[SECURITY] IcedTea 3.31.0 for OpenJDK 8 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Sat Apr 20 14:46:05 UTC 2024 

We are pleased to announce the release of IcedTea 3.31.0!

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 8 support with the April 2024
security fixes from OpenJDK 8u412.

If you find an issue with the release, please report it to our bug
database (https://github.com/icedtea-git/icedtea/issues) under the
appropriate component. Development discussion takes place on the
distro-pkg-dev at openjdk.org mailing list and patches are always
welcome.

Full details of the release can be found below.

What's New?
===========
New in release 3.31.0 (2024-04-20):

* CVEs
  - CVE-2024-21011
  - CVE-2024-21085
  - CVE-2024-21068
  - CVE-2024-21094
* Security fixes
  - JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array"
  - JDK-8318340: Improve RSA key implementations
  - JDK-8319851: Improve exception logging
  - JDK-8322114: Improve Pack 200 handling
  - JDK-8322122: Enhance generation of addresses
* Import of OpenJDK 8 u412 build 08
  - JDK-8011180: Delete obsolete scripts
  - JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build
  - JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios
  - JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X
  - JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows
  - JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388)
  - JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache
  - JDK-8168518: rcache interop with krb5-1.15
  - JDK-8183503: Update hotspot tests to allow for unique test classes directory
  - JDK-8186095: upgrade to jtreg 4.2 b08
  - JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH
  - JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
  - JDK-8208655: use JTreg skipped status in hotspot tests
  - JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1
  - JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile
  - JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system
  - JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
  - JDK-8224768: Test ActalisCA.java fails
  - JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
  - JDK-8251551: Use .md filename extension for README
  - JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
  - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java  OCSP response error
  - JDK-8270517: Add Zero support for LoongArch
  - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
  - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
  - JDK-8288132: Update test artifacts in QuoVadis CA interop tests
  - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs
  - JDK-8301310: The SendRawSysexMessage test may cause a JVM crash
  - JDK-8308592: Framework for CA interoperability testing
  - JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955
  - JDK-8315042: NPE in PKCS7.parseOldSignedData
  - JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set
  - JDK-8320713: Bump update version of OpenJDK: 8u412
  - JDK-8321060: [8u] hotspot needs to recognise VS2022
  - JDK-8321408: Add Certainly roots R1 and E1
  - JDK-8322725: (tz) Update Timezone Data to 2023d
  - JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray
  - JDK-8323202: [8u] Remove get_source.sh and hgforest.sh
  - JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed
  - JDK-8324530: Build error with gcc 10
  - JDK-8325150: (tz) Update Timezone Data to 2024a
* Bug fixes
  - Support make 4.4

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.31.0.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.31.0.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-3.31.0.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.31.0.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

f86596aa710e4fb332175b7b86eb789effb6f7f0d0128b8e70322aa05c356f89  icedtea-3.31.0.tar.gz
fa18ede15dbffd75bcf745e276fe981c2f067408134edd21dace80f4955c010b  icedtea-3.31.0.tar.gz.sig
6b3fa4846b767c21ffa37884c04260d70e13f3b3a7a247557c453ea9aeaa7cb5  icedtea-3.31.0.tar.xz
efbbe3572deca3555268e66dd15144a34b4bb8c9d103c23825dc3c21f779aa17  icedtea-3.31.0.tar.xz.sig

SHA512 checksums:

4d25fec24a4b16ecfe6dc53320563697ced093a1067135a86fefa6fefec35b372035246c1084628232c33a0f452a97b7088d18ef0657a964c49e62bd6d5906fa  icedtea-3.31.0.tar.gz
d07a8748730305865c0c75b01734bdfe69c7c8c4151e00b5cd678ed91953c7239cf82e8361caa67ab9a9eb4026cdf7a64717bbc53548d0a7fa5fa86e07e0a76e  icedtea-3.31.0.tar.gz.sig
25348d95ae0befa6b5f1cdc729e253306ad1bebc069e5e23fcd9e159baebbc23a78cfe55e77b2d8b839eac7d81d18a9e3bc334886646791537111602c956e2b1  icedtea-3.31.0.tar.xz
df6f8c51e14238d1249369419b2bc47e69b98443c3c0c13fed60b8cb201d01900935e8dc3886d2dd7f4bf2ad2fd8a6ec84d6af35b74021d203128b125d1aee37  icedtea-3.31.0.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.31.0.sha256
* http://icedtea.classpath.org/download/source/icedtea-3.31.0.sha512

The following people helped with this release:

* Andrew Hughes (all bug fixes and backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.31.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.31.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.31.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)
Pronouns: he / him or they / them
Principal Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
Available on Libera Chat & OFTC IRC networks as gnu_andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/distro-pkg-dev/attachments/20240420/d97db522/signature.asc>

More information about the distro-pkg-dev mailing list