From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1712835-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id 57CE61580E0
for <garchives@archives.gentoo.org>; Sun, 26 Jan 2025 08:20:51 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
by smtp.gentoo.org (Postfix) with ESMTPSA id 42D7434357C
for <garchives@archives.gentoo.org>; Sun, 26 Jan 2025 08:20:51 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
by bobolink.gentoo.org (Postfix) with ESMTP id C22D3110472;
Sun, 26 Jan 2025 08:20:44 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
by bobolink.gentoo.org (Postfix) with ESMTPS id BDEF0110472
for <gentoo-commits@lists.gentoo.org>; Sun, 26 Jan 2025 08:20:44 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 64289343518
for <gentoo-commits@lists.gentoo.org>; Sun, 26 Jan 2025 08:20:44 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id 99BFB231C
for <gentoo-commits@lists.gentoo.org>; Sun, 26 Jan 2025 08:20:42 +0000 (UTC)
From: "Miroslav Šulc" <fordfrog@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Miroslav Šulc" <fordfrog@gentoo.org>
Message-ID: <1737879637.4a3906ebf737a0b5dcd7eed9372aad80f6df0de2.fordfrog@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-java/openjdk/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-java/openjdk/Manifest dev-java/openjdk/openjdk-17.0.14_p7.ebuild
X-VCS-Directories: dev-java/openjdk/
X-VCS-Committer: fordfrog
X-VCS-Committer-Name: Miroslav Šulc
X-VCS-Revision: 4a3906ebf737a0b5dcd7eed9372aad80f6df0de2
X-VCS-Branch: master
Date: Sun, 26 Jan 2025 08:20:42 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 15a76d0f-21e9-4291-a0b1-26e05108e756
X-Archives-Hash: f6450ba601c7a253007c0c4aadd263fa
commit: 4a3906ebf737a0b5dcd7eed9372aad80f6df0de2
Author: Volkmar W. Pogatzki <gentoo <AT> pogatzki <DOT> net>
AuthorDate: Tue Jan 21 22:19:09 2025 +0000
Commit: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org>
CommitDate: Sun Jan 26 08:20:37 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a3906eb
dev-java/openjdk: add 17.0.14_p7 - CVE-2025-21502
Bug: https://bugs.gentoo.org/948666
Signed-off-by: Volkmar W. Pogatzki <gentoo <AT> pogatzki.net>
Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org>
dev-java/openjdk/Manifest | 1 +
dev-java/openjdk/openjdk-17.0.14_p7.ebuild | 325 +++++++++++++++++++++++++++++
2 files changed, 326 insertions(+)
diff --git a/dev-java/openjdk/Manifest b/dev-java/openjdk/Manifest
index 2ddb8e3e29b4..2bfca969203d 100644
--- a/dev-java/openjdk/Manifest
+++ b/dev-java/openjdk/Manifest
@@ -1,6 +1,7 @@
DIST openjdk-11.0.18-riscv.patch.xz 272672 BLAKE2B b079612032a5bf135b05bdd1da16f2823772a5d9a18447a435f191daf78c5429a15c2e9ea64758dc9b26ee2a88275532b4f27714b2a7e4489f920c0ed2f5003b SHA512 c0426f243c5aa581d90366cb01ce811e34883a9d8a0298cab420378470e8eb427a56932ca1fbb5ed57e7430be2b38c6bc4491028ebaa25be0a938ba0bb2baf45
DIST openjdk-11.0.25_p9.tar.gz 116541441 BLAKE2B 5be0d6e1996860f0d8f36732758207044668fdbd6e9c9b21b96c897d526f2d86a931f2b8d732ebe4b668679c0e48cb49a472baf29d4ea5785dc4edb0d8a5de2f SHA512 25971b26d04dd111a21c112f694968c8d56c3692a62eb1366a1f49617a308a3a0cb37ab92ff02cff727041d6e32cbbc345f313db46df58f9e933a801a1588e8b
DIST openjdk-17.0.13_p11.tar.gz 107315661 BLAKE2B e403a8f33d4e79dd5c77a5dbfc991b443e15bddefe7cfde6cbd6f8df29f1cf499d0bd467d23f0c1b89b92b1dca16ebfb398a5c64b8787f787465a8a5f50bdfce SHA512 6f2220b3b0b9ab4441968d487858449f0e58400bfbbf8cc322b6c9393ab44869ea27285bed1022ac531f0a9eec5b7d6a07db4f7e78b094bb5ca8cedd5f40711a
+DIST openjdk-17.0.14_p7.tar.gz 107408032 BLAKE2B 006be4d75d3d9ef3a40b1853dded3cced6f345ea473b7c03c89f04b1d74df7532878246bafde932b49da39c1cf66bcd7c2ee42dc9049c19efc653db8f7367971 SHA512 0643ac52b68e5884734289ab13592feef7273db96f7b5c0fd77d801e4d4e44a84abcc439fd1b138119c5583986f1d0b058aa74f55b00e0dfd31333cbb536744d
DIST openjdk-21.0.5_p11.tar.gz 112679148 BLAKE2B 6cfb2ab73e1bcc5d74c28f56e163778ca42fa1b9eda5367f2198827eae04d5a269926c97b326d1e71b2a57f2780588f538db8d3a81f367903fd967534747d3af SHA512 2fdfdb7e21fcaf97590fa54317f87169d5fdabf38027f4f6570942b2af637fc9ace3d35c3bbb0df29720e7a0f6d6a4087253a713389743ed7947e433d7b8103b
DIST openjdk-21.0.6_p7.tar.gz 113221815 BLAKE2B 2b3d240037baa2b306a1064f260b7ed57a4f4dafe97626bf6e1de3e54357d8a7652c1798f6946d58aba30ca0be334d9a1f918b25381ab370d515f829abea4952 SHA512 fb03362608a35b0f6e131eaa974a52e6ff8a96f90d3bdaeccd2e1268f46db65c72387ed7bba1c8b0d9457c56950eae607fba29e102a338b009259262e1024726
DIST openjdk-25_p7.tar.gz 122614923 BLAKE2B bbb55949df77054efebe53819b1a7f1f0379f08f4aba385679aff10a54bf02fdf249b3aa02a26ffc44fb1d8f7760d6d701dc95c0546bae57c5b2515702388e6a SHA512 ac3812a1de94e20b1ac7e0890b565ab4e3d7d5236e4edbd4e53b5c78d57a887af228a0a50c77e41d7adfbf0f0d92d7a156022f1f81fc5cca4c2ac7538f52ae75
diff --git a/dev-java/openjdk/openjdk-17.0.14_p7.ebuild b/dev-java/openjdk/openjdk-17.0.14_p7.ebuild
new file mode 100644
index 000000000000..a576db8e3e4c
--- /dev/null
+++ b/dev-java/openjdk/openjdk-17.0.14_p7.ebuild
@@ -0,0 +1,325 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit check-reqs flag-o-matic java-pkg-2 java-vm-2 multiprocessing toolchain-funcs
+
+# variable name format: <UPPERCASE_KEYWORD>_XPAK
+ARM64_XPAK="17.0.2_p8" # musl bootstrap install
+PPC64_XPAK="17.0.1_p12" # big-endian bootstrap tarball
+RISCV_XPAK="17.0.3_p7"
+X86_XPAK="17.0.1_p12"
+
+# Usage: bootstrap_uri <keyword> <version> [extracond]
+# Example: $(bootstrap_uri ppc64 17.0.1_p12 big-endian)
+# Output: ppc64? ( big-endian? ( https://...17.0.1_p12-ppc64.tar.xz ) )
+bootstrap_uri() {
+ local baseuri="https://dev.gentoo.org/~arthurzam/distfiles/dev-java/${PN}/${PN}-bootstrap"
+ local suff="tar.xz"
+ local kw="${1:?${FUNCNAME[0]}: keyword not specified}"
+ local ver="${2:?${FUNCNAME[0]}: version not specified}"
+ local cond="${3-}"
+ [[ ${cond} == elibc_musl* ]] && local musl=yes
+
+ # here be dragons
+ echo "${kw}? ( ${cond:+${cond}? (} ${baseuri}-${ver}-${kw}${musl:+-musl}.${suff} ${cond:+) })"
+}
+
+# don't change versioning scheme
+# to find correct _p number, look at
+# https://github.com/openjdk/jdk${SLOT}u/tags
+# you will see, for example, jdk-17.0.4.1-ga and jdk-17.0.4.1+1, both point
+# to exact same commit sha. we should always use the full version.
