From: Patrice Clement Date: Thu, 3 Sep 2015 15:57:56 +0000 (+0000) Subject: dev-java/mojarra: Remove vulnerable versions. Fixes bug 501280. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c8d1617a77572f397ad51cc546a4a06639359614;p=gentoo.git dev-java/mojarra: Remove vulnerable versions. Fixes bug 501280. Package-Manager: portage-2.2.18 Signed-off-by: Patrice Clement --- diff --git a/dev-java/mojarra/Manifest b/dev-java/mojarra/Manifest index 21cd8dd5945e..4e68f51dfe6a 100644 --- a/dev-java/mojarra/Manifest +++ b/dev-java/mojarra/Manifest @@ -1,4 +1 @@ DIST javax.faces-2.2.12-sources.jar 3105808 SHA256 503c0a1c6a270429798a6507d477ee2114f0de5204c64d5660a11796c498ab61 SHA512 b2bc2ce38d72af38a4b2fdb5aec790600ca41a5d7f6340bf6be671a901c9fe664d50d9d13f021694e85e0e145a2031e2d8b61dd6d6ccebb544f2512a91ff670a WHIRLPOOL 98a5473c8c7841cf5baae4b879d2b0a9e1b64d3666b820aa7c1aeece43d3689fc8b93766c280906f19dd23d3e13436c6514b533a3d810bdb96e88d4d78666a87 -DIST javax.faces-2.2.9-sources.jar 3098257 SHA256 f3ba4bcafcdac5e92bd784574e3f0b35ff4b7c56d07dda628a8e0246d1a40b27 SHA512 a398c7edd483af59e59c52896dfd6fbf67948cb9778940bb5045c6c4ee2e0549e24ee321dcf7a8bdadbbec82c7e533840bc42669e79664fa864627744b6cc0e3 WHIRLPOOL 040768e9aba1575137e4a1ef7bbf587fea71ff46119066a0fe5b72a9c0a1da647fbef1a712952efa0d59d51ca346366eefc0f79b7912cc7d071d695a39edf48c -DIST mojarra-1.2_15-b01-FCS-patch.bz2 4369 SHA256 c8495b51225201bf23033a01bb853abf1cc0a40214aa6a68c7dd1c30812e6cd1 SHA512 125e511b052d4c70314a069c47ce72b51e4dd9d1c6826def6c1a8c0bf72f6c711a9fb9f05065a5f1f46dce8462b701198f67d257b1f0aa683b494b31d90205ac WHIRLPOOL 62efb9f165d40be7ba94be04046867b342d2ba39f340443bceb3f8b421c9be2c8c312ea9e04d7c743e6440fe124bd8566fa383013a9654b7758f180f659234c4 -DIST mojarra-1.2_15-b01-FCS-source.zip 5091287 SHA256 8678db1e93a2f605b696ae3a04e145bc14dd46409301ae230dc6ee4477ccb343 SHA512 6e8d8278aac36d3971bef523f8ec90a4959c0d6ec69642d5edd10379c2cdbe13242ad197475abda887b886f166b8c7ea762be5560a746f2426cec9c6a25c0144 WHIRLPOOL c5b2ab6a568468c2570d61d5cf8bc5f7147b403c9f7718c2ea32eda783605f48aa41c9f8a96cf48e13c10e5859061a527f40c003d7ff48a66571be6a69472559 diff --git a/dev-java/mojarra/files/mojarra-2.2.9-Util.java.patch b/dev-java/mojarra/files/mojarra-2.2.9-Util.java.patch deleted file mode 100644 index d73ee9ce0596..000000000000 --- a/dev-java/mojarra/files/mojarra-2.2.9-Util.java.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- src/com/sun/faces/util/Util.java.orig 2015-06-08 21:08:39.770000000 +0000 -+++ src/com/sun/faces/util/Util.java 2015-06-08 21:10:12.719000000 +0000 -@@ -315,13 +315,16 @@ - // as the same adapter in a standalone program works as one might expect. - // So, for now, if the classname starts with '[', then use Class.forName() - // to avoid CR 643419 and for all other cases, use ClassLoader.loadClass(). -- if (loader.getClass() == com.sun.faces.scripting.groovy.GroovyHelperImpl.MojarraGroovyClassLoader.class) { -- if (name.charAt(0) == '[') { -- return Class.forName(name, true, loader); -- } else { -- return loader.loadClass(name); -- } -- } -+ // -+ // Disable Groovy stuff for the time being -+ // since groovy 2.4 hasn't hit the tree... yet. -+ // if (loader.getClass() == com.sun.faces.scripting.groovy.GroovyHelperImpl.MojarraGroovyClassLoader.class) { -+ // if (name.charAt(0) == '[') { -+ // return Class.forName(name, true, loader); -+ // } else { -+ // return loader.loadClass(name); -+ // } -+ // } - return Class.forName(name, true, loader); - } - diff --git a/dev-java/mojarra/mojarra-1.2.15-r2.ebuild b/dev-java/mojarra/mojarra-1.2.15-r2.ebuild deleted file mode 100644 index 300ac12a0646..000000000000 --- a/dev-java/mojarra/mojarra-1.2.15-r2.ebuild +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=3 - -WANT_ANT_TASKS="ant-trax" -JAVA_PKG_IUSE="source" - -inherit eutils java-pkg-2 java-ant-2 - -MY_PV="$(get_version_component_range 1-2)_$(get_version_component_range 3)-b01-FCS" - -DESCRIPTION="Project Mojarra - GlassFish's Implementation for JavaServer Faces API" -HOMEPAGE="https://javaserverfaces.dev.java.net/" -SRC_URI="https://javaserverfaces.dev.java.net/files/documents/1866/151669/${PN}-${MY_PV}-source.zip - mirror://gentoo/${PN}-${MY_PV}-patch.bz2" - -LICENSE="CDDL" -SLOT="1.2" -KEYWORDS="amd64 x86" - -IUSE="" - -COMMON_DEP=" - dev-java/glassfish-servlet-api:2.5 - dev-java/groovy:0 - dev-java/jakarta-jstl:0 - dev-java/portletapi:1 - " - -RDEPEND=">=virtual/jre-1.6 - ${COMMON_DEP}" -DEPEND=">=virtual/jdk-1.6 - app-arch/unzip - dev-java/ant-contrib - dev-java/commons-beanutils:1.7 - dev-java/commons-collections:0 - dev-java/commons-digester:0 - dev-java/commons-logging:0 - ${COMMON_DEP}" - -S="${WORKDIR}/${PN}-${MY_PV}-sources" - -src_prepare() { - epatch "${DISTDIR}/${PN}-${MY_PV}-patch.bz2" - - mkdir -p "${S}/dependencies/jars" || die - - # Should we remove those files? I don't see a reason to pull in three - # different web app server for this package. - rm -f \ - "${S}/jsf-ri/src/com/sun/faces/vendor/GlassFishInjectionProvider.java" \ - "${S}/jsf-ri/src/com/sun/faces/vendor/Jetty6InjectionProvider.java" \ - "${S}/jsf-ri/src/com/sun/faces/vendor/Tomcat6InjectionProvider.java" - - find -name '*.jar' -exec rm -f {} \; - - cd "${S}/common/lib/" - java-pkg_jarfrom --build-only ant-contrib - - cd "${S}/dependencies/jars" - java-pkg_jarfrom --build-only commons-beanutils-1.7 - java-pkg_jarfrom --build-only commons-collections - java-pkg_jarfrom --build-only commons-digester - java-pkg_jarfrom --build-only commons-logging - java-pkg_jarfrom glassfish-servlet-api-2.5 - java-pkg_jarfrom groovy - java-pkg_jarfrom jakarta-jstl - java-pkg_jarfrom portletapi-1 -} - -src_compile() { - cd "${S}/jsf-api" - eant -Djsf.build.home="${S}" -Dcontainer.name=glassfish jars - - cd "${S}/jsf-ri" - eant -Djsf.build.home="${S}" -Dcontainer.name=glassfish jars -} - -src_install() { - java-pkg_dojar "${S}/jsf-api/build/lib/jsf-api.jar" - java-pkg_dojar "${S}/jsf-ri/build/lib/jsf-impl.jar" - use source && java-pkg_dosrc "${S}"/jsf-api/src/* "${S}"/jsf-ri/src/* -} diff --git a/dev-java/mojarra/mojarra-2.2.9.ebuild b/dev-java/mojarra/mojarra-2.2.9.ebuild deleted file mode 100644 index 8a94ed405b29..000000000000 --- a/dev-java/mojarra/mojarra-2.2.9.ebuild +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit eutils java-pkg-2 java-pkg-simple - -DESCRIPTION="Project Mojarra - GlassFish's Implementation for JavaServer Faces API" -HOMEPAGE="https://javaserverfaces.dev.java.net/" -SRC_URI="https://maven.java.net/content/repositories/releases/org/glassfish/javax.faces/${PV}/javax.faces-${PV}-sources.jar" - -LICENSE="CDDL" -SLOT="2.2" -KEYWORDS="~amd64 ~x86" - -IUSE="" - -CDEPEND="dev-java/glassfish-persistence:0 - dev-java/glassfish-ejb-api:0 - java-virtuals/servlet-api:3.0 - dev-java/tomcat-jstl-spec:1.2.5 - dev-java/tomcat-jstl-impl:1.2.5 - dev-java/validation-api:1.0 - dev-java/javax-inject:0 - dev-java/cdi-api:1.2" - -RDEPEND=">=virtual/jre-1.6 - ${CDEPEND}" -DEPEND=">=virtual/jdk-1.6 - app-arch/unzip - ${CDEPEND}" - -JAVA_SRC_DIR="src" - -JAVA_GENTOO_CLASSPATH="glassfish-persistence,glassfish-ejb-api,tomcat-jstl-spec-1.2.5,tomcat-jstl-impl-1.2.5,validation-api-1.0,cdi-api-1.2,servlet-api-3.0,javax-inject" - -java_prepare() { - mkdir src || die - mv * src - - # We *MUST* bump Groovy to 2.4 at some point - # to make this stuff work correctly. - rm -v src/com/sun/faces/scripting/groovy/GroovyHelperImpl.java || die - epatch "${FILESDIR}"/${P}-Util.java.patch -}