Oracle’s patch & release cycle culminated in two updates of their Java (runtime and development kit) since the last release of OpenJDK for which I provided packages. Today, we can enjoy a new IcedTea and therefore an updated OpenJDK which synchronizes to Oracle’s October security patch release (which offers Java 7 Update 71).
IcedTea (my favourite build harness for a spiced-up OpenJDK) went up to version 2.5.3 and it builds OpenJDK 7 “Update 71 Build 14” (resulting in a package openjdk-7u71_b14).
The release announcement is conveniently posted to the release manager’s blog. Read all about it on GNU/Andrew’s site.
Noteworthy is that “alternate virtual machines (e.g. CACAO, JamVM) will be broken by this release, until such a time as they introduce support for JVM_FindClassFromCaller, a new virtual machine interface function added by S8015256” which is bad news for people who want to compile this on ARM. Those are the two which I enable to get some speed into Java on the ARM platform.
Also important to mention is the CVE’s which are addressed by this security update. A pretty bunch and therefore a speedy upgrade is recommended:
- S8022783, CVE-2014-6504: Optimize C2 optimizations
- S8037066, CVE-2014-6457: Secure transport layer
- S8037846, CVE-2014-6558: Ensure streaming of input cipher streams
- S8039509, CVE-2014-6512: Wrap sockets more thoroughly
- S8039533, CVE-2014-6517: Higher resolution resolvers
- S8041540, CVE-2014-6511: Better use of pages in font processing
- S8041564, CVE-2014-6506: Improved management of logger resources
- S8041717, CVE-2014-6519: Issue with class file parser
- S8042609, CVE-2014-6513: Limit splashiness of splash images
- S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
- S8044274, CVE-2014-6531: Proper property processing
Note about usage:
Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to nstall one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.
The package has one dependency: rhino provides JavaScript support for OpenJDK.
If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.
Have fun! Eric
Awesome, thanks! 🙂
I have posted preliminary patches for the alternative JVM Avian, Cacao and JamVM to make them compatible with the security update.
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-October/030043.html
IcedTea 2.5.3: Avian, JamVM, Cacao: Implement JVM_FindClassFromCaller OpenJDK 8015256: Better class accessibility
Hi Xerxes,
I really should try these patches and create an ARM build for the latest release. That is where the alternative JVM really matters.
Thanks for notification!