Ubuntu
openjdk-7 package

"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4

  1. Quantal (12.10)
  2. Bug #1283828
Bug #1283828 reported by Nathan Stratton Treadway
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Iced Tea
Fix Released
Medium
openjdk-6 (Ubuntu)
Fix Released
Undecided
Jamie Strandboge
Lucid
Fix Released
Undecided
Jamie Strandboge
Precise
Fix Released
Undecided
Jamie Strandboge
Quantal
Fix Released
Undecided
Jamie Strandboge
Saucy
Fix Released
Undecided
Jamie Strandboge
Trusty
Fix Released
Undecided
Jamie Strandboge
openjdk-7 (Ubuntu)
Fix Released
Undecided
Jamie Strandboge
Precise
Fix Released
Undecided
Jamie Strandboge
Quantal
Fix Released
Undecided
Jamie Strandboge
Saucy
Fix Released
Undecided
Jamie Strandboge
Trusty
Fix Released
Undecided
Jamie Strandboge

Bug Description

After upgrading the various openjdk-6-* packages to version 6b27-1.12.6-1ubuntu0.10.04.4 on our server, all incoming client connections started failing with the following error message at the top of the stack dump (on the client side).
javax.xml.ws.soap.SOAPFaultException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding

(Previously we were running version 6b27-1.12.5-0ubuntu0.10.04.1 of the packages without seeing this problem.)

Revision history for this message
Nathan Stratton Treadway (nathanst) wrote :

It looks like this is the JDK 6 version of the JDK 7 problem described in:
   http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8017173

That bug was apparently fixed in JDK 7 by this one-line commit:
   http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c5d869453212

In the JDK6 upstream, it seems this patch is the one that introduced the "OAEPPadding" string :
   http://hg.openjdk.java.net/jdk6/jdk6/jdk/diff/f3d02dd3dee5/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
(part of S6741606 "Integrate Apache Santuario"), but I haven't found any sign that the fix from S88017173 is being backported to the JDK6 codeline upstream....

tags: added: lucid
removed: precise
Revision history for this message
Nathan Stratton Treadway (nathanst) wrote :

Ah, actually I see that for the 6b27-1.12.6-1ubuntu0.10.04.4 package the origin of the change was not (directly) the JDK6 upstream but rather this backport of that change in IcedTea 1.12.6::
http://icedtea.classpath.org/hg/icedtea6/file/809bd0fb849e/patches/security/20130618/6741606-apache_santuario.patch

Marc Deslauriers (mdeslaur)
Changed in openjdk-6 (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand)
Changed in openjdk-6 (Ubuntu Lucid):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openjdk-6 (Ubuntu Precise):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openjdk-6 (Ubuntu Quantal):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openjdk-6 (Ubuntu Saucy):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openjdk-6 (Ubuntu Trusty):
status: New → In Progress
Jamie Strandboge (jdstrand)
Changed in openjdk-6 (Ubuntu Trusty):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2) trusty; urgency=medium

  * pull out changes to configure and acinclude.m4 from diff.gz and
    conditionally apply to Debian and Ubuntu releases that have arm64 and/or
    automake-1.14. IcedTea 1.13 requires automake 1.14 now and the change to
    diff.gz caused a FTBFS on backport builds
    - add debian/patches/autotools-aarch64.diff
    - debian/rules:
      + add PRECONFIGURE_DEBIAN_PATCHES which is empty on releases where we
        don't have automake-1.14, otherwise add autotools-aarch64.diff
      + add preconfigure-distribution-patches.stamp target and have
        stamps/icedtea-configure depend on it
      + adjust debian-clean to unapply PRECONFIGURE_DEBIAN_PATCHES
  * debian/rules: disable system lcms2 for releases that don't have lcms2 2.5
    or higher
  * debian/patches/8017173.diff: XMLCipher with RSA_OAEP Key Transport
    algorithm can't be instantiated (LP: #1283828)
  * debian/patches/java-access-bridge-security.patch: fix malformed patch
 -- Jamie Strandboge <email address hidden> Tue, 25 Feb 2014 15:43:01 -0600

Changed in openjdk-6 (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Updated openjdk-6 packages with a fix for this issue are in https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages. If someone wants to test to make sure the issue is resolved, that would be great.

Revision history for this message
Nathan Stratton Treadway (nathanst) wrote :

I've tried running the GetInstance.java test case pulled out of
 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c5d869453212
in a Precise development environment, and can confirm that it aborts with the "Cannot find any provider supporting RSA/ECB/OAEPPadding" exception when run using 6b27-1.12.6-1ubuntu0.12.04.4 but completes with no error when run using 6b30-1.13.1-1ubuntu2~0.12.04.1 from the PPA.

I hope to be able to test against our actual application (running under Lucid) soon.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2~0.12.04.1

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2~0.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04 LTS

openjdk-6 (6b30-1.13.1-1ubuntu2) trusty; urgency=medium

  * pull out changes to configure and acinclude.m4 from diff.gz and
    conditionally apply to Debian and Ubuntu releases that have arm64 and/or
    automake-1.14. IcedTea 1.13 requires automake 1.14 now and the change to
    diff.gz caused a FTBFS on backport builds
    - add debian/patches/autotools-aarch64.diff
    - debian/rules:
      + add PRECONFIGURE_DEBIAN_PATCHES which is empty on releases where we
        don't have automake-1.14, otherwise add autotools-aarch64.diff
      + add preconfigure-distribution-patches.stamp target and have
        stamps/icedtea-configure depend on it
      + adjust debian-clean to unapply PRECONFIGURE_DEBIAN_PATCHES
  * debian/rules: disable system lcms2 for releases that don't have lcms2 2.5
    or higher
  * debian/patches/8017173.diff: XMLCipher with RSA_OAEP Key Transport
    algorithm can't be instantiated (LP: #1283828)
  * debian/patches/java-access-bridge-security.patch: fix malformed patch

openjdk-6 (6b30-1.13.1-1ubuntu1) trusty; urgency=medium

  * Regenerate the control file.

openjdk-6 (6b30-1.13.1-1) unstable; urgency=medium

  * IcedTea 1.13.1 release.
  * Security fixes
    - S6727821: Enhance JAAS Configuration.
    - S7068126, CVE-2014-0373: Enhance SNMP statuses.
    - S8010935: Better XML handling.
    - S8011786, CVE-2014-0368: Better applet networking.
    - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on
      restricted package list.
    - S8021271: Better buffering in ObjC code.
    - S8022904: Enhance JDBC Parsers.
    - S8022927: Input validation for byte/endian conversions.
    - S8022935: Enhance Apache resolver classes.
    - S8022945: Enhance JNDI implementation classes.
    - S8023057: Enhance start up image display.
    - S8023069, CVE-2014-0411: Enhance TLS connections.
    - S8023245, CVE-2014-0423: Enhance Beans decoding.
    - S8023301: Enhance generic classes.
    - S8023672: Enhance jar file validation.
    - S8024306, CVE-2014-0416: Enhance Subject consistency.
    - S8024530: Enhance font process resilience.
    - S8024867: Enhance logging start up.
    - S8025014: Enhance Security Policy.
    - S8025018, CVE-2014-0376: Enhance JAX-P set up.
    - S8025026, CVE-2013-5878: Enhance canonicalization.
    - S8025034, CVE-2013-5907: Improve layout lookups.
    - S8025448: Enhance listening events.
    - S8025758, CVE-2014-0422: Enhance Naming management.
    - S8025767, CVE-2014-0428: Enhance IIOP Streams.
    - S8026172: Enhance UI Management.
    - S8026176: Enhance document printing.
    - S8026193, CVE-2013-5884: Enhance CORBA stub factories.
    - S8026204: Enhance auth login contexts.
    - S8026417, CVE-2013-5910: Enhance XML canonicalization.
    - S8027201, CVE-2014-0376: Enhance JAX-P set up.

openjdk-6 (6b29-1.13.0-2) unstable; urgency=medium

  * Fix the sparc builds.

openjdk-6 (6b29-1.13.0-1) unstable; urgency=medium

  * IcedTea 1.13.0 release.

openjdk-6 (6b27-1.12.7-2) unstable; urgen...

Read more...

Changed in openjdk-6 (Ubuntu Precise):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2~0.12.10.1

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2~0.12.10.1) quantal-security; urgency=medium

  * Backport to Ubuntu 12.10

openjdk-6 (6b30-1.13.1-1ubuntu2) trusty; urgency=medium

  * pull out changes to configure and acinclude.m4 from diff.gz and
    conditionally apply to Debian and Ubuntu releases that have arm64 and/or
    automake-1.14. IcedTea 1.13 requires automake 1.14 now and the change to
    diff.gz caused a FTBFS on backport builds
    - add debian/patches/autotools-aarch64.diff
    - debian/rules:
      + add PRECONFIGURE_DEBIAN_PATCHES which is empty on releases where we
        don't have automake-1.14, otherwise add autotools-aarch64.diff
      + add preconfigure-distribution-patches.stamp target and have
        stamps/icedtea-configure depend on it
      + adjust debian-clean to unapply PRECONFIGURE_DEBIAN_PATCHES
  * debian/rules: disable system lcms2 for releases that don't have lcms2 2.5
    or higher
  * debian/patches/8017173.diff: XMLCipher with RSA_OAEP Key Transport
    algorithm can't be instantiated (LP: #1283828)
  * debian/patches/java-access-bridge-security.patch: fix malformed patch

openjdk-6 (6b30-1.13.1-1ubuntu1) trusty; urgency=medium

  * Regenerate the control file.

openjdk-6 (6b30-1.13.1-1) unstable; urgency=medium

  * IcedTea 1.13.1 release.
  * Security fixes
    - S6727821: Enhance JAAS Configuration.
    - S7068126, CVE-2014-0373: Enhance SNMP statuses.
    - S8010935: Better XML handling.
    - S8011786, CVE-2014-0368: Better applet networking.
    - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on
      restricted package list.
    - S8021271: Better buffering in ObjC code.
    - S8022904: Enhance JDBC Parsers.
    - S8022927: Input validation for byte/endian conversions.
    - S8022935: Enhance Apache resolver classes.
    - S8022945: Enhance JNDI implementation classes.
    - S8023057: Enhance start up image display.
    - S8023069, CVE-2014-0411: Enhance TLS connections.
    - S8023245, CVE-2014-0423: Enhance Beans decoding.
    - S8023301: Enhance generic classes.
    - S8023672: Enhance jar file validation.
    - S8024306, CVE-2014-0416: Enhance Subject consistency.
    - S8024530: Enhance font process resilience.
    - S8024867: Enhance logging start up.
    - S8025014: Enhance Security Policy.
    - S8025018, CVE-2014-0376: Enhance JAX-P set up.
    - S8025026, CVE-2013-5878: Enhance canonicalization.
    - S8025034, CVE-2013-5907: Improve layout lookups.
    - S8025448: Enhance listening events.
    - S8025758, CVE-2014-0422: Enhance Naming management.
    - S8025767, CVE-2014-0428: Enhance IIOP Streams.
    - S8026172: Enhance UI Management.
    - S8026176: Enhance document printing.
    - S8026193, CVE-2013-5884: Enhance CORBA stub factories.
    - S8026204: Enhance auth login contexts.
    - S8026417, CVE-2013-5910: Enhance XML canonicalization.
    - S8027201, CVE-2014-0376: Enhance JAX-P set up.

openjdk-6 (6b29-1.13.0-2) unstable; urgency=medium

  * Fix the sparc builds.

openjdk-6 (6b29-1.13.0-1) unstable; urgency=medium

  * IcedTea 1.13.0 release.

openjdk-6 (6b27-1.12.7-2) unstable; urgency=l...

Read more...

Changed in openjdk-6 (Ubuntu Quantal):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2~0.10.04.1

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2~0.10.04.1) lucid-security; urgency=medium

  * Backport to Ubuntu 10.04 LTS

openjdk-6 (6b30-1.13.1-1ubuntu2) trusty; urgency=medium

  * pull out changes to configure and acinclude.m4 from diff.gz and
    conditionally apply to Debian and Ubuntu releases that have arm64 and/or
    automake-1.14. IcedTea 1.13 requires automake 1.14 now and the change to
    diff.gz caused a FTBFS on backport builds
    - add debian/patches/autotools-aarch64.diff
    - debian/rules:
      + add PRECONFIGURE_DEBIAN_PATCHES which is empty on releases where we
        don't have automake-1.14, otherwise add autotools-aarch64.diff
      + add preconfigure-distribution-patches.stamp target and have
        stamps/icedtea-configure depend on it
      + adjust debian-clean to unapply PRECONFIGURE_DEBIAN_PATCHES
  * debian/rules: disable system lcms2 for releases that don't have lcms2 2.5
    or higher
  * debian/patches/8017173.diff: XMLCipher with RSA_OAEP Key Transport
    algorithm can't be instantiated (LP: #1283828)
  * debian/patches/java-access-bridge-security.patch: fix malformed patch

openjdk-6 (6b30-1.13.1-1ubuntu1) trusty; urgency=medium

  * Regenerate the control file.

openjdk-6 (6b30-1.13.1-1) unstable; urgency=medium

  * IcedTea 1.13.1 release.
  * Security fixes
    - S6727821: Enhance JAAS Configuration.
    - S7068126, CVE-2014-0373: Enhance SNMP statuses.
    - S8010935: Better XML handling.
    - S8011786, CVE-2014-0368: Better applet networking.
    - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on
      restricted package list.
    - S8021271: Better buffering in ObjC code.
    - S8022904: Enhance JDBC Parsers.
    - S8022927: Input validation for byte/endian conversions.
    - S8022935: Enhance Apache resolver classes.
    - S8022945: Enhance JNDI implementation classes.
    - S8023057: Enhance start up image display.
    - S8023069, CVE-2014-0411: Enhance TLS connections.
    - S8023245, CVE-2014-0423: Enhance Beans decoding.
    - S8023301: Enhance generic classes.
    - S8023672: Enhance jar file validation.
    - S8024306, CVE-2014-0416: Enhance Subject consistency.
    - S8024530: Enhance font process resilience.
    - S8024867: Enhance logging start up.
    - S8025014: Enhance Security Policy.
    - S8025018, CVE-2014-0376: Enhance JAX-P set up.
    - S8025026, CVE-2013-5878: Enhance canonicalization.
    - S8025034, CVE-2013-5907: Improve layout lookups.
    - S8025448: Enhance listening events.
    - S8025758, CVE-2014-0422: Enhance Naming management.
    - S8025767, CVE-2014-0428: Enhance IIOP Streams.
    - S8026172: Enhance UI Management.
    - S8026176: Enhance document printing.
    - S8026193, CVE-2013-5884: Enhance CORBA stub factories.
    - S8026204: Enhance auth login contexts.
    - S8026417, CVE-2013-5910: Enhance XML canonicalization.
    - S8027201, CVE-2014-0376: Enhance JAX-P set up.

openjdk-6 (6b29-1.13.0-2) unstable; urgency=medium

  * Fix the sparc builds.

openjdk-6 (6b29-1.13.0-1) unstable; urgency=medium

  * IcedTea 1.13.0 release.

openjdk-6 (6b27-1.12.7-2) unstable; urgency...

Read more...

Changed in openjdk-6 (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2~0.13.10.1

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2~0.13.10.1) saucy-security; urgency=medium

  * Backport to Ubuntu 13.10

openjdk-6 (6b30-1.13.1-1ubuntu2) trusty; urgency=medium

  * pull out changes to configure and acinclude.m4 from diff.gz and
    conditionally apply to Debian and Ubuntu releases that have arm64 and/or
    automake-1.14. IcedTea 1.13 requires automake 1.14 now and the change to
    diff.gz caused a FTBFS on backport builds
    - add debian/patches/autotools-aarch64.diff
    - debian/rules:
      + add PRECONFIGURE_DEBIAN_PATCHES which is empty on releases where we
        don't have automake-1.14, otherwise add autotools-aarch64.diff
      + add preconfigure-distribution-patches.stamp target and have
        stamps/icedtea-configure depend on it
      + adjust debian-clean to unapply PRECONFIGURE_DEBIAN_PATCHES
  * debian/rules: disable system lcms2 for releases that don't have lcms2 2.5
    or higher
  * debian/patches/8017173.diff: XMLCipher with RSA_OAEP Key Transport
    algorithm can't be instantiated (LP: #1283828)
  * debian/patches/java-access-bridge-security.patch: fix malformed patch

openjdk-6 (6b30-1.13.1-1ubuntu1) trusty; urgency=medium

  * Regenerate the control file.

openjdk-6 (6b30-1.13.1-1) unstable; urgency=medium

  * IcedTea 1.13.1 release.
  * Security fixes
    - S6727821: Enhance JAAS Configuration.
    - S7068126, CVE-2014-0373: Enhance SNMP statuses.
    - S8010935: Better XML handling.
    - S8011786, CVE-2014-0368: Better applet networking.
    - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on
      restricted package list.
    - S8021271: Better buffering in ObjC code.
    - S8022904: Enhance JDBC Parsers.
    - S8022927: Input validation for byte/endian conversions.
    - S8022935: Enhance Apache resolver classes.
    - S8022945: Enhance JNDI implementation classes.
    - S8023057: Enhance start up image display.
    - S8023069, CVE-2014-0411: Enhance TLS connections.
    - S8023245, CVE-2014-0423: Enhance Beans decoding.
    - S8023301: Enhance generic classes.
    - S8023672: Enhance jar file validation.
    - S8024306, CVE-2014-0416: Enhance Subject consistency.
    - S8024530: Enhance font process resilience.
    - S8024867: Enhance logging start up.
    - S8025014: Enhance Security Policy.
    - S8025018, CVE-2014-0376: Enhance JAX-P set up.
    - S8025026, CVE-2013-5878: Enhance canonicalization.
    - S8025034, CVE-2013-5907: Improve layout lookups.
    - S8025448: Enhance listening events.
    - S8025758, CVE-2014-0422: Enhance Naming management.
    - S8025767, CVE-2014-0428: Enhance IIOP Streams.
    - S8026172: Enhance UI Management.
    - S8026176: Enhance document printing.
    - S8026193, CVE-2013-5884: Enhance CORBA stub factories.
    - S8026204: Enhance auth login contexts.
    - S8026417, CVE-2013-5910: Enhance XML canonicalization.
    - S8027201, CVE-2014-0376: Enhance JAX-P set up.

openjdk-6 (6b29-1.13.0-2) unstable; urgency=medium

  * Fix the sparc builds.

openjdk-6 (6b29-1.13.0-1) unstable; urgency=medium

  * IcedTea 1.13.0 release.

openjdk-6 (6b27-1.12.7-2) unstable; urgency=low...

Read more...

Changed in openjdk-6 (Ubuntu Saucy):
status: In Progress → Fix Released
Revision history for this message
In , Jamie Strandboge (jdstrand) wrote :

The following bug was filed in Ubuntu against openjdk-6:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1283828

"After upgrading the various openjdk-6-* packages to version 6b27-1.12.6-1ubuntu0.10.04.4 on our server, all incoming client connections started failing with the following error message at the top of the stack dump (on the client side).
javax.xml.ws.soap.SOAPFaultException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding

(Previously we were running version 6b27-1.12.5-0ubuntu0.10.04.1 of the packages without seeing this problem.)

comment #1:
It looks like this is the JDK 6 version of the JDK 7 problem described in:
   http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8017173

That bug was apparently fixed in JDK 7 by this one-line commit:
   http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c5d869453212

In the JDK6 upstream, it seems this patch is the one that introduced the "OAEPPadding" string :
   http://hg.openjdk.java.net/jdk6/jdk6/jdk/diff/f3d02dd3dee5/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
(part of S6741606 "Integrate Apache Santuario"), but I haven't found any sign that the fix from S88017173 is being backported to the JDK6 codeline upstream....
"

