sera 14/07/20 20:07:15 Modified: oracle-jre-bin-1.8.0.5.ebuild ChangeLog Added: oracle-jre-bin-1.7.0.65.ebuild Log: Security bump #517220 Limit memory on x86 #467518 Preserve xattrs for hardened #515582 (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 3C5CF75A)
Revision Changes Path 1.2 dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.5.ebuild file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.5.ebuild?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.5.ebuild?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.5.ebuild?r1=1.1&r2=1.2 Index: oracle-jre-bin-1.8.0.5.ebuild =================================================================== RCS file: /var/cvsroot/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.5.ebuild,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- oracle-jre-bin-1.8.0.5.ebuild 16 Apr 2014 16:28:47 -0000 1.1 +++ oracle-jre-bin-1.8.0.5.ebuild 20 Jul 2014 20:07:15 -0000 1.2 @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.5.ebuild,v 1.1 2014/04/16 16:28:47 tomwij Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.8.0.5.ebuild,v 1.2 2014/07/20 20:07:15 sera Exp $ EAPI="5" @@ -104,7 +104,9 @@ ;; x86) bin/java -client -Xshare:dump || die - bin/java -server -Xshare:dump || die + # limit heap size for large memory on x86 #467518 + # this is a workaround and shouldn't be needed. + bin/java -server -Xms64m -Xmx64m -Xshare:dump || die ;; *) bin/java -server -Xshare:dump || die @@ -137,7 +139,8 @@ fi dodir "${dest}" - cp -pPR bin lib man "${ddest}" || die + cp -R --preserve=links,mode,ownership,timestamps,xattr \ + bin lib man "${ddest}" || die # Remove empty dirs we might have copied find "${D}" -type d -empty -exec rmdir -v {} + || die 1.58 dev-java/oracle-jre-bin/ChangeLog file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-java/oracle-jre-bin/ChangeLog?rev=1.58&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-java/oracle-jre-bin/ChangeLog?rev=1.58&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-java/oracle-jre-bin/ChangeLog?r1=1.57&r2=1.58 Index: ChangeLog =================================================================== RCS file: /var/cvsroot/gentoo-x86/dev-java/oracle-jre-bin/ChangeLog,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- ChangeLog 13 Jul 2014 14:10:56 -0000 1.57 +++ ChangeLog 20 Jul 2014 20:07:15 -0000 1.58 @@ -1,6 +1,14 @@ # ChangeLog for dev-java/oracle-jre-bin # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-java/oracle-jre-bin/ChangeLog,v 1.57 2014/07/13 14:10:56 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-java/oracle-jre-bin/ChangeLog,v 1.58 2014/07/20 20:07:15 sera Exp $ + +*oracle-jre-bin-1.7.0.65 (20 Jul 2014) + + 20 Jul 2014; Ralph Sennhauser <s...@gentoo.org> + +oracle-jre-bin-1.7.0.65.ebuild, oracle-jre-bin-1.8.0.5.ebuild: + Security bump #517220 + Limit memory on x86 #467518 + Preserve xattrs for hardened #515582 13 Jul 2014; Agostino Sarubbo <a...@gentoo.org> oracle-jre-bin-1.7.0.60.ebuild: Stable for x86, wrt bug #511714 1.1 dev-java/oracle-jre-bin/oracle-jre-bin-1.7.0.65.ebuild file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.7.0.65.ebuild?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.7.0.65.ebuild?rev=1.1&content-type=text/plain Index: oracle-jre-bin-1.7.0.65.ebuild =================================================================== # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/dev-java/oracle-jre-bin/oracle-jre-bin-1.7.0.65.ebuild,v 1.1 2014/07/20 20:07:15 sera Exp $ EAPI="5" inherit java-vm-2 eutils prefix versionator MY_PV="$(get_version_component_range 2)u$(get_version_component_range 4)" S_PV="$(replace_version_separator 3 '_')" X86_AT="jre-${MY_PV}-linux-i586.tar.gz" AMD64_AT="jre-${MY_PV}-linux-x64.tar.gz" # This URIs need updating when bumping! JRE_URI="http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html"; JCE_URI="http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html"; JCE_DIR="UnlimitedJCEPolicy" JCE_FILE="${JCE_DIR}JDK7.zip" DESCRIPTION="Oracle's Java SE Runtime Environment" HOMEPAGE="http://www.oracle.com/technetwork/java/javase/"; SRC_URI=" x86? ( ${X86_AT} ) amd64? ( ${AMD64_AT} ) jce? ( ${JCE_FILE} )" LICENSE="Oracle-BCLA-JavaSE" SLOT="1.7" KEYWORDS="~amd64 ~x86" IUSE="X alsa fontconfig jce nsplugin pax_kernel" RESTRICT="fetch strip" QA_PREBUILT="*" RDEPEND=" X? ( x11-libs/libXext x11-libs/libXi x11-libs/libXrender x11-libs/libXtst x11-libs/libX11 ) alsa? ( media-libs/alsa-lib ) fontconfig? ( media-libs/fontconfig ) !prefix? ( sys-libs/glibc )" # scanelf won't create a PaX header, so depend on paxctl to avoid fallback # marking. #427642 DEPEND=" jce? ( app-arch/unzip ) pax_kernel? ( sys-apps/paxctl )" S="${WORKDIR}/jre${S_PV}" pkg_nofetch() { if use x86; then AT=${X86_AT} elif use amd64; then AT=${AMD64_AT} fi einfo "Please download '${AT}' from:" einfo "'${JRE_URI}'" einfo "and move it to '${DISTDIR}'" if use jce; then einfo "Also download '${JCE_FILE}' from:" einfo "'${JCE_URI}'" einfo "and move it to '${DISTDIR}'" fi } src_prepare() { if use jce; then mv "${WORKDIR}"/${JCE_DIR} lib/security/ || die fi } src_compile() { # This needs to be done before CDS - #215225 java-vm_set-pax-markings "${S}" # see bug #207282 einfo "Creating the Class Data Sharing archives" case ${ARCH} in arm|ia64) bin/java -client -Xshare:dump || die ;; x86) bin/java -client -Xshare:dump || die # limit heap size for large memory on x86 #467518 # this is a workaround and shouldn't be needed. bin/java -server -Xms64m -Xmx64m -Xshare:dump || die ;; *) bin/java -server -Xshare:dump || die ;; esac # Create files used as storage for system preferences. mkdir .systemPrefs || die touch .systemPrefs/.system.lock || die touch .systemPrefs/.systemRootModFile || die } src_install() { local dest="/opt/${P}" local ddest="${ED}${dest}" # We should not need the ancient plugin for Firefox 2 anymore, plus it has # writable executable segments if use x86; then rm -vf lib/i386/libjavaplugin_oji.so \ lib/i386/libjavaplugin_nscp*.so rm -vrf plugin/i386 fi # Without nsplugin flag, also remove the new plugin local arch=${ARCH}; use x86 && arch=i386; if ! use nsplugin; then rm -vf lib/${arch}/libnpjp2.so \ lib/${arch}/libjavaplugin_jni.so fi dodir "${dest}" cp -R --preserve=links,mode,ownership,timestamps,xattr \ bin lib man "${ddest}" || die # Remove empty dirs we might have copied find "${D}" -type d -empty -exec rmdir -v {} + || die dodoc COPYRIGHT README if use jce; then dodir ${dest}/lib/security/strong-jce mv "${ddest}"/lib/security/US_export_policy.jar \ "${ddest}"/lib/security/strong-jce || die mv "${ddest}"/lib/security/local_policy.jar \ "${ddest}"/lib/security/strong-jce || die dosym "${dest}"/lib/security/${JCE_DIR}/US_export_policy.jar \ "${dest}"/lib/security/US_export_policy.jar dosym "${dest}"/lib/security/${JCE_DIR}/local_policy.jar \ "${dest}"/lib/security/local_policy.jar fi if use nsplugin; then install_mozilla_plugin "${dest}"/lib/${arch}/libnpjp2.so fi # Install desktop file for the Java Control Panel. # Using ${PN}-${SLOT} to prevent file collision with jre and or other slots. # make_desktop_entry can't be used as ${P} would end up in filename. newicon lib/desktop/icons/hicolor/48x48/apps/sun-jcontrol.png \ sun-jcontrol-${PN}-${SLOT}.png || die sed -e "s#Name=.*#Name=Java Control Panel for Oracle JRE ${SLOT}#" \ -e "s#Exec=.*#Exec=/opt/${P}/bin/jcontrol#" \ -e "s#Icon=.*#Icon=sun-jcontrol-${PN}-${SLOT}#" \ -e "s#Application;##" \ -e "/Encoding/d" \ lib/desktop/applications/sun_java.desktop > \ "${T}"/jcontrol-${PN}-${SLOT}.desktop || die domenu "${T}"/jcontrol-${PN}-${SLOT}.desktop # Prune all fontconfig files so libfontconfig will be used and only install # a Gentoo specific one if fontconfig is disabled. # http://docs.oracle.com/javase/7/docs/technotes/guides/intl/fontconfig.html rm "${ddest}"/lib/fontconfig.* || die if ! use fontconfig; then cp "${FILESDIR}"/fontconfig.Gentoo.properties "${T}"/fontconfig.properties || die eprefixify "${T}"/fontconfig.properties insinto "${dest}"/lib/ doins "${T}"/fontconfig.properties fi set_java_env java-vm_revdep-mask java-vm_sandbox-predict /dev/random /proc/self/coredump_filter }
