Fedora has updated it in git today finally, and I have synced it.

Question for Nicolas Salguero:
Is there anything more we need to do before we push it?  Does the f8725698a870.tar.bz2 you added before need to be updated?

(In reply to David Walser from comment #1)
> Question for Nicolas Salguero:
> Is there anything more we need to do before we push it?  Does the
> f8725698a870.tar.bz2 you added before need to be updated?

I added a new version of my script mga-add-missing-files.sh (because the previous version get the missing files from http://hg.openjdk.java.net/jdk8u/... whereas it should get those files from http://hg.openjdk.java.net/aarch64-port/...) and I launched that script to update Source1 (in this case, f8725698a870.tar.bz2 is replaced by 5e27ac7f7cbc.tar.bz2, using the command: "./mga-add-missing-files.sh aarch64-jdk8u101-b14").

We should update Source1 (by launching the script) each time we update java-1.8.0-openjdk to be sure the missing files in Source1 come from the same commit as the files in "aarch64-port-jdk8u-aarch64-..." tarball.

Best regards,

Nico.

Thanks Nicolas!

Thomas, Nicolas has pushed the build for Mageia 5 to the build system already.  Please push chkconfig and java-1.8.0-openjdk in Cauldron ASAP.  Thanks.

CC: (none) => tmb

See https://bugs.mageia.org/show_bug.cgi?id=14051#c4 for useful links to test java

Advisory:
========================

Updated java-1.8.0-openjdk packages fix security vulnerabilities:

Multiple flaws were discovered in the Hotspot and Libraries components in
OpenJDK. An untrusted Java application or applet could use these flaws to
completely bypass Java sandbox restrictions (CVE-2016-3606, CVE-2016-3587,
CVE-2016-3598, CVE-2016-3610).

Multiple denial of service flaws were found in the JAXP component in OpenJDK.
A specially crafted XML file could cause a Java application using JAXP to
consume an excessive amount of CPU and memory when parsed (CVE-2016-3500,
CVE-2016-3508).

Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An
untrusted Java application or applet could use these flaws to bypass certain
Java sandbox restrictions (CVE-2016-3458, CVE-2016-3550).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://rhn.redhat.com/errata/RHSA-2016-1458.html
========================

Updated packages in core/updates_testing:
========================
java-1.8.0-openjdk-1.8.0.101-1.b14.1.mga5
java-1.8.0-openjdk-headless-1.8.0.101-1.b14.1.mga5
java-1.8.0-openjdk-devel-1.8.0.101-1.b14.1.mga5
java-1.8.0-openjdk-demo-1.8.0.101-1.b14.1.mga5
java-1.8.0-openjdk-src-1.8.0.101-1.b14.1.mga5
java-1.8.0-openjdk-javadoc-1.8.0.101-1.b14.1.mga5
java-1.8.0-openjdk-accessibility-1.8.0.101-1.b14.1.mga5

from java-1.8.0-openjdk-1.8.0.101-1.b14.1.mga5.src.rpm

Version: Cauldron => 5
Assignee: mageia => qa-bugs
Whiteboard: MGA5TOO => has_procedure

Hi!

I tested the update on a Mageia 5 x86-64 VirtualBox VM and while it seems fine - I ran into some problems with the test procedure:

1. The applets in the first link are too 'whack-a-mole'-y and don't work.

2. The fourth link (with the stick runner game) does not work.

I used https://docs.oracle.com/javase/tutorial/deployment/applet/examplesIndex.html instead. Marking as mga5-64-ok.

CC: (none) => shlomif
Whiteboard: has_procedure => has_procedure MGA5-64-OK

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0273.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED