https://bugzilla.redhat.com/show_bug.cgi?id=1719748
Bug ID: 1719748
Summary: jetty-9.4.19.v20190610 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jetty
Keywords: FutureFeature, Triaged
Assignee: mat.booth(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 9.4.19.v20190610
Current version/release in rawhide: 9.4.18-2.v20190429.fc31
URL: http://www.eclipse.org/jetty
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1447/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1857369
Bug ID: 1857369
Summary: CVE-2019-17637 eclipse-webtools: XML external entity
vulnerability in DTD Parser/Validator
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com
Target Milestone: ---
Classification: Other
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06),
XML and DTD files referring to external entities could be exploited to send the
contents of local files to a remote server when edited or validated, even when
external entity resolution is disabled in the user preferences.
Upstream bug:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1857370
Bug ID: 1857370
Summary: CVE-2019-17637 eclipse-webtools: XML external entity
vulnerability in DTD Parser/Validator [fedora-all]
Product: Fedora
Version: 32
Status: NEW
Component: eclipse-webtools
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1832383
Bug ID: 1832383
Summary: Unable to build maven projects from eclipse
Product: Fedora
Version: 32
Status: NEW
Component: eclipse-m2e-core
Severity: high
Assignee: mat.booth(a)redhat.com
Reporter: danielsun3164(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1685783
--> https://bugzilla.redhat.com/attachment.cgi?id=1685783&action=edit
Eclipse metadata/.log
Description of problem:
Unable to build maven projects from eclipse
Version-Release number of selected component (if applicable):
$ rpm -q eclipse-jdt eclipse-m2e-core maven-archetype-common
maven-artifact-transfer
eclipse-jdt-4.15-5.module_f32+8555+6b76193d.noarch
eclipse-m2e-core-1.15.0-3.module_f32+8482+8510b2e7.noarch
maven-archetype-common-3.1.1-1.module_f32+8422+d2b9781b.noarch
maven-artifact-transfer-0.11.0-2.fc32.noarch
How reproducible:
Everytime
Steps to Reproduce:
1. Open Eclipse.
2. Try to create a new maven project or build a existing maven project
3.
Actual results:
An error dialog will be displayed.
Expected results:
Maven projects should be builded or created successfully.
Additional info:
According to https://bugzilla.redhat.com/show_bug.cgi?id=1704981 , Update
"maven-archetype-common" from "3.1.1" to "3.1.2" could solve this problem, but
I cannot find maven-archetype-common-3.1.2 package anywhere.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1683547
Bug ID: 1683547
Summary: lucene-7.7.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: lucene
Keywords: FutureFeature, Triaged
Assignee: akurtako(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dbhole(a)redhat.com,
dingyichen(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
lef(a)fedoraproject.org, rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 7.7.1
Current version/release in rawhide: 7.7.0-1.fc30
URL: http://lucene.apache.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/7178/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1840743
Bug ID: 1840743
Summary: Eclipse won't open after installing eclipse-mpc
Product: Fedora
Version: 32
Status: NEW
Component: eclipse-mpc
Assignee: mat.booth(a)redhat.com
Reporter: doug.hs(a)protonmail.ch
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1692717
--> https://bugzilla.redhat.com/attachment.cgi?id=1692717&action=edit
Error log
Description of problem:
After installing the package eclipse-mpc, Eclipse fails right after selecting
the workspace and clicking "Launch". See attached logs.
Version-Release number of selected component (if applicable):
1.8.1
How reproducible:
Always
Steps to Reproduce:
1. Install Eclipse from GNOME Software (from Fedora 32 repositories).
2. Install Eclipse PDT (from Eclipse repositories, using "Install New Software"
in the "Help" menu).
3. Install Eclipse Marketplace (dnf install eclipse-mpc).
4. Add/Select a workspace and try to launch it.
Actual results:
Instead of the Eclipse main window, I see a small popup saying an error has
occurred and that I should check the logs at
"~/eclipse-workspace/.metadata/.log". Eclipse then closes itself.
Expected results:
Eclipse should load the workspace as usual.
Additional info:
Creating a new workspace and launching it does not fix the problem.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1838330
Bug ID: 1838330
Summary: Unable to install eclipse
Product: Fedora
Version: 31
Status: NEW
Component: eclipse
Assignee: mat.booth(a)redhat.com
Reporter: cquike(a)arcor.de
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)fedoraproject.org,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Trying to install eclipse in a fresh fedora container with dnf fails:
# dnf install eclipse-platform
Last metadata expiration check: 0:14:08 ago on Wed May 20 22:15:50 2020.
Error:
Problem: conflicting requests
- package eclipse-platform-1:4.14-5.fc31.x86_64 requires glassfish-el >=
3.0.1, but none of the providers can be installed
- package eclipse-platform-1:4.11-3.fc31.x86_64 requires glassfish-el >=
3.0.1, but none of the providers can be installed
- package glassfish-el-3.0.1-0.12.b08.module_f31+6519+12cd0b27.noarch is
filtered out by modular filtering
- package glassfish-el-3.0.1-0.12.b08.module_f31+6793+1c93c38e.noarch is
filtered out by modular filtering
- package glassfish-el-3.0.1-0.11.b08.fc31.noarch is filtered out by modular
filtering
I guess that enabling some module the dependency can be satisfied, but if I
understand modularity correctly only rpm from modules can depend on other
modules, right?
How reproducible: Always
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1813168
Bug ID: 1813168
Summary: Cannot install - broken dependencies
Product: Fedora
Version: 31
Status: NEW
Component: eclipse-egit
Assignee: rob.myers(a)gtri.gatech.edu
Reporter: fedora(a)famillecollet.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)redhat.com, rgrunber(a)redhat.com,
rob.myers(a)gtri.gatech.edu
Target Milestone: ---
Classification: Fedora
# dnf update --best
Error:
Problem: package eclipse-egit-5.6.0-2.fc31.noarch requires jgit >= 5.6.0, but
none of the providers can be installed
- cannot install the best update candidate for package
eclipse-egit-5.3.0-2.fc31.noarch
- package jgit-5.6.0-1.fc31.noarch is filtered out by modular filtering
Indeed, the modular repository provides jgit 5.4 (eclipse:2019-06) or jgit 5.5
(eclipse:latest)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1801198
Bug ID: 1801198
Summary: upgrade of eclipse-webtools-sourceediting is
impossible due to conflicts
Product: Fedora
Version: 31
Hardware: x86_64
OS: Linux
Status: NEW
Component: eclipse-webtools
Severity: medium
Assignee: mat.booth(a)redhat.com
Reporter: R.Perdok(a)familieperdok.nl
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Eclipse-webtools-sourceediting cannot be updates due to a conflict
Version-Release number of selected component (if applicable):
Problem: package eclipse-pdt-6.2.0-3.fc31.noarch requires
osgi(org.eclipse.wst.jsdt.core), but none of the providers can be installed
- package eclipse-pdt-6.2.0-3.fc31.noarch requires
osgi(org.eclipse.wst.jsdt.ui), but none of the providers can be installed
- package eclipse-pdt-6.2.0-3.fc31.noarch requires
osgi(org.eclipse.wst.jsdt.web.core), but none of the providers can be installed
- package eclipse-pdt-6.2.0-3.fc31.noarch requires
osgi(org.eclipse.wst.jsdt.web.ui), but none of the providers can be installed
- cannot install both
eclipse-webtools-sourceediting-3.15.0-3.module_f31+7243+50fb5b11.noarch and
eclipse-webtools-sourceediting-3.15.0-1.module_f31+6793+1c93c38e.noarch
- cannot install both
eclipse-webtools-sourceediting-3.15.0-3.module_f31+7243+50fb5b11.noarch and
eclipse-webtools-sourceediting-3.15.0-1.module_f31+6519+12cd0b27.noarch
- cannot install the best update candidate for package
eclipse-webtools-sourceediting-3.15.0-1.module_f31+6793+1c93c38e.noarch
- cannot install the best update candidate for package
eclipse-pdt-6.2.0-3.fc31.noarch
- package eclipse-webtools-sourceediting-3.13.0-1.fc31.noarch is filtered out
by modular filtering
================================================================================================================================================================
Package Architecture Version
Repository Size
================================================================================================================================================================
Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
eclipse-webtools-sourceediting noarch
3.15.0-1.module_f31+6519+12cd0b27 fedora-modular
33 M
eclipse-webtools-sourceediting noarch
3.15.0-3.module_f31+7243+50fb5b11 updates-modular
12 M
Transaction Summary
================================================================================================================================================================
Skip 2 Packages
How reproducible:
run dnf update
Steps to Reproduce:
1.dnf update
2.
3.
Actual results:
Above error message
Expected results:
upgrade without error messages
Additional info:
Suggested options "--best --allowerasing" do not offer a solution.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1795038
Bug ID: 1795038
Summary: Java/Eclipse packages (e.g. glassfish-jsp) are not
being updated
Product: Fedora
Version: 31
Status: NEW
Component: eclipse
Assignee: mat.booth(a)redhat.com
Reporter: jan.public(a)famvlug.nl
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)fedoraproject.org,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
I have been using my system since many Fedora versions, and I always upgrade
Fedora when there is a new release.
It is possible that I have been fidling with my system to get Eclipse working.
At the moment, it seems that I have a modular Eclipse package:
# dnf list installed | grep eclipse-platform
eclipse-platform.x86_64
1:4.13-6.module_f31+7243+50fb5b11 @updates-modular
My system is fully up to date:
# dnf update
Last metadata expiration check: 2:19:18 ago on Sun 26 Jan 2020 14:03:38 CET.
Dependencies resolved.
Nothing to do.
Complete!
However according to dnf updateinfo info there are updates available:
[root@rainbowdash ~]# dnf updateinfo info
Last metadata expiration check: 2:19:53 ago on Sun 26 Jan 2020 14:03:38 CET.
===============================================================================
apache-commons-compress-1.19-1.fc31
===============================================================================
Update ID: FEDORA-2019-da0eac1eb6
Type: security
Updated: 2020-01-25 06:59:21
Bugs: 1761797 - CVE-2019-12402 apache-commons-compress: denial of
service vulnerability
Description: Update to version 1.19.
