Tag: icedtea (Page 4 of 5)

Security release: OpenJDK 7u45

October 21, 2013 / alienbob / 6 Comments

Somewhat unexpected, since I was toying with other packages (pondering pipelight, updating kdelibs) and started to read a new book after finishing one that I have mixed feelings about… there was an announcement of OpenJDK 7u45, which is a security release.

Using the IcedTea 2.4.3 build harness, this release synchronizes the OpenJDK code with the upstream “Update 45 Build 31” tag. Please update your installed openjdk or openjre packages with this new version, since it fixes a lot of security issues (again):

  - S8006900, CVE-2013-3829: Add new date/time capability
  - S8008589: Better MBean permission validation
  - S8011071, CVE-2013-5780: Better crypto provider handling
  - S8011081, CVE-2013-5772: Improve jhat
  - S8011157, CVE-2013-5814: Improve CORBA portablility
  - S8012071, CVE-2013-5790: Better Building of Beans
  - S8012147: Improve tool support
  - S8012277: CVE-2013-5849: Improve AWT DataFlavor
  - S8012425, CVE-2013-5802: Transform TransformerFactory
  - S8013503, CVE-2013-5851: Improve stream factories
  - S8013506: Better Pack200 data handling
  - S8013510, CVE-2013-5809: Augment image writing code
  - S8013514: Improve stability of cmap class
  - S8013739, CVE-2013-5817: Better LDAP resource management
  - S8013744, CVE-2013-5783: Better tabling for AWT
  - S8014085: Better serialization support in JMX classes
  - S8014093, CVE-2013-5782: Improve parsing of images
  - S8014098: Better profile validation
  - S8014102, CVE-2013-5778: Improve image conversion
  - S8014341, CVE-2013-5803: Better service from Kerberos servers
  - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations
  - S8014530, CVE-2013-5825: Better digital signature processing
  - S8014534: Better profiling support
  - S8014987, CVE-2013-5842: Augment serialization handling
  - S8015614: Update build settings
  - S8015731: Subject java.security.auth.subject to improvements
  - S8015743, CVE-2013-5774: Address internet addresses
  - S8016256: Make finalization final
  - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names
  - S8016675, CVE-2013-5797: Make Javadoc pages more robust
  - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
  - S8017287, CVE-2013-5829: Better resource disposal
  - S8017291, CVE-2013-5830: Cast Proxies Aside
  - S8017298, CVE-2013-4002: Better XML support
  - S8017300, CVE-2013-5784: Improve Interface Implementation
  - S8017505, CVE-2013-5820: Better Client Service
  - S8019292: Better Attribute Value Exceptions
  - S8019617: Better view of objects
  - S8020293: JVM crash
  - S8021275, CVE-2013-5805: Better screening for ScreenMenu
  - S8021282, CVE-2013-5806: Better recycling of object instances
  - S8021286: Improve MacOS resourcing
  - S8021290, CVE-2013-5823: Better signature validation
  - S8022931, CVE-2013-5800: Enhance Kerberos exceptions
  - S8022940: Enhance CORBA translations
  - S8023683: Enhance class file parsing

I tested as usual whether jMol and Minecraft were still working (they do) and became quite annoyed about Orcacle’s java checker refusing to recognize the new OpenJDK. At least, all other test URLs work fine, like this one at javatester.org. Stupid Oracle.

I told you to get the packages! So, get them already. They have been compiled on Slackware 13.37 and are useable on 13.37 as well as 14.0 and -current! Get them preferably from a mirror site (faster downloads):

http://slackware.com/~alien/slackbuilds/openjdk/ , the primary location
http://alien.slackbook.org/slackbuilds/openjdk/ , the community mirror (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

OpenJDK 7u40_b60 built with IcedTea 2.4.2

September 23, 2013 / alienbob / 0 Comments

Last time I updated my OpenJDK packages there was a ton of critical bugfixes which had been applied by the IcedTea community – fixes which Oracle had not yet added to its own version of Java. That version of OpenJDK called itself “Java7 Update 40 Build 31” aka openjdk-7u40_b31.

It took a while for Oracle to release its own 7u40 release – as you know Oracle uses OpenJDK as the base upon which it builds its binary releases of Java SE, but the company sometimes does not respond to critical holes as fast as the IcedTea developers do.

