Hello, Am 19.08.19 um 11:23 schrieb Thomas Elsner: > Hi, > > Markus Koschany schrieb am 15.08.19 um 23:57: >> Package : openjdk-7 >> Version : 7u231-2.6.19-1~deb8u1 >> CVE ID : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2816 > > I'm not able to install the openjdk-7-jdk package without an error > message during execution of the post install triggers. The script > /etc/ca-certificates/update.d/jks-keystore calls > java -Xmx64m -jar > /usr/share/ca-certificates-java/ca-certificates-java.jar -storepass changeit > . This shows the error: > Exception in thread "main" java.lang.NoClassDefFoundError: > sun/security/ec/ECParameters > at > sun.security.pkcs11.SunPKCS11$P11Service.newInstance0(SunPKCS11.java:1038) > at > sun.security.pkcs11.SunPKCS11$P11Service.newInstance(SunPKCS11.java:980) > .... > > I can reproduce the error using a docker container. > docker run -ti --rm debian:jessie /bin/bash > apt-get update && apt-get -y dist-upgrade && apt-get -y install > openjdk-7-jdk default-jdk
Thanks for your report. I have looked into this and I believe I have found the reason for the exception. Apparently upstream removed the ECParameters class from rt.jar because it is usually also present in sunec.jar. This is OpenJDK bug JDK-7194075. [1] In Debian we have never built sunec.jar for OpenJDK 7. This is Debian bug #750400 [1]. There must have been some sort of build failure which could not be fixed because the relevant configuration option is commented out in debian/rules. Since the classes were also in rt.jar, we could apparently live with the situation...until now. At first glance I believe the following classes from the ec directory are missing: src/share/classes/sun/security/ec/ECParameters.java ../../../../src/share/classes/sun/security/ec/ECPrivateKeyImpl.java ../../../../src/share/classes/sun/security/ec/ECPublicKeyImpl.java ../../../../src/share/classes/sun/security/ec/NamedCurve.java I will readd them to rt.jar and test whether that fixes our problem at hand. Regards, Markus [1] https://bugs.openjdk.java.net/browse/JDK-7194075 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750400
signature.asc
Description: OpenPGP digital signature
