[SECURITY] IcedTea 3.24.0 for OpenJDK 8 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Tue Aug 2 17:34:50 UTC 2022

We are pleased to announce the release of IcedTea 3.24.0!

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 8 support with the July 2022 security
fixes from OpenJDK 8u342 and the interim 8u345 release.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the distro-pkg-dev at
openjdk.org mailing list and patches are always welcome.

Full details of the release can be found below.

What's New?
New in release 3.24.0 (2022-08-02):

* Security fixes
  - JDK-8272243: Improve DER parsing
  - JDK-8272249: Better properties of loaded Properties
  - JDK-8277608: Address IP Addressing
  - JDK-8281859, CVE-2022-21540: Improve class compilation
  - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations
  - JDK-8283190: Improve MIDI processing
  - JDK-8284370: Improve zlib usage
  - JDK-8285407, CVE-2022-34169: Improve Xalan supports
* Import of OpenJDK 8 u342
  - JDK-8076190: Customizing the generation of a PKCS12 keystore
  - JDK-8129572: Cleanup usage of getResourceAsStream in jaxp
  - JDK-8132256: jaxp: Investigate removal of com/sun/org/apache/bcel/internal/util/ClassPath.java
  - JDK-8168926: C2: Bytecode escape analyzer crashes due to stack overflow
  - JDK-8170530: bash configure output contains a typo in a suggested library name
  - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream
  - JDK-8194154: System property user.dir should not be changed
  - JDK-8202142: jfr/event/io/TestInstrumentation is unstable
  - JDK-8209771: jdk.test.lib.Utils::runAndCheckException error
  - JDK-8221988: add possibility to build with Visual Studio 2019
  - JDK-8223396: [TESTBUG] several jfr tests do not clean up files created in /tmp
  - JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java fails at-run shell MakeJAR.sh target
  - JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file
  - JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty"
  - JDK-8248876: LoadObject with bad base address created for exec file on linux
  - JDK-8255239: The timezone of the hs_err_pid log file is corrupted in Japanese locale
  - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream)
  - JDK-8266187: Memory leak in appendBootClassPath()
  - JDK-8274658: ISO 4217 Amendment 170 Update
  - JDK-8274751: Drag And Drop hangs on Windows
  - JDK-8278138: OpenJDK8 fails to start on Windows 8.1 after upgrading compiler to VS2017
  - JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition
  - JDK-8281814: Debuginfo.diz contains redundant build path after backport JDK-8025936
  - JDK-8282458: Update .jcheck/conf file for 8u move to git
  - JDK-8282552: Bump update version of OpenJDK: 8u342
  - JDK-8283350: (tz) Update Timezone Data to 2022a
  - JDK-8284620: CodeBuffer may leak _overflow_arena
  - JDK-8285445: cannot open file "NUL:"
  - JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java
  - JDK-8285591: [11] add signum checks in DSA.java engineVerify
  - JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head
  - JDK-8286989: Build failure on macOS after 8281814
  - JDK-8287537: 8u JDK-8284620 backport broke AArch64 build
* Import of OpenJDK 8 u345
  - JDK-8290832: It is no longer possible to change "user.dir" in the JDK8
  - JDK-8291568: Bump update version of OpenJDK: 8u345

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.24.0.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.24.0.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-3.24.0.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.24.0.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

96cf94c0d29aa5a659369e75c0f6ed4e7832e0aa23d5ebb09fd06dea38feb864  icedtea-3.24.0.tar.gz
d8b02f464ed6ac93ccfa6140938fddcebd6f49bd665f22f8e501446237c752b7  icedtea-3.24.0.tar.gz.sig
1c74bf6f3a69bf18ee6dc449fc2ad3294e9371b67ff93aa7d38a140e24041cfe  icedtea-3.24.0.tar.xz
864231bd655bddded247a3045f9911ba86a81c61558983f6ae00397963c90281  icedtea-3.24.0.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.24.0.sha256

The following people helped with this release:

* Andrew Hughes (all bug fixes and backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.24.0.tar.gz


$ tar x -I xz -f icedtea-3.24.0.tar.xz


$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.24.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
Andrew :)
Pronouns: he / him or they / them
Senior Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/distro-pkg-dev/attachments/20220802/d5000397/signature.asc>

More information about the distro-pkg-dev mailing list