* [gentoo-commits] repo/gentoo:master commit in: dev-java/mojarra/files/, dev-java/mojarra/
@ 2015-09-03 16:01 Patrice Clement
0 siblings, 0 replies; 2+ messages in thread
From: Patrice Clement @ 2015-09-03 16:01 UTC (permalink / raw
To: gentoo-commits
commit: c8d1617a77572f397ad51cc546a4a06639359614
Author: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 3 15:57:56 2015 +0000
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Thu Sep 3 16:00:58 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8d1617a
dev-java/mojarra: Remove vulnerable versions. Fixes bug 501280.
Package-Manager: portage-2.2.18
Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>
dev-java/mojarra/Manifest | 3 -
.../mojarra/files/mojarra-2.2.9-Util.java.patch | 26 -------
dev-java/mojarra/mojarra-1.2.15-r2.ebuild | 85 ----------------------
dev-java/mojarra/mojarra-2.2.9.ebuild | 46 ------------
4 files changed, 160 deletions(-)
diff --git a/dev-java/mojarra/Manifest b/dev-java/mojarra/Manifest
index 21cd8dd..4e68f51 100644
--- a/dev-java/mojarra/Manifest
+++ b/dev-java/mojarra/Manifest
@@ -1,4 +1 @@
DIST javax.faces-2.2.12-sources.jar 3105808 SHA256 503c0a1c6a270429798a6507d477ee2114f0de5204c64d5660a11796c498ab61 SHA512 b2bc2ce38d72af38a4b2fdb5aec790600ca41a5d7f6340bf6be671a901c9fe664d50d9d13f021694e85e0e145a2031e2d8b61dd6d6ccebb544f2512a91ff670a WHIRLPOOL 98a5473c8c7841cf5baae4b879d2b0a9e1b64d3666b820aa7c1aeece43d3689fc8b93766c280906f19dd23d3e13436c6514b533a3d810bdb96e88d4d78666a87
-DIST javax.faces-2.2.9-sources.jar 3098257 SHA256 f3ba4bcafcdac5e92bd784574e3f0b35ff4b7c56d07dda628a8e0246d1a40b27 SHA512 a398c7edd483af59e59c52896dfd6fbf67948cb9778940bb5045c6c4ee2e0549e24ee321dcf7a8bdadbbec82c7e533840bc42669e79664fa864627744b6cc0e3 WHIRLPOOL 040768e9aba1575137e4a1ef7bbf587fea71ff46119066a0fe5b72a9c0a1da647fbef1a712952efa0d59d51ca346366eefc0f79b7912cc7d071d695a39edf48c
-DIST mojarra-1.2_15-b01-FCS-patch.bz2 4369 SHA256 c8495b51225201bf23033a01bb853abf1cc0a40214aa6a68c7dd1c30812e6cd1 SHA512 125e511b052d4c70314a069c47ce72b51e4dd9d1c6826def6c1a8c0bf72f6c711a9fb9f05065a5f1f46dce8462b701198f67d257b1f0aa683b494b31d90205ac WHIRLPOOL 62efb9f165d40be7ba94be04046867b342d2ba39f340443bceb3f8b421c9be2c8c312ea9e04d7c743e6440fe124bd8566fa383013a9654b7758f180f659234c4
-DIST mojarra-1.2_15-b01-FCS-source.zip 5091287 SHA256 8678db1e93a2f605b696ae3a04e145bc14dd46409301ae230dc6ee4477ccb343 SHA512 6e8d8278aac36d3971bef523f8ec90a4959c0d6ec69642d5edd10379c2cdbe13242ad197475abda887b886f166b8c7ea762be5560a746f2426cec9c6a25c0144 WHIRLPOOL c5b2ab6a568468c2570d61d5cf8bc5f7147b403c9f7718c2ea32eda783605f48aa41c9f8a96cf48e13c10e5859061a527f40c003d7ff48a66571be6a69472559
diff --git a/dev-java/mojarra/files/mojarra-2.2.9-Util.java.patch b/dev-java/mojarra/files/mojarra-2.2.9-Util.java.patch
deleted file mode 100644
index d73ee9c..0000000
--- a/dev-java/mojarra/files/mojarra-2.2.9-Util.java.patch
+++ /dev/null
@@ -1,26 +0,0 @@
---- src/com/sun/faces/util/Util.java.orig 2015-06-08 21:08:39.770000000 +0000
-+++ src/com/sun/faces/util/Util.java 2015-06-08 21:10:12.719000000 +0000
-@@ -315,13 +315,16 @@
- // as the same adapter in a standalone program works as one might expect.
- // So, for now, if the classname starts with '[', then use Class.forName()
- // to avoid CR 643419 and for all other cases, use ClassLoader.loadClass().
