My thoughts on Slackware, life and everything

Tag: jre (Page 3 of 4)

April security updates for (open) Java 7 and 8

icedteaUpdates are available both for Java 7 and java 8. These updates sync the OpenJDK releases to the April 2016 updates from Oracle’s Java.

Java 8

The recently released icedtea-3.0.1 builds OpenJDK 8u91_b14 aka Java 8 Update 91, with security fixes and CVE‘s related to Oracle’s April 2016 updates:

  • S8129952, CVE-2016-0686: Ensure thread consistency
  • S8132051, CVE-2016-0687: Better byte behavior
  • S8138593, CVE-2016-0695: Make DSA more fair
  • S8139008: Better state table management
  • S8143167, CVE-2016-3425: Better buffering of XML strings
  • S8143945, CVE-2016-3426: Better GCM validation
  • S8144430, CVE-2016-3427: Improve JMX connections
  • S8146494: Better ligature substitution
  • S8146498: Better device table adjustments

Java 8 contains its own JavaScript engine so there is no longer a dependency on a separate “rhino” package.

Download locations:

Java 7

If your applications are not yet ready for Java 8, I still maintain the Java 7 packages under new names:”openjdk7″ and “openjre7”. Note that my Java 7 and Java 8 packages (e.g. openjdk7 and openjdk) can not co-exist on your computer because they use the same installation directory.

The icedtea-2.6.6 release builds OpenJDK 7u101_b00 aka Java 7 Update 101. There’s a list of security fixes attached to this release, almost identical to the Java 8 list:

  • S8129952, CVE-2016-0686: Ensure thread consistency
  • S8132051, CVE-2016-0687: Better byte behavior
  • S8138593, CVE-2016-0695: Make DSA more fair
  • S8139008: Better state table management
  • S8143167, CVE-2016-3425: Better buffering of XML strings
  • S8144430, CVE-2016-3427: Improve JMX connections
  • S8146494: Better ligature substitution
  • S8146498: Better device table adjustments

The Java 7 package (openjre7 as well as openjdk7) has one dependency: rhino provides JavaScript support for OpenJDK.

Download locations:

Note about usage:

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.

Have fun! Eric

Icedtea 3.0.0 brings Java 8 to Slackware

icedteaFinally! IcedTea 3.0.0 has been released and it compiles OpenJDK 8u77.

Java 8 has been available for considerable time, but I have been waiting for icedtea to support it before creating packages. According to release maintainer Andrew Hughes the main cause for this delay was having to start from scratch due to the new build system and basically lack of time.

I want to use IcedTea as a “build harness” for OpenJDK because it makes openjdk interoperate with the free icedtea-web browser plugin and adds support for Java Virtual Machines for other architectures than just x86 and x86_64 (CACAO and JamVM in addition to Hotspot). Note that in this initial release of the icedtea-built OpenJDK, the alternative Java VMs are crash-prone – only Hotspot works properly. This means that currently OpenJDK for the ARM platform will be pretty slow because Hotspot is a zero-assembler VM.

So, Slackers can now upgrade their machines to OpenJDK 8 “Update 77 Build 03“. The Slackware packages are openjdk-8u77_b03 and openjre-8u77_b03. Get them from a mirror location below.

No security fixes and CVE‘s to report this time, since this is a first release. An icedtea-3.0.1 release with security fixes is expected in two weeks.

Java 7

For those of you who are not ready to migrate to Java 8, I have renamed the previous openjdk/openjre 7 packages to “openjdk7” and “openjre7”. Please use openjdk7 instead of openjdk (likewise, use openjre7 instead of openjre) and be aware that the Java 7 and Java 8 packages (e.g. openjdk7 and openjdk) can not co-exist on your computer because they use the same installation directory. If you think that is an issue and you want – or need – to have both installed simultaneously, let me know in a comment to this article.

Note about usage:

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

The Java package (openjre as well as openjdk) has one dependency: rhino provides JavaScript support for OpenJDK. Rhino used to be an external dependency but since OpenJDK 8 it is internalized through the “nashorn” library.

Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.

Download locations:

Have fun! Eric

July ’15 OpenJDK security update: 7u85_b01

icedtea A new release of IcedTea  is available. Version 2.6.1 came right after last week’s 2.6.0 which paved the way for OpenJDK 7 “Update 85 Build 01” (resulting in a Slackware package openjdk-7u85_b01). This latest version of icedtea encompasses the July 2015 security updates for Java7. The release announcement can be found on the blog of release maintainer Andrew Hughes.

The upcoming release of icedtea 3.0.0 will move us to OpenJDK 8, but for now it is Java 7 you’ll still be using if you install my packages. A bit of patience is required.

A list of  CVE’s is associated with the new release. Here are all security fixes mentioned in the post:

 

Note about usage:

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package. Get them here.

The Java package (openjre as well as openjdk) has one dependency: rhino provides JavaScript support for OpenJDK.

Optionally: If you want to use Java in a web browser (which supports NPAPI plugins – this excludes Chrome & Chromium but you’ll be OK with all Mozilla [-compatible] browsers) then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job.

If you want to test your browser plugin, check out the Java Tester page, or Oracle’s own verification page which of course urges you to upgrade to its own Java 8 instead:

OpenJDK-7u85_b01

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric

Security release: OpenJDK 7u45

Somewhat unexpected, since I was toying with other packages (pondering pipelight, updating kdelibs) and started to read a new book after finishing one that I have mixed feelings about… there was an announcement of OpenJDK 7u45, which is a security release.

Using the IcedTea 2.4.3 build harness, this release synchronizes the OpenJDK code with the upstream “Update 45 Build 31” tag. Please update your installed openjdk or openjre packages with this new version, since it fixes a lot of security issues (again):

  - S8006900, CVE-2013-3829: Add new date/time capability
  - S8008589: Better MBean permission validation
  - S8011071, CVE-2013-5780: Better crypto provider handling
  - S8011081, CVE-2013-5772: Improve jhat
  - S8011157, CVE-2013-5814: Improve CORBA portablility
  - S8012071, CVE-2013-5790: Better Building of Beans
  - S8012147: Improve tool support
  - S8012277: CVE-2013-5849: Improve AWT DataFlavor
  - S8012425, CVE-2013-5802: Transform TransformerFactory
  - S8013503, CVE-2013-5851: Improve stream factories
  - S8013506: Better Pack200 data handling
  - S8013510, CVE-2013-5809: Augment image writing code
  - S8013514: Improve stability of cmap class
  - S8013739, CVE-2013-5817: Better LDAP resource management
  - S8013744, CVE-2013-5783: Better tabling for AWT
  - S8014085: Better serialization support in JMX classes
  - S8014093, CVE-2013-5782: Improve parsing of images
  - S8014098: Better profile validation
  - S8014102, CVE-2013-5778: Improve image conversion
  - S8014341, CVE-2013-5803: Better service from Kerberos servers
  - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations
  - S8014530, CVE-2013-5825: Better digital signature processing
  - S8014534: Better profiling support
  - S8014987, CVE-2013-5842: Augment serialization handling
  - S8015614: Update build settings
  - S8015731: Subject java.security.auth.subject to improvements
  - S8015743, CVE-2013-5774: Address internet addresses
  - S8016256: Make finalization final
  - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names
  - S8016675, CVE-2013-5797: Make Javadoc pages more robust
  - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
  - S8017287, CVE-2013-5829: Better resource disposal
  - S8017291, CVE-2013-5830: Cast Proxies Aside
  - S8017298, CVE-2013-4002: Better XML support
  - S8017300, CVE-2013-5784: Improve Interface Implementation
  - S8017505, CVE-2013-5820: Better Client Service
  - S8019292: Better Attribute Value Exceptions
  - S8019617: Better view of objects
  - S8020293: JVM crash
  - S8021275, CVE-2013-5805: Better screening for ScreenMenu
  - S8021282, CVE-2013-5806: Better recycling of object instances
  - S8021286: Improve MacOS resourcing
  - S8021290, CVE-2013-5823: Better signature validation
  - S8022931, CVE-2013-5800: Enhance Kerberos exceptions
  - S8022940: Enhance CORBA translations
  - S8023683: Enhance class file parsing

I tested as usual whether jMol and Minecraft were still working (they do) and became quite annoyed about Orcacle’s java checker refusing to recognize the new OpenJDK. At least, all other test URLs work fine, like this one at javatester.org. Stupid Oracle.

