[SECURITY] IcedTea 3.4.0 for OpenJDK 8: ARMed and Ready Released!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[SECURITY] IcedTea 3.4.0 for OpenJDK 8: ARMed and Ready Released!

Andrew Hughes
We are pleased to announce the release of IcedTea 3.4.0: ARMed and Ready!

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 8 support with the April 2017
security fixes from OpenJDK 8 u131.

We also add support for building using the AArch32 HotSpot port
(http://openjdk.java.net/projects/aarch32-port). This is now
the default on arm[32], which should lead to significant
performance increases over the previous default Zero assembler

AArch64 also gets some love, with support for this architecture
in the Shenandoah HotSpot build and the SystemTap JDK tapsets.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
[hidden email] mailing list and patches are always

Full details of the release can be found below.

New in release 3.4.0 (2017-05-16):

* Security fixes
  - S8163520, CVE-2017-3509: Reuse cache entries
  - S8163528, CVE-2017-3511: Better library loading
  - S8165626, CVE-2017-3512: Improved window framing
  - S8167110, CVE-2017-3514: Windows peering issue
  - S8168699: Validate special case invocations
  - S8169011, CVE-2017-3526: Resizing XML parse trees
  - S8170222, CVE-2017-3533: Better transfers of files
  - S8171121, CVE-2017-3539: Enhancing jar checking
  - S8171533, CVE-2017-3544: Better email transfer
  - S8172299: Improve class processing
* New features
  - PR1969: Add AArch32 JIT port
  - PR3297: Allow Shenandoah to be used on AArch64
  - PR3340: jstack.stp should support AArch64
* Import of OpenJDK 8 u131 build 11
  - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException
  - S6515172, PR3346: Runtime.availableProcessors() ignores Linux taskset command
  - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8
  - S7167293: FtpURLConnection connection leak on FileNotFoundException
  - S8035568: [macosx] Cursor management unification
  - S8079595: Resizing dialog which is JWindow parent makes JVM crash
  - S8130769: The new menu can't be shown on the menubar after clicking the "Add" button.
  - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException
  - S8147842: IME Composition Window is displayed at incorrect location
  - S8147910, PR3346: Cache initial active_processor_count
  - S8150490: Update OS detection code to recognize Windows Server 2016
  - S8160951: [TEST_BUG] javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added into :needs_jre group
  - S8160958: [TEST_BUG] java/net/SetFactoryPermission/SetFactoryPermission.java should be added into :needs_compact2 group
  - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled
  - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java
  - S8161993, PR3346: G1 crashes if active_processor_count changes during startup
  - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently
  - S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails
  - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with "Error while cleaning up threads after test"
  - S8167179: Make XSL generated namespace prefixes local to transformation process
  - S8168774: Polymorhic signature method check crashes javac
  - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
  - S8169589: [macosx] Activating a JDialog puts to back another dialog
  - S8170307: Stack size option -Xss is ignored
  - S8170316: (tz) Support tzdata2016j
  - S8170814: Reuse cache entries (part II)
  - S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments
  - S8171388: Update JNDI Thread contexts
  - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state
  - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked.
  - S8173030: Temporary backout fix #8035568 from 8u131-b03
  - S8173031: Temporary backout fix #8171952 from 8u131-b03
  - S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups
  - S8173931: 8u131 L10n resource file update
  - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle
  - S8174985: NTLM authentication doesn't work with IIS if NTLM cache is disabled
  - S8176044: (tz) Support tzdata2017a
* Backports
  - S6457406, PR3335: javadoc doesn't handle <a href='http://...'> properly in producing index pages
  - S8030245, PR3335: Update langtools to use try-with-resources and multi-catch
  - S8030253, PR3335: Update langtools to use strings-in-switch
  - S8030262, PR3335: Update langtools to use foreach loops
  - S8031113, PR3337: TEST_BUG: java/nio/channels/AsynchronousChannelGroup/Basic.java fails intermittently
  - S8031625, PR3335: javadoc problems referencing inner class constructors
  - S8031649, PR3335: Clean up javadoc tests
  - S8031670, PR3335: Remove unneeded -source options in javadoc tests
  - S8032066, PR3335: Serialized form has broken links to non private inner classes of package private
  - S8034174, PR2290: Remove use of JVM_* functions from java.net code
  - S8034182, PR2290: Misc. warnings in java.net code
  - S8035876, PR2290: AIX build issues after '8034174: Remove use of JVM_* functions from java.net code'
  - S8038730, PR3335: Clean up the way JavadocTester is invoked, and checks for errors.
  - S8040903, PR3335: Clean up use of BUG_ID in javadoc tests
  - S8040904, PR3335: Ensure javadoc tests do not overwrite results within tests
  - S8040908, PR3335: javadoc test TestDocEncoding should use -notimestamp
  - S8041150, PR3335: Avoid silly use of static methods in JavadocTester
  - S8041253, PR3335: Avoid redundant synonyms of NO_TEST
  - S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC)
  - S8061305, PR3335: Javadoc crashes when method name ends with "Property"
  - S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
  - S8075565, PR3337: Define @intermittent jtreg keyword and mark intermittently failing jdk tests
  - S8075670, PR3337: Remove intermittent keyword from some tests
  - S8078334, PR3337: Mark regression tests using randomness
  - S8078880, PR3337: Mark a few more intermittently failuring security-libs
  - S8133318, PR3337: Exclude intermittent failing PKCS11 tests on Solaris SPARC 11.1 and earlier
  - S8144539, PR3337: Update PKCS11 tests to run with security manager
  - S8144566, PR3352: Custom HostnameVerifier disables SNI extension
  - S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command
  - S8155049, PR3352: New tests from 8144566 fail with "No expected Server Name Indication"
  - S8173941, PR3326: SA does not work if executable is DSO
  - S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes breaks with irreducible loops
  - S8174729, PR3336, RH1420518: Race Condition in java.lang.reflect.WeakCache
  - S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test
* Bug fixes
  - PR3348: Architectures unsupported by SystemTap tapsets throw a parse error
  - PR3378: Perl should be mandatory
  - PR3389: javac.in and javah.in should use @PERL@ rather than a hardcoded path
* AArch64 port
  - S8168699, PR3372: Validate special case invocations [AArch64 support]
  - S8170100, PR3372: AArch64: Crash in C1-compiled code accessing References
  - S8172881, PR3372: AArch64: assertion failure: the int pressure is incorrect
  - S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit instructions
  - S8177661, PR3372: Correct ad rule output register types from iRegX to iRegXNoSp
* AArch32 port
  - PR3380: Zero should not be enabled by default on arm with the AArch32 HotSpot build
  - PR3384, S8139303, S8167584: Add support for AArch32 architecture to configure and jdk makefiles
  - PR3385: aarch32 does not support -Xshare:dump
  - PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build
  - PR3387: Installation fails on arm with AArch32 port as INSTALL_ARCH_DIR is arm, not aarch32
  - PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build
* Shenandoah
  - Fix Shenandoah argument checking on 32bit builds.
  - Import from Shenandoah tag aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25
  - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20
  - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06
  - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09
  - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.4.0.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.4.0.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-3.4.0.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.4.0.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

2b606bbbf4ca5bcf2c8e811ea9060da30744860f3d63e1b3149fb5550a90b92b  icedtea-3.4.0.tar.gz
15391447e489cb939277a6981ff9dbc2a57d50c6d3682e0159a1dab04a05da02  icedtea-3.4.0.tar.gz.sig
b518f389c44d45bb264d7e954b3c0b836d3d23ba9fbd620ff7c68f934a012e9a  icedtea-3.4.0.tar.xz
32e80eacf27e3ec31dd698486e2f79a92bc146c4bc37c76bb7e3d8b7e34a7084  icedtea-3.4.0.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.4.0.sha256

The following people helped with this release:

* Andrew Dinn (PR3340)
* Andrew Hughes (all other bug fixes and backports, release management)
* David Smith (PR3348)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.4.0.tar.gz


$ tar x -I xz -f icedtea-3.4.0.tar.xz


$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.4.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
Andrew :)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

signature.asc (235 bytes) Download Attachment