My thoughts on Slackware, life and everything

Tag: icedtea (Page 5 of 5)

A look on the sunny side

2013-05-04 15.26.25

It will be obvious by now, that I work somewhat like a manic-depressive person. Bursts of frenzied activity are followed by periods of silence and withdrawal.

After I had worked like a maniac to release a usable version of my Slackware ARMv7 port (creating a git repository, cleaning up build scripts, uploading packages and setting up a local infrastructure to keep all of those easily updated) I was exhausted and my work output went down a lot. I have a day-time job and I do take that seriously… there was no energy left in the evenings to work as much on Slackware as I wanted.

Luckily, I had a short holiday scheduled and during the previous week, I have enjoyed life from the sunny side again. Spending a week in a holiday home with my family, sleeping long hours and walking through the hilly landscape of South-Limburg was something I needed to re-gain fresh energy.

And this week too has its pleasantries. Today is Ascension Day, which is a national holiday here in NL, and my employer gives us another day off tomorrow. Long weekend ahead! Time enough to enjoy my birthday (today), eating cake and warming up under the sun in my garden.

But last week I still managed to release some packages even though I did not write blog entries about it (you can always follow the RSS feed of my repository ChangeLog). New calibre, owncloud client and steamclient packages, and virtualenv which I needed in order to play a little with the Django web framework.

And I added a new version of the icedtea-web program, the webbrowser plugin for Java (works with my OpenJDK packages, either jdk or jre). This is a security update, here are the CVE entries it fixes and it is recommended that you upgrade:

  • CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
  • CVE-2013-1927, RH884705: fixed gifar vulnerability
  • CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
  • CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings

Furthermore I am using my day off to build the recently released KDE 4.10.3 for Slackware 14.0. This version of KDE landed in slackware-current a few days ago but as a result of my holiday, I was not able to build packages for Slackware 14.0 sooner. Tonight I will write a separate blog post about this when the packages are ready and the repository updated.

Cheers, Eric

OpenJDK 7 Update 21 released

Hot on the heels of the Oracle release of its Java SE 7 Update 21, there is a new icedtea version which brings the free and open source version of Java – OpenJDK – to version 7 Update 21 as well. The OpenJDK 7u21 release addresses several vulnerabilities.

The announcement was made on the mailing list first, but Andrew John Hughes wrote a more official blurb on his blog.

Here is the list (taken from Andrew’s post) of the vulnerabilities which have been plugged and their CVE numbers:

My packages for OpenJDK have been compiled on Slackware 13.37 (and are useable on 13.37 as well as 14.0 and -current!). Get them preferably from a mirror site:

I am happy to announce that I was able to build an ARM version of the OpenJDK again. The build with the “cacao” VM was failing for several months now, and I switched to the “jamvm” which is a small (but fully compliant), efficient Java virtual Machine with JIT compiler.. Sources and packages to be found at http://taper.alienbase.nl/mirrors/alienarm/

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin). Note that I updated my icedtea-web package less than a week ago, which pugs a few vulnerabilities (CVE-2013-1927 and CVE-2013-1926 to be precise).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

New IcedTea for OpenJDK 7u17

In order to match the recent Oracle security update for its Java platform, Java 7u17, the IcedTea developers have released version 2.3.8 of the IcedTea “build harness”, with which a fresh OpenJDK 7u17 can be built. This 17th update to Java7 addresses several vulnerabilities, the same as Oracle’s update.

It may be worth noting that security experts advise you to disable the Java plugin of your web browser unless you absolutely need it, and in such a case, set the Java Applet security to “high” so that you will be prompted when a Java applet attempts to load in your browser. See for instance the US-CERT statement about these vulnerabilities.

Nevertheless, I think that Java is an important piece of software which a lot of people use and need. After all, the whole world has been complaining for decennia about the vulnerabilities in Sendmail… And that is still widely used, because its vulnerability depends entirely upon the careless administrator (and I still prefer Sendmail over Postfix). Therefore it is only logical that you will get new packages from my repository for the latest OpenJDK.

Anyway.

Here is the list (taken from the mailing list this time because Andrew has not yet updated his blog) of the vulnerabilities which are being addressed by this update, and their CVE numbers:

If you wait a little, you will be able to read all about it on Andrew John Hughes‘s blog. GNU/Andrew is the release manager for IcedTea.

Apart from these critical vulnerabilities (of which one was already actively exploited) there are some other bug fixes which are explicitly mentioned:

  • PR1303: Correct #ifdef to #if
  • PR1340: Simplify the rhino class rewriter to avoid use of concurrency
  • Revert 7017193 and add the missing free call, until a better fix is ready.

Packages for OpenJDK 7u17, compiled on Slackware 13.37 (and useable on 13.37 as well as 14.0 and -current!), can be found at the usual locations. Here are a few:

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Eric

OpenJDK 7u13_b20 available: a security update

The icedtea “build harness” which I use to compile my OpenJDK and icedtea-web packages had a series of updates past week. Icedtea is available in several flavours, and it is able to build OpenJDK versions of Java 6 and 7 (and pre-release versions of Java 8 even, but that is beside the point here).

Several updates for icedtea 1.x (the version which creates OpenJDK 6 binaries) were released last week, mainly because it had been a year since the last release and updates were long overdue.

Andrew John Hughes, the release manager for Icedtea, had originally planned for icedtea 2.x releases as well, last week, but apparently the patches submitted by Oracle caused regressions which took their time to be fixed. Eventually, there is a new release: icedtea-2.3.6 builds an OpenJDK 7u13_b20. That version number (Java 7 Update 13) brings OpenJDK back in line with the versioning of Oracle’s binary-only Java. Note that this “update 13” does not really mean OpenJDK is equal to the Oracle release. Icedtea adds a lot of patches and additional functionality to the OpenJDK. Icedtea also allows for the compilation of an open-source equivalent of Oracle’s closed-source Java Browser Applet: icedtea-web.

An impressive lists of vulnerabilities which have been plugged by the OpenJDK 7u13 release:

 * S6563318, CVE-2013-0424: RMI data sanitization
* S6664509, CVE-2013-0425: Add logging context
* S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
* S6776941: CVE-2013-0427: Improve thread pool shutdown
* S7141694, CVE-2013-0429: Improving CORBA internals
* S7173145: Improve in-memory representation of splashscreens
* S7186945: Unpack200 improvement
* S7186946: Refine unpacker resource usage
* S7186948: Improve Swing data validation
* S7186952, CVE-2013-0432: Improve clipboard access
* S7186954: Improve connection performance
* S7186957: Improve Pack200 data validation
* S7192392, CVE-2013-0443: Better validation of client keys
* S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
* S7192977, CVE-2013-0442: Issue in toolkit thread
* S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
* S7200491: Tighten up JTable layout code
* S7200493, CVE-2013-0444: Improve cache handling
* S7200499: Better data validation for options
* S7200500: Launcher better input validation
* S7201064: Better dialogue checking
* S7201066, CVE-2013-0441: Change modifiers on unused fields
* S7201068, CVE-2013-0435: Better handling of UI elements
* S7201070: Serialization to conform to protocol
* S7201071, CVE-2013-0433: InetSocketAddress serialization issue
* S8000210: Improve JarFile code quality
* S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
* S8000539, CVE-2013-0431: Introspect JMX data handling
* S8000540, CVE-2013-1475: Improve IIOP type reuse management
* S8000631, CVE-2013-1476: Restrict access to class constructor
* S8001235, CVE-2013-0434: Improve JAXP HTTP handling
* S8001242: Improve RMI HTTP conformance
* S8001307: Modify ACC_SUPER behavior
* S8001972, CVE-2013-1478: Improve image processing
* S8002325, CVE-2013-1480: Improve management of images

But this version of IcedTea supposedly also brings a fix for building on ARM architectures using Zero’s HotSpot – all patches apply again. I hope Stuart Winter will be happy.

Packages for OpenJDK, compiled on Slackware 13.37 (and useable on 13.37 as well as 14.0 and -current!), can be found at the usual locations.  Here are a few:

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

I will repeat these notes:

  • You need to install either the JRE or the JDK package. Not both of them! If you are not a Java developer and never compile Java code, then you do not need the openjdk package and it will be sufficient to install the (smaller) openjre package instead.
  • If you are migrating to OpenJDK after having used Oracle’s Java binaries, make sure that you have removed both “jre” and “jdk” packages. Run a command like “removepkg /var/log/packages/jdk-* ; removepkg /var/log/packages/jre-*” to get rid of both. Then install the openjdk or openjre package. Logout and log back in after this package removal/installation, so that you will get the proper Java environment.
  • Test your java browser plugin online: http://javatester.org/version.html or http://www.java.com/en/download/testjava.jsp .

After upgrading you should see this when running java or javac:

$ java -version
java version “1.7.0_13”
OpenJDK Runtime Environment (IcedTea7 2.3.6) (Slackware)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
$ javac -version
javac 1.7.0_13

I tested the new packages with a short game of MineCraft and running JMol… and had no issues.

Eric

 

Update 5 for OpenJDK 7 available

OpenJDK 7u5

Quite by accident I noticed that a newer version of Oracle’s Java 7 SE was available on my son’s Windows computer. I checked my Linux sources and indeed I was running behind.

Soon after icedtea 2.2 there has been a new release: 2.2.1. This version of the “icedtea build framework” creates binaries for update 5 to the Java 7 platform. The resulting OpenJDK binaries will have additional patches compared to the original OpenJDK sources. Using icedtea is also the only way to get a Java web browser plugin: icedtea-web (Oracle did not release the source code of their browser Java plugin under an open license). Icedtea-web requires an “icedtea build” of OpenJDK (or OpenJRE if you only require a Java Runtime).

The new package for OpenJDK identifies itself as “7u5_b21-icedtea” which is at the same level as Oracle’s official binaries..

Note: you will have noticed that Slackware has not seen an update to the Oracle Java packages for a long time. This is the result of a new license policy by Oracle (who currently “owns” Java), whereby it is no longer allowed to re-distribute the official Oracle binaries of the JDK and JRE. These new license terms were added after large parts of Oracle’s Java code had been open-sourced as “OpenJDK”. You can update your Java using my native (i.e. compiled on Slackware) packages, or download Oracle’s official binaries yourself (which is allowed by their license). In that case, you can adapt Slackware’s “jdk.SlackBuild” build script to wrap those binaries into a Slackware package. The choice is yours!

Note: you will see two packages on my download server: a JRE (java runtime engine) and a JDK (java development kit) package. You should only install one of those! The JRE is sufficient if you just want to run Java based applications. You need the JDK if you want to be able to compile Java code. Also, do not use “upgradepkg” when upgrading from Oracle’s binaries to my own OpenJDK package or vice versa. Nor should you use “upgradepkg” when switching from a JRE to a JDK or vice versa. This will mess with the symbolic links used by the packages. Instead, use “removepkg” to get rid of the installed version and “installpkg” to get the new package.

You can test the installed packages here for instance:

Upgrade to my OpenJDK package now! In that case, you’ll need rhino too (the JavaScript engine for OpenJDK). If you want the mozilla compatible browser plugin, get icedtea-web.

Please consider using one of the mirrors. When we got the slackware.com web server up and running again, we applied a download cap to the core team’s pages which will slow down your retrievals. For instance, you could use my mirror taper.alienbase.nl or else one of the other mirrors like slackware.org.uk or alien.slackbook.org.

Have fun! Eric

 

Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