[javapackages] Prep for release 4.5.0
by Michal Srb
commit 4290dc582d60487163dbe9dc20f5d563789498d5
Author: Michal Srb <msrb(a)redhat.com>
Date: Thu Apr 9 10:04:15 2015 +0200
Prep for release 4.5.0
VERSION | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/VERSION b/VERSION
index 9d856fc..a84947d 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.5.0-SNAPSHOT
+4.5.0
9 years
[Bug 1133769] CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1133769
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jrusnack(a)redhat.com
Whiteboard|impact=important,public=201 |impact=important,public=201
|30730,reported=20140826,sou |30730,reported=20140826,sou
|rce=internet,cvss2=5.8/AV:N |rce=internet,cvss2=5.8/AV:N
|/AC:M/Au:N/C:P/I:P/A:N,cwe= |/AC:M/Au:N/C:P/I:P/A:N,cwe=
|cwe=CWE-295,fedora-all/asyn |CWE-295,fedora-all/async-ht
|c-http-client=affected,bpms |tp-client=affected,bpms-6/a
|-6/async-http-client=affect |sync-http-client=affected,b
|ed,brms-6/async-http-client |rms-6/async-http-client=aff
|=affected,jdv-6/async-http- |ected,jdv-6/async-http-clie
|client=affected,fsw-6/async |nt=affected,fsw-6/async-htt
|-http-client=affected,jboss |p-client=affected,jboss/fus
|/fuse-6.1=affected,jboss/fu |e-6.1=affected,jboss/fuse-e
|se-esb-7.1=affected |sb-7.1=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=f5XdWkUR5o&a=cc_unsubscribe
9 years
[javapackages] Remove mvn-rpmbuild and mvn-local
by Mikolaj Izdebski
commit f19fc288cbd4445d2e4ebb87b6133d5f1772e052
Author: Mikolaj Izdebski <mizdebsk(a)redhat.com>
Date: Thu Apr 9 09:19:56 2015 +0200
Remove mvn-rpmbuild and mvn-local
bin/mvn-local | 45 ------------
bin/mvn-rpmbuild | 94 -------------------------
build | 2 -
configs/configuration-rpmbuild-raw.xml | 104 ----------------------------
configs/configuration-rpmbuild.xml | 117 --------------------------------
install | 7 --
6 files changed, 0 insertions(+), 369 deletions(-)
---
diff --git a/build b/build
index 30e0b09..70bbc49 100755
--- a/build
+++ b/build
@@ -78,8 +78,6 @@ expand bin/create-jar-links
expand bin/diff-jars
expand bin/find-jar
expand bin/jvmjar
-expand bin/mvn-local
-expand bin/mvn-rpmbuild
expand bin/rebuild-jar-repository
expand bin/shade-jar
expand bin/xmvn-builddep
diff --git a/install b/install
index 2ea4325..6def873 100755
--- a/install
+++ b/install
@@ -164,12 +164,8 @@ inst_data depgenerators/fileattrs/javadoc.attr "${rpmconfigdir}/fileattrs"
inst_data etc/javapackages-metadata.xml "${datadir}/maven-metadata"
inst_data configs/configuration.xml "${m2home}"
-inst_data configs/configuration-rpmbuild.xml "${m2home}"
-inst_data configs/configuration-rpmbuild-raw.xml "${m2home}"
link "${m2home}/configuration.xml" "${m2home}/configuration-21.xml"
-link "${m2home}/configuration-rpmbuild.xml" "${m2home}/configuration-21-rpmbuild.xml"
-link "${m2home}/configuration-rpmbuild-raw.xml" "${m2home}/configuration-21-rpmbuild-raw.xml"
inst_config etc/javapackages-config.json "${javaconfdir}"
@@ -203,9 +199,6 @@ inst_data java-utils/mvn_build.py "${javadir}-utils"
inst_data target/mvn_build.7 "${mandir}/man7"
-inst_exec target/mvn-local "${bindir}"
-inst_exec target/mvn-rpmbuild "${bindir}"
-
exec >files-ivy
9 years
[Bug 1133769] CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1133769
Pavel Polischouk <pavelp(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|30730,reported=20140826,sou |30730,reported=20140826,sou
|rce=internet,cvss2=5.8/AV:N |rce=internet,cvss2=5.8/AV:N
|/AC:M/Au:N/C:P/I:P/A:N,fedo |/AC:M/Au:N/C:P/I:P/A:N,cwe=
|ra-all/async-http-client=af |cwe=CWE-295,fedora-all/asyn
|fected,bpms-6/async-http-cl |c-http-client=affected,bpms
|ient=affected,brms-6/async- |-6/async-http-client=affect
|http-client=affected,jdv-6/ |ed,brms-6/async-http-client
|async-http-client=affected, |=affected,jdv-6/async-http-
|fsw-6/async-http-client=aff |client=affected,fsw-6/async
|ected,jboss/fuse-6.1=affect |-http-client=affected,jboss
|ed,jboss/fuse-esb-7.1=affec |/fuse-6.1=affected,jboss/fu
|ted |se-esb-7.1=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3vFj6GE9U6&a=cc_unsubscribe
9 years
[Bug 1133769] CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1133769
Pavel Polischouk <pavelp(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |aileenc(a)redhat.com,
| |alazarot(a)redhat.com,
| |etirelli(a)redhat.com,
| |gvarsami(a)redhat.com,
| |java-sig-commits(a)lists.fedo
| |raproject.org,
| |jcoleman(a)redhat.com,
| |kconner(a)redhat.com,
| |ldimaggi(a)redhat.com,
| |lpetrovi(a)redhat.com,
| |mbaluch(a)redhat.com,
| |mizdebsk(a)redhat.com,
| |msimacek(a)redhat.com,
| |msrb(a)redhat.com,
| |mwinkler(a)redhat.com,
| |nwallace(a)redhat.com,
| |rrajasek(a)redhat.com,
| |rwagner(a)redhat.com,
| |rzhang(a)redhat.com,
| |soa-p-jira(a)post-office.corp
| |.redhat.com,
| |tcunning(a)redhat.com,
| |tkirby(a)redhat.com
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RXrdrX6uCT&a=cc_unsubscribe
9 years
[javapackages] Fix incorrect argument order in XMvnResolve.from_artifact()
by Mikolaj Izdebski
commit 82fb0a293b0ca5141c8f9c56de39b35fa988fc9a
Author: Mikolaj Izdebski <mizdebsk(a)redhat.com>
Date: Wed Apr 8 18:15:02 2015 +0200
Fix incorrect argument order in XMvnResolve.from_artifact()
python/javapackages/xmvn/xmvn_resolve.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/python/javapackages/xmvn/xmvn_resolve.py b/python/javapackages/xmvn/xmvn_resolve.py
index 6e90ed1..e47794d 100644
--- a/python/javapackages/xmvn/xmvn_resolve.py
+++ b/python/javapackages/xmvn/xmvn_resolve.py
@@ -167,5 +167,5 @@ class ResolutionRequest(object):
@classmethod
def from_artifact(cls, artifact):
- return cls(artifact.artifactId, artifact.groupId,
+ return cls(artifact.groupId, artifact.artifactId,
artifact.extension, artifact.classifier, artifact.version)
9 years, 1 month
[javapackages] [test] Ignore element ordering
by Michal Srb
commit bfb8a6fec76ae70ca8ec6659e9a2a0130744c845
Author: Michal Srb <msrb(a)redhat.com>
Date: Wed Apr 8 12:26:37 2015 +0200
[test] Ignore element ordering
test/mvn_artifact_test.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/test/mvn_artifact_test.py b/test/mvn_artifact_test.py
index c97f1ef..8e1a636 100644
--- a/test/mvn_artifact_test.py
+++ b/test/mvn_artifact_test.py
@@ -46,7 +46,7 @@ class TestMvnArtifact(unittest.TestCase):
got = etree.parse(".xmvn-reactor").getroot()
want = etree.parse(os.path.join(self.workdir,
test_name+"-want.xml")).getroot()
- report = compare_lxml_etree(got, want)
+ report = compare_lxml_etree(got, want, unordered=['dependencies'])
if report:
report = '\n' + report
return report
9 years, 1 month
[javapackages] Maven ignores "optional" tag in dependencyManagement section, do the same
by Michal Srb
commit 839cacd3d188ad696c6c43f4304662bf3c426c31
Author: Michal Srb <msrb(a)redhat.com>
Date: Wed Apr 8 10:58:00 2015 +0200
Maven ignores "optional" tag in dependencyManagement section, do the same
See:
http://jira.codehaus.org/browse/MNG-5632
http://jira.codehaus.org/browse/MNG-4600
python/javapackages/maven/artifact.py | 5 ++---
python/javapackages/maven/dependency.py | 6 ------
.../merge_sections/child/child/pom.xml | 5 +++++
.../data/mvn_artifact/merge_sections/child/pom.xml | 6 ++++++
test/data/mvn_artifact/merge_sections/pom.xml | 10 ++++++++++
.../data/mvn_artifact/test_merge_sections-want.xml | 16 +++++++++++++++-
6 files changed, 38 insertions(+), 10 deletions(-)
---
diff --git a/python/javapackages/maven/artifact.py b/python/javapackages/maven/artifact.py
index 50264ba..1246cc6 100644
--- a/python/javapackages/maven/artifact.py
+++ b/python/javapackages/maven/artifact.py
@@ -32,7 +32,6 @@
# Authors: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
# Michal Srb <msrb(a)redhat.com>
-import sys
import re
import six
@@ -147,7 +146,7 @@ class AbstractArtifact(object):
if self.compare_to(artifact):
for member in self.__dict__:
if not member.startswith('_'):
- # for "scope" and "optional":
+ # for "scope":
# copy value from parent artifact only if this object
# contains default/implicit value
if (hasattr(self, "_default_" + member) and
@@ -158,7 +157,7 @@ class AbstractArtifact(object):
