From gnu_andrew at member.fsf.org Mon Aug 2 06:29:07 2021 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Mon, 2 Aug 2021 07:29:07 +0100 Subject: [SECURITY] IcedTea 2.6.27 for OpenJDK 7 Released! Message-ID: <20210802062907.GA1875899@rincewind> The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 7 support in the 2.6.x series with the July 2021 security fixes from OpenJDK 7u311. If you find an issue with the release, please report it to our bug database (http://icedtea.classpath.org/bugzilla) under the appropriate component. Development discussion takes place on the distro-pkg-dev at openjdk.java.net mailing list and patches are always welcome. Full details of the release can be found below. What's New? =========== New in release 2.6.27 (2021-08-01): * Security fixes - JDK-8256157: Improve bytecode assembly - JDK-8256491: Better HTTP transport - JDK-8258432, CVE-2021-2341: Improve file transfers - JDK-8260453: Improve Font Bounding - JDK-8260960: Signs of jarsigner signing - JDK-8260967, CVE-2021-2369: Better jar file validation - JDK-8262380: Enhance XML processing passes - JDK-8262403: Enhanced data transfer - JDK-8262477: Enhance String Conclusions - JDK-8262967: Improve Zip file support - JDK-8264079: Improve abstractions - JDK-8264460: Improve NTLM support - JDK-8267412, CVE-2021-2432: Provide better LDAP provider support * Import of OpenJDK 7 u311 build 1 - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider The tarballs can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-2.6.27.tar.gz * http://icedtea.classpath.org/download/source/icedtea-2.6.27.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: * http://icedtea.classpath.org/download/source/icedtea-2.6.27.tar.gz.sig * http://icedtea.classpath.org/download/source/icedtea-2.6.27.tar.xz.sig These are produced using my public key. See details below. PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 GnuPG >= 2.1 is required to be able to handle this key. SHA256 checksums: b4be59010ff972f8360cb9b0d44bbd0f26fe36f59d88d4d2826c389e72aebd31 icedtea-2.6.27.tar.gz 6479551409cb019986c42944505952bab455e9b986d8ad288b14941da3f43572 icedtea-2.6.27.tar.gz.sig e0b8070f3ec83f79c5e6c22b1164656d23ee5d10546e3b0a90d77a330e8eda91 icedtea-2.6.27.tar.xz 1894cddd2d4cdc4c2525f22aadd59e682984fabab26f03b9800ab73ce0c3d111 icedtea-2.6.27.tar.xz.sig The checksums can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-2.6.27.sha256 The following people helped with these releases: * Andrew Hughes (all backports & bug fixes, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-2.6.27.tar.gz or: $ tar x -I xz -f icedtea-2.6.27.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-2.6.27/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! -- Andrew :) Pronouns: he / him or they / them PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: