1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1099511: newest releases of bc* java libraries cause arduino to fai

    From Jonas Smedegaard@21:1/5 to All on Tue Mar 4 10:40:01 2025
    Package: libbcpkix-java,libbcprov-java,libbcutil-java,libbcpg-java,arduino Severity: grave

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    On an up-to-date amd64 Debian unstable system as of today, arduino fails
    to start like this:

    arduino
    Picked up JAVA_TOOL_OPTIONS:
    WARNING: A restricted method in java.lang.System has been called
    WARNING: java.lang.System::loadLibrary has been called by processing.app.Platform in an unnamed module (file:/usr/share/arduino/lib/arduino-core.jar)
    WARNING: Use --enable-native-access=ALL-UNNAMED to avoid a warning for callers in this module
    WARNING: Restricted methods will be blocked in a future release unless native access is enabled

    java.lang.NoClassDefFoundError: org/bouncycastle/asn1/cryptlib/CryptlibObjectIdentifiers
    at org.bouncycastle.openpgp.PGPUtil$2.<init>(Unknown Source)
    at org.bouncycastle.openpgp.PGPUtil.<clinit>(Unknown Source)
    at cc.arduino.contributions.GPGDetachedSignatureVerifier.readPublicKey(GPGDetachedSignatureVerifier.java:99)
    at cc.arduino.contributions.GPGDetachedSignatureVerifier.readPublicKey(GPGDetachedSignatureVerifier.java:92)
    at cc.arduino.contributions.GPGDetachedSignatureVerifier.verify(GPGDetachedSignatureVerifier.java:73)
    at cc.arduino.contributions.SignatureVerifier.isSigned(SignatureVerifier.java:46)
    at cc.arduino.contributions.packages.ContributionsIndexer.parseIndex(ContributionsIndexer.java:92)
    at processing.app.BaseNoGui.initPackages(BaseNoGui.java:483)
    at processing.app.Base.<init>(Base.java:263)
    at processing.app.Base.main(Base.java:141)
    Caused by: java.lang.ClassNotFoundException: org.bouncycastle.asn1.cryptlib.CryptlibObjectIdentifiers
    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:580)
    at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:490)
    ... 10 more

    Downgrading the packages libbcpkix-java, libbcprov-java, libbcutil-java
    and libbcpg-java from their current 1.80-2 to 1.72-2 mkes arduino start
    again.

    - Jonas


    -----BEGIN PGP SIGNATURE-----

    wsG7BAEBCgBvBYJnxsltCRAsfDFGwaABIUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfOB+kq63AgobZLDRLP4oAL8T5wzD/5J+Tp5IFLay20 3xYhBJ/j6cNmkaaf9TzGhCx8MUbBoAEhAAC4sA//SikLipZxa9wC7CnwR15zLD26 NBVS7BlkLXNI1LKhV3QGJ+pq0Zgmu6kWU/8oIgSRXlfSk1kh+bUrufpFmSU3hZvA sqrKJNvNVvOf8nC+dmOHBZP4tFYON4XmUERpwEDpQYa1CWFIOuygK9guFZo21z/Q EzFN8Nb7R7yTirQfI6kYN5ccUtpyiO++R7QQr8fVqABWX0jNmPhJp3/YiqOC56zQ 1Zg3ly8Yzr3vFq13c6fVJwO57RyWHyeeL+Sa8T7GRlaSl8lo5/Ll+tM8mDQjKvB2 ArhnA2lrtt81/gpIRgeIrJ2jwTomzBvoYC8ONnPco+lu77kzNf4gBtFLHt46JRMD K+/+lnN2JIgLA00f9CSWZonM3vvSc7sAHM6ErbsJcC/fn88xdw3CCQI5xSETWKHj 8w+jQQ4kV2o46KEJNNJQTXRWygxkioLju28XXl8mQDs0VRIA1o9OUts/9cfR/BPA bN7MmdO56pPRiAEjOfz279TJYcAljXhioyV+HrhDME3bIBpeamBaqYA/Z3Eev9Ae ioedysWxkel4OaV/+RzFF3gNERYK8VvbtctKzKKoVUJuMaePNtD0vcGU21rnLI+5 USdhqQbBjM9SkOUaHOnwFF8/nvzCCEZLSOGFAYHRiRQmdiZW/qScT1iKfYKVoJ90 LvQ8re4UV+wSpyEFl50=
    =ucmU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Emmanuel Bourg@21:1/5 to Jonas Smedegaard on Tue Mar 4 11:00:01 2025
    On 04/03/2025 10:35, Jonas Smedegaard wrote:

    On an up-to-date amd64 Debian unstable system as of today, arduino fails
    to start like this:

    arduino
    Picked up JAVA_TOOL_OPTIONS:
    WARNING: A restricted method in java.lang.System has been called
    WARNING: java.lang.System::loadLibrary has been called by processing.app.Platform in an unnamed module (file:/usr/share/arduino/lib/arduino-core.jar)
    WARNING: Use --enable-native-access=ALL-UNNAMED to avoid a warning for callers in this module
    WARNING: Restricted methods will be blocked in a future release unless native access is enabled

    java.lang.NoClassDefFoundError: org/bouncycastle/asn1/cryptlib/CryptlibObjectIdentifiers
    at org.bouncycastle.openpgp.PGPUtil$2.<init>(Unknown Source)
    at org.bouncycastle.openpgp.PGPUtil.<clinit>(Unknown Source)

    Hi Jonas,

    Classes have been moved from bcprov to bcutil in BC 1.80. Adding bcutil
    to the classpath should fix this issue.

    Emmanuel Bourg

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Tue Mar 4 11:40:02 2025
    Processing control commands:

    reassign -1 src:bouncycastle
    Bug #1099511 [arduino] newest releases of bc* java libraries cause arduino to fail to start
    Bug reassigned from package 'arduino' to 'src:bouncycastle'.
    Ignoring request to alter found versions of bug #1099511 to the same values previously set
    Ignoring request to alter fixed versions of bug #1099511 to the same values previously set
    affects -1 arduino
    Bug #1099511 [src:bouncycastle] newest releases of bc* java libraries cause arduino to fail to start
    Added indication that 1099511 affects arduino
    found -1 1.80-1
    Bug #1099511 [src:bouncycastle] newest releases of bc* java libraries cause arduino to fail to start
    Marked as found in versions bouncycastle/1.80-1.

    --
    1099511: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099511
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Matthias Geiger@21:1/5 to werdahias@riseup.net on Tue Apr 8 19:40:01 2025
    On Mon, 07 Apr 2025 22:20:47 +0200 Matthias Geiger <werdahias@riseup.net> wrote:
    On Tue, 4 Mar 2025 11:51:06 +0100 Emmanuel Bourg <ebourg@apache.org> wrote:
    On 04/03/2025 11:33, Jonas Smedegaard wrote:

    Thanks for the clarification.

    I have reassigned accordingly: If I understand you correctly, the bug
    (of changing without coordination with reverse dependencies) is in src:bouncycastle, even if the best fix might be a change in arduino.

    Actually the issue is the classpath used by arduino, it contains only bcprov.jar and should now also include bcutil.jar. This can't be done at the src:bouncycastle level and must be changed in src:arduino, here:

    https://salsa.debian.org/electronics-team/arduino/arduino/-/blob/debian/2%251.8.19+dfsg1-2/debian/arduino.links?ref_type=tags#L25

    The arduino package will also require a dependency on libbcutil-java.

    Hi Emmanuel,
    thanks for the hint. I built a package with said tweaks enabled;
    however, it still fails to start:

    $ arduino
    Picked up JAVA_TOOL_OPTIONS:
    Error: main class processing.app.Base can't be initialized
    Reason: java.lang.NoClassDefFoundError:
    processing/app/helpers/UserNotifier

    Do you have any more pointers so I can fix this in time for trixie ?

    Actually this was an error on my end, so disregard that. dh_link didn't
    seem to do the trick; however, I found out that the class was moved to org/bouncycastle/internal/asn1/cryptlib/CryptlibObjectIdentifiers.class
    (note the "internal" string).
    arduino looks for the library at org/bouncycastle/asn1/cryptlib/CryptlibObjectIdentifiers.class (and does
    not find it), thus failing.
    I do not know how to tell it to look at .../internal... , so I'd
    appreciate any advice so I can fix it.

    best,

    Matthias Geiger <werdahias>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Wed Apr 9 12:00:02 2025
    This is a multi-part message in MIME format...

    Your message dated Wed, 09 Apr 2025 09:49:06 +0000
    with message-id <E1u2S3O-00A5YH-RX@fasolo.debian.org>
    and subject line Bug#1099511: fixed in arduino 2:1.8.19+dfsg1-3
    has caused the Debian Bug report #1099511,
    regarding newest releases of bc* java libraries cause arduino to fail to start to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1099511: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099511
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 4 Mar 2025 09:36:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-23.5 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_PACKAGE,FVGT_m_MULTI_ODD,HAS_PACKAGE,MONEY,PGPSIGNATURE,
    SPF_HELO_PASS,SPF_PASS,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 155; hammy, 150; neutral, 90; spammy,
    0. spammytokens: hammytokens:0.000-+--sha512, 0.000-+--SHA512,
    0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug,
    0.000-+--H*RU:xayide.jones.dk
    Return-path: <dr@jones.dk>
    Received: from graograman.jones.dk ([87.104.249.100]:38780 helo=xayide.jones.dk)
    by buxtehude.debian.org with utf8esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_