java-sig-commits March 2017

java-sig-commits@lists.fedoraproject.org

3 participants
253 discussions

[Bug 1256390] New: Complaint about jpackage-utils is out of date
by Red Hat Bugzilla 08 Aug '17

08 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1256390 Bug ID: 1256390 Summary: Complaint about jpackage-utils is out of date Product: Fedora Version: rawhide Component: fedora-review-plugin-java Assignee: msimacek(a)redhat.com Reporter: jonathan.underwood(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Description of problem: Currently fedora-review will complain thusly: - Packages have proper BuildRequires/Requires on jpackage-utils if a BR/R on jpackage-utils is missing. However, jpackage-utils is now provided by the (renamed) package javapackages-tools, and so: 1) fedora-review should be looking for a BR/R on javapackages-tools, not jpackage-utils 2) fedora-review could also complain if a BR/R for jpackage-utils is found, and recommend it is replaced with javapackages-tools Version-Release number of selected component (if applicable): fedora-review.noarch 0.6.0-1.fc22 fedora-review-plugin-java.noarch 4.6.1-1.fc22 fedora-review-tests.noarch 0.6.0-1.fc22 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zhZkEuTsDs&a=cc_unsubscribe _______________________________________________ java-sig-commits mailing list java-sig-commits(a)lists.fedoraproject.org http://lists.fedoraproject.org/postorius/java-sig-commits@lists.fedoraproje…

2 4

[Bug 1247385] New: Need documentation for gradle builds
by Red Hat Bugzilla 08 Aug '17

08 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1247385 Bug ID: 1247385 Summary: Need documentation for gradle builds Product: Fedora Version: rawhide Component: javapackages-tools Assignee: mizdebsk(a)redhat.com Reporter: orion(a)cora.nwra.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Description of problem: No description of how to build Fedora packages with gradle in https://fedorahosted.org/released/javapackages/doc as promised by https://fedoraproject.org/wiki/Changes/Gradle -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gRWIlFzLmg&a=cc_unsubscribe

2 7

[Bug 1201026] New: enable scala-extensions
by Red Hat Bugzilla 08 Aug '17

08 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1201026 Bug ID: 1201026 Summary: enable scala-extensions Product: Fedora Version: rawhide Component: mustache-java Assignee: puntogil(a)libero.it Reporter: puntogil(a)libero.it QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, puntogil(a)libero.it -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=V3SbJBHivM&a=cc_unsubscribe

2 5

[Bug 1378613] New: CVE-2016-7050 SerializableProvider in RESTEasy 3 before 3.0.15.Final is enabled by default and deserializes untrusted data
by Red Hat Bugzilla 03 Aug '17

03 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1378613 Bug ID: 1378613 Summary: CVE-2016-7050 SerializableProvider in RESTEasy 3 before 3.0.15.Final is enabled by default and deserializes untrusted data Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: jshepherd(a)redhat.com CC: alee(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mgoldman(a)redhat.com, puntogil(a)libero.it, weli(a)redhat.com Under certain conditions it's possible for an attacker to force the use of a SerializableProvider to parse a request in RESTEasy. An attacker can use this flaw to lauch a remote code execution attack. -- You are receiving this mail because: You are on the CC list for the bug.

2 27

[Bug 1406703] New: smack: TLS SecurityMode.required bypass via StripTLS attack
by Red Hat Bugzilla 27 Jul '17

27 Jul '17

https://bugzilla.redhat.com/show_bug.cgi?id=1406703 Bug ID: 1406703 Summary: smack: TLS SecurityMode.required bypass via StripTLS attack Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: aileenc(a)redhat.com, alazarot(a)redhat.com, chazlett(a)redhat.com, etirelli(a)redhat.com, gvarsami(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jcoleman(a)redhat.com, kconner(a)redhat.com, kverlaen(a)redhat.com, ldimaggi(a)redhat.com, lpetrovi(a)redhat.com, mbaluch(a)redhat.com, mwinkler(a)redhat.com, nwallace(a)redhat.com, pavelp(a)redhat.com, projects.rg(a)smart.ms, puntogil(a)libero.it, rrajasek(a)redhat.com, rwagner(a)redhat.com, rzhang(a)redhat.com, soa-p-jira(a)post-office.corp.redhat.com, tcunning(a)redhat.com, tkirby(a)redhat.com A vulnerability in the Smack XMPP library was reported where the security of the TLS connection is not always enforced. By stripping the "starttls" feature from the server response with a man-in-the-middle tool, an attacker can force the client to authenticate in clear text even if the "SecurityMode.required" TLS setting has been set. References: http://seclists.org/oss-sec/2016/q4/716 https://community.igniterealtime.org/blogs/ignite/2016/11/22/smack-security… Upstream bug: https://issues.igniterealtime.org/browse/SMACK-739 Upstream patches: https://github.com/igniterealtime/Smack/commit/059ee99ba0d5ff7758829acf5a9a… https://github.com/igniterealtime/Smack/commit/a9d5cd4a611f47123f9561bc5a81… -- You are receiving this mail because: You are on the CC list for the bug.

2 10

[Bug 1344641] New: builddep mojo NPE on pomless projects
by Red Hat Bugzilla 27 Jul '17

27 Jul '17

https://bugzilla.redhat.com/show_bug.cgi?id=1344641 Bug ID: 1344641 Summary: builddep mojo NPE on pomless projects Product: Fedora Version: rawhide Component: xmvn Assignee: mizdebsk(a)redhat.com Reporter: msimacek(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Description of problem: XMVn builddep mojo crashes with NPE on tycho-pomless projects. This is because Model.getLocation("") returns null for these. I inspected the object in debugger and location hashmap contains only "properties" key which probably got there via pom inheritance. I'm not sure of a correct solution. AFAIK location tracking is not mandatory in maven, so XMVn, shouldn't rely on it (determine whether dep/plugin was inherited by walking the graph?). Or it would probably be more straightforward to patch polyglot to set the location. Or use the "properties" key. Stacktrace: [ERROR] Failed to execute goal org.fedoraproject.xmvn:xmvn-mojo:2.5.0:builddep (default-cli) on project eclipse-abrt: Execution default-cli of goal org.fedoraproject.xmvn:xmvn-mojo:2.5.0:builddep failed. NullPointerException -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.fedoraproject.xmvn:xmvn-mojo:2.5.0:builddep (default-cli) on project eclipse-abrt: Execution default-cli of goal org.fedoraproject.xmvn:xmvn-mojo:2.5.0:builddep failed. at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288) at org.apache.maven.cli.MavenCli.main(MavenCli.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) Caused by: org.apache.maven.plugin.PluginExecutionException: Execution default-cli of goal org.fedoraproject.xmvn:xmvn-mojo:2.5.0:builddep failed. at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:145) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207) ... 20 more Caused by: java.lang.NullPointerException at org.fedoraproject.xmvn.mojo.BuilddepMojo.execute(BuilddepMojo.java:143) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134) ... 21 more Version-Release number of selected component (if applicable): xmvn-0:2.5.0-7.fc25.noarch How reproducible: always Steps to Reproduce: 1. rebuild eclipse-abrt -- You are receiving this mail because: You are on the CC list for the bug.

2 8

[Bug 1296926] New: Unable to build after rebase to PostgreSQL 9.5
by Red Hat Bugzilla 26 Jul '17

26 Jul '17

https://bugzilla.redhat.com/show_bug.cgi?id=1296926 Bug ID: 1296926 Summary: Unable to build after rebase to PostgreSQL 9.5 Product: Fedora Version: rawhide Component: ambari Assignee: pmackinn(a)redhat.com Reporter: pkajaba(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, me(a)coolsvap.net, moceap(a)hotmail.com, pmackinn(a)redhat.com Description of problem: Unable to build after rebase to PostgreSQL 9.5 here is koji url: http://koji.fedoraproject.org/koji/taskinfo?taskID=12465992 After short look to log, it does not seem to be related to PostgreSQL -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=2keP2DmEbS&a=cc_unsubscribe

2 3

[Bug 1403824] New: CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
by Red Hat Bugzilla 25 Jul '17

25 Jul '17

https://bugzilla.redhat.com/show_bug.cgi?id=1403824 Bug ID: 1403824 Summary: CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: aileenc(a)redhat.com, alazarot(a)redhat.com, alee(a)redhat.com, aszczucz(a)redhat.com, bbaranow(a)redhat.com, bmaxwell(a)redhat.com, ccoleman(a)redhat.com, cdewolf(a)redhat.com, chazlett(a)redhat.com, csutherl(a)redhat.com, dandread(a)redhat.com, darran.lofthouse(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, dosoudil(a)redhat.com, etirelli(a)redhat.com, felias(a)redhat.com, fnasser(a)redhat.com, gvarsami(a)redhat.com, gzaronik(a)redhat.com, hchiorea(a)redhat.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, jason.greene(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jawilson(a)redhat.com, jboss-set(a)redhat.com, jclere(a)redhat.com, jcoleman(a)redhat.com, jdg-bugs(a)redhat.com, jdoyle(a)redhat.com, jgoulding(a)redhat.com, jialiu(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, jolee(a)redhat.com, jshepherd(a)redhat.com, kconner(a)redhat.com, krzysztof.daniel(a)gmail.com, kverlaen(a)redhat.com, ldimaggi(a)redhat.com, lgao(a)redhat.com, lmeyer(a)redhat.com, lpetrovi(a)redhat.com, mbabacek(a)redhat.com, mbaluch(a)redhat.com, me(a)coolsvap.net, miburman(a)redhat.com, mmccomas(a)redhat.com, mwinkler(a)redhat.com, myarboro(a)redhat.com, nwallace(a)redhat.com, pavelp(a)redhat.com, pgier(a)redhat.com, psakar(a)redhat.com, pslavice(a)redhat.com, rnetuka(a)redhat.com, rrajasek(a)redhat.com, rsvoboda(a)redhat.com, rwagner(a)redhat.com, rzhang(a)redhat.com, soa-p-jira(a)post-office.corp.redhat.com, spinder(a)redhat.com, tcunning(a)redhat.com, theute(a)redhat.com, tkirby(a)redhat.com, trick(a)vanstaveren.us, ttarrant(a)redhat.com, twalsh(a)redhat.com, vhalbert(a)redhat.com, vtunka(a)redhat.com, weli(a)redhat.com The following flaw was found in Apache Tomcat: The refactoring of the Connector code for 8.5.x onwards introduced a regression in the error handling of the send file code for the NIO HTTP connector. An error during send file processing resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not limited to, session ID and the response body. This issue affects only versions 8.5.x and later. Upstream patch: 8.x: https://svn.apache.org/viewvc?view=revision&revision=1771857 9.x: https://svn.apache.org/viewvc?view=revision&revision=1771853 -- You are receiving this mail because: You are on the CC list for the bug.

2 46

[Bug 1418716] New: CVE-2017-2605 jenkins: Re-key admin monitor leaves behind unencrypted credentials in upgraded installations (SECURITY-376)
by bugzilla＠redhat.com 25 Jul '17

25 Jul '17

https://bugzilla.redhat.com/show_bug.cgi?id=1418716 Bug ID: 1418716 Summary: CVE-2017-2605 jenkins: Re-key admin monitor leaves behind unencrypted credentials in upgraded installations (SECURITY-376) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jgoulding(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, kseifried(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. All administrative monitors now require the user accessing them to be an administrator. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017… Upstream patch: https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a7456… -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1123978] New: apache-commons-dbutils-1.6 is available
by Red Hat Bugzilla 21 Jul '17

21 Jul '17

https://bugzilla.redhat.com/show_bug.cgi?id=1123978 Bug ID: 1123978 Summary: apache-commons-dbutils-1.6 is available Product: Fedora Version: rawhide Component: apache-commons-dbutils Keywords: FutureFeature, Triaged Assignee: SpikeFedora(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, SpikeFedora(a)gmail.com Latest upstream release: 1.6 Current version/release in Fedora Rawhide: 1.5-8.fc21 URL: http://www.apache.org/dist/commons/dbutils/source/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0yslqUCkKL&a=cc_unsubscribe

2 3

← Newer
1
...
12
13
14
15
16
17
18
...
26
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2017