-- if (loader.getClass() == com.sun.faces.scripting.groovy.GroovyHelperImpl.MojarraGroovyClassLoader.class) {
-- if (name.charAt(0) == '[') {
-- return Class.forName(name, true, loader);
-- } else {
-- return loader.loadClass(name);
-- }
-- }
-+ //
-+ // Disable Groovy stuff for the time being
-+ // since groovy 2.4 hasn't hit the tree... yet.
-+ // if (loader.getClass() == com.sun.faces.scripting.groovy.GroovyHelperImpl.MojarraGroovyClassLoader.class) {
-+ // if (name.charAt(0) == '[') {
-+ // return Class.forName(name, true, loader);
-+ // } else {
-+ // return loader.loadClass(name);
-+ // }
-+ // }
- return Class.forName(name, true, loader);
- }
-
diff --git a/dev-java/mojarra/mojarra-1.2.15-r2.ebuild b/dev-java/mojarra/mojarra-1.2.15-r2.ebuild
deleted file mode 100644
index 300ac12..0000000
--- a/dev-java/mojarra/mojarra-1.2.15-r2.ebuild
+++ /dev/null
@@ -1,85 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=3
-
-WANT_ANT_TASKS="ant-trax"
-JAVA_PKG_IUSE="source"
-
-inherit eutils java-pkg-2 java-ant-2
-
-MY_PV="$(get_version_component_range 1-2)_$(get_version_component_range 3)-b01-FCS"
-
-DESCRIPTION="Project Mojarra - GlassFish's Implementation for JavaServer Faces API"
-HOMEPAGE="https://javaserverfaces.dev.java.net/"
-SRC_URI="https://javaserverfaces.dev.java.net/files/documents/1866/151669/${PN}-${MY_PV}-source.zip
- mirror://gentoo/${PN}-${MY_PV}-patch.bz2"
-
-LICENSE="CDDL"
-SLOT="1.2"
-KEYWORDS="amd64 x86"
-
-IUSE=""
-
-COMMON_DEP="
- dev-java/glassfish-servlet-api:2.5
- dev-java/groovy:0
- dev-java/jakarta-jstl:0
- dev-java/portletapi:1
- "
-
-RDEPEND=">=virtual/jre-1.6
- ${COMMON_DEP}"
-DEPEND=">=virtual/jdk-1.6
- app-arch/unzip
- dev-java/ant-contrib
- dev-java/commons-beanutils:1.7
- dev-java/commons-collections:0
- dev-java/commons-digester:0
- dev-java/commons-logging:0
- ${COMMON_DEP}"
-
-S="${WORKDIR}/${PN}-${MY_PV}-sources"
-
-src_prepare() {
- epatch "${DISTDIR}/${PN}-${MY_PV}-patch.bz2"
-
- mkdir -p "${S}/dependencies/jars" || die
-
- # Should we remove those files? I don't see a reason to pull in three
- # different web app server for this package.
- rm -f \
- "${S}/jsf-ri/src/com/sun/faces/vendor/GlassFishInjectionProvider.java" \
- "${S}/jsf-ri/src/com/sun/faces/vendor/Jetty6InjectionProvider.java" \
- "${S}/jsf-ri/src/com/sun/faces/vendor/Tomcat6InjectionProvider.java"
-
- find -name '*.jar' -exec rm -f {} \;
-
- cd "${S}/common/lib/"
- java-pkg_jarfrom --build-only ant-contrib
-
- cd "${S}/dependencies/jars"
- java-pkg_jarfrom --build-only commons-beanutils-1.7
- java-pkg_jarfrom --build-only commons-collections
- java-pkg_jarfrom --build-only commons-digester
- java-pkg_jarfrom --build-only commons-logging
- java-pkg_jarfrom glassfish-servlet-api-2.5
- java-pkg_jarfrom groovy
- java-pkg_jarfrom jakarta-jstl
- java-pkg_jarfrom portletapi-1
-}
-
-src_compile() {
- cd "${S}/jsf-api"
- eant -Djsf.build.home="${S}" -Dcontainer.name=glassfish jars
-
- cd "${S}/jsf-ri"
- eant -Djsf.build.home="${S}" -Dcontainer.name=glassfish jars
-}
-
-src_install() {
- java-pkg_dojar "${S}/jsf-api/build/lib/jsf-api.jar"
- java-pkg_dojar "${S}/jsf-ri/build/lib/jsf-impl.jar"
- use source && java-pkg_dosrc "${S}"/jsf-api/src/* "${S}"/jsf-ri/src/*
-}
diff --git a/dev-java/mojarra/mojarra-2.2.9.ebuild b/dev-java/mojarra/mojarra-2.2.9.ebuild
deleted file mode 100644
index 8a94ed4..0000000
--- a/dev-java/mojarra/mojarra-2.2.9.ebuild
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils java-pkg-2 java-pkg-simple
-
-DESCRIPTION="Project Mojarra - GlassFish's Implementation for JavaServer Faces API"
-HOMEPAGE="https://javaserverfaces.dev.java.net/"
-SRC_URI="https://maven.java.net/content/repositories/releases/org/glassfish/javax.faces/${PV}/javax.faces-${PV}-sources.jar"
-
-LICENSE="CDDL"
-SLOT="2.2"
-KEYWORDS="~amd64 ~x86"
-
-IUSE=""
-
-CDEPEND="dev-java/glassfish-persistence:0
- dev-java/glassfish-ejb-api:0
- java-virtuals/servlet-api:3.0
- dev-java/tomcat-jstl-spec:1.2.5
- dev-java/tomcat-jstl-impl:1.2.5
- dev-java/validation-api:1.0
- dev-java/javax-inject:0
- dev-java/cdi-api:1.2"
-
-RDEPEND=">=virtual/jre-1.6
- ${CDEPEND}"
-DEPEND=">=virtual/jdk-1.6
- app-arch/unzip
- ${CDEPEND}"
-
-JAVA_SRC_DIR="src"
-
-JAVA_GENTOO_CLASSPATH="glassfish-persistence,glassfish-ejb-api,tomcat-jstl-spec-1.2.5,tomcat-jstl-impl-1.2.5,validation-api-1.0,cdi-api-1.2,servlet-api-3.0,javax-inject"
-
-java_prepare() {
- mkdir src || die
- mv * src
-
- # We *MUST* bump Groovy to 2.4 at some point
- # to make this stuff work correctly.
- rm -v src/com/sun/faces/scripting/groovy/GroovyHelperImpl.java || die
- epatch "${FILESDIR}"/${P}-Util.java.patch
-}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-java/mojarra/files/, dev-java/mojarra/
@ 2015-09-03 16:01 Patrice Clement
0 siblings, 0 replies; 2+ messages in thread
From: Patrice Clement @ 2015-09-03 16:01 UTC (permalink / raw
To: gentoo-commits
commit: da8f2314bd0b6df70a4016918e4450d632c24aff
Author: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 3 15:52:55 2015 +0000
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Thu Sep 3 16:00:54 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da8f2314
dev-java/mojarra: Version bump. Fixes security bug 501280.
Package-Manager: portage-2.2.18
Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>
dev-java/mojarra/Manifest | 1 +
.../mojarra/files/mojarra-2.2.12-Util.java.patch | 25 ++++++++++++
dev-java/mojarra/mojarra-2.2.12.ebuild | 46 ++++++++++++++++++++++
3 files changed, 72 insertions(+)
diff --git a/dev-java/mojarra/Manifest b/dev-java/mojarra/Manifest
index 9332e5a..21cd8dd 100644
--- a/dev-java/mojarra/Manifest
+++ b/dev-java/mojarra/Manifest
@@ -1,3 +1,4 @@
+DIST javax.faces-2.2.12-sources.jar 3105808 SHA256 503c0a1c6a270429798a6507d477ee2114f0de5204c64d5660a11796c498ab61 SHA512 b2bc2ce38d72af38a4b2fdb5aec790600ca41a5d7f6340bf6be671a901c9fe664d50d9d13f021694e85e0e145a2031e2d8b61dd6d6ccebb544f2512a91ff670a WHIRLPOOL 98a5473c8c7841cf5baae4b879d2b0a9e1b64d3666b820aa7c1aeece43d3689fc8b93766c280906f19dd23d3e13436c6514b533a3d810bdb96e88d4d78666a87
DIST javax.faces-2.2.9-sources.jar 3098257 SHA256 f3ba4bcafcdac5e92bd784574e3f0b35ff4b7c56d07dda628a8e0246d1a40b27 SHA512 a398c7edd483af59e59c52896dfd6fbf67948cb9778940bb5045c6c4ee2e0549e24ee321dcf7a8bdadbbec82c7e533840bc42669e79664fa864627744b6cc0e3 WHIRLPOOL 040768e9aba1575137e4a1ef7bbf587fea71ff46119066a0fe5b72a9c0a1da647fbef1a712952efa0d59d51ca346366eefc0f79b7912cc7d071d695a39edf48c
DIST mojarra-1.2_15-b01-FCS-patch.bz2 4369 SHA256 c8495b51225201bf23033a01bb853abf1cc0a40214aa6a68c7dd1c30812e6cd1 SHA512 125e511b052d4c70314a069c47ce72b51e4dd9d1c6826def6c1a8c0bf72f6c711a9fb9f05065a5f1f46dce8462b701198f67d257b1f0aa683b494b31d90205ac WHIRLPOOL 62efb9f165d40be7ba94be04046867b342d2ba39f340443bceb3f8b421c9be2c8c312ea9e04d7c743e6440fe124bd8566fa383013a9654b7758f180f659234c4
DIST mojarra-1.2_15-b01-FCS-source.zip 5091287 SHA256 8678db1e93a2f605b696ae3a04e145bc14dd46409301ae230dc6ee4477ccb343 SHA512 6e8d8278aac36d3971bef523f8ec90a4959c0d6ec69642d5edd10379c2cdbe13242ad197475abda887b886f166b8c7ea762be5560a746f2426cec9c6a25c0144 WHIRLPOOL c5b2ab6a568468c2570d61d5cf8bc5f7147b403c9f7718c2ea32eda783605f48aa41c9f8a96cf48e13c10e5859061a527f40c003d7ff48a66571be6a69472559
diff --git a/dev-java/mojarra/files/mojarra-2.2.12-Util.java.patch b/dev-java/mojarra/files/mojarra-2.2.12-Util.java.patch
new file mode 100644
index 0000000..23033f6
--- /dev/null
+++ b/dev-java/mojarra/files/mojarra-2.2.12-Util.java.patch
@@ -0,0 +1,25 @@
+--- src/com/sun/faces/util/Util.java.orig 2015-09-03 14:43:30.953486000 +0000
++++ src/com/sun/faces/util/Util.java 2015-09-03 14:43:57.692486000 +0000
+@@ -354,13 +354,15 @@
+ // as the same adapter in a standalone program works as one might expect.
+ // So, for now, if the classname starts with '[', then use Class.forName()
+ // to avoid CR 643419 and for all other cases, use ClassLoader.loadClass().
+- if (loader.getClass() == com.sun.faces.scripting.groovy.GroovyHelperImpl.MojarraGroovyClassLoader.class) {
+- if (name.charAt(0) == '[') {
+- return Class.forName(name, true, loader);
+- } else {
+- return loader.loadClass(name);
+- }
+- }
++ //
++ // Disable Groovy support.
++ // if (loader.getClass() == com.sun.faces.scripting.groovy.GroovyHelperImpl.MojarraGroovyClassLoader.class) {
++ // if (name.charAt(0) == '[') {
++ // return Class.forName(name, true, loader);
++ // } else {
++ // return loader.loadClass(name);
++ // }
++ // }
+ return Class.forName(name, true, loader);
+ }
+
diff --git a/dev-java/mojarra/mojarra-2.2.12.ebuild b/dev-java/mojarra/mojarra-2.2.12.ebuild
new file mode 100644
index 0000000..8a94ed4
--- /dev/null
+++ b/dev-java/mojarra/mojarra-2.2.12.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils java-pkg-2 java-pkg-simple
+
+DESCRIPTION="Project Mojarra - GlassFish's Implementation for JavaServer Faces API"
+HOMEPAGE="https://javaserverfaces.dev.java.net/"
+SRC_URI="https://maven.java.net/content/repositories/releases/org/glassfish/javax.faces/${PV}/javax.faces-${PV}-sources.jar"
+
+LICENSE="CDDL"
+SLOT="2.2"
+KEYWORDS="~amd64 ~x86"
+
+IUSE=""
+
+CDEPEND="dev-java/glassfish-persistence:0
+ dev-java/glassfish-ejb-api:0
+ java-virtuals/servlet-api:3.0
+ dev-java/tomcat-jstl-spec:1.2.5
+ dev-java/tomcat-jstl-impl:1.2.5
+ dev-java/validation-api:1.0
+ dev-java/javax-inject:0
+ dev-java/cdi-api:1.2"
+
+RDEPEND=">=virtual/jre-1.6
+ ${CDEPEND}"
+DEPEND=">=virtual/jdk-1.6
+ app-arch/unzip
+ ${CDEPEND}"
+
+JAVA_SRC_DIR="src"
+
+JAVA_GENTOO_CLASSPATH="glassfish-persistence,glassfish-ejb-api,tomcat-jstl-spec-1.2.5,tomcat-jstl-impl-1.2.5,validation-api-1.0,cdi-api-1.2,servlet-api-3.0,javax-inject"
+
+java_prepare() {
+ mkdir src || die
+ mv * src
+
+ # We *MUST* bump Groovy to 2.4 at some point
+ # to make this stuff work correctly.
+ rm -v src/com/sun/faces/scripting/groovy/GroovyHelperImpl.java || die
+ epatch "${FILESDIR}"/${P}-Util.java.patch
+}
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-09-03 16:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-03 16:01 [gentoo-commits] repo/gentoo:master commit in: dev-java/mojarra/files/, dev-java/mojarra/ Patrice Clement
-- strict thread matches above, loose matches on Subject: below --
2015-09-03 16:01 Patrice Clement
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox