[Bug 66064] New: Tomcat 8.5.78 unit tests on JDK8 fails with: Unrecognized option: --add-opens=java.base/java.lang=ALL-UNNAMED
https://bz.apache.org/bugzilla/show_bug.cgi?id=66064 Bug ID: 66064 Summary: Tomcat 8.5.78 unit tests on JDK8 fails with: Unrecognized option: --add-opens=java.base/java.lang=ALL-UNNAMED Product: Tomcat 8 Version: 8.5.78 Hardware: Sun OS: Solaris Status: NEW Severity: normal Priority: P2 Component: Meta Assignee: dev@tomcat.apache.org Reporter: petr.sumb...@oracle.com Target Milestone: I see these: test-nio: [junit] Unrecognized option: --add-opens=java.base/java.lang=ALL-UNNAMED [junit] Error: Could not create the Java Virtual Machine. [junit] Error: A fatal exception has occurred. Program will exit. [junit] Running javax.el.TestArrayELResolver [junit] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0 sec [junit] Test javax.el.TestArrayELResolver FAILED (crashed) [junit] Unrecognized option: --add-opens=java.base/java.lang=ALL-UNNAMED [junit] Error: Could not create the Java Virtual Machine. [junit] Error: A fatal exception has occurred. Program will exit. [junit] Running javax.el.TestBeanELResolver [junit] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0 sec -- $ java -version java version "1.8.0_331" Java(TM) SE Runtime Environment (build 1.8.0_331-b09) Java HotSpot(TM) 64-Bit Server VM (build 25.331-b09, mixed mode) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66064] Tomcat 8.5.78 unit tests on JDK8 fails with: Unrecognized option: --add-opens=java.base/java.lang=ALL-UNNAMED
https://bz.apache.org/bugzilla/show_bug.cgi?id=66064 --- Comment #1 from Rainer Jung --- It should suffice to add the following lines to your own build.properties file: opens.javalang=-Dnop opens.javaio=-Dnop opens.sunrmi=-Dnop opens.javautil=-Dnop opens.javautilconcurrent=-Dnop You can add them before building or also just before running the test. They only apply to the unit test runs. The "nop" was chosen as any system property name that is likely not actually being used. It should remind one of a "no-operation". The project switched to using JDK 11 during build (but the resulting TC 8.5 still runs on Java 7). Those switches above were introduced to still allow testing for older JDKs to ensure compatibility. For testing with JDK 7 a few more adjustments are needed. We should probably document this. Regards, Rainer -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66064] Tomcat 8.5.78 unit tests on JDK8 fails with: Unrecognized option: --add-opens=java.base/java.lang=ALL-UNNAMED
https://bz.apache.org/bugzilla/show_bug.cgi?id=66064 --- Comment #2 from Mark Thomas --- Tomcat 8.5.x now requires Java 11 to build. Minimum runtime version remains Java 7. See BUILDING.txt in the root of the distribution. It does appear that building.html needs to updated for all versions. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: New test in TestPEMFile fails ...
On 12/05/2022 23:25, Rainer Jung wrote: Am 12.05.2022 um 22:57 schrieb Rémy Maucherat: On Thu, May 12, 2022 at 9:14 PM Rainer Jung wrote: ... for me with Java 1.8.0 332 (various OpenJDK builds) on TC 9.0.63 and 10.0.21, platform various Linuxes and also Solaris Sparc. It does not fail for Java 11 and also not for Oracle Java 1.8.0 331. The funny thing is it is the support that was already there in PEMFile that is failing, and that code is apparently completely unchanged. So I don't quite understand or maybe it simply never worked (I don't know the reason why obviously) as the test was not there before. That's likely. I didn't yet have the opportunity to run the test with older versions, but like you I don't see an obvious reason, why the problem should be new. I was going to see if I can figure out what is going on with this today. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66064] Tomcat 8.5.78 unit tests on JDK8 fails with: Unrecognized option: --add-opens=java.base/java.lang=ALL-UNNAMED
https://bz.apache.org/bugzilla/show_bug.cgi?id=66064 --- Comment #3 from Petr Sumbera --- Aha. Thank you! I see it now: https://github.com/apache/tomcat/commit/3b68fa6a4632592086cb9dc20118130cc7b9d16e https://github.com/apache/tomcat/commit/1912714307925c82b1ee015d7644bba044acf1f9 With the workaround added into build.properties file I'm running unit testing now. But still I used JDK 8 for the build without any problem. Is JDK 11 for the build really hard requirement now? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: New test in TestPEMFile fails ...
To add my results: Linux - Oracle 1.8.0 - 321 passes - 331 passes - 333 passes - Temurin 1.8.0 - 312 fails - 332 fails - Temurin 11 - 11.0.15 passes Adding these to Rainer's results, it looks like this feature depends on something in Java 8 that is Oracle specific and not part of the open source distributions until Java 11 (or maybe 9). I'll see if I can figure out exactly what is going wrong and if there is a way to get this working with the open source Java 8 releases. Mark On 13/05/2022 09:32, Mark Thomas wrote: On 12/05/2022 23:25, Rainer Jung wrote: Am 12.05.2022 um 22:57 schrieb Rémy Maucherat: On Thu, May 12, 2022 at 9:14 PM Rainer Jung wrote: ... for me with Java 1.8.0 332 (various OpenJDK builds) on TC 9.0.63 and 10.0.21, platform various Linuxes and also Solaris Sparc. It does not fail for Java 11 and also not for Oracle Java 1.8.0 331. The funny thing is it is the support that was already there in PEMFile that is failing, and that code is apparently completely unchanged. So I don't quite understand or maybe it simply never worked (I don't know the reason why obviously) as the test was not there before. That's likely. I didn't yet have the opportunity to run the test with older versions, but like you I don't see an obvious reason, why the problem should be new. I was going to see if I can figure out what is going on with this today. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: New test in TestPEMFile fails ...
On 13/05/2022 10:15, Mark Thomas wrote: To add my results: Linux - Oracle 1.8.0 - 321 passes - 331 passes - 333 passes - Temurin 1.8.0 - 312 fails - 332 fails - Temurin 11 - 11.0.15 passes Adding these to Rainer's results, it looks like this feature depends on something in Java 8 that is Oracle specific and not part of the open source distributions until Java 11 (or maybe 9). I'll see if I can figure out exactly what is going wrong and if there is a way to get this working with the open source Java 8 releases. This looks like a bug to me. With Temurin JDK 8 302_b08 the test fails at line 204 with: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48) at sun.security.util.ObjectIdentifier.(ObjectIdentifier.java:285) at sun.security.util.DerInputStream.getOID(DerInputStream.java:320) at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:151) at sun.security.x509.AlgorithmId.(AlgorithmId.java:133) t sun.security.x509.AlgorithmId.parse(AlgorithmId.java:413) at javax.crypto.EncryptedPrivateKeyInfo.(EncryptedPrivateKeyInfo.java:95) at org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:204) With Temurin JDK 8 302_b08 the test fails at line 212 with: java.security.spec.InvalidKeySpecException: Cannot retrieve the PKCS8EncodedKeySpec at javax.crypto.EncryptedPrivateKeyInfo.getKeySpec(EncryptedPrivateKeyInfo.java:258) at org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:212) The issue is that the wrong algorithm is identified. It should be PBEWithHmacSHA256AndAES_256 but the Temurin JDK selects PBEWithHmacSHA1AndAES_256. I think things are going wrong back at line 204. I'm still digging for the root cause. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1900856 - in /tomcat/site/trunk: docs/security-8.html xdocs/security-8.xml
Author: markt Date: Fri May 13 12:48:30 2022 New Revision: 1900856 URL: http://svn.apache.org/viewvc?rev=1900856&view=rev Log: Fix copy/paste error Modified: tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/xdocs/security-8.xml Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1900856&r1=1900855&r2=1900856&view=diff == --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Fri May 13 12:48:30 2022 @@ -81,7 +81,7 @@ This issue was identified by the Apache Tomcat Security Team on 21 December 2021. The issue was made public on 12 May 2022. -Affects: 9.0.0.M1 to 9.0.20 +Affects: 8.5.0 to 8.5.75 20 January 2022 Fixed in Apache Tomcat 8.5.75 Modified: tomcat/site/trunk/xdocs/security-8.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1900856&r1=1900855&r2=1900856&view=diff == --- tomcat/site/trunk/xdocs/security-8.xml (original) +++ tomcat/site/trunk/xdocs/security-8.xml Fri May 13 12:48:30 2022 @@ -96,7 +96,7 @@ This issue was identified by the Apache Tomcat Security Team on 21 December 2021. The issue was made public on 12 May 2022. -Affects: 9.0.0.M1 to 9.0.20 +Affects: 8.5.0 to 8.5.75 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: New test in TestPEMFile fails ...
On 13/05/2022 12:16, Mark Thomas wrote: This looks like a bug to me. Confirmed. It is this one: https://bugs.openjdk.java.net/browse/JDK-8245169 This has been fixed in jdk8u-dev as part of this issue: https://bugs.openjdk.java.net/browse/JDK-8076190 The merged PR is this one: https://git.openjdk.java.net/jdk8u-dev/pull/12 on 17 March 2022. jdk8u342b00 was tagged on 28/02/2022 so it didn't include that fix. The issue has the jdk8u-fix-yes tag so it should be pulled in for 342b01. I don't see anything more we can do at this point apart from wait for the next release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: New test in TestPEMFile fails ...
Am 13.05.2022 um 15:20 schrieb Mark Thomas: On 13/05/2022 12:16, Mark Thomas wrote: This looks like a bug to me. Confirmed. It is this one: https://bugs.openjdk.java.net/browse/JDK-8245169 This has been fixed in jdk8u-dev as part of this issue: https://bugs.openjdk.java.net/browse/JDK-8076190 The merged PR is this one: https://git.openjdk.java.net/jdk8u-dev/pull/12 on 17 March 2022. jdk8u342b00 was tagged on 28/02/2022 so it didn't include that fix. The issue has the jdk8u-fix-yes tag so it should be pulled in for 342b01. I don't see anything more we can do at this point apart from wait for the next release. +1, great investigation! Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1900860 - in /tomcat/site/trunk: docs/security-impact.html xdocs/security-impact.xml
Author: markt Date: Fri May 13 16:11:55 2022 New Revision: 1900860 URL: http://svn.apache.org/viewvc?rev=1900860&view=rev Log: High got used for recent announcement so use Important/High Modified: tomcat/site/trunk/docs/security-impact.html tomcat/site/trunk/xdocs/security-impact.xml Modified: tomcat/site/trunk/docs/security-impact.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-impact.html?rev=1900860&r1=1900859&r2=1900860&view=diff == --- tomcat/site/trunk/docs/security-impact.html (original) +++ tomcat/site/trunk/docs/security-impact.html Fri May 13 16:11:55 2022 @@ -20,13 +20,14 @@ arbitrary code (either as the user the server is running as, or root). These are the sorts of vulnerabilities that could be exploited automatically by worms. - Important -A vulnerability rated as Important impact is one which could result in - the compromise of data or availability of the server. For Tomcat this - includes issues that allow an easy remote denial of service (something - that is out of proportion to the attack or with a lasting consequence), - access to arbitrary files outside of the context root, or access to files - that should be otherwise prevented by limits or authentication. + Important / High +A vulnerability rated as Important )or High) impact is one which could + result in the compromise of data or availability of the server. For + Tomcat this includes issues that allow an easy remote denial of service + (something that is out of proportion to the attack or with a lasting + consequence), access to arbitrary files outside of the context root, or + access to files that should be otherwise prevented by limits or + authentication. Moderate A vulnerability is likely to be rated as Moderate if there is significant mitigation to make the issue less of an impact. This might be because the Modified: tomcat/site/trunk/xdocs/security-impact.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-impact.xml?rev=1900860&r1=1900859&r2=1900860&view=diff == --- tomcat/site/trunk/xdocs/security-impact.xml (original) +++ tomcat/site/trunk/xdocs/security-impact.xml Fri May 13 16:11:55 2022 @@ -32,13 +32,14 @@ automatically by worms. - -A vulnerability rated as Important impact is one which could result in - the compromise of data or availability of the server. For Tomcat this - includes issues that allow an easy remote denial of service (something - that is out of proportion to the attack or with a lasting consequence), - access to arbitrary files outside of the context root, or access to files - that should be otherwise prevented by limits or authentication. + +A vulnerability rated as Important )or High) impact is one which could + result in the compromise of data or availability of the server. For + Tomcat this includes issues that allow an easy remote denial of service + (something that is out of proportion to the attack or with a lasting + consequence), access to arbitrary files outside of the context root, or + access to files that should be otherwise prevented by limits or + authentication. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
