compat3x

Thu Oct 19 09:02:56 UTC 2006

On Thu, 2006-10-19 at 06:04 +1000, Peter Jeremy wrote:
> On Wed, 2006-Oct-18 13:06:10 -0600, Charlie Sorsby wrote:
> >What does this mean and why is it so?
> 
> You are trying to use antique software.  Your problem is nothing to
> do with the version of FreeBSD that you are running.  Rather, you
> are trying to use a binary that was built to run on FreeBSD 3.x.
> 
> >Wednesday, 18 Oct, 2006 -- 12:59:41 MDT
> >===>  compat3x-i386-4.4.20020925 is forbidden: FreeBSD-SA-03:05.xdr, FreeBSD-SA-03:08.realpath  - not fixed / no lib available.
> 
> It means that the FreeBSD 3.x libraries contain a number of
> vulnerabilities and the FreeBSD project no longer has the resources to
> maintain them.
> 
> >I'm trying to install jre from the ports collection of freeBSD 4.11
> >and get the following:
> 
> ports/java/jre is Java 1.1.8, which is quite old.
> 
> Java needs Java as a pre-requisite.  A native Java 1.1.8 was released
> for FreeBSD 2.x and 3.x so that is used for bootstrapping.  The binary
> jre1.1.8 was built for FreeBSD 3.x and so needs 3.x compatability
> libraries.  Upgrading Java binaries is a time-consuming and expensive
> undertaking because they must pass Sun's compliance test suite.  This
> year, the Project released Java 1.5 binaries - at a not insignificant
> cost (which I've seen but can't find right now).
> 
> >While I can understand lack of support for old versions of the OS,
> >I cannot understand nor can I fail to resent y'all's making its use
> >impossible.
> 
> The last FreeBSD 3.x release was FreeBSD 3.5, released in June 2000.
> Just how long do you expect the FreeBSD Project to maintain support?
> What exactly do you want to the Project to do?  If the software wasn't
> marked as having known vulnerabilities then I'm sure you would scream
> just as loudly and rudely when someone broke into your system via
> one of those vulnerabilities.
> 
> In this particular case, you only need the compat3x libraries to
> bootstrap jre so it may be practical for you to:
> 1) comment out the "FORBIDDEN" line in compat3x
> 2) install compat3x and the jre1.1.8 binary
> 3) build jre1.1.8 natively
> 4) uninstall compat3x and the jre1.1.8 binary
> 5) Re-add the "FORBIDDEN" line in compat3x
> 6) install the jre1.1.8 you built in step 3

Yeah, or use DISABLE_VULNERABILITIES=yes (which really doesn't mean
much, I think IGNORE_FORBIDDEN would be a better name).

> >Perhaps if y'all were not so intent upon making free"BSD" less and
> >less BSD and more and more "invented here" such problems would be
> >less common.

All this deserves is *plonk*.

-- 
Florent Thoumie
flz at FreeBSD.org
FreeBSD Committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20061019/3a32c24d/attachment.pgp