+# -ga tag is just for humans to easily identify General Availability release tag.
+MY_PV="${PV%_p*}-ga"
+
+DESCRIPTION="Open source implementation of the Java programming language"
+HOMEPAGE="https://openjdk.org"
+SRC_URI="
+ https://github.com/${PN}/jdk17u/archive/jdk-${MY_PV}.tar.gz
+ -> ${P}.tar.gz
+ !system-bootstrap? (
+ $(bootstrap_uri arm64 ${ARM64_XPAK} elibc_musl)
+ $(bootstrap_uri ppc64 ${PPC64_XPAK} big-endian)
+ $(bootstrap_uri x86 ${X86_XPAK})
+ $(bootstrap_uri riscv ${RISCV_XPAK})
+ )
+"
+S="${WORKDIR}/jdk${SLOT}u-jdk-${MY_PV//+/-}"
+
+LICENSE="GPL-2-with-classpath-exception"
+SLOT="${MY_PV%%[.+]*}"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+
+IUSE="alsa big-endian cups debug doc examples headless-awt javafx +jbootstrap lto selinux source system-bootstrap systemtap"
+
+REQUIRED_USE="
+ javafx? ( alsa !headless-awt )
+ !system-bootstrap? ( jbootstrap )
+"
+
+COMMON_DEPEND="
+ media-libs/freetype:2=
+ media-libs/giflib:0/7
+ media-libs/harfbuzz:=
+ media-libs/libpng:0=
+ media-libs/lcms:2=
+ sys-libs/zlib
+ media-libs/libjpeg-turbo:0=
+ systemtap? ( dev-debug/systemtap )
+"
+
+# Many libs are required to build, but not to run, make is possible to remove
+# by listing conditionally in RDEPEND unconditionally in DEPEND
+RDEPEND="
+ ${COMMON_DEPEND}
+ >=sys-apps/baselayout-java-0.1.0-r1
+ !headless-awt? (
+ x11-libs/libX11
+ x11-libs/libXext
+ x11-libs/libXi
+ x11-libs/libXrandr
+ x11-libs/libXrender
+ x11-libs/libXt
+ x11-libs/libXtst
+ )
+ alsa? ( media-libs/alsa-lib )
+ cups? ( net-print/cups )
+ selinux? ( sec-policy/selinux-java )
+"
+
+DEPEND="
+ ${COMMON_DEPEND}
+ app-arch/zip
+ media-libs/alsa-lib
+ net-print/cups
+ x11-base/xorg-proto
+ x11-libs/libX11
+ x11-libs/libXext
+ x11-libs/libXi
+ x11-libs/libXrandr
+ x11-libs/libXrender
+ x11-libs/libXt
+ x11-libs/libXtst
+ javafx? ( dev-java/openjfx:${SLOT}= )
+ system-bootstrap? (
+ || (
+ dev-java/openjdk-bin:${SLOT}
+ dev-java/openjdk:${SLOT}
+ )
+ )
+"
+
+# The space required to build varies wildly depending on USE flags,
+# ranging from 2GB to 16GB. This function is certainly not exact but
+# should be close enough to be useful.
+openjdk_check_requirements() {
+ local M
+ M=2048
+ M=$(( $(usex jbootstrap 2 1) * $M ))
+ M=$(( $(usex debug 3 1) * $M ))
+ M=$(( $(usex doc 320 0) + $(usex source 128 0) + 192 + $M ))
+
+ CHECKREQS_DISK_BUILD=${M}M check-reqs_pkg_${EBUILD_PHASE}
+}
+
+pkg_pretend() {
+ openjdk_check_requirements
+ if [[ ${MERGE_TYPE} != binary ]]; then
+ has ccache ${FEATURES} && die "FEATURES=ccache doesn't work with ${PN}, bug #677876"
+ fi
+}
+
+pkg_setup() {
+ openjdk_check_requirements
+ java-vm-2_pkg_setup
+
+ [[ ${MERGE_TYPE} == "binary" ]] && return
+
+ JAVA_PKG_WANT_BUILD_VM="openjdk-${SLOT} openjdk-bin-${SLOT}"
+ JAVA_PKG_WANT_SOURCE="${SLOT}"
+ JAVA_PKG_WANT_TARGET="${SLOT}"
+
+ # The nastiness below is necessary while the gentoo-vm USE flag is
+ # masked. First we call java-pkg-2_pkg_setup if it looks like the
+ # flag was unmasked against one of the possible build VMs. If not,
+ # we try finding one of them in their expected locations. This would
+ # have been slightly less messy if openjdk-bin had been installed to
+ # /opt/${PN}-${SLOT} or if there was a mechanism to install a VM env
+ # file but disable it so that it would not normally be selectable.
+
+ local vm
+ for vm in ${JAVA_PKG_WANT_BUILD_VM}; do
+ if [[ -d ${BROOT}/usr/lib/jvm/${vm} ]]; then
+ java-pkg-2_pkg_setup
+ return
+ fi
+ done
+}
+
+src_prepare() {
+ default
+ chmod +x configure || die
+}
+
+src_configure() {
+ if has_version dev-java/openjdk:${SLOT}; then
+ export JDK_HOME=${BROOT}/usr/$(get_libdir)/openjdk-${SLOT}
+ elif use !system-bootstrap ; then
+ local xpakvar="${ARCH^^}_XPAK"
+ export JDK_HOME="${WORKDIR}/openjdk-bootstrap-${!xpakvar}"
+ else
+ JDK_HOME=$(best_version -b dev-java/openjdk-bin:${SLOT})
+ [[ -n ${JDK_HOME} ]] || die "Build VM not found!"
+ JDK_HOME=${JDK_HOME#*/}
+ JDK_HOME=${BROOT}/opt/${JDK_HOME%-r*}
+ export JDK_HOME
+ fi
+
+ # Work around stack alignment issue, bug #647954. in case we ever have x86
+ use x86 && append-flags -mincoming-stack-boundary=2
+
+ # bug 906987; append-cppflags doesnt work
+ use elibc_musl && append-flags -D_LARGEFILE64_SOURCE
+
+ # Strip some flags users may set, but should not. #818502
+ filter-flags -fexceptions
+
+ # Strip lto related flags, we rely on USE=lto and --with-jvm-features=link-time-opt
+ # https://bugs.gentoo.org/833097
+ # https://bugs.gentoo.org/833098
+ filter-lto
+ filter-flags -fdevirtualize-at-ltrans
+
+ # Enabling full docs appears to break doc building. If not
+ # explicitly disabled, the flag will get auto-enabled if pandoc and
+ # graphviz are detected. pandoc has loads of dependencies anyway.
