Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-java
diff options
context:
space:
mode:
authorVolkmar W. Pogatzki <gentoo@pogatzki.net>2024-10-15 19:42:35 +0200
committerMiroslav Šulc <fordfrog@gentoo.org>2024-10-30 12:32:00 +0100
commitdfeddd5d6637f482103e816a046c1c356dbc0d0f (patch)
tree7674a98f0e99d01a70f63e9442c3837093211c1e /dev-java
parentnet-analyzer/tcptrace: drop 6.6.7_p6 (diff)
downloadgentoo-dfeddd5d6637f482103e816a046c1c356dbc0d0f.tar.gz
gentoo-dfeddd5d6637f482103e816a046c1c356dbc0d0f.tar.bz2
gentoo-dfeddd5d6637f482103e816a046c1c356dbc0d0f.zip
dev-java/fop: add 2.10 - CVE-2024-28168
Updating fop-2.7-jars.tar.xz -> fop-2.10-jars.tar.xz with newer events solves several test exclusions. Bug: https://bugs.gentoo.org/941239 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/38836/commits/b312a3234fda20fe912b57e25cee1c0ec1ac9970 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
Diffstat (limited to 'dev-java')
-rw-r--r--dev-java/fop/Manifest3
-rw-r--r--dev-java/fop/files/fop-2.10-java23.patch52
-rw-r--r--dev-java/fop/fop-2.10.ebuild211
3 files changed, 266 insertions, 0 deletions
diff --git a/dev-java/fop/Manifest b/dev-java/fop/Manifest
index 09319bb63d30..ab5e905bc3fb 100644
--- a/dev-java/fop/Manifest
+++ b/dev-java/fop/Manifest
@@ -1,3 +1,6 @@
+DIST fop-2.10-jars.tar.xz 7696 BLAKE2B aa5db0a4ee8b96e54e7beccccc21bd4559f2f228476ab65a12935fbbd69924e23296c1dfcf6e717b6031b9e21efd3aeed4df130ba5f8717ae47a1b0628013d59 SHA512 7c9d14f71e94e6a706c845d71a95adcbf0c77934618d9ce070dfd677adf8d2f171ab6e16954db684dc1781f91719e194382a629274435ecef3d3fbf0e5c7bae3
+DIST fop-2.10-src.tar.gz 20903590 BLAKE2B 5217edbabc255b2e37c6198ea7cdfb1344db0726c7156f73bdc5ac452c4c233c5280d263e65656cde92ce6aa52c8ea94e346d9d14535ca802fc37fe1475ba255 SHA512 c5ae25be3e3a4da01195e108dec66743ab6017967220db1f4e4300f79594d8144de23876eeac07b2068db75a60e1b25d10ddad48533bd0cd6cb9e110b519fcf6
+DIST fop-2.10-src.tar.gz.asc 833 BLAKE2B 70b200af6f3611b3dcd6da9d8728b12ee9a7bd4882919965c641e822cdd21510669cc98ace5d8caaa42e05347ae0d9b07384365377bbd4c5ca0b1edc07e2ff80 SHA512 ae9628cf9ca84d9c2ac1bfddcb4aec786985d3fdca16c2541e45690c81695ec5361dc1641a30572fc2d95defa69cab61a1992ab0d16843344411acb77835a73c
DIST fop-2.7-jars.tar.xz 7348 BLAKE2B 79a5b4f1948bbc9628e571a9873494e2d2088d7a90296e81e03cafa6ecd8f9d1c8dd6779d15c47a0e110304aa07e706c56412e3766a84e0a66c8224fdd92f61c SHA512 71c39cbb20416dc29beb8628ae8bac2a663c0b0d1f0418a241f3795a2d5e01159572c210b5a2d2eff8274247dc3631980de50fea4f94182ddde095d0e5e605c6
DIST fop-2.9-src.tar.gz 20642865 BLAKE2B 6ab265ddfb1c07b9266687930af21ac4653438800772da836dbceb14de126333dcff50c2cea1352ad77988ec7f7a3d4eef91341983edc13684abf2531634eb0a SHA512 d346c8fffd0d3ff5e803bea4233ce171972ded39b0c475b367333e37247da8f9e823c7e2e75fab735bf9282654d67befa2fa473f53a199cbd96b0f7305b3c093
DIST fop-2.9-src.tar.gz.asc 833 BLAKE2B 284f04d450bcfb6583d353ae21bbadad8da14b59d946e094453b564e700c8cfdcb448ed206a5a246b725b453a1b3feea69f96ff3b2a683320bce6743cc5a167f SHA512 404d5df54cf84ddb11c7f5ebc6772d61cd04fc434dea421429a9a270e1d0ca17f61df8a33600db5a41c6d45f828a67fc26becfa9b4ac18342e9dfb4781dd0bdc
diff --git a/dev-java/fop/files/fop-2.10-java23.patch b/dev-java/fop/files/fop-2.10-java23.patch
new file mode 100644
index 000000000000..fb3aae334c72
--- /dev/null
+++ b/dev-java/fop/files/fop-2.10-java23.patch
@@ -0,0 +1,52 @@
+From 49e0e9ae69cf96eb4c13527b271c8a70a5f5f843 Mon Sep 17 00:00:00 2001
+From: Simon Steiner <ssteiner@apache.org>
+Date: Mon, 21 Oct 2024 10:10:54 +0100
+Subject: [PATCH] Fix compile on Java 23
+
+---
+ .github/workflows/maven.yml | 2 +-
+ .../main/java/org/apache/fop/layoutmgr/KnuthSequence.java | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+# diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
+# index a9c6e0f7eba..d5e426590b5 100644
+# --- a/.github/workflows/maven.yml
+# +++ b/.github/workflows/maven.yml
+# @@ -17,7 +17,7 @@ jobs:
+# strategy:
+# fail-fast: false
+# matrix:
+# - jdk: ['8', '11', '17', '21']
+# + jdk: ['8', '11', '17', '21', '23']
+# os: [ubuntu-latest, windows-latest]
+#
+# steps:
+# diff --git a/fop-core/src/main/java/org/apache/fop/layoutmgr/KnuthSequence.java b/fop-core/src/main/java/org/apache/fop/layoutmgr/KnuthSequence.java
+# index ce85b686cb4..8f4a6d66c0f 100644
+--- a/fop-core/src/main/java/org/apache/fop/layoutmgr/KnuthSequence.java
++++ b/fop-core/src/main/java/org/apache/fop/layoutmgr/KnuthSequence.java
+@@ -134,20 +134,20 @@ public void wrapPositions(LayoutManager lm) {
+ /**
+ * @return the last element of this sequence.
+ */
+- public ListElement getLast() {
++ public T getLast() {
+ return (isEmpty()
+ ? null
+- : (ListElement) ListUtil.getLast(this));
++ : ListUtil.getLast(this));
+ }
+
+ /**
+ * Remove the last element of this sequence.
+ * @return the removed element.
+ */
+- public ListElement removeLast() {
++ public T removeLast() {
+ return (isEmpty()
+ ? null
+- : (ListElement) ListUtil.removeLast(this));
++ : ListUtil.removeLast(this));
+ }
+
+ /**
diff --git a/dev-java/fop/fop-2.10.ebuild b/dev-java/fop/fop-2.10.ebuild
new file mode 100644
index 000000000000..0b0835b224f5
--- /dev/null
+++ b/dev-java/fop/fop-2.10.ebuild
@@ -0,0 +1,211 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+JAVA_PKG_IUSE="doc source test"
+MAVEN_ID="org.apache.xmlgraphics:fop:${PV}"
+JAVA_TESTING_FRAMEWORKS="junit-4"
+
+inherit java-pkg-2 java-pkg-simple verify-sig
+
+DESCRIPTION="XML Graphics Format Object Processor All-In-One"
+HOMEPAGE="https://xmlgraphics.apache.org/fop/"
+SRC_URI="
+ mirror://apache/xmlgraphics/fop/source/${P}-src.tar.gz
+ https://dev.gentoo.org/~fordfrog/distfiles/fop-2.10-jars.tar.xz
+ verify-sig? ( https://downloads.apache.org/xmlgraphics/fop/source/${P}-src.tar.gz.asc )
+ test? ( https://repo1.maven.org/maven2/net/sf/offo/fop-hyph/2.0/fop-hyph-2.0.jar )
+"
+S="${WORKDIR}/${P}"
+
+LICENSE="Apache-2.0"
+SLOT="2.8"
+KEYWORDS="~amd64 ~arm64 ~ppc64"
+
+VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/xmlgraphics-fop.apache.org.asc"
+
+BDEPEND="
+ dev-java/xalan:0
+ verify-sig? ( sec-keys/openpgp-keys-apache-xmlgraphics-fop )
+"
+
+CP_DEPEND="
+ >=dev-java/ant-1.10.14-r3:0
+ dev-java/batik:0
+ dev-java/bcprov:0
+ dev-java/bcpkix:0
+ dev-java/commons-io:1
+ dev-java/commons-logging:0
+ dev-java/fontbox:0
+ dev-java/jakarta-servlet-api:6.1
+ dev-java/qdox:1.12
+ dev-java/sun-jai-bin:0
+ dev-java/xmlgraphics-commons:0
+"
+
+DEPEND="
+ ${CP_DEPEND}
+ >=virtual/jdk-1.8:*
+ test? (
+ dev-java/mockito:2
+ dev-java/pdfbox:0
+ dev-java/xmlunit:1
+ )
+"
+
+RDEPEND="
+ ${CP_DEPEND}
+ >=virtual/jre-1.8:*
+"
+
+DOCS=( NOTICE README )
+
+PATCHES=(
+ "${FILESDIR}/fop-2.9-PDFEncodingTestCase.patch"
+ "${FILESDIR}/fop-2.10-java23.patch"
+)
+
+src_unpack() {
+ if use verify-sig; then
+ verify-sig_verify_detached "${DISTDIR}"/${P}-src.tar.gz{,.asc}
+ fi
+ default
+}
+
+src_prepare() {
+ java-pkg_clean
+ default #780585
+ java-pkg-2_src_prepare
+}
+
+src_compile() {
+ # while ant could install multiple jar files we only need ant.jar
+ JAVA_GENTOO_CLASSPATH_EXTRA=":$(java-pkg_getjar ant ant.jar)"
+
+ JAVA_JAR_FILENAME="fop-util.jar"
+ JAVA_SRC_DIR="fop-util/src/main/java"
+ java-pkg-simple_src_compile
+ JAVA_GENTOO_CLASSPATH_EXTRA+=":fop-util.jar"
+ rm -r target || die
+
+ JAVA_JAR_FILENAME="fop-events.jar"
+ JAVA_RESOURCE_DIRS="fop-events/src/main/resources"
+ JAVA_SRC_DIR="fop-events/src/main/java"
+ java-pkg-simple_src_compile
+ JAVA_GENTOO_CLASSPATH_EXTRA+=":fop-events.jar"
+ rm -r target || die
+
+ JAVA_JAR_FILENAME="fop-core.jar"
+ JAVA_MAIN_CLASS=$( sed -n 's:.*<mainClass>\(.*\)</mainClass>:\1:p' fop-core/pom.xml )
+ JAVA_RESOURCE_DIRS="fop-core/src/main/resources"
+ JAVA_SRC_DIR="fop-core/src/main/java"
+ # Code generation according to
+ # https://github.com/apache/xmlgraphics-fop/blob/fop-2_8/fop-core/pom.xml#L156-L225
+ pushd fop-core/src/main/codegen/fonts > /dev/null || die
+ local fonts=$(find . -name "Courier*.xml" \
+ -o -name "Helvetica*.xml" \
+ -o -name "Times*.xml" \
+ -o -name "Symbol.xml" \
+ -o -name "ZapfDingbats.xml"
+ )
+ for font in ${fonts}; do \
+ xalan -XSLTC \
+ -IN $font \
+ -XSL font-file.xsl \
+ -OUT ../../java/org/apache/fop/fonts/base14/${font//.xml}.java || die
+ done
+ xalan -XSLTC \
+ -IN encodings.xml \
+ -XSL code-point-mapping.xsl \
+ -OUT ../../java/org/apache/fop/fonts/base14/CodePointMapping.java || die
+ popd > /dev/null || die
+
+ # Update JAVA_RESOURCE_DIRS with "event-mode.xml" files
+ # produced manually by running "mvn package".
+ # Upstream does this with maven-antrun-plugin, fop-core/pom.xml lines 285-308
+ pushd "${JAVA_RESOURCE_DIRS}" > /dev/null || die
+ jar -xf "${WORKDIR}/fop-2.10-core-event-models.jar"
+ popd > /dev/null || die
+
+# einfo "Code generation according to fop-events/pom.xml lines 80-92"
+# mkdir -p test/java || die
+# mkdir -p fop-core/target/classes || die
+# local cp=fop-events.jar:"$(java-pkg_getjar ant ant.jar):$(java-pkg_getjars qdox-1.12)"
+# "$(java-config -J)" -cp "${cp}" \
+# org.apache.fop.eventtools.EventProducerCollectorTask \
+# fop-core/target/classes \
+# fop-core/src/main/java/org/apache/fop/afp/AFPEventProducer.java || die
+
+ java-pkg-simple_src_compile
+
+ rm -r target || die
+
+ if use doc; then \
+ JAVA_SRC_DIR=(
+ "fop-util/src/main/java"
+ "fop-events/src/main/java"
+ "fop-core/src/main/java"
+ )
+ JAVA_JAR_FILENAME="ignoreme.jar"
+ java-pkg-simple_src_compile
+ fi
+}
+
+src_test() {
+ JAVA_TEST_GENTOO_CLASSPATH="junit-4,mockito-2,pdfbox,xmlunit-1"
+
+ einfo "Testing fop-events"
+ JAVA_TEST_EXCLUDES="org.apache.fop.events.TestEventProducer"
+ JAVA_TEST_SRC_DIR="fop-events/src/test/java"
+ # This jar file was created manually from the output of "mvn test".
+ # Upstream does this with maven-antrun-plugin
+ jar -xf "${WORKDIR}/fop-2.10-test-event-model.jar" || die
+ mkdir generated-test || die
+ mv {target/test-classes,generated-test}/org || die
+ java-pkg-simple_src_test
+
+ einfo "Testing fop-core"
+ pushd fop-core/src/test/java > /dev/null || die
+ # Excluding one test, see https://bugs.gentoo.org/903880
+ local JAVA_TEST_RUN_ONLY=$(find * -type f \
+ -name "*TestCase.java" \
+ )
+ JAVA_TEST_RUN_ONLY="${JAVA_TEST_RUN_ONLY//.java}"
+ JAVA_TEST_RUN_ONLY="${JAVA_TEST_RUN_ONLY//\//.}"
+ local vm_version="$(java-config -g PROVIDES_VERSION)"
+ # these tests would fail with java.lang.NoSuchMethodError if compiled with jdk-1.8
+ if ver_test "${vm_version}" -eq "1.8"; then
+ JAVA_TEST_RUN_ONLY=${JAVA_TEST_RUN_ONLY//org.apache.fop.render.pdf.PDFEncodingTestCase}
+ JAVA_TEST_RUN_ONLY=${JAVA_TEST_RUN_ONLY//org.apache.fop.fonts.truetype.OTFToType1TestCase}
+# org.apache.fop.render.pdf.PDFEncodingTestCase
+# org.apache.fop.fonts.truetype.OTFToType1TestCase
+ fi
+ popd > /dev/null || die
+ # https://github.com/apache/xmlgraphics-fop/blob/fop-2_8/fop-core/pom.xml#L297-L307
+ # <workingDirectory>../fop</workingDirectory>
+ pushd fop > /dev/null || die
+ JAVA_GENTOO_CLASSPATH_EXTRA="${DISTDIR}/fop-hyph-2.0.jar"
+ JAVA_GENTOO_CLASSPATH_EXTRA+=":../fop-util.jar"
+ JAVA_GENTOO_CLASSPATH_EXTRA+=":../fop-events.jar"
+ JAVA_GENTOO_CLASSPATH_EXTRA+=":../fop-core.jar"
+ JAVA_TEST_RESOURCE_DIRS="../fop-core/src/test/resources"
+ JAVA_TEST_SRC_DIR="../fop-core/src/test/java"
+ java-pkg-simple_src_test
+ popd > /dev/null || die
+}
+
+src_install() {
+ local module
+ for module in fop-util fop-events fop-core ; do
+ java-pkg_dojar "${module}.jar"
+ if use source; then
+ java-pkg_dosrc "${module}/src/main/java/*"
+ fi
+ done
+ if use doc; then
+ java-pkg_dojavadoc target/api
+ fi
+ java-pkg_dolauncher "fop-${SLOT}" --main "org.apache.fop.cli.Main"
+ einstalldocs
+}