From gnu_andrew at member.fsf.org Mon Jul 5 20:09:04 2021 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Mon, 5 Jul 2021 21:09:04 +0100 Subject: [SECURITY] IcedTea 2.6.26 for OpenJDK 7 Released! Message-ID: <20210705200904.GA2692057@rincewind> The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 7 support in the 2.6.x series with the April 2021 security fixes from OpenJDK 7u301. If you find an issue with the release, please report it to our bug database (http://icedtea.classpath.org/bugzilla) under the appropriate component. Development discussion takes place on the distro-pkg-dev at openjdk.java.net mailing list and patches are always welcome. Full details of the release can be found below. What's New? =========== New in release 2.6.26 (2021-07-05): * Security fixes - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing - JDK-8253799: Make lists of normal filenames * Import of OpenJDK 7 u301 build 1 - JDK-8035166: Remove dependency on EC classes from pkcs11 provider - JDK-8202343: Disable TLS 1.0 and 1.1 - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR - JDK-8258247: Couple of issues in fix for JDK-8249906 - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f - JDK-8259428: AlgorithmId.getEncodedParams() should return copy - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a - JDK-8261183: Follow on to Make lists of normal filenames * Backports - JDK-8167409, PR3840: Invalid value passed to critical JNI function * AArch64 port - PR3840: Backport cleanup changes from upstreaming AArch64 port to 8u - JDK-8078521, PR3840: AARCH64: Add AArch64 SA support - JDK-8136596, PR3840: Remove aarch64: MemBarRelease when final field's allocation is NoEscape or ArgEscape - JDK-8163363, PR3840: AArch64: Stack size in tools/launcher/Settings.java needs to be adjusted - JDK-8248336, PR3840: AArch64: C2: offset overflow in BoxLockNode::emit - JDK-8260930, PR3840: AArch64: Invalid value passed to critical JNI function - JDK-8263008, PR3840: AARCH64: Add debug info for libsaproc.so The tarballs can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-2.6.26.tar.gz * http://icedtea.classpath.org/download/source/icedtea-2.6.26.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: * http://icedtea.classpath.org/download/source/icedtea-2.6.26.tar.gz.sig * http://icedtea.classpath.org/download/source/icedtea-2.6.26.tar.xz.sig These are produced using my public key. See details below. PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 GnuPG >= 2.1 is required to be able to handle this key. SHA256 checksums: 96ad19258063f28e02a6984e2c004d72896e15c0fe46fd6105d20fab5f8e4a62 icedtea-2.6.26.tar.gz 68f131e14ab34485baa3157e9f391f33e6fa109a6bafc60c36fa04ca62dfd6dc icedtea-2.6.26.tar.gz.sig 5b4ce4897b2163420e076c258f8fa46631d3efaad3dd385d61b1656eae0ae6ee icedtea-2.6.26.tar.xz 39e9718d30ea1a4379120a0beca3f2c4f7f367edc1f0746b89da7ca38522e341 icedtea-2.6.26.tar.xz.sig The checksums can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-2.6.26.sha256 The following people helped with these releases: * Andrew Hughes (all backports & bug fixes, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-2.6.26.tar.gz or: $ tar x -I xz -f icedtea-2.6.26.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-2.6.26/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! -- Andrew :) Pronouns: he / him or they / them Senior Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From gnu_andrew at member.fsf.org Wed Jul 28 04:05:44 2021 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Wed, 28 Jul 2021 05:05:44 +0100 Subject: [SECURITY] IcedTea 3.20.0 for OpenJDK 8 Released! Message-ID: <20210728040544.GA1578845@rincewind> We are pleased to announce the release of IcedTea 3.20.0! The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 8 support with the July 2021 security fixes from OpenJDK 8u302. If you find an issue with the release, please report it to our bug database (http://icedtea.classpath.org/bugzilla) under the appropriate component. Development discussion takes place on the distro-pkg-dev at openjdk.java.net mailing list and patches are always welcome. Full details of the release can be found below. What's New? =========== New in release 3.20.0 (2021-07-27): * Security fixes - JDK-8256157: Improve bytecode assembly - JDK-8256491: Better HTTP transport - JDK-8258432, CVE-2021-2341: Improve file transfers - JDK-8260453: Improve Font Bounding - JDK-8260960: Signs of jarsigner signing - JDK-8260967, CVE-2021-2369: Better jar file validation - JDK-8262380: Enhance XML processing passes - JDK-8262403: Enhanced data transfer - JDK-8262410: Enhanced rules for zones - JDK-8262477: Enhance String Conclusions - JDK-8262967: Improve Zip file support - JDK-8264066, CVE-2021-2388: Enhance compiler validation - JDK-8264079: Improve abstractions - JDK-8264460: Improve NTLM support * Import of OpenJDK 8 u302 build 01 - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file - JDK-8030123: java/beans/Introspector/Test8027648.java fails - JDK-8033289: clang: clean up unused function warning - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions - JDK-8042891: Format issues embedded in macros for two g1 source files - JDK-8055754: filemap.cpp does not compile with clang - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137 - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3 - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java - JDK-8132148: G1 hs_err region dump legend out of sync with region values - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000) - JDK-8178403: DirectAudio in JavaSound may hang and leak - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-'' - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size" - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out" - JDK-8209996: [PPC64] Fix JFR profiling - JDK-8214345: infinite recursion while checking super class - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types() - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021 - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns - JDK-8231949: [PPC64, s390]: Make async profiling more reliable - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() - JDK-8241649: Optimize Character.toString - JDK-8243559: Remove root certificates with 1024-bit keys - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList - JDK-8255086: Update the root locale display names - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region - JDK-8258419: RSA cipher buffer cleanup - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region" - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect - JDK-8259886: Improve SSL session cache performance and scalability - JDK-8260029: aarch64: fix typo in verify_oop_array - JDK-8260236: better init AnnotationCollector _contended_group - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2 - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding - JDK-8261867: Backport relevant test changes & additions from JDK-8130125 - JDK-8262110: DST starts from incorrect time in 2038 - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack - JDK-8262730: Enable jdk8u MacOS external debug symbols - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395 - JDK-8263504: Some OutputMachOpcodes fields are uninitialized - JDK-8263600: change rmidRunning to a simple lookup - JDK-8264509: jdk8u MacOS zipped debug symbols won't build - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type - JDK-8264816: Weak handles leak causes GC to take longer - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u - JDK-8266191: Missing aarch64 parts of JDK-8181872(C1: possible overflow when strength reducing integer multiply by constant) * Import of OpenJDK 8 u302 build 02 - JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header * Import of OpenJDK 8 u302 build 03 - JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler - JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1 - JDK-8241829: Cleanup the code for PrinterJob on windows - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 - JDK-8264640: CMS ParScanClosure misses a barrier * Import of OpenJDK 8 u302 build 04 - JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java - JDK-8043264: hsdis library not picked up correctly on expected paths - JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java - JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max - JDK-8206925: Support the certificate_authorities extension - JDK-8228757: Fail fast if the handshake type is unknown - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209) - JDK-8257039: [8u] GenericTaskQueue destructor is incorrect - JDK-8262446: DragAndDrop hangs on Windows - JDK-8265666: Enable AIX build platform to make external debug symbols * Import of OpenJDK 8 u302 build 05 - JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome - JDK-7106851: Test should not use System.exit - JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails - JDK-8035000: clean up ActivationLibrary.DestroyThread - JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries - JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang - JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh - JDK-8074835: Resolve disabled warnings for libj2gss - JDK-8074836: Resolve disabled warnings for libosxkrb5 - JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel - JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX - JDK-8172188: JDI tests fail due to "permission denied" when creating temp file - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails - JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016 - JDK-8239053: [8u] clean up undefined-var-template warnings - JDK-8239400: [8u] clean up undefined-var-template warnings - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable - JDK-8250876: Fix issues with cross-compile on macos - JDK-8254631: Better support ALPN byte wire values in SunJSSE - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod - JDK-8266723: JFR periodic events are causing extra allocations - JDK-8266929: Unable to use algorithms from 3p providers - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash - JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM - JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode * Import of OpenJDK 8 u302 build 06 - JDK-8267545: [8u] Enable Xcode 12 builds on macOS - JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457 * Import of OpenJDK 8 u302 build 07 - JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow - JDK-8269468: JDK-8269388 breaks the build on older GCCs * Import of OpenJDK 8 u302 build 08 - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS * Shenandoah - [backport] 8259580: Shenandoah: uninitialized label in VerifyThreadGCState - [backport] 8259954: gc/shenandoah/mxbeans tests fail with -Xcomp - [backport] 8261251: Shenandoah: Use object size for full GC humongous - [backport] 8261413: Shenandoah: Disable class-unloading in I-U mode - [backport] 8265239: Shenandoah: Shenandoah heap region count could be off by 1 - [backport] 8266802: Shenandoah: Round up region size to page size unconditionally - [backport] 8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC - [backport] 8268127: Shenandoah: Heap size may be too small for region to align to large page size - [backport] 8268699: Shenandoah: Add test for JDK-8268127 - Shenandoah: Process weak roots during class unloading cycle The tarballs can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.20.0.tar.gz * http://icedtea.classpath.org/download/source/icedtea-3.20.0.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: * http://icedtea.classpath.org/download/source/icedtea-3.20.0.tar.gz.sig * http://icedtea.classpath.org/download/source/icedtea-3.20.0.tar.xz.sig These are produced using my public key. See details below. PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 https://keybase.io/gnu_andrew GnuPG >= 2.1 is required to be able to handle this key. SHA256 checksums: cd8d496a19b085d3738529e3a3c84b3099157ffad6276ec6108f2dcf25cfa8af icedtea-3.20.0.tar.gz a20dd146bab745db397c3efad9a65444ce8d410a346dd60a07ea930f96729efe icedtea-3.20.0.tar.gz.sig 2eff74514fb1dcc18521c4c13d156933e179b7f06e7b524c8c5b56a6a8048248 icedtea-3.20.0.tar.xz 593e6913cd0cd5be0fe359581bece2daf44191e602a93da46af7e2bbc2c1ded7 icedtea-3.20.0.tar.xz.sig The checksums can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.20.0.sha256 The following people helped with this release: * Andrew Hughes (all bug fixes and backports, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-3.20.0.tar.gz or: $ tar x -I xz -f icedtea-3.20.0.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-3.20.0/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! -- Andrew :) Pronouns: he / him or they / them Senior Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: