2017-05-16 14:35:19 |
Christopher D'Cunha |
bug |
|
|
added bug |
2017-05-17 07:35:05 |
Launchpad Janitor |
openjdk-7 (Ubuntu): status |
New |
Confirmed |
|
2017-05-17 07:57:44 |
Andre Keller |
bug |
|
|
added subscriber Andre Keller |
2017-05-17 08:47:48 |
Benedikt Wegmann |
bug |
|
|
added subscriber Benedikt Wegmann |
2017-05-17 12:25:04 |
VSHN |
bug |
|
|
added subscriber VSHN |
2017-05-17 14:10:05 |
Tiago Stürmer Daitx |
openjdk-7 (Ubuntu): assignee |
|
Tiago Stürmer Daitx (tdaitx) |
|
2017-05-17 14:10:09 |
Tiago Stürmer Daitx |
openjdk-7 (Ubuntu): status |
Confirmed |
In Progress |
|
2017-05-17 14:27:44 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
2017-05-17 14:34:31 |
Tiago Stürmer Daitx |
tags |
amd64 apport-bug ec2-images trusty |
amd64 apport-bug ec2-images regression-update trusty |
|
2017-05-17 15:39:08 |
Robie Basak |
nominated for series |
|
Ubuntu Trusty |
|
2017-05-17 15:39:08 |
Robie Basak |
bug task added |
|
openjdk-7 (Ubuntu Trusty) |
|
2017-05-17 15:39:17 |
Robie Basak |
openjdk-7 (Ubuntu Trusty): importance |
Undecided |
High |
|
2017-05-17 15:47:23 |
Tiago Stürmer Daitx |
openjdk-7 (Ubuntu Trusty): assignee |
|
Tiago Stürmer Daitx (tdaitx) |
|
2017-05-17 15:47:30 |
Tiago Stürmer Daitx |
openjdk-7 (Ubuntu Trusty): status |
New |
In Progress |
|
2017-05-17 15:47:35 |
Tiago Stürmer Daitx |
openjdk-7 (Ubuntu): status |
In Progress |
Invalid |
|
2017-05-17 17:04:24 |
Christopher D'Cunha |
description |
Tested with the puppetserver package (version 2.2.0-1puppetlabs1).
When running:
$ openssl s_client -showcerts -connect "$(hostname -f):8140"
The following java exception is thrown in the puppetserver:
2017-05-16 14:20:42,835 WARN [qtp1887840931-59] [o.e.j.u.t.QueuedThreadPool]
java.lang.ExceptionInInitializerError: null
at sun.security.ssl.HelloExtensions.<init>(HelloExtensions.java:85) ~[na:1.7.0_131]
at sun.security.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:240) ~[na:1.7.0_131]
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:219) ~[na:1.7.0_131]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961) ~[na:1.7.0_131]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:901) ~[na:1.7.0_131]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:899) ~[na:1.7.0_131]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.7.0_131]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1333) ~[na:1.7.0_131]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:612) ~[puppet-server-release.jar:na]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:239) ~[puppet-server-release.jar:na]
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) ~[puppet-server-release.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) ~[puppet-server-release.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) ~[puppet-server-release.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_131]
Caused by: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves
at sun.security.ssl.SupportedEllipticCurvesExtension.<clinit>(SupportedEllipticCurvesExtension.java:154) ~[na:1.7.0_131]
... 14 common frames omitted
This bug seems to be the same as the one described in:
- https://bugzilla.redhat.com/show_bug.cgi?id=1422738
- https://bugs.openjdk.java.net/browse/JDK-8173783
- http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3329
It looks like this was introduced by adding open-jdk 7u131-2.6.9-0 to http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7/
We are working around this issue by downgrading openjdk-7-jre-headless to 7u121-2.6.8-1. i.e.
$ curl -LO http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7/openjdk-7-jre-headless_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb
$ dpkg -i openjdk-7-jre-headless_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb
$ update-alternatives --install /usr/bin/java java /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java 1
$ service puppetserver restart
----
> We also need:
> 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu
$ lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04
> 2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center
$ apt-cache policy openjdk-7-jre-headless
openjdk-7-jre-headless:
Installed: 7u131-2.6.9-0ubuntu0.14.04.1
Candidate: 7u131-2.6.9-0ubuntu0.14.04.1
Version table:
*** 7u131-2.6.9-0ubuntu0.14.04.1 0
500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
100 /var/lib/dpkg/status
7u51-2.4.6-1ubuntu4 0
500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
> 3) What you expected to happen
We expected this command to return certificate information for a web server:
$ openssl s_client -showcerts -connect "$(hostname -f):8140"
> 4) What happened instead
The command failed and the webserver had a Java stack trace (see above).