Last friday, the IcedTea team released version 2.4.2 of their “build harness”. This new icedtea release updates its OpenJDK support with a number of (non-critical) bug fixes. It also synchronizes the OpenJDK code with the upstream “Update 40 Build 60” tag. Hence, the new OpenJDK packages which I present to you today are versioned “7u40_b60”

You can check out the mailing list announcement for the new release, since there is not yet a blog post on Andrew Hughes‘ site. It will be there shortly, for sure. I will merely list the bugfixes here:

- RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors
- RH995488: Java thinks that the default timezone is Busingen instead of Zurich
- Cleanup file resources properly in TimeZone_md.
- PR1410: Icedtea 2.3.9 fails to build using icedtea 1.12.4
- G477456: emerge fails on pax system: java attempts RWX map, paxctl -m missing
- G478484: patches/boot/ecj-diamond.patch FAILED
- Fix Zero following changes to entry_frame_call_wrapper in 8016131
- RH1008988: Set ZERO_BUILD in flags.make so it is set on rebuilds
- Cast should use same type as GCDrainStackTargetSize (uintx).
- Add casts to fix build on S390

OpenJDK 7u40_b60 for Slackware:

java_is_working_7u40_b60

My packages for OpenJDK have been compiled on Slackware 13.37 and are useable on 13.37 as well as 14.0 and -current! (as the screenshot shows). Get them preferably from a mirror site (faster downloads):

http://slackware.com/~alien/slackbuilds/openjdk/ , the primary location
http://alien.slackbook.org/slackbuilds/openjdk/ , the community mirror (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web which I also updated a couple of days ago (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

OpenJDK security update: 7u40_b31was built with IcedTea 2.4.1

July 8, 2013 / alienbob / 0 Comments

It’s Java security update time again, folks. The IcedTea team just released version 2.4.1 of their “build harness” (which builds the OpenJDK source code using Free Software tools and allows for other features such as support for alternative virtual machines and ARM support).

The new IcedTea will build OpenJDK 7 Update 40 Build 31 – or 7u40_b31 in short.

This includes the latest security updates. IcedTea 2.4.x continues to track the upcoming Java 7u40 release “upstream”. For the official announcement check out GNU/Andrew’s blog post.

The security fixes are all listed on that blog page but I will repeat them here verbatim.

S6741606, CVE-2013-2407: Integrate Apache Santuario
S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls
S7170730, CVE-2013-2451: Improve Windows network stack support.
S8000638, CVE-2013-2450: Improve deserialization
S8000642, CVE-2013-2446: Better handling of objects for transportation
S8001032: Restrict object access
S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers
S8001034, CVE-2013-1500: Memory management improvements
S8001038, CVE-2013-2444: Resourcefully handle resources
S8001043: Clarify definition restrictions
S8001308: Update display of applet windows
S8001309: Better handling of annotation interfaces
S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only)
S8003703, CVE-2013-2412: Update RMI connection dialog box
S8004288, CVE-2013-2449: (fs) Files.probeContentType problems
S8004584: Augment applet contextualization
S8005007: Better glyph processing
S8006328, CVE-2013-2448: Improve robustness of sound classes
S8006611: Improve scripting
S8007467: Improve robustness of JMX internal APIs
S8007471: Improve MBean notifications
S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes
S8007925: Improve cmsStageAllocLabV2ToV4curves
S8007926: Improve cmsPipelineDup
S8007927: Improve cmsAllocProfileSequenceDescription
S8007929: Improve CurvesAlloc
S8008120, CVE-2013-2457: Improve JMX class checking
S8008124, CVE-2013-2453: Better compliance testing
S8008128: Better API coherence for JMX
S8008132, CVE-2013-2456: Better serialization support
S8008585: Better JMX data handling
S8008593: Better URLClassLoader resource management
S8008603: Improve provision of JMX providers
S8008607: Better input checking in JMX
S8008611: Better handling of annotations in JMX
S8008615: Improve robustness of JMX internal APIs
S8008623: Better handling of MBeanServers
S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606
S8008982: Adjust JMX for underlying interface changes
S8009004: Better implementation of RMI connections
S8009008: Better manage management-api
S8009013: Better handling of T2K glyphs
S8009034: Improve resulting notifications in JMX
S8009038: Improve JMX notification support
S8009057, CVE-2013-2448: Improve MIDI event handling
S8009067: Improve storing keys in KeyStore
S8009071, CVE-2013-2459: Improve shape handling
S8009235: Improve handling of TSA data
S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change
S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields
S8009654: Improve stability of cmsnamed
S8010209, CVE-2013-2460: Better provision of factories
S8011243, CVE-2013-2470: Improve ImagingLib
S8011248, CVE-2013-2471: Better Component Rasters
S8011253, CVE-2013-2472: Better Short Component Rasters
S8011257, CVE-2013-2473: Better Byte Component Rasters
S8012375, CVE-2013-1571: Improve Javadoc framing
S8012421: Better positioning of PairPositioning
S8012438, CVE-2013-2463: Better image validation
S8012597, CVE-2013-2465: Better image channel verification
S8012601, CVE-2013-2469: Better validation of image layouts
S8014281, CVE-2013-2461: Better checking of XML signature
S8015997: Additional improvement in Javadoc framing

The list with OpenJDK enhancements and fixes on the other hand, is so long that I will not even attempt to duplicate it. 😉

OpenJDK 7u40_b31 for Slackware:

java_is_working

My packages for OpenJDK have been compiled on Slackware 13.37 (and are useable on 13.37 as well as 14.0 and -current!). Get them preferably from a mirror site (faster downloads):

http://alien.slackbook.org/slackbuilds/openjdk/ , the primary location (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

OpenJDK 7 Update 40 (yes, 40) courtesy of IcedTea 2.4.0

June 10, 2013 / alienbob / 6 Comments

After so many “critical bugfix releases” that have plagued Java during the past year, it is nice to see some real hard work being made available to the public. The IcedTea developers have been preparing their first major release since 2.3.0 of August last year. Today, icedtea-2.4.0 was announced on the mailing list and on the blog of release manager Andrew John Hughes . The list of enhancements and new features is way too long to copy here, it’s best to go check out that blog post. There are a lot of bug fixes as expected, but there were no vulnerabilities that needed patching this time. A lot of effort has gone into the CACAO and JamVM alternative virtual machines for Java.

You will probably be surprised to see the jump in the update number for the OpenJDK package which is built using the new IcedTea. A finalized Update 40 of OpenJDK7 is scheduled for Augist this year, and some of the new features still have to be added to the source tree. But the IcedTea developers decided that making a new major release of their software available a few months earlier was for the better, considering the huge number of improvements and fixes that will result in a solid Java 7u40 release already.

On to the packages (and thanks Andrew for showing your appreciation for Slackware)!

My packages for OpenJDK have been compiled on Slackware 13.37 (and are useable on 13.37 as well as 14.0 and -current!). Get them preferably from a mirror site (faster downloads):

http://alien.slackbook.org/slackbuilds/openjdk/ , the primary location (bandwidth-capped)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast US mirror
http://slackware.org.uk/people/alien/slackbuilds/openjdk/ , fast UK mirror, needs a day to get in sync

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

A look on the sunny side

May 9, 2013 / alienbob / 23 Comments

It will be obvious by now, that I work somewhat like a manic-depressive person. Bursts of frenzied activity are followed by periods of silence and withdrawal.

After I had worked like a maniac to release a usable version of my Slackware ARMv7 port (creating a git repository, cleaning up build scripts, uploading packages and setting up a local infrastructure to keep all of those easily updated) I was exhausted and my work output went down a lot. I have a day-time job and I do take that seriously… there was no energy left in the evenings to work as much on Slackware as I wanted.

Luckily, I had a short holiday scheduled and during the previous week, I have enjoyed life from the sunny side again. Spending a week in a holiday home with my family, sleeping long hours and walking through the hilly landscape of South-Limburg was something I needed to re-gain fresh energy.

And this week too has its pleasantries. Today is Ascension Day, which is a national holiday here in NL, and my employer gives us another day off tomorrow. Long weekend ahead! Time enough to enjoy my birthday (today), eating cake and warming up under the sun in my garden.

But last week I still managed to release some packages even though I did not write blog entries about it (you can always follow the RSS feed of my repository ChangeLog). New calibre, owncloud client and steamclient packages, and virtualenv which I needed in order to play a little with the Django web framework.

And I added a new version of the icedtea-web program, the webbrowser plugin for Java (works with my OpenJDK packages, either jdk or jre). This is a security update, here are the CVE entries it fixes and it is recommended that you upgrade:

CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
CVE-2013-1927, RH884705: fixed gifar vulnerability
CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings

Furthermore I am using my day off to build the recently released KDE 4.10.3 for Slackware 14.0. This version of KDE landed in slackware-current a few days ago but as a result of my holiday, I was not able to build packages for Slackware 14.0 sooner. Tonight I will write a separate blog post about this when the packages are ready and the repository updated.

Cheers, Eric

May 2024
M	T	W	T	F	S	S
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

SlackBuilds.org changes for Sat, 27 Apr 2024 02:29:53 GMT
academic/cadabra2: Updated for version 2.4.5.7. academic/nco: Updated for version 5.2.4. audio/lxmusic: Switch to gtk+3 by default. desktop/adapta-gtk-theme: Removed (project ended development). desktop/dunst: Updated for version 1.11.0 desktop/durden: Fix MD5SUM. desktop/dwmblocks: Update for 20240420 desktop/e16.theme.pack: Fix MD5SUM. desktop/gtklock-playerctl-module: Updated for version 3.0.0. desktop/gtklock-powerbar-module: Updated for version 3.0.0. desktop/gtklock-userinfo-module: Updated for version 3.0.0. desktop/gtklock: Updated for version […]

Tag: icedtea (Page 4 of 5)

Security release: OpenJDK 7u45

OpenJDK 7u40_b60 built with IcedTea 2.4.2

OpenJDK 7u40_b60 for Slackware:

OpenJDK security update: 7u40_b31was built with IcedTea 2.4.1

OpenJDK 7u40_b31 for Slackware:

OpenJDK 7 Update 40 (yes, 40) courtesy of IcedTea 2.4.0

A look on the sunny side

About this blog

Sponsoring

Categories

Subscribe to Blog via Email

My Favourites

Online me

Slackware

Calendar

slackbuilds

multilib

Slackware64-current

SBo

Meta

Top Posts & Pages

Recent posts

Recent comments