RedHat has issued several advisories: https://access.redhat.com/errata/RHSA-2023:5732 (java-1.8.0-openjdk) https://access.redhat.com/errata/RHSA-2023:5736 (java-11-openjdk) https://access.redhat.com/errata/RHSA-2023:5752 (java-17-openjdk) Corresponding Oracle CPUs: https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixJAVA
CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA9TOO, MGA8TOOSource RPM: (none) => java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk
Assigning to Java maintainers.
Assignee: bugsquad => java
For java-17-openjdk (Cauldron and Mageia 9), there is a build problem: """ Checking build JDK /home/iurt/rpmbuild/BUILD/java-17-openjdk-17.0.9.0.9-1.mga9.i386/newboot is operational... + /home/iurt/rpmbuild/BUILD/java-17-openjdk-17.0.9.0.9-1.mga9.i386/newboot/bin/java -version Error occurred during initialization of VM Unable to load native library: /home/iurt/rpmbuild/BUILD/java-17-openjdk-17.0.9.0.9-1.mga9.i386/newboot/lib/libjava.so: undefined symbol: JVM_IsThreadAlive, version SUNWprivate_1.1 """
Updated packages in 9/core/updates_testing: ======================== java-1.8.0-openjdk-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-demo-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-demo-fastdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-demo-slowdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-devel-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-devel-fastdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-devel-slowdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-fastdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-headless-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-headless-fastdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-headless-slowdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-javadoc-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-javadoc-zip-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-openjfx-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-openjfx-devel-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-slowdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-src-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-src-fastdebug-1.8.0.392.b08-1.mga9 java-1.8.0-openjdk-src-slowdebug-1.8.0.392.b08-1.mga9 java-11-openjdk-11.0.21.0.9-1.mga9 java-11-openjdk-debugsource-11.0.21.0.9-1.mga9 java-11-openjdk-demo-11.0.21.0.9-1.mga9 java-11-openjdk-demo-fastdebug-11.0.21.0.9-1.mga9 java-11-openjdk-demo-slowdebug-11.0.21.0.9-1.mga9 java-11-openjdk-devel-11.0.21.0.9-1.mga9 java-11-openjdk-devel-fastdebug-11.0.21.0.9-1.mga9 java-11-openjdk-devel-slowdebug-11.0.21.0.9-1.mga9 java-11-openjdk-fastdebug-11.0.21.0.9-1.mga9 java-11-openjdk-headless-11.0.21.0.9-1.mga9 java-11-openjdk-headless-fastdebug-11.0.21.0.9-1.mga9 java-11-openjdk-headless-slowdebug-11.0.21.0.9-1.mga9 java-11-openjdk-javadoc-11.0.21.0.9-1.mga9 java-11-openjdk-javadoc-zip-11.0.21.0.9-1.mga9 java-11-openjdk-jmods-11.0.21.0.9-1.mga9 java-11-openjdk-jmods-fastdebug-11.0.21.0.9-1.mga9 java-11-openjdk-jmods-slowdebug-11.0.21.0.9-1.mga9 java-11-openjdk-slowdebug-11.0.21.0.9-1.mga9 java-11-openjdk-src-11.0.21.0.9-1.mga9 java-11-openjdk-src-fastdebug-11.0.21.0.9-1.mga9 java-11-openjdk-src-slowdebug-11.0.21.0.9-1.mga9 java-11-openjdk-static-libs-11.0.21.0.9-1.mga9 java-11-openjdk-static-libs-fastdebug-11.0.21.0.9-1.mga9 java-11-openjdk-static-libs-slowdebug-11.0.21.0.9-1.mga9 java-latest-openjdk-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-demo-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-demo-fastdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-demo-slowdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-devel-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-devel-fastdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-devel-slowdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-fastdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-headless-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-headless-fastdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-headless-slowdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-javadoc-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-javadoc-zip-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-jmods-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-jmods-fastdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-jmods-slowdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-slowdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-src-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-src-fastdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-src-slowdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-static-libs-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-static-libs-fastdebug-21.0.1.0.12-1.rolling.1.mga9 java-latest-openjdk-static-libs-slowdebug-21.0.1.0.12-1.rolling.1.mga9 from SRPMS: java-1.8.0-openjdk-1.8.0.392.b08-1.mga9.src.rpm java-11-openjdk-11.0.21.0.9-1.mga9.src.rpm java-latest-openjdk-21.0.1.0.12-1.rolling.1.mga9.src.rpm Updated packages in 8/core/updates_testing: ======================== java-1.8.0-openjdk-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-debugsource-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-demo-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-demo-fastdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-demo-slowdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-devel-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-devel-fastdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-devel-slowdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-fastdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-headless-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-headless-fastdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-headless-slowdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-javadoc-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-javadoc-zip-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-openjfx-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-openjfx-devel-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-slowdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-src-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-src-fastdebug-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-src-slowdebug-1.8.0.392.b08-1.mga8 java-11-openjdk-11.0.21.0.9-1.mga8 java-11-openjdk-demo-11.0.21.0.9-1.mga8 java-11-openjdk-demo-fastdebug-11.0.21.0.9-1.mga8 java-11-openjdk-demo-slowdebug-11.0.21.0.9-1.mga8 java-11-openjdk-devel-11.0.21.0.9-1.mga8 java-11-openjdk-devel-fastdebug-11.0.21.0.9-1.mga8 java-11-openjdk-devel-slowdebug-11.0.21.0.9-1.mga8 java-11-openjdk-fastdebug-11.0.21.0.9-1.mga8 java-11-openjdk-headless-11.0.21.0.9-1.mga8 java-11-openjdk-headless-fastdebug-11.0.21.0.9-1.mga8 java-11-openjdk-headless-slowdebug-11.0.21.0.9-1.mga8 java-11-openjdk-javadoc-11.0.21.0.9-1.mga8 java-11-openjdk-javadoc-zip-11.0.21.0.9-1.mga8 java-11-openjdk-jmods-11.0.21.0.9-1.mga8 java-11-openjdk-jmods-fastdebug-11.0.21.0.9-1.mga8 java-11-openjdk-jmods-slowdebug-11.0.21.0.9-1.mga8 java-11-openjdk-slowdebug-11.0.21.0.9-1.mga8 java-11-openjdk-src-11.0.21.0.9-1.mga8 java-11-openjdk-src-fastdebug-11.0.21.0.9-1.mga8 java-11-openjdk-src-slowdebug-11.0.21.0.9-1.mga8 java-11-openjdk-static-libs-11.0.21.0.9-1.mga8 java-11-openjdk-static-libs-fastdebug-11.0.21.0.9-1.mga8 java-11-openjdk-static-libs-slowdebug-11.0.21.0.9-1.mga8 from SRPMS: java-1.8.0-openjdk-1.8.0.392.b08-1.mga8.src.rpm java-11-openjdk-11.0.21.0.9-1.mga8.src.rpm
As you list them, I assume you also meant they are ready to test.
CC: (none) => friAssignee: java => qa-bugs
mga9-64 mini test OK: Updated java-1.8.0-openjdk and -headless My old java based invoicing & book-keeping application FriBOK that use it still works, incl printing.
java-17-openjdk is missing so I do not send the packages to QA for the moment.
Assignee: qa-bugs => pkg-bugs
MGA9-64 Xfce on Acer Aspire 5253 Installed the whole kaboodle except the debug packages. Testing with my own LibreOffice Base application. In LO I can choose which java version to use. The application uses an odb, various odt files and generates odt report files. Using java 21: all works OK. using java 11: interactieve odt screens work OK, but generating a report file fails with error: Runtime exception: - shorter than the message I cannot copy - LibLayoutinfo has been compiled with Runtime 6.1 while this version only recognizes class file versions up to 55.0. If I remember well, this kind of error has occurred in the past. java 1.8.0: similar error, but versions involved are 55 i.s.o. 6.1 and 52 i.s.o. 55. Note: LO restarts each time the java version used is changed. Ref bug 31452 trying freecol: Starts up OK, makes a lot of load music, I can move the little ship. That's enough for me.
CC: (none) => herman.viaene
Blocks: (none) => 32545
I did not find how to fix the problem with java 17 build so I cloned that bug for java 17.
Suggested advisory: ======================== The updated packages fix a security vulnerability: Segmentation fault in ciMethodBlocks. (CVE-2022-40433) Certificate path validation issue during client authentication. (CVE-2023-22081) IOR deserialization issue in CORBA. (CVE-2023-22067) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40433 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22067 https://access.redhat.com/errata/RHSA-2023:5732 https://access.redhat.com/errata/RHSA-2023:5736 https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixJAVA ======================== The list of packages is in comment 3.
Summary: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk and java-latest-openjdk new security issues => java-1.8.0-openjdk, java-11-openjdk, and java-latest-openjdk new security issuesSource RPM: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk => java-1.8.0-openjdk, java-11-openjdk,java-latest-openjdkAssignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNED
Version: Cauldron => 9Whiteboard: MGA9TOO, MGA8TOO => MGA8TOO
Advisory from comment 9 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
CC: (none) => marja11Keywords: (none) => advisory
Installed and tested without issues. Tested using netbeans (upstream), edugraphe, rachota, ganttproject, libreoffice, yuicompressor, and freecol. No regressions noticed. System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. $ uname -a Linux jupiter 6.1.45-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Fri Aug 11 22:01:56 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep java-1 | sort java-11-openjdk-11.0.21.0.9-1.mga8 java-11-openjdk-headless-11.0.21.0.9-1.mga8 java-1.8.0-openjdk-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-headless-1.8.0.392.b08-1.mga8 java-1.8.0-openjdk-openjfx-1.8.0.392.b08-1.mga8
CC: (none) => mageia
This update has been working without issues for the past few days and since the Mageia 8 end-of-support is near I'm OKing this for Mageia 8 on x86_64 to push it before the deadline. Please undo if needed.
Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
No one jumped in for the M9 testing and as the problems I got with LO and the older java versions is not a regression, I give the OK for M9 as well.
Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-4-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
The java packages weren't moved to updates when Neoclust ran his script today. However, I don't see my mistake in the advisory I uploaded last week https://svnweb.mageia.org/advisories/32413.adv?view=log It is still possible that there is a mistake, I'm good at not seeing them. Another thing I'm wondering, is whether my commit message was too complex: Add security advisory M8/M9 java-1.8.0-openjdk/java-11-openjdk/java-latest-openjdk mga#32413 Does the move-updates-script look at the commit messages? CC'ing Dave, in the hope he can spot the issue.
CC: (none) => davidwhodgins
The commit messages don't matter. I don't see any obvious mistakes in the advisory, but the script does have output, so maybe there was an error that he didn't tell us about.
Fixing whiteboard entry - MGA9-64-OK
Whiteboard: MGA8TOO MGA8-64-OK MGA9-4-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
(In reply to Dave Hodgins from comment #17) > Fixing whiteboard entry - MGA9-64-OK Thanks! So the script looks at the OKs too, I wasn't aware.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0326.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED