Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException
Am 04.03.2016 um 14:40 schrieb tony mancill: [...] >> Hi tony, >> >> I can upload a new revision of bsh with this change later. I'm just wondering >> why we need to use java.io.ObjectStreamException and >> java.io.NotSerializableException explicitly because these classes are already >> imported in bsh's XThis.java. >> >> import java.io.*; >> >> Anyway it doesn't change the intention of the patch and should be safe. > > Hi Markus, > > I ask myself that same question, and intend to look it up. Perhaps > because it's a nested inner class of XThis? > > But one of the clues was that the original code specified the full class > name for java.io.Serializable and not just Serializable. > > I agree that it shouldn't affect the intention of patch and should be > safe, but it is a bit puzzling. I have just uploaded bsh with this change. Cheers, Markus signature.asc Description: OpenPGP digital signature
Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException
On Thu, 03. Mar 22:30 tony mancillwrote: > On 03/03/2016 12:49 PM, Markus Koschany wrote: > > Am 03.03.2016 um 05:03 schrieb tony mancill: > >> Control: -1 tag + confirmed > >> Control: -1 owner tmanc...@debian.org > >> > >> On 02/29/2016 11:05 PM, Chris Lamb wrote: > >>> Source: jedit > >>> Version: 5.3.0+dfsg-1 > >>> Severity: serious > >>> Justification: fails to build from source > >> > >>> [javac] > >>> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128: > >>> error: cannot find symbol > >>> [javac] throw new NotSerializableException(); > >> > >> Thanks for the bug report. Looks like we have a bit of porting for the > >> latest bsh upload. > >> > > > > Sorry for the inconvenience. If there is more involved than importing > > the missing class, please let me know and I try to fix it. > > Hi Markus, > > No inconvenience at all. The issue seems to be with the upstream patch > for CVE-2016-2510, which drops the java.io.Serializable interface from > the InvocationHandler, but then references the ObjectStreamException and > NotSerializableException classes that package. > > I was able to get things working for jedit by applying the following > patch (also attached), building a new bsh-src package locally, and using > that for the jedit build. > > > diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch > > bsh-2.0b4/debian/patches/CVE-2016-2510.patch > > --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-02 > > 20:24:07.0 -0800 > > +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-03 > > 22:10:57.0 -0800 > > @@ -35,8 +35,8 @@ > > - class Handler implements InvocationHandler, java.io.Serializable > > + class Handler implements InvocationHandler > > { > > -+ private Object readResolve() throws ObjectStreamException { > > -+ throw new NotSerializableException(); > > ++ private Object readResolve() throws > > java.io.ObjectStreamException { > > ++ throw new java.io.NotSerializableException(); > > + } > > + > > So, if you're okay with the patch, could you apply it and upload an > updated bsh? Or do you mind if I do? Hi tony, I can upload a new revision of bsh with this change later. I'm just wondering why we need to use java.io.ObjectStreamException and java.io.NotSerializableException explicitly because these classes are already imported in bsh's XThis.java. import java.io.*; Anyway it doesn't change the intention of the patch and should be safe. Cheers, Markus signature.asc Description: Digital signature
Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException
On 03/04/2016 12:24 AM, Markus Koschany wrote: > On Thu, 03. Mar 22:30 tony mancillwrote: >>> diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch >>> bsh-2.0b4/debian/patches/CVE-2016-2510.patch >>> --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-02 >>> 20:24:07.0 -0800 >>> +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-03 >>> 22:10:57.0 -0800 >>> @@ -35,8 +35,8 @@ >>> - class Handler implements InvocationHandler, java.io.Serializable >>> + class Handler implements InvocationHandler >>> { >>> -+ private Object readResolve() throws ObjectStreamException { >>> -+ throw new NotSerializableException(); >>> ++ private Object readResolve() throws >>> java.io.ObjectStreamException { >>> ++ throw new java.io.NotSerializableException(); >>> + } >>> + >> >> So, if you're okay with the patch, could you apply it and upload an >> updated bsh? Or do you mind if I do? > > Hi tony, > > I can upload a new revision of bsh with this change later. I'm just wondering > why we need to use java.io.ObjectStreamException and > java.io.NotSerializableException explicitly because these classes are already > imported in bsh's XThis.java. > > import java.io.*; > > Anyway it doesn't change the intention of the patch and should be safe. Hi Markus, I ask myself that same question, and intend to look it up. Perhaps because it's a nested inner class of XThis? But one of the clues was that the original code specified the full class name for java.io.Serializable and not just Serializable. I agree that it shouldn't affect the intention of patch and should be safe, but it is a bit puzzling. Thank you, tony P.S. I'm leaving you on the cc: because my MX is having some issues with bugs.debian.org at the moment. Sorry if you get duplicates. signature.asc Description: OpenPGP digital signature
Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException
On 03/03/2016 12:49 PM, Markus Koschany wrote: > Am 03.03.2016 um 05:03 schrieb tony mancill: >> Control: -1 tag + confirmed >> Control: -1 owner tmanc...@debian.org >> >> On 02/29/2016 11:05 PM, Chris Lamb wrote: >>> Source: jedit >>> Version: 5.3.0+dfsg-1 >>> Severity: serious >>> Justification: fails to build from source >> >>> [javac] >>> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128: >>> error: cannot find symbol >>> [javac] throw new NotSerializableException(); >> >> Thanks for the bug report. Looks like we have a bit of porting for the >> latest bsh upload. >> > > Sorry for the inconvenience. If there is more involved than importing > the missing class, please let me know and I try to fix it. Hi Markus, No inconvenience at all. The issue seems to be with the upstream patch for CVE-2016-2510, which drops the java.io.Serializable interface from the InvocationHandler, but then references the ObjectStreamException and NotSerializableException classes that package. I was able to get things working for jedit by applying the following patch (also attached), building a new bsh-src package locally, and using that for the jedit build. > diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch > bsh-2.0b4/debian/patches/CVE-2016-2510.patch > --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch 2016-03-02 > 20:24:07.0 -0800 > +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch 2016-03-03 > 22:10:57.0 -0800 > @@ -35,8 +35,8 @@ > -class Handler implements InvocationHandler, java.io.Serializable > +class Handler implements InvocationHandler > { > -+private Object readResolve() throws ObjectStreamException { > -+throw new NotSerializableException(); > ++private Object readResolve() throws > java.io.ObjectStreamException { > ++throw new java.io.NotSerializableException(); > +} > + So, if you're okay with the patch, could you apply it and upload an updated bsh? Or do you mind if I do? Cheers, tony diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch bsh-2.0b4/debian/patches/CVE-2016-2510.patch --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch 2016-03-02 20:24:07.0 -0800 +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch 2016-03-03 22:10:57.0 -0800 @@ -35,8 +35,8 @@ - class Handler implements InvocationHandler, java.io.Serializable + class Handler implements InvocationHandler { -+ private Object readResolve() throws ObjectStreamException { -+ throw new NotSerializableException(); ++ private Object readResolve() throws java.io.ObjectStreamException { ++ throw new java.io.NotSerializableException(); + } + signature.asc Description: OpenPGP digital signature
Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException
Am 03.03.2016 um 05:03 schrieb tony mancill: > Control: -1 tag + confirmed > Control: -1 owner tmanc...@debian.org > > On 02/29/2016 11:05 PM, Chris Lamb wrote: >> Source: jedit >> Version: 5.3.0+dfsg-1 >> Severity: serious >> Justification: fails to build from source > >> [javac] >> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128: >> error: cannot find symbol >> [javac]throw new NotSerializableException(); > > Thanks for the bug report. Looks like we have a bit of porting for the > latest bsh upload. > Sorry for the inconvenience. If there is more involved than importing the missing class, please let me know and I try to fix it. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException
Control: -1 tag + confirmed Control: -1 owner tmanc...@debian.org On 02/29/2016 11:05 PM, Chris Lamb wrote: > Source: jedit > Version: 5.3.0+dfsg-1 > Severity: serious > Justification: fails to build from source > [javac] > /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128: > error: cannot find symbol > [javac] throw new NotSerializableException(); Thanks for the bug report. Looks like we have a bit of porting for the latest bsh upload. tony
Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException
Source: jedit Version: 5.3.0+dfsg-1 Severity: serious Justification: fails to build from source User: reproducible-bui...@lists.alioth.debian.org Usertags: ftbfs X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org Dear Maintainer, jedit fails to build from source in unstable/amd64: [..] [javac] /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/Primitive.java:75: warning: [unchecked] unchecked call to put(K,V) as a member of the raw type Hashtable [javac] wrapperMap.put( Boolean.TYPE, Boolean.class ); [javac] ^ [javac] where K,V are type-variables: [javac] K extends Object declared in class Hashtable [javac] V extends Object declared in class Hashtable [javac] /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/Primitive.java:76: warning: [unchecked] unchecked call to put(K,V) as a member of the raw type Hashtable [javac] wrapperMap.put( Byte.TYPE, Byte.class ); [javac] ^ [javac] where K,V are type-variables: [javac] K extends Object declared in class Hashtable [javac] V extends Object declared in class Hashtable [javac] /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/Primitive.java:77: warning: [unchecked] unchecked call to put(K,V) as a member of the raw type Hashtable [javac] wrapperMap.put( Short.TYPE, Short.class ); [javac] ^ [javac] where K,V are type-variables: [javac] K extends Object declared in class Hashtable [javac] V extends Object declared in class Hashtable [javac] /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128: error: cannot find symbol [javac] throw new NotSerializableException(); [javac] ^ [javac] symbol: class NotSerializableException [javac] location: class XThis.Handler [javac] Note: Some input files additionally use or override a deprecated API. [javac] Note: Some input files additionally use unchecked or unsafe operations. [javac] 2 errors [javac] 100 warnings BUILD FAILED /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/build.xml:231: Compile failed; see the compiler error output for details. Total time: 5 seconds debian/rules:26: recipe for target 'override_dh_auto_build' failed make[1]: *** [override_dh_auto_build] Error 1 make[1]: Leaving directory '/home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg' debian/rules:12: recipe for target 'build' failed make: *** [build] Error 2 [..] The full build log is attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- jedit.5.3.0+dfsg-1.unstable.amd64.log.txt.gz Description: Binary data