sun-java6 6b16 update for karmic, hardy and jaunty

Bug #420426 reported by Matthias Klose on 2009-08-28
64
This bug affects 9 people
Affects Status Importance Assigned to Milestone
sun-java6 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Jaunty
Undecided
Unassigned
Karmic
Undecided
Unassigned

Bug Description

please sync sun-java6 (6-16-1) from unstable:

sun-java6 (6-16-1) unstable; urgency=low

  * QA upload.
  * Remove `Uploaders' attribute.
  * New upstream version.
    Release notes at http://java.sun.com/javase/6/webnotes/6u16.html
  * Fix some more lintian warnings.
  * Stop building sun-java6-doc, it's an installer package anyway.
    Suggest openjdk-6-doc instead.
  * Mention compatibility problems with some window managers and running with
    AWT_TOOLKIT=MToolkit in README.Debian. See #504524.

Matthias Klose (doko) wrote :

waiting for approval:

sun-java6 (6-16-0ubuntu1.9.04) jaunty-proposed; urgency=low

  * New upstream version. LP: #420426.
    Release notes at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html.

sun-java6 (6-16-0ubuntu1.8.04) hardy-proposed; urgency=low

  * New upstream version. LP: #420426.
    Release notes at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html.

Kees Cook (kees) on 2009-08-28
Changed in sun-java6 (Ubuntu Karmic):
status: New → Fix Released
Kees Cook (kees) on 2009-08-28
Changed in sun-java6 (Ubuntu Karmic):
status: Fix Released → New
Jamie Strandboge (jdstrand) wrote :

Approved for hardy-proposed and jaunty-proposed.

Changed in sun-java6 (Ubuntu Hardy):
status: New → Fix Committed
tags: added: verification-needed
Changed in sun-java6 (Ubuntu Jaunty):
status: New → Fix Committed
Johan van Dijk (johanvandijk) wrote :

Jaunty amd64:
The update installs without errors.
Java works in Firefox.

Magnus (koma-lysator) wrote :

Jaunty i386:
Seems to work fine here.

Thanks!

Pjotr12345 (computertip) wrote :

- Hardy i386 (32 bit): works fine.

- Jaunty i386 (32 bit) Ubuntu Netbook Remix: works fine.

Thanks! :-)

One last question: are there no updates for Intrepid?

Matthias Klose (doko) wrote :

> One last question:

I hope it's the last one ...

> are there no updates for Intrepid?

No. And before asking. Please learn how to build and test these, and do it yourself as a member of the community.

CeesSluis (testcees) wrote :

Hardy amd64:
The update installs without errors.
Java works in Firefox.

Martin Pitt (pitti) on 2009-08-30
tags: added: verification-done
removed: verification-needed
Andrea Veri (av) wrote :

Latest remaining task is karmic. This new upstream release can be considered as a 'bug fix' only release according to this link:

http://java.sun.com/javase/6/webnotes/6u16.html

So we should *not* need an FFe for it. Marking the karmic task as confirmed plus waiting a feedback from Matthias about this.

Changed in sun-java6 (Ubuntu Karmic):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sun-java6 - 6-16-0ubuntu1.8.04

---------------
sun-java6 (6-16-0ubuntu1.8.04) hardy-proposed; urgency=low

  * New upstream version. LP: #420426.
    Release notes at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html.

 -- Matthias Klose <email address hidden> Fri, 28 Aug 2009 12:07:13 +0200

Changed in sun-java6 (Ubuntu Hardy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sun-java6 - 6-16-0ubuntu1.9.04

---------------
sun-java6 (6-16-0ubuntu1.9.04) jaunty-proposed; urgency=low

  * New upstream version. LP: #420426.
    Release notes at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html.

sun-java6 (6-16-1) unstable; urgency=low

  * QA upload.
  * Remove `Uploaders' attribute.
  * New upstream version.
    Release notes at http://java.sun.com/javase/6/webnotes/6u16.html
  * Fix some more lintian warnings.
  * Stop building sun-java6-doc, it's an installer package anyway.
    Suggest openjdk-6-doc instead.
  * Mention compatibility problems with some window managers and running with
    AWT_TOOLKIT=MToolkit in README.Debian. See #504524.

sun-java6 (6-15-1) unstable; urgency=medium

  * New upstream version.
    Release notes at http://java.sun.com/javase/6/webnotes/6u15.html
    Addresses CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,
    CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,
    CVE-2009-2675, CVE-2009-2676, CVE-2009-2690.
  * Set section names to java.
  * Orphan the package.

