Fedora has issued several advisories: - for java-1.8.0-openjdk: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/ - for java-11-openjdk: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/ - for java-latest-openjdk: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNRRXET6O5I74T5ZHSGPB5ZQTTJVIHQD/ Corresponding Oracle CPU: https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA
Source RPM: (none) => java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdkWhiteboard: (none) => MGA8TOO, MGA7TOOCVE: (none) => CVE-2021-2161, CVE-2021-2163
Hi, thanks reporting this. Assigning to Java Stack maintainers.
CC: (none) => ouaurelienAssignee: bugsquad => java
ok, taking it.
Status: NEW => ASSIGNEDCC: (none) => mageia
Java8: -mga7: - copy-jdk-configs-4.0-1.mga7 - java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga7 -mga8: - copy-jdk-configs-4.0-1.mga8 - java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga8 Java 11 in progress.
Fails to install in Mageia 7 i586 ... A requested package cannot be installed: copy-jdk-configs-4.0-1.mga7.noarch (due to unsatisfied /usr/bin/lua) Not clear why ... # ll /usr/bin/lua* lrwxrwxrwx 1 root root 21 Sep 25 2020 /usr/bin/lua -> /etc/alternatives/lua* -rwxr-xr-x 1 root root 234180 Sep 2 2020 /usr/bin/lua5.2* lrwxrwxrwx 1 root root 22 Sep 25 2020 /usr/bin/luac -> /etc/alternatives/luac* -rwxr-xr-x 1 root root 158468 Sep 2 2020 /usr/bin/luac5.2* [root@i7v ~]# ll /etc/alternatives/lua lrwxrwxrwx 1 root root 15 Sep 25 2020 /etc/alternatives/lua -> /usr/bin/lua5.2*
CC: (none) => davidwhodgins
Java8: -mga7: - timezone-2021a-1.1.mga7 - copy-jdk-configs-4.0-1.1.mga7 - java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga7 -mga8: - copy-jdk-configs-4.0-1.mga8 - java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga8
Nicolas, you need to build the mga7 timezone update without the subrel.
Also on Mageia 7 ... Sorry, the following package cannot be selected: - java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga7.x86_64 (due to unsatisfied libXcomposite(x86-64)) # rpm -q --provides lib64xcomposite1 lib64xcomposite1 = 0.4.5-1.mga7 lib64xcomposite1(x86-64) = 0.4.5-1.mga7 libXcomposite.so.1()(64bit) libxcomposite = 0.4.5 That's not a problem on Mageia 8 ... $ rpm -q --provides lib64xcomposite1 lib64xcomposite1 = 0.4.5-3.mga8 lib64xcomposite1(x86-64) = 0.4.5-3.mga8 libXcomposite(x86-64) = 0.4.5 libXcomposite.so.1()(64bit) libxcomposite = 0.4.5
Now getting ... Sorry, the following package cannot be selected: - java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga7.x86_64 (due to unsatisfied xorg-x11-fonts-Type1) # urpmq -y xorg-x11|grep font|sort -u xorg-x11-100dpi-fonts xorg-x11-75dpi-fonts [root@x3 ~]# rpm -q --provides xorg-x11-100dpi-fonts X11-100dpi-fonts XFree86-100dpi-fonts = 7.7-8.mga7 XFree86-ISO8859-2-100dpi-fonts XFree86-ISO8859-9-100dpi-fonts xorg-x11-100dpi-fonts = 7.7-8.mga7 xorg-x11-100dpi-fonts(x86-64) = 7.7-8.mga7 xorg-x11-fonts # rpm -q --provides xorg-x11-75dpi-fonts X11-75dpi-fonts XFree86-75dpi-fonts = 7.7-8.mga7 xorg-x11-75dpi-fonts = 7.7-8.mga7 xorg-x11-75dpi-fonts(x86-64) = 7.7-8.mga7 xorg-x11-fonts # urpmq -y Type1 No package named Type1 # urpmq -y type1 fonts-type1-cyrillic fonts-type1-greek fonts-type1-hebrew x11-font-adobe-utopia-type1 x11-font-bh-type1 x11-font-bitstream-type1 x11-font-type1 x11-font-xfree86-type1
java-1.8.0-openjdk is still not installable, causing rootcerts not to be buildable for the Firefox update.
Adding sysadmin team to cc list. Please remove java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga7.src.rpm and it's associated rpm packages from the Mageia 7 Core Updates Testing repositories.
CC: (none) => sysadmin-bugs
Ping To get this security update going again, I recommend splitting it into two. One for Mageia 7 and one for Mageia 8. The Mageia 8 update looks ready to go. The Mageia 7 update either needs to be redone using the starting with the latest working Mageia 7 srpm, or it also has to include all of the packages used as dependencies of openjdk that have changed names between Mageia 7 and 8. Another option for Mageia 7 is to simply drop this update for it since m7 will reach end of support in a little over 2 weeks. Regardless, the java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga7.src.rpm and associated rpm packages need to be removed from the Mageia 7 updates testing repos.
why remove java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga7.src.rpm from repos ? It still does not install ? i removed all and fixed/rebuilded. for mageia 8 i need to understand why java11 fails to bundle all the files :)
Created attachment 12771 [details] urpmi --test log up until canceled I wasn't aware it had been rebuilt. It is still not ok. Attaching the urpmi log up until I canceled.
thank you for the log, i found an error. Btw new java 11 available on cauldron, i backport on mga8
can you test new java8 on mga7 please ?
Still fails ... installed java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7.x86_64 is conflicting because of unsatisfied libjvm.so()(64bit) installed java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7.x86_64 is conflicting because of unsatisfied libjvm.so(SUNWprivate_1.1)(64bit) installed java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7.x86_64 is conflicting because of unsatisfied libjava.so(SUNWprivate_1.1)(64bit) installed java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7.x86_64 is conflicting because of unsatisfied libjli.so(SUNWprivate_1.1)(64bit) installed java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7.x86_64 is conflicting because of unsatisfied libjava.so()(64bit) installed java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7.x86_64 is conflicting because of unsatisfied libawt.so()(64bit) installed java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7.x86_64 is conflicting because of unsatisfied libjli.so()(64bit)
please provide the whole logs, this part isn't useful.
java11 mageia 8 src: - java-11-openjdk-11.0.11.0.9-0.1.mga8
Created attachment 12774 [details] urpmi --debug log full urpmi --debug log
Attachment 12771 is obsolete: 0 => 1
On Mageia 8 the update installs cleanly.
c
can you tell me on mageia 7 what requires "libjawt.so(SUNWprivate_1.1)(64bit)" ? they will need a rebuild
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8
Blocks: (none) => 29145
Whiteboard: MGA7TOO => (none)Version: 8 => 7Blocks: 29145 => (none)
urpmq --whatrequires only works with package names, not files or provides as far as I know. While the command urpmq --whatprovides 'libjawt.so(SUNWprivate_1.1)(64bit)' does show that the java openjdk package provides the file, I don't know of any way to find which packages require the file. The command 'urpmq --whatrequires-recursive java-1.8.0-openjdk' shows which packages requires it by package name, but it's missing things like libreoffice that require by file name/arch. I suspect that a search is the Mageia svn repo will be required to find all of the package names.
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDDepends on: (none) => 29145Blocks: 29145 => (none)Status: ASSIGNED => RESOLVED