[SECURITY] IcedTea 2.6.28 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Mon Nov 8 04:35:58 UTC 2021 

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the October 2021 security fixes from OpenJDK 7u321.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the distro-pkg-dev at
openjdk.java.net mailing list and patches are always welcome.

Full details of the release can be found below.

What's New?
===========
New in release 2.6.28 (2021-11-07):

* New features
  - Elliptic curve cryptography (ECC) is now always supported using the in-tree SunEC library
  - The option --enable-sunec is renamed to --enable-nss-sunec and may still be used to link against system NSS
* Security fixes
  - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
  - JDK-8161016: Strange behavior of URLConnection with proxy
  - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
  - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
  - JDK-8263314: Enhance XML Dsig modes
  - JDK-8265167, CVE-2021-35556: Richer Text Editors
  - JDK-8265574: Improve handling of sheets
  - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
  - JDK-8265776: Improve Stream handling for SSL
  - JDK-8266097, CVE-2021-35561: Better hashing support
  - JDK-8266103: Better specified spec values
  - JDK-8266109: More Resilient Classloading
  - JDK-8266115: More Manifest Jar Loading
  - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
  - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
  - JDK-8267712: Better LDAP reference processing
  - JDK-8267735, CVE-2021-35586: Better BMP support
  - JDK-8268506: More Manifest Digests
  - JDK-8269618, CVE-2021-35603: Better session identification
  - JDK-8269624: Enhance method selection support
  - JDK-8270398: Enhance canonicalization
  - JDK-8270404: Better canonicalization
* Import of OpenJDK 7 u321 build 1
  - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
  - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
  - JDK-8269763: The JEditorPane is blank after JDK-8265167

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.28.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.28.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.28.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.28.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

b42fc48d530b513455112492b219f461793499978b1f9722f73a1a5dcac7ce11  icedtea-2.6.28.tar.gz
d45617610bb02bb4fabfa25121ad7da8686213da3f28dd7397f6d83ce54880cd  icedtea-2.6.28.tar.gz.sig
951188e6c0e3599de22f5cb2d95b5da9bf480763b5c8c600dae9fec88cff1735  icedtea-2.6.28.tar.xz
d0578355674271454ef98abdf6deb2c8ec4847ffd9ccf2df946ba7c0476796f0  icedtea-2.6.28.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.28.sha256

The following people helped with these releases:

* Andrew Hughes (all backports & bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.28.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.28.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.28/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)
Pronouns: he / him or they / them

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20211108/4e136bd6/signature.asc>

More information about the distro-pkg-dev mailing list