[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-distro-pkg-dev
Subject:    [SECURITY] IcedTea 3.30.0 for OpenJDK 8 Released!
From:       Andrew Hughes <gnu_andrew () member ! fsf ! org>
Date:       2024-02-02 18:17:46
Message-ID: Zb0xyjwMfMDOEl0P () hex ! discworld ! ac ! uk
[Download RAW message or body]


We are pleased to announce the release of IcedTea 3.30.0!

The IcedTea project provides a harness to build the source code from
OpenJDK using Free Software build tools, along with additional
features such as the ability to build against system libraries and
support for alternative virtual machines and architectures beyond
those supported by OpenJDK.

This release updates our OpenJDK 8 support with the January 2024
security fixes from OpenJDK 8u402.

If you find an issue with the release, please report it to our bug
database (http://icedtea.classpath.org/bugzilla) under the appropriate
component. Development discussion takes place on the distro-pkg-dev at
openjdk.org mailing list and patches are always welcome.

Full details of the release can be found below.

What's New?
===========
New in release 3.30.0 (2024-02-02):

* CVEs
  - CVE-2024-20918
  - CVE-2024-20919
  - CVE-2024-20921
  - CVE-2024-20926
  - CVE-2024-20945
  - CVE-2024-20952
* Security fixes
  - JDK-8308204: Enhanced certificate processing
  - JDK-8314284: Enhance Nashorn performance
  - JDK-8314295: Enhance verification of verifier
  - JDK-8314307: Improve loop handling
  - JDK-8314468: Improve Compiler loops
  - JDK-8316976: Improve signature handling
  - JDK-8317547: Enhance TLS connection support
* Import of OpenJDK 8 u402 build 06
  - JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
  - JDK-8029995: accept yes/no for boolean krb5.conf settings
  - JDK-8159156: [TESTBUG] ReserveMemory test is not useful on Aix.
  - JDK-8176509: Use pandoc for converting build readme to html
  - JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java \
                fails with Committed virtual memory size illegal value
  - JDK-8207404: MulticastSocket tests failing on AIX
  - JDK-8212677: X11 default visual support for IM status window on VNC
  - JDK-8239365: ProcessBuilder test modifications for AIX execution
  - JDK-8271838: AmazonCA.java interop test fails
  - JDK-8285398: Cache the results of constraint checks
  - JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException \
                when 'alg'  is null
  - JDK-8302017: Allocate BadPaddingException only if it will be thrown
  - JDK-8305329: [8u] Unify test libraries into single test library - step 1
  - JDK-8307837: [8u] Check step in GHA should also print errors
  - JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java \
                fails
  - JDK-8311813: C1: Uninitialized PhiResolver::_loop field
  - JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for \
                JARs such as WhiteSource/Mend unified agent jar
  - JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException
  - JDK-8315280: Bump update version of OpenJDK: 8u402
  - JDK-8315506: C99 compatibility issue in LinuxNativeDispatcher
  - JDK-8317291: Missing null check for nmethod::is_native_method()
  - JDK-8317373: Add Telia Root CA v2
  - JDK-8317374: Add Let's Encrypt ISRG Root X2
  - JDK-8318759: Add four DigiCert root certificates
  - JDK-8319187: Add three eMudhra emSign roots
  - JDK-8319405: [s390] [jdk8] Increase javac default stack size for s390x zero
  - JDK-8320597: RSA signature verification fails on signed data that does not encode \
                params correctly
* Bug fixes
  - JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'"

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.30.0.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-3.30.0.tar.xz

We provide both gzip and xz tarballs, so that those who are able to
make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

* http://icedtea.classpath.org/download/source/icedtea-3.30.0.tar.gz.sig
* http://icedtea.classpath.org/download/source/icedtea-3.30.0.tar.xz.sig

These are produced using my public key. See details below.

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

e20dfecb64b36d724ecb42bc78d93fb99f9038e11dcca58725c8466d7068e680  \
icedtea-3.30.0.tar.gz \
fc532d4ca3c6648f89ff15fde9e099240cf969906580d7d20d80135db71b3d6f  \
icedtea-3.30.0.tar.gz.sig \
600beb80f1c5a6dc6c6a8ed88a068a2c6d3777e225f6c97fcb812b9a35094940  \
icedtea-3.30.0.tar.xz \
547d2823c16acfaa8e552dd05502b34b74948d2663fd4cbda4ae37b9fa58220b  \
icedtea-3.30.0.tar.xz.sig

The checksums can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea-3.30.0.sha256

The following people helped with this release:

* Andrew Hughes (all bug fixes and backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.30.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.30.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.30.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!
-- 
Andrew :)
Pronouns: he / him or they / them
Principal Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
Available on Libera Chat & OFTC IRC networks as gnu_andrew


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic