[SECURITY] IcedTea 3.12.0 for OpenJDK 8 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Thu May 2 01:28:51 UTC 2019

We are pleased to announce the release of IcedTea 3.12.0!

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 8 support with the April 2019
security fixes from OpenJDK 8u212.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are always

Full details of the release can be found below.

What's New?
New in release 3.12.0 (2019-05-01):

* Security fixes
  - S8211936, CVE-2019-2602: Better String parsing
  - S8218453, CVE-2019-2684: More dynamic RMI interactions
  - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID()
* New features
  - PR3734: Make use of branding options
* Import of OpenJDK 8 u202 build 08
  - S8064811: Use THREAD instead of CHECK_NULL in return statements
  - S8068440: Test6857159.java times out
  - S8073139: PPC64: User-visible arch directory and os.arch value on ppc64le cause issues with Java tooling
  - S8073159: improve Test6857159.java
  - S8129560: TestKeyPairGenerator.java fails on Solaris because private exponent needs to comply with FIPS 186-4
  - S8130655: OS X: keyboard input in textfield is not possible if the window contained textfield is owned by EmbeddedFrame
  - S8131051: KDC might issue a renewable ticket even if not requested
  - S8134124: sun/security/tools/jarsigner/warnings.sh fails when using Hindi locale
  - S8139507: WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs
  - S8141421: Various test fail with OOME on win x86
  - S8145788: JVM crashes with -XX:+EnableTracing
  - S8155635: C2: Mixed unsafe accesses break alias analysis
  - S8156709: Cannot call setSeed on NativePRNG on Mac if EGD is /dev/urandom
  - S8160928: javac incorrectly copies over interior type annotations to bridge method
  - S8161732: [TEST_BUG] Test closed/java/awt/MenuBar/MenuBarPeer/MenuBarPeerDisposeTest.java fails in unix enviroments with NullPointerException
  - S8163083: SocketListeningConnector does not allow invocations with port 0
  - S8164383: jhsdb dumps core on Solaris 12 when loading dumped core
  - S8170937: Swing apps are slow if displaying from a remote source to many local displays
  - S8174050: Compilation errors with clang-4.0
  - S8182461: IndexOutOfBoundsException when reading indexed color BMP
  - S8183979: Remove Kodak CMS (KCMS) code from Oracle JDK
  - S8186098: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed due to libnss3 version cannot be parsed
  - S8187218: GSSCredential.getRemainingLifetime() returns negative value for TTL > 24 days.
  - S8191006: hsdis disassembler plugin does not compile with binutils 2.29+
  - S8191178: [macos] Problem with input of yen symbol
  - S8191948: db error: InvalidTypeException: Can't assign double[][][] to double[][][]
  - S8193879: Java debugger hangs on method invocation
  - S8194864: Outputs more details for PKCS11 tests if the NSS lib version cannot be determined
  - S8196882: VS2017 Hotspot Defined vsnprintf Function Causes C2084 Already Defined Compilation Error
  - S8200719: Cannot connect to IPv6 host when exists any active network interface without IPv6 address
  - S8201801: RTL language (Hebrew) is presented from left to right
  - S8202264: Race condition in AudioClip.loop()
  - S8202557: OpenJDK fails to start in Windows 7 and 8.1 after upgrading compiler to VC 2017
  - S8204966: [TESTBUG] hotspot/test/compiler/whitebox/IsMethodCompilableTest.java test fails with -XX:CompileThreshold=1
  - S8205479: OS X: requestFocus() does not work properly for embedded frame
  - S8205965: SIGSEGV on write to NativeCallStack::EMPTY_STACK
  - S8206392: [macosx] Cycling through windows (JFrames) does not work with keyboard shortcut
  - S8206911: javax/xml/crypto/dsig/GenerationTests.java fails in 8u-dev
  - S8207060: Memory leak when malloc fails within WITH_UNICODE_STRING block
  - S8207145: (fs) Native memory leak in WindowsNativeDispatcher.LookupPrivilegeValue0
  - S8207150: Clip.isRunning() may return true after Clip.stop() was called
  - S8207322: Backport GTK3 support on Linux to 8u
  - S8207750: Native handle leak in java.io.WinNTFileSystem.list()
  - S8208091: SA: jhsdb jstack --mixed throws UnmappedAddressException on i686
  - S8208183: update HSDIS plugin license to UPL
  - S8208541: non-ASCII characters in hsdis UPL text
  - S8208638: Instead of circle rendered in appl window, but ellipse is produced JEditor Pane
  - S8209184: JCK Test Failure due to ResourceBundle
  - S8209359: [8u] hotspot needs to recognise cl.exe 19.13 to build with VS2017.
  - S8209863: Add a test to verify that -XX:+EnableTracing works
  - S8210350: -Wl,-z,defs JDK 8 build failure
  - S8210384: SunLayoutEngine.isAAT() font is expensive on MacOS
  - S8210736: jdk/javax/xml/crypto/dsig/GenerationTests.java slow on linux
  - S8210891: Remove unused extutil.h from JDK8u sources
  - S8211124: HotSpot update for vm_version.cpp to recognise updated VS2017
  - S8211150: G1 Full GC not purging code root memory and hence causing memory leak
  - S8211394: CHECK_ must be used in the rhs of an assignment statement within a block
  - S8211909: JDWP Transport Listener: dt_socket thread crash
  - S8211933: [8u] hotspot adlc needs to link statically with libstdc++ for gcc7.3
  - S8212709: Backout backport of JDK-8211394 from jdk 8u-dev
  - S8212821: CHECK_ must be used in the rhs of an assignment statement within a block (round 2)
* Import of OpenJDK 8 u212 build 04
  - S7127191: SA JSDB does not display native symbols correctly for transported Linux cores
  - S8027434: "-XX:OnOutOfMemoryError" uses fork instead of vfork
  - S8028254: gc/arguments/TestMinInitialErgonomics.java failed with unexpected initial heap size
  - S8042131: DateTimeFormatterBuilder Mapped-values do not work for JapaneseDate
  - S8043387: java/time/test/java/util/TestFormatter.java failed.
  - S8044047: Missing null pointer checks for streams
  - S8059038: Create new launcher for SA tools
  - S8065749: [TESTBUG]: gc/arguments/TestG1HeapRegionSize.java fails at nightly
  - S8068269: RTM tests that assert on non-zero lock statistics are too strict in RTMTotalCountIncrRate > 1 cases
  - S8076164: [JTextField] When input too long Thai character, cursor's behavior is odd
  - S8076274: [TESTBUG] Remove @ignore from runtime\NMT\JcmdDetailDiff.java
  - S8076458: java/util/stream/test/org/openjdk/tests/java/util/stream/FlatMapOpTest.java timeout
  - S8077608: [TESTBUG] Enable Hotspot jtreg tests to run in agentvm mode
  - S8080932: [TEST_BUG] Test java/awt/BasicStroke/DashStrokeTest.java fails with Bad script error due to improper @run notation
  - S8132136: [PIT] RTL orientation in JEditorPane is broken
  - S8132985: Crash in freetypescaler.c due to double free
  - S8133108: [PIT] Container size is wrong in JEditorPane
  - S8133731: [TEST_BUG] Unmappable in ASCII character such as Thai should be escaped in the regtests targeted for a regular non-I18n runs
  - S8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
  - S8133984: print_compressed_class_space() is only defined in 64-bit VM
  - S8139803: Fix for 8132985 breaks OpenJDK build on windows.
  - S8148928: java/util/stream/test/**/SequentialOpTest.java timed out intermittently
  - S8164656: krb5 does not retry if TCP connection timeouts
  - S8170681: Remove fontconfig header files from JDK source tree
  - S8175120: Remove old tests on kdc timeout policy
  - S8180469: Wrong short form text for supplemental Japanese era
  - S8180904: Hotspot tests running with -agentvm failing due to classpath
  - S8185975: PPC64: Fix vsldoi interface according to the ISA
  - S8187364: Unable to enter zero width non-joiner (ZWNJ) symbol in Swing text component
  - S8189761: COMPANY_NAME, IMPLEMENTOR, BUNDLE_VENDOR, VENDOR, but no configure flag
  - S8193764: Cannot set COMPANY_NAME when configuring a build
  - S8195153: [test] runtime/6981737/Test6981737.java shouldn't check 'java.vendor' and 'java.vm.vendor' properties
  - S8200109: NMT: diff_malloc_site assert(early->flags() == current->flags(), "Must be the same memory type")
  - S8200115: System property java.vm.vendor value includes quotation marks
  - S8202088: Japanese new era implementation
  - S8204142: AWT hang occurs when sequenced events arrive out of sequence in multiple AppContexts
  - S8205432: Replace the placeholder Japanese era name
  - S8206075: On x86, assert on unbound assembler Labels used as branch targets
  - S8206120: Add test cases for lenient Japanese era parsing
  - S8207070: Webstart app popup on wrong screen in a one-screen setup changing to multi-monitor
  - S8207152: Placeholder for Japanese new era should be two characters
  - S8207258: Distrust TLS server certificates anchored by Symantec Root CAs
  - S8208480: Test failure: assert(is_bound() || is_unused()) after JDK-8206075 in C1
  - S8208656: Move java/util/Calendar/CalendarTestScripts tests into OpenJDK
  - S8210633: Cannot parse JapaneseDate string with DateTimeFormatterBuilder Mapped-values
  - S8210647: libsaproc is being compiled without optimization
  - S8211106: [windows] Update OS detection code to recognize Windows Server 2019
  - S8211231: BarrierSetC1::generate_referent_check() confuses register allocator
  - S8211382: ISO2022JP and GB18030 NIO converter issues
  - S8211398: Square character support for the Japanese new era
  - S8211435: Exception in thread "AWT-EventQueue-1" java.lang.IllegalArgumentException: null source
  - S8211926: Catastrophic size_t underflow in BitMap::*_large methods
  - S8212110: Build of saproc.dll broken on Windows 32 bit after JDK-8210647
  - S8212178: Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator
  - S8212914: Test javax/imageio/plugins/bmp/BMP8BPPLoadTest.java fails
