New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dev-java/xerces: Bump to 2.12.2 (CVE-2022-23437) #24054
Conversation
Pull Request assignmentSubmitter: @vaukai dev-java/xerces: @gentoo/java Linked bugsBugs linked: 783417, 782697, 831155, 831979 In order to force reassignment and/or bug reference scan, please append Docs: Code of Conduct ● Copyright policy (expl.) ● Devmanual ● GitHub PRs ● Proxy-maint guide |
Pull request CI reportReport generated at: 2022-02-02 18:46 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
dev-java/xerces/xerces-2.12.2.ebuild
Outdated
local vm_version="$(java-config -g PROVIDES_VERSION)" | ||
if [[ "${vm_version}" != "1.8" ]] ; then | ||
rm -rv "src/org/w3c" || die | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm afraid this block might cause some issues during runtime. as if one compiles the package with jdk > 1.8 and then attempts to use the package with jdk 1.8, org.w3c
won't be on the classpath and it will end up with an exception.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would a solution be to raise the (R)DEPEND requirement to j(d|r)e-1.11?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would a solution be to raise the (R)DEPEND requirement to j(d|r)e-1.11?
That way it'd be useless for jdk-1.8
and would urge us to keep the older vulnerable version ...
Closes: https://bugs.gentoo.org/831155 Bug: https://bugs.gentoo.org/831979 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Closes: https://bugs.gentoo.org/783417 Closes: https://bugs.gentoo.org/782697 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Pull request CI reportReport generated at: 2022-02-03 11:55 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
@vaukai merged, thanks! |
No description provided.