java-sig-commits April 2015

java-sig-commits@lists.fedoraproject.org

5 participants
224 discussions

[Bug 1106162] New: maven-changelog-plugin: FTBFS in rawhide
by Red Hat Bugzilla 19 Jul '16

19 Jul '16

https://bugzilla.redhat.com/show_bug.cgi?id=1106162 Bug ID: 1106162 Summary: maven-changelog-plugin: FTBFS in rawhide Product: Fedora Version: rawhide Component: maven-changelog-plugin Assignee: huwang(a)redhat.com Reporter: dennis(a)ausil.us QA Contact: extras-qa(a)fedoraproject.org CC: huwang(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jvanek(a)redhat.com, msrb(a)redhat.com Blocks: 1105908 Your package maven-changelog-plugin failed to build from source in current rawhide. http://koji.fedoraproject.org/koji/taskinfo?taskID=6953430 For details on mass rebuild see https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1105908 [Bug 1105908] Fedora 21 Mass Rebuild FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bN7aegh18X&a=cc_unsubscribe

1 4

[Bug 1105943] New: akka: FTBFS in rawhide
by Red Hat Bugzilla 19 Jul '16

19 Jul '16

https://bugzilla.redhat.com/show_bug.cgi?id=1105943 Bug ID: 1105943 Summary: akka: FTBFS in rawhide Product: Fedora Version: rawhide Component: akka Assignee: willb(a)redhat.com Reporter: dennis(a)ausil.us QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, willb(a)redhat.com Blocks: 1105908 Your package akka failed to build from source in current rawhide. http://koji.fedoraproject.org/koji/taskinfo?taskID=6933209 For details on mass rebuild see https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1105908 [Bug 1105908] Fedora 21 Mass Rebuild FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=giGVVdugT3&a=cc_unsubscribe

1 4

[Bug 1013603] New: jspc: Maven metadata is installed incorrectly
by Red Hat Bugzilla 19 Jul '16

19 Jul '16

https://bugzilla.redhat.com/show_bug.cgi?id=1013603 Bug ID: 1013603 Summary: jspc: Maven metadata is installed incorrectly Product: Fedora Version: rawhide Component: jspc Assignee: pmackinn(a)redhat.com Reporter: mizdebsk(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, pmackinn(a)redhat.com Description of problem: jspc package installs the same Maven metadata in more than one package. This results in incorrect package provides. Version-Release number of selected component (if applicable): 2.0-0.7.alpha.3 Steps to Reproduce: 1. Look at package provides Actual results: mvn(org.codehaus.mojo.jspc:jspc): jspc: package version: 2.0 provided version: 2.0-alpha-3 jspc-compiler-tomcat6 (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-compilers (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-maven-plugin (jspc): package version: 2.0 provided version: 2.0-alpha-3 mvn(org.codehaus.mojo.jspc:jspc-compiler-api): jspc: package version: 2.0 provided version: 2.0-alpha-3 jspc-compiler-tomcat6 (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-compilers (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-maven-plugin (jspc): package version: 2.0 provided version: 2.0-alpha-3 mvn(org.codehaus.mojo.jspc:jspc-compiler-tomcat6): jspc: package version: 2.0 provided version: 2.0-alpha-3 jspc-compiler-tomcat6 (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-compilers (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-maven-plugin (jspc): package version: 2.0 provided version: 2.0-alpha-3 mvn(org.codehaus.mojo.jspc:jspc-compilers): jspc: package version: 2.0 provided version: 2.0-alpha-3 jspc-compiler-tomcat6 (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-compilers (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-maven-plugin (jspc): package version: 2.0 provided version: 2.0-alpha-3 mvn(org.codehaus.mojo.jspc:jspc-maven-plugin): jspc: package version: 2.0 provided version: 2.0-alpha-3 jspc-compiler-tomcat6 (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-compilers (jspc): package version: 2.0 provided version: 2.0-alpha-3 jspc-maven-plugin (jspc): package version: 2.0 provided version: 2.0-alpha-3 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Oals1syJlT&a=cc_unsubscribe

1 2

[Bug 958047] New: woodstox-core: javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING not supported
by Red Hat Bugzilla 19 Jul '16

19 Jul '16

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=958047 Bug ID: 958047 Summary: woodstox-core: javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING not supported Product: Fedora Version: rawhide Component: woodstox-core Severity: unspecified Priority: unspecified Assignee: jcapik(a)redhat.com Reporter: fweimer(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, jcapik(a)redhat.com, mizdebsk(a)redhat.com Blocks: 958046 Category: --- This doesn't work: SAXParserFactory factory = new WstxSAXParserFactory(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); SAXParser parser = factory.newSAXParser(); InputSource is = new InputSource(new FileInputStream(args[0])); parser.parse(is, new DefaultHandler()); It results in: Exception in thread "main" org.xml.sax.SAXNotRecognizedException: Feature 'http://javax.xml.XMLConstants/feature/secure-processing' not recognized As a result, it appears impossible to defend against "billion laughs"-style denial of service attacks, along the lines of: https://git.fedorahosted.org/cgit/secure-coding.git/tree/defensive-coding/s… https://git.fedorahosted.org/cgit/secure-coding.git/tree/defensive-coding/s… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bPCdHpPVN2&a=cc_unsubscribe

