commit: dfeddd5d6637f482103e816a046c1c356dbc0d0f Author: Volkmar W. Pogatzki <gentoo <AT> pogatzki <DOT> net> AuthorDate: Tue Oct 15 17:42:35 2024 +0000 Commit: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> CommitDate: Wed Oct 30 11:32:00 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfeddd5d
dev-java/fop: add 2.10 - CVE-2024-28168 Updating fop-2.7-jars.tar.xz -> fop-2.10-jars.tar.xz with newer events solves several test exclusions. Bug: https://bugs.gentoo.org/941239 Signed-off-by: Volkmar W. Pogatzki <gentoo <AT> pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/38836/commits/b312a3234fda20fe912b57e25cee1c0ec1ac9970 Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org> dev-java/fop/Manifest | 3 + dev-java/fop/files/fop-2.10-java23.patch | 52 ++++++++ dev-java/fop/fop-2.10.ebuild | 211 +++++++++++++++++++++++++++++++ 3 files changed, 266 insertions(+) diff --git a/dev-java/fop/Manifest b/dev-java/fop/Manifest index 09319bb63d30..ab5e905bc3fb 100644 --- a/dev-java/fop/Manifest +++ b/dev-java/fop/Manifest @@ -1,3 +1,6 @@ +DIST fop-2.10-jars.tar.xz 7696 BLAKE2B aa5db0a4ee8b96e54e7beccccc21bd4559f2f228476ab65a12935fbbd69924e23296c1dfcf6e717b6031b9e21efd3aeed4df130ba5f8717ae47a1b0628013d59 SHA512 7c9d14f71e94e6a706c845d71a95adcbf0c77934618d9ce070dfd677adf8d2f171ab6e16954db684dc1781f91719e194382a629274435ecef3d3fbf0e5c7bae3 +DIST fop-2.10-src.tar.gz 20903590 BLAKE2B 5217edbabc255b2e37c6198ea7cdfb1344db0726c7156f73bdc5ac452c4c233c5280d263e65656cde92ce6aa52c8ea94e346d9d14535ca802fc37fe1475ba255 SHA512 c5ae25be3e3a4da01195e108dec66743ab6017967220db1f4e4300f79594d8144de23876eeac07b2068db75a60e1b25d10ddad48533bd0cd6cb9e110b519fcf6 +DIST fop-2.10-src.tar.gz.asc 833 BLAKE2B 70b200af6f3611b3dcd6da9d8728b12ee9a7bd4882919965c641e822cdd21510669cc98ace5d8caaa42e05347ae0d9b07384365377bbd4c5ca0b1edc07e2ff80 SHA512 ae9628cf9ca84d9c2ac1bfddcb4aec786985d3fdca16c2541e45690c81695ec5361dc1641a30572fc2d95defa69cab61a1992ab0d16843344411acb77835a73c DIST fop-2.7-jars.tar.xz 7348 BLAKE2B 79a5b4f1948bbc9628e571a9873494e2d2088d7a90296e81e03cafa6ecd8f9d1c8dd6779d15c47a0e110304aa07e706c56412e3766a84e0a66c8224fdd92f61c SHA512 71c39cbb20416dc29beb8628ae8bac2a663c0b0d1f0418a241f3795a2d5e01159572c210b5a2d2eff8274247dc3631980de50fea4f94182ddde095d0e5e605c6 DIST fop-2.9-src.tar.gz 20642865 BLAKE2B 6ab265ddfb1c07b9266687930af21ac4653438800772da836dbceb14de126333dcff50c2cea1352ad77988ec7f7a3d4eef91341983edc13684abf2531634eb0a SHA512 d346c8fffd0d3ff5e803bea4233ce171972ded39b0c475b367333e37247da8f9e823c7e2e75fab735bf9282654d67befa2fa473f53a199cbd96b0f7305b3c093 DIST fop-2.9-src.tar.gz.asc 833 BLAKE2B 284f04d450bcfb6583d353ae21bbadad8da14b59d946e094453b564e700c8cfdcb448ed206a5a246b725b453a1b3feea69f96ff3b2a683320bce6743cc5a167f SHA512 404d5df54cf84ddb11c7f5ebc6772d61cd04fc434dea421429a9a270e1d0ca17f61df8a33600db5a41c6d45f828a67fc26becfa9b4ac18342e9dfb4781dd0bdc diff --git a/dev-java/fop/files/fop-2.10-java23.patch b/dev-java/fop/files/fop-2.10-java23.patch new file mode 100644 index 000000000000..fb3aae334c72 --- /dev/null +++ b/dev-java/fop/files/fop-2.10-java23.patch @@ -0,0 +1,52 @@ +From 49e0e9ae69cf96eb4c13527b271c8a70a5f5f843 Mon Sep 17 00:00:00 2001 +From: Simon Steiner <[email protected]> +Date: Mon, 21 Oct 2024 10:10:54 +0100 +Subject: [PATCH] Fix compile on Java 23 + +--- + .github/workflows/maven.yml | 2 +- + .../main/java/org/apache/fop/layoutmgr/KnuthSequence.java | 8 ++++---- + 2 files changed, 5 insertions(+), 5 deletions(-) + +# diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml +# index a9c6e0f7eba..d5e426590b5 100644 +# --- a/.github/workflows/maven.yml +# +++ b/.github/workflows/maven.yml +# @@ -17,7 +17,7 @@ jobs: +# strategy: +# fail-fast: false +# matrix: +# - jdk: ['8', '11', '17', '21'] +# + jdk: ['8', '11', '17', '21', '23'] +# os: [ubuntu-latest, windows-latest] +# +# steps: +# diff --git a/fop-core/src/main/java/org/apache/fop/layoutmgr/KnuthSequence.java b/fop-core/src/main/java/org/apache/fop/layoutmgr/KnuthSequence.java +# index ce85b686cb4..8f4a6d66c0f 100644 +--- a/fop-core/src/main/java/org/apache/fop/layoutmgr/KnuthSequence.java ++++ b/fop-core/src/main/java/org/apache/fop/layoutmgr/KnuthSequence.java +@@ -134,20 +134,20 @@ public void wrapPositions(LayoutManager lm) { + /** + * @return the last element of this sequence. + */ +- public ListElement getLast() { ++ public T getLast() { + return (isEmpty() + ? null +- : (ListElement) ListUtil.getLast(this)); ++ : ListUtil.getLast(this)); + } + + /** + * Remove the last element of this sequence. + * @return the removed element. + */ +- public ListElement removeLast() { ++ public T removeLast() { + return (isEmpty() + ? null +- : (ListElement) ListUtil.removeLast(this)); ++ : ListUtil.removeLast(this)); + } + + /** diff --git a/dev-java/fop/fop-2.10.ebuild b/dev-java/fop/fop-2.10.ebuild new file mode 100644 index 000000000000..0b0835b224f5 --- /dev/null +++ b/dev-java/fop/fop-2.10.ebuild @@ -0,0 +1,211 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +JAVA_PKG_IUSE="doc source test" +MAVEN_ID="org.apache.xmlgraphics:fop:${PV}" +JAVA_TESTING_FRAMEWORKS="junit-4" + +inherit java-pkg-2 java-pkg-simple verify-sig + +DESCRIPTION="XML Graphics Format Object Processor All-In-One" +HOMEPAGE="https://xmlgraphics.apache.org/fop/"; +SRC_URI=" + mirror://apache/xmlgraphics/fop/source/${P}-src.tar.gz + https://dev.gentoo.org/~fordfrog/distfiles/fop-2.10-jars.tar.xz + verify-sig? ( https://downloads.apache.org/xmlgraphics/fop/source/${P}-src.tar.gz.asc ) + test? ( https://repo1.maven.org/maven2/net/sf/offo/fop-hyph/2.0/fop-hyph-2.0.jar ) +" +S="${WORKDIR}/${P}" + +LICENSE="Apache-2.0" +SLOT="2.8" +KEYWORDS="~amd64 ~arm64 ~ppc64" + +VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/xmlgraphics-fop.apache.org.asc" + +BDEPEND=" + dev-java/xalan:0 + verify-sig? ( sec-keys/openpgp-keys-apache-xmlgraphics-fop ) +" + +CP_DEPEND=" + >=dev-java/ant-1.10.14-r3:0 + dev-java/batik:0 + dev-java/bcprov:0 + dev-java/bcpkix:0 + dev-java/commons-io:1 + dev-java/commons-logging:0 + dev-java/fontbox:0 + dev-java/jakarta-servlet-api:6.1 + dev-java/qdox:1.12 + dev-java/sun-jai-bin:0 + dev-java/xmlgraphics-commons:0 +" + +DEPEND=" + ${CP_DEPEND} + >=virtual/jdk-1.8:* + test? ( + dev-java/mockito:2 + dev-java/pdfbox:0 + dev-java/xmlunit:1 + ) +" + +RDEPEND=" + ${CP_DEPEND} + >=virtual/jre-1.8:* +" + +DOCS=( NOTICE README ) + +PATCHES=( + "${FILESDIR}/fop-2.9-PDFEncodingTestCase.patch" + "${FILESDIR}/fop-2.10-java23.patch" +) + +src_unpack() { + if use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${P}-src.tar.gz{,.asc} + fi + default +} + +src_prepare() { + java-pkg_clean + default #780585 + java-pkg-2_src_prepare +} + +src_compile() { + # while ant could install multiple jar files we only need ant.jar + JAVA_GENTOO_CLASSPATH_EXTRA=":$(java-pkg_getjar ant ant.jar)" + + JAVA_JAR_FILENAME="fop-util.jar" + JAVA_SRC_DIR="fop-util/src/main/java" + java-pkg-simple_src_compile + JAVA_GENTOO_CLASSPATH_EXTRA+=":fop-util.jar" + rm -r target || die + + JAVA_JAR_FILENAME="fop-events.jar" + JAVA_RESOURCE_DIRS="fop-events/src/main/resources" + JAVA_SRC_DIR="fop-events/src/main/java" + java-pkg-simple_src_compile + JAVA_GENTOO_CLASSPATH_EXTRA+=":fop-events.jar" + rm -r target || die + + JAVA_JAR_FILENAME="fop-core.jar" + JAVA_MAIN_CLASS=$( sed -n 's:.*<mainClass>\(.*\)</mainClass>:\1:p' fop-core/pom.xml ) + JAVA_RESOURCE_DIRS="fop-core/src/main/resources" + JAVA_SRC_DIR="fop-core/src/main/java" + # Code generation according to + # https://github.com/apache/xmlgraphics-fop/blob/fop-2_8/fop-core/pom.xml#L156-L225 + pushd fop-core/src/main/codegen/fonts > /dev/null || die + local fonts=$(find . -name "Courier*.xml" \ + -o -name "Helvetica*.xml" \ + -o -name "Times*.xml" \ + -o -name "Symbol.xml" \ + -o -name "ZapfDingbats.xml" + ) + for font in ${fonts}; do \ + xalan -XSLTC \ + -IN $font \ + -XSL font-file.xsl \ + -OUT ../../java/org/apache/fop/fonts/base14/${font//.xml}.java || die + done + xalan -XSLTC \ + -IN encodings.xml \ + -XSL code-point-mapping.xsl \ + -OUT ../../java/org/apache/fop/fonts/base14/CodePointMapping.java || die + popd > /dev/null || die + + # Update JAVA_RESOURCE_DIRS with "event-mode.xml" files + # produced manually by running "mvn package". + # Upstream does this with maven-antrun-plugin, fop-core/pom.xml lines 285-308 + pushd "${JAVA_RESOURCE_DIRS}" > /dev/null || die + jar -xf "${WORKDIR}/fop-2.10-core-event-models.jar" + popd > /dev/null || die + +# einfo "Code generation according to fop-events/pom.xml