:
: Resolves CVE-2019-12402.
Severity: Important
===============================================================================
eclipse-m2e-workspace-0.4.0-13.fc31
===============================================================================
Update ID: FEDORA-2019-d3d3a793c2
Type: enhancement
Updated: 2020-01-25 06:54:44
Description: Fix build to avoid takari-* stack
Severity: Low
===============================================================================
glassfish-hk2-2.5.0-5.fc31
===============================================================================
Update ID: FEDORA-2019-a0e393f792
Type: bugfix
Updated: 2020-01-25 06:59:52
Bugs: 1735263 - glassfish-hk2: FTBFS in Fedora rawhide/f31
Description: Rebuild with reduced dependency set to fix FTBFS on fedora 31+.
Severity: None
===============================================================================
glassfish-jsp-2.3.4-2.fc31 takari-polyglot-0.4.4-5.fc31
===============================================================================
Update ID: FEDORA-2019-45dcf79c41
Type: enhancement
Updated: 2020-01-04 21:32:10
Description: Unretirement of glassfish-jsp and takari-polyglot.
:
Severity: Low
===============================================================================
jackson-annotations-2.10.0-1.fc31 jackson-bom-2.10.0-1.fc31
jackson-core-2.10.0-1.fc31 jackson-databind-2.10.0-1.fc31
jackson-parent-2.10-1.fc31
===============================================================================
Update ID: FEDORA-2019-cf87377f5f
Type: security
Updated: 2020-01-25 06:58:04
Bugs: 1755832 - CVE-2019-16335 jackson-databind: polymorphic typing
issue related to com.zaxxer.hikari.HikariDataSource [fedora-all]
: 1755850 - CVE-2019-14540 jackson-databind: polymorphic typing
issue related to com.zaxxer.hikari.HikariConfig [fedora-all]
: 1758168 - jackson-databind: Serialization gadgets in classes of
the ehcache package [fedora-all]
: 1758172 - jackson-databind: Serialization gadgets in classes of
the commons-configuration package [fedora-all]
: 1758183 - jackson-databind: Serialization gadgets in classes of
the xalan package [fedora-all]
: 1758188 - CVE-2019-16942 jackson-databind: Serialization gadgets
in classes of the commons-dbcp package [fedora-all]
: 1758193 - CVE-2019-16943 jackson-databind: Serialization gadgets
in classes of the p6spy package [fedora-all]
Description: - Update jackson-parent to version 2.10.
: - Update jackson-bom to version 2.10.0.
: - Update jackson-annotations to version 2.10.0.
: - Update jackson-core to version 2.10.0.
: - Update jackson-databind to version 2.10.0.
:
: Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
CVE-2019-16943.
Severity: Moderate
===============================================================================
jackson-dataformat-xml-2.10.0-1.fc31 jackson-jaxrs-providers-2.10.0-1.fc31
jackson-modules-base-2.10.0-1.fc31 stax2-api-4.2-1.fc31
woodstox-core-6.0.2-1.fc31
===============================================================================
Update ID: FEDORA-2019-12ea5e5227
Type: enhancement
Updated: 2020-01-25 06:57:05
Description: Update resteasy dependencies
Severity: None
===============================================================================
kernel-5.4.13-201.fc31
===============================================================================
Update ID: FEDORA-2020-aa144b34ed
Type: bugfix
Updated: 2020-01-25 06:59:26
Description: Update to Linux v5.4.13
Severity: None
===============================================================================
maven-3.5.4-13.fc31
===============================================================================
Update ID: FEDORA-2019-f3a7f84557
Type: bugfix
Updated: 2020-01-25 06:56:53
Bugs: 1767329 - postun scriplet failure
Description: Fix broken postun scriptlet.
Severity: None
===============================================================================
maven-osgi-0.2.0-18.fc31
===============================================================================
Update ID: FEDORA-2019-6ff5c442a3
Type: unknown
Updated: 2020-01-25 06:57:02
Description: Package un-retirement.
Severity: None
Note that glassfish-jsp-2.3.4-2.fc31 was already updated in the repository on
2020-01-04 21:32:10 according to the dnf updateinfo output.
Here for information the output of a few commands:
# dnf list installed | grep glassfish-jsp
glassfish-jsp.noarch
2.3.3-0.14.b02.module_f31+6793+1c93c38e @updates-modular
glassfish-jsp-api.noarch
2.3.3-1.module_f31+7243+50fb5b11 @updates-modular
# dnf module list | grep glassfish-jsp
<no results here>
# dnf install glassfish-jsp
Last metadata expiration check: 2:25:20 ago on Sun 26 Jan 2020 14:03:38 CET.
Package glassfish-jsp-2.3.3-0.14.b02.module_f31+6793+1c93c38e.noarch is already
installed.
Dependencies resolved.
Nothing to do.
Complete!
# dnf remove glassfish-jsp
This results in the removal of 134 packages, including eclipse modular. I did
not proceed with this removal.
Is there a problem with the unretirement of glassfish-jsp?
--
You are receiving this mail because:
You are on the CC list for the bug.