RedHat has issued an advisory today (April 17): https://access.redhat.com/errata/RHSA-2019:0775 Corresponding Oracle CPU: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixJAVA
Whiteboard: (none) => MGA6TOO
It doesn't look like Fedora has started syncing it into their git yet.
Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID(). (CVE-2019-2698) Slow conversion of BigDecimal to long. (CVE-2019-2602) Incorrect skeleton selection in RMI registry server-side dispatch handling. (CVE-2019-2684) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2698 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2602 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684 https://access.redhat.com/errata/RHSA-2019:0775 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixJAVA ======================== Updated packages in core/updates_testing: ======================== java-1.8.0-openjdk-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-headless-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-devel-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-demo-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-src-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-javadoc-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-javadoc-zip-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-accessibility-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-openjfx-1.8.0.212-1.b02.1.mga6 java-1.8.0-openjdk-openjfx-devel-1.8.0.212-1.b02.1.mga6 from SRPMS: java-1.8.0-openjdk-1.8.0.212-1.b02.1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 6Assignee: nicolas.salguero => qa-bugs
mga6, x86_64 Could find no public discussion on the issues attached to the CVEs. Clean update. Ran the helloworld compile and run test associated with bug https://bugs.mageia.org/show_bug.cgi?id=24688. $ javac -cp ".:/usr/share/java/*" helloworld.java $ java helloworld Hello World! A gui with a single button - pressed it and saw the response in the terminal.
Whiteboard: (none) => MGA-64-OKCC: (none) => tarazed25
https://bugs.mageia.org/show_bug.cgi?id=24682 has now been tested independently so this bug is done. 64-bit OK.
Whiteboard: MGA-64-OK => MGA6-64-OK
$ uname -a Linux localhost 4.14.106-desktop-1.mga6 #1 SMP Thu Mar 14 19:13:32 UTC 2019 i686 i686 i686 GNU/Linux The following 11 packages are going to be installed: - java-1.8.0-openjdk-1.8.0.212-1.b02.1.mga6.i586 - java-1.8.0-openjdk-accessibility-1.8.0.212-1.b02.1.mga6.i586 - java-1.8.0-openjdk-demo-1.8.0.212-1.b02.1.mga6.i586 - java-1.8.0-openjdk-devel-1.8.0.212-1.b02.1.mga6.i586 - java-1.8.0-openjdk-headless-1.8.0.212-1.b02.1.mga6.i586 - java-1.8.0-openjdk-javadoc-zip-1.8.0.212-1.b02.1.mga6.noarch - java-1.8.0-openjdk-openjfx-1.8.0.212-1.b02.1.mga6.i586 - java-1.8.0-openjdk-openjfx-devel-1.8.0.212-1.b02.1.mga6.i586 - java-1.8.0-openjfx-1.8.0.202-1.b07.1.mga6.i586 - java-atk-wrapper-0.33.2-3.mga6.i586 - meta-task-6-3.3.mga6.noarch After the installs: $ java -version openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-b02) OpenJDK Server VM (build 25.212-b02, mixed mode) Ran one of my old programs for conversting text files to HTML. Worked before update and after, but after update this appeared: $ java TxtToHTML_View java.io.IOException: Cannot run program "/opt/X11/bin/xprop": error=2, No such file or directory at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048) at java.lang.Runtime.exec(Runtime.java:620) at java.lang.Runtime.exec(Runtime.java:450) at java.lang.Runtime.exec(Runtime.java:347) at org.GNOME.Accessibility.AtkWrapper.<clinit>(AtkWrapper.java:34) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at java.lang.Class.newInstance(Class.java:442) at java.awt.Toolkit.loadAssistiveTechnologies(Toolkit.java:805) at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:887) at java.awt.Window.getToolkit(Window.java:1358) at java.awt.Window.init(Window.java:506) at java.awt.Window.<init>(Window.java:537) at java.awt.Frame.<init>(Frame.java:420) at javax.swing.JFrame.<init>(JFrame.java:233) at TxtToHTML_View.main(TxtToHTML_View.java:316) Caused by: java.io.IOException: error=2, No such file or directory at java.lang.UNIXProcess.forkAndExec(Native Method) at java.lang.UNIXProcess.<init>(UNIXProcess.java:247) at java.lang.ProcessImpl.start(ProcessImpl.java:134) at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029) I recompiled the program using javac. Still get the message. It works - could be because of depracated code, but why on the prior version I didn't get flags I'm not sure. Someone should look at this I think.