  - S8212941: Support new Japanese era in java.time.chrono.JapaneseEra
  - S8213151: [AIX] Some class library files are missing the Classpath exception
  - S8213154: Update copyright headers of files in src tree that are missing Classpath exception
  - S8213419: C2 may hang in MulLNode::Ideal()/MulINode::Ideal() with gcc 8.2.1
  - S8213583: Error while opening the JFileChooser when desktop contains shortcuts pointing to deleted files.
  - S8213952: Relax DNSName restriction as per RFC 1123
  - S8213983: [macosx] Keyboard shortcut “cmd +`” stops working properly if popup window is displayed
  - S8213992: Rename and make DieOnSafepointTimeout the diagnostic option
  - S8214061: Buffer written into itself
  - S8214189: test/hotspot/jtreg/compiler/intrinsics/mathexact/MulExactLConstantTest.java fails on Windows x64 when run with -XX:-TieredCompilation
  - S8214206: Fix for JDK-8213419 is broken on 32-bit
  - S8215364: JavaFX crashes on Ubuntu 18.04 with Wayland while using Swing-FX interop
  - S8215934: G1 Old Gen MemoryPool CollectionUsage.used values don't reflect mixed GC results
  - S8215976: Fix gmtime_r declaration conflicts in zip.cpp with linux header files
  - S8216037: Avoid calling vm_update with a NULL name
  - S8216058: [TESTBUG] tools/launcher/VersionCheck.java fails after JDK-8215992
  - S8216396: Support new Japanese era and new currency code points in java.lang.Character for Java SE 8
  - S8217305: Missing 0 in java.dll file version cause issues with patch management software
  - S8217432: MetaspaceGC::_capacity_until_GC exceeds MaxMetaspaceSize
  - S8217520: Remove vm.opt.MaxGCPauseMillis == "null" from TestOldGenCollectionUsage.java
  - S8217579: TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883
  - S8217609: New era placeholder not recognized by java.text.SimpleDateFormat
  - S8217710: Add 5 currency code points to Java SE 8uX
  - S8218613: [TESTBUG] runtime/ErrorHandling tests are building incorrect testlibrary classes
  - S8218915: Change isJavaIdentifierStart and isJavaIdentifierPart to handle new code points
  - S8219636: Windows build failure after JDK-8207070 8u backport
  - S8219890: Calendar.getDisplayName() returns empty string for new Japanese Era on some locales
  - S8219961: [ppc64] Increase code size for interpreter generation.
  - S8220397: REGRESSION: JDK-8036003 backport regresses no_strip builds
  - S8220641: [TESTBUG] New test KdcPolicy.java introduced by JDK-8164656 needs same change as JDK-8190690
  - S8221355: Performance regression after JDK-8155635 backport into 8u
* Backports
  - S8222286, PR3727: Fix for JDK-8213419 is broken on s390
* Bug fixes
  - PR3718: Change policytool.desktop.in category Development to Settings
  - PR3719: Use JRE bin directory in policytool.desktop.in
  - PR3722: Use SDK bin directory in jconsole.desktop.in
  - PR3723: Use shortened Java version first in Name field of desktop files
  - PR3728: CVE-2018-3639 fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE
  - PR3736: Use https URLs where possible.
* AArch64 port
  - S8153172, PR3724: aarch64: hotspot crashes after the 8.1 LSE patch is merged
  - S8213419, PR3724: [AArch64] C2 may hang in MulLNode::Ideal()/MulINode::Ideal() with gcc 8.2.1
  - S8221220, PR3724: AArch64: Add StoreStore membar explicitly for Volatile Writes in TemplateTable
* AArch32 port
  - S8213419: [AArch32] C2 may hang in MulLNode::Ideal()/MulINode::Ideal() with gcc 8.2.1
  - S8214189: [AArch32] test/hotspot/jtreg/compiler/intrinsics/mathexact/MulExactLConstantTest.java fails on Windows x64 when run with -XX:-TieredCompilation

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.12.0.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.12.0.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-3.12.0.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.12.0.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

41261bfdd93616ac5d061ce44aaf5b46e5f4920a360f982a54c423b0e171f4bc  icedtea-3.12.0.tar.gz
c509cfe881907611f1d1a2793b417c014d9f372f4032e02c6b7974e491a3b7d1  icedtea-3.12.0.tar.gz.sig
121dd400d6cc40803b634b42968de2842e9ac0adc7808a91c45bfd30d8223338  icedtea-3.12.0.tar.xz
48e118f9d11fcfc35457f4fd3ce11cd194aa4c361e0107ed41c203c7643b6372  icedtea-3.12.0.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.12.0.sha256

The following people helped with these releases:

* Andrew Haley (PR3728)
* Andrew Hughes (all other bug fixes and backports, release management)
* Sergey Nazarkin (AArch32 work)
* Roland Westrelin (8213419 for AArch64)
* Felix Yang (8153172)
* Patrick Zhang (8221220)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.12.0.tar.gz


$ tar x -I xz -f icedtea-3.12.0.tar.xz


$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.12.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20190502/2e27d869/signature-0001.asc>

More information about the distro-pkg-dev mailing list