we do not build eclipse against xulrunner anymore.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

We haven't pushed any updates for it.

rpm -qp --requires /home/linux/mageia/distrib/1/i586/media/core/release/eclipse-swt-3.6.2-12.mga1.i586.rpm # includes:

xulrunner
libxpcom.so  
libxul.so

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

I though this had been pushed with firefox. Anyway they are on updates_testing for mga 1 and 2

Assignee: dmorganec => bugsquad

Right.  Doesn't this just break the Browser widget?  I guess it's a tough call between disabling functionality or leaving something mildly vulnerable (assuming you don't want to update Eclipse to a newer version).

Perhaps worthy of a discussion on mageia-dev?

CC: (none) => dmorganec

this have been discussed with fedora eclipse maintainer. This is the best solution and btw this is done the same way on all our releases of mga.

Fair enough.  Thanks D Morgan.  Assigning to QA then.

Advisory
========

The xulrunner library, which is used by the eclipse-swt package to provide
the functionality of the Browser widget in applications using the SWT
user interface library (including Eclipse itself), has been found to have
numerous security vulnerabilities (see our previous advisories for Firefox
for more information on these).

Eclipse has now been built without support for xulrunner, so that users of
Eclipse and other SWT programs will not be exposed to these security
vulnerabilities.  The SWT Browser widget will no longer be functional in
any applications that use it.  Users that require SWT Browser widget
functionality will need to use an Eclipse distribution from upstream.

Packages in core/updates_testing:
eclipse-jdt-3.6.2-12.1.mga1
eclipse-pde-3.6.2-12.1.mga1
eclipse-platform-3.6.2-12.1.mga1
eclipse-rcp-3.6.2-12.1.mga1
eclipse-swt-3.6.2-12.1.mga1
eclipse-equinox-osgi-3.7.1-3.1.mga2
eclipse-jdt-3.7.1-3.1.mga2
eclipse-pde-3.7.1-3.1.mga2
eclipse-platform-3.7.1-3.1.mga2
eclipse-rcp-3.7.1-3.1.mga2
eclipse-swt-3.7.1-3.1.mga2

from SRPMS:
eclipse-3.6.2-12.1.mga1.src.rpm
eclipse-3.7.1-3.1.mga2.src.rpm

Version: 1 => 2
Assignee: bugsquad => qa-bugs
Whiteboard: (none) => MGA1TOO

Are the various ant packages in Core Updates Testing part of this update?

I'm testing on Mageia 2 i586.

CC: (none) => davidwhodgins

Some errors during installation ...

    71/73: eclipse-platform      #################################################################################
warning: %post(eclipse-platform-1:3.7.1-3.1.mga2.i586) scriptlet failed, exit status 1
    72/73: eclipse-jdt           #################################################################################
warning: %post(eclipse-jdt-1:3.7.1-3.1.mga2.i586) scriptlet failed, exit status 1
    73/73: eclipse-pde           #################################################################################
warning: %post(eclipse-pde-1:3.7.1-3.1.mga2.i586) scriptlet failed, exit status 1

They all have ...
postinstall scriptlet (using /bin/sh):
eclipse-reconciler.sh > /dev/null

Testing complete on Mageia 2 i586.

Just testing that eclipse is working.

After installing eclipse, went through the tutorial to create and run a java
HelloWorld project.

I'll leave it for D Morgan to decide whether or not to fix the scriplet errors.

Whiteboard: MGA1TOO => MGA1TOO, mga2-32-OK

yes let see what is broken

please test eclipse-3.7.1-3.3.mga2

ant is part of the Bug 6331 update.  Updating advisory for new package version.

Advisory
========

The xulrunner library, which is used by the eclipse-swt package to provide
the functionality of the Browser widget in applications using the SWT
user interface library (including Eclipse itself), has been found to have
numerous security vulnerabilities (see our previous advisories for Firefox
for more information on these).

Eclipse has now been built without support for xulrunner, so that users of
Eclipse and other SWT programs will not be exposed to these security
vulnerabilities.  The SWT Browser widget will no longer be functional in
any applications that use it.  Users that require SWT Browser widget
functionality will need to use an Eclipse distribution from upstream.

Packages in core/updates_testing:
eclipse-jdt-3.6.2-12.1.mga1
eclipse-pde-3.6.2-12.1.mga1
eclipse-platform-3.6.2-12.1.mga1
eclipse-rcp-3.6.2-12.1.mga1
eclipse-swt-3.6.2-12.1.mga1
eclipse-equinox-osgi-3.7.1-3.3.mga2
eclipse-jdt-3.7.1-3.3.mga2
eclipse-pde-3.7.1-3.3.mga2
eclipse-platform-3.7.1-3.3.mga2
eclipse-rcp-3.7.1-3.3.mga2
eclipse-swt-3.7.1-3.3.mga2

from SRPMS:
eclipse-3.6.2-12.1.mga1.src.rpm
eclipse-3.7.1-3.3.mga2.src.rpm

Testing complete on Mageia 1 32 bits. I followed and completed the Hello World tutorial.

CC: (none) => stormi
Whiteboard: MGA1TOO, mga2-32-OK => MGA1TOO, mga2-32-OK, mga1-32-OK

Testing complete on Mageia 1 64 bits.

Whiteboard: MGA1TOO, mga2-32-OK, mga1-32-OK => MGA1TOO, mga2-32-OK, mga1-32-OK, mga1-64-OK

Testing still needed on Mageia 2 64 bits.

Procedure:
- urpmi eclipse
- start eclipse, then follow the "Hello world" tutorial which is included in eclipse.

Whiteboard: MGA1TOO, mga2-32-OK, mga1-32-OK, mga1-64-OK => MGA1TOO, has_procedure, mga2-32-OK, mga1-32-OK, mga1-64-OK

(In reply to comment #15)
> Testing still needed on Mageia 2 64 bits.
> 
> Procedure:
> - urpmi eclipse
> - start eclipse, then follow the "Hello world" tutorial which is included in
> eclipse.

Done. Works fine.

Regards,

-- Shlomi Fish

CC: (none) => shlomif
Whiteboard: MGA1TOO, has_procedure, mga2-32-OK, mga1-32-OK, mga1-64-OK => MGA1TOO, has_procedure, mga2-32-OK, mga1-32-OK, mga1-64-OK, mga2-64-OK

Thanks Shlomi.

Update validated. No linking required.

See comment #12 for advisory and packages.

update validated, see previous comment and comment #12

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0183

Status: REOPENED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED