Bug 26061

Done for mga7, also a scilab rebuild is needed due to the libmajor change but unfortunately it fails to build.

So the matio update is:
matio-1.5.16-1.mga7
libmatio9-1.5.16-1.mga7
libmatio-devel-1.5.16-1.mga7

and the failed scilab rebuild looks like either a parallel make problem or a Java problem.  Maybe Nicolas can help.

CC: (none) => nicolas.salguero

Hi,

It is a java problem.

On my machine I tried to rebuild scilab with openjdk 8u242-b07 (which is in updates_testing) and it failed with the same error.

Then I tried to rebuild scilab with openjdk 8u232-b09 (which is in updates) and it succeeded.

In openjdk, the problem comes from the method loadLibrary of the class java.lang.ClassLoader:
"""
    static void loadLibrary(Class<?> fromClass, String name,
                            boolean isAbsolute) {
[...]
        assert sys_paths != null : "should be initialized at this point";
        assert usr_paths != null : "should be initialized at this point";
[...]
        for (int i = 0 ; i < sys_paths.length ; i++) { <- /!\ NPE HERE
[...]
    }
"""
So, if there was no concurrent problem, the NPE should not be possible.

A diff between openjdk 8u232-b09 and 8u242-b07 shows that the methods load0 and loadLibrary0 from the class java.lang.Runtime were marked as "synchronized" in openjdk 8u232-b09 and are no more marked as "synchronized" in openjdk 8u242-b07.

I will try to revert that change in a new build of openjdk to see if it solves the issue.

Best regards,

Nico.

Sadly it does not work.

Scilab is now rebuilt.

(In reply to Nicolas Salguero from comment #5)
> Scilab is now rebuilt.

Excellent! Thanks Nicolas.

Advisory:
========================

Updated matio packages fix security vulnerability:

Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c,
mat4.c, mat5.c, mat73.c, and matvar_struct.c (CVE-2019-13107).

The matio package has been updated to version 1.5.16 to fix this issue.

Also, the scilab package has been rebuilt against the updated matio package.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13107
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N7AE25FWDBPC7KLVMPLHT4G64O4GISQQ/
========================

Updated packages in core/updates_testing:
========================
matio-1.5.16-1.mga7
libmatio9-1.5.16-1.mga7
libmatio-devel-1.5.16-1.mga7
scilab-6.0.2-2.1.mga7
scilab-devel-6.0.2-2.1.mga7
scilab-doc-6.0.2-2.1.mga7
scilab-tests-6.0.2-2.1.mga7

from SRPMS:
matio-1.5.16-1.mga7.src.rpm
scilab-6.0.2-2.1.mga7.src.rpm

Assignee: geiger.david68210 => qa-bugs
CC: (none) => geiger.david68210

MGA7-64 Plasma on Lenovo B50
No installation issues
Tried some commands as Matlab is not my terrain.
$ matdump --version
matdump 1.5.16
Written by Christopher Hulbert

Copyright(C) 2006-2019, Christopher C. Hulbert

$ matdump --help

Usage: matdump [OPTIONS] mat_file [var1 var2 ...]

Runs various test on the Matlab I/O library libmatio

OPTIONS
-d,--data         Print data with header information
-f,--format whos  Turn on 'whos' display mode
-h,--human        Human readable sizes in 'whos' display mode
-v,--verbose      Turn on verbose messages
-H,--help         This output
-V,--version      version information

mat_file          name of the MAT file to dump
var1 var2 ...     If specified, dumps only listed variables

Report bugs to <t-beu@users.sourceforge.net>.

and$ scilab
java.io.IOException: Cannot run program "/opt/X11/bin/xprop": error=2, Bestand of map bestaat niet
        at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048)
        at java.lang.Runtime.exec(Runtime.java:621)
        at java.lang.Runtime.exec(Runtime.java:451)
        at java.lang.Runtime.exec(Runtime.java:348)
        at org.GNOME.Accessibility.AtkWrapper.<clinit>(AtkWrapper.java:34)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
        at java.lang.Class.newInstance(Class.java:442)
        at java.awt.Toolkit.loadAssistiveTechnologies(Toolkit.java:805)
        at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:887)
        at org.scilab.modules.commons.gui.ScilabKeyStroke.<clinit>(Unknown Source)
        at org.scilab.modules.commons.xml.XConfiguration.createDocument(Unknown Source)
        at org.scilab.modules.commons.xml.XConfiguration.getXConfigurationDocument(Unknown Source)
        at org.scilab.modules.core.Scilab.<clinit>(Unknown Source)
Caused by: java.io.IOException: error=2, Bestand of map bestaat niet
        at java.lang.UNIXProcess.forkAndExec(Native Method)
        at java.lang.UNIXProcess.<init>(UNIXProcess.java:247)
        at java.lang.ProcessImpl.start(ProcessImpl.java:134)

but eventually the scilab console opens, and that's about the end for me, the obvious "File" menus open .....
Someone else's conclusion ????

CC: (none) => herman.viaene

Some of the things we run into as QA testers are mind-boggling. Before becoming part of QA, I had no idea we had all this capability included in Mageia.

I did a search for "scilab" and found the Wikipedia page. After reading that, I've come to the conclusion that we are unlikely to find a member of QA who would get any farther than you did, Herman. I certainly couldn't.

I'm going to send this on on the basis of a clean install, and because "eventually the scilab console opens" in your test.

Validating. Advisory in Comment 7.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

dropping ok

this need to be patched / fixed so it finds the tool:

and$ scilab
java.io.IOException: Cannot run program "/opt/X11/bin/xprop": error=2, Bestand of map bestaat niet



$ urpmf bin/xprop
xprop:/usr/bin/xprop

CC: (none) => tmb
Keywords: validated_update => feedback

Then the OK needs to be dropped, too.

Whiteboard: MGA7-64-OK => (none)

Advisory:
========================

Updated matio packages fix a security vulnerability:

Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c (CVE-2019-13107).

The matio package has been updated to version 1.5.16 to fix this issue.

Also:
  - The scilab package has been updated to version 6.1.0.
  - The java-atk-wrapper package fixes an error (Cannot run program "/opt/X11/bin/xprop") when using java accessibility.
  - The jogl2 package fixes a crach with current versions of gallium driver.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13107
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N7AE25FWDBPC7KLVMPLHT4G64O4GISQQ/
https://bugs.mageia.org/show_bug.cgi?id=26061
========================

Updated packages in core/updates_testing:
========================
matio-1.5.16-1.mga7
libmatio9-1.5.16-1.mga7
libmatio-devel-1.5.16-1.mga7
scilab-6.1.0-1.mga7
scilab-devel-6.1.0-1.mga7
scilab-doc-6.1.0-1.mga7
scilab-tests-6.1.0-1.mga7
java-atk-wrapper-0.33.2-5.1.mga7
jogl2-2.3.2-8.1.mga7
jogl2-doc-2.3.2-8.1.mga7

from SRPMS:
matio-1.5.16-1.mga7.src.rpm
scilab-6.1.0-1.mga7.src.rpm
java-atk-wrapper-0.33.2-5.1.mga7.src.rpm
jogl2-2.3.2-8.1.mga7.src.rpm

CVE: (none) => CVE-2019-13107
Keywords: feedback => (none)
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 1.5.16 => (none)

Advisory:
========================

Updated matio packages fix a security vulnerability:

Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c (CVE-2019-13107).

The matio package has been updated to version 1.5.16 to fix this issue.

Also:
  - The scilab package has been updated to version 6.1.0.
  - The java-atk-wrapper package fixes an error (Cannot run program "/opt/X11/bin/xprop") when using java accessibility.
  - The jogl2 package fixes a crach with current versions of gallium driver.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13107
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N7AE25FWDBPC7KLVMPLHT4G64O4GISQQ/
https://bugs.mageia.org/show_bug.cgi?id=26061
https://bugs.mageia.org/show_bug.cgi?id=26475

Repeating tests from Comment 8
 matdump --version
matdump 1.5.16
Written by Christopher Hulbert

Copyright(C) 2006-2019, Christopher C. Hulbert

$ matdump --help

Usage: matdump [OPTIONS] mat_file [var1 var2 ...]

Runs various test on the Matlab I/O library libmatio

OPTIONS
-d,--data         Print data with header information
-f,--format whos  Turn on 'whos' display mode
-h,--human        Human readable sizes in 'whos' display mode
-v,--verbose      Turn on verbose messages
-H,--help         This output
-V,--version      version information

mat_file          name of the MAT file to dump
var1 var2 ...     If specified, dumps only listed variables

Report bugs to <t-beu@users.sourceforge.net>.

$ scilab

(scilab-bin:7753): GLib-GObject-WARNING **: 10:38:21.647: invalid cast from 'GtkToplevelAccessible' to 'JawToplevel'

(scilab-bin:7753): GLib-GObject-WARNING **: 10:39:20.735: invalid cast from 'GtkToplevelAccessible' to 'JawToplevel'

scilab opens with windows "File browser", "Scilab 6.1.0 Console", "Variable Browser", "Command History" and "News feed".
Googling found https://www.scilab.org/sites/default/files/Scilab_beginners.pdf
did some simple calculations, works OK.
As I seem to be the only tester in a while, OK'ing

Whiteboard: (none) => MGA7-64-OK

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0202.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED