subject:"update java\/gradle to 8.3"

Re: update java/gradle to 8.3

2023-09-16 Thread Lawrence Teo

On Sat, Sep 16, 2023 at 02:52:54PM +0100, Stuart Henderson wrote:
> (+cc ghidra maintainer)
> 
> On 2023/09/16 14:55, Peter Hessler wrote:
> > 
> > On 2023 Sep 16 (Sat) at 07:30:46 -0400 (-0400), Ian Darwin wrote:
> > :On Sat, Sep 16, 2023 at 11:36:08AM +0100, Stuart Henderson wrote:
> > :> > Unfortunately there is a show-stopper here. We have to fix/update
> > :> > security/ghidra which is not trivial.
> > :> 
> > :> The ghidra port is really outdated, even from just a quick look at
> > :> release notes various of the changes look security-related, not what you
> > :> want when analysing (possibly malicious) binaries. At this point,
> > :> especially since it was already noticed >1y ago, I don't think ghidra
> > :> should stand in the way of updatng gradle, I'd be ok with marking ghidra
> > :> BROKEN and updating gradle.
> > :
> > :I concur.
> > :
> > 
> > So to me the only question is timing.  Do we disable ghirda before
> > release because it is so dangerous, or do we disable it after release and
> > give interested people some time to fix it?
> 
> I think it would be reasonable to do that before release.
> 
> If somebody already has ghidra installed and upgrades, it won't
> disappear (and because it's java software, shouldn't have compat
> problems due to syscall changes etc, because the jdk package will
> still be updated).
> 
> And if not, at least they won't get a 3yo version if they run
> "pkg_add ghidra" from scratch.
> 
> (Also, since current versions of ghidra themselves now use jdk 17,
> afaik updating gradle will be a prerequisite to updating ghidra anyway).

I have marked the Ghidra port as BROKEN. I looked into updating Ghidra
sometime ago and it was a lot of work, so I agree that it's best that we
mark it as BROKEN before release since it's unlikely that it can be
updated before release.

phessler, I'm ok with your java/gradle update.

Thanks,
Lawrence

Re: update java/gradle to 8.3

2023-09-16 Thread Stuart Henderson

(+cc ghidra maintainer)

On 2023/09/16 14:55, Peter Hessler wrote:
> 
> On 2023 Sep 16 (Sat) at 07:30:46 -0400 (-0400), Ian Darwin wrote:
> :On Sat, Sep 16, 2023 at 11:36:08AM +0100, Stuart Henderson wrote:
> :> > Unfortunately there is a show-stopper here. We have to fix/update
> :> > security/ghidra which is not trivial.
> :> 
> :> The ghidra port is really outdated, even from just a quick look at
> :> release notes various of the changes look security-related, not what you
> :> want when analysing (possibly malicious) binaries. At this point,
> :> especially since it was already noticed >1y ago, I don't think ghidra
> :> should stand in the way of updatng gradle, I'd be ok with marking ghidra
> :> BROKEN and updating gradle.
> :
> :I concur.
> :
> 
> So to me the only question is timing.  Do we disable ghirda before
> release because it is so dangerous, or do we disable it after release and
> give interested people some time to fix it?

I think it would be reasonable to do that before release.

If somebody already has ghidra installed and upgrades, it won't
disappear (and because it's java software, shouldn't have compat
problems due to syscall changes etc, because the jdk package will
still be updated).

And if not, at least they won't get a 3yo version if they run
"pkg_add ghidra" from scratch.

(Also, since current versions of ghidra themselves now use jdk 17,
afaik updating gradle will be a prerequisite to updating ghidra anyway).

Re: update java/gradle to 8.3

2023-09-16 Thread Peter Hessler



On 2023 Sep 16 (Sat) at 07:30:46 -0400 (-0400), Ian Darwin wrote:
:On Sat, Sep 16, 2023 at 11:36:08AM +0100, Stuart Henderson wrote:
:> > Unfortunately there is a show-stopper here. We have to fix/update
:> > security/ghidra which is not trivial.
:> 
:> The ghidra port is really outdated, even from just a quick look at
:> release notes various of the changes look security-related, not what you
:> want when analysing (possibly malicious) binaries. At this point,
:> especially since it was already noticed >1y ago, I don't think ghidra
:> should stand in the way of updatng gradle, I'd be ok with marking ghidra
:> BROKEN and updating gradle.
:
:I concur.
:

So to me the only question is timing.  Do we disable ghirda before
release because it is so dangerous, or do we disable it after release and
give interested people some time to fix it?


