Browser plugin not working after upgrade to Sun jre 1.6.0_26-b03

Status changed to 'Confirmed' because the bug affects multiple users.

By the way... I was not using 6.26 in it's vulnerable condition but rather manually copied 6.29 over the top of the 6.26 installation. The manual installations on the internet are garbage requiring maintenance that the native installation did not need. I tell you I am really sad to not have this configured nicely like 6.26 used to do. I don't see how to get it back either. That's mighty rude of somebody to do this.

Oh. BTW my online banking will not work with openjdk 6/7 as currently available. I tried it. Argh!

OK. A quick workaround... So it's been less than an hour and I used a popular ppa to put everything back to 6.26 (it seems nearly the same as the partner version). I then downloaded the latest jre from the Oracle site, executed it to extract the contents and then copied the contents of .../jre1.6.0_30/ over the top of the ppa's newly installed /usr/lib/jvm/java-6-sun-1.6.0.26/jre/ It's ugly but provides the latest sun jre without the messy hacks suggested by the manual installations. When jre1.6.0_31 and subsequent are needed just repeat the process.

So if this was done as a security measure I understand. There are probably plenty of people not doing what I am doing to upgrade to the latest secure version. I'm just using the 6.26 installation as a framework to provide a nice installation of the latest version. Although it is ugly it is nicer than manual installations. Did I mention the manual installations are rough. Argh.

Also, somewhere I saw an Oracle page that was pushing for .deb versions of java/jre on the download page. If it happens that would be nice :)

Workaround ... only for those who use sun-java-6 packages on lucid form canonical:

http://ubuntuforums.org/showpost.php?p=11542066&postcount=5

This reverts to 1.6.0_26 - the previous release from canonical

Thanks Tuxo for a better method. That's the first thing I tried to do. Odd I could not find the previous version when I tried to do it. That's the only reason I used the PPA.

apt-cache policy sun-java6-bin should tell you what the current (corrupt) version is, I changed it back to release #1, if your ppa still ships the older version this should work as well for you

Unfortunately, Oracle will not permit us to distribute updates to the sun-java6 package that was in the -partner repository, so the browser plugin has been disabled.

See the following for more information:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001528.html

I still can't believe oracle will pull this through ... so there will be no debian release for sun-java unless you install it on your own?

Ah ha. Marc's the rude guy that did this to my jre :) Just kidding. I've never been fan of shooting the messenger and security must be top priority.

I wish I could find the location of the Oracle proposal to create downloadable deb files and make them available on the donload page (I saw it about a month ago). That needs our support if anyone can find it. I think it is in the SDN and/or an oracle.com web site.

Meanwhile I just want to use the structure that the old packages created (that's why I just copy the new jre over the top of the old jre). It's way better than playing with sym links every time I upgrade jre and/or try a different browser (not to mention every jre tutorial has a different install location). Whoever did the partner jre packages did a nice job of integration.

Next it would be nice if openjdk would be a trouble-free replacement for Oracle java.

A pity that the decision to disable the plugin wasn't included in the description. I would have known not to spend the time on reporting a bug that isn't. :)

Somewhat off-topic, but if one wants to install Oracle java manually (per the instructions on java.com), how does one deal with the packages that insist on having openjdk (or the earlier oracle-jre) installed?

@jane: I assume it can be done with an empty package (similar like they will ship the last sun-java6)

I second the wish that a description was in my face at the time of the update. Once somebody blocks an update such as this the burden of security is on them. I was at 6.29 using my overwrite method mentioned above. This update blew all that away since it was designed to deal with the insecure 6.26.

Regarding the somewhat off topic scenario... I got fed up with dealing with typical manual methods but I'd suggest trying to satisfy each dependancy one at a time... Or... You could try my method in the fourth post above and then if you don't lke PPAs, disable the PPA when you are done. After that copy the latest jre over the top of the old jre. Go to the java test page in your favorite browser and it will show you that you have the latest version. Next time you update just repeat the workaround process (copy over the previous version). It works/worked for me. Hopefully we won't need to do this too long.

I found this workaround today. I added the repository and installed the latest version. Hopefully this method helps people (not a bug fix but a good workaround). If you use it you agree to Oracles terms.

http://www.duinsoft.nl/packages.php?t=en#repo

The repository of duinsoft.nl, which is owned by a respected member of the Dutch Ubuntu community. This contains a script that will always pull the newest Oracle Java from the Oracle website, and install it in your system. Easy as can be!

I would like to invite anyone reading this to consider installing the (officially supported) package icedtea6-plugin and test whether their frequently used Java web applications work with it. I know the open-source Java implementations have been plagued by all kinds of compatibility issues, but OpenJDK & IcedTea have been improving by leaps and bounds, up to a point that even picky java apps often work with them.

Indeed, Oracle picked a particularly bad timing for this questionable move. I have no particular interest in pushing the open-source alternatives but I feel Oracle should pay for this. Make them feel they're rendering their newly acquired assets irrelevant by declaring war on the open source community!