please backport sun-java6 (6-02-0ubuntu1) from gutsy (was: java6 update1 is released, please update)

Hi,

just wanted to ask for a upgrade to Java6 u1 too. This fixes rendering issues on Xgl+compiz/beryl (only grey swing apps, no rendering and the workaround used with sun-java5-bin - using Mtoolkit - is not supported on java6), and ia32-sun-java6-bin seems to fix the plugin problem for 32bit browsers running on amd64 (i'm using u1 on swiftfox, and it works, but didn't with official u0).

Since feisty ships with compiz, i thought that would be a good idea, specially because other than bugfixes, Java6 u1 isn't all that different from u0 (packaging should not be a problem).
Of course I could use java-package and create my own package (i'm using that right now and works fine), but that creates complications with some dependencies of other ubuntu packages (the package created by java-package does not provide all virtual packages provided by sun-java6-jre (ex: eclipse, azureus, etc...).

Personally i don't think it is a good idea to have multiple jvms installed (gcj doesn't satisfy all my needs), so, using just sun-java6-jre would be great.

[]z

NB: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1

"A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang."

btw. jdk-6u1 dlj bundles are now available @ https://jdk-distros.dev.java.net/developer.html

Raising the priority a little as the newer version fixes known security vulnerabilities.

sun-java6 (6-01-0ubuntu1) gutsy; urgency=low

  * New upstream bug fix release. Closes LP: #115687.
  * Update fontconfig.properties for Japanese. Closes LP: #115573.
  * Update fontconfig.properties for Korean. Closes LP: #113494.

 -- Matthias Klose <email address hidden> Wed, 27 Jun 2007 13:07:58 +0200

thanks! how long until it makes it into Feisty?

undefinied until someone cares of fixing it in feisty. this is a hard process as there are other changes in 6update1.

I downloaded and installed gusty's debs on feisty... Works like a charm. No changes needed (even for jdk, apparently).
ia32-sun-java6-bin for the plugin on amd64 works fine too, but i think it is necessary to create the appropriate symlinks.

martin: i doubt it can be especially hard to add to feisty because none of its dependencies have changed and nothing else depends on it. just drop in the new version and all should work.

There is already update 2 to java 6 realeased by Sun. Why Ubuntu repositories are still not updated? On Windows machine I got already automatic message from Java "updates found" - why Ubuntu does not keep up with it?
As it was stated already: Ubuntu Feisty was declared to contain "full Java stack" - but Java 6 ("update0") is virtually useless on Compiz, and contains some bugs.
Please update the sun-java6 package to version 6 update 2 !
This seems very simple job - the JDK6u2 is shipped already (perhaps will require some repackaging) simply put it into Ubuntu repositories. As simple as that, and should help many people using Swing applications on Ubuntu.

added feisty-backports task

This is a notification that the automatic backport of sun-java6 from gutsy to feisty has started.

You will be notified again once the build is finished.

For additional info and build logs, please see: http://sharkattack.media.mit.edu/inventory/check_builds/43

Thanks,

The Backports Builder

Howdy! This message is to inform you that the build you requested of sun-java6 from gutsy to feisty has been completed.
Its status is: SUCCESS
For further information, build logs, and testing .deb packages, please see: http://sharkattack.media.mit.edu/inventory/check_builds/43

Thanks,
The Backports Builder

Looks good for Backports.

> Looks good for Backports.

No, it doesn't. As the changelog explains, Sun dropped a whole bunch of code. People using this code see this as a regression.

Matthias, do you then not recommend that we fulfill this backport? (i.e. risks outweigh benefits)

Matthias, do you honestly believe that Sun Microsystems, of all companies, would change the public API for Java in a MAINTENANCE release? I have looked through the changelog line by line, and have seen no indication of such a thing. Could you please post a link to the document that says they have dropped code that users of the JDK might miss?

This is a notification that the automatic backport of sun-java6 from gutsy to feisty has started.

You will be notified again once the build is finished.

For additional info and build logs, please see: http://sharkattack.media.mit.edu/inventory/check_builds/43

Thanks,

The Backports Builder

Howdy! This message is to inform you that the build you requested of sun-java6 from gutsy to feisty has been completed.
Its status is: SUCCESS
For further information, build logs, and testing .deb packages, please see: http://sharkattack.media.mit.edu/inventory/check_builds/43

Thanks,
The Backports Builder

Releasing an updated package should really be considered. Update 2 fixes at least two vulnerabilities. Add this to the previous fixes (security + bugfixes) and you see the benefits raising. Matthias probably mean this:
6530097 java build Remove db directory from JDK install, replaced with separate installation of Java DB

https://bugs.launchpad.net/ubuntu/+source/sun-java6/+bug/126059

Please update, many Java apps used for development work don't work at the moment

zcrar70 - you could always use the Gutsy packages. I'm using them on Feisty w/o any problems.

http://sharkattack.media.mit.edu:8080/feisty-debs/sun-java6/

Backported candidate pacakges can always be found here; but currently doko's comments concern me as far as releasing this as an official backport.

[Expired for Feisty Backports because there has been no activity for 60 days.]

Note that Java 6u3 is available now, and fixes about 4 security issues (I wish Sun would collect those all in a single list) and also makes the javadb package available again.

The debs from gutsy install just fine on feisty, and I haven't noticed a single problem with running them.

-james.

From my point of view it does not matter any longer - In a few days I'm gonna switch to Gutsy, and I hope I will get Java 6u2 or 6u3 by default on Gutsy.