commit: 04527d66c1a22dc3d0ca2b0e22bc1da1be2b9b88 Author: James Le Cuirot <chewi <AT> gentoo <DOT> org> AuthorDate: Wed Oct 21 21:32:22 2015 +0000 Commit: James Le Cuirot <chewi <AT> gentoo <DOT> org> CommitDate: Wed Oct 21 21:32:22 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04527d66
dev-java/oracle-jre-bin: Version bumps wrt security bug #563684 Package-Manager: portage-2.2.20.1 dev-java/oracle-jre-bin/Manifest | 2 + .../oracle-jre-bin/oracle-jre-bin-1.8.0.66.ebuild | 237 +++++++++++++++++++++ 2 files changed, 239 insertions(+) diff --git a/dev-java/oracle-jre-bin/Manifest b/dev-java/oracle-jre-bin/Manifest index 2a7c94a..4b5ccb2 100644 --- a/dev-java/oracle-jre-bin/Manifest +++ b/dev-java/oracle-jre-bin/Manifest @@ -6,3 +6,5 @@ DIST jre-8u51-linux-i586.tar.gz 65731094 SHA256 e59a6fc88e1fc62167be684ffd5de90f DIST jre-8u51-linux-x64.tar.gz 63861111 SHA256 25c2146b4ff1a12a9449589f8372f7f67cb63d6f6ad2b7f9ec92181cd3a31cee SHA512 7b3c8be7ba4014041e86b2dd597d027285185f9e8a484110bea589d73e4e35a9d709d57198610f466ea05ef8ea4b7e696f1fc844a60511d0ba111f666de5cf44 WHIRLPOOL 1472b32649afbed578eaf1b31006a2020bd217a3f75b9b7d7bc2fd8c32bcd422dfd46e7d11e2e5e34904a1f5cc0bd03885cb0c1515ccd63985ca974a6d61eddb DIST jre-8u60-linux-i586.tar.gz 73863653 SHA256 8e05fa8bf73937d5e63ae80583f1e33858f0ef6be23701fd3b0070ea7af4d93a SHA512 bc267a77afe86d0a685e724e75db914a55570ceb3e6b4845b51cbef35f6dc38f387cfc58e1539236d8857f035d45ede51e651ee87f49ca540818f79ded4e373a WHIRLPOOL bc8fafe1a6b81beb1a3a8893bbbbc1d3d3d1359f98c3dc94e1f3c391fec5d188cea565febd0266152408a9dccd53ee3519ab88d8fbddf40cdffd27f856db231f DIST jre-8u60-linux-x64.tar.gz 71680110 SHA256 49dadecd043152b3b448288a35a4ee6f3845ce6395734bacc1eae340dff3cbf5 SHA512 80dc232dd1ab770ccb5c267cd528fdb47546eeb08795d8eb8a5088aed536151855d07350e5a47bbd8404afc86857ab784ecc419802ebc41860cc71560fdb2c5e WHIRLPOOL 5d51d6f7ecdf59e0a897726954c13777f9678f2c511cb5367f8524a879ef33596ad869252b2663d6a1761fb98e7aaf5617aa379de2298f5507132b65053318a0 +DIST jre-8u66-linux-i586.tar.gz 73883805 SHA256 70ee96be46d1cdeb15720b58a74c4dff0eecb6fcdded91d887b16779789f3596 SHA512 c605027974e5d6ad55cefee9c75239cd15fcf726abe49617d1008cec44f8a927f6794fcf2819e1f1e35b9535d40f6bef1fd4b023271f80e3e392824fa8bb2111 WHIRLPOOL 67dd7ea33dd9845210177f3b608789c674be2d0a7550b924f68082da6e9484e81ae1186c7aa7bddd5895ea0eb7adf8f67949a063378a028673d20e16004d4d52 +DIST jre-8u66-linux-x64.tar.gz 71719193 SHA256 f2249370a6ac4ca8977b66d7665179f0fef4df732f3af80b0f34567d594588bf SHA512 ba0de83d6a485cab305c352091cfca74b6a64132fbda38b5bda53b9dd2569adafc64c93f92397dc3a40167b04690f4d8de9f1209485a8e51a236db312efe4b8c WHIRLPOOL 00a3f10bec2bc871534cc30a4ac2bb496695686d2b41bde985aeda662bcb988e979318eb16f886989d740f92f35e45e2ac344f6d49bcab2020f11babcd2e69e8 diff --git a/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.66.ebuild b/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.66.ebuild new file mode 100644 index 0000000..89907ab --- /dev/null +++ b/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.66.ebuild @@ -0,0 +1,237 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils java-vm-2 prefix versionator + +# This URIs need updating when bumping! +JRE_URI="http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html" +JCE_URI="http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html" + +if [[ "$(get_version_component_range 4)" == 0 ]] ; then + S_PV="$(get_version_component_range 1-3)" +else + MY_PV_EXT="u$(get_version_component_range 4)" + S_PV="$(get_version_component_range 1-4)" +fi + +MY_PV="$(get_version_component_range 2)${MY_PV_EXT}" + +AT_amd64="jre-${MY_PV}-linux-x64.tar.gz" +AT_x86="jre-${MY_PV}-linux-i586.tar.gz" + +JCE_DIR="UnlimitedJCEPolicyJDK8" +JCE_FILE="jce_policy-8.zip" + +DESCRIPTION="Oracle's Java SE Runtime Environment" +HOMEPAGE="http://www.oracle.com/technetwork/java/javase/" +SRC_URI=" + amd64? ( ${AT_amd64} ) + x86? ( ${AT_x86} ) + jce? ( ${JCE_FILE} )" + +LICENSE="Oracle-BCLA-JavaSE" +SLOT="1.8" +KEYWORDS="~amd64 ~x86" +IUSE="alsa +awt cups +fontconfig javafx jce nsplugin pax_kernel selinux" + +RESTRICT="fetch preserve-libs strip" +QA_PREBUILT="*" + +# NOTES: +# +# * cups is dlopened. +# +# * libpng is also dlopened but only by libsplashscreen, which isn't +# important, so we can exclude that. +# +# * We still need to work out the exact AWT and JavaFX dependencies +# under MacOS. It doesn't appear to use many, if any, of the +# dependencies below. +# +RDEPEND="!x64-macos? ( + awt? ( + x11-libs/libX11 + x11-libs/libXext + x11-libs/libXi + x11-libs/libXrender + ) + javafx? ( + dev-libs/glib:2 + dev-libs/libxml2:2 + dev-libs/libxslt + media-libs/freetype:2 + x11-libs/cairo + x11-libs/gtk+:2 + x11-libs/libX11 + x11-libs/libXtst + x11-libs/libXxf86vm + x11-libs/pango + virtual/opengl + ) + ) + alsa? ( media-libs/alsa-lib ) + cups? ( net-print/cups ) + fontconfig? ( media-libs/fontconfig:1.0 ) + !prefix? ( sys-libs/glibc:* ) + selinux? ( sec-policy/selinux-java )" + +# A PaX header isn't created by scanelf so depend on paxctl to avoid +# fallback marking. See bug #427642. +DEPEND="app-arch/zip + jce? ( app-arch/unzip ) + pax_kernel? ( sys-apps/paxctl )" + +S="${WORKDIR}/jre" + +pkg_nofetch() { + local AT_ARCH="AT_${ARCH}" + local AT="${!AT_ARCH}" + + einfo "Please download '${AT}' from:" + einfo "'${JRE_URI}'" + einfo "and move it to '${DISTDIR}'" + + if use jce; then + einfo "Also download '${JCE_FILE}' from:" + einfo "'${JCE_URI}'" + einfo "and move it to '${DISTDIR}'" + fi + + einfo + einfo "If the above mentioned urls do not point to the correct version anymore," + einfo "please download the files from Oracle's java download archive:" + einfo + einfo " http://www.oracle.com/technetwork/java/javase/downloads/java-archive-javase8-2177648.html#jre-${MY_PV}-oth-JPR" + einfo + +} + +src_unpack() { + default + + # Upstream is changing their versioning scheme every release around 1.8.0.*; + # to stop having to change it over and over again, just wildcard match and + # live a happy life instead of trying to get this new jre1.8.0_05 to work. + mv "${WORKDIR}"/jre* "${S}" || die +} + +src_prepare() { + if use jce ; then + mv "${WORKDIR}"/${JCE_DIR} lib/security/ || die + fi + + # Remove the hook that calls Oracle's evil usage tracker. Not just + # because it's evil but because it breaks the sandbox during builds + # and we can't find any other feasible way to disable it or make it + # write somewhere else. See bug #559936 for details. + zip -d lib/rt.jar sun/misc/PostVMInitHook.class || die +} + +src_install() { + local dest="/opt/${P}" + local ddest="${ED}${dest#/}" + + # Create files used as storage for system preferences. + mkdir .systemPrefs || die + touch .systemPrefs/.system.lock || die + touch .systemPrefs/.systemRootModFile || die + + if ! use alsa ; then + rm -vf lib/*/libjsoundalsa.* || die + fi + + if ! use awt ; then + rm -vf lib/*/lib*{[jx]awt,splashscreen}* \ + bin/{javaws,policytool} || die + fi + + if ! use javafx ; then + rm -vf lib/*/lib*{decora,fx,glass,prism}* \ + lib/*/libgstreamer-lite.* lib/{,ext/}*fx* || die + fi + + if ! use nsplugin ; then + rm -vf lib/*/libnpjp2.* || die + else + local nsplugin=$(echo lib/*/libnpjp2.*) + fi + + # Even though plugins linked against multiple ffmpeg versions are + # provided, they generally lag behind what Gentoo has available. + rm -vf lib/*/libavplugin* || die + + dodoc COPYRIGHT + dodir "${dest}" + cp -pPR bin lib man "${ddest}" || die + + if use jce ; then + dodir ${dest}/lib/security/strong-jce + mv "${ddest}"/lib/security/US_export_policy.jar \ + "${ddest}"/lib/security/strong-jce || die + mv "${ddest}"/lib/security/local_policy.jar \ + "${ddest}"/lib/security/strong-jce || die + dosym "${dest}"/lib/security/${JCE_DIR}/US_export_policy.jar \ + "${dest}"/lib/security/US_export_policy.jar + dosym "${dest}"/lib/security/${JCE_DIR}/local_policy.jar \ + "${dest}"/lib/security/local_policy.jar + fi + + if use nsplugin ; then + install_mozilla_plugin "${dest}/${nsplugin}" + fi + + # Install desktop file for the Java Control Panel. + # Using ${PN}-${SLOT} to prevent file collision with jre and or other slots. + # make_desktop_entry can't be used as ${P} would end up in filename. + newicon lib/desktop/icons/hicolor/48x48/apps/sun-jcontrol.png \ + sun-jcontrol-${PN}-${SLOT}.png || die + sed -e "s#Name=.*#Name=Java Control Panel for Oracle JRE ${SLOT}#" \ + -e "s#Exec=.*#Exec=/opt/${P}/bin/jcontrol#" \ + -e "s#Icon=.*#Icon=sun-jcontrol-${PN}-${SLOT}#" \ + -e "s#Application;##" \ + -e "/Encoding/d" \ + lib/desktop/applications/sun_java.desktop > \ + "${T}"/jcontrol-${PN}-${SLOT}.desktop || die + domenu "${T}"/jcontrol-${PN}-${SLOT}.desktop + + # Prune all fontconfig files so libfontconfig will be used and only install + # a Gentoo specific one if fontconfig is disabled. + # http://docs.oracle.com/javase/8/docs/technotes/guides/intl/fontconfig.html + rm "${ddest}"/lib/fontconfig.* || die + if ! use fontconfig ; then + cp "${FILESDIR}"/fontconfig.Gentoo.properties "${T}"/fontconfig.properties || die + eprefixify "${T}"/fontconfig.properties + insinto "${dest}"/lib/ + doins "${T}"/fontconfig.properties + fi + + # This needs to be done before CDS - #215225 + java-vm_set-pax-markings "${ddest}" + + # see bug #207282 + einfo "Creating the Class Data Sharing archives" + case ${ARCH} in + arm|ia64) + ${ddest}/bin/java -client -Xshare:dump || die + ;; + x86) + ${ddest}/bin/java -client -Xshare:dump || die + # limit heap size for large memory on x86 #467518 + # this is a workaround and shouldn't be needed. + ${ddest}/bin/java -server -Xms64m -Xmx64m -Xshare:dump || die + ;; + *) + ${ddest}/bin/java -server -Xshare:dump || die + ;; + esac + + # Remove empty dirs we might have copied. + find "${D}" -type d -empty -exec rmdir -v {} + || die + + set_java_env + java-vm_revdep-mask + java-vm_sandbox-predict /dev/random /proc/self/coredump_filter +}