Main menu:


Please consider a small donation:



Or you can donate bitcoin:


Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank


FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 425 other subscribers

My Favourites



April 2019
« Mar    

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current



OpenJDK 7 Update 9 with IcedTea 2.3.3 fixes security flaws

Shortly after Oracle released its own Update 9 for Java7, there was a similar update from the IcedTea team. New releases of IcedTea for OpenJDK6 and OpenJDK7 fix several critical security bugs. The version of IcedTea which I use (2.3.3) builds a OpenJDK 7 Update 9 package.

I also wanted to inform you about the relevant blog post from one of the main developers: GNU.Andrew (Andrew John Hughes from Redhat). His blog site was down – and it had been down for weeks – but it is available again. Unfortunately there is no news to be found there yet.

The list with security fixes in the IcedTea 2.3.3 build of OpenJDK is impressive:

  - S6631398, CVE-2012-3216: FilePermission improved path checking
  - S7093490: adjust package access in rmiregistry
  - S7143535, CVE-2012-5068: ScriptEngine corrected permissions
  - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp
  - S7158807: Revise stack management with volatile call sites
  - S7163198, CVE-2012-5076: Tightened package accessibility
  - S7167656, CVE-2012-5077: Multiple Seeders are being created
  - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
  - S7169887, CVE-2012-5074: Tightened package accessibility
  - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
  - S7172522, CVE-2012-5072: Improve DomainCombiner checking
  - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
  - S7189103, CVE-2012-5069: Executors needs to maintain state
  - S7189490: More improvements to DomainCombiner checking
  - S7189567, CVE-2012-5085: java net obselete protocol
  - S7192975, CVE-2012-5071: Issue with JMX reflection
  - S7195194, CVE-2012-5084: Better data validation for Swing
  - S7195549, CVE-2012-5087: Better bean object persistence
  - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
  - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance
  - S7196190, CVE-2012-5088: Improve method of handling MethodHandles
  - S7198296, CVE-2012-5089: Refactor classloader usage
  - S7158800: Improve storage of symbol tables
  - S7158801: Improve VM CompileOnly option
  - S7158804: Improve config file parsing
  - S7198606, CVE-2012-4416: Improve VM optimization


So I guess it is good to upgrade fast! Get my packages (Slackware 13,37 and newer) for OpenJDK 7u9_b30 here:

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

I will repeat these notes:

  • You need to install either the JRE or the JDK package. Not both of them! If you are not a Java developer and never compile Java code, then you do not need the openjdk package and it will be sufficient to install the (smaller) openjre package instead.
  • If you are migrating to OpenJDK after having used Oracle’s Java binaries, make sure that you have removed both “jre” and “jdk” packages. Run a command like “removepkg /var/log/packages/jdk-* ; removepkg /var/log/packages/jre-*” to get rid of both. Then install the openjdk or openjre package. Logout and log back in after this package removal/installation, so that you will get the proper Java environment.
  • Test your java browser plugin online: or .

Good luck! Eric


Comment from Mike Langdon (mlangdn)
Posted: October 18, 2012 at 18:59

Thanks Eric!

Comment from Thomas Løcke
Posted: October 19, 2012 at 15:17

I can’t get icedtea-web-1.3-x86_64-2alien.txz to work with Firefox on my Slackware64 14.0 box. It works fine in Chrome.

It worked with icedtea-web-1.2.1.

I’ve installed 7u9 and rhino-1_7R3.

What can I be doing wrong?

Comment from alienbob
Posted: October 19, 2012 at 16:09

Hi Thomas

What does not work for you? Here on this Slackware64 14 laptop with multilib, and with the openjdk 7u9, rhino 1_7R3 and icedtea-web-1.3-x86_64-2alien packages installed on top I have no issues displaying the Java applets which are embedded in the two test URL’s I liked to in the main article. And the commands:
$ javaws /usr/share/icedtea-web/about.jnlp
$ itweb-settings
work perfectly as well.


Comment from Me
Posted: October 19, 2012 at 19:50

After i installed rhino, openjdk and icedtea-web javascript stopped working in all my browsers.
Do i need to do anything to make it work?
If i remove the packages it still doesn’t work.
No i can’t play embedded videos on anymore as i could before.

Comment from Me
Posted: October 19, 2012 at 19:53

Forget to inform that the test links works, the command works as well.

Comment from Me
Posted: October 19, 2012 at 19:57

Javascript script works according to
So i find it strange.

Comment from alienbob
Posted: October 19, 2012 at 21:35

Hi “Me”

For me, JavaScript still works OK: the site you link to tells me “JavaScript IS WORKING in your web browser “.

I did not yet find a site complaining about non-working JavaScript. Can you give an example other than that video web site in a language I do not understand?

Looking at that site in Chrome I noticed that the video does not play there either, and Chrome’s JavaScript console shows these errors:

Uncaught SyntaxError: Invalid regular expression: missing / :: feber2.js:54
Uncaught ReferenceError: getVimeoThumbMedium is not defined :: /video/art/254925/fredagsdansen_2/:1710
Uncaught ReferenceError: getVimeoThumbMedium is not defined :: /video/art/254925/fredagsdansen_2/:1796
Uncaught ReferenceError: getVimeoThumbMedium is not defined :: /video/art/254925/fredagsdansen_2/:1964
Uncaught ReferenceError: checkCookie is not defined :: /video/art/254925/fredagsdansen_2/:2423
(3)Uncaught ReferenceError: loadVideo is not defined :: /video/art/254925/fredagsdansen_2/:1

So I guess the error could be in that website’s code.


Comment from Thomas Løcke
Posted: October 21, 2012 at 11:26

Hey Eric,

The two browser Java plugin test URL’s doesn’t report anything back. The first one does not return a pink rectangle with my Java version, and the second one simply states that “Something is wrong. Java is not working”.

The javaws and itweb-settings both work fine, and the Java plugin is working in Chrome.

I’ve got the following packages installed:


If I open the plugin manager in Firefox it reports that I have version 1.3 of the IcedTest-Web plugin.

I’m baffled.

Comment from alienbob
Posted: October 21, 2012 at 12:41

Hi Thomas

You could check if the directory /usr/lib64/mozilla/plugins/ contains files or symlinks that aren’t supposed to be there. The icedtea-web package installs a symlink there: -> /usr/lib64/

Perhaps there is a dead symlink from an earlier package which is interfering. Or perhaps even in your private plugin directory in $HOME : ~/.mozilla/plugins/

Comment from Thomas Løcke
Posted: October 22, 2012 at 08:26

Hey Eric,

Links are all fine, and as I said: It works in Chrome.

After having mucked around with this for too long, I gave up and installed Oracle Java using the slackbuild found in extras/ and when that also failed in Firefox, I caved in and wiped the Firefox profile. And lo and behold, suddenly Java worked.

I then removed Oracle Java and installed your packages again, and I now have OpenJRE 7u9 up and running without a hitch.

So in the end it was “just” a crappy/buggy Firefox profile. I’m sorry for having wasted your time.

Comment from Me
Posted: October 23, 2012 at 23:06

Seems like it’s the site, since it works again now.
Sorry for taking your time.

Write a comment