dev-java/xerces: Bump to 2.12.2 (CVE-2022-23437) #24054
Conversation
Pull Request assignmentSubmitter: @vaukai dev-java/xerces: @gentoo/java Linked bugsBugs linked: 783417, 782697, 831155, 831979 In order to force reassignment and/or bug reference scan, please append Docs: Code of Conduct ● Copyright policy (expl.) ● Devmanual ● GitHub PRs ● Proxy-maint guide |
gentoo-bot
added
assigned
Pull request CI reportReport generated at: 2022-02-02 18:46 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
dev-java/xerces/xerces-2.12.2.ebuild
Outdated
| local vm_version="$(java-config -g PROVIDES_VERSION)" | ||
| if [[ "${vm_version}" != "1.8" ]] ; then | ||
| rm -rv "src/org/w3c" || die | ||
| fi |
There was a problem hiding this comment.
i'm afraid this block might cause some issues during runtime. as if one compiles the package with jdk > 1.8 and then attempts to use the package with jdk 1.8, org.w3c won't be on the classpath and it will end up with an exception.
There was a problem hiding this comment.
Would a solution be to raise the (R)DEPEND requirement to j(d|r)e-1.11?
There was a problem hiding this comment.
Would a solution be to raise the (R)DEPEND requirement to j(d|r)e-1.11?
That way it'd be useless for jdk-1.8 and would urge us to keep the older vulnerable version ...
Closes: https://bugs.gentoo.org/831155 Bug: https://bugs.gentoo.org/831979 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Closes: https://bugs.gentoo.org/783417 Closes: https://bugs.gentoo.org/782697 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Pull request CI reportReport generated at: 2022-02-03 11:55 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
|
@vaukai merged, thanks! |
No description provided.