My thoughts on Slackware, life and everything

Tag: openjdk (Page 8 of 9)

OpenJDK 7 Update 9 with IcedTea 2.3.3 fixes security flaws

Shortly after Oracle released its own Update 9 for Java7, there was a similar update from the IcedTea team. New releases of IcedTea for OpenJDK6 and OpenJDK7 fix several critical security bugs. The version of IcedTea which I use (2.3.3) builds a OpenJDK 7 Update 9 package.

I also wanted to inform you about the relevant blog post from one of the main developers: GNU.Andrew (Andrew John Hughes from Redhat). His blog site was down – and it had been down for weeks – but it is available again. Unfortunately there is no news to be found there yet.

The list with security fixes in the IcedTea 2.3.3 build of OpenJDK is impressive:

  - S6631398, CVE-2012-3216: FilePermission improved path checking
  - S7093490: adjust package access in rmiregistry
  - S7143535, CVE-2012-5068: ScriptEngine corrected permissions
  - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp
  - S7158807: Revise stack management with volatile call sites
  - S7163198, CVE-2012-5076: Tightened package accessibility
  - S7167656, CVE-2012-5077: Multiple Seeders are being created
  - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
  - S7169887, CVE-2012-5074: Tightened package accessibility
  - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
  - S7172522, CVE-2012-5072: Improve DomainCombiner checking
  - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
  - S7189103, CVE-2012-5069: Executors needs to maintain state
  - S7189490: More improvements to DomainCombiner checking
  - S7189567, CVE-2012-5085: java net obselete protocol
  - S7192975, CVE-2012-5071: Issue with JMX reflection
  - S7195194, CVE-2012-5084: Better data validation for Swing
  - S7195549, CVE-2012-5087: Better bean object persistence
  - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
  - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance
  - S7196190, CVE-2012-5088: Improve method of handling MethodHandles
  - S7198296, CVE-2012-5089: Refactor classloader usage
  - S7158800: Improve storage of symbol tables
  - S7158801: Improve VM CompileOnly option
  - S7158804: Improve config file parsing
  - S7198606, CVE-2012-4416: Improve VM optimization

 

So I guess it is good to upgrade fast! Get my packages (Slackware 13,37 and newer) for OpenJDK 7u9_b30 here:

Further packages that are recommended/required:

  • Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
  • Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

I will repeat these notes:

  • You need to install either the JRE or the JDK package. Not both of them! If you are not a Java developer and never compile Java code, then you do not need the openjdk package and it will be sufficient to install the (smaller) openjre package instead.
  • If you are migrating to OpenJDK after having used Oracle’s Java binaries, make sure that you have removed both “jre” and “jdk” packages. Run a command like “removepkg /var/log/packages/jdk-* ; removepkg /var/log/packages/jre-*” to get rid of both. Then install the openjdk or openjre package. Logout and log back in after this package removal/installation, so that you will get the proper Java environment.
  • Test your java browser plugin online: http://javatester.org/version.html or http://www.java.com/en/download/testjava.jsp .

Good luck! Eric

OpenJDK7 update 7 with IcedTea 2.3.2 fixes more flaws

It took a day for the developers to release a new version of IcedTea, fixing another three CVE’s (critical security bugs) in OpenJDK 7. New on the fix list are these security fixes:

Get my packages (Slackware 13,37 and newer) for OpenJDK 7u7_b30 here:

If you want a Java browset-plugin you should install icedtea-web (OpenJDK itself does not contain such a plugin). You will also need the rhino package which contains the JavaScript engine for OpenJDK.

I will repeat these notes:

  • You need to install either the JRE or the JDK package. Not both of them! If you are not a Java developer and never compile Java code, then you do not need the openjdk package and it will be sufficient to install the (much smaller) openjre package instead.
  • If you are migrating to OpenJDK after having used Oracle’s Java binaries, make sure that you have removed both “jre” and “jdk” packages. Run a command like “removepkg /var/log/packages/jdk-* ; removepkg /var/log/packages/jre-*” to get rid of both. Then install the openjdk or openjre package. Logout and log back in after this package removal/installation so that you will get the proper Java environment.
  • Test your java browser plugin online: http://javatester.org/version.html or http://www.java.com/en/download/testjava.jsp .

Good luck! Eric

Updated glibc multilib packages for Slackware 14-rc4

Hi folks

Another Release Candidate for Slackware 14… and that again brings a patched glibc package. I have updated my multilib version of glibc in my own repositoy (http://slackware.com/~alien/multilib/current/) or any of the usual mirrors.

Also note that IcedTea 2.3.2 was released in quick succession to the version 2.3.1 which fixed a critical flaw in OpenJDK7. I am sure that there are more fixes for more flaws in this new update, but I will have to investigate and then build you some new goodies.

Just now that I wanted to start compiling KDE 4.9.1. For that, at least I have time until wednesday when the new KDE will be officially announced.

Eric

Update 5 for OpenJDK 7 available

OpenJDK 7u5

Quite by accident I noticed that a newer version of Oracle’s Java 7 SE was available on my son’s Windows computer. I checked my Linux sources and indeed I was running behind.

Soon after icedtea 2.2 there has been a new release: 2.2.1. This version of the “icedtea build framework” creates binaries for update 5 to the Java 7 platform. The resulting OpenJDK binaries will have additional patches compared to the original OpenJDK sources. Using icedtea is also the only way to get a Java web browser plugin: icedtea-web (Oracle did not release the source code of their browser Java plugin under an open license). Icedtea-web requires an “icedtea build” of OpenJDK (or OpenJRE if you only require a Java Runtime).

The new package for OpenJDK identifies itself as “7u5_b21-icedtea” which is at the same level as Oracle’s official binaries..

Note: you will have noticed that Slackware has not seen an update to the Oracle Java packages for a long time. This is the result of a new license policy by Oracle (who currently “owns” Java), whereby it is no longer allowed to re-distribute the official Oracle binaries of the JDK and JRE. These new license terms were added after large parts of Oracle’s Java code had been open-sourced as “OpenJDK”. You can update your Java using my native (i.e. compiled on Slackware) packages, or download Oracle’s official binaries yourself (which is allowed by their license). In that case, you can adapt Slackware’s “jdk.SlackBuild” build script to wrap those binaries into a Slackware package. The choice is yours!

Note: you will see two packages on my download server: a JRE (java runtime engine) and a JDK (java development kit) package. You should only install one of those! The JRE is sufficient if you just want to run Java based applications. You need the JDK if you want to be able to compile Java code. Also, do not use “upgradepkg” when upgrading from Oracle’s binaries to my own OpenJDK package or vice versa. Nor should you use “upgradepkg” when switching from a JRE to a JDK or vice versa. This will mess with the symbolic links used by the packages. Instead, use “removepkg” to get rid of the installed version and “installpkg” to get the new package.

You can test the installed packages here for instance:

Upgrade to my OpenJDK package now! In that case, you’ll need rhino too (the JavaScript engine for OpenJDK). If you want the mozilla compatible browser plugin, get icedtea-web.

Please consider using one of the mirrors. When we got the slackware.com web server up and running again, we applied a download cap to the core team’s pages which will slow down your retrievals. For instance, you could use my mirror taper.alienbase.nl or else one of the other mirrors like slackware.org.uk or alien.slackbook.org.

Have fun! Eric

 

Results of a few days of packaging software

I hinted at the upcoming packages in an earlier post. KDE release team had asked on the packagers mailing list if it would be possible for distros to make early betas available of KDE 4.9 because it needs a lot of testing. It took me a while to find out how to build everything and to discover that not all of the split-off packages (the old “kdemultimedia” has been split up) would compile on Slackware. While I was busy with that, I discovered that there was a new IcedTea release too, which meant I could compile a new OpenJDK package.

KDE 4.9-beta1

The KDE team will officially announce the sources for the first beta of KDE Software Compilation 4.9 on monday 4 june, after some delay which was caused by a missing soprano package. However, I do not have time for a blog post on monday, being too busy at work, so I will make my packages and scripts available one day earlier.

Keep in mind that the packages for this beta have been compiled on Slackware-current. The upgrade from Slackware’s KDE 4.8.2 to the 4.9-beta1 release (the version number is 4.8.80) should be trivial. There is only one updated dependency (the aforementioned soprano) and none of the “extragear” was upgraded – I focused on the KDE core. If you are interested, grab them, install them, try out as much of the desktop environment as you can, and report the bugs you find!

Get my packages here:

The accompanying README file contains detailed installation/upgrade instructions.

Note: KDE 4.8.4 packages will be hot on the heels of this package set. I am already compiling it, and will wait until the official announcement on kde.org with making them public.

OpenJDK 7u4

 The newest release 2.2 of IcedTea builds the fourth update to the Java 7 platform. Icedtea is a “build harness” – it provides an enhanced way of compiling OpenJDK sources, adding a lot of patches which are not present in the original OpenJDK sources and offering an additional Java web browser plugin, icedtea-web.

I built the OpenJDK 7u4_b21 packages for you, along with the icedtea-web plugin package. Note that Slackware (as with all other distros) is no longer allowed by the new terms of Oracle’s license to distribute the official Oracle binaries of the JDK and JRE. Therefore you have not seen an update to the Java packages in Slackware for a long time. You can update using my native (i.e. compile on Slackware) packages of OpenJDK (the open sourced version of large parts of Oracle’s Java code), or download Oracle’s official binaries yourself and use the official Slackware build script to wrap those binaries into a Slackware package. The choice is yours!

You can test the installed packages here for instance:

Upgrade to my OpenJDK package now!

Note: you will find a JRE (java runtime engine) and a JDK (java development kit) package. Only install one of those! The JRE is sufficient if you just want to run Java based applications. You need the JDK if you want to be able to compile Java code. Also, grab the icedtea-web (optional) and rhino (required) packages.

Better even: download them from one of the mirrors. Since the slackware.com web server is up and running again, we have applied a download cap to the team’s member pages which will slow down your retrievals. For instance, you could use my taper.alienbase.nl or Darren Austin’s UK mirror .

Have fun! Eric

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