My thoughts on Slackware, life and everything

OpenJDK 7 Update 9 with IcedTea 2.3.3 fixes security flaws

Shortly after Oracle released its own Update 9 for Java7, there was a similar update from the IcedTea team. New releases of IcedTea for OpenJDK6 and OpenJDK7 fix several critical security bugs. The version of IcedTea which I use (2.3.3) builds a OpenJDK 7 Update 9 package.

I also wanted to inform you about the relevant blog post from one of the main developers: GNU.Andrew (Andrew John Hughes from Redhat). His blog site was down – and it had been down for weeks – but it is available again. Unfortunately there is no news to be found there yet.

The list with security fixes in the IcedTea 2.3.3 build of OpenJDK is impressive:

  - S6631398, CVE-2012-3216: FilePermission improved path checking
  - S7093490: adjust package access in rmiregistry
  - S7143535, CVE-2012-5068: ScriptEngine corrected permissions
  - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp
  - S7158807: Revise stack management with volatile call sites
  - S7163198, CVE-2012-5076: Tightened package accessibility
  - S7167656, CVE-2012-5077: Multiple Seeders are being created
  - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
  - S7169887, CVE-2012-5074: Tightened package accessibility
  - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
  - S7172522, CVE-2012-5072: Improve DomainCombiner checking
  - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
  - S7189103, CVE-2012-5069: Executors needs to maintain state
  - S7189490: More improvements to DomainCombiner checking
  - S7189567, CVE-2012-5085: java net obselete protocol
  - S7192975, CVE-2012-5071: Issue with JMX reflection
  - S7195194, CVE-2012-5084: Better data validation for Swing
  - S7195549, CVE-2012-5087: Better bean object persistence
  - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
  - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance
  - S7196190, CVE-2012-5088: Improve method of handling MethodHandles
  - S7198296, CVE-2012-5089: Refactor classloader usage
  - S7158800: Improve storage of symbol tables
  - S7158801: Improve VM CompileOnly option
  - S7158804: Improve config file parsing
  - S7198606, CVE-2012-4416: Improve VM optimization

 

So I guess it is good to upgrade fast! Get my packages (Slackware 13,37 and newer) for OpenJDK 7u9_b30 here:

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

I will repeat these notes:

  • You need to install either the JRE or the JDK package. Not both of them! If you are not a Java developer and never compile Java code, then you do not need the openjdk package and it will be sufficient to install the (smaller) openjre package instead.
  • If you are migrating to OpenJDK after having used Oracle’s Java binaries, make sure that you have removed both “jre” and “jdk” packages. Run a command like “removepkg /var/log/packages/jdk-* ; removepkg /var/log/packages/jre-*” to get rid of both. Then install the openjdk or openjre package. Logout and log back in after this package removal/installation, so that you will get the proper Java environment.
  • Test your java browser plugin online: http://javatester.org/version.html or http://www.java.com/en/download/testjava.jsp .

Good luck! Eric

11 Comments

  1. Mike Langdon (mlangdn)

    Thanks Eric!

  2. Thomas Løcke

    I can’t get icedtea-web-1.3-x86_64-2alien.txz to work with Firefox on my Slackware64 14.0 box. It works fine in Chrome.

    It worked with icedtea-web-1.2.1.

    I’ve installed 7u9 and rhino-1_7R3.

    What can I be doing wrong?

  3. alienbob

    Hi Thomas

    What does not work for you? Here on this Slackware64 14 laptop with multilib, and with the openjdk 7u9, rhino 1_7R3 and icedtea-web-1.3-x86_64-2alien packages installed on top I have no issues displaying the Java applets which are embedded in the two test URL’s I liked to in the main article. And the commands:
    $ javaws /usr/share/icedtea-web/about.jnlp
    $ itweb-settings
    work perfectly as well.

    Eric

  4. Me

    After i installed rhino, openjdk and icedtea-web javascript stopped working in all my browsers.
    Do i need to do anything to make it work?
    If i remove the packages it still doesn’t work.
    No i can’t play embedded videos on http://feber.se/ anymore as i could before.

  5. Me

    Forget to inform that the test links works, the command works as well.

  6. Me

    Javascript script works according to http://javatester.org/javascript.html
    So i find it strange.

  7. alienbob

    Hi “Me”

    For me, JavaScript still works OK: the site you link to tells me “JavaScript IS WORKING in your web browser “.

    I did not yet find a site complaining about non-working JavaScript. Can you give an example other than that video web site in a language I do not understand?

    Looking at that site in Chrome I noticed that the video does not play there either, and Chrome’s JavaScript console shows these errors:

    Uncaught SyntaxError: Invalid regular expression: missing / :: feber2.js:54
    Uncaught ReferenceError: getVimeoThumbMedium is not defined :: /video/art/254925/fredagsdansen_2/:1710
    Uncaught ReferenceError: getVimeoThumbMedium is not defined :: /video/art/254925/fredagsdansen_2/:1796
    Uncaught ReferenceError: getVimeoThumbMedium is not defined :: /video/art/254925/fredagsdansen_2/:1964
    Uncaught ReferenceError: checkCookie is not defined :: /video/art/254925/fredagsdansen_2/:2423
    (3)Uncaught ReferenceError: loadVideo is not defined :: /video/art/254925/fredagsdansen_2/:1

    So I guess the error could be in that website’s code.

    Eric

  8. Thomas Løcke

    Hey Eric,

    The two browser Java plugin test URL’s doesn’t report anything back. The first one does not return a pink rectangle with my Java version, and the second one simply states that “Something is wrong. Java is not working”.

    The javaws and itweb-settings both work fine, and the Java plugin is working in Chrome.

    I’ve got the following packages installed:

    icedtea-web-1.3-x86_64-2alien.txz
    openjre-7u9_b30-x86_64-1alien.txz
    rhino-1_7R3-noarch-1alien.tgz

    If I open the plugin manager in Firefox it reports that I have version 1.3 of the IcedTest-Web plugin.

    I’m baffled.

  9. alienbob

    Hi Thomas

    You could check if the directory /usr/lib64/mozilla/plugins/ contains files or symlinks that aren’t supposed to be there. The icedtea-web package installs a symlink there:

    IcedTeaPlugin.so -> /usr/lib64/IcedTeaPlugin.so

    Perhaps there is a dead symlink from an earlier package which is interfering. Or perhaps even in your private plugin directory in $HOME : ~/.mozilla/plugins/
    Eric

  10. Thomas Løcke

    Hey Eric,

    Links are all fine, and as I said: It works in Chrome.

    After having mucked around with this for too long, I gave up and installed Oracle Java using the slackbuild found in extras/ and when that also failed in Firefox, I caved in and wiped the Firefox profile. And lo and behold, suddenly Java worked.

    I then removed Oracle Java and installed your packages again, and I now have OpenJRE 7u9 up and running without a hitch.

    So in the end it was “just” a crappy/buggy Firefox profile. I’m sorry for having wasted your time.

  11. Me

    Seems like it’s the site, since it works again now.
    Sorry for taking your time.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 Alien Pastures

Theme by Anders NorenUp ↑