GNU Classpath

We are pleased to announce the release of IcedTea-Sound 1.0.1… after finding that IcedTea-Sound 1.0.0 was a little broken If you find an issue with the release, please report it to our bug database under the appropriate component. Development ... [More] discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. What’s New? New in release 1.0.1 (2014-07-18) PR1877: Code not updated in accordance with name changes in PR1840 The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-sound-1.0.1.tar.gz http://icedtea.classpath.org/download/source/icedtea-sound-1.0.1.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: http://icedtea.classpath.org/download/source/icedtea-sound-1.0.1.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea-sound-1.0.1.tar.xz.sig These are produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 SHA256 checksums: 71ba4ede06cfb9375c373c98191de2564cd32b925f5dffcd109a172a14d5e3db icedtea-sound-1.0.1.tar.gz 9d9ff790a3012ce6bb47260906ff3512eea428ace94efc3969f8832f12c7a479 icedtea-sound-1.0.1.tar.gz.sig 6ff852b82ae7db7a95981271037eb3a3d52c59581e3b27a638a7c6bc8eecb4a3 icedtea-sound-1.0.1.tar.xz e8c4b0a6a02c7314ae47e5de79b6d00c93dbe7a9f66c2b5a1d78b837c6831161 icedtea-sound-1.0.1.tar.xz.sig The checksums can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-sound-1.0.1.sha256 A 1.0.1 ebuild for Gentoo is available. The following people helped with these releases: Andrew Hughes (all bug fixes, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-sound-1.0.1.tar.gz or: $ tar x -I xz -f icedtea-sound-1.0.1.tar.xz then: $ mkdir its-build $ cd its-build $ ../icedtea-sound-1.0.1/configure –prefix=${install_location} $ make $ make install where ${install_location} should be replaced by the prefix where you wish to install IcedTea-Sound (default is /usr/local). Depending on the prefix selected, the 'make install' step may need root privileges. Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

We are pleased to announce the inaugural release of IcedTea-Sound. At present, IcedTea-Sound contains the PulseAudio provider which was removed from IcedTea itself from 2.5.0 onwards. More providers may be included in the future. If you find an ... [More] issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. What’s New? New in release 1.0.0 (2014-07-18) PR1741: Break PulseAudio provider out into IcedTea-Sound PR1840: Replace Makefile.am references to PULSE_JAVA with ICEDTEA_SOUND PR1842: Linker does not check that symbols can be resolved for libpulse-java.so PR1876: The following shared libraries lack a SONAME: /usr/lib64/libicedtea-sound.so The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-sound-1.0.0.tar.gz http://icedtea.classpath.org/download/source/icedtea-sound-1.0.0.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: http://icedtea.classpath.org/download/source/icedtea-sound-1.0.0.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea-sound-1.0.0.tar.xz.sig These are produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 SHA256 checksums: 0d09bc9656f9125642f70bb322f8ec92ec0ae28fdd295e83c4ce3c7576e79bd3 icedtea-sound-1.0.0.tar.gz cb47dec753e4853ba8021a3b532631c2b751450d0d9d580c3ddce99fe8b4c7a9 icedtea-sound-1.0.0.tar.gz.sig 29511d271cbb5259eac5dd48867e27d61ce4ce15026dc105277dbf1238333dbb icedtea-sound-1.0.0.tar.xz c16cb29502d6edb16fb611b3d1ffbda199919f56afc8691a7dceee08b009b528 icedtea-sound-1.0.0.tar.xz.sig The checksums can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-sound-1.0.0.sha256 A 1.0.0 ebuild for Gentoo is available. The following people helped with these releases: Andrew Hughes (all bug fixes, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-sound-1.0.0.tar.gz or: $ tar x -I xz -f icedtea-sound-1.0.0.tar.xz then: $ mkdir its-build $ cd its-build $ ../icedtea-sound-1.0.0/configure –prefix=${install_location} $ make $ make install where ${install_location} should be replaced by the prefix where you wish to install IcedTea-Sound (default is /usr/local). Depending on the prefix selected, the 'make install' step may need root privileges. Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

Yesterday's JDK 7u65 and 8u11 updates changed method overriding yet again and, of course, it is still broken. Take this example: package pkg1; public class A {   { foo(); }   void foo() { System.out.println("A.foo"); } ... [More] } package pkg2; public class B extends pkg1.A {   { foo(); }   void foo() { System.out.println("B.foo"); } } package pkg1; public class C extends pkg2.B {   { foo(); }   void foo() { System.out.println("C.foo"); } } package pkg2; public class D extends pkg1.C {   { foo(); }   void foo() { System.out.println("D.foo"); } } public class test {   public static void main(String[] args) {     new pkg2.D();   } } Running this with JDK 8u5 yields: D.foo D.foo D.foo D.foo Which is, of course, wrong. In yesterday's updates they tried to fix this, but only partially succeeded: D.foo D.foo C.foo D.foo The sensible output would be: C.foo D.foo C.foo D.foo [Less]

