Bug 32413

Assigning to Java maintainers.

Assignee: bugsquad => java

For java-17-openjdk (Cauldron and Mageia 9), there is a build problem:
"""
Checking build JDK /home/iurt/rpmbuild/BUILD/java-17-openjdk-17.0.9.0.9-1.mga9.i386/newboot is operational...
+ /home/iurt/rpmbuild/BUILD/java-17-openjdk-17.0.9.0.9-1.mga9.i386/newboot/bin/java -version
Error occurred during initialization of VM
Unable to load native library: /home/iurt/rpmbuild/BUILD/java-17-openjdk-17.0.9.0.9-1.mga9.i386/newboot/lib/libjava.so: undefined symbol: JVM_IsThreadAlive, version SUNWprivate_1.1
"""

Updated packages in 9/core/updates_testing:
========================
java-1.8.0-openjdk-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-demo-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-demo-fastdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-demo-slowdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-devel-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-devel-fastdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-devel-slowdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-fastdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-headless-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-headless-fastdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-headless-slowdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-javadoc-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-javadoc-zip-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-openjfx-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-openjfx-devel-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-slowdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-src-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-src-fastdebug-1.8.0.392.b08-1.mga9
java-1.8.0-openjdk-src-slowdebug-1.8.0.392.b08-1.mga9

java-11-openjdk-11.0.21.0.9-1.mga9
java-11-openjdk-debugsource-11.0.21.0.9-1.mga9
java-11-openjdk-demo-11.0.21.0.9-1.mga9
java-11-openjdk-demo-fastdebug-11.0.21.0.9-1.mga9
java-11-openjdk-demo-slowdebug-11.0.21.0.9-1.mga9
java-11-openjdk-devel-11.0.21.0.9-1.mga9
java-11-openjdk-devel-fastdebug-11.0.21.0.9-1.mga9
java-11-openjdk-devel-slowdebug-11.0.21.0.9-1.mga9
java-11-openjdk-fastdebug-11.0.21.0.9-1.mga9
java-11-openjdk-headless-11.0.21.0.9-1.mga9
java-11-openjdk-headless-fastdebug-11.0.21.0.9-1.mga9
java-11-openjdk-headless-slowdebug-11.0.21.0.9-1.mga9
java-11-openjdk-javadoc-11.0.21.0.9-1.mga9
java-11-openjdk-javadoc-zip-11.0.21.0.9-1.mga9
java-11-openjdk-jmods-11.0.21.0.9-1.mga9
java-11-openjdk-jmods-fastdebug-11.0.21.0.9-1.mga9
java-11-openjdk-jmods-slowdebug-11.0.21.0.9-1.mga9
java-11-openjdk-slowdebug-11.0.21.0.9-1.mga9
java-11-openjdk-src-11.0.21.0.9-1.mga9
java-11-openjdk-src-fastdebug-11.0.21.0.9-1.mga9
java-11-openjdk-src-slowdebug-11.0.21.0.9-1.mga9
java-11-openjdk-static-libs-11.0.21.0.9-1.mga9
java-11-openjdk-static-libs-fastdebug-11.0.21.0.9-1.mga9
java-11-openjdk-static-libs-slowdebug-11.0.21.0.9-1.mga9

java-latest-openjdk-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-demo-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-demo-fastdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-demo-slowdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-devel-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-devel-fastdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-devel-slowdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-fastdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-headless-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-headless-fastdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-headless-slowdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-javadoc-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-javadoc-zip-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-jmods-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-jmods-fastdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-jmods-slowdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-slowdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-src-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-src-fastdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-src-slowdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-static-libs-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-static-libs-fastdebug-21.0.1.0.12-1.rolling.1.mga9
java-latest-openjdk-static-libs-slowdebug-21.0.1.0.12-1.rolling.1.mga9

from SRPMS:
java-1.8.0-openjdk-1.8.0.392.b08-1.mga9.src.rpm
java-11-openjdk-11.0.21.0.9-1.mga9.src.rpm
java-latest-openjdk-21.0.1.0.12-1.rolling.1.mga9.src.rpm

Updated packages in 8/core/updates_testing:
========================
java-1.8.0-openjdk-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-debugsource-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-demo-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-demo-fastdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-demo-slowdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-devel-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-devel-fastdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-devel-slowdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-fastdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-headless-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-headless-fastdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-headless-slowdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-javadoc-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-javadoc-zip-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-openjfx-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-openjfx-devel-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-slowdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-src-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-src-fastdebug-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-src-slowdebug-1.8.0.392.b08-1.mga8

java-11-openjdk-11.0.21.0.9-1.mga8
java-11-openjdk-demo-11.0.21.0.9-1.mga8
java-11-openjdk-demo-fastdebug-11.0.21.0.9-1.mga8
java-11-openjdk-demo-slowdebug-11.0.21.0.9-1.mga8
java-11-openjdk-devel-11.0.21.0.9-1.mga8
java-11-openjdk-devel-fastdebug-11.0.21.0.9-1.mga8
java-11-openjdk-devel-slowdebug-11.0.21.0.9-1.mga8
java-11-openjdk-fastdebug-11.0.21.0.9-1.mga8
java-11-openjdk-headless-11.0.21.0.9-1.mga8
java-11-openjdk-headless-fastdebug-11.0.21.0.9-1.mga8
java-11-openjdk-headless-slowdebug-11.0.21.0.9-1.mga8
java-11-openjdk-javadoc-11.0.21.0.9-1.mga8
java-11-openjdk-javadoc-zip-11.0.21.0.9-1.mga8
java-11-openjdk-jmods-11.0.21.0.9-1.mga8
java-11-openjdk-jmods-fastdebug-11.0.21.0.9-1.mga8
java-11-openjdk-jmods-slowdebug-11.0.21.0.9-1.mga8
java-11-openjdk-slowdebug-11.0.21.0.9-1.mga8
java-11-openjdk-src-11.0.21.0.9-1.mga8
java-11-openjdk-src-fastdebug-11.0.21.0.9-1.mga8
java-11-openjdk-src-slowdebug-11.0.21.0.9-1.mga8
java-11-openjdk-static-libs-11.0.21.0.9-1.mga8
java-11-openjdk-static-libs-fastdebug-11.0.21.0.9-1.mga8
java-11-openjdk-static-libs-slowdebug-11.0.21.0.9-1.mga8

from SRPMS:
java-1.8.0-openjdk-1.8.0.392.b08-1.mga8.src.rpm
java-11-openjdk-11.0.21.0.9-1.mga8.src.rpm

As you list them, I assume you also meant they are ready to test.

CC: (none) => fri
Assignee: java => qa-bugs

mga9-64 mini test OK:

Updated java-1.8.0-openjdk and -headless

My old java based invoicing & book-keeping application FriBOK that use it still works, incl printing.

java-17-openjdk is missing so I do not send the packages to QA for the moment.

Assignee: qa-bugs => pkg-bugs

MGA9-64 Xfce on Acer Aspire 5253
Installed the whole kaboodle except the debug packages.
Testing with my own LibreOffice Base application. In LO I can choose which java version to use. The application uses an odb, various odt files and generates odt report files.
Using java 21: all works OK.
using java 11: interactieve odt screens work OK, but generating a report file fails with error:
Runtime exception: - shorter than the message I cannot copy - LibLayoutinfo has been compiled with Runtime 6.1 while this version only recognizes class file versions up to 55.0.
If I remember well, this kind of error has occurred in the past.
java 1.8.0: similar error, but versions involved are 55 i.s.o. 6.1 and 52 i.s.o. 55.
Note: LO restarts each time the java version used is changed.
Ref bug 31452 trying freecol:
Starts up OK, makes a lot of load music, I can move the little ship. That's enough for me.

CC: (none) => herman.viaene

I did not find how to fix the problem with java 17 build so I cloned that bug for java 17.

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Segmentation fault in ciMethodBlocks. (CVE-2022-40433)

Certificate path validation issue during client authentication. (CVE-2023-22081)

IOR deserialization issue in CORBA. (CVE-2023-22067)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22067
https://access.redhat.com/errata/RHSA-2023:5732
https://access.redhat.com/errata/RHSA-2023:5736
https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixJAVA
========================

The list of packages is in comment 3.

Summary: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk and java-latest-openjdk new security issues => java-1.8.0-openjdk, java-11-openjdk, and java-latest-openjdk new security issues
Source RPM: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk => java-1.8.0-openjdk, java-11-openjdk,java-latest-openjdk
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED

Advisory from comment 9 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"

CC: (none) => marja11
Keywords: (none) => advisory

Installed and tested without issues.

Tested using netbeans (upstream), edugraphe, rachota, ganttproject, libreoffice, yuicompressor, and freecol. No regressions noticed.


System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver.


$ uname -a
Linux jupiter 6.1.45-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Fri Aug 11 22:01:56 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep java-1 | sort
java-11-openjdk-11.0.21.0.9-1.mga8
java-11-openjdk-headless-11.0.21.0.9-1.mga8
java-1.8.0-openjdk-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-headless-1.8.0.392.b08-1.mga8
java-1.8.0-openjdk-openjfx-1.8.0.392.b08-1.mga8

CC: (none) => mageia

This update has been working without issues for the past few days and since the Mageia 8 end-of-support is near I'm OKing this for Mageia 8 on x86_64 to push it before the deadline. Please undo if needed.

Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK

No one jumped in for the M9 testing and as the problems I got with LO and the older java versions is not a regression, I give the OK for M9 as well.

Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-4-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

The java packages weren't moved to updates when Neoclust ran his script today.

However, I don't see my mistake in the advisory I uploaded last week
https://svnweb.mageia.org/advisories/32413.adv?view=log

It is still possible that there is a mistake, I'm good at not seeing them.

Another thing I'm wondering, is whether my commit message was too complex:

Add security advisory M8/M9 java-1.8.0-openjdk/java-11-openjdk/java-latest-openjdk mga#32413

Does the move-updates-script look at the commit messages?

CC'ing Dave, in the hope he can spot the issue.

CC: (none) => davidwhodgins

The commit messages don't matter.  I don't see any obvious mistakes in the advisory, but the script does have output, so maybe there was an error that he didn't tell us about.

Fixing whiteboard entry - MGA9-64-OK

Whiteboard: MGA8TOO MGA8-64-OK MGA9-4-OK => MGA8TOO MGA8-64-OK MGA9-64-OK

(In reply to Dave Hodgins from comment #17)
> Fixing whiteboard entry - MGA9-64-OK

Thanks! So the script looks at the OKs too, I wasn't aware.

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0326.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED