From d6be019aaafdd683fccce1fdde75d7fed7cb684a Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Tue, 25 Apr 2017 09:57:47 +0100 Subject: dev-java/oracle-jre-bin: Bump to 1.8.0.131 wrt security bug #616050 Package-Manager: Portage-2.3.5, Repoman-2.3.2 --- dev-java/oracle-jre-bin/Manifest | 2 + .../oracle-jre-bin/oracle-jre-bin-1.8.0.131.ebuild | 251 +++++++++++++++++++++ 2 files changed, 253 insertions(+) create mode 100644 dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.131.ebuild (limited to 'dev-java') diff --git a/dev-java/oracle-jre-bin/Manifest b/dev-java/oracle-jre-bin/Manifest index 5715502c3401..4aafeaf97467 100644 --- a/dev-java/oracle-jre-bin/Manifest +++ b/dev-java/oracle-jre-bin/Manifest @@ -1,3 +1,5 @@ DIST jce_policy-8.zip 8409 SHA256 f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59 SHA512 abbaa81a35f904ec61b4cf3c2d1ca8c8d49e53bb248e698185eea906939d68f5063412800585ec74027aab1012ef189aebe1dc99fe8ef4230a0ecb0b527f88e5 WHIRLPOOL 8c9ce1ea4673b75fa6271b74e598880f98361d5d2c9c25439fa0af3d07cfeb871b39682dae4e38160f49770b1fec953162e451b9b2cf44d2c72a226944212bcc DIST jre-8u121-linux-i586.tar.gz 76293286 SHA256 1b28662780c98b3233e8dacaa07c505a70c53463d3b00720baa59f955ab1e1bb SHA512 375003c2fec68deed36cf10a2e225044d6c85035d1d756110cb07ffa526d63bee7573b2db7568fb84c6dfdee101da82bedd7785548da812241e4e0234e99a5bb WHIRLPOOL 6f4665e448f59a4d1f432bfc974d9d626400b7932ec7f3f8edba29041354386d399306c685240194749d7a6d0364153143704768c4f205fb02ba44de3db92ba7 DIST jre-8u121-linux-x64.tar.gz 73676107 SHA256 30bf5fbac0cfbc9201cac1d6973dbc96e5f55043ab315eda8c7aeb23df4f2644 SHA512 85ed3820b1461bf8c1b83259962f9e7c3f72d694f446d3e5852c416eeeb9905897a9a3b5eaded9a8d617c9c43848635b2ff7b520021b666fd87f39837e4ff54b WHIRLPOOL f2bdfe315dc9a7a15bd4e73dd774fd31c1c02bb3d5a24d2829cc51d9aed3b75993c9429e211ee4d204606cf6105015aac30c0e408e3558b24d6d3f4f229b9b7e +DIST jre-8u131-linux-i586.tar.gz 78620957 SHA256 a773f2fe17061ef637ed2094b06313a99c0b45ba3d3cb7f8f1ebf18448495aeb SHA512 37508f39c62232953a479794073d8360f41182f2d3ea9fc4356442fb7b517466af944e00d10ed4b65cd12eff7e1de2d860b98bfb6c428bc0ee9e14bcf15b60c5 WHIRLPOOL 91f1e9caafbba0f700c43868409cd9eb5b94f4b9c00313b5df39d38168d127070cb9fc6ab22a76931a8c2504161444b4d43c860667064a41277e77181c4b16d1 +DIST jre-8u131-linux-x64.tar.gz 75920010 SHA256 355e5cdb066d4cada1f9f16f358b6fa6280ff5caf7470cf0d5cdd43083408d35 SHA512 26e6515f8e8b4d1d72337e347810d57fcc99284c18260d9ebd67441c19b9f1f73a9570f58a103477f2642e880a79d6579a5e40d75d06e2f4a92a6d3e07ba59db WHIRLPOOL 9cccc44679ddf103c15d6d6797c97d40ccc3abc63f5b05f78c79650be92cfa5dec8c2c567c456556b6f2f6d9ec23fbfbdf2a936ff569ac1bf7e50ce74f57bcef diff --git a/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.131.ebuild b/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.131.ebuild new file mode 100644 index 000000000000..f5a758442976 --- /dev/null +++ b/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.131.ebuild @@ -0,0 +1,251 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit eutils java-vm-2 prefix versionator + +# This URIs need updating when bumping! +JRE_URI="http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html" +JCE_URI="http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html" + +if [[ "$(get_version_component_range 4)" == 0 ]] ; then + S_PV="$(get_version_component_range 1-3)" +else + MY_PV_EXT="u$(get_version_component_range 