Date: Sat, 4 Jan 2014 20:19:19 -0800 From: Greg Lewis <glewis@eyesbeyond.com> To: Matthew Seaman <matthew@freebsd.org> Cc: freebsd-java@freebsd.org Subject: Re: open jdk7 marked "FORBIDDEN" Message-ID: <20140105041919.GA57795@misty.eyesbeyond.com> In-Reply-To: <52C7E24A.6010902@FreeBSD.org> References: <21189.33585.949509.38005@jerusalem.litteratus.org> <52C58E85.8030501@freebsd.org> <1388798626990-5873612.post@n5.nabble.com> <52C7E24A.6010902@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 04, 2014 at 10:28:26AM +0000, Matthew Seaman wrote: > On 04/01/2014 01:23, ari wrote: > >> The 'nasty FreeBSD bug' is that running the latest OpenJDK 6 or 7 will > >> cause pretty much all version of FreeBSD back to 8.0 to instantly > >> reboot. This is actually a FreeBSD kernel bug. > > > >> Watch the freebsd-announce@... list -- there will be at least an Errata > >> notice for all supported releases. > > > > > > I understand the desire to protect people from bad effects, but this lockout > > of every Java port (since everything pretty much depends on openjdk) is > > quite extreme. Can we please have some more information about: > > > > * the nature of the bug > > * how far back do we have to revert openjdk7 to avoid the problem > > > > I've got a huge reliance on Java on production servers and this makes me > > very nervous. I also had planned an upgrade from FreeBSD 9.0 to 9.2 on a > > server today and this can't go ahead since I cannot install an updated > > openjdk. > > > > If this is an obscure bug which is in all versions of the openjdk against > > all versions of freebsd, could someone please revert the FORBIDDEN flag on > > these ports, since its only effect is to: > > > > * make users believe that FreeBSD is not a good platform for Java > > * stop users from upgrading from any previous versions of Java, or otherwise > > update systems > > > > If this is a serious problem only in the latest version of Java (eg. > > 1.7.0_45) then can we revert the port to a known working version? > > > > > > At any rate, more information would be great since I've already got 1.7.0_45 > > in production on a couple of machines and I need to know what to look out > > for. > > Yes, certainly. The important point here is that the bug is in certain > FreeBSD versions, not in Java. > > If you've got a java package that runs without causing the system to > panic then there's no reason not to carry on using it. > > The symptoms of the bug are that the OS will panic whenever one of the > latest versions of OpenJDK is run on a susceptible version of the OS. > If your machine can /build/ the latest OpenJDK without panicing (which > involves extensive use of Java to compile itself) then you're OK to > deploy that version to run your web applications or whatever (subject to > the usual sorts of testing you'ld do around updating any core component > of the business that provides your paychecks, of course). > > OpenJDK 7.45.18 or 7.45.18_1 would trigger the bug in susceptible > FreeBSD systems. 7.25.15_2 or earlier should be safe. "Safe" being a relative term since typically the updated Java version will contain security fixes as well. I didn't enumerate all the security fixes between 7u25 and 7u45 when doing the update, but I'm pretty certain it was not a list of zero length. I realise this potentially puts people in a poor situation. I'd definitely recommend running 7u45 if you can, and in particular please run 7.45.18_1, since the initial 7.45.18 update didn't pick up changes to how the unlimited strength security policies were installed. > FreeBSD 11-CURRENT (r259951), 10-STABLE (r260081), 10.0-RELEASE-rc4 > (r260122) and 9-STABLE (r260082) have been patched. Neither 8-STABLE > nor any of the supported 9.x- or 8.x-RELEASE branches have been patched > yet. As I said, the -RELEASE branches would be listed in an errata > notice or security advisory when a patch was applied. > > Disclaimer: this is just based on what I have been able to gather from > public mailing lists, my own experiences trying to build package sets > including OpenJDK and by spelunking through the SVN repository via > http://svnweb.freebsd.org/base/ It does not represent the official > position of the FreeBSD project. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. > PGP: http://www.infracaninophile.co.uk/pgpkey -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140105041919.GA57795>