← Back to team overview

openjdk team mailing list archive

Bug#912333: openjdk-8-jdk: breaks maven-surefire-plugin (security-caused regression)

 

tags 912333 + patch
thanks

Dixi quod…

> Thanks, that might prove useful if Surefire and OpenJDK
> people can’t fight it out between themselves.

There’s progress from the Surefire side: they will put out
an alpha version (3.0.0-M1) in three days which contains a
fix for this issue.

On the other hand, as this can cause hidden problems in
production (especially as these things break SILENTLY, we
cannot even see in e.g. the maven-surefire-plugin output
why it doesn’t work and what JAR is responsible, it just
SILENTLY IGNORES the JAR ☹) I’m working on a fixed OpenJDK
package (debdiff attached, although I probably am not al‐
lowed to upload that to Debian, I will roll it out here).

Note I haven’t finished building it yet so it’s untested.
But I’d still love to see it uploaded to Debian proper.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
diff -Nru openjdk-8-8u181-b13/debian/changelog openjdk-8-8u181-b13/debian/changelog
--- openjdk-8-8u181-b13/debian/changelog	2018-10-22 20:05:23.000000000 +0200
+++ openjdk-8-8u181-b13/debian/changelog	2018-11-02 14:24:41.000000000 +0100
@@ -1,3 +1,11 @@
+openjdk-8 (8u181-b13-2~deb9u1tarent1) tarent; urgency=high
+
+  * Non-maintainer upload.
+  * Apply patch from upstream commit f54dcfc5a5f8 (Closes: #911925)
+    See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925#38
+
+ -- Thorsten Glaser <t.glaser@xxxxxxxxx>  Fri, 02 Nov 2018 14:24:41 +0100
+
 openjdk-8 (8u181-b13-2~deb9u1) stretch-security; urgency=medium
 
   * Rebuild for stretch-security
diff -Nru openjdk-8-8u181-b13/debian/patches/f54dcfc5a5f8 openjdk-8-8u181-b13/debian/patches/f54dcfc5a5f8
--- openjdk-8-8u181-b13/debian/patches/f54dcfc5a5f8	1970-01-01 01:00:00.000000000 +0100
+++ openjdk-8-8u181-b13/debian/patches/f54dcfc5a5f8	2018-11-02 14:24:41.000000000 +0100
@@ -0,0 +1,22 @@
+
+# HG changeset patch
+# User bchristi
+# Date 1538777557 25200
+# Node ID f54dcfc5a5f8d202ad48073a79a7633744d6d32f
+# Parent  0da586f1ed05ac29968210bca71c55b34b6ca082
+8211731: Reconsider default option for ClassPathURLCheck change done in JDK-8195874
+Reviewed-by: alanb, mchung
+
+Index: src/jdk/src/share/classes/sun/misc/URLClassPath.java
+===================================================================
+--- src.orig/jdk/src/share/classes/sun/misc/URLClassPath.java	2018-11-02 13:38:42.210470241 +0000
++++ src/jdk/src/share/classes/sun/misc/URLClassPath.java	2018-11-02 13:40:11.315033731 +0000
+@@ -92,7 +92,7 @@
+         p = AccessController.doPrivileged(
+             new GetPropertyAction("jdk.net.URLClassPath.disableClassPathURLCheck"));
+ 
+-        DISABLE_CP_URL_CHECK = p != null ? p.equals("true") || p.isEmpty() : false;
++        DISABLE_CP_URL_CHECK = p != null ? p.equals("true") || p.isEmpty() : true;
+         DEBUG_CP_URL_CHECK = "debug".equals(p);
+     }
+ 
diff -Nru openjdk-8-8u181-b13/debian/rules openjdk-8-8u181-b13/debian/rules
--- openjdk-8-8u181-b13/debian/rules	2018-10-21 11:57:15.000000000 +0200
+++ openjdk-8-8u181-b13/debian/rules	2018-11-02 14:22:53.000000000 +0100
@@ -457,6 +457,9 @@
 	sec-webrev-8u191-b12-S8203654-jdk.patch \
 	sec-webrev-8u191-b12-S8204497-jaxp.patch \
 	sec-webrev-8u191-b12-S8205361-jdk.patch
+# fix #911925
+COMMON_PATCHES += \
+	f54dcfc5a5f8
 
 DEFAULT_PATCHES = \
 	$(COMMON_PATCHES) \

References