Updates are available both for Java 7 and java 8. These updates sync the OpenJDK releases to the April 2016 updates from Oracle’s Java.
Java 8
The recently released icedtea-3.0.1 builds OpenJDK 8u91_b14 aka Java 8 Update 91, with security fixes and CVE‘s related to Oracle’s April 2016 updates:
- S8129952, CVE-2016-0686: Ensure thread consistency
- S8132051, CVE-2016-0687: Better byte behavior
- S8138593, CVE-2016-0695: Make DSA more fair
- S8139008: Better state table management
- S8143167, CVE-2016-3425: Better buffering of XML strings
- S8143945, CVE-2016-3426: Better GCM validation
- S8144430, CVE-2016-3427: Improve JMX connections
- S8146494: Better ligature substitution
- S8146498: Better device table adjustments
Java 8 contains its own JavaScript engine so there is no longer a dependency on a separate “rhino” package.
Download locations:
- http://www.slackware.com/~alien/slackbuilds/openjdk/
- http://bear.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/
(rsync URI: rsync://bear.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/)
Java 7
If your applications are not yet ready for Java 8, I still maintain the Java 7 packages under new names:”openjdk7″ and “openjre7”. Note that my Java 7 and Java 8 packages (e.g. openjdk7 and openjdk) can not co-exist on your computer because they use the same installation directory.
The icedtea-2.6.6 release builds OpenJDK 7u101_b00 aka Java 7 Update 101. There’s a list of security fixes attached to this release, almost identical to the Java 8 list:
- S8129952, CVE-2016-0686: Ensure thread consistency
- S8132051, CVE-2016-0687: Better byte behavior
- S8138593, CVE-2016-0695: Make DSA more fair
- S8139008: Better state table management
- S8143167, CVE-2016-3425: Better buffering of XML strings
- S8144430, CVE-2016-3427: Improve JMX connections
- S8146494: Better ligature substitution
- S8146498: Better device table adjustments
The Java 7 package (openjre7 as well as openjdk7) has one dependency: rhino provides JavaScript support for OpenJDK.
Download locations:
- http://www.slackware.com/~alien/slackbuilds/openjdk7/
- http://bear.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk7/
(rsync URI: rsync://bear.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk7/)
Note about usage:
Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.
Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.
Have fun! Eric
Many thanks for this and all you do!
Thanks Eric!
The release notes for these are now up; http://bitly.com/it20606 and http://bitly.com/it30001
Thanks Andrew, I have applied those URLs to the main article.
This is unrelated to the Java security updates but related to GCC.
Today I checked the Distrowatch website for Ubuntu GNOME and I saw GCC 5.3.1 as officially listed there.
I already emailed the Slackware project about this update to GCC. I think more people should know about it and let’s get 5.3.1 to be the final GCC version for Slackware 14.2
Version 5.3.1 somehow is not listed on the official GNU page for GCC yet Ubuntu GNOME seems to have it.
Let’s make some noise to get the deal done.
Thanks
The website is:
http://distrowatch.com/table.php?distribution=ubuntugnome
gcc (6.1.0) 5.3.1 5.2.1 4.9.2 4.9.1 4.8.2 4.8.1 4.7.3
Cristian
There is no GCC 5.3.1 release. Ubuntu can say all they want, but they are not the GCC developers.
Pat just replied to my email. He said that the version I saw is just what the distribution chose to use from a private build. He said that it is not an official release and thus unsupported. So, in this case 5.3.0 is here to stay for the final Slackware 14.2 release as Pat indicated in the email.
Hello,
There seems to be any issue with md5sum of rhino package for 64bit current. I cannot install the package using slackpkg. Please refer to this post in LQ: http://www.linuxquestions.org/questions/slackware-14/slackpkg-vs-third-party-package-repository-4175427364/page36.html#post5540838
I will update the rhino package, that will take care of things.
That .asc file for rhino is more than 4 years old so I guess something hickup-ed when generating the most recent CHECKSUMS.md5 repository file.
Thanks. I just updated the new rhino package using slackpkg.