[SECURITY] IcedTea 2.6.20 for OpenJDK 7 Released!

Andrew Hughes gnu_andrew at member.fsf.org
Mon Nov 18 05:59:08 UTC 2019

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with
the October 2019 security fixes from OpenJDK 7u241.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the
distro-pkg-dev at openjdk.java.net mailing list and patches are always

Full details of the release can be found below.

What's New?
New in release 2.6.20 (2019-11-17):

* Security fixes
  - S8167646: Better invalid FilePermission
  - S8213429, CVE-2019-2933: Windows file handling redux
  - S8218573, CVE-2019-2945: Better socket support
  - S8218877: Help transform transformers
  - S8220186: Improve use of font temporary files
  - S8220302, CVE-2019-2949: Better Kerberos ccache handling
  - S8221497: Optional Panes in Swing
  - S8221858, CVE-2019-2958: Build Better Processes
  - S8222684, CVE-2019-2964: Better support for patterns
  - S8222690, CVE-2019-2962: Better Glyph Images
  - S8223163: Better pattern recognition
  - S8223505, CVE-2019-2973: Better pattern compilation
  - S8223892, CVE-2019-2978: Improved handling of jar files
  - S8224532, CVE-2019-2981: Better Path supports
  - S8224915, CVE-2019-2983: Better serial attributes
  - S8225286, CVE-2019-2987: Better rendering of native glyphs
  - S8225292, CVE-2019-2988: Better Graphics2D drawing
  - S8225298, CVE-2019-2989: Improve TLS connection support
  - S8225597, CVE-2019-2992: Enhance font glyph mapping
  - S8226765, CVE-2019-2999: Commentary on Javadoc comments
  - S8227129: Better ligature for subtables
  - S8227601: Better collection of references
  - S8228825, CVE-2019-2894: Enhance ECDSA operations
* Import of OpenJDK 7 u241 build 1
  - S7050570: (fs) FileSystemProvider fails to initializes if run with file.encoding set to Cp037
  - S7068616: NIO libraries do not build with javac -Xlint:all,-deprecation -Werror
  - S7068617: Core libraries don't build with javac -Xlint:all -Werror
  - S7077389: Reflection classes do not build with javac -Xlint:all -Werror
  - S7116997: fix warnings in java.util.PropertyPermission
  - S7117487: Warnings Cleanup: some i18n classes in java.util and sun.util
  - S7157893: Warnings Cleanup in java.util.*
  - S7193406: Clean-up JDK Build Warnings in java.util, java.io
  - S8017626: [OGL] Translucent VolatileImages don't paint correctly
  - S8026876: (fs) Build issue with src/solaris/classes/sun/nio/fs/SolarisUserDefinedFileAttributeView.java
  - S8029253: [macosx] Performance problems with Retina display on Mac OS X
  - S8041129: [OGL] surface->sw blit is extremely slow
  - S8216965: crash in freetypeScaler.c CopyBW2Grey8
  - S8226318: Class Loader Dependencies improvements
* Backports
  - S8232643, PR3761: OpenJDK 7.241 doesn't compile

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.20.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.6.20.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-2.6.20.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-2.6.20.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

52b7c5a2b17043ac5e672b33e60d9f7f8110e7e61f6c1cdd1cd29c7e4e6e40ab  icedtea-2.6.20.tar.gz
4bc3477c1f3bf68fdc2141308df1f257644f394f3148b63f3eba9e692b1214af  icedtea-2.6.20.tar.gz.sig
a3b6a7bafb9988da81fb46e7ec670d03350d7ef5ffd69234c47d5ffdd71f9cc5  icedtea-2.6.20.tar.xz
adaa38ca39d64e5f7b3ed585a47c8b92b67dd5be5b039620bf5b6595d7aeae47  icedtea-2.6.20.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-2.6.20.sha256

The following people helped with these releases:

* Andrew Hughes (all backports & bug fixes, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.20.tar.gz


$ tar x -I xz -f icedtea-2.6.20.tar.xz


$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.20/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20191118/f81077f7/signature.asc>

More information about the distro-pkg-dev mailing list