File gradle.changes of Package gradle.35463
-------------------------------------------------------------------
Fri Aug 30 13:06:42 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
- Security update
- Added patch:
* gradle-CVE-2023-35946.patch
+ Fix CVE-2023-35946 [bsc#1212930], dependency cache writes
files into an unintended location
+ Backport PathTraversalChecker.java from upstream version
8.2.0 and newer. Refactor for compatibility.
-------------------------------------------------------------------
Wed Jun 12 04:57:57 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* gradle-jakarta-inject.patch
+ fix build with jakarta-inject, a new google-guice dependency
-------------------------------------------------------------------
Wed Apr 10 07:06:44 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* gradle-plexus-xml.patch
+ fix build with the plexus-xml split from plexus-utils
-------------------------------------------------------------------
Tue Mar 26 09:07:13 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- security update
- Added patch:
* gradle-CVE-2019-15052.patch
+ fix CVE-2019-15052 [bsc#1145903], authentication credentials
are sent to all subsequent hosts that the request redirects to
-------------------------------------------------------------------
Fri Mar 8 08:34:58 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Add missing dependency of aopalliance
- Modified patches:
* 0005-Port-to-Maven-3.3.9-and-Eclipse-Aether.patch
+ add transitive dependency on aopalliance:aopalliance:1.0@jar
* 0013-Add-missing-transitive-dependencies.patch
+ add dependency on 'biz.aQute.bnd:biz.aQute.bnd.util:3.4.0@jar'
to fix build with newer aqute-bnd
-------------------------------------------------------------------
Fri Mar 8 08:33:28 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Fix build breakage on SLE-15-SP2 after upgrades of different
dependencies
-------------------------------------------------------------------
Wed Nov 1 12:49:55 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* sourcetarget.patch
+ Build ALL modules with source/target levels 8
-------------------------------------------------------------------
Thu Apr 27 14:34:25 UTC 2023 - pgajdos@suse.com
- security update
- added patch:
* gradle-CVE-2021-32751.patch
+ fix CVE-2021-32751 [bsc#1188569], 'application' plugin and
the 'gradlew' script are both vulnerable to arbitrary code
execution
-------------------------------------------------------------------
Tue Apr 11 07:08:13 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Added patch:
* use-nio-files-createTempFile-rather-than-File-createTempFile.patch
+ bsc#1184807 (CVE-2021-29428), bsc#1184799 (CVE-2021-29429)
-------------------------------------------------------------------
Mon May 23 12:27:42 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* gradle-java17.patch
+ Allow actually build gradle using Java 16+
-------------------------------------------------------------------
Fri May 20 04:46:11 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Modify the launcher so that gradle can work with Java 17
- Do not force building with java <= 15, since we now can run
gradle-bootstrap with Java 17 too
-------------------------------------------------------------------
Mon May 16 12:37:31 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Build against jansi 2.x
- Remove the jansi-native and hawtjni-runtime dependencies, since
jansi 2.x does not depend on them
- Modified patch:
* 0013-Add-missing-transitive-dependencies.patch
+ jansi does not have transitive dependencies any more
- Added patch:
* gradle-jansi.patch
+ port to use jansi 2.x
-------------------------------------------------------------------
Wed Mar 23 16:30:46 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Force building with java <= 11
-------------------------------------------------------------------
Mon Mar 14 05:27:44 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Fix build with maven-resolver 1.7.x
- Modified patch:
* 0005-Port-to-Maven-3.3.9-and-Eclipse-Aether.patch
+ package the new artifact maven-resolver-named-locks
-------------------------------------------------------------------
Tue Mar 8 06:21:15 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Remove from build dependencies some artifacts that are not
needed
-------------------------------------------------------------------
Tue Oct 19 07:02:43 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Modified patch:
* 0013-Add-missing-transitive-dependencies.patch
+ Add osgi-compendium to the dependencies, since newer qute-bnd
uses it
-------------------------------------------------------------------
Wed Jul 28 07:31:50 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Remove build requires that are not strictly needed
-------------------------------------------------------------------
Wed May 12 08:13:34 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Do not build against the legacy guava20 package any more
- Added patch:
* port-to-guava-30.patch
+ Port gradle 4.4.1 to guava 30.1.1
+ Set source level to 1.8, since guava 30 uses default
functions in interfaces, which is Java 8+ feature
-------------------------------------------------------------------
Tue Dec 17 11:49:50 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Avoid all-released-versions.json as source, since we are not
building integration tests.
-------------------------------------------------------------------
Mon Dec 9 12:38:32 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Modified patch:
* gradle-4.4.1-asm7.patch
+ Rediff and use ASM7 api instead of ASM6, since we are using
objectweb-asm 7.2
- Added patches:
* cast-estimated-runtime-to-long.patch
+ estimatedRuntime must be cast to long otherwise gradle build
fails with "Cannot assign value of type java.math.BigDecimal
to variable of type long".
* java11-compatibility.patch
+ Fixes the compatibility with Java 11. This is backport of
upstream changes in 4.8
* java8-compatibility.patch
+ Keep compatibility with Java 8 by avoiding to use Java 9+
APIs
* remove-timestamps.patch
+ Avoid timestamps and thus irreproducible builds
-------------------------------------------------------------------
Mon Nov 25 11:14:34 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* gradle-4.4.1-asm7.patch
+ fix build with objectweb-asm 7.2
-------------------------------------------------------------------
Wed Nov 20 21:31:11 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Gradle looks for slf4j-api.jar, so we provide a link there
-------------------------------------------------------------------
Sun Nov 17 20:04:50 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Package a full gradle instead of the open apis only
- Upgrade to version 4.4.1
- Added patches:
* 0001-Gradle-local-mode.patch
+ Use gradle local mode by default
* 0002-Remove-Class-Path-from-manifest.patch
+ Remove classpath from manifest
* 0003-Implement-XMvn-repository-factory-method.patch
+ Implement factory methods for xmvn repository
* 0004-Use-unversioned-dependency-JAR-names.patch
+ Use unversioned jar files for dependencies
* 0005-Port-to-Maven-3.3.9-and-Eclipse-Aether.patch
+ Port to maven 3.3.9 and maven-resolver
* 0006-Disable-code-quality-checks.patch
+ Disable code quality checks useless for rpm build
* 0007-Port-to-Kryo-3.0.patch
+ Fix build with kryo 3.0
* 0008-Port-to-Ivy-2.4.0.patch
+ Fix build with apache-ivy 2.4.0
* 0009-Port-to-Polyglot-0.1.8.patch
+ Allow building with tesla-polyglot >= 0.1.8
* 0010-Port-from-Simple-4-to-Jetty-9.patch
+ build using org.eclipse.jetty:jetty-server instead of
org.simpleframework:simple
* 0011-Disable-benchmarks.patch
+ Do not run benchmarks useless during rpm build
* 0012-Disable-patching-of-external-modules.patch
+ Disable patching of external modules during the build
* 0013-Add-missing-transitive-dependencies.patch
+ Add transitive dependencies for aqute-bndlib, jansi and zinc
* 0014-Disable-ideNative-module.patch
+ Do not build ideNative module
* 0015-Disable-docs-build.patch
+ Do not build docs needing asciidoctorj that we don't have
* 0016-Port-to-guava-20.0.patch
+ Fix build with guava 20.0
* 0017-Set-core-api-source-level-to-8.patch
+ Build core-api submodule with source/target 8
-------------------------------------------------------------------
Tue Sep 17 11:37:40 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Add LICENSE file to the correct tag
-------------------------------------------------------------------
Tue Sep 17 11:31:39 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1150998, CVE-2019-16370]
* The PGP signing plugin in Gradle before 6.0 relies on the SHA-1
algorithm. PGP signing plugin might allow an attacker to replace
an artifact with a different one.
- Add gradle-CVE-2019-16370.patch
-------------------------------------------------------------------
Thu Sep 14 05:34:54 UTC 2017 - fstrba@suse.com
- Specify java source and target level 1.6 in order to allow
building with jdk9
-------------------------------------------------------------------
Thu Dec 15 05:10:11 UTC 2016 - margherio.adam@gmail.com
- Updated to 3.2.1
-------------------------------------------------------------------
Mon Dec 28 13:56:20 UTC 2015 - mailaender@opensuse.org
- Update to 2.10
-------------------------------------------------------------------
Tue Apr 14 19:21:36 UTC 2015 - afaerber@suse.de
- Update to 2.3
-------------------------------------------------------------------
Tue Jul 8 08:48:15 UTC 2014 - tchvatal@suse.com
- Cleanup the sle11 build bit more.
-------------------------------------------------------------------
Fri Jun 27 14:22:37 UTC 2014 - tchvatal@suse.com
- Build on sle11
-------------------------------------------------------------------
Fri Jun 27 12:24:36 UTC 2014 - tchvatal@suse.com
- Cleanup the package to be up par at least a bit
-------------------------------------------------------------------
Fri Nov 27 00:00:00 UTC 2009 - lkundrak@v3.sk
- Initial packaging
