openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File gradle.changes of Package gradle

-------------------------------------------------------------------
Wed Oct 30 12:49:48 UTC 2024 - Gus Kenion <gus.kenion@suse.com>

- Security update
- Added patch:
  * gradle-CVE-2023-35947.patch
    + Fix CVE-2023-35947 (bsc#1212931), TarSlip vulnerability
    + Gradle no longer handles Tar archives which contain path
      traversal elements in a Tar entry name.

-------------------------------------------------------------------
Fri Aug 30 13:06:42 UTC 2024 - Gus Kenion <gus.kenion@suse.com>

- Security update
- Added patch:
  * gradle-CVE-2023-35946.patch
    + Fix CVE-2023-35946 [bsc#1212930], dependency cache writes
      files into an unintended location
    + Backport PathTraversalChecker.java from upstream version
      8.2.0 and newer. Refactor for compatibility.

-------------------------------------------------------------------
Wed Jun 12 04:57:57 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * gradle-jakarta-inject.patch
    + fix build with jakarta-inject, a new google-guice dependency

-------------------------------------------------------------------
Wed Apr 10 07:06:44 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * gradle-plexus-xml.patch
    + fix build with the plexus-xml split from plexus-utils

-------------------------------------------------------------------
Tue Mar 26 09:07:13 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- security update
- Added patch:
  * gradle-CVE-2019-15052.patch
    + fix CVE-2019-15052 [bsc#1145903], authentication credentials
      are sent to all subsequent hosts that the request redirects to

-------------------------------------------------------------------
Fri Mar  8 08:34:58 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Add missing dependency of aopalliance
- Modified patches:
  * 0005-Port-to-Maven-3.3.9-and-Eclipse-Aether.patch
    + add transitive dependency on aopalliance:aopalliance:1.0@jar
  * 0013-Add-missing-transitive-dependencies.patch
    + add dependency on 'biz.aQute.bnd:biz.aQute.bnd.util:3.4.0@jar'
      to fix build with newer aqute-bnd

-------------------------------------------------------------------
Fri Mar  8 08:33:28 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Fix build breakage on SLE-15-SP2 after upgrades of different
  dependencies

-------------------------------------------------------------------
Wed Nov  1 12:49:55 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * sourcetarget.patch
    + Build ALL modules with source/target levels 8

-------------------------------------------------------------------
Thu Apr 27 14:34:25 UTC 2023 - pgajdos@suse.com

- security update
- added patch:
  * gradle-CVE-2021-32751.patch
    + fix CVE-2021-32751 [bsc#1188569], 'application' plugin and
      the 'gradlew' script are both vulnerable to arbitrary code
      execution

-------------------------------------------------------------------
Tue Apr 11 07:08:13 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com>

- Added patch:
  * use-nio-files-createTempFile-rather-than-File-createTempFile.patch
    + bsc#1184807 (CVE-2021-29428), bsc#1184799 (CVE-2021-29429)

-------------------------------------------------------------------
Mon May 23 12:27:42 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * gradle-java17.patch
    + Allow actually build gradle using Java 16+

-------------------------------------------------------------------
Fri May 20 04:46:11 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Modify the launcher so that gradle can work with Java 17
- Do not force building with java <= 15, since we now can run
  gradle-bootstrap with Java 17 too

-------------------------------------------------------------------
Mon May 16 12:37:31 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Build against jansi 2.x
- Remove the jansi-native and hawtjni-runtime dependencies, since
  jansi 2.x does not depend on them
- Modified patch:
  * 0013-Add-missing-transitive-dependencies.patch
    + jansi does not have transitive dependencies any more
- Added patch:
  * gradle-jansi.patch
    + port to use jansi 2.x

-------------------------------------------------------------------
Wed Mar 23 16:30:46 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Force building with java <= 11

-------------------------------------------------------------------
Mon Mar 14 05:27:44 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Fix build with maven-resolver 1.7.x
- Modified patch:
  * 0005-Port-to-Maven-3.3.9-and-Eclipse-Aether.patch
    + package the new artifact maven-resolver-named-locks

-------------------------------------------------------------------
Tue Mar  8 06:21:15 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Remove from build dependencies some artifacts that are not
  needed

-------------------------------------------------------------------
Tue Oct 19 07:02:43 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Modified patch:
  * 0013-Add-missing-transitive-dependencies.patch
    + Add osgi-compendium to the dependencies, since newer qute-bnd
      uses it

-------------------------------------------------------------------
Wed Jul 28 07:31:50 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Remove build requires that are not strictly needed

-------------------------------------------------------------------
Wed May 12 08:13:34 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Do not build against the legacy guava20 package any more
- Added patch:
  * port-to-guava-30.patch
    + Port gradle 4.4.1 to guava 30.1.1
    + Set source level to 1.8, since guava 30 uses default
      functions in interfaces, which is Java 8+ feature

-------------------------------------------------------------------
Tue Dec 17 11:49:50 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Avoid all-released-versions.json as source, since we are not
  building integration tests.

-------------------------------------------------------------------
Mon Dec  9 12:38:32 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Modified patch:
  * gradle-4.4.1-asm7.patch
    + Rediff and use ASM7 api instead of ASM6, since we are using
      objectweb-asm 7.2
- Added patches:
  * cast-estimated-runtime-to-long.patch
    + estimatedRuntime must be cast to long otherwise gradle build
      fails with "Cannot assign value of type java.math.BigDecimal
      to variable of type long".
  * java11-compatibility.patch
    + Fixes the compatibility with Java 11. This is backport of
      upstream changes in 4.8
  * java8-compatibility.patch
    + Keep compatibility with Java 8 by avoiding to use Java 9+
      APIs
  * remove-timestamps.patch
    + Avoid timestamps and thus irreproducible builds

-------------------------------------------------------------------
Mon Nov 25 11:14:34 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * gradle-4.4.1-asm7.patch
    + fix build with objectweb-asm 7.2

-------------------------------------------------------------------
Wed Nov 20 21:31:11 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Gradle looks for slf4j-api.jar, so we provide a link there

-------------------------------------------------------------------
Sun Nov 17 20:04:50 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Package a full gradle instead of the open apis only
- Upgrade to version 4.4.1
- Added patches:
  * 0001-Gradle-local-mode.patch
    + Use gradle local mode by default
  * 0002-Remove-Class-Path-from-manifest.patch
    + Remove classpath from manifest
  * 0003-Implement-XMvn-repository-factory-method.patch
    + Implement factory methods for xmvn repository
  * 0004-Use-unversioned-dependency-JAR-names.patch
    + Use unversioned jar files for dependencies
  * 0005-Port-to-Maven-3.3.9-and-Eclipse-Aether.patch
    + Port to maven 3.3.9 and maven-resolver
  * 0006-Disable-code-quality-checks.patch
    + Disable code quality checks useless for rpm build
  * 0007-Port-to-Kryo-3.0.patch
    + Fix build with kryo 3.0
  * 0008-Port-to-Ivy-2.4.0.patch
    + Fix build with apache-ivy 2.4.0
  * 0009-Port-to-Polyglot-0.1.8.patch
    + Allow building with tesla-polyglot >= 0.1.8
  * 0010-Port-from-Simple-4-to-Jetty-9.patch
    + build using org.eclipse.jetty:jetty-server instead of
      org.simpleframework:simple
  * 0011-Disable-benchmarks.patch
    + Do not run benchmarks useless during rpm build
  * 0012-Disable-patching-of-external-modules.patch
    + Disable patching of external modules during the build
  * 0013-Add-missing-transitive-dependencies.patch
    + Add transitive dependencies for aqute-bndlib, jansi and zinc
  * 0014-Disable-ideNative-module.patch
    + Do not build ideNative module
  * 0015-Disable-docs-build.patch
    + Do not build docs needing asciidoctorj that we don't have
  * 0016-Port-to-guava-20.0.patch
    + Fix build with guava 20.0
  * 0017-Set-core-api-source-level-to-8.patch
    + Build core-api submodule with source/target 8

-------------------------------------------------------------------
Tue Sep 17 11:37:40 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

- Add LICENSE file to the correct tag

-------------------------------------------------------------------
Tue Sep 17 11:31:39 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

- Security fix: [bsc#1150998, CVE-2019-16370]
  * The PGP signing plugin in Gradle before 6.0 relies on the SHA-1
    algorithm. PGP signing plugin might allow an attacker to replace
    an artifact with a different one.
- Add gradle-CVE-2019-16370.patch

-------------------------------------------------------------------
Thu Sep 14 05:34:54 UTC 2017 - fstrba@suse.com

- Specify java source and target level 1.6 in order to allow
  building with jdk9

-------------------------------------------------------------------
Thu Dec 15 05:10:11 UTC 2016 - margherio.adam@gmail.com

- Updated to 3.2.1

-------------------------------------------------------------------
Mon Dec 28 13:56:20 UTC 2015 - mailaender@opensuse.org

- Update to 2.10

-------------------------------------------------------------------
Tue Apr 14 19:21:36 UTC 2015 - afaerber@suse.de

- Update to 2.3

-------------------------------------------------------------------
Tue Jul  8 08:48:15 UTC 2014 - tchvatal@suse.com

- Cleanup the sle11 build bit more.

-------------------------------------------------------------------
Fri Jun 27 14:22:37 UTC 2014 - tchvatal@suse.com

- Build on sle11

-------------------------------------------------------------------
Fri Jun 27 12:24:36 UTC 2014 - tchvatal@suse.com

- Cleanup the package to be up par at least a bit

-------------------------------------------------------------------
Fri Nov 27 00:00:00 UTC 2009 - lkundrak@v3.sk

- Initial packaging

Places

File gradle.changes of Package gradle

Places