From gnu_andrew at member.fsf.org Sat Jul 29 01:03:32 2023 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Sat, 29 Jul 2023 02:03:32 +0100 Subject: [SECURITY] IcedTea 3.28.0 for OpenJDK 8 Released! Message-ID: We are pleased to announce the release of IcedTea 3.28.0! The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 8 support with the July 2023 security fixes from OpenJDK 8u382. If you find an issue with the release, please report it to our bug database (http://icedtea.classpath.org/bugzilla) under the appropriate component. Development discussion takes place on the distro-pkg-dev at openjdk.org mailing list and patches are always welcome. Full details of the release can be found below. What's New? =========== New in release 3.28.0 (2023-07-28): * CVEs - CVE-2023-22045 - CVE-2023-22049 * Security fixes - JDK-8298676: Enhanced Look and Feel - JDK-8300596: Enhance Jar Signature validation - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling * Import of OpenJDK 8 u382 build 05 - JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace - JDK-8151460: Metaspace counters can have inconsistent values - JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode - JDK-8185736: missing default exception handler in calls to rethrow_Stub - JDK-8186801: Add regression test to test mapping based charsets (generated at build time) - JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color - JDK-8241311: Move some charset mapping tests from closed to open - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped - JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key - JDK-8276841: Add support for Visual Studio 2022 - JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode - JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms - JDK-8282345: handle latest VS2022 in abstract_vm_version - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary - JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4 - JDK-8289301: P11Cipher should not throw out of bounds exception during padding - JDK-8293232: Fix race condition in pkcs11 SessionManager - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation - JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13 - JDK-8298108: Add a regression test for JDK-8297684 - JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows - JDK-8301119: Support for GB18030-2022 - JDK-8301400: Allow additional characters for GB18030-2022 support - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8303028: Update system property for Java SE specification maintenance version - JDK-8303462: Bump update version of OpenJDK: 8u382 - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue - JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support - JDK-8305975: Add TWCA Global Root CA - JDK-8307134: Add GTS root CAs - JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8 - JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow - JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119 The tarballs can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.28.0.tar.gz * http://icedtea.classpath.org/download/source/icedtea-3.28.0.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: * http://icedtea.classpath.org/download/source/icedtea-3.28.0.tar.gz.sig * http://icedtea.classpath.org/download/source/icedtea-3.28.0.tar.xz.sig These are produced using my public key. See details below. PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 https://keybase.io/gnu_andrew GnuPG >= 2.1 is required to be able to handle this key. SHA256 checksums: f9396a18d1ef1c9f898034c2ba430de64a331c92a2a4bf21dd4b628643a1b21d icedtea-3.28.0.tar.gz c23623652120973fb762977568cfe4b0866f63ca6132e18dc6124a81046f19b1 icedtea-3.28.0.tar.gz.sig 822697a4f0039ec312cc143df40916fc8b68fbfe49c2631186bbba83bd6c5c8d icedtea-3.28.0.tar.xz f4c53bc28bff2162c41a26e27213902ab81336b682f6db566152a6e800b37d7a icedtea-3.28.0.tar.xz.sig The checksums can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.28.0.sha256 The following people helped with this release: * Andrew Hughes (all bug fixes and backports, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-3.28.0.tar.gz or: $ tar x -I xz -f icedtea-3.28.0.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-3.28.0/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! -- Andrew :) Pronouns: he / him or they / them Principal Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 Please contact via e-mail, not proprietary chat networks Available on Libera Chat & OFTC IRC networks as gnu_andrew -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: