Created attachment 732 [details]
openjdk error log turd dropped in my home directory

Oops. My problem is with Mageia 1, not Cauldron.

I can file a separate report if someone advises me that that is better.

CC: (none) => longlegged.guy
Version: Cauldron => 1

Someone more knowledgeable than me can decide if this is the same problem.

I'm running 64 bit Mageia 1 on a core i7-2600k and find that openjdk is worthless.

With openjdk as well as icedtea-web installed and selected no java applets on any webpages work. The rest of a page will load, but the java applet part will just sit there. Meanwhile files
with names like hs_err_pid6980.log get dropped in my home directory. I attach one as an example.

The Sun Java works fine. If I have both Sun and Open java and browser plugins installed and use
$ update-alternatives --config java
to select the sun java, firefox and most programs behave fine.
Chrome however continues to use icedtea-web unless I actually uninstall icedtea-web.

Should I open a separate bug report for this?

Hope this gets some attention.

I appear to be having the same issue running code on my new i7-2600 with 64-bit Mageia 1. This is my new development box, and I upgraded it from Mandriva 2010.1, where this stuff worked.

I've tried compiling with Sun/Oracle JDK 1.6_25 and _27, downloaded from Oracle, with the same result:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f713dbab670, pid=25064, tid=140124320417552
#
# JRE version: 6.0_27-b07
# Java VM: Java HotSpot(TM) 64-Bit Server VM (20.2-b06 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# C  [ld-linux-x86-64.so.2+0x13670]  _dl_x86_64_save_sse+0x30

If this can be fixed by updating glibc, I'd love to see that package available.

CC: (none) => chard

Adding glibc committers in CC as there is no maintainer.

Seems to be an upstream bug, there's a patch in the upstream report.

CC: (none) => arnaud.patard, mageia, misc, thierry.vignaud

Upstream patch for upstream bug 12113:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f90681487d90a6eea8f1c60021bc8dd83313c59b;hp=b833d51fbbf78b38c6ff68074c22d3fe3ddd0ce3

CC: (none) => boklm

I was able to reproduce this bug with the Intel i860 graphic driver (as far as i remember). If you are in the case of a Laptop Dell E6420 (i7), you can 1)Disable "Optimus" in the graphic option of the Bios and 2) Install the nVidia GForce400s driver.

CC: (none) => cedric.levasseur

Bug assigned to the package maintainer.

Assignee: bugsquad => tmb

  It is likely that this bug is also responsible
 of the failing of the installation of matlab 2011
 on my machine (a dell latitude E 6420, i7 dual core,
 only HD Intel 3000 GPU) which runs mageia-1.0.

  I got the same kind of error :

[root@ma096 iso]# ./install
Preparing installation files ...
Installing ...
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f30a7b48670, pid=11471, tid=139844496738064
#
# JRE version: 6.0_17-b04
# Java VM: Java HotSpot(TM) 64-Bit Server VM (14.3-b01 mixed mode linux-amd64 )
# Problematic frame:
# C  [ld-linux-x86-64.so.2+0x13670]


   So I would be happy to have an update on glibc
 for mageia-1.0. (if glibc 2.12.2 fixes the bug
 as the OP said).

CC: (none) => bruno.pincon

Fix merged in svn, 
a new glibc will be available tomorrow in Core Updates Testing

(In reply to comment #10)
> Fix merged in svn, 
> a new glibc will be available tomorrow in Core Updates Testing

 Thanks I will test it asap.

A fixed glibc-2.12.1-11.1.mga1 is now submitted and should be available on the mirrors in a few hours.

 I confirm that with this update on glibc
 I can now install and run matlab (R2011a)
 (btw matlab needs libXp (lib64Xp package)).

 Moreover the scilab-5.3.3 linux binary for 64
 bits arch works too (yesterday I was not
 sure this bug was the guilty for scilab
 but as the ld-linux-x86-64.so.2+0x13670
 appeared in the error trace messages I
 suspect it was potentially involved).

  So many many thanks for this update in 
 mageia 1.0.

On a 32 bits system, after updating glibc and glibc-devel and rebooting, a third party software I use (the game warsow, version 0.5.2) crashes with the following message :

====== Warsow Initialized ======
pinging broadcast...
pinging broadcast...
Connecting to 195.112.127.229:44400...
Error: Mem_Free: trashed header sentinel 1 (alloc at (null):0, free at ui.old/ui_atoms.c:1913)
********************
ERROR: Received signal 11

********************
Erreur de segmentation

I reinstalled glibc and glibc-devel from release and it came back to normal.

Any idea?

I entered today a bug report about a crash i experienced in KDevelop after configuring a project, reproducible only on 64 bits "Sandy Bridge" based machines: bug #3357 "Crash after configuring project in KDevelop (upstream glibc bug, dynamic loader on AVX enabled CPU)".

I found that installing the glibc-2.12.1-11.1.mga1 package from Core Updates Testing as described here solved the problem.

CC: (none) => eonwir.ardamire+mageia

Thomas, I see this bug is not on the QA, it's ok to reassign to the team ?

Nope. as you see in comment #14 it introduced a regression, so I need some more tests.

@Samuel: Is this the game you talk about: http://www.warsow.net/ ?

(In reply to comment #17)
> Nope. as you see in comment #14 it introduced a regression, so I need some more
> tests.
> 
> @Samuel: Is this the game you talk about: http://www.warsow.net/ ?

Yes, this is it, but not their latest release (not tested here), it's version 0.5 (not 0.5.2 as I said earlier). IIRC in order to play it I had to do a little trick : link libcurl.so.3 to libcurl.so.4 so that it's happy.
You might want to download it from there: http://www.xgn.in.th/xsense/downloads.php?do=file&id=12

Ok, will download and test.

I confirm that update fixes Flexibee (java based accounting SW) under OpenJDK.

CC: (none) => supp

There is now a glibc-2.12.1-11.2.mga1 (currently building) to validate for updates.

Besided the fix for this bug, it closes 2 CVEs and another upstream bug


Advisory:
---------
This update fixes the following CVEs:
* A flaw in John the Ripper and crypt_blowfish was reported where passwords
  with 8-bit characters were mishandled. A password containing a single 
  character with the 8th bit set have 1 to 3 characters immediately preceding
  the 8-bit character ignored (approximately 3 in 16 passwords). With more
  than one 8-bit character in the password, there may be more ignored
  characters. This can result in passwords being even easier to crack than
  expected. This is due to a char signedness bug in crypt_blowfish.
  (CVE-2011-2483)

* The addmntent function in the GNU C Library 2.13 and earlier does not report
  an error status for failed attempts to write to the /etc/mtab file, which 
  makes it easier for local users to trigger corruption of this file, as 
  demonstrated by writes from a process with a small RLIMIT_FSIZE value.
  (CVE-2011-1089)

Other fixes in this release:
* fix alignment of AVX safe area on x86-64 (GBZ #12113, mga #1362)
  (fixes java crashes on x86_64 hw supporting AVX)

* Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version strncmp
  (GBZ #12077)

Assignee: tmb => qa-bugs
Summary: java gui applications crash immediately (glibc bug, patch in upstream report) => update request: glibc (was: java gui applications crash immediately (glibc bug, patch in upstream report))

Testing complete on i586 for the srpm
glibc-2.12.1-11.2.mga1.src.rpm

I was not able to recreate the crash, or find a POC for any of the CVE's
identified, so just testing that the system works normally, including
running java applications (specifically varsha).

CC: (none) => davidwhodgins

glibc-2.12.1-11.2.mga1 fixes my problem, as reported at comment #4. Thanks!

The regression mentioned in comment #14 seems fixed with the latest update candidate.

I have also installed and tested the glibc-2.12.1-11.2.mga1 package on both "Sandy Bridge" and older 64 bit processor, and as for previous glibc-2.12.1-11.1.mga1 package, the problem is fixed without any other apparent regressions.
See comment #15 or bug #3357 "Crash after configuring project in KDevelop (upstream glibc bug, dynamic loader on AVX enabled CPU)".

Original poster here. I've now been running the 2.12.11-11.1 for a week with no problems. Java works fine. Thanks!

Validating the update.

Can someone from the sysadmin team push the srpm
glibc-2.12.1-11.2.mga1.src.rpm
from Core Updates Testing to Core Updates

Advisory:
This update fixes the following CVEs:
* A flaw in John the Ripper and crypt_blowfish was reported where passwords
  with 8-bit characters were mishandled. A password containing a single 
  character with the 8th bit set have 1 to 3 characters immediately preceding
  the 8-bit character ignored (approximately 3 in 16 passwords). With more
  than one 8-bit character in the password, there may be more ignored
  characters. This can result in passwords being even easier to crack than
  expected. This is due to a char signedness bug in crypt_blowfish.
  (CVE-2011-2483)

* The addmntent function in the GNU C Library 2.13 and earlier does not report
  an error status for failed attempts to write to the /etc/mtab file, which 
  makes it easier for local users to trigger corruption of this file, as 
  demonstrated by writes from a process with a small RLIMIT_FSIZE value.
  (CVE-2011-1089)

Other fixes in this release:
* fix alignment of AVX safe area on x86-64 (GBZ #12113, mga #1362)
  (fixes java crashes on x86_64 hw supporting AVX)

* Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version strncmp
  (GBZ #12077)

https://bugs.mageia.org/show_bug.cgi?id=1362

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Update pushed.

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

FYI, AFAICS since glibc has "Requires(pre,post): dash-static", if the user doesn't have dash-static installed, this update will trigger the error of bug #2317, since dash-static is not in /updates.

("[Mageia-discuss] glibc depending on dash-static?")

CC: (none) => anssi.hannula

Thanks for noticing.

dash-static is now linked in updates