[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 1886-1] openjdk-7 security update


Am 19.08.19 um 11:23 schrieb Thomas Elsner:
> Hi,
> Markus Koschany schrieb am 15.08.19 um 23:57:
>> Package        : openjdk-7
>> Version        : 7u231-2.6.19-1~deb8u1
>> CVE ID         : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2816
> I'm not able to install the openjdk-7-jdk package without an error
> message during execution of the post install triggers. The script
> /etc/ca-certificates/update.d/jks-keystore calls
>   java -Xmx64m -jar
> /usr/share/ca-certificates-java/ca-certificates-java.jar -storepass changeit
> . This shows the error:
> Exception in thread "main" java.lang.NoClassDefFoundError:
> sun/security/ec/ECParameters
> 	at
> sun.security.pkcs11.SunPKCS11$P11Service.newInstance0(SunPKCS11.java:1038)
> 	at sun.security.pkcs11.SunPKCS11$P11Service.newInstance(SunPKCS11.java:980)
> ....
> I can reproduce the error using a docker container.
>  docker run -ti --rm debian:jessie /bin/bash
>   apt-get update && apt-get -y dist-upgrade && apt-get -y install
> openjdk-7-jdk default-jdk

Thanks for your report. I have looked into this and I believe I have
found the reason for the exception.

Apparently upstream removed the ECParameters class from rt.jar because
it is usually also present in sunec.jar. This is OpenJDK bug
JDK-7194075. [1] In Debian we have never built sunec.jar for OpenJDK 7.
This is Debian bug #750400 [1]. There must have been some sort of build
failure which could not be fixed because the relevant configuration
option is commented out in debian/rules. Since the classes were also in
rt.jar, we could apparently live with the situation...until now.

At first glance I believe the following classes from the ec directory
are missing:


I will readd them to rt.jar and test whether that fixes our problem at hand.



[1] https://bugs.openjdk.java.net/browse/JDK-7194075
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750400

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: