Bug#635111: libnss3-1d: "java.io.FileNotFoundException: /usr/lib/libnss3.so" in 3.12.10-2

The Wanderer wanderer at fastmail.fm
Fri Jul 22 19:12:10 UTC 2011 

Package: libnss3-1d
Version: 3.12.10-2
Severity: critical
Justification: breaks unrelated software



The libnss-1d 3.12.10-2 update breaks logging in to Minecraft.

After updating libnss3-1d from 3.12.10-1 to 3.12.10-2, attempting to log in to
Minecraft (which is Java-based and authenticates to a remote site) fails with
the following messages:

================
java.security.ProviderException: Could not initialize NSS
         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:201)
         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
         at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
         at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
         at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
         at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
         at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
         at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
         at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
         at sun.security.jca.ProviderList$ServiceList.tryGet(ProviderList.java:433)
         at 
sun.security.jca.ProviderList$ServiceList.access$200(ProviderList.java:375)
         at 
sun.security.jca.ProviderList$ServiceList$1.hasNext(ProviderList.java:485)
         at sun.security.jca.GetInstance.getInstance(GetInstance.java:170)
         at javax.net.ssl.SSLContext.getInstance(SSLContext.java:142)
         at javax.net.ssl.SSLContext.getDefault(SSLContext.java:85)
         at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:119)
         at 
javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:344)
         at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:302)
         at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)
         at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
         at sun.net.www.protocol.https.Handler.openConnection(Handler.java:57)
         at java.net.URL.openConnection(URL.java:963)
         at net.minecraft.Util.excutePost(Util.java:68)
         at net.minecraft.LauncherFrame.login(LauncherFrame.java:96)
         at net.minecraft.LoginForm$5.run(LoginForm.java:117)
Caused by: java.io.FileNotFoundException: /usr/lib/libnss3.so
         at sun.security.pkcs11.Secmod.initialize(Secmod.java:186)
         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:197)
         ... 27 more
================

Before the update, this did not happen.

In 3.12.10-1, the libnss3 .so files and associated symlinks were located in
/usr/lib/, which is where I would expect them to be. In 3.12.10-2, they have
been moved to /usr/lib/x86_64-linux-gnu/, where apparently something does not
know to look for them.

This could be because necessary changes to let the system know to look in the
new location have not been made, because the path is hardcoded into the Java
libraries, or because the path is hardcoded into Minecraft itself. I do not know
which.

I do not (know that I) have access to any other Java-based programs which use
NSS, so I do not know whether or not this would also happen with Java
applications other than Minecraft.


There is a possibility that this is simply a problem with Minecraft, and if so,
there's room to argue that since that's a third-party non-packaged non-free
application, Debian has no responsibility for fixing what broke when the library
moved. However, there's also room to argue that Minecraft is simply relying on
system libraries, and that it is very much Debian's responsibility to make sure
that those are accessible to any software, regardless of provenance. I do not
know which argument is correct in this instance.


-- System Information:
Debian Release: wheezy/sid
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'oldstable'), (500, 'testing'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libnss3-1d depends on:
ii  libc6                   2.13-10          Embedded GNU C Library: Shared lib
ii  libnspr4-0d             4.8.8-2          NetScape Portable Runtime Library
ii  libsqlite3-0            3.7.7-2          SQLite 3 shared library
ii  multiarch-support       2.13-10          Transitional package to ensure mul
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

libnss3-1d recommends no packages.

libnss3-1d suggests no packages.

-- no debconf information

More information about the pkg-mozilla-maintainers mailing list