[Bug 1022053] New: mozilla/mozilla-nss: libfreebl3 3.28.1 and libsoftokn3 3.28.1 cause the JVM to crash when using sun.security.ec.ECKeyPairGenerator
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 Bug ID: 1022053 Summary: mozilla/mozilla-nss: libfreebl3 3.28.1 and libsoftokn3 3.28.1 cause the JVM to crash when using sun.security.ec.ECKeyPairGenerator Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: x86-64 OS: openSUSE 42.2 Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: wolfgang@rosenauer.org Reporter: tom.warnke@kolabnow.com QA Contact: opensuse-communityscreening@forge.provo.novell.com Found By: --- Blocker: --- Created attachment 711741 --> http://bugzilla.opensuse.org/attachment.cgi?id=711741&action=edit JVM crash log After updating libfreebl3 and libsoftokn3 from 3.26.2 to 3.28.1 from the OBS mozilla project, Maven can not download artifacts anymore. The java process crashes with a SIGSEGV. From the crash log, I assembled a minimal example. The following Java program can be executed with libfreebl3 and libsoftokn3 3.26.2, but crashes the JVM with 3.28.1: import sun.security.ec.ECKeyPairGenerator; public class Main { public static void main(String[] args) { ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator(); keyPairGenerator.generateKeyPair(); } } I also attached the crash log from the minimal example. If this is not the right place to report this bug, please direct me to a better one. In any case, these two packages should not enter the 42.2 main repositories yet. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c1
--- Comment #1 from Tom Warnke
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c2
Wolfgang Rosenauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c3
Wolfgang Rosenauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c4
Andreas Stieger
Also making security-team aware of the outfall of the NSS upgrade.
Good to know. Should we hold it a bit? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c6
--- Comment #6 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c7
--- Comment #7 from Tom Warnke
Require the exact version of mozilla-nss that the package was built against (bsc#1022053)
[1] https://build.opensuse.org/package/show?project=Java%3AFactory&package=java-1_8_0-openjdk -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
Jean Delvare
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
Jean Delvare
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c10
Jean Delvare
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
Mischa Salle
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c13
Tom Warnke
participants (1)
-
bugzilla_noreply@novell.com