Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

2016-03-04 Thread Markus Koschany 
Am 04.03.2016 um 14:40 schrieb tony mancill:
[...]
>> Hi tony,
>>
>> I can upload a new revision of bsh with this change later. I'm just wondering
>> why we need to use java.io.ObjectStreamException and
>> java.io.NotSerializableException explicitly because these classes are already
>> imported in bsh's XThis.java.
>>
>> import java.io.*;
>>
>> Anyway it doesn't change the intention of the patch and should be safe.
> 
> Hi Markus,
> 
> I ask myself that same question, and intend to look it up.  Perhaps
> because it's a nested inner class of XThis?
> 
> But one of the clues was that the original code specified the full class
> name for java.io.Serializable and not just Serializable.
> 
> I agree that it shouldn't affect the intention of patch and should be
> safe, but it is a bit puzzling.

I have just uploaded bsh with this change.

Cheers,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

2016-03-04 Thread Markus Koschany 
On Thu, 03. Mar 22:30 tony mancill  wrote:
> On 03/03/2016 12:49 PM, Markus Koschany wrote:
> > Am 03.03.2016 um 05:03 schrieb tony mancill:
> >> Control: -1 tag  + confirmed
> >> Control: -1 owner tmanc...@debian.org
> >>
> >> On 02/29/2016 11:05 PM, Chris Lamb wrote:
> >>> Source: jedit
> >>> Version: 5.3.0+dfsg-1
> >>> Severity: serious
> >>> Justification: fails to build from source
> >>
> >>>   [javac] 
> >>> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128:
> >>>  error: cannot find symbol
> >>>   [javac] throw new NotSerializableException();
> >>
> >> Thanks for the bug report.  Looks like we have a bit of porting for the
> >> latest bsh upload.
> >>
> >
> > Sorry for the inconvenience. If there is more involved than importing
> > the missing class, please let me know and I try to fix it.
>
> Hi Markus,
>
> No inconvenience at all. The issue seems to be with the upstream patch
> for CVE-2016-2510, which drops the java.io.Serializable interface from
> the InvocationHandler, but then references the ObjectStreamException and
> NotSerializableException classes that package.
>
> I was able to get things working for jedit by applying the following
> patch (also attached), building a new bsh-src package locally, and using
> that for the jedit build.
>
> > diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch 
> > bsh-2.0b4/debian/patches/CVE-2016-2510.patch
> > --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-02 
> > 20:24:07.0 -0800
> > +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-03 
> > 22:10:57.0 -0800
> > @@ -35,8 +35,8 @@
> >  -  class Handler implements InvocationHandler, java.io.Serializable
> >  +  class Handler implements InvocationHandler
> > {
> > -+  private Object readResolve() throws ObjectStreamException {
> > -+  throw new NotSerializableException();
> > ++  private Object readResolve() throws 
> > java.io.ObjectStreamException {
> > ++  throw new java.io.NotSerializableException();
> >  +  }
> >  +
>
> So, if you're okay with the patch, could you apply it and upload an
> updated bsh?  Or do you mind if I do?

Hi tony,

I can upload a new revision of bsh with this change later. I'm just wondering
why we need to use java.io.ObjectStreamException and
java.io.NotSerializableException explicitly because these classes are already
imported in bsh's XThis.java.

import java.io.*;

Anyway it doesn't change the intention of the patch and should be safe.

Cheers,

Markus



signature.asc
Description: Digital signature

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

2016-03-04 Thread tony mancill 
On 03/04/2016 12:24 AM, Markus Koschany wrote:
> On Thu, 03. Mar 22:30 tony mancill  wrote:
>>> diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch 
>>> bsh-2.0b4/debian/patches/CVE-2016-2510.patch
>>> --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-02 
>>> 20:24:07.0 -0800
>>> +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-03 
>>> 22:10:57.0 -0800
>>> @@ -35,8 +35,8 @@
>>>  -  class Handler implements InvocationHandler, java.io.Serializable
>>>  +  class Handler implements InvocationHandler
>>> {
>>> -+  private Object readResolve() throws ObjectStreamException {
>>> -+  throw new NotSerializableException();
>>> ++  private Object readResolve() throws 
>>> java.io.ObjectStreamException {
>>> ++  throw new java.io.NotSerializableException();
>>>  +  }
>>>  +
>>
>> So, if you're okay with the patch, could you apply it and upload an
>> updated bsh?  Or do you mind if I do?
> 
> Hi tony,
> 
> I can upload a new revision of bsh with this change later. I'm just wondering
> why we need to use java.io.ObjectStreamException and
> java.io.NotSerializableException explicitly because these classes are already
> imported in bsh's XThis.java.
> 
> import java.io.*;
> 
> Anyway it doesn't change the intention of the patch and should be safe.

Hi Markus,

I ask myself that same question, and intend to look it up.  Perhaps
because it's a nested inner class of XThis?

But one of the clues was that the original code specified the full class
name for java.io.Serializable and not just Serializable.

I agree that it shouldn't affect the intention of patch and should be
safe, but it is a bit puzzling.

Thank you,
tony

P.S.  I'm leaving you on the cc: because my MX is having some issues
with bugs.debian.org at the moment.  Sorry if you get duplicates.



signature.asc
Description: OpenPGP digital signature

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

2016-03-04 Thread tony mancill 
On 03/03/2016 12:49 PM, Markus Koschany wrote:
> Am 03.03.2016 um 05:03 schrieb tony mancill:
>> Control: -1 tag  + confirmed
>> Control: -1 owner tmanc...@debian.org
>>
>> On 02/29/2016 11:05 PM, Chris Lamb wrote:
>>> Source: jedit
>>> Version: 5.3.0+dfsg-1
>>> Severity: serious
>>> Justification: fails to build from source
>>
>>>   [javac] 
>>> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128:
>>>  error: cannot find symbol
>>>   [javac]   throw new NotSerializableException();
>>
>> Thanks for the bug report.  Looks like we have a bit of porting for the
>> latest bsh upload.
>>
> 
> Sorry for the inconvenience. If there is more involved than importing
> the missing class, please let me know and I try to fix it.

