From gnu_andrew at member.fsf.org Mon Nov 4 21:00:35 2024 From: gnu_andrew at member.fsf.org (Andrew Hughes) Date: Mon, 4 Nov 2024 21:00:35 +0000 Subject: [SECURITY] IcedTea 3.33.0 for OpenJDK 8 Released! Message-ID: We are pleased to announce the release of IcedTea 3.33.0! The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 8 support with the October 2024 security fixes from OpenJDK 8u432. If you find an issue with the release, please report it to our bug database (https://github.com/icedtea-git/icedtea/issues) under the appropriate component. Development discussion takes place on the distro-pkg-dev at openjdk.org mailing list and patches are always welcome. Full details of the release can be found below. What's New? =========== New in release 3.33.0 (2024-11-04): * CVEs - CVE-2024-21208 - CVE-2024-21210 - CVE-2024-21217 - CVE-2024-21235 * Security fixes - JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property - JDK-8313626, JDK-8307769: C2 crash due to unexpected exception control flow - JDK-8328286: Enhance HTTP client - JDK-8328544: Improve handling of vectorization - JDK-8328726: Better Kerberos support - JDK-8331446: Improve deserialization support - JDK-8332644: Improve graph optimizations - JDK-8335713: Enhance vectorization analysis * Import of OpenJDK 8 u432 build 06 - JDK-4660158: TTY: NumberFormatException while trying to set values by 'set' command - JDK-6544871: java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows. - JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails - JDK-8021775: compiler/8009761/Test8009761.java "Failed: init recursive calls: 51. After deopt 50" - JDK-8030204: com/sun/jdi/JdbExprTest.sh: Required output "Can\\'t convert 2147483648 to int" not found - JDK-8030795: java/nio/file/Files/probeContentType/ForceLoad.java failing with ServiceConfigurationError without jtreg -agentvm option - JDK-8035395: sun/management/jmxremote/startstop/JMXStartStopTest.java fails intermittently: Port already in use - JDK-8075511: Enable -Woverloaded-virtual C++ warning for HotSpot build - JDK-8137329: [windows] Build broken on VS2010 after "8046148: JEP 158: Unified JVM Logging" - JDK-8145919: sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials - JDK-8152207: Perform array bound checks while getting a length of bytecode instructions - JDK-8193682: Infinite loop in ZipOutputStream.close() - JDK-8196770: Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java - JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04 - JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel - JDK-8251188: Update LDAP tests not to use wildcard addresses - JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java - JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5 - JDK-8278794: Infinite loop in DeflaterOutputStream.finish() - JDK-8279164: Disable TLS_ECDH_* cipher suites - JDK-8281096: Flags introduced by configure script are not passed to ADLC build - JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown" - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299677: Formatter.format might take a long time to format an integer or floating-point - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305931: jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none" - JDK-8307779: Relax the java.awt.Robot specification - JDK-8309138: Fix container tests for jdks with symlinked conf dir - JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin - JDK-8315117: Update Zlib Data Compression Library to Version 1.3 - JDK-8315863: [GHA] Update checkout action to use v4 - JDK-8316328: Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes - JDK-8318951: Additional negative value check in JPEG decoding - JDK-8320964: sun/tools/native2ascii/Native2AsciiTests.sh fails on Japanese - JDK-8321480: ISO 4217 Amendment 176 Update - JDK-8324632: Update Zlib Data Compression Library to Version 1.3.1 - JDK-8324723: GHA: Upgrade some actions to avoid deprecated Node 16 - JDK-8326351: Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1 - JDK-8326521: JFR: CompilerPhase event test fails on windows 32 bit - JDK-8326529: JFR: Test for CompilerCompile events fails due to time out - JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails - JDK-8330415: Update system property for Java SE specification maintenance version - JDK-8333126: Bump update version of OpenJDK: 8u432 - JDK-8333724: Problem list security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1 - JDK-8334653: ISO 4217 Amendment 177 Update - JDK-8334905: [8u] The test java/awt/Mixing/AWT_Mixing/JButtonOverlapping.java started to fail after 8159690 - JDK-8335851: [8u] Test JMXStartStopTest.java fails after JDK-8334415 - JDK-8335894: [8u] Fix SupplementalJapaneseEraTest.java for jdks with symlinked conf dir - JDK-8336928: GHA: Bundle artifacts removal broken - JDK-8337110: [8u] TestNoEagerReclaimOfHumongousRegions.java should be in gc/g1 directory - JDK-8337312: [8u] Windows x86 VS2010 build broken by JDK-8320097 - JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs - JDK-8338144: [8u] Remove duplicate license files - JDK-8341057: Add 2 SSL.com TLS roots - JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 * Bug fixes - Revert flawed PR2691 distcc fix The tarballs can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.33.0.tar.gz * http://icedtea.classpath.org/download/source/icedtea-3.33.0.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: * http://icedtea.classpath.org/download/source/icedtea-3.33.0.tar.gz.sig * http://icedtea.classpath.org/download/source/icedtea-3.33.0.tar.xz.sig These are produced using my public key. See details below. PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 https://keybase.io/gnu_andrew GnuPG >= 2.1 is required to be able to handle this key. SHA256 checksums: 9db1d6c516a3a1fa1a2d9f5f2d3a8741b158c9f2425cc34b3f31feeb1f4c4ba0 icedtea-3.33.0.tar.gz 2ea785a88e879e60501195f2c91d1bc7f867444dae2c6d4fdf4dada5e28b4d52 icedtea-3.33.0.tar.gz.sig 44975cd55e90b6ee7ff6b7b4de05b716a95f6a6ec54a57b1a3b88f5a9ab8b45e icedtea-3.33.0.tar.xz b7c125081971076d4097f35a5227af76cfd35aa7755ec3461f1c6261eca571bd icedtea-3.33.0.tar.xz.sig SHA512 checksums: ce9a4646362a5114d30e6f4fa23cc666d6d160281b5acab8a09dca9142193a5fb3423467c3245c7137d3d573a6fc8a47be0bb631b0157fc76483a5395185e151 icedtea-3.33.0.tar.gz 1b7a8dd85caea7b0e9703b955c77f7a0c3be8188239dbbc71e427e8ef4b795426bf6358048b1c341844ddca797db33b32dfc695b7d1ad06a45b527ccea864eeb icedtea-3.33.0.tar.gz.sig ff2803f4be50ac11b6fa8b758c934357423a9cb9d7f41922486e062e1cfe565441af830a8698d67319e61ec0ee7e7de692749ccd18bd5b4c1bf078852c3d3862 icedtea-3.33.0.tar.xz e3ed622e8dbd2df2681cfbb33f5c88a474c2c384f8b5b7cb1465ffa06045ec2fc73d34668d549c968beb710e7fa8f926b2c01ea4aedcab92d9d2cd4134659559 icedtea-3.33.0.tar.xz.sig The checksums can be downloaded from: * http://icedtea.classpath.org/download/source/icedtea-3.33.0.sha256 * http://icedtea.classpath.org/download/source/icedtea-3.33.0.sha512 The following people helped with this release: * Andrew Hughes (all bug fixes and backports, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-3.33.0.tar.gz or: $ tar x -I xz -f icedtea-3.33.0.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-3.33.0/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! -- Andrew :) Pronouns: he / him or they / them Principal Free Java Software Engineer OpenJDK Package Owner Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 Please contact via e-mail, not proprietary chat networks Available on Libera Chat & OFTC IRC networks as gnu_andrew -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: