diff options
| author | Max Rees <maxcrees@me.com> | 2020-05-04 12:37:39 -0500 |
|---|---|---|
| committer | Max Rees <maxcrees@me.com> | 2020-05-04 22:51:42 -0500 |
| commit | 28fdd34de44edcf8d1a08cc45cd564099e9268fc (patch) | |
| tree | 1e7dcb7d13c610594926f65a399b237b653fcead /user/openjdk8/APKBUILD | |
| parent | 13df4b4fac8068b1c833c4cff3c49feacc53b26e (diff) | |
| download | packages-28fdd34de44edcf8d1a08cc45cd564099e9268fc.tar.gz packages-28fdd34de44edcf8d1a08cc45cd564099e9268fc.tar.bz2 packages-28fdd34de44edcf8d1a08cc45cd564099e9268fc.tar.xz packages-28fdd34de44edcf8d1a08cc45cd564099e9268fc.zip | |
user/openjdk8: [CVE] bump to 8.252.09 (#269)
* Bootstrap using openjdk8. Note that it will need to be manually
installed when building now...
* Cherrypick patch changes from Alpine:
icedtea-jdk-tls-nist-curves.patch was integrated upstream, and
icedtea-hotspot-musl.patch was rebased for 8u232.
https://git.alpinelinux.org/aports/commit/community/openjdk8?id=04ec13ca9caa9a436001be92e674f230b9894894
* Rebase patches for 8u252-ga:
In particular, icedtea-jdk-getmntent-buffer.patch is dropped since
upstream takes a new approach by allocating a buffer according to the
length of the longest line in mtab.
https://bugs.openjdk.java.net/browse/JDK-8229872
* Use private variables (_) where applicable
Diffstat (limited to 'user/openjdk8/APKBUILD')
| -rw-r--r-- | user/openjdk8/APKBUILD | 126 |
1 files changed, 84 insertions, 42 deletions
diff --git a/user/openjdk8/APKBUILD b/user/openjdk8/APKBUILD index 4ad8f07a0..db3ccf6b1 100644 --- a/user/openjdk8/APKBUILD +++ b/user/openjdk8/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=openjdk8 -_icedteaver=3.11.0 +_icedteaver=3.16.0 # pkgver is <JDK version>.<JDK update>.<JDK build> # Check https://icedtea.classpath.org/wiki/Main_Page when updating -pkgver=8.201.08 +pkgver=8.252.09 pkgrel=0 pkgdesc="Libre Java development kit for Java 8" url="https://icedtea.classpath.org/" @@ -13,7 +13,7 @@ license="GPL-2.0-only" depends="$pkgname-jre java-cacerts" makedepends="bash findutils libarchive-tools zip file util-linux libxslt autoconf automake linux-headers sed xz coreutils - openjdk7 ca-certificates libjpeg-turbo-dev cmd:which + ca-certificates libjpeg-turbo-dev cmd:which nss-dev nss-static cups-dev giflib-dev libpng-dev libxt-dev lcms2-dev libxp-dev libxtst-dev libxinerama-dev zlib-dev libxrender-dev alsa-lib-dev freetype-dev fontconfig-dev @@ -29,7 +29,7 @@ ppc64) _jarch=ppc64 *) _jarch="$CARCH";; esac -_bootstrap_java_home="/usr/lib/jvm/java-1.7-openjdk" +_bootstrap_java_home="/usr/lib/jvm/java-1.8-openjdk" _java_home="/usr/lib/jvm/java-1.8-openjdk" _jrelib="$_java_home/jre/lib/$_jarch" @@ -62,14 +62,58 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x icedtea-jdk-fix-libjvm-load.patch icedtea-jdk-musl.patch icedtea-jdk-includes.patch - icedtea-jdk-getmntent-buffer.patch icedtea-autoconf-config.patch - icedtea-jdk-tls-nist-curves.patch remove-gawk.patch " builddir="$srcdir/icedtea-$_icedteaver" # secfixes: +# 8.252.09-r0: +# - CVE-2019-2602 +# - CVE-2019-2684 +# - CVE-2019-2698 +# - CVE-2019-2745 +# - CVE-2019-2762 +# - CVE-2019-2766 +# - CVE-2019-2769 +# - CVE-2019-2786 +# - CVE-2019-2816 +# - CVE-2019-2842 +# - CVE-2019-2894 +# - CVE-2019-2933 +# - CVE-2019-2945 +# - CVE-2019-2949 +# - CVE-2019-2958 +# - CVE-2019-2962 +# - CVE-2019-2964 +# - CVE-2019-2973 +# - CVE-2019-2975 +# - CVE-2019-2978 +# - CVE-2019-2981 +# - CVE-2019-2983 +# - CVE-2019-2987 +# - CVE-2019-2988 +# - CVE-2019-2989 +# - CVE-2019-2992 +# - CVE-2019-2999 +# - CVE-2019-7317 +# - CVE-2020-2583 +# - CVE-2020-2590 +# - CVE-2020-2593 +# - CVE-2020-2601 +# - CVE-2020-2604 +# - CVE-2020-2654 +# - CVE-2020-2659 +# - CVE-2020-2754 +# - CVE-2020-2755 +# - CVE-2020-2756 +# - CVE-2020-2757 +# - CVE-2020-2773 +# - CVE-2020-2781 +# - CVE-2020-2800 +# - CVE-2020-2803 +# - CVE-2020-2805 +# - CVE-2020-2830 # 8.201.08-r0: # - CVE-2019-2422 # - CVE-2019-2426 @@ -102,22 +146,22 @@ unpack() { } prepare() { - ver_u="$(sed -En 's/^\s*JDK_UPDATE_VERSION\s*=\s*(\S+).*/\1/p' acinclude.m4)" - ver_b="$(sed -En 's/^\s*BUILD_VERSION\s*=\s*b(\S+).*/\1/p' acinclude.m4)" - [ "${pkgver#*.}" = "$ver_u.$ver_b" ] \ - || die "Version mismatch, source is 8.$ver_u.$ver_b, but abuild defines $pkgver!" + _ver_u="$(sed -En 's/^\s*JDK_UPDATE_VERSION\s*=\s*(\S+).*/\1/p' acinclude.m4)" + _ver_b="$(sed -En 's/^\s*BUILD_VERSION\s*=\s*b(\S+).*/\1/p' acinclude.m4)" + [ "${pkgver#*.}" = "$_ver_u.$_ver_b" ] \ + || die "Version mismatch, source is 8.$_ver_u.$_ver_b, but abuild defines $pkgver!" # Busybox sha256 does not support longopts. sed -e "s/--check/-c/g" -i Makefile.am - for patch in $source; do - case $patch in + for _patch in $source; do + case $_patch in icedtea-*.patch) - cp ../$patch patches + cp ../$_patch patches ;; *.patch) - msg "Applying patch $patch" - patch -p1 -i "$srcdir"/$patch + msg "Applying patch $_patch" + patch -p1 -i "$srcdir"/$_patch ;; esac done @@ -134,10 +178,10 @@ build() { fi DISTRIBUTION_PATCHES="" - for patch in $source; do - case $patch in + for _patch in $source; do + case $_patch in icedtea-*.patch) - DISTRIBUTION_PATCHES="$DISTRIBUTION_PATCHES patches/$patch" + DISTRIBUTION_PATCHES="$DISTRIBUTION_PATCHES patches/$_patch" ;; esac done @@ -200,7 +244,7 @@ jrelib() { pkgdesc="OpenJDK 8 Java Runtime (class libraries)" depends="" - for file in jre/lib/images \ + for _file in jre/lib/images \ jre/lib/*.jar \ jre/lib/security \ jre/lib/ext/*.jar \ @@ -209,9 +253,9 @@ jrelib() { jre/THIRD_PARTY_README \ jre/LICENSE; do - dir=${file%/*} - mkdir -p "$subpkgdir"/$_java_home/$dir - mv "$pkgdir"/$_java_home/$file "$subpkgdir"/$_java_home/$dir + _dir=${_file%/*} + mkdir -p "$subpkgdir"/$_java_home/$_dir + mv "$pkgdir"/$_java_home/$_file "$subpkgdir"/$_java_home/$_dir done } @@ -219,7 +263,7 @@ jre() { pkgdesc="OpenJDK 8 Java Runtime" mkdir -p "$subpkgdir" - for file in jre/bin/policytool \ + for _file in jre/bin/policytool \ bin/appletviewer \ bin/policytool \ jre/lib/$_jarch/libawt_xawt.so \ @@ -228,9 +272,9 @@ jre() { jre/lib/$_jarch/libjsoundalsa.so \ jre/lib/$_jarch/libsplashscreen.so; do - dir=${file%/*} - mkdir -p "$subpkgdir"/$_java_home/$dir - mv "$pkgdir"/$_java_home/$file "$subpkgdir"/$_java_home/$dir + _dir=${_file%/*} + mkdir -p "$subpkgdir"/$_java_home/$_dir + mv "$pkgdir"/$_java_home/$_file "$subpkgdir"/$_java_home/$_dir done } @@ -244,9 +288,9 @@ jrebase() { mv "$pkgdir"/$_java_home/lib/$_jarch/jli \ "$subpkgdir"/$_java_home/lib/$_jarch/ - for file in java orbd rmid servertool unpack200 keytool \ + for _file in java orbd rmid servertool unpack200 keytool \ pack200 rmiregistry tnameserv; do - mv "$pkgdir"/$_java_home/bin/$file "$subpkgdir"/$_java_home/bin/ + mv "$pkgdir"/$_java_home/bin/$_file "$subpkgdir"/$_java_home/bin/ done # Rest of the jre subdir (which were not taken by -jre subpkg). @@ -269,24 +313,22 @@ demos() { "$subpkgdir"/$_java_home/ } -sha512sums="a71c9318d49077f8ae27f5c3e0b61df0709eded241f557c886f6b93aa98c13ad78f713d1286da286989bf62866dfff7538ad783eb804a705a160cbc096dea851 icedtea-3.11.0.tar.xz -fc3faa7d7b9531f10c40241d89c36854043921f6f1a0851f284bcab36fc54fb0bb8cf8365dd4b2fb22b3ee8ddb8ed4a79e0807f79cb95b4b00f164993f1acc0b openjdk-3.11.0.tar.xz -9b8a44dda0bbfba8dc0d659e0fabf22e84b9931518e4b199a238faa103cbc4ed814c97f0f38f0aed263846b46fc7eab4500ba9759503373083e12cb8b5b364b5 corba-3.11.0.tar.xz -9eba0f6ada2ae8adc1791a91ceb4fba9bd06aee0626cd1b4310ff16c7c8006045fed5fb7f109e490395b70695be4e6bfd6f1f5cbcdb095fb17abf123012a03de jaxp-3.11.0.tar.xz -ce5f0c2aced1af59f002dc9dc6cba4b9332167e9e019a3040267901ef7f325e05b8c99ed1f276b88ddb4e43cdd1b0c456e0c4dc2222ae6b3800c0502ffa840de jaxws-3.11.0.tar.xz -411508ed91f14ae1c51ea54de72a943db222ff572f3991631fe1a1fa97f9bb42da1e01ca98893f7236b4b44bae2917fc3f8622d7f94a085be30d437451acd272 jdk-3.11.0.tar.xz -363c376848870c6c28415967561c4b151f1256c38a315fabc69c90425f5255224182045349a00c9433db52c416b7ebffedaa4825c980460541a3f9338adbaa5e langtools-3.11.0.tar.xz -13fa35f4a4fe01b3da4efb8476c0cb3482a36596eb422f2ad958a4c51efc286962ac3123a75853e84c4db477ac064a0fd3ee5e03f1ea0ec4f7e2c8ac07aa2d0e hotspot-3.11.0.tar.xz -2b46a8599d530a351522420cae8ac780cd2e64a6d7adbff87397a178f12f0a992bccd0f56435582dbd10be2157d4a4540c41b3dca488566162eed680102e58a9 nashorn-3.11.0.tar.xz -c0776ff52e11a353fee29419319cd9e1fc4e5bb922832547616e8499fd52852a935a6a6fb93b49a67ab7b3fd2f7a63320f917e354cc7123220139e80694a7b5a icedtea-hotspot-musl.patch +sha512sums="67964f283b5a220ded7c86141ac359fc51f41077686d3e68568a9f303d2e5e6d62472bef2d6f5f9d53897a55589c84d3212983194607b9a6704192752f8ad2ac icedtea-3.16.0.tar.xz +76b32457958c2cdbb0006629bb41652286a1a9bfbda862665eddf822d4653d4858f9f2565e849b0e49f031b7667be73be8fe8c71abc65e1795eb570a96d1fd1e openjdk-3.16.0.tar.xz +bf90c95f401d4628e32b9a7ea78b7d43944f82882818a81d2ff368f09e49148091bf823d78ed56c343c175fe6d25492d9b78e25b725f218592ea94c4ae285e56 corba-3.16.0.tar.xz +86e8c18741c1f4baca27d784b068765e404a5c2ee6ecb172c826fc1d6192b5776133f103b749839c39154fcaec87a0df95e8fd5bcb56b1e9b811711b296a4836 jaxp-3.16.0.tar.xz +824ef15aa70ec629406fd9b98a69e5699fe8f6a8ab06be00ac546bcda1daf485b20de6ea0310064e000efbaf35b1cebee25bf69033634fdce8434efb3bb16f1d jaxws-3.16.0.tar.xz +9202f88b360637ad474920d8a6f85740e6a425679617ef713efd67778b4c7ca0b3eba7e4fc9d33de0bbd5dacda4862c8a9b63a13880204388b01af29d5fb6a55 jdk-3.16.0.tar.xz +1858bb3b7dd37edd817a52c67a878b48bc9b790623e77d9a6107f54b141638cb101ae3b8df560e3352c9ca2925aa5d493b4924e36a238be5a9628c714cc23642 langtools-3.16.0.tar.xz +19490ccc377fde5dc3d4396425e945f32e121ad0cc4be394b07f8698a7e3805b16fc41e427bab5fa290cb84efc7edb62acf8ca98072176343f5584d692592d2d hotspot-3.16.0.tar.xz +4bf87e7441ac747f133612e1fba5c06946c6731bae76132ffc614b41fcb689fda9d9ceb1e1fee3765765c6109894c85cf0f6e6fa9eb301f9a2d640ea6cd1c16c nashorn-3.16.0.tar.xz +bfbeccc931b9eab04fca94167b7569af26195297130e2effd9175d33b74dec3dc5727fea6e0cbf3cce21ba09641ddd868179544d3fabe8b128baaaccb9c2711c icedtea-hotspot-musl.patch e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch 19459dbb922f5a71cd15b53199481498626a783c24f91d2544d55b7dddd2cdb34a64bbf0226b99548612dd1743af01b3f9ff32c30abbbc90ce727ca2dbbbd1f9 icedtea-hotspot-noagent-musl.patch f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f icedtea-jdk-execinfo.patch 48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch b135991c76b0db8fa7c363e0903624668e11eda7b54a943035c214aa4d7fc8c3e8110ed200edcec82792f3c9393150a9bd628625ddf7f3e55720ff163fbbb471 icedtea-jdk-fix-libjvm-load.patch -1fbc32ddc528c7c0099dbc1e48f88d29dccf55e7b8997793aa1d3d8408003a1223d898cca4248e1a12d343d3feec5144f875e6cdac8460d763c73ab3ad7e49f9 icedtea-jdk-musl.patch -e8d9f1b867bf4fc84aa00d1237b264bcf503b1ed5f34735e14b0b747a728953fe0051a5af69ed058d377fbf65d8be1ed9e38fe5fc6edb2d50b31f34bf3ba91dc icedtea-jdk-includes.patch -7e6fa46b10c630517bfa46943858aea1d032c12d32ba3fcb7a2143ae1e896c34fa4cb8f925af80cb19f8e29149b835aa054adfd30ebb00539f6c78588d6f5211 icedtea-jdk-getmntent-buffer.patch +17c78db081a85e37721c23e0c0e7cab85e2201a0969bd4858cb90375b97d1703c9bf867f8ac02f6b33f9775b78bae41e38223b7a887918d4a6c9f29b75f3de28 icedtea-jdk-musl.patch +974fb54532b7e7d738f4278187fc6bd9f9b2d99866b94f68a617ee4911c89a3b8cc41ecfdcaefecf9157492d006b1844b6b0b41ac4209d84f9e8d13c9e485dd3 icedtea-jdk-includes.patch 662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167 icedtea-autoconf-config.patch -9ea7ac942baf29cc619bc2e1acd59201b9f6d38f39a517b495d7613aec746459200c81afb57c5fcdcb856f6bc8b33f7566c8593fed07e5c73f43e08f1072d458 icedtea-jdk-tls-nist-curves.patch b0f6d07c6a949acdc8b4a25bf924f134f468e162f01dd440fd4ca80769fb84a0a54210f93efbe88012404fe3db6701aad31cdbc772bc054ad69021c37db5538c remove-gawk.patch" |