It is no longer found at this URL. Vendoring until a better solution
comes along.

Fixes #63084

qt4: Vendor bitrotted Arch Linux patch -- for 19.03

On Wed, 31 Jul 2019 it was announced that IcedTea-Web was affected by the below
security vulnerabilities:

- CVE-2019-10185: zip-slip attack during auto-extraction of a JAR file.

- CVE-2019-10181: executable code could be injected in a JAR file without
  compromising the signature verification.

- CVE-2019-10182: improper path sanitization from elements in JNLP
  files.

Version 1.7 was patched, but no release was made. Moreover, the patches apply
cleanly only to 1.7.2, not the current 1.7.1.

Rather than marking 1.7.1 as insecure, update to 1.7.2 and apply the official
patches.

References:

https://www.openwall.com/lists/oss-security/2019/07/31/2
AdoptOpenJDK/IcedTea-Web#327
AdoptOpenJDK/IcedTea-Web#346

gtk2 is not needed any more

icedtea-web 1.7.2 builds its launchers shell scripts with the "sh" extension,
while version 1.7.1 did not.

For backwards-compatibility, remove the extension from the executable in
postInstall.

Note that version 1.7.2 also creates a file called itw-modularjdk.args in the
bin directory. This file is referenced by the shell launchers, so we leave it
there (it's not executable anyway).

icedtea_web: 1.7.1 -> 1.7.2 (plus CVE patches)

(cherry picked from commit aa251bb)