Tag: icedtea (Page 4 of 5)

Security update: OpenJDK 7u55 (created with icedtea 2.4.7)

April 17, 2014 / alienbob / 3 Comments

On “patch tuesday”, two days ago, Oracle released their April update of the Java SE platform.

The new version of Java is “7 update 55” and addresses several vulnerabilities. The IcedTea team have now prepared version 2.4.7 of their OpenJDK build framework which will compile an OpenJDK version in sync with Oracle’s release. Please read the announcement on Andrew’s blog for all the release details.

Update 55 Build 14 of OpenJDK 7 addresses these critical issues:

* Security fixes:
S8023046: Enhance splashscreen support

S8025005: Enhance CORBA initializations

S8025010, CVE-2014-2412: Enhance AWT contexts

S8025030, CVE-2014-2414: Enhance stream handling

S8025152, CVE-2014-0458: Enhance activation set up

S8026067: Enhance signed jar verification

S8026163, CVE-2014-2427: Enhance media provisioning

S8026188, CVE-2014-2423: Enhance envelope factory

S8026200: Enhance RowSet Factory

S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling

S8026736, CVE-2014-2398: Enhance Javadoc pages

S8026797, CVE-2014-0451: Enhance data transfers

S8026801, CVE-2014-0452: Enhance endpoint addressing

S8027766, CVE-2014-0453: Enhance RSA processing

S8027775: Enhance ICU code.

S8027841, CVE-2014-0429: Enhance pixel manipulations

S8028385: Enhance RowSet Factory

S8029282, CVE-2014-2403: Enhance CharInfo set up

S8029286: Enhance subject delegation

S8029699: Update Poller demo

S8029730: Improve audio device additions

S8029735: Enhance service mgmt natives

S8029740, CVE-2014-0446: Enhance handling of loggers

S8029745, CVE-2014-0454: Enhance algorithm checking

S8029750: Enhance LCMS color processing (in-tree LCMS)

S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg)

S8029844, CVE-2014-0455: Enhance argument validation

S8029854, CVE-2014-2421: Enhance JPEG decodings

S8029858, CVE-2014-0456: Enhance array copies

S8030731, CVE-2014-0460: Improve name service robustness

S8031330: Refactor ObjectFactory

S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS)

S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng)

S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader

S8031395: Enhance LDAP processing

S8032686, CVE-2014-2413: Issues with method invoke

S8033618, CVE-2014-1876: Correct logging output

S8034926, CVE-2014-2397: Attribute classes properly

S8036794, CVE-2014-0461: Manage JavaScript instances

Please update your installed openjdk or openjre packages with this new version! You’ll notice that browsers like Firefox and Chrome/Chromium no longer load Java applets by default and ask you for explicit approval to load and run them.

You can visit the following URL after you upgraded your OpenJDK package (assuming you also upgraded to my latest icedtea-web package): http://java.com/en/download/testjava.jsp to verify that your Java plus the web plugin are working properly.

Get my packages – they have been compiled on Slackware 13.37 and are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):

http://slackware.com/~alien/slackbuilds/openjdk/ , the primary location
http://alien.slackbook.org/slackbuilds/openjdk/ , the community mirror (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

Security release: OpenJDK 7u45

October 21, 2013 / alienbob / 6 Comments

Somewhat unexpected, since I was toying with other packages (pondering pipelight, updating kdelibs) and started to read a new book after finishing one that I have mixed feelings about… there was an announcement of OpenJDK 7u45, which is a security release.

Using the IcedTea 2.4.3 build harness, this release synchronizes the OpenJDK code with the upstream “Update 45 Build 31” tag. Please update your installed openjdk or openjre packages with this new version, since it fixes a lot of security issues (again):

