From gnu_andrew at member.fsf.org Fri Nov 25 17:51:42 2022 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Fri, 25 Nov 2022 17:51:42 +0000 Subject: [SECURITY] IcedTea 3.25.0 for OpenJDK 8 Released! Message-ID: We are pleased to announce the release of IcedTea 3.25.0! The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 8 support with the October 2022 security fixes from OpenJDK 8u352. If you find an issue with the release, please report it to our bug database (http://icedtea.classpath.org/bugzilla) under the appropriate component. Development discussion takes place on the distro-pkg-dev at openjdk.org mailing list and patches are always welcome. Full details of the release can be found below. What's New? =========== New in release 3.25.0 (2022-11-24): * CVEs - CVE-2022-21619 - CVE-2022-21626 - CVE-2022-21624 - CVE-2022-21628 * Security fixes - JDK-8282252: Improve BigInteger/Decimal validation - JDK-8285662: Better permission resolution - JDK-8286511: Improve macro allocation - JDK-8286519: Better memory handling - JDK-8286526: Improve NTLM support - JDK-8286533: Key X509 usages - JDK-8286910: Improve JNDI lookups - JDK-8286918: Better HttpServer service - JDK-8288508: Enhance ECDSA usage * Import of OpenJDK 8 u352 - JDK-7131823: bug in GIFImageReader - JDK-7186258: InetAddress$Cache should replace currentTimeMillis with nanoTime for more precise and accurate - JDK-8028265: Add legacy tz tests to OpenJDK - JDK-8039955: [TESTBUG] jdk/lambda/LambdaTranslationTest1 - java.lang.AssertionError: expected [d:1234.000000] but found [d:1234,000000] - JDK-8049228: Improve multithreaded scalability of InetAddress cache - JDK-8071507: (ref) Clear phantom reference as soft and weak references do - JDK-8087283: Add support for the XML Signature here() function to the JDK XPath implementation - JDK-8130895: Test javax/swing/system/6799345/TestShutdown.java fails on Solaris11 Sparcv9 - JDK-8136354: [TEST_BUG] Test java/awt/image/RescaleOp/RescaleAlphaTest.java with Bad action for script - JDK-8139668: Generate README-build.html from markdown - JDK-8143847: Remove REF_CLEANER reference category - JDK-8147862: Null check too late in sun.net.httpserver.ServerImpl - JDK-8150669: C1 intrinsic for Class.isPrimitive - JDK-8155742: [Windows] robot.keyPress(KeyEvent.VK_ALT_GRAPH) throws java.lang.IllegalArgumentException in windows - JDK-8173339: AArch64: Fix minimum stack size computations - JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load - JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing - JDK-8178832: (ref) jdk.lang.ref.disableClearBeforeEnqueue property is ignored - JDK-8183107: PKCS11 regression regarding checkKeySize - JDK-8193780: (ref) Remove the undocumented "jdk.lang.ref.disableClearBeforeEnqueue" system property - JDK-8194873: right ALT key hotkeys no longer work in Swing components - JDK-8201793: (ref) Reference object should not support cloning - JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount() - JDK-8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures. - JDK-8233019: java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit - JDK-8235218: Minimal VM is broken after JDK-8173361 - JDK-8235385: Crash on aarch64 JDK due to long offset - JDK-8245263: Enable TLSv1.3 by default on JDK 8u for Client roles - JDK-8254178: Remove .hgignore - JDK-8254318: Remove .hgtags - JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version - JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*) - JDK-8280963: Incorrect PrintFlags formatting on Windows - JDK-8282538: PKCS11 tests fail on CentOS Stream 9 - JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee - JDK-8285400: Add '@apiNote' to the APIs defined in Java SE 8 MR 3 - JDK-8285497: Add system property for Java SE specification maintenance version - JDK-8287132: Retire Runtime.runFinalizersOnExit so that it always throws UOE - JDK-8287508: The tests added to jdk-8 by 8235385 are to be ported to jdk-11 - JDK-8287521: Bump update version of OpenJDK: 8u352 - JDK-8288763: Pack200 extraction failure with invalid size - JDK-8288865: [aarch64] LDR instructions must use legitimized addresses - JDK-8290000: Bump macOS GitHub actions to macOS 11 - JDK-8292579: (tz) Update Timezone Data to 2022c - JDK-8292688: Support Security properties in security.testlibrary.Proc * AArch32 port - JDK-8292599: [aarch32] Crash due to missed CPU specific part of 8233019 The tarballs can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.25.0.tar.gz * http://icedtea.classpath.org/download/source/icedtea-3.25.0.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: * http://icedtea.classpath.org/download/source/icedtea-3.25.0.tar.gz.sig * http://icedtea.classpath.org/download/source/icedtea-3.25.0.tar.xz.sig These are produced using my public key. See details below. PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 https://keybase.io/gnu_andrew GnuPG >= 2.1 is required to be able to handle this key. SHA256 checksums: ac00ae41852677c6b308befe6effa79d8129021f1f1ef2a21e20260e52c72a6e icedtea-3.25.0.tar.gz e604c02c34b8a24ddfd8e7257eb3dac1a1df600b2e499e732c80a5e83842861f icedtea-3.25.0.tar.gz.sig 90d29e120733701a0a7443c5a418616d0f961932f035de5c6785e4494aca2a0d icedtea-3.25.0.tar.xz ec0bb1076014324722e6559a831d35af0833673b224f9d9a27c59ee54fe809f9 icedtea-3.25.0.tar.xz.sig The checksums can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.25.0.sha256 The following people helped with this release: * Andrew Hughes (all bug fixes and backports, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-3.25.0.tar.gz or: $ tar x -I xz -f icedtea-3.25.0.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-3.25.0/configure $ make Full build requirements and instructions are available in the INSTALL file. -- Andrew :) Pronouns: he / him or they / them Senior Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: