Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

November 2014
M T W T F S S
« Oct    
 12
3456789
10111213141516
17181920212223
24252627282930

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Meta

New IcedTea for OpenJDK 7u17

In order to match the recent Oracle security update for its Java platform, Java 7u17, the IcedTea developers have released version 2.3.8 of the IcedTea “build harness”, with which a fresh OpenJDK 7u17 can be built. This 17th update to Java7 addresses several vulnerabilities, the same as Oracle’s update.

It may be worth noting that security experts advise you to disable the Java plugin of your web browser unless you absolutely need it, and in such a case, set the Java Applet security to “high” so that you will be prompted when a Java applet attempts to load in your browser. See for instance the US-CERT statement about these vulnerabilities.

Nevertheless, I think that Java is an important piece of software which a lot of people use and need. After all, the whole world has been complaining for decennia about the vulnerabilities in Sendmail… And that is still widely used, because its vulnerability depends entirely upon the careless administrator (and I still prefer Sendmail over Postfix). Therefore it is only logical that you will get new packages from my repository for the latest OpenJDK.

Anyway.

Here is the list (taken from the mailing list this time because Andrew has not yet updated his blog) of the vulnerabilities which are being addressed by this update, and their CVE numbers:

If you wait a little, you will be able to read all about it on Andrew John Hughes‘s blog. GNU/Andrew is the release manager for IcedTea.

Apart from these critical vulnerabilities (of which one was already actively exploited) there are some other bug fixes which are explicitly mentioned:

  • PR1303: Correct #ifdef to #if
  • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
  • Revert 7017193 and add the missing free call, until a better fix is ready.

Packages for OpenJDK 7u17, compiled on Slackware 13.37 (and useable on 13.37 as well as 14.0 and -current!), can be found at the usual locations. Here are a few:

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

Comments

Comment from StreamThreader
Posted: March 12, 2013 at 20:54

Thanks! You work for Slackware community very important.

Comment from Mike Langdon (mlangdn)
Posted: March 12, 2013 at 23:25

Thanks Eric! Looks like flash has one coming also.

Comment from Gustavo B. Schenkel
Posted: March 15, 2013 at 17:41

Hey Eric, i saw the ‘icedtea-web’ folder in your ftp is updated to march 15, but the version still 1.3.1. I wonder if you has compiled the version 1.3.8 and doesn’t put on your ftp. The same happen to ‘rhino’. Thanks for your work, a hug from Brazil.

Comment from alienbob
Posted: March 15, 2013 at 21:43

Gustavo, don’t look at the directory timestamps. Only look at the packages.

Icedtea-web is not the same as IcedTea. Icedtea-web is the separate browser plugin for OpenJDK, it will only work with a version of OpenJDK which has been compiled using IcedTea.

And IcedTea 2.3.8 was used by me to compile OpenJDK 7u17.

Eric

Comment from Gustavo B. Schenkel
Posted: March 18, 2013 at 13:08

Ahh I got, i thought was the same package, my mistake :p

Write a comment