My thoughts on Slackware, life and everything

Tag: openjdk (Page 5 of 9)

April 15 Java security update: OpenJDK 7u79

icedtea A new release of IcedTea  is available. Version 2.5.5 of the “Java build framework” will create OpenJDK 7 “Update 79 Build 14” (resulting in a Slackware package openjdk-7u79_b14).

The release announcement can be found on the blog of release maintainer Andrew Hughes. The update synchronizes OpenJDK with Oracle’s April ’15 security updates. This will be Oracle’s final update to the Java 7 codebase. I expect that the next release of Icedtea will give us OpenJDK 8.

A list of  CVE’s is associated with the new release. Here are all security fixes mentioned in the post:

The new Java is properly detected by the java tester page at http://javatester.org/version.html but Oracle’s Java version tester at http://java.com/en/download/testjava.jsp only mentions that this version of Java is no longer supported (it wants us all to move to Java 8 on Windows I guess):

openjdk_7u79

Note about usage:

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package. Get them here.

The Java package (openjre as well as openjdk) has one dependency: rhino provides JavaScript support for OpenJDK.

Optionally: If you want to use Java in a web browser (which supports NPAPI plugins – this excludes Chrome & Chromium but you’ll be OK with all Mozilla [-compatible] browsers) then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job.

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric

Java update: openjdk 7u75 available

icedtea A new release of IcedTea  is available. Version 2.5.4 of the “Java build framework” will create OpenJDK 7 “Update 75 Build 13” (resulting in a Slackware package openjdk-7u75_b13).

The release announcement can be found on the distro-pkg-dev mailing list. It has a long long list of improvements and bugfixes – probably caused by the large hiatus between this and the previous release.

A list of  CVE’s is associated with the new release. Here is the skinny – all security fixes mentioned in the post:

  - S8046656: Update protocol support
  - S8047125, CVE-2015-0395: (ref) More phantom object references
  - S8047130: Fewer escapes from escape analysis
  - S8048035, CVE-2015-0400: Ensure proper proxy protocols
  - S8049253: Better GC validation
  - S8050807, CVE-2015-0383: Better performing performance data handling
  - S8054367, CVE-2015-0412: More references for endpoints
  - S8055304, CVE-2015-0407: More boxing for DirectoryComboBoxModel
  - S8055309, CVE-2015-0408: RMI needs better transportation considerations
  - S8055479: TLAB stability
  - S8055489, CVE-2014-6585: Better substitution formats
  - S8056264, CVE-2014-6587: Multicast support improvements
  - S8056276, CVE-2014-6591: Fontmanager feature improvements
  - S8057555, CVE-2014-6593: Less cryptic cipher suite management
  - S8058982, CVE-2014-6601: Better verification of an exceptional invokespecial
  - S8059485, CVE-2015-0410: Resolve parsing ambiguity
  - S8061210, CVE-2014-3566: Issues in TLS

 

The new Java is properly detected by Oracle’s Java version tester at http://java.com/en/download/testjava.jsp :

slackware_java_7u75

Note about usage:

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package. Get them here.

The Java package (openjre as well as openjdk) has one dependency: rhino provides JavaScript support for OpenJDK.

Optionally: If you want to use Java in a web browser (which supports NPAPI plugins – this excludes Chrome & Chromium but you’ll be OK with all Mozilla [-compatible] browsers) then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job.

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric

Last week: new Chromium, Flash, OpenJDK

Real life is taking precedence these days, and I have not been able to work on Slackware so much lately. I did release some updated packages last week.

Chromium:

chromium_icon The update to my Chromium package came pretty shortly after the previous one. Major driver was the update (in Chrome) of the Pepper Flash plugin. Chromium 35.0.1916.153 comes with this list of critical bug fixes:

  • [$1000][369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
  • [$1000][369539] High CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook.
  • [$500][369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen of OUSPG.

 

Flash:

adobe_flash_8s600x600_2 The Flash update which triggered the new Chrome/Chromium release was announced along with a security bulletin by Adobe. My pepperflash-plugin package which I extracted from the official Chrome binaries (for use with Chromium) is now at version 14.0.0.125 while the accompanying Linux flashplayer-plugin (for Mozilla-compatible browsers) went up to 11.2.202.378.

 

 

OpenJDK:

icedtea Oracle released their Update 60 to Java7 a week or so ago, and it took a while to get the icedtea framework synced up to Oracle’s new OpenJDK drop. The icedtea bug tracker saw many bugfixes being applied in recent days. The icedtea version went up in minor release number: from 2.4 to 2.5.
The icedtea-2.5.0 release will compile OpenJDK 7 “Update 60 Build 30” (resulting in a package openjdk-7u60_b30).