 -- Matthias Klose <email address hidden> Fri, 28 Aug 2009 11:38:03 +0200

Changed in sun-java6 (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Note that we are about to remove sun-java6 from Karmic (we just asked Matthias for confirmation), so doing that update in karmic will just be wasted work.

Changed in sun-java6 (Ubuntu Karmic):
status: Confirmed → Won't Fix
Changed in sun-java6 (Ubuntu):
status: Confirmed → Fix Released
karl michael (karlzt) wrote :

could someone please email me sun-java6/sun-java6-jre_6-16-0ubuntu1.8.04_all.deb in a zip file
my architecture is ¡386

i have tried all mirrors and still can't get it

i had a similar problem before https://answers.launchpad.net/ubuntu/+question/65683

Martin Pitt (pitti) wrote :

They are on http://archive.ubuntu.com/ubuntu/pool/multiverse/s/sun-java6/ . Sorry, they are waaay to big for mailing around.

Emmy Robbes (emmyrobbes) on 2009-10-08
Changed in sun-java6 (Ubuntu):
status: Fix Released → Confirmed
Steve Langasek (vorlon) wrote :

don't change bug statuses without explanation.

Changed in sun-java6 (Ubuntu):
status: Confirmed → Fix Released

What? Removing sun-java6 from Karmic? Why?

Brian Owens (bjo101) wrote :

What Java update will be made in Karmic if not sun-java-6? will another package replace it?

Matthias Klose (doko) wrote :

openjdk-6

Pjotr12345 (computertip) wrote :

In Karmic, you can always download the newest JRE from the website of Sun. A manual installation of JRE is not so hard; Sun has provided an instruction for that.

I think Canonical has made a good decision: apparently, there's not enough manpower available, for keeping JRE safe with security updates in Karmic. So they've made the choice to abandon JRE in favour of OpenJDK.

A wise choice: better not provide this very popular package at all, than provide it without security updates. JRE is far too popular and widely used for that: you don't want millions of computers at risk.

When you install JRE manually, you are aware that it's up to you, to keep it safe by checking regularly at Sun's website, for a newer version.

So: kudo's for Canonical, for putting security first!

Pjotr12345 [2009-10-12 9:55 -0000]:
> I think Canonical has made a good decision: apparently, there's not
> enough manpower available, for keeping JRE safe with security updates in
> Karmic.

Rather, OpenJDK is available since 9.04, and we only want to (and do)
support that instead of the proprietary sun-java6 in addition.

TK (tkrishan) wrote :

> A wise choice: better not provide this very popular package at all,
> than provide it without security updates.

Yes, wise choice! Why not drop many of the other popular packages as well.

Ubuntu Desktop users should take responsibility for building their own systems and insuring that they are secure.

Martin Pitt (pitti) wrote :

TK [2009-10-13 10:06 -0000]:
> Ubuntu Desktop users should take responsibility for building their own
> systems and insuring that they are secure.

They should just use openjdk in this case (which is the default JDK
nowadays, so if you install any java app, it will be pulled in by
default if you don't have one installed already).

If you insist on using the proprietary sun java or a different JDK,
you are indeed on your own. But at least you will be aware of it,
instead of using potentially obsolete packages from the distro.

Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

On Tue, 2009-10-13 at 10:27 +0000, Martin Pitt wrote:
> TK [2009-10-13 10:06 -0000]:
> > Ubuntu Desktop users should take responsibility for building their own
> > systems and insuring that they are secure.
>
> They should just use openjdk in this case (which is the default JDK
> nowadays, so if you install any java app, it will be pulled in by
> default if you don't have one installed already).
>
> If you insist on using the proprietary sun java or a different JDK,
> you are indeed on your own. But at least you will be aware of it,
> instead of using potentially obsolete packages from the distro.

Bad news for Ubuntu and good news for Java on Mac OS.

I haven't kept track of OpenJDK development, but last time I tried (installing & using NetBeans mostly) it was definitely not as good as Sun's JDK. Graphics seemed rather crappy.

While on the subject, even with sun-java6 graphics aren't as good as on Windows; unless I explicitly switch to the Nimbus L&F. Drop-down menus for instance don't show as expected.

If the problem is manpower, wouldn't it be better to drop the mostly useless eclipse & netbeans packages in the repositories? Last time I checked these were either old (Eclipse) or poorly integrated (NetBeans) anyway.

Benito Mourelo (benito) wrote :

Bug #454876 :

" The current Java version available from Karmic's repository is Version 6 Update 15, but Version 6 Update 16 is out now, and it fixes a 'high priority' bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6862295 - I think it is important we get this update out before the final version of Karmic is released, so we can push the update while people update from Jaunty. "

Pjotr12345 (computertip) wrote :

@ Benito Mourelo: it won't be updated. You can install JRE manually, by applying this how-to:
http://sites.google.com/site/easylinuxtipsproject/java

Benito Mourelo (benito) wrote :

Thanks Pjotr12345, I know it and also disagree, but now is up to date
and always i can change to OpenJDK with update-alternatives.

Two comments about the how-to.
Why don't use the "official plugin" in JRE and via alternatives ?
To ensure complete uninstall, you must remove alternatives.

Has anyone tried this on Ubuntu ?
 http://blogs.sun.com/guruprasad/entry/installing_the_latest_jdk_on

Jarek (dr-destroyer) wrote :

I think that you should drop eclipse and netbeans instead of Sun's JDK, if you do not have enough manpower.

Eclipse and netbeans are mostly useless as deb packages. It is more convenient to download it manually and install in your home directory. Both eclipse and netbeans have their own update and plugin installation subsystems.

On the other hand JDK, to some extent, integrates with operating system. For example with alternatives (there are more links than just java and javac in alternatives for JDK). It was very convenient to have official Sun's JDK automatically installed and updated.

I think, that Sun's JDK is very widely used in serious java software development. OpenjJDK is not yet an option for production systems.

Changed in sun-java6 (Ubuntu Karmic):
status: Won't Fix → Fix Released
Martin Pitt (pitti) wrote :

Karmic still has 6-15.

Changed in sun-java6 (Ubuntu Karmic):
status: Fix Released → Triaged
Pjotr12345 (computertip) wrote :

I'm confused: I thought that JRE would be removed from the repo's of Karmic altogether. Because OpenJDK is seen as a good alternative.

But JRE 6-15 is still present in the Karmic repo's. And now it seems, that it's even being updated to 6-16.

Please inform us what the policy is for JRE.

Richard Huddleston (rhuddusa) wrote :

i tried to switch to the OpenJDK but unfortunately my third party app isn't compatible. Back to Sun for me

Wesley Schwengle (wesleys) wrote :

The removal of Sun's Java from Ubuntu saddens me. I don't understand the reason behind it either. Is there more information regarding this change? I follow both the MOTU and kubuntu-devel maillinglists and never saw anything regarding this issue.

Does anyone know if there are plans to include the package in the partner repository?

John Peach (john-launchpad) wrote :

The removal of Sun java is nothing short of a disgrace; how can anyone expect businesses to put Linux on the desktop when we give them broken applications. Applications like Juniper's SSL VPN JSAM will not work with openJDK. Yes, I can (and did) install Sun java by hand, but that is hardly the point. I too, only discovered this because I noticed that I was stuck at 6.15.

Wesley Schwengle [2010-02-17 9:46 -0000]:
> The removal of Sun's Java from Ubuntu saddens me. I don't understand the
> reason behind it either.

We have OpenJDK in main since 9.04, which is the platform Ubuntu
supports.

> Does anyone know if there are plans to include the package in the
> partner repository?

Yes, that's the plan.

Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

Andrew Pollock (apollock) wrote :

Martin, do you know if it's going to appear in the partner repository before Lucid ships?

Martin Pitt (pitti) wrote :

Andrew Pollock [2010-02-17 17:20 -0000]:
> Martin, do you know if it's going to appear in the partner repository
> before Lucid ships?

As I said, that was the plan at least.

Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

Wesley Schwengle (wesleys) wrote :

@martin

Thanks for the answer, much appreciated!

Alan Bell (alanbell) wrote :

bit of an issue with it going in the partner repo, it seems you can't build-depend on things in that repo. I tried a little experiment and added acroread to my build-depends
https://launchpad.net/~alanbell/+archive/ppa/+build/1532055
it failed with Missing build dependencies: acroread
not sure if you can even have it as a depends.

totya (totya) wrote :

@martin

As I see Ubuntu starting to use openjdk. That's fine and I appreciate this move, however sun-java6 is a must for my daily job.

Unfortunately openjdk and the icedtea6-plugin is simply useless in Lucid for my SAN switches and HP Prloliant iLO ports.

I've installed the latest sun version of java manually on my test Ubuntu Lucid Alpha3 machine and I have to say I can administer the above switches and iLO ports without any problem.

Providing sun-java6 trough the partner repository will be a good idea IMHO.

Chaskiel Grundman (cg2v) wrote :

It would have been nice if there had been an update triggering the removal of the old packages on karmic, so that I'd have found out about this before now (when looking for a 6-17 or 6-18 update to fix CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877)

Changed in sun-java6 (Ubuntu Karmic):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers