java-sig-commits February 2022

java-sig-commits@lists.fedoraproject.org

1 participants
218 discussions

[Bug 2050898] New: maven-reporting-api-3.1.0 is available
by bugzilla＠redhat.com 07 Feb '22

07 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2050898 Bug ID: 2050898 Summary: maven-reporting-api-3.1.0 is available Product: Fedora Version: rawhide Status: NEW Component: maven-reporting-api Keywords: FutureFeature, Triaged Assignee: loganjerry(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, loganjerry(a)gmail.com, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 3.1.0 Current version/release in rawhide: 3.0-23.fc36 URL: http://maven.apache.org/shared/maven-reporting-api/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/1931/ -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2050898

1 1

[Bug 1577416] aqute-bnd-6.1.0 is available
by bugzilla＠redhat.com 06 Feb '22

06 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=1577416 Mikolaj Izdebski <mizdebsk(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Rebase -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1577416

1 0

[Bug 1884967] New: atinject-2.0.0-RC2 is available
by bugzilla＠redhat.com 06 Feb '22

06 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=1884967 Bug ID: 1884967 Summary: atinject-2.0.0-RC2 is available Product: Fedora Version: rawhide Status: NEW Component: atinject Keywords: FutureFeature, Triaged Assignee: java-maint-sig(a)lists.fedoraproject.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, java-maint-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, sochotni(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 2.0.0-RC2 Current version/release in rawhide: 1-35.20100611svn86.fc33 URL: http://javax-inject.github.io/javax-inject/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/129/ -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1592954] javamail-2.0.0 is available
by bugzilla＠redhat.com 06 Feb '22

06 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=1592954 Mikolaj Izdebski <mizdebsk(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Rebase -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1592954

1 0

[Bug 2051132] New: apache-commons-exec fails to build with java-17-openjdk
by bugzilla＠redhat.com 06 Feb '22

06 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2051132 Bug ID: 2051132 Summary: apache-commons-exec fails to build with java-17-openjdk Product: Fedora Version: rawhide Status: NEW Component: apache-commons-exec Severity: high Assignee: pikachu.2014(a)gmail.com Reporter: jvanek(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: didiksupriadi41(a)gmail.com, java-maint-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jhuttana(a)redhat.com, jvanek(a)redhat.com, mizdebsk(a)redhat.com, pikachu.2014(a)gmail.com, pmikova(a)redhat.com, sgehwolf(a)redhat.com Blocks: 2024265 Target Milestone: --- Classification: Fedora apache-commons-exec fails to build with java-17-openjdk as sytem JDK. See https://fedoraproject.org/wiki/Changes/Java17 . See especially part about known failures: https://fedoraproject.org/wiki/Changes/Java17#common_issues_packagers_can_f… For the build logs, see: https://koji.fedoraproject.org/koji/taskinfo?taskID=82423302 https://kojipkgs.fedoraproject.org/work/tasks/3325/82423325/mock_output.log https://kojipkgs.fedoraproject.org/work/tasks/3325/82423325/hw_info.log https://kojipkgs.fedoraproject.org/work/tasks/3325/82423325/state.log https://kojipkgs.fedoraproject.org/work/tasks/3325/82423325/build.log https://kojipkgs.fedoraproject.org/work/tasks/3325/82423325/root.log We run the rebuild in side tag f36-java17, but as fail ratio was small, we expect this side tag to be merged into rawhide 7 or 8 of February 2022. To reproduce before this date simply: fedpkg clone apache-commons-exec; cd apache-commons-exec; fedpkg build --target f36-java17; #The target is crucial. After this date the usual fedpkg build in f36 and up should do. We run two reruns your package failed both. We had also run the mass rebuilds in copr since November. We keep all encountered failures. See them here: https://copr.fedorainfracloud.org/coprs/jvanek/java17//package/apache-commo… You may find interesting additional informations here. Also we were spamming maintainers regualrly, check you spam folder. We had tried aprox 500 packages, and aprox 65 had failed, so the java-17-openjdk will be system JDK in f36, and you should fix your package if you want to keep it alive. Usually the fix is simple, and best is to update the package to latest upstream version. There will be usual mass rebuild once f36 branches. You may got another FTBFS bug. Let us know here if you have any questions, here in bug, or at java-devel(a)lists.fedoraproject.org . We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side if needed. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2024265 [Bug 2024265] java-17-openjdk as system JDK in F36 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2051132

1 2

[Bug 652183] Java SIG tracker bug
by bugzilla＠redhat.com 03 Feb '22

03 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=652183 Bug 652183 depends on bug 2036341, which changed state. Bug 2036341 Summary: Review Request: janino - Super-small, super-fast Java compiler https://bugzilla.redhat.com/show_bug.cgi?id=2036341 What |Removed |Added ---------------------------------------------------------------------------- Status|POST |CLOSED Resolution|--- |RAWHIDE -- You are receiving this mail because: You are the assignee for the bug. You are the QA Contact for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=652183

1 0

[Bug 2030932] CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
by bugzilla＠redhat.com 02 Feb '22

02 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2030932 Greg Scott <gscott(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gscott(a)redhat.com --- Comment #123 from Greg Scott <gscott(a)redhat.com> --- > We are running: rhvm-4.4.9.5-0.1.el8ev.noarch > > Our question is what is the impact of removing the log4j RPM's on a Hosted > Engine? > > We have these log4j RPMs installed: > # rpm -qa | grep log4j > log4j12-1.2.17-22.module+el8+2598+06babf2e.noarch > ovirt-engine-extension-logger-log4j-1.1.1-1.el8ev.noarch > eap7-log4j2-jboss-logmanager-1.0.0-1.Final_redhat_00001.1.el8eap.noarch > eap7-log4j-jboss-logmanager-1.2.0-1.Final_redhat_00001.1.el8eap.noarch > eap7-log4j-2.14.0-1.redhat_00002.1.el8eap.noarch > > What is the impact of removing them? Specifically, can we remove the 2.14 > version without impact? Is this affected by the CVE? RHVM 4.4.z should not install any any log4j v2 at all. See the diagnostic steps in https://access.redhat.com/solutions/6611691 for the log4j components installed with RHVM 4.4. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2030932

1 0

[Bug 2030932] CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
by bugzilla＠redhat.com 02 Feb '22

02 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2030932 --- Comment #122 from Mike Murphy <micmurph(a)redhat.com> --- (In reply to Stoyan Nikolov from comment #67) > Red Hat Virtualization ships rhvm-appliance which includes a vulnerable > version of log4j released by Red Hat EAP. Once EAP releases a fixed version > of the package Red Hat Virtualization users can consume the fix with a > regular update via the package manager inside the rhvm-appliance. We are running: rhvm-4.4.9.5-0.1.el8ev.noarch Our question is what is the impact of removing the log4j RPM's on a Hosted Engine? We have these log4j RPMs installed: # rpm -qa | grep log4j log4j12-1.2.17-22.module+el8+2598+06babf2e.noarch ovirt-engine-extension-logger-log4j-1.1.1-1.el8ev.noarch eap7-log4j2-jboss-logmanager-1.0.0-1.Final_redhat_00001.1.el8eap.noarch eap7-log4j-jboss-logmanager-1.2.0-1.Final_redhat_00001.1.el8eap.noarch eap7-log4j-2.14.0-1.redhat_00002.1.el8eap.noarch What is the impact of removing them? Specifically, can we remove the 2.14 version without impact? Is this affected by the CVE? -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2030932

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits February 2022