open jdk7 marked "FORBIDDEN"

Matthew Seaman matthew at FreeBSD.org
Sat Jan 4 10:28:39 UTC 2014 

On 04/01/2014 01:23, ari wrote:
>> The 'nasty FreeBSD bug' is that running the latest OpenJDK 6 or 7 will
>> cause pretty much all version of FreeBSD back to 8.0 to instantly
>> reboot.  This is actually a FreeBSD kernel bug.
> 
>> Watch the freebsd-announce at ... list -- there will be at least an Errata
>> notice for all supported releases.
> 
> 
> I understand the desire to protect people from bad effects, but this lockout
> of every Java port (since everything pretty much depends on openjdk) is
> quite extreme. Can we please have some more information about:
> 
> * the nature of the bug
> * how far back do we have to revert openjdk7 to avoid the problem
> 
> I've got a huge reliance on Java on production servers and this makes me
> very nervous. I also had planned an upgrade from FreeBSD 9.0 to 9.2 on a
> server today and this can't go ahead since I cannot install an updated
> openjdk.
> 
> If this is an obscure bug which is in all versions of the openjdk against
> all versions of freebsd, could someone please revert the FORBIDDEN flag on
> these ports, since its only effect is to:
> 
> * make users believe that FreeBSD is not a good platform for Java
> * stop users from upgrading from any previous versions of Java, or otherwise
> update systems
> 
> If this is a serious problem only in the latest version of Java (eg.
> 1.7.0_45) then can we revert the port to a known working version?
> 
> 
> At any rate, more information would be great since I've already got 1.7.0_45
> in production on a couple of machines and I need to know what to look out
> for.

Yes, certainly.  The important point here is that the bug is in certain
FreeBSD versions, not in Java.

If you've got a java package that runs without causing the system to
panic then there's no reason not to carry on using it.

The symptoms of the bug are that the OS will panic whenever one of the
latest versions of OpenJDK is run on a susceptible version of the OS.
If your machine can /build/ the latest OpenJDK without panicing (which
involves extensive use of Java to compile itself) then you're OK to
deploy that version to run your web applications or whatever (subject to
the usual sorts of testing you'ld do around updating any core component
of the business that provides your paychecks, of course).

OpenJDK 7.45.18 or 7.45.18_1 would trigger the bug in susceptible
FreeBSD systems.  7.25.15_2 or earlier should be safe.

FreeBSD 11-CURRENT (r259951), 10-STABLE (r260081), 10.0-RELEASE-rc4
(r260122) and 9-STABLE (r260082) have been patched.  Neither 8-STABLE
nor any of the supported 9.x- or 8.x-RELEASE branches have been patched
yet. As I said, the -RELEASE branches would be listed in an errata
notice or security advisory when a patch was applied.

Disclaimer: this is just based on what I have been able to gather from
public mailing lists, my own experiences trying to build package sets
including OpenJDK and by spelunking through the SVN repository via
http://svnweb.freebsd.org/base/  It does not represent the official
position of the FreeBSD project.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-java/attachments/20140104/e463055a/attachment.sig>

More information about the freebsd-java mailing list