4)" + S_PV="$(get_version_component_range 1-4)" +fi + +MY_PV="$(get_version_component_range 2)${MY_PV_EXT}" + +AT_amd64="jre-${MY_PV}-linux-x64.tar.gz" +AT_x86="jre-${MY_PV}-linux-i586.tar.gz" + +JCE_DIR="UnlimitedJCEPolicyJDK8" +JCE_FILE="jce_policy-8.zip" + +DESCRIPTION="Oracle's Java SE Runtime Environment" +HOMEPAGE="http://www.oracle.com/technetwork/java/javase/" +SRC_URI=" + amd64? ( ${AT_amd64} ) + x86? ( ${AT_x86} ) + jce? ( ${JCE_FILE} )" + +LICENSE="Oracle-BCLA-JavaSE" +SLOT="1.8" +KEYWORDS="~amd64 ~x86" +IUSE="alsa commercial cups +fontconfig headless-awt javafx jce nsplugin selinux" + +RESTRICT="fetch preserve-libs strip" +QA_PREBUILT="*" + +# NOTES: +# +# * cups is dlopened. +# +# * libpng is also dlopened but only by libsplashscreen, which isn't +# important, so we can exclude that. +# +# * We still need to work out the exact AWT and JavaFX dependencies +# under MacOS. It doesn't appear to use many, if any, of the +# dependencies below. +# +RDEPEND="!x64-macos? ( + !headless-awt? ( + x11-libs/libX11 + x11-libs/libXext + x11-libs/libXi + x11-libs/libXrender + x11-libs/libXtst + ) + javafx? ( + dev-libs/glib:2 + dev-libs/libxml2:2 + dev-libs/libxslt + media-libs/freetype:2 + x11-libs/cairo + x11-libs/gtk+:2 + x11-libs/libX11 + x11-libs/libXtst + x11-libs/libXxf86vm + x11-libs/pango + virtual/opengl + ) + ) + alsa? ( media-libs/alsa-lib ) + cups? ( net-print/cups ) + fontconfig? ( media-libs/fontconfig:1.0 ) + !prefix? ( sys-libs/glibc:* ) + selinux? ( sec-policy/selinux-java )" + +DEPEND="app-arch/zip + jce? ( app-arch/unzip )" + +S="${WORKDIR}/jre" + +pkg_nofetch() { + local AT_ARCH="AT_${ARCH}" + local AT="${!AT_ARCH}" + + einfo "Please download '${AT}' from:" + einfo "'${JRE_URI}'" + einfo "and move it to '${DISTDIR}'" + + if use jce; then + einfo "Also download '${JCE_FILE}' from:" + einfo "'${JCE_URI}'" + einfo "and move it to '${DISTDIR}'" + fi + + einfo + einfo "If the above mentioned urls do not point to the correct version anymore," + einfo "please download the files from Oracle's java download archive:" + einfo + einfo " http://www.oracle.com/technetwork/java/javase/downloads/java-archive-javase8-2177648.html#jre-${MY_PV}-oth-JPR" + einfo + +} + +src_unpack() { + default + + # Upstream is changing their versioning scheme every release around 1.8.0.*; + # to stop having to change it over and over again, just wildcard match and + # live a happy life instead of trying to get this new jre1.8.0_05 to work. + mv "${WORKDIR}"/jre* "${S}" || die +} + +src_prepare() { + if use jce ; then + mv "${WORKDIR}"/${JCE_DIR} lib/security/ || die + fi + + default + + # Remove the hook that calls Oracle's evil usage tracker. Not just + # because it's evil but because it breaks the sandbox during builds + # and we can't find any other feasible way to disable it or make it + # write somewhere else. See bug #559936 for details. + zip -d lib/rt.jar sun/misc/PostVMInitHook.class || die +} + +src_install() { + local dest="/opt/${P}" + local ddest="${ED}${dest#/}" + + # Create files used as storage for system preferences. + mkdir .systemPrefs || die + touch .systemPrefs/.system.lock || die + touch .systemPrefs/.systemRootModFile || die + + if ! use alsa ; then + rm -vf lib/*/libjsoundalsa.* || die + fi + + if ! use commercial; then + rm -vfr lib/jfr* || die + fi + + if use headless-awt ; then + rm -vf lib/*/lib*{[jx]awt,splashscreen}* \ + bin/{javaws,policytool} || die + fi + + if ! use javafx ; then + rm -vf lib/*/lib*{decora,fx,glass,prism}* \ + lib/*/libgstreamer-lite.* lib/{,ext/}*fx* || die + fi + + if ! use nsplugin ; then + rm -vf lib/*/libnpjp2.* || die + else + local nsplugin=$(echo lib/*/libnpjp2.*) + fi + + # Even though plugins linked against multiple ffmpeg versions are + # provided, they generally lag behind what Gentoo has available. + rm -vf lib/*/libavplugin* || die + + dodoc COPYRIGHT + dodir "${dest}" + cp -pPR bin lib man "${ddest}" || die + + if use jce ; then + dodir ${dest}/lib/security/strong-jce + mv "${ddest}"/lib/security/US_export_policy.jar \ + "${ddest}"/lib/security/strong-jce || die + mv "${ddest}"/lib/security/local_policy.jar \ + "${ddest}"/lib/security/strong-jce || die + dosym "${dest}"/lib/security/${JCE_DIR}/US_export_policy.jar \ + "${dest}"/lib/security/US_export_policy.jar + dosym "${dest}"/lib/security/${JCE_DIR}/local_policy.jar \ + "${dest}"/lib/security/local_policy.jar + fi + + if use nsplugin ; then + local nsplugin_link=${nsplugin##*/} + nsplugin_link=${nsplugin_link/./-${PN}-${SLOT}.} + dosym "${dest}/${nsplugin}" "/usr/$(get_libdir)/nsbrowser/plugins/${nsplugin_link}" + fi + + # Install desktop file for the Java Control Panel. + # Using ${PN}-${SLOT} to prevent file collision with jre and or other slots. + # make_desktop_entry can't be used as ${P} would end up in filename. + newicon lib/desktop/icons/hicolor/48x48/apps/sun-jcontrol.png \ + sun-jcontrol-${PN}-${SLOT}.png || die + sed -e "s#Name=.*#Name=Java Control Panel for Oracle JRE ${SLOT}#" \ + -e "s#Exec=.*#Exec=/opt/${P}/bin/jcontrol#" \ + -e "s#Icon=.*#Icon=sun-jcontrol-${PN}-${SLOT}#" \ + -e "s#Application;##" \ + -e "/Encoding/d" \ + lib/desktop/applications/sun_java.desktop > \ + "${T}"/jcontrol-${PN}-${SLOT}.desktop || die + domenu "${T}"/jcontrol-${PN}-${SLOT}.desktop + + # Prune all fontconfig files so libfontconfig will be used and only install + # a Gentoo specific one if fontconfig is disabled. + # http://docs.oracle.com/javase/8/docs/technotes/guides/intl/fontconfig.html + rm "${ddest}"/lib/fontconfig.* || die + if ! use fontconfig ; then + cp "${FILESDIR}"/fontconfig.Gentoo.properties "${T}"/fontconfig.properties || die + eprefixify "${T}"/fontconfig.properties + insinto "${dest}"/lib/ + doins "${T}"/fontconfig.properties + fi + + # This needs to be done before CDS - #215225 + java-vm_set-pax-markings "${ddest}" + + # see bug #207282 + einfo "Creating the Class Data Sharing archives" + case ${ARCH} in + arm|ia64) + ${ddest}/bin/java -client -Xshare:dump || die + ;; + x86) + ${ddest}/bin/java -client -Xshare:dump || die + # limit heap size for large memory on x86 #467518 + # this is a workaround and shouldn't be needed. + ${ddest}/bin/java -server -Xms64m -Xmx64m -Xshare:dump || die + ;; + *) + ${ddest}/bin/java -server -Xshare:dump || die + ;; + esac + + # Remove empty dirs we might have copied. + find "${D}" -type d -empty -exec rmdir -v {} + || die + + java-vm_install-env "${FILESDIR}"/${PN}.env.sh + java-vm_revdep-mask + java-vm_sandbox-predict /dev/random /proc/self/coredump_filter +} + +pkg_postinst() { + java-vm-2_pkg_postinst + + if ! use headless-awt && ! use javafx; then + ewarn "You have disabled the javafx flag. Some modern desktop Java applications" + ewarn "require this and they may fail with a confusing error message." + fi +} -- cgit v1.2.3-65-gdbad