Keywords: (none) => feedbackCC: (none) => brtians1
I did not find "/opt/X11/bin/xprop" in Openjdk so I think it comes from the class you use to test. Anyway I updated to 8u212-b04. Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID(). (CVE-2019-2698) Slow conversion of BigDecimal to long. (CVE-2019-2602) Incorrect skeleton selection in RMI registry server-side dispatch handling. (CVE-2019-2684) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2698 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2602 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684 https://access.redhat.com/errata/RHSA-2019:0775 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixJAVA ======================== Updated packages in core/updates_testing: ======================== java-1.8.0-openjdk-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-headless-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-devel-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-demo-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-src-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-javadoc-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-javadoc-zip-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-accessibility-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-openjfx-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-openjfx-devel-1.8.0.212-1.b04.1.mga6 from SRPMS: java-1.8.0-openjdk-1.8.0.212-1.b04.1.mga6.src.rpm
CC: (none) => nicolas.salgueroKeywords: feedback => (none)Whiteboard: MGA6-64-OK => (none)
$ java -version openjdk version "1.8.0_201" OpenJDK Runtime Environment (build 1.8.0_201-b09) OpenJDK Server VM (build 25.201-b09, mixed mode) [brian@localhost BookReader]$ java GUIBookStart 0 /media/sf_vmshare/BookReader/TERMC10.TXT Another one: $ java TxtToHTML_View /media/sf_vmshare/TxtToHTML/pmwld10.txt [brian@localhost TxtToHTML]$ App runs fine. ---------- - java-1.8.0-openjdk-1.8.0.212-1.b04.1.mga6.i586 - java-1.8.0-openjdk-demo-1.8.0.212-1.b04.1.mga6.i586 - java-1.8.0-openjdk-devel-1.8.0.212-1.b04.1.mga6.i586 - java-1.8.0-openjdk-headless-1.8.0.212-1.b04.1.mga6.i586 - java-1.8.0-openjdk-javadoc-zip-1.8.0.212-1.b04.1.mga6.noarch - meta-task-6-3.3.mga6.noarch $ java -version openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-b04) OpenJDK Server VM (build 25.212-b04, mixed mode) [brian@localhost TxtToHTML]$ java TxtToHTML_View /media/sf_vmshare/TxtToHTML/pmwld10.txt App runs fine Added the following - java-1.8.0-openjdk-accessibility-1.8.0.212-1.b04.1.mga6.i586 - java-atk-wrapper-0.33.2-3.mga6.i586 $ java TxtToHTML_View java.io.IOException: Cannot run program "/opt/X11/bin/xprop": error=2, No such file or directory at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048) at java.lang.Runtime.exec(Runtime.java:620) at java.lang.Runtime.exec(Runtime.java:450) at java.lang.Runtime.exec(Runtime.java:347) at org.GNOME.Accessibility.AtkWrapper.<clinit>(AtkWrapper.java:34) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at java.lang.Class.newInstance(Class.java:442) at java.awt.Toolkit.loadAssistiveTechnologies(Toolkit.java:805) at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:887) at java.awt.Window.getToolkit(Window.java:1358) at java.awt.Window.init(Window.java:506) at java.awt.Window.<init>(Window.java:537) at java.awt.Frame.<init>(Frame.java:420) at javax.swing.JFrame.<init>(JFrame.java:233) at TxtToHTML_View.main(TxtToHTML_View.java:316) Caused by: java.io.IOException: error=2, No such file or directory at java.lang.UNIXProcess.forkAndExec(Native Method) at java.lang.UNIXProcess.<init>(UNIXProcess.java:247) at java.lang.ProcessImpl.start(ProcessImpl.java:134) at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029) ... 17 more /media/sf_vmshare/TxtToHTML/pmwld10.txt So - it is something to do with open accessibility part. I think it showed up in my last test because as a default I do not install that module. I don't think this would be my code, unless it is caused by using deprecated functions, which it probably does, it was written in Java 1.4 days. But the base code is working.
Installed and tested without issues. Tested using netbeans, aladin, freecol, projectlibre, htmlcleaner, yuicompressor. System: Mageia 6, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver. $ uname -a Linux marte 4.14.106-desktop-1.mga6 #1 SMP Thu Mar 14 18:01:29 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep java-1.8.0-openjdk java-1.8.0-openjdk-headless-1.8.0.212-1.b04.1.mga6 java-1.8.0-openjdk-1.8.0.212-1.b04.1.mga6
CC: (none) => mageia
Thanks Brian and PC LX. From your tests it looks like it works fine. Please add the OKs if you are happy with it.
MGA6-32 MATE on IBM Thinkpad R50e No installation issues At CLI: $ java -version openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-b04) OpenJDK Server VM (build 25.212-b04, mixed mode) $ javac helloworld.java $ java helloworld Prism-ES2 Error : GL_VERSION (major.minor) = 1.3 Gtk-Message: Failed to load module "canberra-gtk-module" Hello World! Looks OK as in previous versions.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Thank you everyone. Validating. Suggested advisory in Comment 6.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Sysadmins, please make sure this update goes out either before or at the same time as Bug 24688.
(In reply to Thomas Andrews from comment #12) > Sysadmins, please make sure this update goes out either before or at the > same time as Bug 24688. A comment is not going to achieve that.
Blocks: (none) => 24688
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0155.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED