From gnu_andrew at member.fsf.org Sat Apr 20 14:46:05 2024 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Sat, 20 Apr 2024 15:46:05 +0100 Subject: [SECURITY] IcedTea 3.31.0 for OpenJDK 8 Released! Message-ID: We are pleased to announce the release of IcedTea 3.31.0! The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 8 support with the April 2024 security fixes from OpenJDK 8u412. If you find an issue with the release, please report it to our bug database (https://github.com/icedtea-git/icedtea/issues) under the appropriate component. Development discussion takes place on the distro-pkg-dev at openjdk.org mailing list and patches are always welcome. Full details of the release can be found below. What's New? =========== New in release 3.31.0 (2024-04-20): * CVEs - CVE-2024-21011 - CVE-2024-21085 - CVE-2024-21068 - CVE-2024-21094 * Security fixes - JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array" - JDK-8318340: Improve RSA key implementations - JDK-8319851: Improve exception logging - JDK-8322114: Improve Pack 200 handling - JDK-8322122: Enhance generation of addresses * Import of OpenJDK 8 u412 build 08 - JDK-8011180: Delete obsolete scripts - JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build - JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios - JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X - JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows - JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388) - JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache - JDK-8168518: rcache interop with krb5-1.15 - JDK-8183503: Update hotspot tests to allow for unique test classes directory - JDK-8186095: upgrade to jtreg 4.2 b08 - JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH - JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails - JDK-8208655: use JTreg skipped status in hotspot tests - JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1 - JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile - JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system - JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" - JDK-8224768: Test ActalisCA.java fails - JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits - JDK-8251551: Use .md filename extension for README - JDK-8268678: LetsEncryptCA.java test fails as Let?s Encrypt Authority X3 is retired - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error - JDK-8270517: Add Zero support for LoongArch - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test - JDK-8288132: Update test artifacts in QuoVadis CA interop tests - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs - JDK-8301310: The SendRawSysexMessage test may cause a JVM crash - JDK-8308592: Framework for CA interoperability testing - JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955 - JDK-8315042: NPE in PKCS7.parseOldSignedData - JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set - JDK-8320713: Bump update version of OpenJDK: 8u412 - JDK-8321060: [8u] hotspot needs to recognise VS2022 - JDK-8321408: Add Certainly roots R1 and E1 - JDK-8322725: (tz) Update Timezone Data to 2023d - JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray - JDK-8323202: [8u] Remove get_source.sh and hgforest.sh - JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed - JDK-8324530: Build error with gcc 10 - JDK-8325150: (tz) Update Timezone Data to 2024a * Bug fixes - Support make 4.4 The tarballs can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.31.0.tar.gz * http://icedtea.classpath.org/download/source/icedtea-3.31.0.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: * http://icedtea.classpath.org/download/source/icedtea-3.31.0.tar.gz.sig * http://icedtea.classpath.org/download/source/icedtea-3.31.0.tar.xz.sig These are produced using my public key. See details below. PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 https://keybase.io/gnu_andrew GnuPG >= 2.1 is required to be able to handle this key. SHA256 checksums: f86596aa710e4fb332175b7b86eb789effb6f7f0d0128b8e70322aa05c356f89 icedtea-3.31.0.tar.gz fa18ede15dbffd75bcf745e276fe981c2f067408134edd21dace80f4955c010b icedtea-3.31.0.tar.gz.sig 6b3fa4846b767c21ffa37884c04260d70e13f3b3a7a247557c453ea9aeaa7cb5 icedtea-3.31.0.tar.xz efbbe3572deca3555268e66dd15144a34b4bb8c9d103c23825dc3c21f779aa17 icedtea-3.31.0.tar.xz.sig SHA512 checksums: 4d25fec24a4b16ecfe6dc53320563697ced093a1067135a86fefa6fefec35b372035246c1084628232c33a0f452a97b7088d18ef0657a964c49e62bd6d5906fa icedtea-3.31.0.tar.gz d07a8748730305865c0c75b01734bdfe69c7c8c4151e00b5cd678ed91953c7239cf82e8361caa67ab9a9eb4026cdf7a64717bbc53548d0a7fa5fa86e07e0a76e icedtea-3.31.0.tar.gz.sig 25348d95ae0befa6b5f1cdc729e253306ad1bebc069e5e23fcd9e159baebbc23a78cfe55e77b2d8b839eac7d81d18a9e3bc334886646791537111602c956e2b1 icedtea-3.31.0.tar.xz df6f8c51e14238d1249369419b2bc47e69b98443c3c0c13fed60b8cb201d01900935e8dc3886d2dd7f4bf2ad2fd8a6ec84d6af35b74021d203128b125d1aee37 icedtea-3.31.0.tar.xz.sig The checksums can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.31.0.sha256 * http://icedtea.classpath.org/download/source/icedtea-3.31.0.sha512 The following people helped with this release: * Andrew Hughes (all bug fixes and backports, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-3.31.0.tar.gz or: $ tar x -I xz -f icedtea-3.31.0.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-3.31.0/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! -- Andrew :) Pronouns: he / him or they / them Principal Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 Please contact via e-mail, not proprietary chat networks Available on Libera Chat & OFTC IRC networks as gnu_andrew -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: