[SECURITY] IcedTea 2.6.19 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Thu Jul 18 00:52:41 UTC 2019 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the July 2019 security fixes from OpenJDK 7u231.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are always
welcome.

Full details of the release can be found below.

What's New?
===========
New in release 2.6.19 (2019-07-17):

* Security fixes
  - S8191073: JpegImageReader throws IndexOutOfBoundsException when trying to read image data from tables-only image
  - S8208698, CVE-2019-2745: Improved ECC Implementation
  - S8212328, CVE-2019-2745: Exceptional throw cases
  - S8213431, CVE-2019-2766: Improve file protocol handling
  - S8213432, CVE-2019-2769: Better copies of CopiesList
  - S8216381, CVE-2019-2786: More limited privilege usage
  - S8217563: Improve realm maintenance
  - S8218873: Improve JSSE endpoint checking
  - S8218876, CVE-2019-2745: Improve PNG support options
  - S8219018: Adjust positions of glyphs
  - S8219020: Table alternate substitutions
  - S8219775: Certificate validation improvements
  - S8220192: Better outlook for SecureRandom
  - S8220517: Enhanced GIF support
  - S8221518, CVE-2019-2816: Normalize normalization
  - S8223511, CVE-2019-2842: Extended AES support
* New features
  - PR3746: Support EA builds
* Import of OpenJDK 7 u231 build 1
  - S7152169: TEST_BUG: sun/security/tools/jarsigner/ec.sh occasionally fail due to keytool error on sparc
  - S7194075: Various classes of sunec.jar are duplicated in rt.jar
  - S7198901: correct the field size check when decoding a point on ECC curve
  - S8006799: Optimize sun.nio.cs.ISO_8859_1$Encode.encodeArrayLoop() (jdk part of 6896617)
  - S8031145: Re-examine closed i18n tests to see it they can be moved to the jdk repository.
  - S8035974: Refactor DigestBase.engineUpdate() method for better code generation by JIT compiler
  - S8135248: Add utility methods to check indexes and ranges
  - S8142493: Utility methods to check indexes and ranges doesn't specify behavior when function produces null
  - S8146458: Improve exception reporting for Objects.checkIndex/checkFromToIndex/checkFromIndexSize
  - S8155794: Move Objects.checkIndex BiFunction accepting methods to an internal package
  - S8159035: CTSMode.java test crashed due to unhandled case of cipher length value as 0
  - S8179098: Crypto AES/ECB encryption/decryption performance regression (introduced in jdk9b73)
  - S8181594: Efficient and constant-time modular arithmetic
  - S8182999: SunEC throws ProviderException on invalid curves
  - S8187946: Support ISO 4217 Amendments 163 and 164
  - S8193552: ISO 4217 amendment 165
  - S8195478: sun/text/resources/LocaleDataTest.java fails with java.lang.Exception
  - S8201317: X25519/X448 code improvements
  - S8202026: ISO 4217 amendment 166
  - S8203228: Branch-free output conversion for X25519 and X448
  - S8204269: ISO 4217 amendment 167
  - S8208648: ECC Field Arithmetic Enhancements
  - S8208746: ISO 4217 Amendment #168 update
  - S8209775: ISO 4217 Amendment #169 update
  - S8210153: localized currency symbol of VES
  - S8211435: Exception in thread "AWT-EventQueue-1" java.lang.IllegalArgumentException: null source
  - S8215982: (tz) Upgrade time-zone data to tzdata2018i
  - S8218781: Localized names for Japanese era Reiwa in COMPAT provider
  - S8224560: (tz) Upgrade time-zone data to tzdata2019a
  - S8225580: tzdata2018i integration causes test failures on jdk-13
* Bug fixes
  - PR3729: CVE-2018-3639 fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE
  - PR3744: Latest ISO 4217 amendments make PR64174 workaround redundant
* AArch64 port
  - S8149365, PR3741: aarch64: memory copy does not prefetch on backwards copy
  - S8151340, PR3741: aarch64: prefetch the destination word for write prior to ldxr/stxr loops.
  - S8153713, PR3741: aarch64: improve short array clearing using store pair
  - S8153797, PR3741: aarch64: Add Arrays.fill stub code
  - S8155617, PR3741: aarch64: ClearArray does not use DC ZVA
  - S8157841, PR3741: aarch64: prefetch ignores cache line size
  - S8186325, PR3741: AArch64: jtreg test hotspot/test/gc/g1/TestJNIWeakG1/TestJNIWeakG1.java SEGV
  - S8224671, PR3741: AArch64: mauve System.arraycopy test failure
  - S8224828, PR3741: aarch64: rflags is not correct after safepoint poll
  - S8224880, PR3741: AArch64: java/javac error with AllocatePrefetchDistance

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.19.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.19.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.19.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.19.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

a766b4626be7ad6a74f88efd311c46a43540bb41772faf985a807b8472f3313d  icedtea-2.6.19.tar.gz
6cbc07041c1ef7464593400eecd9db9bbec40eca6212ffdb438a93b276bcc21c  icedtea-2.6.19.tar.gz.sig
2ba0d2ec3970a163f27d1996074ac4a8767075fc0b7671ef3974cd667aba277d  icedtea-2.6.19.tar.xz
7b47aead21fdc6e9b7c721a992f029b4eec9381767f4603ccfb837a386f23e0f  icedtea-2.6.19.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.19.sha256

The following people helped with these releases:

* Andrew Hughes (all backports & bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.19.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.19.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.19/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20190718/9e3286bc/signature-0001.asc>

More information about the distro-pkg-dev mailing list