From 5c0f77f4241c9beac0c82deae946bfdc70b49ff0 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 10 Jan 2024 15:27:47 +0100 Subject: gnu: icedtea: Fix time bomb in ‘GenerateCurrencyData.java’. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes . * gnu/packages/java.scm (icedtea-7)[drop]: Add optional ‘patches’ parameter and honor it. [native-inputs]: Add patch for “jdk-drop”. (icedtea-8): Likewise. * gnu/packages/patches/jdk-currency-time-bomb.patch, gnu/packages/patches/jdk-currency-time-bomb2.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. Change-Id: I3b4cf562ce4bedb87ce0e7c289e431fbb0dbb6f8 --- gnu/packages/java.scm | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'gnu/packages/java.scm') diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index e2c2a041a9d..ded73bc461a 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -100,13 +100,14 @@ (define-public icedtea-7 (let* ((version "2.6.13") - (drop (lambda (name hash) + (drop (lambda* (name hash #:optional (patches '())) (origin (method url-fetch) (uri (string-append "http://icedtea.classpath.org/download/drops" "/icedtea7/" version "/" name ".tar.bz2")) - (sha256 (base32 hash)))))) + (sha256 (base32 hash)) + (patches patches))))) (package (name "icedtea") (version version) @@ -614,7 +615,8 @@ "110j7jlz47x2gg6f7653x12mssan5kvj9l9h1m1c8c92drfxbqyk")) ("jdk-drop" ,(drop "jdk" - "0d1mca38ksxvdskp9im3pp7fdijhj1n3lwq9w13r9s4v3qyskgdd")) + "0d1mca38ksxvdskp9im3pp7fdijhj1n3lwq9w13r9s4v3qyskgdd" + (search-patches "jdk-currency-time-bomb.patch"))) ("langtools-drop" ,(drop "langtools" "0nq5236fzxn3p6x8cgncl56mzcmsj07q9gymysnws4c8byc6n0qj")) @@ -687,13 +689,14 @@ IcedTea build harness.") (define-public icedtea-8 (let* ((version "3.19.0") - (drop (lambda (name hash) + (drop (lambda* (name hash #:optional (patches '())) (origin (method url-fetch) (uri (string-append "http://icedtea.classpath.org/download/drops" "/icedtea8/" version "/" name ".tar.xz")) - (sha256 (base32 hash)))))) + (sha256 (base32 hash)) + (patches patches))))) (package (inherit icedtea-7) (version "3.19.0") (source (origin @@ -839,7 +842,8 @@ new Date();")) "1pc0pv4v2mn2mjc0vp19d94v2150xigyhxsmckqasy647zcm6w0r")) ("jdk-drop" ,(drop "jdk" - "1742lcm55l8zhi522x83v65ccr0rd6511q9rj7crw44x3ymdrhrv")) + "1742lcm55l8zhi522x83v65ccr0rd6511q9rj7crw44x3ymdrhrv" + (search-patches "jdk-currency-time-bomb2.patch"))) ("langtools-drop" ,(drop "langtools" "08iz7p2xcddlphipf6gahyabr5cawlnydap12p1n4f0md069b50b")) -- cgit v1.3 From db7488a7fbd829d25b0b5c5e53b1c680b67832b1 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 10 Jan 2024 21:52:33 +0100 Subject: gnu: openjdk9: Fix time bomb in ‘GenerateCurrencyData.java’. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes , as well. This is a companion to commit 5c0f77f4241c9beac0c82deae946bfdc70b49ff0. * gnu/packages/java.scm (openjdk9)[source]: Add patch. * gnu/packages/patches/openjdk-currency-time-bomb.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Change-Id: I45ca1fe5bad922307eba64d46a330a8f233c0f55 --- gnu/local.mk | 3 ++- gnu/packages/java.scm | 3 ++- gnu/packages/patches/openjdk-currency-time-bomb.patch | 13 +++++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/openjdk-currency-time-bomb.patch (limited to 'gnu/packages/java.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 6e6d28e6f03..43163c3d277 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -7,7 +7,7 @@ # Copyright © 2016, 2017, 2018 Kei Kebreau # Copyright © 2016, 2017 Rene Saavedra # Copyright © 2016 Adonay "adfeno" Felipe Nogueira -# Copyright © 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ricardo Wurmus +# Copyright © 2016-2024 Ricardo Wurmus # Copyright © 2016 Ben Woodcroft # Copyright © 2016, 2017, 2018, 2019 Alex Vong # Copyright © 2016-2023 Efraim Flashner @@ -1743,6 +1743,7 @@ dist_patch_DATA = \ %D%/packages/patches/openboardview-use-system-mpc.patch \ %D%/packages/patches/openbox-python3.patch \ %D%/packages/patches/opencolorio-fix-build-with-gcc11.patch \ + %D%/patches/openjdk-currency-time-bomb.patch \ %D%/packages/patches/openjdk-9-pointer-comparison.patch \ %D%/packages/patches/openjdk-9-setsignalhandler.patch \ %D%/packages/patches/openjdk-10-idlj-reproducibility.patch \ diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index ded73bc461a..40d777089ab 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -880,7 +880,8 @@ new Date();")) (base32 "1v92nzdqx07c35x945awzir4yk0fk22vky6fpp8mq9js930sxsz0")) (patches (search-patches "openjdk-9-pointer-comparison.patch" - "openjdk-9-setsignalhandler.patch")))) + "openjdk-9-setsignalhandler.patch" + "openjdk-currency-time-bomb.patch")))) (build-system gnu-build-system) (outputs '("out" "jdk" "doc")) (arguments diff --git a/gnu/packages/patches/openjdk-currency-time-bomb.patch b/gnu/packages/patches/openjdk-currency-time-bomb.patch new file mode 100644 index 00000000000..7738eb15959 --- /dev/null +++ b/gnu/packages/patches/openjdk-currency-time-bomb.patch @@ -0,0 +1,13 @@ +Fix a time bomb present in the OpenJDK tools. + +--- a/jdk/make/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java ++++ b/jdk/make/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java +@@ -285,7 +285,7 @@ public class GenerateCurrencyData { + String timeString = currencyInfo.substring(4, length - 4); + long time = format.parse(timeString).getTime(); + if (Math.abs(time - System.currentTimeMillis()) > ((long) 10) * 365 * 24 * 60 * 60 * 1000) { +- throw new RuntimeException("time is more than 10 years from present: " + time); ++ System.err.println("note: time is more than 10 years from \"present\": " + time); + } + specialCaseCutOverTimes[specialCaseCount] = time; + specialCaseOldCurrencies[specialCaseCount] = oldCurrency; -- cgit v1.3 From cf11f0758809fbbac7340fae53cea06b562eb191 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 10 Jan 2024 21:54:16 +0100 Subject: gnu: openjdk9: Simplify. * gnu/packages/java.scm (openjdk9)[source]: Remove BEGIN. [arguments]: Delete trailing #T from build phases. Change-Id: If011dc595c1b9b0d79fd5bb727a8680d1ad4d100 --- gnu/packages/java.scm | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) (limited to 'gnu/packages/java.scm') diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 40d777089ab..ea30ce10d18 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -873,9 +873,8 @@ new Date();")) (changeset "jdk-9+181"))) (file-name (hg-file-name name version)) (modules '((guix build utils))) - (snippet `(begin - (for-each delete-file - (find-files "." ".*.(bin|exe|jar)$")))) + (snippet '(for-each delete-file + (find-files "." ".*.(bin|exe|jar)$"))) (sha256 (base32 "1v92nzdqx07c35x945awzir4yk0fk22vky6fpp8mq9js930sxsz0")) @@ -916,8 +915,7 @@ new Date();")) ;; This file was "fixed" by patch-source-shebangs, but it requires ;; this exact first line. (substitute* "jdk/make/data/blacklistedcertsconverter/blacklisted.certs.pem" - (("^#!.*") "#! java BlacklistedCertsConverter SHA-256\n")) - #t)) + (("^#!.*") "#! java BlacklistedCertsConverter SHA-256\n")))) (replace 'configure (lambda* (#:key inputs outputs #:allow-other-keys) ;; TODO: unbundle libpng and lcms @@ -933,14 +931,12 @@ new Date();")) "--disable-hotspot-gtest" "--with-giflib=system" "--with-libjpeg=system" - (string-append "--prefix=" (assoc-ref outputs "out"))) - #t)) + (string-append "--prefix=" (assoc-ref outputs "out"))))) (add-before 'build 'write-source-revision-file (lambda _ (with-output-to-file ".src-rev" (lambda _ - (display ,version))) - #t)) + (display ,version))))) (replace 'build (lambda* (#:key make-flags parallel-build? #:allow-other-keys) (apply invoke "make" @@ -983,8 +979,7 @@ new Date();")) "warning: failed to substitute: ~a~%" file)))) (find-files "." - "\\.c$|\\.h$")) - #t))) + "\\.c$|\\.h$"))))) ;; By default OpenJDK only generates an empty keystore. In order to ;; be able to use certificates in Java programs we need to generate a ;; keystore from a set of certificates. For convenience we use the @@ -1078,8 +1073,7 @@ new Date();")) (symlink (string-append lib-jdk "/server/libjvm.so") (string-append lib-jdk "/libjvm.so")) (symlink (string-append lib-out "/server/libjvm.so") - (string-append lib-out "/libjvm.so"))) - #t)) + (string-append lib-out "/libjvm.so"))))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out")) @@ -1089,8 +1083,7 @@ new Date();")) #:directories? #t)))) (copy-recursively (string-append images "/images/jdk") jdk) (copy-recursively (string-append images "/images/jre") out) - (copy-recursively (string-append images "/images/docs") doc)) - #t)) + (copy-recursively (string-append images "/images/docs") doc)))) (add-after 'install 'strip-zip-timestamps (lambda* (#:key outputs #:allow-other-keys) (for-each (lambda (zip) @@ -1107,8 +1100,7 @@ new Date();")) (with-directory-excursion dir (let ((files (find-files "." ".*" #:directories? #t))) (apply invoke "zip" "-0" "-X" zip files))))) - (find-files (assoc-ref outputs "doc") ".*.zip$")) - #t))))) + (find-files (assoc-ref outputs "doc") ".*.zip$"))))))) (inputs `(("alsa-lib" ,alsa-lib) ("cups" ,cups) -- cgit v1.3 From fc891f004aff40e34c23fc101aeea5d05e7555ae Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 10 Jan 2024 22:09:49 +0100 Subject: gnu: openjdk10: Fix time bomb in ‘GenerateCurrencyData.java’. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes , as well. This is a companion to commit 5c0f77f4241c9beac0c82deae946bfdc70b49ff0. * gnu/packages/java.scm (openjdk10)[source]: Add patch. * gnu/packages/patches/openjdk-currency-time-bomb2.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Change-Id: I42fc14d305883f672cd6764a0ee6462852e41a5b --- gnu/local.mk | 1 + gnu/packages/java.scm | 3 ++- gnu/packages/patches/openjdk-currency-time-bomb2.patch | 13 +++++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openjdk-currency-time-bomb2.patch (limited to 'gnu/packages/java.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 58507367009..0fcac73d4c1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1744,6 +1744,7 @@ dist_patch_DATA = \ %D%/packages/patches/openbox-python3.patch \ %D%/packages/patches/opencolorio-fix-build-with-gcc11.patch \ %D%/packages/patches/openjdk-currency-time-bomb.patch \ + %D%/packages/patches/openjdk-currency-time-bomb2.patch \ %D%/packages/patches/openjdk-9-pointer-comparison.patch \ %D%/packages/patches/openjdk-9-setsignalhandler.patch \ %D%/packages/patches/openjdk-10-idlj-reproducibility.patch \ diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index ea30ce10d18..4993988696a 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -1154,7 +1154,8 @@ new Date();")) (patches (search-patches "openjdk-10-idlj-reproducibility.patch" "openjdk-10-pointer-comparison.patch" - "openjdk-10-setsignalhandler.patch")))) + "openjdk-10-setsignalhandler.patch" + "openjdk-currency-time-bomb2.patch")))) (arguments (substitute-keyword-arguments (package-arguments openjdk9) ((#:phases phases) diff --git a/gnu/packages/patches/openjdk-currency-time-bomb2.patch b/gnu/packages/patches/openjdk-currency-time-bomb2.patch new file mode 100644 index 00000000000..d2ea04d63bf --- /dev/null +++ b/gnu/packages/patches/openjdk-currency-time-bomb2.patch @@ -0,0 +1,13 @@ +Fix a time bomb present in the OpenJDK tools. + +--- a/make/jdk/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java ++++ b/make/jdk/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java +@@ -285,7 +285,7 @@ public class GenerateCurrencyData { + String timeString = currencyInfo.substring(4, length - 4); + long time = format.parse(timeString).getTime(); + if (Math.abs(time - System.currentTimeMillis()) > ((long) 10) * 365 * 24 * 60 * 60 * 1000) { +- throw new RuntimeException("time is more than 10 years from present: " + time); ++ System.err.println("note: time is more than 10 years from \"present\": " + time); + } + specialCaseCutOverTimes[specialCaseCount] = time; + specialCaseOldCurrencies[specialCaseCount] = oldCurrency; -- cgit v1.3 From d255944400b4d7d3d6ee76a0952dffef9b5a9384 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 10 Jan 2024 22:10:15 +0100 Subject: gnu: openjdk10: Simplify. * gnu/packages/java.scm (openjdk10)[arguments]: Remove trailing #T from build phase. Change-Id: Icdb082b250704fe6de3a5e4323f29fa5db8446c7 --- gnu/packages/java.scm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'gnu/packages/java.scm') diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 4993988696a..1582813edd2 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -1177,8 +1177,7 @@ new Date();")) ;; This file was "fixed" by patch-source-shebangs, but it requires ;; this exact first line. (substitute* "make/data/blacklistedcertsconverter/blacklisted.certs.pem" - (("^#!.*") "#! java BlacklistedCertsConverter SHA-256\n")) - #t)) + (("^#!.*") "#! java BlacklistedCertsConverter SHA-256\n")))) (replace 'configure (lambda* (#:key inputs outputs #:allow-other-keys) (invoke "bash" "./configure" -- cgit v1.3 From 3bf2465faa85b8a14b1cedaad43e2c2d0337cf6b Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 10 Jan 2024 22:26:23 +0100 Subject: gnu: openjdk11: Fix time bomb in ‘GenerateCurrencyData.java’. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes , as well. This is a companion to commit 5c0f77f4241c9beac0c82deae946bfdc70b49ff0. * gnu/packages/java.scm (openjdk11)[source]: Add patch. Change-Id: I5ff53b8dd90598721a6c3814980c6553013b347c --- gnu/packages/java.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'gnu/packages/java.scm') diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 1582813edd2..3fa80dcfe78 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -1226,7 +1226,9 @@ new Date();")) "1prvqy0ysz0999wrhsrbz6vrknpqfihl9l74l16ph93g89dqi5ia")) (modules '((guix build utils))) (snippet - '(for-each delete-file (find-files "." "\\.(bin|exe|jar)$"))))) + '(for-each delete-file (find-files "." "\\.(bin|exe|jar)$"))) + (patches (search-patches + "openjdk-currency-time-bomb2.patch")))) (build-system gnu-build-system) (outputs '("out" "jdk" "doc")) (arguments -- cgit v1.3