Ubuntu
icedtea-web package

Unable to find class net.sourceforge.jnlp.security.VariableX509TrustManagerJDK7 with icedtea-7-plugin on 12.04

Bug #1171506 reported by Christian Reis
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
icedtea-web (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Medium
Jamie Strandboge

Bug Description

Since Friday, when I updated to the latest icedtea-web package, Java applets are not working properly for me. This happens in both browsers, but they behave slightly differently. Here are two scenarios:

1. Chromium loading http://www.java.com/pt_BR/download/testjava.jsp

Using a temporary profile chromium never is able to load the testjava applet. The question bar appears asking whether to run java, but when I click always run on this site the box where the plugin output appears doesn't run. Strangely, reloading the page later fails with a "This webpage is not available" message.

2. Chromium loading https://www2.bancobrasil.com.br/aapf/login.jsp?aapf.IDH=sim&perfil=1

Similar symptoms occur here -- the instructions "Aguarde, iniciando o acesso..." appear at the top of the page, but the login page which should come after never loads.

In Firefox, I am able to load testjava.jsp, but the banking site, which is what I really want to get to, never loads. I'll attach an iIcedtea debug log.

Revision history for this message
Christian Reis (kiko) wrote :

Logs from sequential loads of testjava and bb.com.br.

Revision history for this message
Christian Reis (kiko) wrote :

ii chromium-browser 25.0.1364.160-0ubuntu0.12.04.1 Chromium browser
ii chromium-browser-dbg 25.0.1364.160-0ubuntu0.12.04.1 chromium-browser debug symbols
ii chromium-browser-l10n 25.0.1364.160-0ubuntu0.12.04.1 chromium-browser language packages
ii chromium-codecs-ffmpeg 25.0.1364.160-0ubuntu0.12.04.1 Free ffmpeg codecs for the Chromium Browser

ii firefox 20.0+build1-0ubuntu0.12.04.3 Safe and easy web browser from Mozilla
ii firefox-globalmenu 20.0+build1-0ubuntu0.12.04.3 Safe and easy web browser from Mozilla - Unity menubar integration
ii firefox-gnome-support 20.0+build1-0ubuntu0.12.04.3 Safe and easy web browser from Mozilla - GNOME support
ii firefox-locale-en 20.0+build1-0ubuntu0.12.04.3 English language pack for Firefox
ii firefox-locale-es 20.0+build1-0ubuntu0.12.04.3 Spanish; Castilian language pack for Firefox
ii firefox-locale-pt 20.0+build1-0ubuntu0.12.04.3 Portuguese language pack for Firefox

ii icedtea-7-jre-jamvm 7u15-2.3.7-0ubuntu1~12.04.1 Alternative JVM for OpenJDK, using JamVM
ii icedtea-7-plugin 1.2.3-0ubuntu0.12.04.1 web browser plugin based on OpenJDK and IcedTea to execute Java applets
ii icedtea-netx 1.2.3-0ubuntu0.12.04.1 NetX - implementation of the Java Network Launching Protocol (JNLP)
ii icedtea-netx-common 1.2.3-0ubuntu0.12.04.1 NetX - implementation of the Java Network Launching Protocol (JNLP)

ii openjdk-7-jdk 7u15-2.3.7-0ubuntu1~12.04.1 OpenJDK Development Kit (JDK)
ii openjdk-7-jre 7u15-2.3.7-0ubuntu1~12.04.1 OpenJDK Java runtime, using Hotspot JIT
ii openjdk-7-jre-headless 7u15-2.3.7-0ubuntu1~12.04.1 OpenJDK Java runtime, using Hotspot JIT (headless)
ii openjdk-7-jre-lib 7u15-2.3.7-0ubuntu1~12.04.1 OpenJDK Java runtime (architecture independent libraries)

Revision history for this message
Christian Reis (kiko) wrote :

Reverting back to

ii icedtea-7-plugin 1.2-2ubuntu1.3 web browser plugin based on OpenJDK and IcedTea to execute Java applets
ii icedtea-netx 1.2-2ubuntu1.3 NetX - implementation of the Java Network Launching Protocol (JNLP)
ii icedtea-netx-common 1.2-2ubuntu1.3 NetX - implementation of the Java Network Launching Protocol (JNLP)

Fixes the issue for me.

Revision history for this message
Christian Reis (kiko) wrote :

Noting that in chromium this older version of the plugin crashes quite frequently. It's stable enough to let me use the banking application regardless, though.

Revision history for this message
Christian Reis (kiko) wrote :

The attached log file is for a successful run on the previous version of icedtea-web, loading the banking website.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

On firefox i386, if I go to the bank url, it takes a few seconds to load, and then I get a 'Security Approval Required' dialog. If I click 'Run' (and uncheck 'Always trust content from this publisher'), then it starts to load and after a few seconds a second 'Security Approval Required' dialog is presented. If I click 'Run' again (and uncheck 'Always trust content from this publisher'), I see what appears to be a login screen. Note, I had to use https://www2.bancobrasil.com.br/aapf/login.jsp because the one specified seemed to be associated with your account (it told me it could not recognize the computer). This is with the icedtea6-plugin (6b21.2.3-0ubuntu0.12.04.1).

If I install the icedtea-7-plugin, it says: 'Start:applet not initialized' if I go to the original bank URL. If I launch this from a terminal, I see:
$ cat /tmp/foo
java version "1.7.0_15"
OpenJDK Runtime Environment (IcedTea7 2.3.7) (7u15-2.3.7-0ubuntu1~12.04.1)
OpenJDK Client VM (build 23.7-b01, mixed mode, sharing)
Unable to find class net.sourceforge.jnlp.security.VariableX509TrustManagerJDK7
JAR https://www2.bancobrasil.com.br/aapf/idh/GbAs.jar not found. Continuing.
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize applet.
 at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:735)
 at net.sourceforge.jnlp.Launcher.getApplet(Launcher.java:676)
 at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:886)
Caused by: java.lang.ClassNotFoundException: br.com.gas.mid.GbAs
 at net.sourceforge.jnlp.runtime.JNLPClassLoader.loadClass(JNLPClassLoader.java:1404)
 at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:725)
 ... 2 more
Caused by:
java.lang.ClassNotFoundException: br.com.gas.mid.GbAs
 at net.sourceforge.jnlp.runtime.JNLPClassLoader.loadClass(JNLPClassLoader.java:1404)
 at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:725)
 at net.sourceforge.jnlp.Launcher.getApplet(Launcher.java:676)
 at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:886)
java.lang.NullPointerException
 at net.sourceforge.jnlp.NetxPanel.runLoader(NetxPanel.java:149)
 at sun.applet.AppletPanel.run(AppletPanel.java:380)
 at java.lang.Thread.run(Thread.java:722)
java.lang.NullPointerException
 at sun.applet.AppletPanel.run(AppletPanel.java:430)
 at java.lang.Thread.run(Thread.java:722)

This seems to be the problem:
Unable to find class net.sourceforge.jnlp.security.VariableX509TrustManagerJDK7

The debian/changelog has:
 * Common:
    - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7

This is http://icedtea.classpath.org/hg/release/icedtea-web-1.2/raw-rev/c74251bbaffd. I'll try reverting it and report back. The workaround appears to be to use icedtea6-plugin on 12.04 for now.

summary: - Unable to run java test applet in chromium, some applets not working in
- firefox
+ Unable to find class
+ net.sourceforge.jnlp.security.VariableX509TrustManagerJDK7 with
+ icedtea-7-plugin on 12.04
Changed in icedtea-web (Ubuntu):
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

12.10 is not affected with icedtea-6-plugin or icedtea-7-plugin (it has IcedTea 2.3.7).

Changed in icedtea-web (Ubuntu Precise):
status: New → Confirmed
Changed in icedtea-web (Ubuntu):
status: Confirmed → Invalid
Changed in icedtea-web (Ubuntu Precise):
status: Confirmed → Triaged
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Reverting c74251bbaffd allows icedtea-7-plugin to work with the bank on 12.04.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This seems to boil down to a mismatch of new upstream releases. icedtea-web 1.2.3 needs to be built against (at least) icedtea 2.3 with c74251bbaffd. In 12.04 and earlier, we build icedtea-web against icedtea 1.12, which does not need c74251bbaffd. FYI, icedtea-7-plugin is in universe on 12.04.

Changed in icedtea-web (Ubuntu Precise):
status: Triaged → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Uhh, I didn't describe that right. Building icedtea-web 1.2.3 with c74251bbaffd against IcedTea 1.12 and running the resulting icedtea-7-plugin doesn't work. Building icedtea-web 1.3 against IcedTea 2.3 allows both icedtea-7-plugin and icedtea-6-plugin to work.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

kiko, can you try the packages in https://launchpad.net/~ubuntu-security-proposed/+archive/ppa and report back if they fix the problems for you?

Revision history for this message
Christian Reis (kiko) wrote :

Oooh -- this one works just fine. It doesn't even crash every 4 page loads. Excellent analysis and quick turnaround Jamie!

Jamie Strandboge (jdstrand)
Changed in icedtea-web (Ubuntu Precise):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icedtea-web - 1.2.3-0ubuntu0.12.04.2

---------------
icedtea-web (1.2.3-0ubuntu0.12.04.2) precise-security; urgency=low

  * Revert PR1161: X509VariableTrustManager does not work correctly with
    OpenJDK7. The fix for PR1161 is needed for IcedTea 2.3.x and not 1.12.
    We need to keep this patch reverted as long as we build icedtea-web
    against 1.12 (LP: #1171506)
 -- Jamie Strandboge <email address hidden> Mon, 22 Apr 2013 16:47:22 -0500

Changed in icedtea-web (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icedtea-web - 1.2.3-0ubuntu0.11.10.2

---------------
icedtea-web (1.2.3-0ubuntu0.11.10.2) oneiric-security; urgency=low

  * Revert PR1161: X509VariableTrustManager does not work correctly with
    OpenJDK7. The fix for PR1161 is needed for IcedTea 2.3.x and not 1.12.
    We need to keep this patch reverted as long as we build icedtea-web
    against 1.12 (LP: #1171506)
 -- Jamie Strandboge <email address hidden> Tue, 23 Apr 2013 09:13:00 -0500

Changed in icedtea-web (Ubuntu):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.