GNU Classpath

In episode 105 of the Java Spotlight podcast, we interviewed Mark Reinhold, in what's now become a traditional way to start a new year of Java Spotlight podcast episodes. As usual, you can grab just this episode or fetch the whole feed.

One subtask of the JDK migration from the legacy bug tracking system to JIRA was reclassifying bugs from a three-level taxonomy in the legacy system, (product, category, subcategory), to a fundamentally two-level scheme in our customized JIRA ... [More] instance, (component, subcomponent). In the JDK JIRA system, there is technically a third project-level classification, but by design a large majority of JDK-related bugs were migrated into a single "JDK" project. In the end, over 450 legacy subcategories were simplified into about 120 subcomponents in JIRA. The 120 subcomponents are distributed among 17 components. A rule of thumb used was that a subcategory had to have at least 50 bugs in it for it to be retained. Below is a listing the component / subcomponent classification of the JDK JIRA project along with some notes and guidance on which OpenJDK email addresses cover different areas. Eventually, a separate incidents project to host new issues filed at bugs.sun.com will use a slightly simplified version of this scheme. The preponderance of bugs and subcomponents for the JDK are in library-related areas, with components named foo-libs and subcomponents primarily named after packages. While there was an overall condensation of subcomponents in the migration, in some cases long-standing informal divisions in core libraries based on naming conventions in the description were promoted to formal subcomponents. For example, hundreds of bugs in the java.util subcomponent whose descriptions started with "(coll)" were moved into java.util:collections. Likewise, java.lang bugs starting with "(reflect)" and "(proxy)" were moved into java.lang:reflect. client-libs (Predominantly discussed on 2d-dev and awt-dev and swing-dev.) 2d demo java.awt java.awt:i18n java.beans (See beans-dev.) javax.accessibility javax.imageio javax.sound (See sound-dev.) javax.swing core-libs (See core-libs-dev.) java.io java.io:serialization java.lang java.lang.invoke java.lang:class_loading java.lang:reflect java.math java.net java.nio (Discussed on nio-dev.) java.nio.charsets java.rmi java.sql java.sql:bridge java.text java.util java.util.concurrent java.util.jar java.util.logging java.util.regex java.util:collections java.util:i18n javax.annotation.processing javax.lang.model javax.naming (JNDI) javax.script javax.script:javascript javax.sql org.openjdk.jigsaw (See jigsaw-dev.) security-libs (See security-dev.) java.security javax.crypto (JCE: includes SunJCE/MSCAPI/UCRYPTO/ECC) javax.crypto:pkcs11 (JCE: PKCS11 only) javax.net.ssl (JSSE, includes javax.security.cert) javax.security javax.smartcardio javax.xml.crypto org.ietf.jgss org.ietf.jgss:krb5 other-libs corba corba:idl corba:orb corba:rmi-iiop javadb other (When no other subcomponent is more appropriate; use judiciously.) Most of the subcomponents in the xml component are related to jaxp. xml jax-ws jaxb javax.xml.parsers (JAXP) javax.xml.stream (JAXP) javax.xml.transform (JAXP) javax.xml.validation (JAXP) javax.xml.xpath (JAXP) jaxp (JAXP) org.w3c.dom (JAXP) org.xml.sax (JAXP) For OpenJDK, most JVM-related bugs are connected to the HotSpot Java virtual machine. hotspot (See hotspot-dev.) build compiler (See hotspot-compiler-dev.) gc (garbage collection, see hotspot-gc-dev.) jfr (Java Flight Recorder) jni (Java Native Interface) jvmti (JVM Tool Interface) mvm (Multi-Tasking Virtual Machine) runtime (See hotspot-runtime-dev.) svc (Servicability) test core-svc (See serviceability-dev.) debugger java.lang.instrument java.lang.management javax.management tools The full JDK bug database contains entries related to legacy virtual machines that predate HotSpot as well as retired APIs. vm-legacy jit (Sun Exact VM) jit_symantec (Symantec VM, before Exact VM) jvmdi (JVM Debug Interface ) jvmpi (JVM Profiler Interface ) runtime (Exact VM Runtime) Notable command line tools in the $JDK/bin directory have corresponding subcomponents. tools appletviewer apt (See compiler-dev.) hprof jar javac (See compiler-dev.) javadoc(tool) (See compiler-dev.) javah (See compiler-dev.) javap (See compiler-dev.) jconsole launcher updaters (Timezone updaters, etc.) visualvm Some aspects of JDK infrastructure directly affect JDK Hg repositories, but other do not. infrastructure build (See build-dev and build-infra-dev.) licensing (Covers updates to the third party readme, licenses, and similar files.) release_eng (Release engineering) staging (Staging of web pages related to JDK releases.) The specification subcomponent encompasses the formal language and virtual machine specifications. specification language (The Java Language Specification) vm (The Java Virtual Machine Specification) The code for the deploy and install areas is not currently included in OpenJDK. deploy deployment_toolkit plugin webstart install auto_update install servicetags In the JDK, there are a number of cross-cutting concerns whose organization is essentially orthogonal to other areas. Since these areas generally have dedicated teams working on them, it is easier to find bugs of interest if these bugs are grouped first by their cross-cutting component rather than by the affected technology. docs doclet guides hotspot release_notes tools tutorial embedded build hotspot libraries globalization locale-data translation performance hotspot libraries The list of subcomponents will no doubt grow over time, but my inclination is to resist that growth since the addition of each subcomponent makes the system as a whole more complicated and harder to use. When the system gets closer to being externalized, I plan to post more blog entries describing recommended use of various custom fields in the JDK project. [Less]

"You are in 'detached HEAD' state. You can look around, make experimental changes ..." oh, dear ...

OresmeKit, GAP's charting framework for GNUstep and Cocoa, got its first rudimental Pie Chart implementation.Data colors, background and edges are customizable already, as a real OKChart implementation. The dataset is represented as the set of each first element of the series, so that for each the color can be specified, being the series color.

The JDK bug migration from a Sun legacy system to JIRA has reached another planned milestone: the data displayed on bugs.sun.com is now backed by JIRA rather than by the legacy system. Besides maintaining the URLs to old bugs, bugs filed since the ... [More] migration to JIRA are now visible too. The basic information presented about a bug is the same as before, but reformatted and using JIRA terminology: Instead of a "category", a bug now has a "component / subcomponent" classification. As outlined previously, part of the migration effort was reclassifying bugs according to a new classification scheme; I'll write more about the new scheme in a subsequent blog post. Instead of a list of JDK versions a bug is "reported against," there is a list of "affected versions." The names of the JDK versions have largely been regularized; code names like "tiger" and "mantis" have been replaced by the release numbers like "5.0" and "1.4.2". Instead of "release fixed," there are now "Fixed Versions." The legacy system had many fields that could hold a sequence of text entries, including "Description," "Workaround", and "Evaluation." JIRA instead only has two analogous fields labeled as "Description" and a unified stream of "Comments." Nearly coincident with switching to JIRA, we also enabled an agent which automatically updates a JIRA issue in response to pushes into JDK-related Hg repositories. These comments include the changeset URL, the user making the push, and a time stamp. These comments are first added when a fix is pushed to a team integration repository and then added again when the fix is pushed into the master repository for a release. We're still in early days of production usage of JIRA for JDK bug tracking, but the transition to production went smoothly and over 1,000 new issues have already been filed. Many other facets of the migration are still in the works, including hosting new incidents filed at bugs.sun.com in a tailored incidents project in JIRA. [Less]

We're doing an ARM64 OpenJDK port! Article at http://www.advogato.org/article/1067.html

The stream of release candidates seems to never end, but I really wanted to include the fix for bug #3575555. I also included some other low-risk fixes. Changes (relative to rc 2): ... [More] Updated version to 7.2.4630.3 Bug fix. Off-by-one error in JNI local ref index reusing. Fix for bug #3575555. Bug fix. Don't try to inject DynamicMethod in array types (applies to array.clone() method for MethodHandles). IKVM.Reflection: Bug fix. ModuleReader.ResolveMember() should support types. Thanks to Jb Evain for finding this. IKVM.Reflection: Bug fix. While reading the Mono.Cecil source I realized that array bounds are signed. IKVM.Reflection: Bug fix. LocalBuilder should extend LocalVariableInfo. IKVM.Reflection: Implemented LocalVariableInfo.ToString(). Binaries available here: ikvmbin-7.2.4630.3.zip Sources: ikvmsrc-7.2.4630.3.zip, openjdk-7u6-b24-stripped.zip [Less]

Ubuntu 12.10 ships OpenJDK7 as the default Java implementation. This brings improved performance, new features and better compatibility with other Java 7 implementations.Use of the OpenJDK6 is now deprecated and the openjdk-6-* packages in universe ... [More] for Ubuntu 12.10 will not be provided in future releases of Ubuntu.Taken from the release notes for Ubuntu 12.10 Desktop release. [Less]

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines. A new set of security ... [More] releases is now available: IcedTea6 1.10.10 IcedTea6 1.11.5 IcedTea7 2.1.3 IcedTea7 2.2.3 IcedTea7 2.3.3 We recommend that users upgrade to the latest release from the appropriate branch as soon as possible. All updates contain the following security fixes: S6631398, CVE-2012-3216: FilePermission improved path checking S7093490: adjust package access in rmiregistry S7143535, CVE-2012-5068: ScriptEngine corrected permissions S7167656, CVE-2012-5077: Multiple Seeders are being created S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector S7172522, CVE-2012-5072: Improve DomainCombiner checking S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC S7189103, CVE-2012-5069: Executors needs to maintain state S7189490: More improvements to DomainCombiner checking S7189567, CVE-2012-5085: java net obselete protocol S7192975, CVE-2012-5071: Conditional usage check is wrong S7195194, CVE-2012-5084: Better data validation for Swing S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance S7198296, CVE-2012-5089: Refactor classloader usage S7158801: Improve VM CompileOnly option S7158804: Improve config file parsing S7198606, CVE-2012-4416: Improve VM optimization The following fix is backported from 2.3.x to all other releases: S7158800: Improve storage of symbol tables Updates for OpenJDK6 also include: S7176337: Additional changes needed for 7158801 fix Updates for OpenJDK7 also include: S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp S7158807: Revise stack management with volatile call sites S7163198, CVE-2012-5076: Tightened package accessibility S7169887, CVE-2012-5074: Tightened package accessibility S7195549, CVE-2012-5087: Better bean object persistence S7196190, CVE-2012-5088: Improve method of handling MethodHandles We believe that the 2.3.3 release takes IcedTea beyond u9[*], providing security updates from u7 and u9 on top of an OpenJDK7 u6 base, along with additional IcedTea patches to allow builds against system libraries and to support more estoric architectures. Please note support for alternative VM solutions (CACAO, Shark, Zero) may be lacking in this release, as there has been little time for testing non-standard builds, and Zero is known to not work with 2.2.x (and only with 2.3.x via using the HotSpot from 2.1.x). Patches are welcome; please contact the mailing list and/or file bugs under the appropriate component. An update release may follow to correct issues with these builds, if necessary, but we deem it important to get the security updates out for mainstream builds as quickly as possible without further delay. Full details of each release can be found below. [*] It is difficult to make authoritative statements about u9 as the release is proprietary. Oracle still do not provide GPL binaries based on OpenJDK. What’s New? New in release 1.10.10 (2012-10-16) Security fixes S6631398, CVE-2012-3216: FilePermission improved path checking S7093490: adjust package access in rmiregistry S7143535, CVE-2012-5068: ScriptEngine corrected permissions S7167656, CVE-2012-5077: Multiple Seeders are being created S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector S7172522, CVE-2012-5072: Improve DomainCombiner checking S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC S7189103, CVE-2012-5069: Executors needs to maintain state S7189490: More improvements to DomainCombiner checking S7189567, CVE-2012-5085: java net obselete protocol S7192975, CVE-2012-5071: Conditional usage check is wrong S7195194, CVE-2012-5084: Better data validation for Swing S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance S7198296, CVE-2012-5089: Refactor classloader usage S7158800: Improve storage of symbol tables S7158801: Improve VM CompileOnly option S7158804: Improve config file parsing S7176337: Additional changes needed for 7158801 fix S7198606, CVE-2012-4416: Improve VM optimization Backports S7092186: adjust package access in rmiregistry Bug fixes PR1194: IcedTea tries to build with /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default S7175845: “jar uf” changes file permissions unexpectedly S7177216: native2ascii changes file permissions of input file S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo New in release 1.11.5 (2012-10-16) Security fixes S6631398, CVE-2012-3216: FilePermission improved path checking S7093490: adjust package access in rmiregistry S7143535, CVE-2012-5068: ScriptEngine corrected permissions S7167656, CVE-2012-5077: Multiple Seeders are being created S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector S7172522, CVE-2012-5072: Improve DomainCombiner checking S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC S7189103, CVE-2012-5069: Executors needs to maintain state S7189490: More improvements to DomainCombiner checking S7189567, CVE-2012-5085: java net obselete protocol S7192975, CVE-2012-5071: Conditional usage check is wrong S7195194, CVE-2012-5084: Better data validation for Swing S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance S7198296, CVE-2012-5089: Refactor classloader usage S7158800: Improve storage of symbol tables S7158801: Improve VM CompileOnly option S7158804: Improve config file parsing S7176337: Additional changes needed for 7158801 fix S7198606, CVE-2012-4416: Improve VM optimization Backports S7175845: “jar uf” changes file permissions unexpectedly S7177216: native2ascii changes file permissions of input file S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo Bug fixes PR1194: IcedTea tries to build with /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default New in release 2.1.3 (2012-10-17) Security fixes S6631398, CVE-2012-3216: FilePermission improved path checking S7093490: adjust package access in rmiregistry S7143535, CVE-2012-5068: ScriptEngine corrected permissions S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp S7158807: Revise stack management with volatile call sites S7163198, CVE-2012-5076: Tightened package accessibility S7167656, CVE-2012-5077: Multiple Seeders are being created S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types S7169887, CVE-2012-5074: Tightened package accessibility S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector S7172522, CVE-2012-5072: Improve DomainCombiner checking S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC S7189103, CVE-2012-5069: Executors needs to maintain state S7189490: More improvements to DomainCombiner checking S7189567, CVE-2012-5085: java net obselete protocol S7192975, CVE-2012-5071: Issue with JMX reflection S7195194, CVE-2012-5084: Better data validation for Swing S7195549, CVE-2012-5087: Better bean object persistence S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance S7196190, CVE-2012-5088: Improve method of handling MethodHandles S7198296, CVE-2012-5089: Refactor classloader usage S7158801: Improve VM CompileOnly option S7158804: Improve config file parsing S7198606, CVE-2012-4416: Improve VM optimization Backports S7175845: “jar uf” changes file permissions unexpectedly S7177216: native2ascii changes file permissions of input file S7106773: 512 bits RSA key cannot work with SHA384 and SHA512 S7158800: Improve storage of symbol tables Bug fixes Remove merge artefact. Remove the Xp header and library checks. New in release 2.2.3 (2012-10-17) Security fixes S6631398, CVE-2012-3216: FilePermission improved path checking S7093490: adjust package access in rmiregistry S7143535, CVE-2012-5068: ScriptEngine corrected permissions S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp S7158807: Revise stack management with volatile call sites S7163198, CVE-2012-5076: Tightened package accessibility S7167656, CVE-2012-5077: Multiple Seeders are being created S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types S7169887, CVE-2012-5074: Tightened package accessibility S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector S7172522, CVE-2012-5072: Improve DomainCombiner checking S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC S7189103, CVE-2012-5069: Executors needs to maintain state S7189490: More improvements to DomainCombiner checking S7189567, CVE-2012-5085: java net obselete protocol S7192975, CVE-2012-5071: Issue with JMX reflection S7195194, CVE-2012-5084: Better data validation for Swing S7195549, CVE-2012-5087: Better bean object persistence S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance S7196190, CVE-2012-5088: Improve method of handling MethodHandles S7198296, CVE-2012-5089: Refactor classloader usage S7158801: Improve VM CompileOnly option S7158804: Improve config file parsing S7198606, CVE-2012-4416: Improve VM optimization Backports S7175845: “jar uf” changes file permissions unexpectedly S7177216: native2ascii changes file permissions of input file S7158800: Improve storage of symbol tables Bug fixes Remove merge artefact. Remove the Xp header and library checks. New in release 2.3.3 (2012-10-17) Security fixes S6631398, CVE-2012-3216: FilePermission improved path checking S7093490: adjust package access in rmiregistry S7143535, CVE-2012-5068: ScriptEngine corrected permissions S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp S7158807: Revise stack management with volatile call sites S7163198, CVE-2012-5076: Tightened package accessibility S7167656, CVE-2012-5077: Multiple Seeders are being created S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types S7169887, CVE-2012-5074: Tightened package accessibility S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector S7172522, CVE-2012-5072: Improve DomainCombiner checking S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC S7189103, CVE-2012-5069: Executors needs to maintain state S7189490: More improvements to DomainCombiner checking S7189567, CVE-2012-5085: java net obselete protocol S7192975, CVE-2012-5071: Issue with JMX reflection S7195194, CVE-2012-5084: Better data validation for Swing S7195549, CVE-2012-5087: Better bean object persistence S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance S7196190, CVE-2012-5088: Improve method of handling MethodHandles S7198296, CVE-2012-5089: Refactor classloader usage S7158801: Improve VM CompileOnly option S7158804: Improve config file parsing S7198606, CVE-2012-4416: Improve VM optimization Bug fixes Remove merge artefact. Remove the Xp header and library checks. JamVM PR1155: Do not put version number in libjvm.so SONAME The tarballs can be downloaded from: http://icedtea.classpath.org/download/source/icedtea6-1.10.10.tar.gz (sig) http://icedtea.classpath.org/download/source/icedtea6-1.11.5.tar.gz (sig) http://icedtea.classpath.org/download/source/icedtea-2.1.3.tar.gz (sig) http://icedtea.classpath.org/download/source/icedtea-2.2.3.tar.gz (sig) http://icedtea.classpath.org/download/source/icedtea-2.3.3.tar.gz (sig) SHA256 checksums: 644804a85b5b446d7840e3d11adf45782d73fcd880a2df5403c53c96cc288c3e icedtea6-1.10.10.tar.gz 258d81d957f8ab9322fbaf7c90647f27f6b4e675504fa279858e6dfe513f7574 icedtea6-1.11.5.tar.gz 1929e57eb6718d30735e1e04e9e129457f845f7d7a8404b2b028740d0779ddb6 icedtea-2.1.3.tar.gz 4397ef71a0d729521be70f920bfc3fb6aec3455f1619b538cea75df512df1a16 icedtea-2.2.3.tar.gz e5ac5564e00c4a8d7b3376ed6de91b18a2587c8abdad802ccc92c780765b1073 icedtea-2.3.3.tar.gz Each tarball is accompanied by a digital signature (see above links). This is produced using my public key. See details below. PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 The following people helped with these releases: Elliott Baron (creation of reproducers for S7163198/S7169887 & S7186286, checking S7189103 & S7189567) Deepak Bhole (creation of reproducer for S7093490) Severin Gehwolf (creation of reproducers for S7163198/S7169887 & S7186286, checking S7189103 & S7189567) Andrew John Hughes (applying all security patches, backports & bug fixes, reproducer runs, release management) Omair Majid (creation of reproducers for S7167656, S7172522, S7195549, S7195917 & S7189490) Chris Phillips (checking S7143535, S7169884 & S7198606 reproducers) Roman Kennke (creation of reproducers for S7158796, S7169888, S7192975 & S7198296) Pavel Tisnovsky (additional reproducer runs) Mario Torre (creation of reproducers for S6631398, S7195919 & S7196190, checking S7195194 reproducer) Jon VanAlten (creation of reproducer for S7158801, checking S7158800, S7158804 & S7158807) We would also like to thank the bug reporters and testers! To get started: $ tar xzf icedtea-${ver}.tar.gz Full build requirements and instructions are in INSTALL: $ mkdir icedtea6-build $ cd icedtea6-build $ ../icedtea6-${ver}/configure [--enable-zero --enable-pulse-java --enable-systemtap ...] $ make Happy hacking! [Less]

The JCP Executive Committee (EC) Election ballot is now open and all of the candidates' nominations materials are now available on JCP.org -- note that two new candidates were nominated late last week: Liferay and North Sixty-One. It is shaping up ... [More] to be an exciting election this year!The ratified candidates are: Cinterion, Credit Suisse, Fujitsu and HP.The elected candidates are (9 candidates, 2 open seats): Cisco Systems, CloudBees, Giuseppe Dell'Abate, Liferay, London Java Community, MoroccoJUG, North Sixty-One, Software AG, and Zero Turnaround.Heather Vancura-Chilson in a post on the JCP Program Office blog. [Less]