[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
This bug was fixed in the package ca-certificates-java - 20180516ubuntu1~18.04.1 --- ca-certificates-java (20180516ubuntu1~18.04.1) bionic; urgency=medium * Backport from Cosmic. (LP: #1770553) ca-certificates-java (20180516ubuntu1) cosmic; urgency=low * Merge from Debian unstable (LP: #1771815). Remaining changes: - debian/control: Bump javahelper build dependency. - debian/rules: + Explicitly depend on openjdk-11-jre-headless, needed to configure. + Replace javac arguments '-source 1.7 -target 1.7' with '--release 7' as, per JEP-247, it also takes care of setting the right -bootclasspath argument. ca-certificates-java (20180516) unstable; urgency=medium * Team upload. [ Tiago Stürmer Daitx ] * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file with the right configuration is already supplied by the openjdk packages. * debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME and update PATH if a known jvm was found. * debian/postinst.in: Detect PKCS12 cacert keystore generated by previous ca-certificates-java and convert them to JKS. (Closes: #898678) (LP: #1771363) [ Matthias Klose ] * debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to configure. [ Emmanuel Bourg ] * Use salsa.debian.org Vcs-* URLs ca-certificates-java (20180413ubuntu1) cosmic; urgency=medium * Merge from debian unstable. Remaining changes: (LP: #1769013, LP: #1739631) + debian/control: Bump javahelper build dependency. + debian/rules: - Explicitly depend on openjdk-11-jre-headless, needed to configure. - Replace javac arguments '-source 1.7 -target 1.7' with '--release 7' as, per JEP-247, it also takes care of setting the right -bootclasspath argument. * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file with the right configuration is already supplied by the openjdk packages. ca-certificates-java (20180413) unstable; urgency=medium * Team upload. * Always generate a JKS keystore instead of using the default format (Closes: #894979) * Look for Java 10 and Java 11 when detecting the JRE * Removed Damien Raude-Morvan from the uploaders (Closes: #889412) * Standards-Version updated to 4.1.4 * Switch to debhelper level 11 -- Tiago Stürmer Daitx Thu, 17 May 2018 14:10:59 + ** Changed in: ca-certificates-java (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
I just tested 2 scenarios: 1.) install: fresh clean bionic AMI, enable proposed -> install openjdk-11-jdk-headless (So new creation of keystore) => Working fine with the proposed 20180516ubuntu1~18.04.1 2.) update: Existing bionic instance with old 20170930ubuntu1 package version. Enable proposed and update to 20180516ubuntu1~18.04.1 (so conversion of keystore) => also working fine -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
I also installed the ca-certificates- java_20180516ubuntu1~18.04.1_all.deb package. It fixed the problems I was having with Maven. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
I just installed the ca-certificates- java_20180516ubuntu1~18.04.1_all.deb package and it fixed the bug for me. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
Hello Tiago, or anyone else affected, Accepted ca-certificates-java into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ca- certificates-java/20180516ubuntu1~18.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: ca-certificates-java (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
** Also affects: ca-certificates-java (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: ca-certificates-java (Ubuntu Bionic) Status: New => Confirmed ** Changed in: ca-certificates-java (Ubuntu) Status: Confirmed => Invalid ** Changed in: ca-certificates-java (Ubuntu Bionic) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
Attaching debdiff from Cosmic current version (ie. contains only the changelog entry). ** Patch added: "ca-certificates-java_20180516ubuntu1_debdiff_20180516ubuntu1.18.04.1.patch" https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+attachment/5163378/+files/ca-certificates-java_20180516ubuntu1_debdiff_20180516ubuntu1.18.04.1.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
Uploading new debdiff with the ca-certificate-java backport from Cosmic current version (20180516ubuntu1) to Bionic. This backport has been versioned as 20180516ubuntu1.18.04.1. The only change from Cosmic is a changelog entry to update the version and a mention to the backport. The debdiff was generated from the current Bionic package (20170930ubuntu1). ** Patch removed: "ca-certificates-java_20170930ubuntu1_debdiff_20180516ubuntu1.18.04.1.patch" https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+attachment/5140880/+files/ca-certificates-java_20170930ubuntu1_debdiff_20180516ubuntu1.18.04.1.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
** Patch added: "ca-certificates-java_20170930ubuntu1_debdiff_20180516ubuntu1.18.04.1.patch" https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+attachment/5163377/+files/ca-certificates-java_20170930ubuntu1_debdiff_20180516ubuntu1.18.04.1.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
Please, can someone fix this? Bionic is available since some months now and this problem is really annoying... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
This breaks bazel [1], and thus makes it impossible to package TensorFlow for 18.04. [1] https://github.com/bazelbuild/bazel/issues/5099 ** Bug watch added: github.com/bazelbuild/bazel/issues #5099 https://github.com/bazelbuild/bazel/issues/5099 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
Hi rightaditya, could you please be more specific what you did exactly? I could not find a "Cosmic's package" (e.g. no .deb file), and what did you do to "install" it? Thanks so much, Kay -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
I can confirm that this issue affected me, and I was able to fix the problem by simply installing Cosmic's version of the package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
Debdiff from the current Bionic version, 20170930ubuntu1, to the proposed 20180516ubuntu1.18.04.1. Please note that this basically updates the Bionic version to the same one that is currently on Cosmic [1]. [1] https://launchpad.net/ubuntu/+source/ca-certificates- java/20180516ubuntu1 ** Patch added: "ca-certificates-java_20170930ubuntu1_debdiff_20180516ubuntu1.18.04.1.patch" https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+attachment/5140880/+files/ca-certificates-java_20170930ubuntu1_debdiff_20180516ubuntu1.18.04.1.patch ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
** Tags added: bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
** Description changed: [Impact] - Any user doing a new install - or upgrading, if openjdk was not installed - can be affected as soon as they install any openjdk-11 package. + Any user doing a new install - or upgrading if openjdk was not installed - can be affected as soon as they install any openjdk-11 package. [Cause] - The ca-certificate-java version 20170930 (or earlier) used the default keystore to create /etc/ssl/certs/java/cacerts - if the file already existed its contents were just updated. + The ca-certificate-java version 20170930 (or earlier) used the default keystore to create /etc/ssl/certs/java/cacerts - if the file already existed its contents were just updated without changing the keystore + type. From openjdk-9 upwards the default keystore type changed from 'jks' to 'pkcs12' [1] by means of JEP 229 [2]. A JKS keystore can be read without supplying a password (or by supplying an empty one) while a PKCS12 keystore requires a password to be set. Thus a /etc/ssl/certs/java/cacerts created in the pkcs12 format will fail to be loaded as, by default, the truststore password is empty - in order to avoid that the user must set -Djavax.net.ssl.trustStorePassword= or define it in /etc/java- XX-openjdk/management/management.properties. A JKS keystore will work normally, as the certificates in it can be ready when the truststore password is empty. + Ubuntu does *not* set the javax.net.ssl.trustStorePassword by default + thus any user that got a cacerts generated in JKCS12 won't be able + to use any secure connections from java. + [Test Case with cacerts 20170930ubuntu1 or earlier] Start on a new bionic install/chroot without openjdk 1. Install openjdk-11 $ sudo apt-get install openjdk-11-jdk + 2. Test the keystore with an empty password (optional) and make sure it is a PKCS12 $ keytool -list -cacerts - Enter keystore password: - + Enter keystore password: * WARNING WARNING WARNING * * The integrity of the information stored in your keystore * * has NOT been verified! In order to verify its integrity, * * you must provide your keystore password. * * WARNING WARNING WARNING * - Keystore type: PKCS12 Keystore provider: SUN - Your keystore contains 0 entries + 3. Test with the "changeit" password - keytool -list -cacerts - Enter keystore password: changeit + $ keytool -list -cacerts + Enter keystore password: changeit Keystore type: PKCS12 Keystore provider: SUN - Your keystore contains 133 entries - + 4. Create the java test file - $ cat
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
** Summary changed: - [SRU] backport ca-certificates-java from cosmic (20180413ubuntu1) + [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs