From gnu_andrew at member.fsf.org Sat Mar 5 01:09:06 2022 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Sat, 5 Mar 2022 01:09:06 +0000 Subject: [SECURITY] IcedTea 3.22.0 for OpenJDK 8 Released! Message-ID: We are pleased to announce the release of IcedTea 3.22.0! The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 8 support with the January 2022 security fixes from OpenJDK 8u322. If you find an issue with the release, please report it to our bug database (http://icedtea.classpath.org/bugzilla) under the appropriate component. Development discussion takes place on the distro-pkg-dev at openjdk.java.net mailing list and patches are always welcome. Full details of the release can be found below. What's New? =========== New in release 3.22.0 (2022-03-04): * Security fixes - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization - JDK-8268488: More valuable DerValues - JDK-8268494: Better inlining of inlined interfaces - JDK-8268512: More content for ContentInfo - JDK-8268795: Enhance digests of Jar files - JDK-8268801: Improve PKCS attribute handling - JDK-8268813, CVE-2022-21283: Better String matching - JDK-8269151: Better construction of EncryptedPrivateKeyInfo - JDK-8269944: Better HTTP transport redux - JDK-8270392, CVE-2022-21293: Improve String constructions - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps - JDK-8270492, CVE-2022-21282: Better resolution of URIs - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities - JDK-8271962: Better TrueType font loading - JDK-8271968: Better canonical naming - JDK-8271987: Manifest improved manifest entries - JDK-8272014, CVE-2022-21305: Better array indexing - JDK-8272026, CVE-2022-21340: Verify Jar Verification - JDK-8272236, CVE-2022-21341: Improve serial forms for transport - JDK-8272272: Enhance jcmd communication - JDK-8272462: Enhance image handling - JDK-8273290: Enhance sound handling - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering - JDK-8273756, CVE-2022-21360: Enhance BMP image support - JDK-8273838, CVE-2022-21365: Enhanced BMP processing * Import of OpenJDK 8 u322 - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03 - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108 - JDK-8041928: MouseEvent.getModifiersEx gives wrong result - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402 - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) - JDK-8048021: Remove @version tag in jaxp repo - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator - JDK-8148915: Intermittent failures of bug6400879.java - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests - JDK-8182036: Load from initializing arraycopy uses wrong memory state - JDK-8183369: RFC unconformity of HttpURLConnection with proxy - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check" - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride - JDK-8190793: Httpserver does not detect truncated request body - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021 - JDK-8225083: Remove Google certificate that is expiring in December 2021 - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software - JDK-8231438: [macOS] Dark mode for the desktop is not supported - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails - JDK-8236897: Fix the copyright header for pkcs11gcm2.h - JDK-8237499: JFR: Include stack trace in the ThreadStart event - JDK-8239886: Minimal VM build fails after JDK-8237499 - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0 - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions - JDK-8273308: PatternMatchTest.java fails on CI - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817 - JDK-8273826: Correct Manifest file name and NPE checks - JDK-8273968: JCK javax_xml tests fail in CI - JDK-8274407: (tz) Update Timezone Data to 2021c - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b - JDK-8274468: TimeZoneTest.java fails with tzdata2021b - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST - JDK-8275766: (tz) Update Timezone Data to 2021e - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766 The tarballs can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.22.0.tar.gz * http://icedtea.classpath.org/download/source/icedtea-3.22.0.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: * http://icedtea.classpath.org/download/source/icedtea-3.22.0.tar.gz.sig * http://icedtea.classpath.org/download/source/icedtea-3.22.0.tar.xz.sig These are produced using my public key. See details below. PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 https://keybase.io/gnu_andrew GnuPG >= 2.1 is required to be able to handle this key. SHA256 checksums: 9894235c92303ec2fb5c0bff9e72b1efbf6962b40504868df99da884147579fc icedtea-3.22.0.tar.gz eb421798334f15dbd07d2ba7570fcae28af891d25626b53ec8d7669bdffb43cf icedtea-3.22.0.tar.gz.sig 82bffbe2b04ad8b733f7c796ae8d40ece2437adb1d4e614b8391ab44fc7f175b icedtea-3.22.0.tar.xz bdc69c5113787b4b5fbbe16c3815191e02668b647773c8812362b397aa910a17 icedtea-3.22.0.tar.xz.sig The checksums can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.22.0.sha256 The following people helped with this release: * Andrew Hughes (all bug fixes and backports, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-3.22.0.tar.gz or: $ tar x -I xz -f icedtea-3.22.0.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-3.22.0/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! -- Andrew :) Pronouns: he / him or they / them Senior Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From gnu_andrew at member.fsf.org Sat Mar 5 01:22:42 2022 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Sat, 5 Mar 2022 01:22:42 +0000 Subject: IcedTea Moved to git (and GitHub) Message-ID: Following the move of OpenJDK 7 [0] and 8 [1] to git & GitHub, we are in the process of doing the same with IcedTea and its forks of the OpenJDK trees. IcedTea's new home for code development is: https://github.com/icedtea-git/ Currently, this houses the IcedTea OpenJDK 8 fork, https://github.com/icedtea-git/icedtea8 and IcedTea itself: https://github.com/icedtea-git/icedtea Rather than try to repeat the upstream process of converting the OpenJDK IcedTea forests first to a single Mercurial repository, and then to a Git repository, we have simply rebased the IcedTea changes onto a fork of the new upstream OpenJDK git tree. This is also a good time to review the IcedTea changes, remove any that are no longer needed and upstream others where possible. So far, the old IcedTea8 forest for the IcedTea 3.x series has been converted. IcedTea7 for the IcedTea 2.x series should follow shortly. The old Mercurial trees are still available, read-only, from: https://icedtea.wildebeest.org/hg/ Due to issues with the IcedTea server, these do not contain the last two Mercurial releases from July & October 2021. We'll try and make these available for reference if possible. No more changes will be made in the Mercurial repositories. IcedTea itself is being converted from a series of Mercurial repositories to one Git repository with appropriately named branches. Currently, only the 3.0 branch exists, but the others should follow soon. The transition will be as follows: hg/icedtea6 -> 1.0 hg/icedtea7 -> 2.0 hg/release/icedtea7-2.6 -> 2.6 hg/release/icedtea6-1.13 -> 1.13 hg/icedtea8 -> 3.0 hg/icedtea9 -> 4.0 hg/icedtea10 -> 5.0 hg/icedtea11 -> 6.0 hg/icedtea12 -> 7.0 hg/icedtea13 -> 8.0 hg/icedtea14 -> 9.0 hg/icedtea15 -> 10.0 hg/icedtea16 -> 11.0 hg/icedtea -> main Your patience is appreciated in this time of transition. [0] https://github.com/openjdk/jdk7u [1] https://github.com/openjdk/jdk8u Thanks, -- Andrew :) Pronouns: he / him or they / them Senior Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: