https://bugzilla.redhat.com/show_bug.cgi?id=2104057
Bug ID: 2104057
Summary: native jblas depends on to be removed i686
java-openjdk packages
Product: Fedora
Version: rawhide
Status: NEW
Component: jblas
Severity: high
Assignee: zbyszek(a)in.waw.pl
Reporter: jvanek(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jhuttana(a)redhat.com, jvanek(a)redhat.com,
pmikova(a)redhat.com, sgehwolf(a)redhat.com,
zbyszek(a)in.waw.pl, zzambers(a)redhat.com
Blocks: 2083750
Target Milestone: ---
Classification: Fedora
Dear maintainer, we are going to drop i686 java packages in f37 -
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
your package (or maybe jsut some subpackage) is directly depending on java and
is native.
Please take care, and adapt your package to exclude java on i686. For your
convenience, there was added macro %{java_arches}, including all arches java is
available on, which you can use to ifarch-out java specific features out in
i686 (on non-java arches). Although for plain java package, the change is as
simple as
https://src.fedoraproject.org/rpms/maven/c/520942645bfd1e4721dacd536a6ccbf8…,
you can not use it. The ExclusiveArch: %{java_arches} is not going to work for
you, because your package is not simple java application, and also non-java
world depends on it.
See exemplar PR:
https://src.fedoraproject.org/rpms/graphviz/pull-request/9#request_diff
See more details eg in:: https://bugzilla.redhat.com/show_bug.cgi?id=2102298
See why in : https://pagure.io/fesco/issue/2772
Please read carefully proposal:
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
Please see tracking bug for most up to date informations:
https://bugzilla.redhat.com/show_bug.cgi?id=2083750
I'm terribly sorry to report this bug so late in f37 lifecycle. If you can,
please handle this with priority.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2083750
[Bug 2083750] Drop i686 builds of jdk8,11,17 and latest (18) rpms from f37
onwards
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2104057
https://bugzilla.redhat.com/show_bug.cgi?id=2049783
Bug ID: 2049783
Summary: CVE-2021-43859 xstream: Injecting highly recursive
collections or maps can cause a DoS
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, ataylor(a)redhat.com,
bibryam(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, didiksupriadi41(a)gmail.com,
drieden(a)redhat.com, emingora(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
fedoraproject.org(a)bluhm-de.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jnethert(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jrokos(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, krathod(a)redhat.com,
kverlaen(a)redhat.com, lkundrak(a)v3.sk,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
nstielau(a)redhat.com, pantinor(a)redhat.com,
pbhattac(a)redhat.com, pdelbell(a)redhat.com,
pjindal(a)redhat.com, rguimara(a)redhat.com,
rrajasek(a)redhat.com, spandura(a)redhat.com,
sponnaga(a)redhat.com, tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
XStream is an open source java library to serialize objects to XML and back
again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100%
CPU time on the target system depending on CPU type or parallel execution of
such a payload resulting in a denial of service only by manipulating the
processed input stream. XStream 1.4.19 monitors and accumulates the time it
takes to add elements to collections and throws an exception if a set threshold
is exceeded. Users are advised to upgrade as soon as possible. Users unable to
upgrade may set the NO_REFERENCE mode to prevent recursion. See
GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not
possible.
References:
https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjfhttps://x-stream.github.io/CVE-2021-43859.html
Upstream patch:
https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2049783
https://bugzilla.redhat.com/show_bug.cgi?id=2092837
Bug ID: 2092837
Summary: jctools-3.3.1-ea is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jctools
Keywords: FutureFeature, Triaged
Assignee: paul.wouters(a)aiven.io
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, paul.wouters(a)aiven.io,
puntogil(a)libero.it, roman(a)fenkhuber.at
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.3.1-ea
Upstream release that is considered latest: 3.3.1-ea
Current version/release in rawhide: 3.3.0-4.fc37
URL: https://github.com/JCTools/JCTools
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/89333/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/jctools
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2092837
https://bugzilla.redhat.com/show_bug.cgi?id=2080569
Bug ID: 2080569
Summary: plexus-compiler-2.12.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: plexus-compiler
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dbhole(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 2.12.0
Current version/release in rawhide: 2.11.1-1.fc37
URL: https://github.com/codehaus-plexus/plexus-compiler
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/9003/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2080569
https://bugzilla.redhat.com/show_bug.cgi?id=2095843
Bug ID: 2095843
Summary: plexus-archiver-4.3.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: plexus-archiver
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dbhole(a)redhat.com, jaromir.capik(a)email.cz,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Releases retrieved: 4.3.0
Upstream release that is considered latest: 4.3.0
Current version/release in rawhide: 4.2.7-1.fc37
URL: http://codehaus-plexus.github.io/plexus-archiver
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/3655/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/plexus-archiver
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2095843
https://bugzilla.redhat.com/show_bug.cgi?id=2037629
Bug ID: 2037629
Summary: testng-7.5 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: testng
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: jaromir.capik(a)email.cz,
java-sig-commits(a)lists.fedoraproject.org,
lkundrak(a)v3.sk, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 7.5
Current version/release in rawhide: 7.4.0-1.fc36
URL: https://github.com/cbeust/testng
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/4956/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2037629
https://bugzilla.redhat.com/show_bug.cgi?id=2063869
Bug ID: 2063869
Summary: Please provide google-gson for EPEL-9
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: google-gson
Assignee: mat.booth(a)gmail.com
Reporter: fedoraproject.org(a)bluhm-de.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dchen(a)redhat.com, jaromir.capik(a)email.cz,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)gmail.com, mizdebsk(a)redhat.com,
sergio(a)serjux.com
Target Milestone: ---
Classification: Fedora
Can you please provide google-gson for EPEL-9?
There is the missing dependency 'bnd-maven-plugin' provided by package
aqute-bnd which fails a scratch build.
Thank you very much!
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2063869
https://bugzilla.redhat.com/show_bug.cgi?id=2078122
Bug ID: 2078122
Summary: maven-reporting-impl-4.0.0-M1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: maven-reporting-impl
Keywords: FutureFeature, Triaged
Assignee: loganjerry(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
loganjerry(a)gmail.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 4.0.0-M1
Current version/release in rawhide: 3.1.0-1.fc37
URL: http://maven.apache.org/shared/maven-reporting-impl/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/1932/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2078122
https://bugzilla.redhat.com/show_bug.cgi?id=2123387
Bug ID: 2123387
Summary: janino-3.1.8 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: janino
Keywords: FutureFeature, Triaged
Assignee: didiksupriadi41(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: didiksupriadi41(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mefoster(a)gmail.com, puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.1.8
Upstream release that is considered latest: 3.1.8
Current version/release in rawhide: 3.1.7-3.fc37
URL: https://janino-compiler.github.io/janino/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/89329/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/janino
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2123387
https://bugzilla.redhat.com/show_bug.cgi?id=2140083
Bug ID: 2140083
Summary: apache-ivy-2.5.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: apache-ivy
Keywords: FutureFeature, Triaged
Assignee: didiksupriadi41(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: didiksupriadi41(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
lkundrak(a)v3.sk, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Releases retrieved: 2.5.1
Upstream release that is considered latest: 2.5.1
Current version/release in rawhide: 2.5.0-12.fc37
URL: https://ant.apache.org/ivy/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/14014/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/apache-ivy
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2140083