-- 
Worst Vegetable of the Year:
The brussels sprout.  This is also the worst vegetable of next
year.
-- Steve Rubenstein

Re: update java/gradle to 8.3

2023-09-16 Thread Ian Darwin

On Sat, Sep 16, 2023 at 11:36:08AM +0100, Stuart Henderson wrote:
> > Unfortunately there is a show-stopper here. We have to fix/update
> > security/ghidra which is not trivial.
> 
> The ghidra port is really outdated, even from just a quick look at
> release notes various of the changes look security-related, not what you
> want when analysing (possibly malicious) binaries. At this point,
> especially since it was already noticed >1y ago, I don't think ghidra
> should stand in the way of updatng gradle, I'd be ok with marking ghidra
> BROKEN and updating gradle.

I concur.

Re: update java/gradle to 8.3

2023-09-16 Thread Stuart Henderson

On 2023/09/16 11:48, Rafael Sadowski wrote:
> On Sun Sep 10, 2023 at 02:35:29PM +0200, Peter Hessler wrote:
> > I have need to build some mods for Minecraft, and they want to use Java
> > 17, which is newer than what our in-tree Gradle supports.  Here's an
> > update to the most recent version of Gradle, works for me in light
> > testing.
> > 
> > OK?
> > 
> > -peter
> 
> Unfortunately there is a show-stopper here. We have to fix/update
> security/ghidra which is not trivial.

The ghidra port is really outdated, even from just a quick look at
release notes various of the changes look security-related, not what you
want when analysing (possibly malicious) binaries. At this point,
especially since it was already noticed >1y ago, I don't think ghidra
should stand in the way of updatng gradle, I'd be ok with marking ghidra
BROKEN and updating gradle.



> 
> revision 1.12
> date: 2022/07/22 05:21:06;  author: rsadowski;  state: Exp;  lines: +2 -1;  
> commitid: AX7doZpGzxhucnle;
> Backout gradle-7 update, it is resulting in build failures in security/ghidra
> 
> Spotted by many
> 
> 
> 
> > 
> > 
> > Index: java/gradle/Makefile
> > ===
> > RCS file: /cvs/openbsd/ports/java/gradle/Makefile,v
> > retrieving revision 1.12
> > diff -u -p -u -p -r1.12 Makefile
> > --- java/gradle/Makefile22 Jul 2022 05:21:06 -  1.12
> > +++ java/gradle/Makefile10 Sep 2023 12:33:14 -
> > @@ -1,6 +1,6 @@
> >  COMMENT =  build automation tool
> >  
> > -DISTNAME = gradle-6.7
> > +DISTNAME = gradle-8.3
> >  EXTRACT_SUFX = -bin.zip
> >  EPOCH =0
> >  
> > Index: java/gradle/distinfo
> > ===
> > RCS file: /cvs/openbsd/ports/java/gradle/distinfo,v
> > retrieving revision 1.9
> > diff -u -p -u -p -r1.9 distinfo
> > --- java/gradle/distinfo22 Jul 2022 05:21:06 -  1.9
> > +++ java/gradle/distinfo10 Sep 2023 12:33:27 -
> > @@ -1,2 +1,2 @@
> > -SHA256 (gradle-6.7-bin.zip) = itV3WQGakjPcfcTRpTDO/hCdwSIADVf35iP4z0up38Q=
> > -SIZE (gradle-6.7-bin.zip) = 102804263
> > +SHA256 (gradle-8.3-bin.zip) = WRhVtRf8Y1ueBN4dBdXnato/ifX8dvh5eNGyRbT2kiU=
> > +SIZE (gradle-8.3-bin.zip) = 130639305
> > Index: java/gradle/patches/patch-bin_gradle
> > ===
> > RCS file: /cvs/openbsd/ports/java/gradle/patches/patch-bin_gradle,v
> > retrieving revision 1.5
> > diff -u -p -u -p -r1.5 patch-bin_gradle
> > --- java/gradle/patches/patch-bin_gradle22 Jul 2022 05:21:06 -  
> > 1.5
> > +++ java/gradle/patches/patch-bin_gradle10 Sep 2023 12:33:46 -
> > @@ -1,8 +1,8 @@
> >  Index: bin/gradle
> >  --- bin/gradle.orig
> >  +++ bin/gradle
> > -@@ -83,6 +83,8 @@ esac
> > - CLASSPATH=$APP_HOME/lib/gradle-launcher-6.6.jar
> > +@@ -115,6 +115,8 @@ esac
> > + CLASSPATH=$APP_HOME/lib/gradle-launcher-8.3.jar
> >   
> >   
> >  +JAVA_HOME="$(javaPathHelper -h gradle)"
> > Index: java/gradle/pkg/PLIST
> > ===
> > RCS file: /cvs/openbsd/ports/java/gradle/pkg/PLIST,v
> > retrieving revision 1.11
> > diff -u -p -u -p -r1.11 PLIST
> > --- java/gradle/pkg/PLIST   22 Jul 2022 05:21:06 -  1.11
> > +++ java/gradle/pkg/PLIST   10 Sep 2023 12:33:59 -
> > @@ -10,26 +10,32 @@ share/java/gradle/bin/gradle.bat
> >  share/java/gradle/init.d/
> >  share/java/gradle/init.d/readme.txt
> >  share/java/gradle/lib/
> > -share/java/gradle/lib/annotations-13.0.jar
> > -share/java/gradle/lib/ant-1.10.8.jar
> > -share/java/gradle/lib/ant-launcher-1.10.8.jar
> > -share/java/gradle/lib/asm-7.3.1.jar
> > -share/java/gradle/lib/asm-analysis-7.3.1.jar
> > -share/java/gradle/lib/asm-commons-7.3.1.jar
> > -share/java/gradle/lib/asm-tree-7.3.1.jar
> > -share/java/gradle/lib/commons-compress-1.19.jar
> > -share/java/gradle/lib/commons-io-2.6.jar
> > +share/java/gradle/lib/HikariCP-4.0.3.jar
> > +share/java/gradle/lib/agents/
> > +share/java/gradle/lib/agents/gradle-instrumentation-agent${GRADLE_JAR}
> > +share/java/gradle/lib/annotations-24.0.0.jar
> > +share/java/gradle/lib/ant-1.10.13.jar
> > +share/java/gradle/lib/ant-antlr-1.10.12.jar
> > +share/java/gradle/lib/ant-junit-1.10.12.jar
> > +share/java/gradle/lib/ant-launcher-1.10.13.jar
> > +share/java/gradle/lib/antlr4-runtime-4.7.2.jar
> > +share/java/gradle/lib/asm-9.5.jar
> > +share/java/gradle/lib/asm-commons-9.5.jar
> > +share/java/gradle/lib/asm-tree-9.5.jar
> > +share/java/gradle/lib/commons-compress-1.21.jar
> > +share/java/gradle/lib/commons-io-2.11.0.jar
> >  share/java/gradle/lib/commons-lang-2.6.jar
> >  share/java/gradle/lib/failureaccess-1.0.1.jar
> > -share/java/gradle/lib/fastutil-8.3.0-min.jar
> > -share/java/gradle/lib/file-events-0.22-milestone-8.jar
> > -share/java/gradle/lib/file-events-linux-aarch64-0.22-milestone-8.jar
> >

Re: update java/gradle to 8.3

2023-09-16 Thread Rafael Sadowski

On Sun Sep 10, 2023 at 02:35:29PM +0200, Peter Hessler wrote:
> I have need to build some mods for Minecraft, and they want to use Java
> 17, which is newer than what our in-tree Gradle supports.  Here's an
> update to the most recent version of Gradle, works for me in light
> testing.
> 
> OK?
> 
> -peter

Unfortunately there is a show-stopper here. We have to fix/update
security/ghidra which is not trivial.


revision 1.12
date: 2022/07/22 05:21:06;  author: rsadowski;  state: Exp;  lines: +2 -1;  
commitid: AX7doZpGzxhucnle;
Backout gradle-7 update, it is resulting in build failures in security/ghidra

Spotted by many



> 
> 
> Index: java/gradle/Makefile
> ===
> RCS file: /cvs/openbsd/ports/java/gradle/Makefile,v
> retrieving revision 1.12
> diff -u -p -u -p -r1.12 Makefile
> --- java/gradle/Makefile  22 Jul 2022 05:21:06 -  1.12
> +++ java/gradle/Makefile  10 Sep 2023 12:33:14 -
> @@ -1,6 +1,6 @@
>  COMMENT =build automation tool
>  
> -DISTNAME =   gradle-6.7
> +DISTNAME =   gradle-8.3
>  EXTRACT_SUFX =   -bin.zip
>  EPOCH =  0
>  
> Index: java/gradle/distinfo
> ===
> RCS file: /cvs/openbsd/ports/java/gradle/distinfo,v
> retrieving revision 1.9
> diff -u -p -u -p -r1.9 distinfo
> --- java/gradle/distinfo  22 Jul 2022 05:21:06 -  1.9
> +++ java/gradle/distinfo  10 Sep 2023 12:33:27 -
> @@ -1,2 +1,2 @@
> -SHA256 (gradle-6.7-bin.zip) = itV3WQGakjPcfcTRpTDO/hCdwSIADVf35iP4z0up38Q=
> -SIZE (gradle-6.7-bin.zip) = 102804263
> +SHA256 (gradle-8.3-bin.zip) = WRhVtRf8Y1ueBN4dBdXnato/ifX8dvh5eNGyRbT2kiU=
> +SIZE (gradle-8.3-bin.zip) = 130639305
> Index: java/gradle/patches/patch-bin_gradle
> ===
> RCS file: /cvs/openbsd/ports/java/gradle/patches/patch-bin_gradle,v
> retrieving revision 1.5
> diff -u -p -u -p -r1.5 patch-bin_gradle
> --- java/gradle/patches/patch-bin_gradle  22 Jul 2022 05:21:06 -  
> 1.5
> +++ java/gradle/patches/patch-bin_gradle  10 Sep 2023 12:33:46 -
> @@ -1,8 +1,8 @@
>  Index: bin/gradle
>  --- bin/gradle.orig
>  +++ bin/gradle
> -@@ -83,6 +83,8 @@ esac
> - CLASSPATH=$APP_HOME/lib/gradle-launcher-6.6.jar
> +@@ -115,6 +115,8 @@ esac
> + CLASSPATH=$APP_HOME/lib/gradle-launcher-8.3.jar
>   
>   
>  +JAVA_HOME="$(javaPathHelper -h gradle)"
> Index: java/gradle/pkg/PLIST
> ===
> RCS file: /cvs/openbsd/ports/java/gradle/pkg/PLIST,v
> retrieving revision 1.11
> diff -u -p -u -p -r1.11 PLIST
> --- java/gradle/pkg/PLIST 22 Jul 2022 05:21:06 -  1.11
> +++ java/gradle/pkg/PLIST 10 Sep 2023 12:33:59 -
> @@ -10,26 +10,32 @@ share/java/gradle/bin/gradle.bat
>  share/java/gradle/init.d/
>  share/java/gradle/init.d/readme.txt
>  share/java/gradle/lib/
> -share/java/gradle/lib/annotations-13.0.jar
> -share/java/gradle/lib/ant-1.10.8.jar
> -share/java/gradle/lib/ant-launcher-1.10.8.jar
> -share/java/gradle/lib/asm-7.3.1.jar
> -share/java/gradle/lib/asm-analysis-7.3.1.jar
> -share/java/gradle/lib/asm-commons-7.3.1.jar
> -share/java/gradle/lib/asm-tree-7.3.1.jar
> -share/java/gradle/lib/commons-compress-1.19.jar
> -share/java/gradle/lib/commons-io-2.6.jar
> +share/java/gradle/lib/HikariCP-4.0.3.jar
> +share/java/gradle/lib/agents/
> +share/java/gradle/lib/agents/gradle-instrumentation-agent${GRADLE_JAR}
> +share/java/gradle/lib/annotations-24.0.0.jar
> +share/java/gradle/lib/ant-1.10.13.jar
> +share/java/gradle/lib/ant-antlr-1.10.12.jar
> +share/java/gradle/lib/ant-junit-1.10.12.jar
> +share/java/gradle/lib/ant-launcher-1.10.13.jar
> +share/java/gradle/lib/antlr4-runtime-4.7.2.jar
> +share/java/gradle/lib/asm-9.5.jar
> +share/java/gradle/lib/asm-commons-9.5.jar
> +share/java/gradle/lib/asm-tree-9.5.jar
> +share/java/gradle/lib/commons-compress-1.21.jar
> +share/java/gradle/lib/commons-io-2.11.0.jar
>  share/java/gradle/lib/commons-lang-2.6.jar
>  share/java/gradle/lib/failureaccess-1.0.1.jar
> -share/java/gradle/lib/fastutil-8.3.0-min.jar
> -share/java/gradle/lib/file-events-0.22-milestone-8.jar
> -share/java/gradle/lib/file-events-linux-aarch64-0.22-milestone-8.jar
> -share/java/gradle/lib/file-events-linux-amd64-0.22-milestone-8.jar
> -share/java/gradle/lib/file-events-osx-amd64-0.22-milestone-8.jar
> -share/java/gradle/lib/file-events-windows-amd64-0.22-milestone-8.jar
> -share/java/gradle/lib/file-events-windows-amd64-min-0.22-milestone-8.jar
> -share/java/gradle/lib/file-events-windows-i386-0.22-milestone-8.jar
> -share/java/gradle/lib/file-events-windows-i386-min-0.22-milestone-8.jar
> +share/java/gradle/lib/fastutil-8.5.2-min.jar
> +share/java/gradle/lib/file-events-0.22-milestone-24.jar
> +share/java/gradle/lib/file-events-linux-aarch64-0.22-milestone-24.jar
>

update java/gradle to 8.3

2023-09-10 Thread Peter Hessler

I have need to build some mods for Minecraft, and they want to use Java
17, which is newer than what our in-tree Gradle supports.  Here's an
update to the most recent version of Gradle, works for me in light
testing.

OK?

-peter


Index: java/gradle/Makefile
===
RCS file: /cvs/openbsd/ports/java/gradle/Makefile,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 Makefile
--- java/gradle/Makefile22 Jul 2022 05:21:06 -  1.12
+++ java/gradle/Makefile10 Sep 2023 12:33:14 -
@@ -1,6 +1,6 @@
 COMMENT =  build automation tool
 
-DISTNAME = gradle-6.7
+DISTNAME = gradle-8.3
 EXTRACT_SUFX = -bin.zip
 EPOCH =0
 
Index: java/gradle/distinfo
===
RCS file: /cvs/openbsd/ports/java/gradle/distinfo,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 distinfo
--- java/gradle/distinfo22 Jul 2022 05:21:06 -  1.9
+++ java/gradle/distinfo10 Sep 2023 12:33:27 -
@@ -1,2 +1,2 @@
-SHA256 (gradle-6.7-bin.zip) = itV3WQGakjPcfcTRpTDO/hCdwSIADVf35iP4z0up38Q=
-SIZE (gradle-6.7-bin.zip) = 102804263
+SHA256 (gradle-8.3-bin.zip) = WRhVtRf8Y1ueBN4dBdXnato/ifX8dvh5eNGyRbT2kiU=
+SIZE (gradle-8.3-bin.zip) = 130639305
Index: java/gradle/patches/patch-bin_gradle
===
RCS file: /cvs/openbsd/ports/java/gradle/patches/patch-bin_gradle,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 patch-bin_gradle
--- java/gradle/patches/patch-bin_gradle22 Jul 2022 05:21:06 -  
1.5
+++ java/gradle/patches/patch-bin_gradle10 Sep 2023 12:33:46 -
@@ -1,8 +1,8 @@
 Index: bin/gradle
 --- bin/gradle.orig
 +++ bin/gradle
-@@ -83,6 +83,8 @@ esac
- CLASSPATH=$APP_HOME/lib/gradle-launcher-6.6.jar
+@@ -115,6 +115,8 @@ esac
+ CLASSPATH=$APP_HOME/lib/gradle-launcher-8.3.jar
  
  
 +JAVA_HOME="$(javaPathHelper -h gradle)"
Index: java/gradle/pkg/PLIST
===
RCS file: /cvs/openbsd/ports/java/gradle/pkg/PLIST,v
retrieving revision 1.11
diff -u -p -u -p -r1.11 PLIST
--- java/gradle/pkg/PLIST   22 Jul 2022 05:21:06 -  1.11
+++ java/gradle/pkg/PLIST   10 Sep 2023 12:33:59 -
@@ -10,26 +10,32 @@ share/java/gradle/bin/gradle.bat
 share/java/gradle/init.d/
 share/java/gradle/init.d/readme.txt
 share/java/gradle/lib/
-share/java/gradle/lib/annotations-13.0.jar
-share/java/gradle/lib/ant-1.10.8.jar
-share/java/gradle/lib/ant-launcher-1.10.8.jar
-share/java/gradle/lib/asm-7.3.1.jar
-share/java/gradle/lib/asm-analysis-7.3.1.jar
-share/java/gradle/lib/asm-commons-7.3.1.jar
-share/java/gradle/lib/asm-tree-7.3.1.jar
-share/java/gradle/lib/commons-compress-1.19.jar
-share/java/gradle/lib/commons-io-2.6.jar
+share/java/gradle/lib/HikariCP-4.0.3.jar
+share/java/gradle/lib/agents/
+share/java/gradle/lib/agents/gradle-instrumentation-agent${GRADLE_JAR}
+share/java/gradle/lib/annotations-24.0.0.jar
+share/java/gradle/lib/ant-1.10.13.jar
+share/java/gradle/lib/ant-antlr-1.10.12.jar
+share/java/gradle/lib/ant-junit-1.10.12.jar
+share/java/gradle/lib/ant-launcher-1.10.13.jar
+share/java/gradle/lib/antlr4-runtime-4.7.2.jar
+share/java/gradle/lib/asm-9.5.jar
+share/java/gradle/lib/asm-commons-9.5.jar
+share/java/gradle/lib/asm-tree-9.5.jar
+share/java/gradle/lib/commons-compress-1.21.jar
+share/java/gradle/lib/commons-io-2.11.0.jar
 share/java/gradle/lib/commons-lang-2.6.jar
 share/java/gradle/lib/failureaccess-1.0.1.jar
-share/java/gradle/lib/fastutil-8.3.0-min.jar
-share/java/gradle/lib/file-events-0.22-milestone-8.jar
-share/java/gradle/lib/file-events-linux-aarch64-0.22-milestone-8.jar
-share/java/gradle/lib/file-events-linux-amd64-0.22-milestone-8.jar
-share/java/gradle/lib/file-events-osx-amd64-0.22-milestone-8.jar
-share/java/gradle/lib/file-events-windows-amd64-0.22-milestone-8.jar
-share/java/gradle/lib/file-events-windows-amd64-min-0.22-milestone-8.jar
-share/java/gradle/lib/file-events-windows-i386-0.22-milestone-8.jar
-share/java/gradle/lib/file-events-windows-i386-min-0.22-milestone-8.jar
+share/java/gradle/lib/fastutil-8.5.2-min.jar
+share/java/gradle/lib/file-events-0.22-milestone-24.jar
+share/java/gradle/lib/file-events-linux-aarch64-0.22-milestone-24.jar
+share/java/gradle/lib/file-events-linux-amd64-0.22-milestone-24.jar
+share/java/gradle/lib/file-events-osx-aarch64-0.22-milestone-24.jar
+share/java/gradle/lib/file-events-osx-amd64-0.22-milestone-24.jar
+share/java/gradle/lib/file-events-windows-amd64-0.22-milestone-24.jar
+share/java/gradle/lib/file-events-windows-amd64-min-0.22-milestone-24.jar
+share/java/gradle/lib/file-events-windows-i386-0.22-milestone-24.jar
+share/java/gradle/lib/file-events-windows-i386-min-0.22-milestone-24.jar
 share/java/gradle/lib/gradle-api-metadata${GRADLE_JAR}
 share/java/gradle/lib/gradle-base-annotations${GRADLE_JAR}
 share/java/gradle/lib/gradle-base-services${GRADLE_JAR}

Re: update java/gradle to 8.3

Re: update java/gradle to 8.3

Re: update java/gradle to 8.3

Re: update java/gradle to 8.3

Re: update java/gradle to 8.3

Re: update java/gradle to 8.3

update java/gradle to 8.3

7 matches

Site Navigation

Mail list logo

Footer information