Hi Markus,

No inconvenience at all. The issue seems to be with the upstream patch
for CVE-2016-2510, which drops the java.io.Serializable interface from
the InvocationHandler, but then references the ObjectStreamException and
NotSerializableException classes that package.

I was able to get things working for jedit by applying the following
patch (also attached), building a new bsh-src package locally, and using
that for the jedit build.

> diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch 
> bsh-2.0b4/debian/patches/CVE-2016-2510.patch
> --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch  2016-03-02 
> 20:24:07.0 -0800
> +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch  2016-03-03 
> 22:10:57.0 -0800
> @@ -35,8 +35,8 @@
>  -class Handler implements InvocationHandler, java.io.Serializable 
>  +class Handler implements InvocationHandler
>   {
> -+private Object readResolve() throws ObjectStreamException {
> -+throw new NotSerializableException();
> ++private Object readResolve() throws 
> java.io.ObjectStreamException {
> ++throw new java.io.NotSerializableException();
>  +}
>  +

So, if you're okay with the patch, could you apply it and upload an
updated bsh?  Or do you mind if I do?

Cheers,
tony

diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch bsh-2.0b4/debian/patches/CVE-2016-2510.patch
--- bsh-2.0b4/debian/patches/CVE-2016-2510.patch	2016-03-02 20:24:07.0 -0800
+++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch	2016-03-03 22:10:57.0 -0800
@@ -35,8 +35,8 @@
 -	class Handler implements InvocationHandler, java.io.Serializable 
 +	class Handler implements InvocationHandler
  	{
-+		private Object readResolve() throws ObjectStreamException {
-+			throw new NotSerializableException();
++		private Object readResolve() throws java.io.ObjectStreamException {
++			throw new java.io.NotSerializableException();
 +		}
 +


signature.asc
Description: OpenPGP digital signature

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

2016-03-03 Thread Markus Koschany 
Am 03.03.2016 um 05:03 schrieb tony mancill:
> Control: -1 tag  + confirmed
> Control: -1 owner tmanc...@debian.org
> 
> On 02/29/2016 11:05 PM, Chris Lamb wrote:
>> Source: jedit
>> Version: 5.3.0+dfsg-1
>> Severity: serious
>> Justification: fails to build from source
> 
>>   [javac] 
>> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128:
>>  error: cannot find symbol
>>   [javac]throw new NotSerializableException();
> 
> Thanks for the bug report.  Looks like we have a bit of porting for the
> latest bsh upload.
> 

Sorry for the inconvenience. If there is more involved than importing
the missing class, please let me know and I try to fix it.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

2016-03-02 Thread tony mancill 
Control: -1 tag  + confirmed
Control: -1 owner tmanc...@debian.org

On 02/29/2016 11:05 PM, Chris Lamb wrote:
> Source: jedit
> Version: 5.3.0+dfsg-1
> Severity: serious
> Justification: fails to build from source

>   [javac] 
> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128:
>  error: cannot find symbol
>   [javac] throw new NotSerializableException();

Thanks for the bug report.  Looks like we have a bit of porting for the
latest bsh upload.

tony

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

2016-02-29 Thread Chris Lamb 
Source: jedit
Version: 5.3.0+dfsg-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Dear Maintainer,

jedit fails to build from source in unstable/amd64:

  [..]

  [javac] 
/home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/Primitive.java:75:
 warning: [unchecked] unchecked call to put(K,V) as a member of the raw type 
Hashtable
  [javac]   wrapperMap.put( Boolean.TYPE, Boolean.class );
  [javac] ^
  [javac]   where K,V are type-variables:
  [javac] K extends Object declared in class Hashtable
  [javac] V extends Object declared in class Hashtable
  [javac] 
/home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/Primitive.java:76:
 warning: [unchecked] unchecked call to put(K,V) as a member of the raw type 
Hashtable
  [javac]   wrapperMap.put( Byte.TYPE, Byte.class );
  [javac] ^
  [javac]   where K,V are type-variables:
  [javac] K extends Object declared in class Hashtable
  [javac] V extends Object declared in class Hashtable
  [javac] 
/home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/Primitive.java:77:
 warning: [unchecked] unchecked call to put(K,V) as a member of the raw type 
Hashtable
  [javac]   wrapperMap.put( Short.TYPE, Short.class );
  [javac] ^
  [javac]   where K,V are type-variables:
  [javac] K extends Object declared in class Hashtable
  [javac] V extends Object declared in class Hashtable
  [javac] 
/home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128:
 error: cannot find symbol
  [javac]   throw new NotSerializableException();
  [javac] ^
  [javac]   symbol:   class NotSerializableException
  [javac]   location: class XThis.Handler
  [javac] Note: Some input files additionally use or override a deprecated 
API.
  [javac] Note: Some input files additionally use unchecked or unsafe 
operations.
  [javac] 2 errors
  [javac] 100 warnings
  
  BUILD FAILED
  
/home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/build.xml:231: 
Compile failed; see the compiler error output for details.
  
  Total time: 5 seconds
  debian/rules:26: recipe for target 'override_dh_auto_build' failed
  make[1]: *** [override_dh_auto_build] Error 1
  make[1]: Leaving directory 
'/home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg'
  debian/rules:12: recipe for target 'build' failed
  make: *** [build] Error 2

  [..]

The full build log is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-


jedit.5.3.0+dfsg-1.unstable.amd64.log.txt.gz
Description: Binary data