Indeed, applying the patch in http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c5d869453212 resolves the issue. This is known to affect at least 1.13.1 and 2.4.5. Note, the patch includes a test case but in our openjdk-6 builds it didn't get run as part of the testsuite. I did not investigate why, but it can be run manually with:
$ javac -XDignore.symbol.file GetInstance.java # GetInstance.java from patch
$ java GetInstance

A patched openjdk will exit with '0' while unpatched will throw the exception.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This also affect openjdk-7.

no longer affects: openjdk-7 (Ubuntu Lucid)
Changed in openjdk-7 (Ubuntu Precise):
status: New → Triaged
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openjdk-7 (Ubuntu Quantal):
status: New → Triaged
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openjdk-7 (Ubuntu Saucy):
status: New → Triaged
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openjdk-7 (Ubuntu Trusty):
status: New → Triaged
assignee: nobody → Jamie Strandboge (jdstrand)
Bug Watch Updater (bug-watch-updater)
Changed in icedtea:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
Nathan Stratton Treadway (nathanst) wrote : Re: [Bug 1283828] Re: "Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4

On Thu, Feb 27, 2014 at 21:47:26 -0000, Jamie Strandboge wrote:
> This also affect openjdk-7.
>
> ** Also affects: openjdk-7 (Ubuntu)
> Importance: Undecided
> Status: New
>

For what it's worth, I tried running the GetInstance.java test
program on a Trusty sandbox machine, and it completed
successfully. This was with openjdk-7-jdk package version
7u51-2.4.5-1ubuntu1.

(Based on
  http://www.oracle.com/technetwork/java/javase/2col/7u40-bugfixes-2007733.html
, it seems that Oracle bug 8017173 was fixed in the upstream
7u40 release.)

     Nathan

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Trusty has 7u51-2.4.6-1ubuntu4 and should not be affected.

Changed in openjdk-7 (Ubuntu Trusty):
status: Triaged → Fix Released
Jamie Strandboge (jdstrand)
Changed in openjdk-7 (Ubuntu Precise):
status: Triaged → In Progress
Changed in openjdk-7 (Ubuntu Quantal):
status: Triaged → In Progress
Changed in openjdk-7 (Ubuntu Saucy):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.9 KiB)

This bug was fixed in the package openjdk-7 - 7u55-2.4.7-1ubuntu1~0.13.10.1

---------------
openjdk-7 (7u55-2.4.7-1ubuntu1~0.13.10.1) saucy-security; urgency=medium

  * Backport for Ubuntu 13.10 (LP: #1283828)

openjdk-7 (7u55-2.4.7-1ubuntu1) trusty-security; urgency=medium

  * Regenerate the control file.

openjdk-7 (7u55-2.4.7-1) unstable; urgency=high

  * IcedTea7 2.4.7 release.
  * Security fixes
    - S8023046: Enhance splashscreen support.
    - S8025005: Enhance CORBA initializations.
    - S8025010, CVE-2014-2412: Enhance AWT contexts.
    - S8025030, CVE-2014-2414: Enhance stream handling.
    - S8025152, CVE-2014-0458: Enhance activation set up.
    - S8026067: Enhance signed jar verification.
    - S8026163, CVE-2014-2427: Enhance media provisioning.
    - S8026188, CVE-2014-2423: Enhance envelope factory.
    - S8026200: Enhance RowSet Factory.
    - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling.
    - S8026736, CVE-2014-2398: Enhance Javadoc pages.
    - S8026797, CVE-2014-0451: Enhance data transfers.
    - S8026801, CVE-2014-0452: Enhance endpoint addressing.
    - S8027766, CVE-2014-0453: Enhance RSA processing.
    - S8027775: Enhance ICU code.
    - S8027841, CVE-2014-0429: Enhance pixel manipulations.
    - S8028385: Enhance RowSet Factory.
    - S8029282, CVE-2014-2403: Enhance CharInfo set up.
    - S8029286: Enhance subject delegation.
    - S8029699: Update Poller demo.
    - S8029730: Improve audio device additions.
    - S8029735: Enhance service mgmt natives.
    - S8029740, CVE-2014-0446: Enhance handling of loggers.
    - S8029745, CVE-2014-0454: Enhance algorithm checking.
    - S8029750: Enhance LCMS color processing (LCMS 2 only).
    - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg).
    - S8029844, CVE-2014-0455: Enhance argument validation.
    - S8029854, CVE-2014-2421: Enhance JPEG decodings.
    - S8029858, CVE-2014-0456: Enhance array copies.
    - S8030731, CVE-2014-0460: Improve name service robustness.
    - S8031330: Refactor ObjectFactory.
    - S8031335, CVE-2014-0459: Better color profiling.
    - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng).
    - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader.
    - S8031395: Enhance LDAP processing.
    - S8032686, CVE-2014-2413: Issues with method invoke.
    - S8033618, CVE-2014-1876: Correct logging output.
    - S8034926, CVE-2014-2397: Attribute classes properly.
    - S8036794, CVE-2014-0461: Manage JavaScript instances.
  * AArch64 fixes.

openjdk-7 (7u51-2.4.6-1ubuntu4) trusty; urgency=medium

  * AArch64 hotspot fixes (Ed Nevill):
    - Use gcc __clear_cache instead of doing it ourselves.
    - Preserve callee save FP registers around call to java code.

openjdk-7 (7u51-2.4.6-1ubuntu3) trusty; urgency=medium

  * Don't search ecj.jar when it is not required for the build.

openjdk-7 (7u51-2.4.6-1ubuntu2) trusty; urgency=medium

  * Fix the AArch64 build.
  * Regenerate the control file.

openjdk-7 (7u51-2.4.6-1) unstable; urgency=medium

  * IcedTea7 2.4.6 release.
  * Explicitly use AC_MAINTAINER_MODE and automake-1.11 to create the
    debian .orig tarball. Addr...

Read more...

Changed in openjdk-7 (Ubuntu Saucy):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.0 KiB)

This bug was fixed in the package openjdk-7 - 7u55-2.4.7-1ubuntu1~0.12.10.1

---------------
openjdk-7 (7u55-2.4.7-1ubuntu1~0.12.10.1) quantal-security; urgency=medium

  * Backport for Ubuntu 12.10 (LP: #1283828)
  * debian/control: Breaks: icedtea-netx (<< 1.3.2-1ubuntu0.12.10.2)

openjdk-7 (7u55-2.4.7-1ubuntu1) trusty-security; urgency=medium

  * Regenerate the control file.

openjdk-7 (7u55-2.4.7-1) unstable; urgency=high

  * IcedTea7 2.4.7 release.
  * Security fixes
    - S8023046: Enhance splashscreen support.
    - S8025005: Enhance CORBA initializations.
    - S8025010, CVE-2014-2412: Enhance AWT contexts.
    - S8025030, CVE-2014-2414: Enhance stream handling.
    - S8025152, CVE-2014-0458: Enhance activation set up.
    - S8026067: Enhance signed jar verification.
    - S8026163, CVE-2014-2427: Enhance media provisioning.
    - S8026188, CVE-2014-2423: Enhance envelope factory.
    - S8026200: Enhance RowSet Factory.
    - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling.
    - S8026736, CVE-2014-2398: Enhance Javadoc pages.
    - S8026797, CVE-2014-0451: Enhance data transfers.
    - S8026801, CVE-2014-0452: Enhance endpoint addressing.
    - S8027766, CVE-2014-0453: Enhance RSA processing.
    - S8027775: Enhance ICU code.
    - S8027841, CVE-2014-0429: Enhance pixel manipulations.
    - S8028385: Enhance RowSet Factory.
    - S8029282, CVE-2014-2403: Enhance CharInfo set up.
    - S8029286: Enhance subject delegation.
    - S8029699: Update Poller demo.
    - S8029730: Improve audio device additions.
    - S8029735: Enhance service mgmt natives.
    - S8029740, CVE-2014-0446: Enhance handling of loggers.
    - S8029745, CVE-2014-0454: Enhance algorithm checking.
    - S8029750: Enhance LCMS color processing (LCMS 2 only).
    - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg).
    - S8029844, CVE-2014-0455: Enhance argument validation.
    - S8029854, CVE-2014-2421: Enhance JPEG decodings.
    - S8029858, CVE-2014-0456: Enhance array copies.
    - S8030731, CVE-2014-0460: Improve name service robustness.
    - S8031330: Refactor ObjectFactory.
    - S8031335, CVE-2014-0459: Better color profiling.
    - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng).
    - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader.
    - S8031395: Enhance LDAP processing.
    - S8032686, CVE-2014-2413: Issues with method invoke.
    - S8033618, CVE-2014-1876: Correct logging output.
    - S8034926, CVE-2014-2397: Attribute classes properly.
    - S8036794, CVE-2014-0461: Manage JavaScript instances.
  * AArch64 fixes.

openjdk-7 (7u51-2.4.6-1ubuntu4) trusty; urgency=medium

  * AArch64 hotspot fixes (Ed Nevill):
    - Use gcc __clear_cache instead of doing it ourselves.
    - Preserve callee save FP registers around call to java code.

openjdk-7 (7u51-2.4.6-1ubuntu3) trusty; urgency=medium

  * Don't search ecj.jar when it is not required for the build.

openjdk-7 (7u51-2.4.6-1ubuntu2) trusty; urgency=medium

  * Fix the AArch64 build.
  * Regenerate the control file.

openjdk-7 (7u51-2.4.6-1) unstable; urgency=medium

  * IcedTea7 2.4.6 release.
  * Explicitly use AC_MAINTAI...

Read more...

Changed in openjdk-7 (Ubuntu Quantal):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-7 - 7u55-2.4.7-1ubuntu1~0.12.04.2

---------------
openjdk-7 (7u55-2.4.7-1ubuntu1~0.12.04.2) precise-security; urgency=medium

  * Backport for Ubuntu 12.04 LTS (LP: #1283828)
  * debian/control: Breaks: icedtea-netx (<< 1.2.3-0ubuntu0.12.04.3)
  * update Makefile.am and Makefile.in to restore quoting. Patch thanks to
    Matthias Klose
 -- Jamie Strandboge <email address hidden> Fri, 25 Apr 2014 07:04:23 -0500

Changed in openjdk-7 (Ubuntu Precise):
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in icedtea:
status: Confirmed → In Progress
Revision history for this message
In , Mercurial (mercurial) wrote :

details: http://icedtea.classpath.org//hg/icedtea6?cmd=changeset;node=98216d6a48cf
author: Andrew John Hughes <email address hidden>
date: Thu Oct 09 01:39:15 2014 +0100

 S8017173, PR1688: XMLCipher with RSA_OAEP Key Transport algorithm can't be instantiated

 2014-10-09 Andrew John Hughes <email address hidden>

  * Makefile.am:
  (ICEDTEA_PATCHES): Add new patch.
  * NEWS: Updated.
  * patches/openjdk/8017173-xml_cipher_rsa_oaep_cant_be_instantiated.patch:
  Backport of regression fix from 7u for PR1688.

Revision history for this message
In , Mercurial (mercurial) wrote :

details: http://icedtea.classpath.org//hg/release/icedtea6-1.13?cmd=changeset;node=a934b804b555
author: Andrew John Hughes <email address hidden>
date: Thu Oct 09 02:30:41 2014 +0100

 S8017173, PR1688: XMLCipher with RSA_OAEP Key Transport algorithm can't be instantiated

 2014-10-09 Andrew John Hughes <email address hidden>

  * Makefile.am:
  (ICEDTEA_PATCHES): Add new patch.
  * NEWS: Updated.
  * patches/openjdk/8017173-xml_cipher_rsa_oaep_cant_be_instantiated.patch:
  Backport of regression fix from 7u for PR1688.

Bug Watch Updater (bug-watch-updater)
Changed in icedtea:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.