openjdk6 regression causes finalizers never to be called

https://launchpad.net/ubuntu/+source/openjdk-6/+publishinghistory

confirms that this would have been introduced into Precise on 2014-02-27

Mailing list discussion:
  http://comments.gmane.org/gmane.comp.java.openjdk.jdk6.devel/1114

cleaned up in openjdk7 amongst a much larger commit

I'm currently running with the following patch (not entirely sure how the packaging works and whether I've done this the right wy). Passes all tests.

The above patch has a second instance of the same issue fixed. Mailing list thread from upstream here:
http://mail.openjdk.java.net/pipermail/jdk6-dev/2014-March/003253.html

The attachment "Patch to ubuntu packaging" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Status changed to 'Confirmed' because the bug affects multiple users.

I have uploaded packages for Ubuntu 12.04 and 14.04 to https://launchpad.net/~ubuntu-security-proposed/+archive/ppa and they should be done building in a couple hours.

Can someone who is affected by this bug comment on either to confirm that they fix this bug? If the issue is fixed, I will prepare packages for the other releases and a USN.

Thanks!

Jamie: we've verified that the patch I applied *appears* to fix the bug we are seeing. I say *appears* as the bug manifesting itself seems to be a function of uninitialized values on the stack; on some runs it explodes with leaking stuff straight away, other times it runs fine for many many hours, and only later explodes. I haven't verified your .deb files but could you tell me what patch(es) they are using? I can then get QA here to play with them.

Alex, I used the patch from http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/04e4c3ec6516. You can see it here:
https://launchpadlibrarian.net/170707257/openjdk-6_6b30-1.13.1-1ubuntu2~0.12.04.1_6b30-1.13.1-1ubuntu2~0.12.04.2.diff.gz

Hrm, seems I missed the patch to hotspot: https://bugs.openjdk.java.net/browse/JDK-8035893.

Yes , the version I tested (with my patch, as attached to this bug) has both of those fixed.

Updated packages have been uploaded to the security-proposed PPA (6b30-1.13.1-1ubuntu2~0.12.04.3 for precise and 6b30-1.13.1-1ubuntu4 for trusty). These incorporate both fixes. Also, I verified that these patches are applied in upstream IcedTea as well so this should not regress in the next update.

Can someone who is affected by this bug comment on either the new 14.04 or the 12.04 packages to confirm that they fix this bug? If the issue is fixed, I will prepare packages for the other releases and issue a USN.

Thanks!

Will do once they have finished building. Is there a link to the diff in the mean time so I can check it against the one we've been using?

Here is the debdiff used for precise.

Jamie: thanks. They look good to me (from inspection of the diffs). Will get these checked tomorrow once they have built. Normally our tests take a couple of days to run.

A half-day's worth of before/after testing in our QA environment, and we have not seen a recurrence of the bugged behaviour with the builds from PPA (12.04 amd64), while consistently being able to reproduce it on pre-patched debs on the same instances.

thanks

48 hours of testing show no problems with these packages, whereas the previously released packages show leaks. We will continue to run these tests over the weekend, but it's looking good for us so far.

Thanks for the feedback! I uploaded updates for 10.04, 12.10 and 13.10 to the security-proposed ppa. Unless a problem comes up over the weekend, I plan to push these out on Monday.

I can confirm the Precise packages passed our torture tests over the weekend. These are good to go as far as I am concerned.

Jamie: any news on this one?

Jamie:
I can also confirm that those packages do fix the problem for us.

I've added your proposed precise package 6b30-1.13.1-1ubuntu2~0.12.04.3 0 to two of our servers which were crashing with the original 1.13.1 packages frequently (twice a day).

Both servers have been running now around 25hour without any problems.

Any update on this ticket? Thanks

It will be pushed today.

Any news on the fix being released for Lucid?

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2~0.10.04.2

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2~0.10.04.2) lucid-security; urgency=medium

  * Update to properly zero version info (LP: #1295987)
    - 6989972.diff: JDK fails to zero jdk_version_info. Apply in
      DISTRIBUTION_PATCHES
    - debian/openjdk/8035893.diff: JVM_GetVersionInfo fails to zero structure.
      Apply in DISTRIBUTION_PATCHES
 -- Jamie Strandboge <email address hidden> Fri, 28 Mar 2014 12:58:47 -0500

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2~0.12.10.2

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2~0.12.10.2) quantal-security; urgency=medium

  * Update to properly zero version info (LP: #1295987)
    - 6989972.diff: JDK fails to zero jdk_version_info. Apply in
      DISTRIBUTION_PATCHES
    - debian/openjdk/8035893.diff: JVM_GetVersionInfo fails to zero structure.
      Apply in DISTRIBUTION_PATCHES
 -- Jamie Strandboge <email address hidden> Fri, 28 Mar 2014 13:00:04 -0500

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2~0.13.10.2

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2~0.13.10.2) saucy-security; urgency=medium

  * Update to properly zero version info (LP: #1295987)
    - 6989972.diff: JDK fails to zero jdk_version_info. Apply in
      DISTRIBUTION_PATCHES
    - debian/openjdk/8035893.diff: JVM_GetVersionInfo fails to zero structure.
      Apply in DISTRIBUTION_PATCHES
 -- Jamie Strandboge <email address hidden> Fri, 28 Mar 2014 13:01:05 -0500

This bug was fixed in the package openjdk-6 - 6b30-1.13.1-1ubuntu2~0.12.04.3

---------------
openjdk-6 (6b30-1.13.1-1ubuntu2~0.12.04.3) precise-security; urgency=medium

  * Update to properly zero version info (LP: #1295987)
    - 6989972.diff: JDK fails to zero jdk_version_info. Apply in
      DISTRIBUTION_PATCHES
    - debian/openjdk/8035893.diff: JVM_GetVersionInfo fails to zero structure.
      Apply in DISTRIBUTION_PATCHES
 -- Jamie Strandboge <email address hidden> Wed, 26 Mar 2014 08:43:13 -0500