Bug#1058331: android-platform-tools-base: additional information

Thu, 07 Mar 2024 12:51:17 -0800 

Package: android-platform-tools-base
Followup-For: Bug #1058331
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
Control: tags -1 patch

Dear Maintainer,

I apologise for submitting it as a debdiff, salsa repository appears to be out
of date.

The attached patch resolves ftbfs due to the internal sun.security and
BouncyCastle API changes.

In Ubuntu, the attached patch was applied to achieve the following:

  * Resolve the failure to build from source (LP: #2056088):
    - d/p/{der-output-stream.patch, add-exports.patch}: sun.security
      PKCS7 class now only supports encoding to DerOutputStream.
      Explicitly instantiate it.
    - d/p/bouncycastle177-compat.patch: use ASN1OutputStream instead
      of remove DerOutputStream.


Thanks for considering the patch.


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 
'mantic'), (100, 'mantic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-21-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru android-platform-tools-base-2.2.2/debian/patches/add-exports.patch 
android-platform-tools-base-2.2.2/debian/patches/add-exports.patch
--- android-platform-tools-base-2.2.2/debian/patches/add-exports.patch  
2023-02-03 03:01:58.000000000 +1300
+++ android-platform-tools-base-2.2.2/debian/patches/add-exports.patch  
2024-03-06 13:16:37.000000000 +1300
@@ -5,7 +5,7 @@
  }
  
 +compileJava {
-+    options.compilerArgs << '--add-exports' << 
'java.base/sun.security.pkcs=ALL-UNNAMED' << '--add-exports' << 
'java.base/sun.security.x509=ALL-UNNAMED'
++    options.compilerArgs << '--add-exports' << 
'java.base/sun.security.pkcs=ALL-UNNAMED' << '--add-exports' << 
'java.base/sun.security.x509=ALL-UNNAMED' << '--add-exports' << 
'java.base/sun.security.util=ALL-UNNAMED'
 +}
 +
  task initSdkForTests(type: JavaExec) {
diff -Nru 
android-platform-tools-base-2.2.2/debian/patches/bouncycastle177-compat.patch 
android-platform-tools-base-2.2.2/debian/patches/bouncycastle177-compat.patch
--- 
android-platform-tools-base-2.2.2/debian/patches/bouncycastle177-compat.patch   
    1970-01-01 12:00:00.000000000 +1200
+++ 
android-platform-tools-base-2.2.2/debian/patches/bouncycastle177-compat.patch   
    2024-03-06 13:16:37.000000000 +1300
@@ -0,0 +1,57 @@
+Description: bouncycastle 1.77 compatibility patch
+ Remove usages of DerOutputStream that is no longer public.
+Author: Vladimir Petko <vladimir.pe...@canonical.com>
+Bug-Ubuntu: 
https://bugs.launchpad.net/debian/+source/android-platform-tools-base/+bug/2056088
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058331
+Forwarded: not-needed
+Last-Update: 2024-03-06
+
+--- 
a/build-system/builder/src/main/java/com/android/builder/internal/packaging/sign/SignatureExtension.java
++++ 
b/build-system/builder/src/main/java/com/android/builder/internal/packaging/sign/SignatureExtension.java
+@@ -29,7 +29,8 @@
+ 
+ import org.apache.commons.codec.binary.Base64;
+ import org.bouncycastle.asn1.ASN1InputStream;
+-import org.bouncycastle.asn1.DEROutputStream;
++import org.bouncycastle.asn1.ASN1OutputStream;
++import org.bouncycastle.asn1.ASN1Encoding;
+ import org.bouncycastle.cert.jcajce.JcaCertStore;
+ import org.bouncycastle.cms.CMSException;
+ import org.bouncycastle.cms.CMSProcessableByteArray;
+@@ -610,12 +611,12 @@
+         /*
+          * DEROutputStream is not closeable! OMG!
+          */
+-        DEROutputStream dos = null;
++        ASN1OutputStream dos = null;
+         try (ASN1InputStream asn1 = new 
ASN1InputStream(sigData.getEncoded())) {
+-            dos = new DEROutputStream(outputBytes);
++            dos = ASN1OutputStream.create(outputBytes, ASN1Encoding.DER);
+             dos.writeObject(asn1.readObject());
+ 
+-            DEROutputStream toClose = dos;
++            ASN1OutputStream toClose = dos;
+             dos = null;
+             toClose.close();
+         } catch (IOException e) {
+--- 
a/build-system/builder/src/main/java/com/android/builder/signing/SignedJarApkCreator.java
++++ 
b/build-system/builder/src/main/java/com/android/builder/signing/SignedJarApkCreator.java
+@@ -33,7 +33,8 @@
+ import com.google.common.io.Files;
+ 
+ import org.bouncycastle.asn1.ASN1InputStream;
+-import org.bouncycastle.asn1.DEROutputStream;
++import org.bouncycastle.asn1.ASN1OutputStream;
++import org.bouncycastle.asn1.ASN1Encoding;
+ import org.bouncycastle.cert.jcajce.JcaCertStore;
+ import org.bouncycastle.cms.CMSException;
+ import org.bouncycastle.cms.CMSProcessableByteArray;
+@@ -400,7 +401,7 @@
+         CMSSignedData sigData = gen.generate(data, false);
+ 
+         try (ASN1InputStream asn1 = new 
ASN1InputStream(sigData.getEncoded())) {
+-            DEROutputStream dos = new DEROutputStream(mOutputJar);
++            ASN1OutputStream dos = ASN1OutputStream.create(mOutputJar, 
ASN1Encoding.DER);
+             try {
+                 dos.writeObject(asn1.readObject());
+             } finally {
diff -Nru 
android-platform-tools-base-2.2.2/debian/patches/der-output-stream.patch 
android-platform-tools-base-2.2.2/debian/patches/der-output-stream.patch
--- android-platform-tools-base-2.2.2/debian/patches/der-output-stream.patch    
1970-01-01 12:00:00.000000000 +1200
+++ android-platform-tools-base-2.2.2/debian/patches/der-output-stream.patch    
2024-03-06 13:16:37.000000000 +1300
@@ -0,0 +1,30 @@
+Description: workaround removal of pkcs7.encodeSignedData(OutputStream)
+  pkcs7.encodeSignedData(OutputStream) was removed in Java 21.
+  Explicitly instantiate DerOutputStream to encode pkcs7 contents.
+Author: Vladimir Petko <vladimir.pe...@canonical.com>
+Bug-Ubuntu: 
https://bugs.launchpad.net/debian/+source/android-platform-tools-base/+bug/2056088
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058331
+Forwarded: not-needed
+Last-Update: 2024-03-06
+
+--- 
a/sdklib/src/main/java/com/android/sdklib/internal/build/SignedJarBuilder.java
++++ 
b/sdklib/src/main/java/com/android/sdklib/internal/build/SignedJarBuilder.java
+@@ -25,6 +25,7 @@
+ import sun.security.pkcs.SignerInfo;
+ import sun.security.x509.AlgorithmId;
+ import sun.security.x509.X500Name;
++import sun.security.util.DerOutputStream;
+
+ import java.io.BufferedOutputStream;
+ import java.io.ByteArrayOutputStream;
+@@ -394,6 +395,9 @@
+                 new X509Certificate[] { publicKey },
+                 new SignerInfo[] { signerInfo });
+
+-        pkcs7.encodeSignedData(mOutputJar);
++        try (DerOutputStream derout = new DerOutputStream()) {
++            pkcs7.encodeSignedData(derout);
++            mOutputJar.write(derout.toByteArray());
++        }
+     }
+ }
diff -Nru android-platform-tools-base-2.2.2/debian/patches/series 
android-platform-tools-base-2.2.2/debian/patches/series
--- android-platform-tools-base-2.2.2/debian/patches/series     2023-02-03 
03:01:58.000000000 +1300
+++ android-platform-tools-base-2.2.2/debian/patches/series     2024-03-06 
13:16:37.000000000 +1300
@@ -22,3 +22,5 @@
 ecj-compatibility.patch
 asm-dependency.patch
 add-exports.patch
+der-output-stream.patch
+bouncycastle177-compat.patch

Reply via email to