  - S8006900, CVE-2013-3829: Add new date/time capability
  - S8008589: Better MBean permission validation
  - S8011071, CVE-2013-5780: Better crypto provider handling
  - S8011081, CVE-2013-5772: Improve jhat
  - S8011157, CVE-2013-5814: Improve CORBA portablility
  - S8012071, CVE-2013-5790: Better Building of Beans
  - S8012147: Improve tool support
  - S8012277: CVE-2013-5849: Improve AWT DataFlavor
  - S8012425, CVE-2013-5802: Transform TransformerFactory
  - S8013503, CVE-2013-5851: Improve stream factories
  - S8013506: Better Pack200 data handling
  - S8013510, CVE-2013-5809: Augment image writing code
  - S8013514: Improve stability of cmap class
  - S8013739, CVE-2013-5817: Better LDAP resource management
  - S8013744, CVE-2013-5783: Better tabling for AWT
  - S8014085: Better serialization support in JMX classes
  - S8014093, CVE-2013-5782: Improve parsing of images
  - S8014098: Better profile validation
  - S8014102, CVE-2013-5778: Improve image conversion
  - S8014341, CVE-2013-5803: Better service from Kerberos servers
  - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations
  - S8014530, CVE-2013-5825: Better digital signature processing
  - S8014534: Better profiling support
  - S8014987, CVE-2013-5842: Augment serialization handling
  - S8015614: Update build settings
  - S8015731: Subject java.security.auth.subject to improvements
  - S8015743, CVE-2013-5774: Address internet addresses
  - S8016256: Make finalization final
  - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names
  - S8016675, CVE-2013-5797: Make Javadoc pages more robust
  - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
  - S8017287, CVE-2013-5829: Better resource disposal
  - S8017291, CVE-2013-5830: Cast Proxies Aside
  - S8017298, CVE-2013-4002: Better XML support
  - S8017300, CVE-2013-5784: Improve Interface Implementation
  - S8017505, CVE-2013-5820: Better Client Service
  - S8019292: Better Attribute Value Exceptions
  - S8019617: Better view of objects
  - S8020293: JVM crash
  - S8021275, CVE-2013-5805: Better screening for ScreenMenu
  - S8021282, CVE-2013-5806: Better recycling of object instances
  - S8021286: Improve MacOS resourcing
  - S8021290, CVE-2013-5823: Better signature validation
  - S8022931, CVE-2013-5800: Enhance Kerberos exceptions
  - S8022940: Enhance CORBA translations
  - S8023683: Enhance class file parsing

I tested as usual whether jMol and Minecraft were still working (they do) and became quite annoyed about Orcacle’s java checker refusing to recognize the new OpenJDK. At least, all other test URLs work fine, like this one at javatester.org. Stupid Oracle.

I told you to get the packages! So, get them already. They have been compiled on Slackware 13.37 and are useable on 13.37 as well as 14.0 and -current! Get them preferably from a mirror site (faster downloads):

http://slackware.com/~alien/slackbuilds/openjdk/ , the primary location
http://alien.slackbook.org/slackbuilds/openjdk/ , the community mirror (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

OpenJDK 7u40_b60 built with IcedTea 2.4.2

September 23, 2013 / alienbob / 0 Comments

Last time I updated my OpenJDK packages there was a ton of critical bugfixes which had been applied by the IcedTea community – fixes which Oracle had not yet added to its own version of Java. That version of OpenJDK called itself “Java7 Update 40 Build 31” aka openjdk-7u40_b31.

It took a while for Oracle to release its own 7u40 release – as you know Oracle uses OpenJDK as the base upon which it builds its binary releases of Java SE, but the company sometimes does not respond to critical holes as fast as the IcedTea developers do.

Last friday, the IcedTea team released version 2.4.2 of their “build harness”. This new icedtea release updates its OpenJDK support with a number of (non-critical) bug fixes. It also synchronizes the OpenJDK code with the upstream “Update 40 Build 60” tag. Hence, the new OpenJDK packages which I present to you today are versioned “7u40_b60”

You can check out the mailing list announcement for the new release, since there is not yet a blog post on Andrew Hughes‘ site. It will be there shortly, for sure. I will merely list the bugfixes here:

- RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors
- RH995488: Java thinks that the default timezone is Busingen instead of Zurich
- Cleanup file resources properly in TimeZone_md.
- PR1410: Icedtea 2.3.9 fails to build using icedtea 1.12.4
- G477456: emerge fails on pax system: java attempts RWX map, paxctl -m missing
- G478484: patches/boot/ecj-diamond.patch FAILED
- Fix Zero following changes to entry_frame_call_wrapper in 8016131
- RH1008988: Set ZERO_BUILD in flags.make so it is set on rebuilds
- Cast should use same type as GCDrainStackTargetSize (uintx).
- Add casts to fix build on S390

OpenJDK 7u40_b60 for Slackware:

java_is_working_7u40_b60

My packages for OpenJDK have been compiled on Slackware 13.37 and are useable on 13.37 as well as 14.0 and -current! (as the screenshot shows). Get them preferably from a mirror site (faster downloads):

http://slackware.com/~alien/slackbuilds/openjdk/ , the primary location
http://alien.slackbook.org/slackbuilds/openjdk/ , the community mirror (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web which I also updated a couple of days ago (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

OpenJDK security update: 7u40_b31was built with IcedTea 2.4.1

July 8, 2013 / alienbob / 0 Comments

It’s Java security update time again, folks. The IcedTea team just released version 2.4.1 of their “build harness” (which builds the OpenJDK source code using Free Software tools and allows for other features such as support for alternative virtual machines and ARM support).

The new IcedTea will build OpenJDK 7 Update 40 Build 31 – or 7u40_b31 in short.

This includes the latest security updates. IcedTea 2.4.x continues to track the upcoming Java 7u40 release “upstream”. For the official announcement check out GNU/Andrew’s blog post.

The security fixes are all listed on that blog page but I will repeat them here verbatim.

S6741606, CVE-2013-2407: Integrate Apache Santuario
S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls
S7170730, CVE-2013-2451: Improve Windows network stack support.
S8000638, CVE-2013-2450: Improve deserialization
S8000642, CVE-2013-2446: Better handling of objects for transportation
S8001032: Restrict object access
S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers
S8001034, CVE-2013-1500: Memory management improvements
S8001038, CVE-2013-2444: Resourcefully handle resources
S8001043: Clarify definition restrictions
S8001308: Update display of applet windows
S8001309: Better handling of annotation interfaces
S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only)
S8003703, CVE-2013-2412: Update RMI connection dialog box
S8004288, CVE-2013-2449: (fs) Files.probeContentType problems
S8004584: Augment applet contextualization
S8005007: Better glyph processing
S8006328, CVE-2013-2448: Improve robustness of sound classes
S8006611: Improve scripting
S8007467: Improve robustness of JMX internal APIs
S8007471: Improve MBean notifications
S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes
S8007925: Improve cmsStageAllocLabV2ToV4curves
S8007926: Improve cmsPipelineDup
S8007927: Improve cmsAllocProfileSequenceDescription
S8007929: Improve CurvesAlloc
S8008120, CVE-2013-2457: Improve JMX class checking
S8008124, CVE-2013-2453: Better compliance testing
S8008128: Better API coherence for JMX
S8008132, CVE-2013-2456: Better serialization support
S8008585: Better JMX data handling
S8008593: Better URLClassLoader resource management
S8008603: Improve provision of JMX providers
S8008607: Better input checking in JMX
S8008611: Better handling of annotations in JMX
S8008615: Improve robustness of JMX internal APIs
S8008623: Better handling of MBeanServers
S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606
S8008982: Adjust JMX for underlying interface changes
S8009004: Better implementation of RMI connections
S8009008: Better manage management-api
S8009013: Better handling of T2K glyphs
S8009034: Improve resulting notifications in JMX
S8009038: Improve JMX notification support
S8009057, CVE-2013-2448: Improve MIDI event handling
S8009067: Improve storing keys in KeyStore
S8009071, CVE-2013-2459: Improve shape handling
S8009235: Improve handling of TSA data
S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change
S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields
S8009654: Improve stability of cmsnamed
S8010209, CVE-2013-2460: Better provision of factories
S8011243, CVE-2013-2470: Improve ImagingLib
S8011248, CVE-2013-2471: Better Component Rasters
S8011253, CVE-2013-2472: Better Short Component Rasters
S8011257, CVE-2013-2473: Better Byte Component Rasters
S8012375, CVE-2013-1571: Improve Javadoc framing
S8012421: Better positioning of PairPositioning
S8012438, CVE-2013-2463: Better image validation
S8012597, CVE-2013-2465: Better image channel verification
S8012601, CVE-2013-2469: Better validation of image layouts
S8014281, CVE-2013-2461: Better checking of XML signature
S8015997: Additional improvement in Javadoc framing

The list with OpenJDK enhancements and fixes on the other hand, is so long that I will not even attempt to duplicate it. 😉

OpenJDK 7u40_b31 for Slackware:

java_is_working

My packages for OpenJDK have been compiled on Slackware 13.37 (and are useable on 13.37 as well as 14.0 and -current!). Get them preferably from a mirror site (faster downloads):

http://alien.slackbook.org/slackbuilds/openjdk/ , the primary location (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

OpenJDK 7 Update 40 (yes, 40) courtesy of IcedTea 2.4.0

June 10, 2013 / alienbob / 6 Comments

After so many “critical bugfix releases” that have plagued Java during the past year, it is nice to see some real hard work being made available to the public. The IcedTea developers have been preparing their first major release since 2.3.0 of August last year. Today, icedtea-2.4.0 was announced on the mailing list and on the blog of release manager Andrew John Hughes . The list of enhancements and new features is way too long to copy here, it’s best to go check out that blog post. There are a lot of bug fixes as expected, but there were no vulnerabilities that needed patching this time. A lot of effort has gone into the CACAO and JamVM alternative virtual machines for Java.

You will probably be surprised to see the jump in the update number for the OpenJDK package which is built using the new IcedTea. A finalized Update 40 of OpenJDK7 is scheduled for Augist this year, and some of the new features still have to be added to the source tree. But the IcedTea developers decided that making a new major release of their software available a few months earlier was for the better, considering the huge number of improvements and fixes that will result in a solid Java 7u40 release already.

On to the packages (and thanks Andrew for showing your appreciation for Slackware)!

My packages for OpenJDK have been compiled on Slackware 13.37 (and are useable on 13.37 as well as 14.0 and -current!). Get them preferably from a mirror site (faster downloads):

http://alien.slackbook.org/slackbuilds/openjdk/ , the primary location (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

December 2024
M	T	W	T	F	S	S
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Sun, 22 Dec 2024 03:52:10 GMT December 22, 2024
a/userspace-rcu-0.15.0-x86_64-1.txz: Upgraded. ap/nano-8.3-x86_64-1.txz: Upgraded. d/luajit-2.1.1734355927-x86_64-1.txz: Upgraded. x/mesa-24.2.8-x86_64-1.txz: Upgraded. We'll use this more stable branch in the main tree for a while. x/wayland-protocols-1.39-noarch-1.txz: Upgraded. xap/gnuplot-6.0.2-x86_64-1.txz: Upgraded. xfce/xfce4-screensaver-4.18.4-x86_64-1.txz: Upgraded. xfce/xfce4-session-4.20.0-x86_64-3.txz: Rebuilt. startxfce4: call labwc with --session. Thanks to nikybiasionoru_82. testing/packages/mesa-24.3.2-x86_64-1.txz: Added. Moved Mesa 24.3 into /testing.

SlackBuilds.org changes for Sat, 21 Dec 2024 00:11:49 GMT
academic/FreeFem: Updated for version 4.15. academic/openboard: Updated for version 1.7.3. academic/plus42: Updated for version 1.1.15 audio/rakarrack: Fix download URL. audio/tuxguitar: Updated for version 1.6.5 desktop/jgmenu: Updated for version 4.5.0. desktop/mint-themes: Update for 2.2.2 desktop/mint-y-icons: Update for 1.8.0 development/aws-cdk: Updated for version 2.173.1. development/aws-cdk: Updated for version 2.173.2. development/dotnet-sdk-9.0: Updated for version 9.0.101. development/electron: Update for […]

Tag: icedtea (Page 4 of 5)

Security update: OpenJDK 7u55 (created with icedtea 2.4.7)

Security release: OpenJDK 7u45

OpenJDK 7u40_b60 built with IcedTea 2.4.2

OpenJDK 7u40_b60 for Slackware:

OpenJDK security update: 7u40_b31was built with IcedTea 2.4.1

OpenJDK 7u40_b31 for Slackware:

OpenJDK 7 Update 40 (yes, 40) courtesy of IcedTea 2.4.0

About this blog

Sponsoring

Categories

Subscribe to Blog via Email

My Favourites

Online me

Slackware

Calendar

slackbuilds

multilib

Slackware64-current

SBo

Meta

Top Posts & Pages

Recent posts

Recent comments