Bug#623672: marked as done (Chokes on certificates with accented characters (LANG=C LC_ALL=C is wrong))

Debian Bug Tracking System Mon, 25 Apr 2011 06:51:43 -0700

Your message dated Mon, 25 Apr 2011 13:47:09 +0000
with message-id <e1qem85-0002a5...@franck.debian.org>
and subject line Bug#623671: fixed in ca-certificates-java 20110425
has caused the Debian Bug report #623671,
regarding Chokes on certificates with accented characters (LANG=C LC_ALL=C is 
wrong)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
623671: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623671
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ca-certificates-java
Version: 20100412
Severity: grave
Tags: patch

The pattern for errors is non-us-ascii characters in CA cert names.

creating /etc/ssl/certs/java/cacerts...
  added certificate mozilla/ACEDICOM_Root.crt
  error adding mozilla/AC_Raíz_Certicámara_S.A..crt
  added certificate mozilla/ApplicationCA_-_Japanese_Government.crt
  added certificate 
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
  added certificate mozilla/Buypass_Class_2_CA_1.crt
  added certificate mozilla/Buypass_Class_3_CA_1.crt
  added certificate mozilla/CA_Disig.crt
  added certificate mozilla/CNNIC_ROOT.crt
  added certificate mozilla/Certigna.crt
  added certificate mozilla/Chambers_of_Commerce_Root_-_2008.crt
  added certificate mozilla/ComSign_CA.crt
  added certificate mozilla/ComSign_Secured_CA.crt
  added certificate mozilla/Cybertrust_Global_Root.crt
  added certificate 
mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
  error adding mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
  added certificate mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
  added certificate mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
  added certificate mozilla/GlobalSign_Root_CA_-_R3.crt
  added certificate mozilla/Global_Chambersign_Root_-_2008.crt
  added certificate mozilla/Hongkong_Post_Root_CA_1.crt
  added certificate mozilla/IGC_A.crt
  added certificate mozilla/Izenpe.com.crt
  added certificate mozilla/Juur-SK.crt
  added certificate mozilla/Microsec_e-Szigno_Root_CA.crt
  added certificate mozilla/Microsec_e-Szigno_Root_CA_2009.crt
  error adding mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
  added certificate mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
  added certificate 
mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
  added certificate mozilla/SecureSign_RootCA11.crt
  added certificate mozilla/Security_Communication_EV_RootCA1.crt
   added certificate mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
  added certificate mozilla/TC_TrustCenter_Class_2_CA_II.crt
  added certificate mozilla/TC_TrustCenter_Class_3_CA_II.crt
  added certificate mozilla/TC_TrustCenter_Universal_CA_I.crt
  added certificate mozilla/TC_TrustCenter_Universal_CA_III.crt
  error adding 
mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
  added certificate 
mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
  added certificate mozilla/VeriSign_Universal_Root_Certification_Authority.crt
  added certificate mozilla/certSIGN_ROOT_CA.crt
  added certificate mozilla/ePKI_Root_Certification_Authority.crt
  added certificate mozilla/thawte_Primary_Root_CA_-_G2.crt
  added certificate mozilla/thawte_Primary_Root_CA_-_G3.crt

I tried hacking the scripts and the problem is LANG=C LC_ALL=C which
breaks unicode characters.

I am attaching a patch which fixes this breakage.

O.

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ca-certificates-java depends on:
ii  ca-certificates    20090814+nmu2         Common CA certificates
ii  default-jre-headle 1:1.6-40              Standard Java or Java compatible R
ii  openjdk-6-jre-head 6b18-1.8.3-2+squeeze1 OpenJDK Java runtime, using Hotspo

Versions of packages ca-certificates-java recommends:
ii  libnss3-1d             3.12.8-1+squeeze1 Network Security Service libraries

ca-certificates-java suggests no packages.

-- Configuration Files:
/etc/default/cacerts [Errno 13] Permission denied: u'/etc/default/cacerts'

-- no debconf information

diff -urNap ca-certificates-java-20100412~/debian/control ca-certificates-java-20100412/debian/control
--- ca-certificates-java-20100412~/debian/control	2010-04-11 19:11:52.000000000 +0000
+++ ca-certificates-java-20100412/debian/control	2011-04-22 06:56:13.918886021 +0000
@@ -3,12 +3,12 @@ Section: java
 Priority: optional
 Maintainer: OpenJDK Team <open...@lists.launchpad.net>
 Uploaders: Matthias Klose <d...@ubuntu.com>
-Build-Depends: debhelper (>= 6), ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2)
+Build-Depends: debhelper (>= 6), locales-all, ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2)
 Standards-Version: 3.8.4
 
 Package: ca-certificates-java
 Architecture: all
-Depends: ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2) | java6-runtime-headless, ${misc:Depends}
+Depends: locales-all, ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2) | java6-runtime-headless, ${misc:Depends}
 Recommends: libnss3-1d
 Description: Common CA certificates (JKS keystore)
  This package uses the hooks of the ca-certificates package to update the
diff -urNap ca-certificates-java-20100412~/debian/jks-keystore.hook ca-certificates-java-20100412/debian/jks-keystore.hook
--- ca-certificates-java-20100412~/debian/jks-keystore.hook	2010-04-11 18:47:48.000000000 +0000
+++ ca-certificates-java-20100412/debian/jks-keystore.hook	2011-04-22 06:57:09.442884938 +0000
@@ -46,7 +46,7 @@ while read line; do
     pem=${line#[+-]*}
     alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
     alias=${alias%*_}
-    LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE \
+    LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -list -keystore $KEYSTORE \
 	-storepass "$storepass" -alias "$alias" >/dev/null 2>&1 \
 	&& exists=yes || exists=no
     case "$line" in
@@ -54,12 +54,12 @@ while read line; do
 	if [ "$exists" = yes ]; then
 	    echo "  already exists: ${line#+*}"
 	else
-	  if LANG=C LC_ALL=C keytool -importcert -trustcacerts \
+	  if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts \
 		-keystore $KEYSTORE -noprompt -storepass "$storepass" \
 		-alias "$alias" -file "$pem" > $log 2>&1
 	  then
 	      echo "  added: ${line#+*}"
-	  elif LANG=C LC_ALL=C keytool -importcert -trustcacerts \
+	  elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts \
 		-keystore $KEYSTORE -noprompt -storepass "$storepass" \
 	        -providerClass sun.security.pkcs11.SunPKCS11 \
 	        -providerArg '${java.home}/lib/security/nss.cfg' \
@@ -77,12 +77,12 @@ while read line; do
 	;;
     -*)
 	if [ "$exists" = yes ]; then
-	    if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+	    if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
 		-noprompt -storepass "$storepass" \
 		-alias "$alias"
 	    then
 		echo "  removed ${line#-*}"
-	    elif LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+	    elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
 		-noprompt -storepass "$storepass" \
 	        -providerClass sun.security.pkcs11.SunPKCS11 \
 	        -providerArg '${java.home}/lib/security/nss.cfg' \
diff -urNap ca-certificates-java-20100412~/debian/postinst ca-certificates-java-20100412/debian/postinst
--- ca-certificates-java-20100412~/debian/postinst	2010-04-11 18:44:23.000000000 +0000
+++ ca-certificates-java-20100412/debian/postinst	2011-04-22 06:56:43.045376122 +0000
@@ -27,7 +27,7 @@ first_install()
 
     # aliases of pregenerated files
     pregenerated=$(tempfile)
-    LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \
+    LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -list -keystore $KEYSTORE -storepass "$storepass" \
 	| awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
 	| sort > $pregenerated
 
@@ -40,7 +40,7 @@ first_install()
 	case "$line" in
 	    !*)
 	        # remove untrusted certificate
-		if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+		if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
 		    -storepass "$storepass" -alias "$alias" >/dev/null
 		then
 		    echo "  removed untrusted certificate $pem"
@@ -56,12 +56,12 @@ first_install()
 		    continue
 		fi
 		if ! grep -q "^${alias}$" $pregenerated; then
-		  if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
+		  if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
 			-noprompt -storepass "$storepass" \
 			-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
 		  then
 		      echo "  added certificate $pem"
-		  elif LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
+		  elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
 		        -providerClass sun.security.pkcs11.SunPKCS11 \
 		        -providerArg '${java.home}/lib/security/nss.cfg' \
 			-noprompt -storepass "$storepass" \
diff -urNap ca-certificates-java-20100412~/debian/rules ca-certificates-java-20100412/debian/rules
--- ca-certificates-java-20100412~/debian/rules	2010-04-11 18:41:56.000000000 +0000
+++ ca-certificates-java-20100412/debian/rules	2011-04-22 06:59:31.726384953 +0000
@@ -17,12 +17,12 @@ build-stamp:
 	  alias=$$(basename $$crt .crt | tr A-Z a-z | tr -cs a-z0-9 _); \
 	  alias=$${alias%*_}; \
 	  echo "IMPORT: $$crt, alias=$$alias"; \
-	  if keytool -importcert -trustcacerts -keystore build/cacerts \
+	  if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore build/cacerts \
 	    -storepass 'changeit' \
 	    -alias "$$alias" -file "/usr/share/ca-certificates/$$crt" > keytool.log 2>&1; \
 	  then \
 	    cat keytool.log; \
-	  elif keytool -importcert -trustcacerts -keystore build/cacerts \
+	  elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore build/cacerts \
 	    -providerClass sun.security.pkcs11.SunPKCS11 \
 	    -providerArg '$${java.home}/lib/security/nss.cfg' \
 	    -storepass 'changeit' \

--- End Message ---

--- Begin Message ---

Source: ca-certificates-java
Source-Version: 20110425

We believe that the bug you reported is fixed in the latest version of
ca-certificates-java, which is due to be installed in the Debian FTP archive:

ca-certificates-java_20110425.dsc
  to main/c/ca-certificates-java/ca-certificates-java_20110425.dsc
ca-certificates-java_20110425.tar.gz
  to main/c/ca-certificates-java/ca-certificates-java_20110425.tar.gz
ca-certificates-java_20110425_all.deb
  to main/c/ca-certificates-java/ca-certificates-java_20110425_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 623...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Torsten Werner <twer...@debian.org> (supplier of updated ca-certificates-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Apr 2011 15:28:55 +0200
Source: ca-certificates-java
Binary: ca-certificates-java
Architecture: source all
Version: 20110425
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Torsten Werner <twer...@debian.org>
Description: 
 ca-certificates-java - Common CA certificates (JKS keystore)
Closes: 607245 623671 623888
Changes: 
 ca-certificates-java (20110425) unstable; urgency=low
 .
   * Add Java code to update the keystore and support UTF-8 encoded filenames.
     (Closes: #607245, #623671)
   * Change Maintainer to Debian Java Maintainers and add myself to Uploaders.
   * Update Build-Depends.
   * Replace old inconsistent keystore aliases. (Closes: #623888)
   * Add support for openjdk-7 and remove support for old cacao VM.
   * Add a NEWS file explaining the update.
   * Update README.Debian.
Checksums-Sha1: 
 0f91262dde151f7e4062179ec0682ef62e571316 907 ca-certificates-java_20110425.dsc
 28cb9ea75912ee4e5f79ce75695c288ce2988097 6130 
ca-certificates-java_20110425.tar.gz
 55f5408580040a6cde5eddf4d8d5b34d8a59a781 7890 
ca-certificates-java_20110425_all.deb
Checksums-Sha256: 
 9b8db104c50e0d229182a845099d219113361078d36b2cd58b86d35bca54229d 907 
ca-certificates-java_20110425.dsc
 b3c96ad01ff97c3a61693c210d879645501b7e0e575a6716867f3d83f7288602 6130 
ca-certificates-java_20110425.tar.gz
 5d5cada6a059324c0fb80c97733cc9dcce724f56d14d0952386087ed74523006 7890 
ca-certificates-java_20110425_all.deb
Files: 
 12303c27e3efef61c08e36f0aaf04577 907 java optional 
ca-certificates-java_20110425.dsc
 2271ed388df3ef105ccc5d396dd28eb2 6130 java optional 
ca-certificates-java_20110425.tar.gz
 ed29fc8fd1f9d603f552cd060fede865 7890 java optional 
ca-certificates-java_20110425_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk21eAgACgkQfY3dicTPjsOsXwCgiYOwtMrTpjCiJ4hnNNHXlBmL
+REAnjFcg9SCvjQgwvcwJQ+AFfh8pexb
=8coe
-----END PGP SIGNATURE-----

--- End Message ---

Bug#623672: marked as done (Chokes on certificates with accented characters (LANG=C LC_ALL=C is wrong))

Reply via email to