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openjdk-7-jre-headless 7u131-2.6.9-0ubuntu0.14.04.1
ProcVersionSignature: Ubuntu 3.19.0-58.64~14.04.1-generic 3.19.8-ckt16
Uname: Linux 3.19.0-58-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.23
Architecture: amd64
Date: Tue May 16 14:21:01 2017
Ec2AMI: ami-30b59b43
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: eu-west-1a
Ec2InstanceType: t2.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
TERM=screen-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openjdk-7
UpgradeStatus: No upgrade log present (probably fresh install) |
Tested with the puppetserver package (version 2.2.0-1puppetlabs1).
When running:
$ openssl s_client -showcerts -connect "$(hostname -f):8140"
The following java exception is thrown in the puppetserver:
2017-05-16 14:20:42,835 WARN [qtp1887840931-59] [o.e.j.u.t.QueuedThreadPool]
java.lang.ExceptionInInitializerError: null
at sun.security.ssl.HelloExtensions.<init>(HelloExtensions.java:85) ~[na:1.7.0_131]
at sun.security.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:240) ~[na:1.7.0_131]
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:219) ~[na:1.7.0_131]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961) ~[na:1.7.0_131]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:901) ~[na:1.7.0_131]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:899) ~[na:1.7.0_131]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.7.0_131]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1333) ~[na:1.7.0_131]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:612) ~[puppet-server-release.jar:na]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:239) ~[puppet-server-release.jar:na]
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) ~[puppet-server-release.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) ~[puppet-server-release.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) ~[puppet-server-release.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_131]
Caused by: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves
at sun.security.ssl.SupportedEllipticCurvesExtension.<clinit>(SupportedEllipticCurvesExtension.java:154) ~[na:1.7.0_131]
... 14 common frames omitted
This bug seems to be the same as the one described in:
- https://bugzilla.redhat.com/show_bug.cgi?id=1422738
- https://bugs.openjdk.java.net/browse/JDK-8173783
- http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3329
It looks like this was introduced by adding open-jdk 7u131-2.6.9-0 to http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7/
EDIT: WORKAROUND
The original workaround steps no longer work because the required package has been removed from http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7.
The new steps make you use the repository at https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa.
$ gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/
apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv DA1A4A13543B466853BAF164EB9B1D8886F44E2A
$ echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu trusty main
deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu trusty main" > /etc/apt/sources.list.d/openjdk-r-ppa.list
$ apt-get update
$ apt-get install openjdk-7-jre-headless=7u121-2.6.8-1~14.04
$ service puppetserver restart
----
> We also need:
> 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu
$ lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04
> 2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center
$ apt-cache policy openjdk-7-jre-headless
openjdk-7-jre-headless:
Installed: 7u131-2.6.9-0ubuntu0.14.04.1
Candidate: 7u131-2.6.9-0ubuntu0.14.04.1
Version table:
*** 7u131-2.6.9-0ubuntu0.14.04.1 0
500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
100 /var/lib/dpkg/status
7u51-2.4.6-1ubuntu4 0
500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
> 3) What you expected to happen
We expected this command to return certificate information for a web server:
$ openssl s_client -showcerts -connect "$(hostname -f):8140"
> 4) What happened instead
The command failed and the webserver had a Java stack trace (see above).
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openjdk-7-jre-headless 7u131-2.6.9-0ubuntu0.14.04.1
ProcVersionSignature: Ubuntu 3.19.0-58.64~14.04.1-generic 3.19.8-ckt16
Uname: Linux 3.19.0-58-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.23
Architecture: amd64
Date: Tue May 16 14:21:01 2017
Ec2AMI: ami-30b59b43
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: eu-west-1a
Ec2InstanceType: t2.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
TERM=screen-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openjdk-7
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2017-05-17 17:36:41 |
Drew Gibson |
bug |
|
|
added subscriber Drew Gibson |
2017-05-18 08:33:34 |
Ivan Semernik |
bug |
|
|
added subscriber Ivan Semernik |
2017-05-18 08:47:52 |
Paul Turton |
bug |
|
|
added subscriber Paul Turton |
2017-05-18 09:22:03 |
Tore Anderson |
bug |
|
|
added subscriber Tore Anderson |
2017-05-18 11:47:40 |
David Hayes |
bug |
|
|
added subscriber David Hayes |
2017-05-18 16:02:10 |
Steve Beattie |
bug |
|
|
added subscriber Steve Beattie |
2017-05-18 21:06:45 |
Launchpad Janitor |
openjdk-7 (Ubuntu Trusty): status |
In Progress |
Fix Released |
|
2017-05-22 01:33:23 |
Mathew Hodson |
bug task deleted |
openjdk-7 (Ubuntu) |
|
|