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and ... [More] architectures beyond those supported by OpenJDK. This release updates our OpenJDK 7 support in the 2.5.x series with the July 2014 security fixes. If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. What’s New? New in release 2.5.1 (2014-07-16) Security fixes S8029755, CVE-2014-4209: Enhance subject class S8030763: Validate global memory allocation S8031340, CVE-2014-4264: Better TLS/EC management S8031346, CVE-2014-4244: Enhance RSA key handling S8031540: Introduce document horizon S8032536: JVM resolves wrong method in some unusual cases S8033055: Issues in 2d S8033301, CVE-2014-4266: Build more informative InfoBuilder S8034267: Probabilistic native crash S8034272: Do not cram data into CRAM arrays S8034985, CVE-2014-2483: Better form for Lambda Forms S8035004, CVE-2014-4252: Provider provides less service S8035009, CVE-2014-4218: Make Proxy representations consistent S8035119, CVE-2014-4219: Fix exceptions to bytecode verification S8035699, CVE-2014-4268: File choosers should be choosier S8035788. CVE-2014-4221: Provide more consistency for lookups S8035793, CVE-2014-4223: Maximum arity maxed out S8036571: (process) Process process arguments carefully S8036800: Attribute OOM to correct part of code S8037046: Validate libraries to be loaded S8037076, CVE-2014-2490: Check constant pool constants S8037157: Verify <init> call S8037162, CVE-2014-4263: More robust DH exchanges S8037167, CVE-2014-4216: Better method signature resolution S8039520, CVE-2014-4262: More atomicity of atomic updates Backports S8001108: an attempt to use “<init>” as a method name should elicit NoSuchMethodException S8001109: arity mismatch on a call to spreader method handle should elicit IllegalArgumentException S8013611: Modal dialog fails to obtain keyboard focus S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale S8019990: IM candidate window appears on the South-East corner of the display. S8023990: Regression: postscript size increase from 6u18 S8024283: 10 nashorn tests fail with similar stack trace InternalError with cause being NoClassDefFoundError S8024616: JSR292: lazily initialize core NamedFunctions used for bootstrapping S8025030: Enhance stream handling S8026188: Enhance envelope factory S8027212: java/nio/channels/Selector/SelectAfterRead.java fails intermittently S8028285: RMI Thread can no longer call out to AWT S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending S8031075: [Regression] focus disappears with shift+tab on dialog having one focus component S8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package S8032686: Issues with method invoke S8033278: Missed access checks for Lookup.unreflect* after 8032585 S8033618: Correct logging output S8034926: Attribute classes properly S8035613: With active Securitymanager JAXBContext.newInstance fails S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed S8035923: Set minor version for hotspot in 7u65 to 65 and build number to b01 S8036786: Update jdk7 testlibrary to match jdk8 S8036794: Manage JavaScript instances S8039324: Increment hsx 24.65 build to b02 for 7u65-b07 S8040156: Increment hsx 24.65 build to b03 for 7u65-b08 S8041264: Increment hsx 24.65 build to b04 for 7u65-b09 S8042264: 7u65 l10n resource file translation update 1 S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64 S8042590: Running form URL throws NPE S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader S8043012: (tz) Support tzdata2014c Bug fixes PR1853: Revert PR729 from minor release PR1864: PCSC + OpenJDK 1.7 crash on Fedora 20 PR1867: Turn the infinality patch off by default PR1868: Avoid x86 workaround when running Zero rather than a JIT AArch64 port Common frame handling for C1/C2 which correctly handle all frame sizes Fix register misuse in verify_method_data_pointer Fix register usage in generate_verify_oop(). Restrict default ReservedCodeCacheSize to 128M Use explicit barrier instructions in C1. The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-2.5.1.tar.gz http://icedtea.classpath.org/download/source/icedtea-2.5.1.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: http://icedtea.classpath.org/download/source/icedtea-2.5.1.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea-2.5.1.tar.xz.sig These are produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 SHA256 checksums: 06483c252099d41e33eade8ceee9231a15ba1e9594f90e2d32943d17c8802acd icedtea-2.5.1.tar.gz ce9aad813b3e1fd2d08ad1755e973e22271eb13a3cbff612b8f6e6660301d2fa icedtea-2.5.1.tar.gz.sig 9471b4e143807df75655d113618dafcdc1a67d3183364fceaaf139014b778913 icedtea-2.5.1.tar.xz 3633fa56b0c0e1f4ef91f93cf5025f06d90d03bcdbc8beaf0476007815a2cfd6 icedtea-2.5.1.tar.xz.sig The checksums can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-2.5.1.sha256 A 2.5.1 ebuild for Gentoo is available. The following people helped with these releases: Andrew Hughes (all backports & bug fixes, release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-2.5.1.tar.gz or: $ tar x -I xz -f icedtea-2.5.1.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-2.5.1/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

In Februari I reported two Java vulnerabilities to Oracle. Yesterday they released the update that fixed them, so here are the descriptions of the two issues. @java.lang.invoke.LambdaForm.Compiled Internally ... [More] , the JDK uses the LambdaForm.Compiled annotation to mark methods that should be skipped in a security stack walk. In JDK 7 it was possible to apply this annotation to untrusted code. Here's an example: import java.lang.annotation.*; @Retention(RetentionPolicy.RUNTIME) @interface java_lang_invoke_LambdaForm$Compiled { } class test {   @java_lang_invoke_LambdaForm$Compiled   public static void main(String[] args) throws Throwable {     System.out.println(Class.forName("sun.misc.Unsafe"));   } } If you compile and run this with JDK 1.7.0_60 with a security manager, you get the appropriate AccessControlException. However, if you edit test.class to replace java_lang_invoke_LambdaForm with java/lang/invoke/LambdaForm and run it again, you see that the main method is now skipped in the security check and hence is allowed to access a privileged class. The fix can be seen here. MaxArityBug This example demonstrates that the JDK 1.7.0_60 LambdaForm method handle implementation has a type safety bug when dealing with method signatures with the maximum number of parameters. [Less]

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative ... [More] virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 6 support in the 1.13.x series with the July 2014 security fixes. If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. What’s New? New in release 1.13.4 (2014-07-15) Security fixes S8029755, CVE-2014-4209: Enhance subject class S8030763: Validate global memory allocation S8031346, CVE-2014-4244: Enhance RSA key handling S8031540: Introduce document horizon S8032536: JVM resolves wrong method in some unusual cases S8033055: Issues in 2d S8033301, CVE-2014-4266: Build more informative InfoBuilder S8034267: Probabilistic native crash S8034272: Do not cram data into CRAM arrays S8035004, CVE-2014-4252: Provider provides less service S8035009, CVE-2014-4218: Make Proxy representations consistent S8035119, CVE-2014-4219: Fix exceptions to bytecode verification S8035699, CVE-2014-4268: File choosers should be choosier S8036571: (process) Process process arguments carefully S8036800: Attribute OOM to correct part of code S8037046: Validate libraries to be loaded S8037157: Verify <init> call S8037076, CVE-2014-2490: Check constant pool constants S8037162, CVE-2014-4263: More robust DH exchanges S8037167, CVE-2014-4216: Better method signature resolution S8039520, CVE-2014-4262: More atomicity of atomic updates Import of OpenJDK6 b32 OJ32: OpenJDK6-b31 isn’t compatible with Windows platform OJ33: Update copyright headers introduced by the fix for OPENJDK6-32 OJ34: OpenJDK6-b31 backport of JDK-6638712 to openjdk6 OJ35: backport of JDK-6650759 to openjdk6 OJ36: Fix a mistake in backport of 8035119 S8013611: Modal dialog fails to obtain keyboard focus S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale S8028111: XML readers share the same entity expansion counter S8028285: RMI Thread can no longer call out to AWT S8029038: Revise fix for XML readers share the same entity expansion counter S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64 S8042590: Running form URL throws NPE S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader Backports S7027300, RH1098399: Unsynchronized HashMap access causes endless loop S7183251: Netbeans editor renders text wrong on JDK 7u6 build The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea6-1.13.4.tar.gz http://icedtea.classpath.org/download/source/icedtea6-1.13.4.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: http://icedtea.classpath.org/download/source/icedtea6-1.13.4.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea6-1.13.4.tar.xz.sig These are produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 SHA256 checksums: 302b17575ad98bbf6a1d4d8768d2ea1f1b070f153c660ebe493b6509d56ed0e7 icedtea6-1.13.4.tar.gz 9a6f5ef3eecfffd31a1738a5582c16dacefb081130bc11b1e6ce027e3840dc85 icedtea6-1.13.4.tar.gz.sig 7ca52ac37fe8bd9734ffe3630ef74ba2a22dadcd47cb8eba2b34d906bddb186f icedtea6-1.13.4.tar.xz 341684678d8564085d0e4509f39c14582bd1d463bca6f9f3546e6db8c4535ec8 icedtea6-1.13.4.tar.xz.sig The checksums can be downloaded from: http://icedtea.classpath.org/download/source/icedtea6-1.13.4.sha256 A 1.13.4 ebuild for Gentoo is available. The following people helped with these releases: Andrew Hughes (all other backports, release management) Omair Majid (update to new b32 release tarball) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea6-1.13.4.tar.gz or: $ tar x -I xz -f icedtea6-1.13.4.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea6-1.13.4/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

I updated my ancient version of dasBlog. Please let me know if something isn't working properly.

Completed LambdaMetafactory intrinsification. Changes: Fixed several LambdaMetafactory.metafactory() intrinsic bug. Implemented LambdaMetafactory.altMetafactory() ... [More] intrinsic. Include full class name of anonymous classes in stack trace. Added method and field reflection support for lambda classes. Binaries available here: ikvmbin-8.0.5305.zip [Less]

Project Jigsaw has, for the last several years, been in an exploratory phase in which we’ve designed and prototyped one particular approach to addressing a draft set of requirements. It’s now time to switch gears and focus on creating a ... [More] production-quality design and implementation suitable for JDK 9 and thence Java SE 9, as previously proposed. To begin this phase I’ve drafted a new document to collect goals and requirements. It reflects a new emphasis on security, as motivated by recent experience, it takes into account lessons learned from the prototype, and it’s written at a broader and more abstract level than the previous document so as not to over-constrain the solution space. This document will be one of the starting points of the upcoming Java Platform Module System JSR. Jigsaw as a whole will bring enormous changes to the JDK; it would be unwise to wait until it’s completely finished before merging any of it. Our intent, therefore, is to proceed in large steps, each of which will have a corresponding JEP. The first three JEPs will propose a specific modular structure for the JDK, reorganize the JDK source code (but not binaries) along those lines, and then later modularize the binary images. A fourth JEP will introduce the module system itself, which will be aligned with the module-system JSR. It may seem odd that the module system JEP comes last, but the earlier JEPs need make only minimal assumptions about its capabilities, hence work on them can proceed in parallel with work on the module-system JEP and JSR. Comments, questions, and suggestions are welcome on the jigsaw-dev mailing list. (If you haven’t already subscribed to that list then please do so first, otherwise your message will be discarded as spam.) [Less]

I fixed a whole bunch of weird edge case behaviors and finally did the first part of the lambda performance work. Here are some rough performance results (times in milliseconds) for this crude microbenchmark: ... [More] iteration IKVM 8.0.5274 IKVM 8.0.5296 JDK 1.8.0_05                     ikvmc ngen 1 1040.2 87.6 71.8   1.3 0.4 2 0.9 0.3 0.3   0.3 0.4 3 0.9 0.3 0.3   0.3 0.4 Only LambdaMetafactory.metafactory() is supported at the moment. LambdaMetafactory.altMetafactory() will follow in a future snapshot. Changes: Removed sun.misc.Unsafe usage from java.util.concurrent.atomic.Striped64. Bug fix. Handle malformed UTF-16 (invalid surrogates) in type/member names and annotations. Added ikvm.exe.manifest file to enable Windows 8.1 behavior (including getting the right version number). Bug fix. Invokedynamic bootstrap method can also be a constructor. Bug fix. Improved handling of incorrect invokedynamic bootstrap methods. Bug fix. Non-canonical modified UTF-8 encodings should throw ClassFormatError. Changed ClassFormatError message for invalid UTF-8 to match JDK. Bug fix. Array classes get the system protection domain, not the element type's. Bug fix. Interfaces can't "override" final methods in Object. Bug fix. Only the bootstrap class loader is allowed to define classes in the java package. Bug fix. Since Java 1.7 class names aren't allowed to have [ and ] characters. Updated ldc error behavior to match Java 8. Bug fix. Calling BasicFileAttributes.size() on a directory didn't work. Thanks to Lucius Junevicus for reporting this. Bug fix. If an invokedynamic bootstrap argument conversion fails, the exception should not be wrapped in BootstrapMethodError. Added intrinsic for invokedynamic using LambdaMetafactory.metafactory(). Binaries available here: ikvmbin-8.0.5296.zip [Less]