# override it again
if not getattr(artifact, "_default_" + member):
setattr(self, "_default_" + member, False)
- # for fields other than "scope" and "optional":
+ # for fields other than "scope":
# copy value from parent artifact, if current value is empty
elif not getattr(self, member):
setattr(self, member, getattr(artifact, member))
diff --git a/python/javapackages/maven/dependency.py b/python/javapackages/maven/dependency.py
index 0ab517d..d3c05a1 100644
--- a/python/javapackages/maven/dependency.py
+++ b/python/javapackages/maven/dependency.py
@@ -67,7 +67,6 @@ class Dependency(AbstractArtifact):
# raw values
# TODO: probably not needed anymore
self._raw_scope = scope
- self._raw_optional = optional
if extension:
self.extension = extension.strip()
@@ -80,7 +79,6 @@ class Dependency(AbstractArtifact):
self._default_scope = False
if optional is not None:
self.optional = optional.strip()
- self._default_optional = False
if exclusions:
self.exclusions = exclusions
@@ -89,10 +87,6 @@ class Dependency(AbstractArtifact):
return True
return False
- def get_raw_optional(self):
- """Return original value for 'optional' element."""
- return self._raw_optional
-
def get_raw_scope(self):
"""Return original value for 'scope' element."""
return self._raw_scope
diff --git a/test/data/mvn_artifact/merge_sections/child/child/pom.xml b/test/data/mvn_artifact/merge_sections/child/child/pom.xml
index 068ae91..a0306b2 100644
--- a/test/data/mvn_artifact/merge_sections/child/child/pom.xml
+++ b/test/data/mvn_artifact/merge_sections/child/child/pom.xml
@@ -18,5 +18,10 @@
<groupId>gdep1</groupId>
<artifactId>adep1</artifactId>
</dependency>
+ <dependency>
+ <groupId>gdep2</groupId>
+ <artifactId>adep2</artifactId>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
</project>
diff --git a/test/data/mvn_artifact/merge_sections/child/pom.xml b/test/data/mvn_artifact/merge_sections/child/pom.xml
index e036faf..543d06b 100644
--- a/test/data/mvn_artifact/merge_sections/child/pom.xml
+++ b/test/data/mvn_artifact/merge_sections/child/pom.xml
@@ -21,6 +21,12 @@
<version>10</version>
<optional>true</optional>
</dependency>
+ <dependency>
+ <groupId>gdep2</groupId>
+ <artifactId>adep2</artifactId>
+ <version>20</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</dependencyManagement>
</project>
diff --git a/test/data/mvn_artifact/merge_sections/pom.xml b/test/data/mvn_artifact/merge_sections/pom.xml
index 1f1c9ff..52b8142 100644
--- a/test/data/mvn_artifact/merge_sections/pom.xml
+++ b/test/data/mvn_artifact/merge_sections/pom.xml
@@ -16,4 +16,14 @@
</dependency>
</dependencies>
</dependencyManagement>
+
+ <dependencies>
+ <dependency>
+ <groupId>gdep3</groupId>
+ <artifactId>adep3</artifactId>
+ <scope>compile</scope>
+ <version>30</version>
+ <optional>true</optional>
+ </dependency>
+ </dependencies>
</project>
diff --git a/test/data/mvn_artifact/test_merge_sections-want.xml b/test/data/mvn_artifact/test_merge_sections-want.xml
index 0f15ed1..cd89a4f 100644
--- a/test/data/mvn_artifact/test_merge_sections-want.xml
+++ b/test/data/mvn_artifact/test_merge_sections-want.xml
@@ -11,9 +11,23 @@
<ns0:groupId>gdep1</ns0:groupId>
<ns0:artifactId>adep1</ns0:artifactId>
<ns0:extension>jar</ns0:extension>
- <ns0:optional>true</ns0:optional>
+ <ns0:optional>false</ns0:optional>
<ns0:requestedVersion>10</ns0:requestedVersion>
</ns0:dependency>
+ <ns0:dependency>
+ <ns0:groupId>gdep2</ns0:groupId>
+ <ns0:artifactId>adep2</ns0:artifactId>
+ <ns0:extension>jar</ns0:extension>
+ <ns0:optional>false</ns0:optional>
+ <ns0:requestedVersion>20</ns0:requestedVersion>
+ </ns0:dependency>
+ <ns0:dependency>
+ <ns0:groupId>gdep3</ns0:groupId>
+ <ns0:artifactId>adep3</ns0:artifactId>
+ <ns0:extension>jar</ns0:extension>
+ <ns0:optional>true</ns0:optional>
+ <ns0:requestedVersion>30</ns0:requestedVersion>
+ </ns0:dependency>
</ns0:dependencies>
</ns0:artifact>
</ns0:artifacts>
9 years, 1 month
[javapackages] [doc] Compat versions
by Michael Šimáček
commit 4b860f02dc93e392db347c94aadf79f46c7ad631
Author: Michael Simacek <msimacek(a)redhat.com>
Date: Tue Apr 7 18:13:32 2015 +0200
[doc] Compat versions
doc/jar_file_id_compat.txt | 71 +++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 70 insertions(+), 1 deletions(-)
---
diff --git a/doc/jar_file_id_compat.txt b/doc/jar_file_id_compat.txt
index c226307..cd20759 100644
--- a/doc/jar_file_id_compat.txt
+++ b/doc/jar_file_id_compat.txt
@@ -1,5 +1,74 @@
Handling of compatibility packages, versioned jars etc.
WORK IN PROGRESS
-mizdebsk, 31 Oct 2013
+msimacek, 2015-04-02
+In Fedora we prefer to always have only the latest version of a given
+project. Unfortunately, this is not always possible as some projects
+change too much and it would be too hard to port dependent packages to
+the current version. It's not possible to just update the package and
+keep the old version around as the names, file paths and dependency
+provides would clash. The recommended practice is to update the current
+package to the new version and create new package representing the old
+version (called compat package). The compat package needs to have the
+version number (usually only the major number, unless further
+distinction is necessary) appended to the name, thus effectivelly having
+different name from RPM's point of view. Such compat package needs to
+perform some additional steps to ensure that it can be installed and
+used along the non-compat one.
+
+[NOTE]
+======
+You should always evaluate whether creating a compat package is really
+necessary. Porting dependent projects to new versions of dependencies
+may be a compicated task, but your effort would be appreciated and it's
+likely that the patch will be accepted upstream at some point in time.
+If the upstream is already inactive and the package is not required by
+anything, you should also consider retiring it.
+======
+
+===== Maven Compat Versions
+XMvn supports marking particular artifact as compat, performing the
+necessary steps to avoid clashes with the non-compat version. An
+artifact can be marked as compat by `%mvn_compat_version`. It accepts an
+artifact argument which will determine which artifact will be compat.
+The format for specifying artifact coordinates is the same as with
+<<mvn_alias,`%mvn_alias`>>. In the common case you will want to mark all
+artifacts as compat. You can specify multiple compat versions at a time.
+
+.Dependency resolution of compat artifacts
+When XMvn performs dependency resolution for a dependency artifact in
+a project, it checks the dependency version and compares it against all
+versions of the artifact installed in the buildroot. If none of the
+compat artifacts matches it will resolve the artifact to the non-compat
+one. This has a few implications:
+
+- The versions are compared for exact match. The compat package should
+ provide all applicable versions that are present in packages that
+ are supposed to be used with this version.
+- The dependent packages need to have correct BuildRequires on the
+ compat package as the virtual provides is also different (see below).
+
+.File names and virtual provides
+In order to prevent file name clashes, compat artifacts have the first
+specified compat version appended to the filename. Virtual provides for
+compat artifacts also contain the version as the last part of the
+coordinates. There are multiple provides for each specified compat
+version. Non-compat artifact don't have any version in the virtual
+provides.
+
+.Example invocation of `%mvn_compat_version`
+[source,shell]
+--------------
+# Assuming the package has name bar and version 3
+# Sets the compat version of foo:bar artifact to 3
+%mvn_compat_version foo:bar 3
+# The installed artifact file (assuming it's jar and there were no
+# %mvn_file calls) will be at %{_javadir}/bar/bar-3.jar
+# The generated provides for foo:bar will be
+# mvn(foo:bar:3) = 3
+# mvn(foo:bar:pom:3) = 3
+
+# Sets the compat versions of all artifacts in the build to 3 and 3.2
+%mvn_compat_version : 3 3.2
+--------------
9 years, 1 month