On Mon, 19 Aug 2019 09:41:42 +0000 Dzmitry Shalukhau <d...@equest.com> wrote: > Package: openjdk-7-jre-headless > Version: 7u211-2.6.17-1~deb8u1 > Severity: important > File: openjdk-7 > > Dear Maintainer, > > After upgrading from 7u211-2.6.17-1~deb8u1 version to 7u231-2.6.19-1~deb8u1 > we discovered, that some of our services stop to work due to missed > sun.security.ec.ECParameters class. Futher investigations shows, that > sun.security.ec was not present in any jar files in jre distribution (it was > in rt.jar in 7u211-2.6.17-1~deb8u1 version). > > Missing of this package will not allow to make proper https connection.
We are aware of the problem and will release an update shortly. I have already replied to the debian-lts list here [1] Summary: Upstream removed duplicate classes from rt.jar because they are also present in sunec.jar. Debian has never shipped sunec.jar in OpenJDK 7, (see also [2]] so the removal causes applications that rely on Elyptic Curve algorithms to fail. The current workaround is to use a different security provider or to downgrade openjdk-7 to the previous version which can be downloaded from snapshots.debian.org. Regards, Markus Koschany [1] https://lists.debian.org/debian-lts/2019/08/msg00045.html [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750400
signature.asc
Description: OpenPGP digital signature
