode::find_bottom_mem() fix
- [backport] ShenandoahWriteBarrierRB flag to conditionally disable RB on WB fastpath
- [backport] Shenandoah/Zero barrier stubs
- [backport] SieveObjects test is too hostile to verification
- [backport] Single GCTimer shared by all operations
- [backport] Single thread-local GC state flag for all barriers
- [backport] Some smallish ShHeapRegionSet changes
- [backport] Speed up asserts and verification, improve fastdebug builds performance
- [backport] Split live data management for allocations and GCs
- [backport] Static heuristics should be really static and report decisions
- [backport] Static heuristics should use non-zero allocation threshold
- [backport] Store checks should run most of the time
- [backport] Tax-and-Spend allocation pacing
- [backport] Testbug: VerifyJCStressTest leaks memory
- [backport] TestSelectiveBarrierFlags should accept multi-element flag selections
- [backport] TestSelectiveBarrierFlags times out due to too aggressive compilation mode
- [backport] Trim/expand test heap sizes to fit small heaps
- [backport] Trim the TLAB sizes to avoid wasteful retirement under TLAB races
- [backport] Use leftmost region in GC allocations
- [backport] Use os::naked_short_sleep instead of naked Thread events for sleeping
- [backport] Use/sort (cached) RegionData not ShenandoahHeapRegionSet (infrastructure)
- [backport] UX: Cleanup (adaptive) CSet selection message
- [backport] UX: Pacer reports incorrect free size
- [backport] UX: Shorter gc+ergo messages from CSet selection
- [backport] Verifier crashes when reporting multiple forwardings
- [backport] Verifier should check klass pointers before attempting to reach for object size
- [backport] Verifier should print verification label at liveness verification
- [backport] Verify fwdptr accesses during Full GC moves
- [backport] Verify regions status
- [backport] When Shenandoah WB is moved out of loop, connect it to correct loop memory Phi (back out and revisit previous fix)
- [backport] Wipe out ShenandoahStoreCheck implementation
- [backport] Workaround C1 ConstantOopWriteValue bug
- Bitmap size might not be page aligned when large page is used
- Changed claim count to jint
- Cherry-pick JDK-8173013: JVMTI tagged object access needs G1 pre-barrier
- Defer cleaning of system dictionary and friends to parallel cleaning phase
- Do not put down update-refs-in-progress flag concurrently
- Fix AArch64 build failure: misplaced #endif
- Fixed Shenandoah 8u build
- Fixed Windows build
- Fix non-PCH build
- Fix non-PCH x86_32 build
- Fix up SPARC and Zero headers for proper locations
- missing barriers in String intrinsics with -ShenandoahOptimizeInstanceFinals -ShenandoahOptimizeStableFinals
- Missing event log for canceled GC
- StringInternCleanup times out
- VerifyJCStressTest should test all heuristics
- Workaround VM crash with JNI Weak Refs handling
The tarballs can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea-3.9.0.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.9.0.tar.xz
We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.
The tarballs are accompanied by digital signatures available at:
* http://icedtea.classpath.org/download/source/icedtea-3.9.0.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.9.0.tar.xz.sig
These are produced using my public key. See details below.
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
GnuPG >= 2.1 is required to be able to handle this key.
SHA256 checksums:
84a63bc59f4e101ce8fa183060a59c7e8cbe270945310e90c92b8609a9b8bc88 icedtea-3.9.0.tar.gz
7ee0a348f4e32436b3cdc915f2a405ab8a6bfca0619d9acefb2920c14208d39e icedtea-3.9.0.tar.gz.sig
45577f65e61509fcfa1dfce06ff9c33ef5cfea0e308dc1f63e120975ce7bdc3c icedtea-3.9.0.tar.xz
82cb48e36437d0df16fe5071c3d479672d2b360a18afe73559c63d6fb604caf2 icedtea-3.9.0.tar.xz.sig
The checksums can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea-3.9.0.sha256
The following people helped with these releases:
* Andrew Hughes (all bug fixes and backports, release management)
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea-3.9.0.tar.gz
or:
$ tar x -I xz -f icedtea-3.9.0.tar.xz
then:
$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.9.0/configure
$ make
Full build requirements and instructions are available in the INSTALL file.
Happy hacking!
--
Andrew :)
Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20180927/356f7f49/signature-0001.asc>
More information about the distro-pkg-dev
mailing list