subject:"bug#68333\: Time bomb in icedtea\/openjdk"

bug#68333: Time bomb in icedtea/openjdk

2024-01-18 Thread Simon Tournier

Hi,

Thanks all for the quick fix.

Well, I am asking here but maybe such discussion would deserve its own
thread on guix-devel. :-)

On mer., 10 janv. 2024 at 15:35, Ludovic Courtès  wrote:

> Thanks for the quick investigation and patch!  I just realized that this
> affects current ‘master’ so we’d rather fix it soon.
>
> What do you think of the attached patch?  The difference is that it
> patches code at its root (in the actual source tarball rather than after
> it’s been copied), it does so for IcedTea 7 and 8, and there are patch
> files that are slightly clearer than a substitution pattern.

This fixes the future but not the past.  Hum, headache with guix
time-machine?  :-)

The question is twofold:

 1. Do we document that some Java stack is broken for “guix
time-machine”?  Other said, have we an evaluation about which Guix
revisions are broken for the stack of Java?

 2. Do we provide a “transformation” for fixing such break?  Something
that rewrite on the fly the origin for patching it; accessible only
via manifest.

WDYT?

Cheers,
simon

bug#68333: Time bomb in icedtea/openjdk

2024-01-10 Thread Rostislav Svoboda

Hi,

> What do you think of the attached patch?  The difference is that it
> patches code at its root (in the actual source tarball rather than after
> it’s been copied), it does so for IcedTea 7 and 8, and there are patch
> files that are slightly clearer than a substitution pattern.

That's clearly a much better solution than that substitution pattern of mine.

Besides, I missed the path difference:
  jdk-3.19.0-2d5d2c77faa3:
/make/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java
  jdk-2.6.13-68b6bb380175:
/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java

Speaking of which, I'd go for e.g.:
  jdk-3.19.0-currency-time-bomb.patch
  jdk-2.6.13-currency-time-bomb.patch
instead of:
  jdk-currency-time-bomb.patch
  jdk-currency-time-bomb2.patch

Yeah naming is hard ;-)

Also, changing the error string from:
  time is more than 10 years from present
to:
  time is more than 10 years from \"present\"

i.e. adding double quotes will slightly complicate googling for that
error message in the future.

> Pushed as 5c0f77f4241c9beac0c82deae946bfdc70b49ff0.

Thanks

> Let’s hope there’s no similar time bomb elsewhere in the Java stack.

I'm looking nd... I haven't found anything so far.

Cheers Bost

bug#68333: Time bomb in icedtea/openjdk

2024-01-10 Thread Ludovic Courtès

Ludovic Courtès  skribis:

>>From 92561a776ad88eb73034948beedbe9e6be4077b4 Mon Sep 17 00:00:00 2001
> Message-ID: 
> <92561a776ad88eb73034948beedbe9e6be4077b4.1704897216.git.l...@gnu.org>
> From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= 
> Date: Wed, 10 Jan 2024 15:27:47 +0100
> Subject: [PATCH] =?UTF-8?q?gnu:=20icedtea:=20Fix=20time=20bomb=20in=20?=
>  =?UTF-8?q?=E2=80=98GenerateCurrencyData.java=E2=80=99.?=
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
>
> Fixes .
>
> * gnu/packages/java.scm (icedtea-7)[drop]: Add optional ‘patches’
> parameter and honor it.
> [native-inputs]: Add patch for “jdk-drop”.
> (icedtea-8): Likewise.
> * gnu/packages/patches/jdk-currency-time-bomb.patch,
> gnu/packages/patches/jdk-currency-time-bomb2.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.
>
> Change-Id: I3b4cf562ce4bedb87ce0e7c289e431fbb0dbb6f8

Pushed as 5c0f77f4241c9beac0c82deae946bfdc70b49ff0.

Let’s hope there’s no similar time bomb elsewhere in the Java stack.

Thanks again,
Ludo’.

bug#68333: Time bomb in icedtea/openjdk

2024-01-10 Thread Ludovic Courtès

Hi,

Rostislav Svoboda  skribis:

> From 1e86e32825a5025b4ef439e7f678143416f622b5 Mon Sep 17 00:00:00 2001
> Message-ID: 
> <1e86e32825a5025b4ef439e7f678143416f622b5.1704815654.git.rostislav.svob...@gmail.com>
> From: Rostislav Svoboda 
> Date: Tue, 9 Jan 2024 14:08:02 +0100
> Subject: [PATCH] gnu: Fix time bomb preventing build of icedtea.
>
> Fixes .
>
> Fixes time bomb preventing build of icedtea by patching the java source code
> so that the java-RuntimeException is not thrown when 'more than 10 years ago'
> condition is true.
>
> * gnu/packages/java.scm (icedtea): Patch java source code so that the
> offending line is commented out.
>
> Change-Id: I4861ee2ffc5aaffb6a9244110d222ae64bfbdf94

Thanks for the quick investigation and patch!  I just realized that this
affects current ‘master’ so we’d rather fix it soon.

What do you think of the attached patch?  The difference is that it
patches code at its root (in the actual source tarball rather than after
it’s been copied), it does so for IcedTea 7 and 8, and there are patch
files that are slightly clearer than a substitution pattern.

It’s still building on my machine but if it works for everyone, I’d like
to push as soon as I got it built.

Ludo’.

>From 92561a776ad88eb73034948beedbe9e6be4077b4 Mon Sep 17 00:00:00 2001
Message-ID: <92561a776ad88eb73034948beedbe9e6be4077b4.1704897216.git.l...@gnu.org>
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= 
Date: Wed, 10 Jan 2024 15:27:47 +0100
Subject: [PATCH] =?UTF-8?q?gnu:=20icedtea:=20Fix=20time=20bomb=20in=20?=
 =?UTF-8?q?=E2=80=98GenerateCurrencyData.java=E2=80=99.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes .

* gnu/packages/java.scm (icedtea-7)[drop]: Add optional ‘patches’
parameter and honor it.
[native-inputs]: Add patch for “jdk-drop”.
(icedtea-8): Likewise.
* gnu/packages/patches/jdk-currency-time-bomb.patch,
gnu/packages/patches/jdk-currency-time-bomb2.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.

Change-Id: I3b4cf562ce4bedb87ce0e7c289e431fbb0dbb6f8
---
 gnu/local.mk |  2 ++
 gnu/packages/java.scm| 16 ++--
 .../patches/jdk-currency-time-bomb.patch | 13 +
 .../patches/jdk-currency-time-bomb2.patch| 13 +
 4 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 gnu/packages/patches/jdk-currency-time-bomb.patch
 create mode 100644 gnu/packages/patches/jdk-currency-time-bomb2.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 16a34065c6..22970932e9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1478,6 +1478,8 @@ dist_patch_DATA =		\
   %D%/packages/patches/java-xerces-build_dont_unzip.patch	\
   %D%/packages/patches/java-xerces-xjavac_taskdef.patch	\
   %D%/packages/patches/jbr-17-xcursor-no-dynamic.patch	\
+  %D%/packages/patches/jdk-currency-time-bomb.patch		\
+  %D%/packages/patches/jdk-currency-time-bomb2.patch		\
   %D%/packages/patches/jfsutils-add-sysmacros.patch		\
   %D%/packages/patches/jfsutils-gcc-compat.patch		\
   %D%/packages/patches/jfsutils-include-systypes.patch		\
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index e2c2a041a9..ded73bc461 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -100,13 +100,14 @@ (define-module (gnu packages java)
 
 (define-public icedtea-7
   (let* ((version "2.6.13")
- (drop (lambda (name hash)
+ (drop (lambda* (name hash #:optional (patches '()))
  (origin
(method url-fetch)
(uri (string-append
  "http://icedtea.classpath.org/download/drops;
  "/icedtea7/" version "/" name ".tar.bz2"))
-   (sha256 (base32 hash))
+   (sha256 (base32 hash))
+   (patches patches)
 (package
   (name "icedtea")
   (version version)
@@ -614,7 +615,8 @@ (define-public icedtea-7
  "110j7jlz47x2gg6f7653x12mssan5kvj9l9h1m1c8c92drfxbqyk"))
  ("jdk-drop"
   ,(drop "jdk"
- "0d1mca38ksxvdskp9im3pp7fdijhj1n3lwq9w13r9s4v3qyskgdd"))
+ "0d1mca38ksxvdskp9im3pp7fdijhj1n3lwq9w13r9s4v3qyskgdd"
+ (search-patches "jdk-currency-time-bomb.patch")))
  ("langtools-drop"
   ,(drop "langtools"
  "0nq5236fzxn3p6x8cgncl56mzcmsj07q9gymysnws4c8byc6n0qj"))
@@ -687,13 +689,14 @@ (define-public icedtea-7
 
 (define-public icedtea-8
   (let* ((version "3.19.0")
- (drop (lambda (name hash)
+ (drop (lambda* (name hash #:optional (patches '()))
  (origin
(method url-fetch)
(uri (string-append
  "http://icedtea.classpath.org/download/drops;
  "/icedtea8/" version "/" name ".tar.xz"))
-

bug#68333: Time bomb in icedtea/openjdk

2024-01-09 Thread Rostislav Svoboda

> I couldn’t find ‘GenerateCurrencyData.java’ though, not sure where it lives.

bost@ecke /tmp/guix-build-icedtea-2.6.13.drv-0$ fd GenerateCurrencyData.java
icedtea-2.6.13/openjdk/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
icedtea-2.6.13/openjdk-boot/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
icedtea-2.6.13/openjdk.src/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java

bost@ecke /tmp/guix-build-icedtea-2.6.13.drv-0$ fd
GenerateCurrencyData.java | xargs sha1sum
e819f2a934acca80a8eee42434459c70ad1bbf76
icedtea-2.6.13/openjdk/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
e819f2a934acca80a8eee42434459c70ad1bbf76
icedtea-2.6.13/openjdk-boot/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
e819f2a934acca80a8eee42434459c70ad1bbf76
icedtea-2.6.13/openjdk.src/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java

bost@ecke /tmp/guix-build-icedtea-2.6.13.drv-0$ rg -N -B 30 -A 12
'time is more than 10 years from present'
icedtea-2.6.13/openjdk.src/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
private static int makeSpecialCaseEntry(String currencyInfo)
throws Exception {
Integer oldEntry = specialCaseMap.get(currencyInfo);
if (oldEntry != null) {
return oldEntry.intValue();
}
if (specialCaseCount == maxSpecialCases) {
throw new RuntimeException("too many special cases");
}
if (currencyInfo.length() == 3) {
checkCurrencyCode(currencyInfo);
specialCaseCutOverTimes[specialCaseCount] = Long.MAX_VALUE;
specialCaseOldCurrencies[specialCaseCount] = currencyInfo;
specialCaseOldCurrenciesDefaultFractionDigits[specialCaseCount]
= getDefaultFractionDigits(currencyInfo);
specialCaseOldCurrenciesNumericCode[specialCaseCount] =
getNumericCode(currencyInfo);
specialCaseNewCurrencies[specialCaseCount] = null;
specialCaseNewCurrenciesDefaultFractionDigits[specialCaseCount] = 0;
specialCaseNewCurrenciesNumericCode[specialCaseCount] = 0;
} else {
int length = currencyInfo.length();
if (currencyInfo.charAt(3) != ';' ||
currencyInfo.charAt(length - 4) != ';') {
throw new RuntimeException("invalid currency info: " +
currencyInfo);
}
String oldCurrency = currencyInfo.substring(0, 3);
String newCurrency = currencyInfo.substring(length - 3, length);
checkCurrencyCode(oldCurrency);
checkCurrencyCode(newCurrency);
String timeString = currencyInfo.substring(4, length - 4);
long time = format.parse(timeString).getTime();
if (Math.abs(time - System.currentTimeMillis()) > ((long)
10) * 365 * 24 * 60 * 60 * 1000) {
throw new RuntimeException("time is more than 10 years
from present: " + time);
}
specialCaseCutOverTimes[specialCaseCount] = time;
specialCaseOldCurrencies[specialCaseCount] = oldCurrency;
specialCaseOldCurrenciesDefaultFractionDigits[specialCaseCount]
= getDefaultFractionDigits(oldCurrency);
specialCaseOldCurrenciesNumericCode[specialCaseCount] =
getNumericCode(oldCurrency);
specialCaseNewCurrencies[specialCaseCount] = newCurrency;
specialCaseNewCurrenciesDefaultFractionDigits[specialCaseCount]
= getDefaultFractionDigits(newCurrency);
specialCaseNewCurrenciesNumericCode[specialCaseCount] =
getNumericCode(newCurrency);
}
specialCaseMap.put(currencyInfo, new Integer(specialCaseCount));
return specialCaseCount++;
}

bug#68333: Time bomb in icedtea/openjdk

2024-01-09 Thread Ludovic Courtès

Hello!

Julien Lepiller  skribis:

> There seems to be a time bomb in icedtea@2 and openjdk@9. while
> building it:
>
> Error: time is more than 10 years from present: 138852720
> java.lang.RuntimeException: time is more than 10 years from present:
> 138852720 at
> build.tools.generatecurrencydata.GenerateCurrencyData.makeSpecialCaseEntry(GenerateCurrencyData.java:288)
> at
> build.tools.generatecurrencydata.GenerateCurrencyData.buildMainAndSpecialCaseTables(GenerateCurrencyData.java:227)
> at
> build.tools.generatecurrencydata.GenerateCurrencyData.main(GenerateCurrencyData.java:158)
>
> I managed to work around that by setting the date back, but we should
> investigate and fix it. icedtea@3 doesn't seem to be affected.

Confirmed:

  https://guix.bordeaux.inria.fr/build/432486/log

This is with Guix commit 7a7c8920aeddaf9ab8d68c572780bc34b404711b.

I couldn’t find ‘GenerateCurrencyData.java’ though, not sure where it
lives.

Ludo’.

bug#68333: Time bomb in icedtea/openjdk

2024-01-08 Thread Julien Lepiller

Hi Guix!

There seems to be a time bomb in icedtea@2 and openjdk@9. while
building it:

Error: time is more than 10 years from present: 138852720
java.lang.RuntimeException: time is more than 10 years from present:
138852720 at
build.tools.generatecurrencydata.GenerateCurrencyData.makeSpecialCaseEntry(GenerateCurrencyData.java:288)
at
build.tools.generatecurrencydata.GenerateCurrencyData.buildMainAndSpecialCaseTables(GenerateCurrencyData.java:227)
at
build.tools.generatecurrencydata.GenerateCurrencyData.main(GenerateCurrencyData.java:158)

I managed to work around that by setting the date back, but we should
investigate and fix it. icedtea@3 doesn't seem to be affected.

bug#68333: Time bomb in icedtea/openjdk

bug#68333: Time bomb in icedtea/openjdk

bug#68333: Time bomb in icedtea/openjdk

bug#68333: Time bomb in icedtea/openjdk

bug#68333: Time bomb in icedtea/openjdk

bug#68333: Time bomb in icedtea/openjdk

bug#68333: Time bomb in icedtea/openjdk

7 matches

Site Navigation

Mail list logo

Footer information