Date: Tue, 29 Sep 2009 14:03:58 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-java@freebsd.org Subject: java/jdk16 vulnerability? Message-ID: <d2e731a10909291103j100dfcd0y83732fb54dcf4914@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
[ From java jar invocation thread, more suitable to the vuln thread] > Also you might want to install java/jdk16 instead of diablo-jre16, > because in my experience it works better, especially considering > you are now running a jre compiled for FreeBSD-7.0. I may try java/openjdk6 first as it seems it will become the long term solution for the BSD's, maybe others. It also seems more up to date with its parent train, openjdk6, which seems maybe a fine effort by that new bsd-port group. A cheatsheet to the current state of the various versions and native bits as of last week: ## java 6 user pages # jrl jdk 6u16b1, jce policy, timezones, etc http://java.sun.com/javase/downloads/index.jsp http://www.freebsd.org/java/ ## java 6 dev pages # jrl jdk 6u18b2, rel 20090909 http://download.java.net/jdk6/source/ http://download.java.net/jdk6/latest_binaries/ # jrl jdk 6u7b2, rel 2008q2 http://www.freebsdfoundation.org/downloads/java.shtml http://cvsweb.freebsd.org/ports/java/diablo-jdk16 # jrl jdk 6u3b5, rel 20070924, eyesbeyond p4 rel 2008q1 http://download.java.net/jdk6/6u3/promoted/b05/index.html http://www.eyesbeyond.com/freebsddom/java/index.html http://cvsweb.freebsd.org/ports/java/jdk16 # open/gnu jdk 6b16, rel 20090424 http://openjdk.java.net/ http://mail.openjdk.java.net/pipermail/bsd-port-dev/ http://mail.openjdk.java.net/pipermail/bsd-port-dev/2008-August/000006.html http://hg.openjdk.java.net/bsd-port/bsd-port/ http://cvsweb.freebsd.org/ports/java/openjdk6 I think a timezone update might need included in the java/openjdk6 port by now. Also the 'current' patch files available for 1.5 and 1.6 at eyesbeyond appear to be older than the last 'numbered' patches, which is misleading. This could probably be made to fail more gracefully since I'm pretty sure the java/jdk16 package can only be made available from a locally built port, not as an official distributed package. Maybe dependant ports should have an option to just run 'java || exit' and say, ok prereq met. Maybe they do, I haven't got that far yet :) # pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/vuze-4.2.0.2_1.tbz Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/vuze-4.2.0.2_1.tbz... Done. Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/jdk-1.6.0.3p4_12.tbz: File unavailable (e.g., file not found, no access) Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/swt-devel-3.5.m6_1,1.tbz... Done. pkg_add: could not find package jdk-1.6.0.3p4_12 ! pkg_add: pkg_add of dependency 'swt-devel-3.5.m6_1,1' failed!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d2e731a10909291103j100dfcd0y83732fb54dcf4914>