1 4

[Bug 1114286] New: felix-bundlerepository-2.0.2 is available
by Red Hat Bugzilla 23 Jun '16

23 Jun '16

https://bugzilla.redhat.com/show_bug.cgi?id=1114286 Bug ID: 1114286 Summary: felix-bundlerepository-2.0.2 is available Product: Fedora Version: rawhide Component: felix-bundlerepository Keywords: FutureFeature, Triaged Assignee: msrb(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Latest upstream release: 2.0.2 Current version/release in Fedora Rawhide: 1.6.6-16.fc21 URL: http://felix.apache.org/downloads.cgi Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HlPTCWV8kg&a=cc_unsubscribe

1 7

[Bug 958727] New: plexus-utils: XMLWriterUtil should guard against problematic comments
by Red Hat Bugzilla 08 May '16

08 May '16

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=958727 Bug ID: 958727 Summary: plexus-utils: XMLWriterUtil should guard against problematic comments Product: Fedora Version: rawhide Component: plexus-utils Severity: unspecified Priority: unspecified Assignee: fnasser(a)redhat.com Reporter: fweimer(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Blocks: 958220 Category: --- org.codehaus.plexus.util.xml#writeComment(XMLWriter, String, int, int, int) does not check if the comment includes a "-->" sequence. This means that text contained in the command string could be interpreted as XML, possibly leading to XML injection issues, depending on how this method is being called. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=N5myzkUcYQ&a=cc_unsubscribe

1 6

[Bug 958221] New: plexus-utils: directory traversal in org.codehaus.plexus.util.Expand
by Red Hat Bugzilla 08 May '16

08 May '16

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=958221 Bug ID: 958221 Summary: plexus-utils: directory traversal in org.codehaus.plexus.util.Expand Product: Fedora Version: rawhide Component: plexus-utils Severity: unspecified Priority: unspecified Assignee: fnasser(a)redhat.com Reporter: fweimer(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Blocks: 958220 Category: --- org.codehaus.plexus.util.Expand does not guard against directory traversal, but such protection is generally expected from unarchiving tools. I think the class should just be deprecated and removed because there do not appear to be any users left (not even a test case). -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=hp1lhU9LQd&a=cc_unsubscribe

1 5

[Bug 1193307] New: tomcat: do not provide javax.el:el-api
by Red Hat Bugzilla 08 Apr '16

08 Apr '16

https://bugzilla.redhat.com/show_bug.cgi?id=1193307 Bug ID: 1193307 Summary: tomcat: do not provide javax.el:el-api Product: Fedora Version: 22 Component: tomcat Assignee: ivan.afonichev(a)gmail.com Reporter: msrb(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com Description of problem: tomcat currently provides, among others, mvn(javax.el:el-api). The problem is that the glassfish-el-api provides it as well. This causes other packages fail to build, if both tomcat and glassfish-el-api happen to be in the buildroot. I think that glassfish-el-api should be the one providing javax.el:el-api, as it is a reference implementation of EL. Java packaging guidelines should be updated as well. Version-Release number of selected component (if applicable): tomcat-8.0.18-1.fc23 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kgtemPVawE&a=cc_unsubscribe

1 2

[Bug 1185148] New: CVE-2014-9634 Jenkins on Tomcat: failure to set secure flag on cookies
by Red Hat Bugzilla 15 Feb '16

15 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1185148 Bug ID: 1185148 Summary: CVE-2014-9634 Jenkins on Tomcat: failure to set secure flag on cookies Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: kseifried(a)redhat.com CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jdetiber(a)redhat.com, jialiu(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kseifried(a)redhat.com, lmeyer(a)redhat.com, mmccomas(a)redhat.com, msrb(a)redhat.com Yann Rouillard reports: Jenkins on Tomcat fails to set the secure flag on cookies. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gU5XTmvmU1&a=cc_unsubscribe

1 6

[Bug 1185151] New: CVE-2014-9635 Jenkins on Tomcat: failure to set httponly flag on cookies
by Red Hat Bugzilla 15 Feb '16

15 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1185151 Bug ID: 1185151 Summary: CVE-2014-9635 Jenkins on Tomcat: failure to set httponly flag on cookies Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: kseifried(a)redhat.com CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jdetiber(a)redhat.com, jialiu(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kseifried(a)redhat.com, lmeyer(a)redhat.com, mmccomas(a)redhat.com, msrb(a)redhat.com Yann Rouillard reports: Jenkins on Tomcat fails to set the httponly flag on cookies. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6JvfkFVyd4&a=cc_unsubscribe

1 7

← Newer
1
2
3
4
5
6
7
...
23
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits April 2015