Released today: new versions of IcedTea. It usually takes a while for an announcement to appear on Andrew’s blog, but the mailing list announcement was enough for me. Not quite unexpected, since Oracle was huffing and puffing yesterday when the company joined other security-challenged companies like Microsoft and Adobe in what’s lovingly called “patch tuesday“, so I was kind of expecting an OpenJDK follow-up. The flurry of patches that I saw today was a sure sign.
So I got to compile OpenJDK 7u51 using the IcedTea 2.4.4 framework. As with every Java release, this one fixes a slew of security holes. Let me say in full, “Update 51 Build 00” of OpenJDK 7 addresses these issues:
* Security fixes - S6727821: Enhance JAAS Configuration - S7068126, CVE-2014-0373: Enhance SNMP statuses - S8010935: Better XML handling - S8011786, CVE-2014-0368: Better applet networking - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code - S8022904: Enhance JDBC Parsers - S8022927: Input validation for byte/endian conversions - S8022935: Enhance Apache resolver classes - S8022945: Enhance JNDI implementation classes - S8023057: Enhance start up image display - S8023069, CVE-2014-0411: Enhance TLS connections - S8023245, CVE-2014-0423: Enhance Beans decoding - S8023301: Enhance generic classes - S8023338: Update jarsigner to encourage timestamping - S8023672: Enhance jar file validation - S8024302: Clarify jar verifications - S8024306, CVE-2014-0416: Enhance Subject consistency - S8024530: Enhance font process resilience - S8024867: Enhance logging start up - S8025014: Enhance Security Policy - S8025018, CVE-2014-0376: Enhance JAX-P set up - S8025026, CVE-2013-5878: Enhance canonicalization - S8025034, CVE-2013-5907: Improve layout lookups - S8025448: Enhance listening events - S8025758, CVE-2014-0422: Enhance Naming management - S8025767, CVE-2014-0428: Enhance IIOP Streams - S8026172: Enhance UI Management - S8026176: Enhance document printing - S8026193, CVE-2013-5884: Enhance CORBA stub factories - S8026204: Enhance auth login contexts - S8026417, CVE-2013-5910: Enhance XML canonicalization - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms - S8027201, CVE-2014-0376: Enhance JAX-P set up - S8029507, CVE-2013-5893: Enhance JVM method processing - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains * Bug fixes - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds - D729448: 32-bit alignment on mips and mipsel - PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6
Please update your installed openjdk or openjre packages with this new version! You’ll notice that browsers like Firefox and Chrome/Chromium no longer load Java applets by default and ask you for explicit approval to load and run them.
I tested as usual whether jMol and Minecraft (both standalone Java applications) were still working – they do! And again testing the browser plugin was a challenge. Orcacle’s java checker did not work… after the icedtea-web plugin itself loaded properly:
This time the plugin triggered an error “net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Unknown Main-Class. Could not determine the main class for this application.” The test at javatester.org was fine though.
Get my packages – they have been compiled on Slackware 13.37 and are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):
- http://slackware.com/~alien/slackbuilds/openjdk/ , the primary location
- http://alien.slackbook.org/slackbuilds/openjdk/ , the community mirror (bandwidth-capped)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
- http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync
Further packages that are recommended/required:
- Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.