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to nstall one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

The package has one dependency: rhino provides JavaScript support for OpenJDK.

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric

Security update: OpenJDK 7u55 (created with icedtea 2.4.7)

On “patch tuesday”, two days ago, Oracle released their April update of the Java SE platform.

The new version of Java is “7 update 55” and addresses several vulnerabilities. The IcedTea team have now prepared version 2.4.7 of their OpenJDK build framework which will compile an OpenJDK version in sync with Oracle’s release. Please read the announcement on Andrew’s blog for all the release details.

Update 55 Build 14 of OpenJDK 7  addresses these critical issues:

* Security fixes:

Please update your installed openjdk or openjre packages with this new version! You’ll notice that browsers like Firefox and Chrome/Chromium no longer load Java applets by default and ask you for explicit approval to load and run them.

You can visit the following URL after you upgraded your OpenJDK package (assuming you also upgraded to my latest icedtea-web package): http://java.com/en/download/testjava.jsp to verify that your Java plus the web plugin are working properly.

java_tested_7u55

Get my packages – they have been compiled on Slackware 13.37 and are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

OpenJDK 7u51 (created with IcedTea 2.4.4).

Released today: new versions of IcedTea. It usually takes a while for an announcement to appear on Andrew’s blog, but the mailing list announcement was enough for me. Not quite unexpected, since Oracle was huffing and puffing yesterday when the company joined other security-challenged companies like Microsoft and Adobe in what’s lovingly called “patch tuesday“, so I was kind of expecting an OpenJDK follow-up. The flurry of patches that I saw today was a sure sign.

So I got to compile OpenJDK 7u51 using the IcedTea 2.4.4 framework. As with every Java release, this one fixes a slew of security holes. Let me say in full, “Update 51 Build 00” of OpenJDK 7  addresses these issues:

* Security fixes
  - S6727821: Enhance JAAS Configuration
  - S7068126, CVE-2014-0373: Enhance SNMP statuses
  - S8010935: Better XML handling
  - S8011786, CVE-2014-0368: Better applet networking
  - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list 
  - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code 
  - S8022904: Enhance JDBC Parsers
  - S8022927: Input validation for byte/endian conversions
  - S8022935: Enhance Apache resolver classes
  - S8022945: Enhance JNDI implementation classes
  - S8023057: Enhance start up image display
  - S8023069, CVE-2014-0411: Enhance TLS connections
  - S8023245, CVE-2014-0423: Enhance Beans decoding
  - S8023301: Enhance generic classes
  - S8023338: Update jarsigner to encourage timestamping
  - S8023672: Enhance jar file validation
  - S8024302: Clarify jar verifications
  - S8024306, CVE-2014-0416: Enhance Subject consistency
  - S8024530: Enhance font process resilience
  - S8024867: Enhance logging start up
  - S8025014: Enhance Security Policy
  - S8025018, CVE-2014-0376: Enhance JAX-P set up
  - S8025026, CVE-2013-5878: Enhance canonicalization
  - S8025034, CVE-2013-5907: Improve layout lookups
  - S8025448: Enhance listening events
  - S8025758, CVE-2014-0422: Enhance Naming management
  - S8025767, CVE-2014-0428: Enhance IIOP Streams
  - S8026172: Enhance UI Management
  - S8026176: Enhance document printing
  - S8026193, CVE-2013-5884: Enhance CORBA stub factories
  - S8026204: Enhance auth login contexts
  - S8026417, CVE-2013-5910: Enhance XML canonicalization
  - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms
  - S8027201, CVE-2014-0376: Enhance JAX-P set up
  - S8029507, CVE-2013-5893: Enhance JVM method processing
  - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains

* Bug fixes
  - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds
  - D729448: 32-bit alignment on mips and mipsel
  - PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6

Please update your installed openjdk or openjre packages with this new version! You’ll notice that browsers like Firefox and Chrome/Chromium no longer load Java applets by default and ask you for explicit approval to load and run them.

I tested as usual whether jMol and Minecraft (both standalone Java applications) were still working – they do! And again testing the browser plugin was a challenge. Orcacle’s java checker did not work… after the icedtea-web plugin itself loaded properly:

javacheck

This time the plugin triggered an error “net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Unknown Main-Class. Could not determine the main class for this application.” The test at javatester.org was fine though.

Get my packages – they have been compiled on Slackware 13.37 and are usable on 13.37 as well as 14.0, 14.1 and -current! Get them preferably from a mirror site (faster downloads):

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

Note that you should only install one of the two packages, either openjdk or openjre, do not install both at the same time or things will break! The openjdk package contains the jre (java runtime) as well as the java development kit.

Eric

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