+
+ local myconf=(
+ --disable-ccache
+ --disable-precompiled-headers
+ --disable-warnings-as-errors
+ --enable-full-docs=no
+ --with-boot-jdk="${JDK_HOME}"
+ --with-extra-cflags="${CFLAGS}"
+ --with-extra-cxxflags="${CXXFLAGS}"
+ --with-extra-ldflags="${LDFLAGS}"
+ --with-freetype="${XPAK_BOOTSTRAP:-system}"
+ --with-giflib="${XPAK_BOOTSTRAP:-system}"
+ --with-harfbuzz="${XPAK_BOOTSTRAP:-system}"
+ --with-lcms="${XPAK_BOOTSTRAP:-system}"
+ --with-libjpeg="${XPAK_BOOTSTRAP:-system}"
+ --with-libpng="${XPAK_BOOTSTRAP:-system}"
+ --with-native-debug-symbols=$(usex debug internal none)
+ --with-vendor-name="Gentoo"
+ --with-vendor-url="https://gentoo.org"
+ --with-vendor-bug-url="https://bugs.gentoo.org"
+ --with-vendor-vm-bug-url="https://bugs.openjdk.java.net"
+ --with-vendor-version-string="${PVR}"
+ --with-version-pre=""
+ --with-version-string="${PV%_p*}"
+ --with-version-build="${PV#*_p}"
+ --with-zlib="${XPAK_BOOTSTRAP:-system}"
+ --enable-jvm-feature-dtrace=$(usex systemtap yes no)
+ --enable-headless-only=$(usex headless-awt yes no)
+ $(tc-is-clang && echo "--with-toolchain-type=clang")
+ )
+
+ use lto && myconf+=( --with-jvm-features=link-time-opt )
+
+ if use javafx; then
+ local zip="${EPREFIX}/usr/$(get_libdir)/openjfx-${SLOT}/javafx-exports.zip"
+ if [[ -r ${zip} ]]; then
+ myconf+=( --with-import-modules="${zip}" )
+ else
+ die "${zip} not found or not readable"
+ fi
+ fi
+
+ # Workaround for bug #938302
+ if use systemtap && has_version "dev-debug/systemtap[-dtrace-symlink(+)]" ; then
+ myconf+=( DTRACE="${BROOT}"/usr/bin/stap-dtrace )
+ fi
+
+ if use !system-bootstrap ; then
+ addpredict /dev/random
+ addpredict /proc/self/coredump_filter
+ fi
+
+ (
+ unset _JAVA_OPTIONS JAVA JAVA_TOOL_OPTIONS JAVAC XARGS
+ CFLAGS= CXXFLAGS= LDFLAGS= \
+ CONFIG_SITE=/dev/null \
+ econf "${myconf[@]}"
+ )
+}
+
+src_compile() {
+ # Too brittle - gets confused by e.g. -Oline
+ export MAKEOPTS="-j$(makeopts_jobs) -l$(makeopts_loadavg)"
+ unset GNUMAKEFLAGS MAKEFLAGS
+
+ local myemakeargs=(
+ JOBS=$(makeopts_jobs)
+ LOG=debug
+ CFLAGS_WARNINGS_ARE_ERRORS= # No -Werror
+ NICE= # Use PORTAGE_NICENESS, don't adjust further down
+ $(usex doc docs '')
+ $(usex jbootstrap bootcycle-images product-images)
+ )
+ emake "${myemakeargs[@]}" -j1
+}
+
+src_install() {
+ local dest="/usr/$(get_libdir)/${PN}-${SLOT}"
+ local ddest="${ED}/${dest#/}"
+
+ cd "${S}"/build/*-release/images/jdk || die
+
+ # Create files used as storage for system preferences.
+ mkdir .systemPrefs || die
+ touch .systemPrefs/.system.lock || die
+ touch .systemPrefs/.systemRootModFile || die
+
+ # Oracle and IcedTea have libjsoundalsa.so depending on
+ # libasound.so.2 but OpenJDK only has libjsound.so. Weird.
+ if ! use alsa ; then
+ rm -v lib/libjsound.* || die
+ fi
+
+ if ! use examples ; then
+ rm -vr demo/ || die
+ fi
+
+ if ! use source ; then
+ rm -v lib/src.zip || die
+ fi
+
+ rm -v lib/security/cacerts || die
+
+ dodir "${dest}"
+ cp -pPR * "${ddest}" || die
+
+ dosym -r /etc/ssl/certs/java/cacerts "${dest}"/lib/security/cacerts
+
+ # must be done before running itself
+ java-vm_set-pax-markings "${ddest}"
+
+ einfo "Creating the Class Data Sharing archives and disabling usage tracking"
+ "${ddest}/bin/java" -server -Xshare:dump -Djdk.disableLastUsageTracking || die
+
+ java-vm_install-env "${FILESDIR}"/${PN}.env.sh
+ java-vm_revdep-mask
+ java-vm_sandbox-predict /dev/random /proc/self/coredump_filter
+
+ if use doc ; then
+ docinto html
+ dodoc -r "${S}"/build/*-release/images/docs/*
+ dosym ../../../usr/share/doc/"${PF}" /usr/share/doc/"${PN}-${SLOT}"
+ fi
+}
+
+pkg_postinst() {
+ java-vm-2_pkg_postinst
+}