Bug 905128
| Summary: | [CRASH] OpenJDK-1.7.0 while using NSS security provider and kerberos | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Alon Bar-Lev <alonbl> | ||||||||||||||
| Component: | java-1.7.0-openjdk | Assignee: | Andrew John Hughes <ahughes> | ||||||||||||||
| Status: | CLOSED ERRATA | QA Contact: | Lukáš Zachar <lzachar> | ||||||||||||||
| Severity: | high | Docs Contact: | |||||||||||||||
| Priority: | high | ||||||||||||||||
| Version: | 6.5 | CC: | ahughes, bazulay, dbhole, iheim, italkohe, jbelka, jrieden, jvanek, rrelyea, tlavigne, xwei, yzaslavs | ||||||||||||||
| Target Milestone: | rc | Keywords: | ZStream | ||||||||||||||
| Target Release: | --- | ||||||||||||||||
| Hardware: | Unspecified | ||||||||||||||||
| OS: | Unspecified | ||||||||||||||||
| Whiteboard: | |||||||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||||
| Clone Of: | Environment: | ||||||||||||||||
| Last Closed: | 2013-11-21 11:12:37 UTC | Type: | Bug | ||||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||||
| Documentation: | --- | CRM: | |||||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||
| Embargoed: | |||||||||||||||||
| Bug Depends On: | |||||||||||||||||
| Bug Blocks: | 831734, 904766, 960054, 998596 | ||||||||||||||||
| Attachments: |
|
||||||||||||||||
|
Description
Alon Bar-Lev
2013-01-28 16:31:50 UTC
Comment on attachment 689075 [details]
GSSAPITest.java
Sample program.
Created attachment 689076 [details]
krb5.conf
Created attachment 689077 [details]
jaas.conf
Created attachment 689096 [details]
hs_err_pid17595.log
Dump
Workaround: Revert to the default java security provider. Unrelated note: Settings of jvm should be the defaults of openjdk settings. Applications/administrators that wish to boost their performance can actively load security provider of their choice. Changing the system width configuration of jvm and effecting all applications should have been avoided. It seems the TCK doesn't really test non-block ciphers throughly. The fix is fairly trivial; just a state that wasn't fully accounted for. Created attachment 689985 [details]
Don't make an update call in doFinal for non-block ciphers
We have reverted the errata which should make RHEV work again (with the version in 6.3.z/older 6.4 composes). This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. *** Bug 906325 has been marked as a duplicate of this bug. *** Created attachment 691121 [details]
Revised patch that checks blockBuffer rather than blockBufferLen
It turns out some TCK tests started failing because there are valid cases with an empty block buffer. So we test for the actual failure case (no blockBuffer at all) rather than trying to be clever.
*** Bug 907090 has been marked as a duplicate of this bug. *** Replacing the openJdk rpm on a 6.4 host with a 6.5 build might create a lot of none relevant noise. However if we get a 6.4 (somwhat stable build) we can give it a quick test. BTW the right way to test it is: 1. install vanilla rhel-XXX - make sure the new openJdk is installed 2. install ovirt-engine 3. join a domain 4. login Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1611.html |