The icedtea project have released version 3.2.0 of their IcedTea build framework. This was done to mirror Oracle’s recent Critical Patch Update which brings OpenJDK to version 8u111_b14 or “Java 8 Update 111 Build 14” (and the JRE too of course).
Here is the long-ish list of security fixes and CVE‘s as taken from the announcement on Andrew Hughes’s blog:
- S8146490: Direct indirect CRL checks
- S8151921: Improved page resolution
- S8155968: Update command line options
- S8155973, CVE-2016-5542: Tighten jar checks
- S8156794: Extend data sharing
- S8157176: Improved classfile parsing
- S8157739, CVE-2016-5554: Classloader Consistency Checking
- S8157749: Improve handling of DNS error replies
- S8157753: Audio replay enhancement
- S8157759: LCMS Transform Sampling Enhancement
- S8157764: Better handling of interpolation plugins
- S8158302: Handle contextual glyph substitutions
- S8158993, CVE-2016-5568: Service Menu services
- S8159495: Fix index offsets
- S8159503: Amend Annotation Actions
- S8159511: Stack map validation
- S8159515: Improve indy validation
- S8159519, CVE-2016-5573: Reformat JDWP messages
- S8160090: Better signature handling in pack200
- S8160094: Improve pack200 layout
- S8160098: Clean up color profiles
- S8160591, CVE-2016-5582: Improve internal array handling
- S8160838, CVE-2016-5597: Better HTTP service
- PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read()
Download locations for the JDK and JRE packages (updates for Slackware 13.37 and 14.0 are still pending):
http://www.slackware.com/~alien/slackbuilds/openjdk/
http://bear.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/
(rsync URI: rsync://bear.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/)
If your applications are not yet ready for Java 8, I still maintain the Java 7 packages under new names:”openjdk7″ and “openjre7”. Note that my Java 7 and Java 8 packages (e.g. openjdk7 and openjdk) can not co-exist on your computer because they use the same installation directory.
There is no more need for a separate “rhino” package (implementation of the JavaScript engine used by OpenJDK) because in OpenJDK 8, this functionality is provided natively using the internal “nashorn” library.
Note about usage:
Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.
Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.
Have fun! Eric
Recent comments