Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

tony mancill tmancill at debian.org
Fri Mar 4 06:30:27 UTC 2016 

On 03/03/2016 12:49 PM, Markus Koschany wrote:
> Am 03.03.2016 um 05:03 schrieb tony mancill:
>> Control: -1 tag  + confirmed
>> Control: -1 owner tmancill at debian.org
>>
>> On 02/29/2016 11:05 PM, Chris Lamb wrote:
>>> Source: jedit
>>> Version: 5.3.0+dfsg-1
>>> Severity: serious
>>> Justification: fails to build from source
>>
>>>       [javac] /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128: error: cannot find symbol
>>>       [javac] 			throw new NotSerializableException();
>>
>> Thanks for the bug report.  Looks like we have a bit of porting for the
>> latest bsh upload.
>>
> 
> Sorry for the inconvenience. If there is more involved than importing
> the missing class, please let me know and I try to fix it.

Hi Markus,

No inconvenience at all. The issue seems to be with the upstream patch
for CVE-2016-2510, which drops the java.io.Serializable interface from
the InvocationHandler, but then references the ObjectStreamException and
NotSerializableException classes that package.

I was able to get things working for jedit by applying the following
patch (also attached), building a new bsh-src package locally, and using
that for the jedit build.

> diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch bsh-2.0b4/debian/patches/CVE-2016-2510.patch
> --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch	2016-03-02 20:24:07.000000000 -0800
> +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch	2016-03-03 22:10:57.000000000 -0800
> @@ -35,8 +35,8 @@
>  -	class Handler implements InvocationHandler, java.io.Serializable 
>  +	class Handler implements InvocationHandler
>   	{
> -+		private Object readResolve() throws ObjectStreamException {
> -+			throw new NotSerializableException();
> ++		private Object readResolve() throws java.io.ObjectStreamException {
> ++			throw new java.io.NotSerializableException();
>  +		}
>  +

So, if you're okay with the patch, could you apply it and upload an
updated bsh?  Or do you mind if I do?

Cheers,
tony

-------------- next part --------------
A non-text attachment was scrubbed...
Name: bsh_2.0b4-16_to_17.patch
Type: text/x-patch
Size: 647 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20160303/6c39836d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20160303/6c39836d/attachment.sig>

More information about the pkg-java-maintainers mailing list