[SECURITY] IcedTea 3.32.0 for OpenJDK 8 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Sat Jul 27 22:34:03 UTC 2024 

We are pleased to announce the release of IcedTea 3.32.0!

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 8 support with the July 2024
security fixes from OpenJDK 8u422.

If you find an issue with the release, please report it to our bug
database (https://github.com/icedtea-git/icedtea/issues) under the
appropriate component. Development discussion takes place on the
distro-pkg-dev at openjdk.org mailing list and patches are always
welcome.

Full details of the release can be found below.

What's New?
===========
New in release 3.32.0 (2024-07-27):

* CVEs
  - CVE-2024-21131
  - CVE-2024-21138
  - CVE-2024-21140
  - CVE-2024-21144
  - CVE-2024-21145
  - CVE-2024-21147
* Security fixes
  - JDK-8314794: Improve UTF8 String supports
  - JDK-8319859: Better symbol storage
  - JDK-8320097: Improve Image transformations
  - JDK-8320548: Improved loop handling
  - JDK-8322106: Enhance Pack 200 loading
  - JDK-8323231: Improve array management
  - JDK-8323390: Enhance mask blit functionality
  - JDK-8324559: Improve 2D image handling
  - JDK-8325600: Better symbol storage
* Import of OpenJDK 8 u422 build 05
  - JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105
  - JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings
  - JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/bug7123767.java: number of checked graphics configurations should be limited
  - JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
  - JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails
  - JDK-8205407: [windows, vs<2017] C4800 after 8203197
  - JDK-8235834: IBM-943 charset encoder needs updating
  - JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly"
  - JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
  - JDK-8256152: tests fail because of ambiguous method resolution
  - JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
  - JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
  - JDK-8268916: Tests for AffirmTrust roots
  - JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
  - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
  - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value
  - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
  - JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections
  - JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL
  - JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM
  - JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074
  - JDK-8315020: The macro definition for LoongArch64 zero build is not accurate.
  - JDK-8316138: Add GlobalSign 2 TLS root certificates
  - JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows
  - JDK-8320005: Allow loading of shared objects with .a extension on AIX
  - JDK-8324185: [8u] Accept Xcode 12+ builds on macOS
  - JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing
  - JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test
  - JDK-8326686: Bump update version of OpenJDK: 8u422
  - JDK-8327440: Fix "bad source file" error during beaninfo generation
  - JDK-8328809: [8u] Problem list some CA tests
  - JDK-8328825: Google CAInterop test failures
  - JDK-8329544: [8u] sun/security/krb5/auto/ReplayCacheTestProc.java cannot find the testlibrary
  - JDK-8331791: [8u] AIX build break from JDK-8320005 backport
  - JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test
  - JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes
* Bug fixes
  - JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye
  - JDK-8333669: [8u] GHA: Dead VS2010 download link
  - JDK-8318039: GHA: Bump macOS and Xcode versions

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.32.0.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.32.0.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-3.32.0.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.32.0.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

3df0cd0ed71829945dfdf02e8ca2bd25d47a6f3a3ffb7e9c92a2d7fd58bc60a7  icedtea-3.32.0.tar.gz
4919644e08991e287a23a92da09716a7ac7bc5fd782c2cf60e0a845e02e02712  icedtea-3.32.0.tar.gz.sig
40aaf6c20cb8067ae6a69ca8a0087793ef56c23ddfd8b5b83fb5080885b96c40  icedtea-3.32.0.tar.xz
5d0df1cd335df65e2df5e8fdbe385a4a49b678a9240a385d831e90815ea14516  icedtea-3.32.0.tar.xz.sig

SHA512 checksums:

db967ef17c6b2eaf883b0b3621efaec561fa601f462f5e0db4432167d8e70aee93339c7ed3933eab1f43ae176d38118ced7c6ed6f15106eae44a166e9a852cf6  icedtea-3.32.0.tar.gz
e1f728740503b39ef2f8d5f25f6a4ac7709b3e6a39d9ae639dbccf4e8cbd1ae2cbf4e3180aa4a89f3942a69c7bc1965606cd4ddb493faae67cef1876711537f5  icedtea-3.32.0.tar.gz.sig
151a1edb7fc459ee2bf43b44d90561513b2fdce39429bf1deca6ef004692fb946a58ad113f02876926df3ec7bcbf639484b903cd0c8840fc9457cab5bc2fa44a  icedtea-3.32.0.tar.xz
5cea6b45f0587eb535083d79ad5b84ea54b6c3aceb1faa9e4e55ea36d8e33dc67554a407e02e5df4c5b24754c6338a06e8042225b59f2fbc75b4be08c98c6e45  icedtea-3.32.0.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.32.0.sha256
* http://icedtea.classpath.org/download/source/icedtea-3.32.0.sha512

The following people helped with this release:

* Andrew Hughes (all bug fixes and backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.32.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.32.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.32.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)
Pronouns: he / him or they / them
Principal Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
Available on Libera Chat & OFTC IRC networks as gnu_andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/distro-pkg-dev/attachments/20240727/e2dccec5/signature.asc>

More information about the distro-pkg-dev mailing list