lines 80-92" +# mkdir -p test/java || die +# mkdir -p fop-core/target/classes || die +# local cp=fop-events.jar:"$(java-pkg_getjar ant ant.jar):$(java-pkg_getjars qdox-1.12)" +# "$(java-config -J)" -cp "${cp}" \ +# org.apache.fop.eventtools.EventProducerCollectorTask \ +# fop-core/target/classes \ +# fop-core/src/main/java/org/apache/fop/afp/AFPEventProducer.java || die + + java-pkg-simple_src_compile + + rm -r target || die + + if use doc; then \ + JAVA_SRC_DIR=( + "fop-util/src/main/java" + "fop-events/src/main/java" + "fop-core/src/main/java" + ) + JAVA_JAR_FILENAME="ignoreme.jar" + java-pkg-simple_src_compile + fi +} + +src_test() { + JAVA_TEST_GENTOO_CLASSPATH="junit-4,mockito-2,pdfbox,xmlunit-1" + + einfo "Testing fop-events" + JAVA_TEST_EXCLUDES="org.apache.fop.events.TestEventProducer" + JAVA_TEST_SRC_DIR="fop-events/src/test/java" + # This jar file was created manually from the output of "mvn test". + # Upstream does this with maven-antrun-plugin + jar -xf "${WORKDIR}/fop-2.10-test-event-model.jar" || die + mkdir generated-test || die + mv {target/test-classes,generated-test}/org || die + java-pkg-simple_src_test + + einfo "Testing fop-core" + pushd fop-core/src/test/java > /dev/null || die + # Excluding one test, see https://bugs.gentoo.org/903880 + local JAVA_TEST_RUN_ONLY=$(find * -type f \ + -name "*TestCase.java" \ + ) + JAVA_TEST_RUN_ONLY="${JAVA_TEST_RUN_ONLY//.java}" + JAVA_TEST_RUN_ONLY="${JAVA_TEST_RUN_ONLY//\//.}" + local vm_version="$(java-config -g PROVIDES_VERSION)" + # these tests would fail with java.lang.NoSuchMethodError if compiled with jdk-1.8 + if ver_test "${vm_version}" -eq "1.8"; then + JAVA_TEST_RUN_ONLY=${JAVA_TEST_RUN_ONLY//org.apache.fop.render.pdf.PDFEncodingTestCase} + JAVA_TEST_RUN_ONLY=${JAVA_TEST_RUN_ONLY//org.apache.fop.fonts.truetype.OTFToType1TestCase} +# org.apache.fop.render.pdf.PDFEncodingTestCase +# org.apache.fop.fonts.truetype.OTFToType1TestCase + fi + popd > /dev/null || die + # https://github.com/apache/xmlgraphics-fop/blob/fop-2_8/fop-core/pom.xml#L297-L307 + # <workingDirectory>../fop</workingDirectory> + pushd fop > /dev/null || die + JAVA_GENTOO_CLASSPATH_EXTRA="${DISTDIR}/fop-hyph-2.0.jar" + JAVA_GENTOO_CLASSPATH_EXTRA+=":../fop-util.jar" + JAVA_GENTOO_CLASSPATH_EXTRA+=":../fop-events.jar" + JAVA_GENTOO_CLASSPATH_EXTRA+=":../fop-core.jar" + JAVA_TEST_RESOURCE_DIRS="../fop-core/src/test/resources" + JAVA_TEST_SRC_DIR="../fop-core/src/test/java" + java-pkg-simple_src_test + popd > /dev/null || die +} + +src_install() { + local module + for module in fop-util fop-events fop-core ; do + java-pkg_dojar "${module}.jar" + if use source; then + java-pkg_dosrc "${module}/src/main/java/*" + fi + done + if use doc; then + java-pkg_dojavadoc target/api + fi + java-pkg_dolauncher "fop-${SLOT}" --main "org.apache.fop.cli.Main" + einstalldocs +}
