[Pkg-freeipa-devel] Bug#889526: pki-server: Dogtag stopped starting after libnss3 upgrade to 2:3.35-2

Michal Kaspar michal at kaspar.in
Sun Feb 4 07:49:22 UTC 2018 

Package: pki-server
Version: 10.5.3-4
Severity: important

Dear Maintainer,
After upgrade of libnss3 to 2:3.35-2 pki-server (used as part of freeipa installation) stoped working. The Tomcat with pki-server contexts starts, but all the Dogtag context crash with errors:
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable (catalina.out)
Failed to create jss service: java.lang.SecurityException: Unable to initialize security library (ca/debug)

I appears the Tomcat isn't able to load jss library because the previous error in catalina is:
Feb 03, 2018 1:57:19 PM org.apache.catalina.util.SessionIdGeneratorBase createSecureRandom
SEVERE: Exception initializing random number generator using provider [Mozilla-JSS]
java.security.NoSuchProviderException: no such provider: Mozilla-JSS

and catalina.out contains warnings like:
ARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to 'false' did not find a match
ing property.

Downgrading libnss3 to 2:3.34.1-1 fixes the problem.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (650, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pki-server depends on:
ii  adduser                           3.117
ii  dogtag-pki-server-theme           10.5.3-4
ii  ldap-utils                        2.4.45+dfsg-1
ii  libatk-wrapper-java               0.33.3-15
ii  libcommons-collections3-java      3.2.2-1
ii  libcommons-dbcp-java              1.4-5
ii  libcommons-pool-java              1.6-3
ii  libjackson-json-java              1.9.2-8
ii  libjackson2-annotations-java      2.9.4-1
ii  libjackson2-jaxrs-providers-java  2.9.4-1
ii  libjboss-logging-java             3.3.1-1
ii  libjs-jquery                      3.2.1-1
ii  libjs-underscore                  1.8.3~dfsg-1
ii  libnuxwdog-java                   1.0.3-3+b4
ii  libscannotation-java              1.0.2+svn20110812-3
ii  libsymkey-java                    10.5.3-4
ii  libtomcatjss-java                 7.2.4-1
ii  libxml-commons-external-java      1.4.01-2
ii  libxml-commons-resolver1.1-java   1.2-9
ii  pki-base                          10.5.3-4
ii  pki-base-java                     10.5.3-4
ii  pki-tools                         10.5.3-4
ii  python                            2.7.14-4
ii  python-cryptography               2.1.4-1
ii  python-ldap                       3.0.0~b4-1.1
ii  python-lxml                       4.1.0-1
ii  python-selinux                    2.7-2+b1
ii  tomcat8.0-user                    8.0.46-1
ii  velocity                          1.7-5

pki-server recommends no packages.

pki-server suggests no packages.

-- no debconf information

More information about the Pkg-freeipa-devel mailing list