Package: openjdk-7-jdk:amd64 Version: 7u131-2.6.9-2~deb8u1 Severity: important
Today when I prepared to upgrade the tomcat8 packages in response to the
recently published DSA 3891-1, I noticed that the openjdk-7-jdk package
was missing from my system (though it had previously been installed). I
looked in the aptitude logs and found this:
Aptitude 0.6.11: log report
Fri, May 19 2017 23:21:30 -0400
IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.
Will install 3 packages, and remove 0 packages.
141 MB of disk space will be used
===============================================================================
[UPGRADE] openjdk-7-jdk:amd64 7u121-2.6.8-2~deb8u1 -> 7u131-2.6.9-2~deb8u1
[UPGRADE] openjdk-7-jre:amd64 7u121-2.6.8-2~deb8u1 -> 7u131-2.6.9-2~deb8u1
[UPGRADE] openjdk-7-jre-headless:amd64 7u121-2.6.8-2~deb8u1 ->
7u131-2.6.9-2~deb8u1
===============================================================================
Log complete.
Aptitude 0.6.11: log report
Fri, May 19 2017 23:47:21 -0400
IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.
Will install 1 packages, and remove 0 packages.
141 MB of disk space will be used
===============================================================================
[UPGRADE] openjdk-7-jdk:amd64 7u121-2.6.8-2~deb8u1 -> 7u131-2.6.9-2~deb8u1
===============================================================================
Log complete.
Aptitude 0.6.11: log report
Fri, May 19 2017 23:48:21 -0400
IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.
Will install 0 packages, and remove 1 packages.
20.7 MB of disk space will be freed
===============================================================================
[REMOVE] openjdk-7-jdk:amd64
===============================================================================
Log complete.
Aptitude 0.6.11: log report
Fri, May 19 2017 23:48:52 -0400
IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.
Will install 1 packages, and remove 0 packages.
162 MB of disk space will be used
===============================================================================
[INSTALL] openjdk-7-jdk:amd64
===============================================================================
Although the last entry says "INSTALL" the package was not installed. I
tried to install it today and found that package would not finish
unpacking. A look at the output of 'ps' while the package was installing
revealed a 'dpkg --status-fd ## --upnack' process and several 'dpkg-deb
--fsys-tarfile
/var/cache/apt/archives/openjdk-7-jdk_7u131-2.6.9-2~deb8u1_amd64.deb'
processes. The output of top did not indicate any abnormal resource
utilization (e.g., memory, CPU, I/O). I killed the dpkg process, which
left the package in a bad state such that I attempted an 'apt-get
install --reinstall', which also hung in the same way. Killing the dpkg
process again I had to run 'dpkg -P --force-all openjdk-7-jdk' to get
the package removed. I manually downloaded 7u121-2.6.8-2~deb8u1 from
snapshot.debian.org and installed the -jdk, -jre, and -jre-headless
packages at that version with 'dpkg -i' and everything seems to be
working again.
I was curious so I downloaded source packages for 7u121-2.6.8-2~deb8u1
and 7u131-2.6.9-2~deb8u1 and ran a debdiff. Naturally, because of all
of the upstream changes the diff was enormous. Limiting the diff to the
debian/ directory and further excluding debian/patches/, what I found
was surprising. Here are the relevant diffstat lines:
openjdk-7-7u131-2.6.9/debian/changelog
| 70
openjdk-7-7u131-2.6.9/debian/compat
| 2
openjdk-7-7u131-2.6.9/debian/control
| 31
openjdk-7-7u131-2.6.9/debian/control.in
| 13
openjdk-7-7u131-2.6.9/debian/repack
| 175
openjdk-7-7u131-2.6.9/debian/rules
| 426 -
openjdk-7-7u131-2.6.9/debian/upstream/signing-key.asc
| 83
openjdk-7-7u131-2.6.9/debian/watch
| 7
I find it difficult to believe that 800+ lines of diff were needed in
just the Debian packaging. The openjdk-7 package was removed from
unstable and testing over one year ago. I recognize that Oracle's
position on security updates means that security updates must
incorporate new upstream releases. However, was such a significant
rewrite of the maintainer scripts really necessary? I find it puzzling
because it is not as though there is an openjdk-7 package in
testing/unstable that would benefit from significant rewriting of the
maintainer scripts (in which case I could see the argument for
propogating the changes through to stable to minimize the diff between
stable and testing/unstable).
I have other jessie systems on which the updated package installed
properly and where this does not seem to be an issue, so I have set the
severity of this report as 'important'. However, looking at the open
bug reports (#780665 and #863007 in particular), it appears that
significant packaging changes may be considered acceptable when updating
the openjdk packages in stable. If that is the case, then perhaps it is
not a good approach.
It will be some time before I can move to openjdk-8 on some of my
machines, so if there is anything I can do help diagnose and resolve
this or any other issue affecting openjdk-7, please let me know.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
