[SECURITY] IcedTea 2.6.22 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Fri Apr 17 01:21:16 UTC 2020 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the April 2020 security fixes from OpenJDK 7u261.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the distro-pkg-dev at
openjdk.java.net mailing list and patches are always welcome.

Full details of the release can be found below.

What's New?
===========
New in release 2.6.22 (2020-04-16):

* Security fixes
  - S8224541, CVE-2020-2756: Better mapping of serial ENUMs
  - S8224549, CVE-2020-2757: Less Blocking Array Queues
  - S8225603: Enhancement for big integers
  - S8227542: Manifest improved jar headers
  - S8231415, CVE-2020-2773: Better signatures in XML
  - S8233250: Better X11 rendering
  - S8233410: Better Build Scripting
  - S8234027: Better JCEKS key support
  - S8234408, CVE-2020-2781: Improve TLS session handling
  - S8234825, CVE-2020-2800: Better Headings for HTTP Servers
  - S8234841, CVE-2020-2803: Enhance buffering of byte buffers
  - S8235274, CVE-2020-2805: Enhance typing of methods
  - S8236201, CVE-2020-2830: Better Scanner conversions
  - S8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
* Import of OpenJDK 7 u261 build 1
  - S8240621: Build failure on Windows after JDK-8044500
* Import of OpenJDK 7 u261 build 2
  - S7065233: To interpret case-insensitive string locale independently
  - S8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
* Bug fixes
  - S8036543, PR3777: [parfait] JNI pending exceptions for j2secmod.c, j2secmod_md.c, and p11_md.c
  - S8195607, PR3777: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.22.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.22.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.22.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.22.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

5b201c1f6015e814a90bd521ac264748d93494711fe78708e626fbe40713eaff  icedtea-2.6.22.tar.gz
ad612c5146a20151bd01a92b2663655b94534af3fba892906fa4064c6e2cf0f2  icedtea-2.6.22.tar.gz.sig
34fa9f3898e72f7ec2e7b67ccd947e1fd9a7a943d1969b0cf24bc56391da33c0  icedtea-2.6.22.tar.xz
cd6783f649f8f8ccd69762fb7c236874d5f2dbdc58e0be466246d3cde2cd85e1  icedtea-2.6.22.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.22.sha256

The following people helped with these releases:

* Andrew Hughes (all backports & bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.22.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.22.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.22/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20200417/3ff568a0/signature.asc>

More information about the distro-pkg-dev mailing list