Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 848804 - dev-java/icedtea-bin-3.16.0 java.security insecure protocols/chipers allowed
Summary: dev-java/icedtea-bin-3.16.0 java.security insecure protocols/chipers allowed
Status: RESOLVED PKGREMOVED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Java team
URL:
Whiteboard:
Keywords: PMASKED, PullRequest
Depends on:
Blocks:
 
Reported: 2022-05-31 16:20 UTC by Vasile M.
Modified: 2024-05-08 09:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vasile M. 2022-05-31 16:20:53 UTC 
Hi.

The openjdk disables insecure protocols (previous to TLS 1.2) and some chipers, but icedtea does not do it.

opejdk
/opt/openjdk-bin-8.322_p06/jre/lib/security/java.security
...
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves
...

icedtea
/opt/icedtea-bin-3.16.0/jre/lib/security/java.security
...
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
...

Please fix it disabling insecure ciphers and algorithms.
Comment 1 Larry the Git Cow gentoo-dev 2024-04-08 07:15:02 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=550bb0595b669648bf88be0b470a7c25c6a3d2a5

commit 550bb0595b669648bf88be0b470a7c25c6a3d2a5
Author:     Volkmar W. Pogatzki <gentoo@pogatzki.net>
AuthorDate: 2022-08-25 08:12:57 +0000
Commit:     Miroslav Šulc <fordfrog@gentoo.org>
CommitDate: 2024-04-08 07:14:46 +0000

    profiles/package.mask: last rite dev-java/{gin,gwt,validation-api,icedtead-bin}
    
    Bug: https://bugs.gentoo.org/848804
    Bug: https://bugs.gentoo.org/732628
    Closes: https://bugs.gentoo.org/830248
    Bug: https://bugs.gentoo.org/716228
    Bug: https://bugs.gentoo.org/853100
    Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
    Closes: https://github.com/gentoo/gentoo/pull/35987
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

 profiles/package.mask | 12 ++++++++++++
 1 file changed, 12 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-05-08 09:48:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0936855c44c82d812cc90fe390189cb112a6a93

commit d0936855c44c82d812cc90fe390189cb112a6a93
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2024-05-08 09:46:44 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2024-05-08 09:47:37 +0000

    dev-java/icedtea-bin: Remove last-rited pkg
    
    Bug: https://bugs.gentoo.org/848804
    Bug: https://bugs.gentoo.org/830248
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-java/icedtea-bin/Manifest                     |  14 ---
 dev-java/icedtea-bin/files/icedtea-bin.env.sh     |  17 ---
 dev-java/icedtea-bin/icedtea-bin-3.16.0-r2.ebuild | 135 ----------------------
 dev-java/icedtea-bin/metadata.xml                 |  11 --
 profiles/arch/arm/23.0-armv7a_hf/package.mask     |   4 -
 profiles/arch/arm/23.0-armv7a_sf/package.mask     |   4 -
 profiles/arch/arm/armv7a/package.mask             |   4 -
 profiles/arch/arm/package.mask                    |   4 -
 profiles/package.mask                             |   5 -
 9 files changed, 198 deletions(-)