From owner-freebsd-java@FreeBSD.ORG Sat Jan 4 10:28:39 2014 Return-Path: Delivered-To: freebsd-java@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3AFD835D for ; Sat, 4 Jan 2014 10:28:39 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B8D6B158A for ; Sat, 4 Jan 2014 10:28:38 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.7/8.14.7) with ESMTP id s04ASXJS011310 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Sat, 4 Jan 2014 10:28:33 GMT (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s04ASXJS011310 Authentication-Results: smtp.infracaninophile.co.uk/s04ASXJS011310; dkim=none reason="no signature"; dkim-adsp=none Message-ID: <52C7E24A.6010902@FreeBSD.org> Date: Sat, 04 Jan 2014 10:28:26 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-java@freebsd.org Subject: Re: open jdk7 marked "FORBIDDEN" References: <21189.33585.949509.38005@jerusalem.litteratus.org> <52C58E85.8030501@freebsd.org> <1388798626990-5873612.post@n5.nabble.com> In-Reply-To: <1388798626990-5873612.post@n5.nabble.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BJvB76U5KeRQX1WRs5pg0OBD8iGVsgSht" X-Virus-Scanned: clamav-milter 0.98 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DCC_CHECK autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jan 2014 10:28:39 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BJvB76U5KeRQX1WRs5pg0OBD8iGVsgSht Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 04/01/2014 01:23, ari wrote: >> The 'nasty FreeBSD bug' is that running the latest OpenJDK 6 or 7 will= >> cause pretty much all version of FreeBSD back to 8.0 to instantly >> reboot. This is actually a FreeBSD kernel bug. >=20 >> Watch the freebsd-announce@... list -- there will be at least an Errat= a >> notice for all supported releases. >=20 >=20 > I understand the desire to protect people from bad effects, but this lo= ckout > of every Java port (since everything pretty much depends on openjdk) is= > quite extreme. Can we please have some more information about: >=20 > * the nature of the bug > * how far back do we have to revert openjdk7 to avoid the problem >=20 > I've got a huge reliance on Java on production servers and this makes m= e > very nervous. I also had planned an upgrade from FreeBSD 9.0 to 9.2 on = a > server today and this can't go ahead since I cannot install an updated > openjdk. >=20 > If this is an obscure bug which is in all versions of the openjdk again= st > all versions of freebsd, could someone please revert the FORBIDDEN flag= on > these ports, since its only effect is to: >=20 > * make users believe that FreeBSD is not a good platform for Java > * stop users from upgrading from any previous versions of Java, or othe= rwise > update systems >=20 > If this is a serious problem only in the latest version of Java (eg. > 1.7.0_45) then can we revert the port to a known working version? >=20 >=20 > At any rate, more information would be great since I've already got 1.7= =2E0_45 > in production on a couple of machines and I need to know what to look o= ut > for. Yes, certainly. The important point here is that the bug is in certain FreeBSD versions, not in Java. If you've got a java package that runs without causing the system to panic then there's no reason not to carry on using it. The symptoms of the bug are that the OS will panic whenever one of the latest versions of OpenJDK is run on a susceptible version of the OS. If your machine can /build/ the latest OpenJDK without panicing (which involves extensive use of Java to compile itself) then you're OK to deploy that version to run your web applications or whatever (subject to the usual sorts of testing you'ld do around updating any core component of the business that provides your paychecks, of course). OpenJDK 7.45.18 or 7.45.18_1 would trigger the bug in susceptible FreeBSD systems. 7.25.15_2 or earlier should be safe. FreeBSD 11-CURRENT (r259951), 10-STABLE (r260081), 10.0-RELEASE-rc4 (r260122) and 9-STABLE (r260082) have been patched. Neither 8-STABLE nor any of the supported 9.x- or 8.x-RELEASE branches have been patched yet. As I said, the -RELEASE branches would be listed in an errata notice or security advisory when a patch was applied. Disclaimer: this is just based on what I have been able to gather from public mailing lists, my own experiences trying to build package sets including OpenJDK and by spelunking through the SVN repository via http://svnweb.freebsd.org/base/ It does not represent the official position of the FreeBSD project. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --BJvB76U5KeRQX1WRs5pg0OBD8iGVsgSht Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJSx+JRXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATprYP/1K7cjubu2JD9ZxLIHfVfKhR onB0bf2JbkyrzqPgBPA6d0n2KJ+nf2q3fLtn5IOg3LioM7qdm8ASu9qaECtGZyNO isrg+fw1fbDgxXXFQ76hFUqLfRpO0sTT2au0FiBGec5iozb9HFhY1/7Ovu8DElYS nvknJNN9jZEGUCIVFEqKC1NoPQmi8D7rt0dPZHPOUOcDfRrkOI27KvggGuWzzjYg 4FLcX1qSkwkS2DcMqSeMpD9qqur9v60gPW5qe2b4VACXiqg2wL81Gr5UI7TLUsso 5so6ajeJbHdIiGdTGXx8UnvLaQmrpuZb8EusYr/L4bf8u7AWEbiYK2sXQqwlcWje awMKjejK/Vr0Y46KBpLIT32vF+V3uNghql6hepJOCI9EEHBLUpvLFo08RWL8r++6 rlDqSTlQbRcPtFkXXAfd0CnJI570UkrDwPXUVFY2BSCNH91Aq/KllxQB3q3qCmua Zpnr7dW7RDZtFzD9gUcMRA1peO4ZOu8R0wOkDtWDQi3mOjZ/d7cE2YI1C7B13I64 Vhq5ApJOYmwqILcZeN/O/JHG7dPlSkUvJUZ1S3BeYRfbep6LIkIHSr9txT2rwAPY tyjq6hgi45mQd+Izocwfvn/cazkGab8M3fh6cmA6kpDm+TGr687cplyqAHuN+CEs sgnvr48JVnODSKfIrE6Y =oOd3 -----END PGP SIGNATURE----- --BJvB76U5KeRQX1WRs5pg0OBD8iGVsgSht--