[Bug 1022053] New: mozilla/mozilla-nss: libfreebl3 3.28.1 and libsoftokn3 3.28.1 cause the JVM to crash when using sun.security.ec.ECKeyPairGenerator
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 Bug ID: 1022053 Summary: mozilla/mozilla-nss: libfreebl3 3.28.1 and libsoftokn3 3.28.1 cause the JVM to crash when using sun.security.ec.ECKeyPairGenerator Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: x86-64 OS: openSUSE 42.2 Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: wolfgang@rosenauer.org Reporter: tom.warnke@kolabnow.com QA Contact: opensuse-communityscreening@forge.provo.novell.com Found By: --- Blocker: --- Created attachment 711741 --> http://bugzilla.opensuse.org/attachment.cgi?id=711741&action=edit JVM crash log After updating libfreebl3 and libsoftokn3 from 3.26.2 to 3.28.1 from the OBS mozilla project, Maven can not download artifacts anymore. The java process crashes with a SIGSEGV. From the crash log, I assembled a minimal example. The following Java program can be executed with libfreebl3 and libsoftokn3 3.26.2, but crashes the JVM with 3.28.1: import sun.security.ec.ECKeyPairGenerator; public class Main { public static void main(String[] args) { ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator(); keyPairGenerator.generateKeyPair(); } } I also attached the crash log from the minimal example. If this is not the right place to report this bug, please direct me to a better one. In any case, these two packages should not enter the 42.2 main repositories yet. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c1 --- Comment #1 from Tom Warnke <tom.warnke@kolabnow.com> --- I found the upstream bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1333504 Also related: https://bugzilla.redhat.com/show_bug.cgi?id=1415137 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c2 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|3rd party software |Java Version|unspecified |Leap 42.2 See Also| |https://bugzilla.redhat.com | |/show_bug.cgi?id=1415137 Assignee|wolfgang@rosenauer.org |bnc-team-java@forge.provo.n | |ovell.com Product|openSUSE.org |openSUSE Distribution Target Milestone|--- |Leap 42.2 QA Contact|opensuse-communityscreening |qa-bugs@suse.de |@forge.provo.novell.com | --- Comment #2 from Wolfgang Rosenauer <wolfgang@rosenauer.org> --- This will soon hit Leap and Tumbleweed with the progressing update of Firefox which requires NSS 3.28.1. Therefore moving accordingly. https://bugzilla.redhat.com/show_bug.cgi?id=1415137 this one has a lot of information pointing out that OpenJDK needs a change. We have the same issue as RH/Fedora downgrading So I think that Java maintainers have to look into fixing it there. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c3 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de, | |wolfgang@rosenauer.org --- Comment #3 from Wolfgang Rosenauer <wolfgang@rosenauer.org> --- Also making security-team aware of the outfall of the NSS upgrade. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c4 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com --- Comment #4 from Andreas Stieger <astieger@suse.com> --- (In reply to Wolfgang Rosenauer from comment #3)
Also making security-team aware of the outfall of the NSS upgrade.
Good to know. Should we hold it a bit? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c6 --- Comment #6 from Andreas Stieger <astieger@suse.com> --- Created attachment 711997 --> http://bugzilla.opensuse.org/attachment.cgi?id=711997&action=edit Main.java Confirmed on 42.2 $ javac Main.java $ java Main Exception in thread "main" java.security.ProviderException: java.lang.NegativeArraySizeException at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147) at Main.main(Main.java:8) Caused by: java.lang.NegativeArraySizeException at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method) at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128) ... 1 more -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c7 --- Comment #7 from Tom Warnke <tom.warnke@kolabnow.com> --- Firefox 51 and the new NSS library versions arrived in Tumbleweed a few days ago. The Java example does not run in an up-to-date Tumbleweed anymore. So as far as I understand it, this will be resolved with updates for the OpenJDK packages? Java:Factory already has 1.8.0.121 [1] for 42.2 with this in the change log:
Require the exact version of mozilla-nss that the package was built against (bsc#1022053)
[1] https://build.opensuse.org/package/show?project=Java%3AFactory&package=java-1_8_0-openjdk -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 Jean Delvare <jdelvare@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jdelvare@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 Jean Delvare <jdelvare@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Severity|Normal |Major -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c10 Jean Delvare <jdelvare@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |robby.engelmann@igfs-ev.de --- Comment #10 from Jean Delvare <jdelvare@suse.com> --- *** Bug 1022512 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 Mischa Salle <mischa.salle@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mischa.salle@gmail.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1022053 http://bugzilla.opensuse.org/show_bug.cgi?id=1022053#c13 Tom Warnke <tom.warnke@kolabnow.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #13 from Tom Warnke <tom.warnke@kolabnow.com> --- Fixed with the Java update to 1.8.0.121 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com