Bug#623672: marked as done (Chokes on certificates with accented characters (LANG=C LC_ALL=C is wrong))

Debian Bug Tracking System Sun, 24 Apr 2011 01:51:28 -0700

Your message dated Sun, 24 Apr 2011 08:47:20 +0000
with message-id <e1qduyo-000668...@franck.debian.org>
and subject line Bug#623672: fixed in ca-certificates-java 20110421~nmu1
has caused the Debian Bug report #623672,
regarding Chokes on certificates with accented characters (LANG=C LC_ALL=C is 
wrong)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
623672: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623672
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ca-certificates-java
Version: 20100412
Severity: grave
Tags: patch

The pattern for errors is non-us-ascii characters in CA cert names.

creating /etc/ssl/certs/java/cacerts...
  added certificate mozilla/ACEDICOM_Root.crt
  error adding mozilla/AC_Raíz_Certicámara_S.A..crt
  added certificate mozilla/ApplicationCA_-_Japanese_Government.crt
  added certificate 
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
  added certificate mozilla/Buypass_Class_2_CA_1.crt
  added certificate mozilla/Buypass_Class_3_CA_1.crt
  added certificate mozilla/CA_Disig.crt
  added certificate mozilla/CNNIC_ROOT.crt
  added certificate mozilla/Certigna.crt
  added certificate mozilla/Chambers_of_Commerce_Root_-_2008.crt
  added certificate mozilla/ComSign_CA.crt
  added certificate mozilla/ComSign_Secured_CA.crt
  added certificate mozilla/Cybertrust_Global_Root.crt
  added certificate 
mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
  error adding mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
  added certificate mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
  added certificate mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
  added certificate mozilla/GlobalSign_Root_CA_-_R3.crt
  added certificate mozilla/Global_Chambersign_Root_-_2008.crt
  added certificate mozilla/Hongkong_Post_Root_CA_1.crt
  added certificate mozilla/IGC_A.crt
  added certificate mozilla/Izenpe.com.crt
  added certificate mozilla/Juur-SK.crt
  added certificate mozilla/Microsec_e-Szigno_Root_CA.crt
  added certificate mozilla/Microsec_e-Szigno_Root_CA_2009.crt
  error adding mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
  added certificate mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
  added certificate 
mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
  added certificate mozilla/SecureSign_RootCA11.crt
  added certificate mozilla/Security_Communication_EV_RootCA1.crt
   added certificate mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
  added certificate mozilla/TC_TrustCenter_Class_2_CA_II.crt
  added certificate mozilla/TC_TrustCenter_Class_3_CA_II.crt
  added certificate mozilla/TC_TrustCenter_Universal_CA_I.crt
  added certificate mozilla/TC_TrustCenter_Universal_CA_III.crt
  error adding 
mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
  added certificate 
mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
  added certificate mozilla/VeriSign_Universal_Root_Certification_Authority.crt
  added certificate mozilla/certSIGN_ROOT_CA.crt
  added certificate mozilla/ePKI_Root_Certification_Authority.crt
  added certificate mozilla/thawte_Primary_Root_CA_-_G2.crt
  added certificate mozilla/thawte_Primary_Root_CA_-_G3.crt

I tried hacking the scripts and the problem is LANG=C LC_ALL=C which
breaks unicode characters.

I am attaching a patch which fixes this breakage.

O.

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ca-certificates-java depends on:
ii  ca-certificates    20090814+nmu2         Common CA certificates
ii  default-jre-headle 1:1.6-40              Standard Java or Java compatible R
ii  openjdk-6-jre-head 6b18-1.8.3-2+squeeze1 OpenJDK Java runtime, using Hotspo

Versions of packages ca-certificates-java recommends:
ii  libnss3-1d             3.12.8-1+squeeze1 Network Security Service libraries

ca-certificates-java suggests no packages.

-- Configuration Files:
/etc/default/cacerts [Errno 13] Permission denied: u'/etc/default/cacerts'

-- no debconf information

diff -urNap ca-certificates-java-20100412~/debian/control ca-certificates-java-20100412/debian/control
--- ca-certificates-java-20100412~/debian/control	2010-04-11 19:11:52.000000000 +0000
+++ ca-certificates-java-20100412/debian/control	2011-04-22 06:56:13.918886021 +0000
@@ -3,12 +3,12 @@ Section: java
 Priority: optional
 Maintainer: OpenJDK Team <open...@lists.launchpad.net>
 Uploaders: Matthias Klose <d...@ubuntu.com>
-Build-Depends: debhelper (>= 6), ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2)
+Build-Depends: debhelper (>= 6), locales-all, ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2)
 Standards-Version: 3.8.4
 
 Package: ca-certificates-java
 Architecture: all
-Depends: ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2) | java6-runtime-headless, ${misc:Depends}
+Depends: locales-all, ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2) | java6-runtime-headless, ${misc:Depends}
 Recommends: libnss3-1d
 Description: Common CA certificates (JKS keystore)
  This package uses the hooks of the ca-certificates package to update the
diff -urNap ca-certificates-java-20100412~/debian/jks-keystore.hook ca-certificates-java-20100412/debian/jks-keystore.hook
--- ca-certificates-java-20100412~/debian/jks-keystore.hook	2010-04-11 18:47:48.000000000 +0000
+++ ca-certificates-java-20100412/debian/jks-keystore.hook	2011-04-22 06:57:09.442884938 +0000
@@ -46,7 +46,7 @@ while read line; do
     pem=${line#[+-]*}
     alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
     alias=${alias%*_}
-    LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE \
+    LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -list -keystore $KEYSTORE \
 	-storepass "$storepass" -alias "$alias" >/dev/null 2>&1 \
 	&& exists=yes || exists=no
     case "$line" in
@@ -54,12 +54,12 @@ while read line; do
 	if [ "$exists" = yes ]; then
 	    echo "  already exists: ${line#+*}"
 	else
-	  if LANG=C LC_ALL=C keytool -importcert -trustcacerts \
+	  if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts \
 		-keystore $KEYSTORE -noprompt -storepass "$storepass" \
 		-alias "$alias" -file "$pem" > $log 2>&1
 	  then
 	      echo "  added: ${line#+*}"
-	  elif LANG=C LC_ALL=C keytool -importcert -trustcacerts \
+	  elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts \
 		-keystore $KEYSTORE -noprompt -storepass "$storepass" \
 	        -providerClass sun.security.pkcs11.SunPKCS11 \
 	        -providerArg '${java.home}/lib/security/nss.cfg' \
@@ -77,12 +77,12 @@ while read line; do
 	;;
     -*)
 	if [ "$exists" = yes ]; then
-	    if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+	    if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
 		-noprompt -storepass "$storepass" \
 		-alias "$alias"
 	    then
 		echo "  removed ${line#-*}"
-	    elif LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+	    elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
 		-noprompt -storepass "$storepass" \
 	        -providerClass sun.security.pkcs11.SunPKCS11 \
 	        -providerArg '${java.home}/lib/security/nss.cfg' \
diff -urNap ca-certificates-java-20100412~/debian/postinst ca-certificates-java-20100412/debian/postinst
--- ca-certificates-java-20100412~/debian/postinst	2010-04-11 18:44:23.000000000 +0000
+++ ca-certificates-java-20100412/debian/postinst	2011-04-22 06:56:43.045376122 +0000
@@ -27,7 +27,7 @@ first_install()
 
     # aliases of pregenerated files
     pregenerated=$(tempfile)
-    LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \
+    LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -list -keystore $KEYSTORE -storepass "$storepass" \
 	| awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
 	| sort > $pregenerated
 
