* icedtea-1, icedtea-2 security updates
@ 2016-01-28 4:25 Leo Famulari
2016-01-28 7:27 ` Ricardo Wurmus
0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2016-01-28 4:25 UTC (permalink / raw)
To: guix-devel
There are security updates for icedtea-1 [0] and icedtea-2 [1]. The
updated versions are 1.3.10 and 2.6.4, respectively.
I spent some time trying to build these new versions but I am having
trouble.
The upstream tarballs contain their own patches on the bundled OpenJDK
source code. For both icedtea-1 and icedtea-2, some of these patches
fail to apply.
I looked into the failing patches to see if it could be fixed by
adjusting, for example, the whitespace the parameters of `patch`, but
the strings to be matched don't exist in the relevant files.
I _think_ this is an upstream bug. However, the icedtea-* package
definitions are complex and I'd like it if someone else could take a
look at this issue before I file an upstream bug report.
Some details follow about the problem in icedtea-2.
The failing patch file is:
icedtea-2.6.4/patches/boot/ecj-multicatch.patch
... and it fails while trying to patch:
jdk/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
... on the first "diff" line of the patch:
- } catch (InvalidAlgorithmParameterException |
The string "InvalidAlgorithmParameterException" does not exist in that
file.
Thanks for your attention.
[0]
http://blog.fuseyism.com/index.php/2016/01/25/security-icedtea-1-13-10-for-openjdk-6-released/
[1]
http://blog.fuseyism.com/index.php/2016/01/21/security-icedtea-2-6-4-for-openjdk-7-released/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: icedtea-1, icedtea-2 security updates
2016-01-28 4:25 icedtea-1, icedtea-2 security updates Leo Famulari
@ 2016-01-28 7:27 ` Ricardo Wurmus
2016-01-28 13:52 ` Leo Famulari
0 siblings, 1 reply; 3+ messages in thread
From: Ricardo Wurmus @ 2016-01-28 7:27 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> writes:
> There are security updates for icedtea-1 [0] and icedtea-2 [1]. The
> updated versions are 1.3.10 and 2.6.4, respectively.
>
> I spent some time trying to build these new versions but I am having
> trouble.
Thanks for trying! I won’t be able to attend to this before Tuesday, so
it’s nice that somebody else is taking care of this.
> The upstream tarballs contain their own patches on the bundled OpenJDK
> source code. For both icedtea-1 and icedtea-2, some of these patches
> fail to apply.
Not only icedtea (i.e. the patches to the OpenJDK sources to make it
buildable with free software) has to be updated, but also the “drops”.
Drops are upstream OpenJDK source tarballs.
So for icedtea-6 this means the "openjdk6-src" input must be changed to
https://java.net/downloads/openjdk6/openjdk-6-src-b38-20_jan_2016.tar.gz;
for icedtea-7 all of the added native-inputs must be changed, i.e:
"openjdk-src", "corba-drop", "jaxp-drop", "jaxws-drop", "jdk-drop",
"langtools-drop", "hotspot-drop".
The icedtea-7 package has a function to build origins from names and
hashes, so you will just need to update the version and the individual
drop hashes. You can get all the icedtea-7 drops here:
http://icedtea.wildebeest.org/download/drops/icedtea7/2.6.4/
Hope this helps!
~~ Ricardo
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: icedtea-1, icedtea-2 security updates
2016-01-28 7:27 ` Ricardo Wurmus
@ 2016-01-28 13:52 ` Leo Famulari
0 siblings, 0 replies; 3+ messages in thread
From: Leo Famulari @ 2016-01-28 13:52 UTC (permalink / raw)
To: Ricardo Wurmus; +Cc: guix-devel
On Thu, Jan 28, 2016 at 08:27:14AM +0100, Ricardo Wurmus wrote:
> Not only icedtea (i.e. the patches to the OpenJDK sources to make it
> buildable with free software) has to be updated, but also the “drops”.
> Drops are upstream OpenJDK source tarballs.
>
> So for icedtea-6 this means the "openjdk6-src" input must be changed to
>
> https://java.net/downloads/openjdk6/openjdk-6-src-b38-20_jan_2016.tar.gz;
>
> for icedtea-7 all of the added native-inputs must be changed, i.e:
> "openjdk-src", "corba-drop", "jaxp-drop", "jaxws-drop", "jdk-drop",
> "langtools-drop", "hotspot-drop".
>
> The icedtea-7 package has a function to build origins from names and
> hashes, so you will just need to update the version and the individual
> drop hashes. You can get all the icedtea-7 drops here:
>
> http://icedtea.wildebeest.org/download/drops/icedtea7/2.6.4/
>
> Hope this helps!
Indeed, that helped! Thank you for taking the time to explain this.
Hopefully it took less time to explain than to do the updates yourself
;)
>
> ~~ Ricardo
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-01-28 13:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-01-28 4:25 icedtea-1, icedtea-2 security updates Leo Famulari
2016-01-28 7:27 ` Ricardo Wurmus
2016-01-28 13:52 ` Leo Famulari
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).