I told you to get the packages! So, get them already. They have been compiled on Slackware 13.37 and are useable on 13.37 as well as 14.0 and -current! Get them preferably from a mirror site (faster downloads):

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

OpenJDK 7 update 3 available for Slackware 13.37

 The JDK and JRE packages in Slackware are severely outdated. In case you are not familiar with them, “JDK” is the Java Development Kit and “JRE” is the Java Runtime Engine. As stated in a previous post on this blog, Slackware (and with it all the other distros) is no longer allowed to distribute Java packages based on the official binaries released by Oracle. You as an end-user are still allowed to download and use those binaries; you are just not allowed to re-distribute them.

You can do two things: grab Oracle’s binary tarballs, and use the jdk.SlackBuild and jre.SlackBuild scripts of Slackware to create updated packages with which you can upgrade an existing Java on your computers. Or you grab the source code of OpenJDK and build your own re-distributable packages. This second option is hopefully what Slackware will pick for its future releases.

In the meantime, I produced packages for slackware-current back in January 2012, compiled from these OpenJDK sources with the use of the icedtea build harness. That was a first, and successful, attempt at creating new JDK and JRE that could be used in Slackware. I was targeting slackware-current in the hope that Pat Volkerding would use the SlackBuild scripts as-is. Unfortunately, Slackware’s development has stalled a bit, and the ChangeLog.txt has not seen Java updates yet.

So, when I noticed that there was a new release of IcedTea which would produce very up-to-date OpenJDK binaries, I decided to build this on Slackware 13.37 instead of slackware-current and add the resulting packages to my regular repository. This allows everyone who is running Slackware version 13.37 or -current to enjoy the new JDK and web plugin.

Pre-built packages:

Packages and sources can be found in the usual locations. There are more mirrors than I mention here of course. Note that you need a JDK or JRE package (based on your needs), the rhino package (which is the JavaScript engine) and optionally icedtea-web (the Java browser plugin):

Compiling:

I built these packages twice: the first time I “bootstrapped” using the gcc-java compiler. The second time, I had installed my fresh openjdk package and built a new copy against itself. The value of the “BOOTSTRAP” variable in the script determines the type of build. You can not build OpenJDK with the Oracle JDK.

If you want to do this compilation yourself, then follow the README.txt carefully! You will additionally need to install apache-ant, xalan and xerces packages, all of which you will find in my package repository. If you are not on slackware-current then you will have to make some small modifications to the installed gcc and seamonkey packages. When following directions in the README.txt this is a trivial task.

Web plugin:

You can check if your web plugin has been installed and is working correctly, by visiting this URL: http://java.com/en/download/installed.jsp?detect=jre&try=1 .

After I finished building my packages I visited the above URL and it looked OK. Then I loaded a java applet on another page (http://chemagic.com/web_molecules/) and it crashed so hard that it took the browser down along with it. Wtf???

I had originally used version 1.1.4 of the icedtea-web sources (since that used to work before) but it turns out that there was a change in Mozilla Firefox since version 10.0. The change uncovers a bug which makes the plugin crash with the error message “Assertion failure: rt->onOwnerThread(), at /tmp/mozilla-release/js/src/jsapi.cpp“. I tracked down the bug reports, https://bugzilla.mozilla.org/show_bug.cgi?id=704249 and http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=820, and eventually found a working patch on the mailing list. This patch could only be applied against the latest source code for icedtea-web, which is why you will find an icedtea-web package with version “20120225” in my repository.

Good luck! Eric

 

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