@@ -40,7 +40,7 @@ first_install()
 	case "$line" in
 	    !*)
 	        # remove untrusted certificate
-		if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+		if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
 		    -storepass "$storepass" -alias "$alias" >/dev/null
 		then
 		    echo "  removed untrusted certificate $pem"
@@ -56,12 +56,12 @@ first_install()
 		    continue
 		fi
 		if ! grep -q "^${alias}$" $pregenerated; then
-		  if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
+		  if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
 			-noprompt -storepass "$storepass" \
 			-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
 		  then
 		      echo "  added certificate $pem"
-		  elif LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
+		  elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
 		        -providerClass sun.security.pkcs11.SunPKCS11 \
 		        -providerArg '${java.home}/lib/security/nss.cfg' \
 			-noprompt -storepass "$storepass" \
diff -urNap ca-certificates-java-20100412~/debian/rules ca-certificates-java-20100412/debian/rules
--- ca-certificates-java-20100412~/debian/rules	2010-04-11 18:41:56.000000000 +0000
+++ ca-certificates-java-20100412/debian/rules	2011-04-22 06:59:31.726384953 +0000
@@ -17,12 +17,12 @@ build-stamp:
 	  alias=$$(basename $$crt .crt | tr A-Z a-z | tr -cs a-z0-9 _); \
 	  alias=$${alias%*_}; \
 	  echo "IMPORT: $$crt, alias=$$alias"; \
-	  if keytool -importcert -trustcacerts -keystore build/cacerts \
+	  if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore build/cacerts \
 	    -storepass 'changeit' \
 	    -alias "$$alias" -file "/usr/share/ca-certificates/$$crt" > keytool.log 2>&1; \
 	  then \
 	    cat keytool.log; \
-	  elif keytool -importcert -trustcacerts -keystore build/cacerts \
+	  elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore build/cacerts \
 	    -providerClass sun.security.pkcs11.SunPKCS11 \
 	    -providerArg '$${java.home}/lib/security/nss.cfg' \
 	    -storepass 'changeit' \

--- End Message ---

--- Begin Message ---

Source: ca-certificates-java
Source-Version: 20110421~nmu1

We believe that the bug you reported is fixed in the latest version of
ca-certificates-java, which is due to be installed in the Debian FTP archive:

ca-certificates-java_20110421~nmu1.dsc
  to main/c/ca-certificates-java/ca-certificates-java_20110421~nmu1.dsc
ca-certificates-java_20110421~nmu1.tar.gz
  to main/c/ca-certificates-java/ca-certificates-java_20110421~nmu1.tar.gz
ca-certificates-java_20110421~nmu1_all.deb
  to main/c/ca-certificates-java/ca-certificates-java_20110421~nmu1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 623...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ond...@debian.org> (supplier of updated ca-certificates-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 24 Apr 2011 10:13:48 +0200
Source: ca-certificates-java
Binary: ca-certificates-java
Architecture: source all
Version: 20110421~nmu1
Distribution: unstable
Urgency: low
Maintainer: OpenJDK Team <open...@lists.launchpad.net>
Changed-By: Ondřej Surý <ond...@debian.org>
Description: 
 ca-certificates-java - Common CA certificates (JKS keystore)
Closes: 623672
Changes: 
 ca-certificates-java (20110421~nmu1) unstable; urgency=low
 .
   * Non-maintainer Upload.
   * Depend on locales-all and use en_US.UTF-8 locale (Closes: #623672)
Checksums-Sha1: 
 a001951ceba080a46094481f6d7314d1dfdbca25 935 
ca-certificates-java_20110421~nmu1.dsc
 29bbfdfd8c47d1e5d1f4563eb820928317f4d779 5192 
ca-certificates-java_20110421~nmu1.tar.gz
 7a359b448c0457e6a9d0b0ad429b781202fa1cf3 121214 
ca-certificates-java_20110421~nmu1_all.deb
Checksums-Sha256: 
 a0ca7ff96b21eef0aeb3bdfd0723096dbfb60bd4f4acbb3edcdb58874aa44673 935 
ca-certificates-java_20110421~nmu1.dsc
 9467b607121cdb8bfa7b6530ff38639b1ab9d91b87d8840ddd7b5da525e06f42 5192 
ca-certificates-java_20110421~nmu1.tar.gz
 f1676e45b274eda1e4c3d090948e2b049d7361ccb298cb17bbaff5b6f4bf543f 121214 
ca-certificates-java_20110421~nmu1_all.deb
Files: 
 794af8abbbbef5f67f214200bc903675 935 java optional 
ca-certificates-java_20110421~nmu1.dsc
 34078ed264e401ffb5b176d3b98ec214 5192 java optional 
ca-certificates-java_20110421~nmu1.tar.gz
 fdf73c875dc69e15a29c819ae9c2509e 121214 java optional 
ca-certificates-java_20110421~nmu1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk2z3m4ACgkQ9OZqfMIN8nOMmwCdGxDJ7EsmZ/Qwb59RAkYBUVyM
nz4An2nxXmJSbMIgSfL9vf97jRuhmZUf
=e8O5
-----END PGP SIGNATURE-----

--- End Message ---

Bug#623672: marked as done (Chokes on certificates with accented characters (LANG=C LC_ALL=C is wrong))

Reply via email to