On 2021-10-19, Jaikiran Pai wrote:
> Can someone with access to Bugzilla please create a new 1.10.12
> product version and a new 1.10.13 milestone version, for Ant?
Done.
I don't think anybody else of the project team has enough karma. We may
want to change that.
Stefan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This release fixes a shortcoming of the AssertJ support modules and adds
a new convenience feature to the `Diff` class.
The full list of changes:
* added a new fullDescription method to Diff that provides a
string-representation of all differences
On 2021-10-13, Jaikiran Pai wrote:
> I've created a new RC2 release candidate for 1.10.12:
+1
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
On 2021-09-30, Jaikiran Pai wrote:
> This release is mainly a bug fix release and the exact changes are
> noted in
> https://dist.apache.org/repos/dist/dev/ant/RELEASE-NOTES-1.10.12.html. Of
> particular interest is the relatively minor bug fix in the javadoc
> task which is necessary for it to
On 2021-09-26, Jaikiran Pai wrote:
> I was planning to initiate a release tonight, but trying to upgrade
> one of the optional dependencies has shown up some interesting issue
> in the maven ant task (which apparently has been EOLed[1]) that we use
> in our fetch.xml.
Maybe you skip upgrading
On 2021-09-19, Gintautas Grigelionis wrote:
> On Mon, 23 Aug 2021 at 17:39, Stefan Bodewig wrote:
>> On 2021-08-19, Gintautas Grigelionis wrote:
>>> On Thu, 19 Aug 2021 at 12:01, Stefan Bodewig wrote:
>>>> I didn't mean the Antlib to be backwards c
On 2021-09-16, Stefan Bodewig wrote:
> On 2021-09-15, Jaikiran Pai wrote:
>> I wanted to look into and sort out
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=65424 in this release
>> too, but it looks like I may not be able to do that and I'm not sure
>> how many
On 2021-09-15, Jaikiran Pai wrote:
> Java 17 has been released yesterday. We have a relatively minor fix in
> javadoc task which affects Java 17 in cases where
> failonwarn=true. Should we consider releasing 1.10.12 of Ant in
> upcoming days to provide this fix and other fixes that we have done
>
# Description
Apache Gump is a cross-project continuous integration server. Gump's
intention isn't so much to be a CI server but rather a vehicle that
makes people look beyond their project's boundaries and helps the
projects to collaborate.
Gump is written in Python and supports several build
On 2021-08-23, Jaikiran Pai wrote:
> On 19/08/21 3:23 pm, Stefan Bodewig wrote:
>> On 2021-08-19, Jaikiran Pai wrote:
>>> Hello Stefan,
>>> On 19/08/21 1:15 pm, Stefan Bodewig wrote:
>>>> At a cursory glance I only see JUnitTask and ExecuteJava deal with
On 2021-08-19, Gintautas Grigelionis wrote:
> On Thu, 19 Aug 2021 at 12:01, Stefan Bodewig wrote:
>> I didn't mean the Antlib to be backwards compatible, but rather to offer
>> it and tell people to switch over to it. It would be the first time we'd
>> remove a core feat
On 2021-08-23, Mark Thomas wrote:
> On 20/08/2021 17:53, Mark Thomas wrote:
>> On 20/08/2021 09:06, Stefan Bodewig wrote:
>
>>> I've already added the jar and changed the descriptors. Unfortunately I
>>> did so before realizing that my ssh key is unknown to the
On 2021-08-19, Mark Thomas wrote:
> On 19/08/2021 17:53, Stefan Bodewig wrote:
>> Tomcat transitvely inherits antlr4*.jar but this jar doesn't seem to
>> contain the "runtime" package. I believe you also want
>> https://mvnrepository.com/artifact/or
On 2021-08-19, Mark Thomas wrote:
> Many thanks for cleaning up the mess I created.
You didn't create a mess here, you just uncovered an undetected bug.
The -bootclasspath/p problems of xml-apis and xml-resolver are probably
not really fixable. We cannot create a "patch module" easily, I'm
On 2021-08-19, Stefan Bodewig wrote:
> It looks as if you may have uncovered a bug in Ant's build,
no, the Gump descriptor has been broken before.
While compiling the tests Ant didn't see the main classes it had just
compiled. It could only see those of the bootstrap-ant project.
The o
On 2021-08-19, Jaikiran Pai wrote:
> On 19/08/21 1:15 pm, Stefan Bodewig wrote:
>> ... One migration option might be to offer an antlib containing the
>> permissions stuff and deprecate the core types - and remove them from
>> core once the next Java LTS version without Se
On 2021-08-19, Jaikiran Pai wrote:
> Hello Stefan,
> On 19/08/21 1:15 pm, Stefan Bodewig wrote:
>> At a cursory glance I only see JUnitTask and ExecuteJava deal with the
>> SecurityManager if permissions have been defined. Where else do we use
>> one?
> From what I
On 2021-08-05, Gintautas Grigelionis wrote:
> The most acute problem is this: SecurityManager seems to be involved in
> handling of return code from forked processes.
> How does JDK 17+ solve that?
JDK17 doesn't try to solve that as I understand it, the use-case of
"prevent System.exit" has been
On 2021-08-05, Jaikiran Pai wrote:
> Ant project will be impacted by this. Ant provides a "permissions"
> type[1] whose whole goal is to integrate with the Java SecurityManager
> to allow users to configure the necessary security permissions. With
> the SecurityManager and the APIs potentially
On 2021-08-12, Mark Thomas wrote:
> It looks like I have broken the Ant build somehow. I can't see what I
> have done wrong. No rush, but some help on this from someone more
> familiar with the Ant build than I would be helpful.
It looks as if you may have uncovered a bug in Ant's build, but I'm
Many thank for doing this, Mark
On 2021-08-10, Mark Thomas wrote:
> Is there a way in Gump to get just some projects to build with a
> different JAVA_HOME? Switching just the Tomcat 10.1.x builds to Java
> 11 is the minimum requirement. We can then take a harder look at the
> dependency chains
On 2021-07-17, Gavin McDonald wrote:
> Does any project still use any of
> OpenJDK 10,12,13,14,15 ?
Ant does, basically to assert compatibility. But that shouldn't stop
you, we can just remove them from the Matrix - or rather I assume they
will simply no longer be available as Matrix choices
n Tue, 13 Jul 2021 at 11:04, sebb wrote:
>>> On Tue, 13 Jul 2021 at 10:28, Stefan Bodewig wrote:
>>>> On 2021-07-13, Bruno P. Kinoshita wrote:
>>>>> I think I used this page when publishing the site?
>>>>> http://commons.apache.org/site-
>> Are there any tests that actually use the uid/gid of the current user?
>> Compress will no read them by itself, so the only place things could
>> fail was if we used native tar to create an archive. Is there such a
>> test? If so we could try to adapt the test in question.
On 2021-07-10,
## Description:
Apache Gump is a cross-project continuous integration server. Gump's intention
isn't so much to be a CI server but rather a vehicle that makes people look
beyond their project's boundaries and helps the projects to collaborate.
Gump is written in Python and supports several build
Description:
When reading a specially crafted TAR archive an Apache Ant build can be made to
allocate large amounts of memory that finally leads to an out of memory error,
even for small inputs. This can be used to disrupt builds using Apache Ant.
Mitigation:
Apache Ant 1.9.x users should
Description:
When reading a specially crafted ZIP archive, or a derived formats, an Apache
Ant build can be made to allocate large amounts of memory that leads to an out
of memory error, even for small inputs. This can be used to disrupt builds
using Apache Ant.
Commonly used derived formats
://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAmDty0UACgkQohFa4V9ri3J/fACcDdV5LR1N/2Jrb8jNn/eZmwYq
e/MAoM8OvDCeEYH76QbDWJYVfnE1raI3
=D8Oy
-END PGP SIGNATURE-
://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAmDty0UACgkQohFa4V9ri3J/fACcDdV5LR1N/2Jrb8jNn/eZmwYq
e/MAoM8OvDCeEYH76QbDWJYVfnE1raI3
=D8Oy
-END PGP SIGNATURE
://ant.apache.org/
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAmDty0UACgkQohFa4V9ri3J/fACcDdV5LR1N/2Jrb8jNn/eZmwYq
e/MAoM8OvDCeEYH76QbDWJYVfnE1raI3
=D8Oy
-END PGP SIGNATURE
Description:
When reading a specially crafted ZIP archive, or a derived formats, an Apache
Ant build can be made to allocate large amounts of memory that leads to an out
of memory error, even for small inputs. This can be used to disrupt builds
using Apache Ant.
Commonly used derived formats
Description:
When reading a specially crafted TAR archive an Apache Ant build can be made to
allocate large amounts of memory that finally leads to an out of memory error,
even for small inputs. This can be used to disrupt builds using Apache Ant.
Mitigation:
Apache Ant 1.9.x users should
Severity: low
Description:
When reading a specially crafted 7Z archive, the construction of the list of
codecs that decompress an entry can result in an infinite loop. This could be
used to mount a denial of service attack against services that use Compress'
sevenz package.
Mitigation:
Severity: low
Description:
When reading a specially crafted 7Z archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress'
Description:
When reading a specially crafted TAR archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' tar package.
Description:
When reading a specially crafted ZIP archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' zip package.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.21.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
With +1s by
Martijn Kruithof
Jaikiran Pai
Maarten Coene
Stefan Bodewig
the vote has passed, I'll publish the artifacts and after the mirrors
had time to catch up will annpunce the release.
Thanks to all who have verified the artifacts
Stefan
With +1s by
Martijn Kruithof
Jaikiran Pai
Maarten Coene
Stefan Bodewig
the vote has passed, I'll publish the artifacts and after the mirrors
had time to catch up will annpunce the release.
Thanks to all who have verified the artifacts
Stefan
On 2021-07-13, sebb wrote:
> On Tue, 13 Jul 2021 at 10:28, Stefan Bodewig wrote:
>> On 2021-07-13, Bruno P. Kinoshita wrote:
>>> I think I used this page when publishing the site?
>>> http://commons.apache.org/site-publish.html
>> Yes, that's what I've d
On 2021-07-13, Bruno P. Kinoshita wrote:
> I think I used this page when publishing the site?
> http://commons.apache.org/site-publish.html
Yes, that's what I've done for the past releases as well ;-)
https://cms.apache.org/commons/publish is what it tells you to use - and
this one returns
On 2021-07-13, Henri Biestro wrote:
> You actually don't change the main site, just the component site if
> I'm not mistaken. I guess you found this;
> http://commons.apache.org/site-publish.html#Main_site . When
> everything is set correctly, the site-deploy target does everything
> for you,
making my own +1 explicit
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
making my own +1 explicit
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
Hi
I recall the CMS is no more but I haven't followed how to publish the
site now. The docs still talk about the CMS.
I have updated component_releases.properties and the DOAP file for
compress but don't know how to apply the change to the deployed website.
Stefan
[
https://issues.apache.org/jira/browse/COMPRESS-542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17379573#comment-17379573
]
Stefan Bodewig commented on COMPRESS-542:
-
This issue has been assigned the name
[CVE-2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.21.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.21.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy,
Description:
When reading a specially crafted ZIP archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' zip package.
Description:
When reading a specially crafted TAR archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' tar package.
Severity: low
Description:
When reading a specially crafted 7Z archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress'
Severity: low
Description:
When reading a specially crafted 7Z archive, the construction of the list of
codecs that decompress an entry can result in an infinite loop. This could be
used to mount a denial of service attack against services that use Compress'
sevenz package.
Mitigation:
Hi
with +1s by Gary Gregory, Bruno P. Kinoshita, Peter Lee and myself, the
vote has passed.
I'll publish the artifacts and will announce the release once the
mirrors have caught up - which probably means after a night of sleep for
myself :-)
Many thanks to all who have verified the release
Making my own vote explicit
[X] +1 Release these artifacts
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
Hi all
I've created a release candidate for 1.10.11:
git tag: ANT_1.10.11_RC1
on commit: 01ce0c3b1
tarballs: https://dist.apache.org/repos/dist/dev/ant/
revision: 48767
Maven artifacts:
[re-send with fixed subject, sorry]
Hi all
I've created a release candidate for 1.9.16:
git tag: ANT_1.9.16_RC1
on commit: ea698c454
tarballs: https://dist.apache.org/repos/dist/dev/ant/
revision: 48766
Maven artifacts:
Hi all
I've created a release candidate for 1.9.16:
git tag: ANT_1.9.16_RC1
on commit: ea698c454
tarballs: https://dist.apache.org/repos/dist/dev/ant/
revision: 48766
Maven artifacts:
https://repository.apache.org/content/repositories/orgapacheant-1049/org/apache/ant/
On 2021-07-10, Henri Biestro wrote:
> Side note whilst trying to validate RC1:
> On a Mac that used LDAP, user ids and groups are 'long':
> henri.biestro@L-HBIESTRO-1 commons-compress % id
> uid=1447288081(henri.biestro) gid=1024222515
Didn't know that.
> A lot of tar tests will fail in this
On 2021-07-10, Bruno P. Kinoshita wrote:
> The RELEASE-NOTES.txt for 1.21 starts with "Compress 1.20 now at least
> requires Java 8 to build and run." which is a bit confusing, but not a
> major issue. (Maybe it would be better to say "Compress 1.20 and later
> require Java 8..."?)
It is going
On 2021-07-09, Gary Gregory wrote:
> "Details of changes since 1.19 are in the release notes:"
> 1.19 -> 1.20 ;-)
fortunately only the vote mail is wrong.
It even is true, in a way, the release notes even include all changes
since 1.0. :-)
Stefan
It's been way too long since the last relase and the number of resolved
issues is huge.
Compress 1.21 RC1 is available for review here:
https://dist.apache.org/repos/dist/dev/commons/compress/
(svn revision 48755)
The tag is here:
.
BugZilla Issue 65315
For complete information on AntUnit, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
https://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN
.
BugZilla Issue 65315
For complete information on AntUnit, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
https://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN
.
BugZilla Issue 65315
For complete information on AntUnit, including instructions on how to
submit bug reports, patches, or suggestions for improvement, see the
Apache AntUnit website:
https://ant.apache.org/antlibs/antunit/index.html
Stefan Bodewig, on behalf of the Apache Ant community
-BEGIN
Hi all
with +1s by Jaikiran Pai, Maarten Coene, Jan Materne, Martijn Kruithof
and myself and no other votes the vote has passed.
I'll publish the artifacts now and send out the announcement / update
the site later today.
Many thanks to all who evaluated the release
Stefan
I completely forgot to vote myself.
+1
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
Hi all
as we missed the report last month (my fault) we are due reporting this
month.
At least I have created a copy of the last report at
https://cwiki.apache.org/confluence/display/GUMP/20210721 and I really
intend to review whether information is still accurate. If you fell
anything should be
On 2021-07-05, Evgeny Bovykin wrote:
> Is there any date on when 1.21 will be released? Or will it be at
> least released in 2021?
Likely :-)
https://lists.apache.org/thread.html/ra92c3a25b0cdfc4c2a070f7febbba3d034b27e152b42337c679f3f04%40%3Cdev.commons.apache.org%3E
Plan is to have the
[
https://issues.apache.org/jira/browse/COMPRESS-565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Bodewig resolved COMPRESS-565.
-
Resolution: Fixed
> Regression - Corrupted headers when using 64
On 2021-07-03, Stefan Bodewig wrote:
> I assume the code originates from
> https://svn.apache.org/repos/asf/harmony/enhanced/java/trunk/classlib/modules/pack200/src/main/
> and I'd look into porting the tests from
> https://svn.apache.org/repos/asf/harmony/enhanced/java/trunk/clas
Hi all
I've created a release candidate for AntUnit 1.4.1:
git tag: 1_4_1_RC1
on commit: e436acf
tarballs: https://dist.apache.org/repos/dist/dev/ant/antlibs/antunit/
revision: 48645
Maven artifacts:
Hi all
sorry, I got occupied "elsewhere" and somehow forgot I wanted to create
a release candidate. Will do so during the weekend.
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail:
Hi all
is there anything you want to work on or can we go ahead with cutting a
new Compress release in about a week?
There are some test coverage and javadoc issues that need to get
resolved but other than that at least I do not intend to work on any
changes or new features.
A current build of
Hi
our current pack200 tests don't seem to cover much of the pack200 code
imported from harmony and the overall test coverage of Compress as a
whole has dropped significantly (from 86% to 61%) as the new package
contains quite a bit of code.
I assume the code originates from
On 2021-07-03, Gary Gregory wrote:
> This is the approach I've taken: I merged the pack200 branch into
> master as is.
Thank you
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional
On 2021-06-12, Gary Gregory wrote:
> Please have a look at the pack200 branch if you want, there are still
> Javadoc TODOs but it's all there.
Just so we get this into this list's archive properly: I've propsed a
few changes in https://github.com/apache/commons-compress/pull/210 but
completely
On 2021-07-01, Torsten Curdt wrote:
>> That certainly doesn't prevent anybody else from trying to find a
>> compromise :-)
> It feels like Optionals could be a compromise.
I must admit I've lost track of the later discussion threads. If you
mean that we'd return Optional<> results, this would
Hi all
there isn't a single option that hasn't at least received two -1s with
eight people indicating their preference. So neither option seems to be
an option that could lead to a compromise.
With this I run out of ideas and will rest my case and not try to find a
generic solution - but rather
On 2021-06-29, Stefan Bodewig wrote:
> Options raised during the thread:
> (1) catch all RuntimeExceptions, wrap them in an IOException (possibly a
> subclass) and throw the IOException
+1
> (2) catch only a subset of all RuntimeExceptions, wrap them in an
> IOExce
Hi
I'm sorry, but I'm unable to see what would or would not work for the
people who chimed in. Short of calling for a vote, lets try with a poll
that could show whether there is some sort of solution that is
acceptable to everybody.
Please use +1 to mean "I like this option", +0 to mean "the
On 2021-06-29, Miguel Munoz wrote:
> Catching all RuntimeExceptions and wrapping them in an IOException
> looks like the cleanest solution. RuntimeExceptions usually mean bugs,
> so if the archive code is throwing them due to a corrupted archive, it
> makes sense to wrap it in a checked
On 2021-06-27, Gilles Sadowski wrote:
> Le dim. 27 juin 2021 à 21:15, Stefan Bodewig a écrit :
>> As I said, we can as well document that each method could throw
>> arbitrary RuntimeExceptions, but I don't believe we can list the kinds
>> of RuntimeExceptions exhaustively
[
https://issues.apache.org/jira/browse/COMPRESS-542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Bodewig resolved COMPRESS-542.
-
Fix Version/s: 1.21
Resolution: Fixed
And with current master your broken
On 2021-06-27, Gilles Sadowski wrote:
> Hi.
>> [...]
>> it seemed Gilles was opposed to this idea
> Rather (IIRC) my last comment was that it was your choice as to
> what the API should look like.
Sorry, I didn't mean to misrepresent your POV.
> My opinion on the matter was along Gary's
On 2021-06-27, Gary Gregory wrote:
> Catching all unchecked exceptions (UE) and rethrowing as checked exceptions
> (CE) feels like both a horror show and an exercise in futility, especially
> in order to appease some tool that complains today of one thing which may
> complain differently
[
https://issues.apache.org/jira/browse/COMPRESS-542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17370314#comment-17370314
]
Stefan Bodewig commented on COMPRESS-542:
-
OK, my benchmarks
https://github.com/bodewig
Hi
I'd like to get closure on which approach we want to take.
When we read a broken archive it may trigger arbitrary RuntimeExceptions
because we are not explicitly checking for each and every sizuation
where a bounds check could fail, a negative size is sent to a classlib
method that then
On 2021-06-17, Jaikiran Pai wrote:
> The recently released EA version of JDK 17 has introduced a change in
> the javadoc tool. Previously (JDK 8 all the way through JDK 16) used
> to log certain messages from the javadoc tool to STDOUT. Our javadoc
> task's implementation expects such messages of
On 2021-06-12, Stefan Bodewig wrote:
> On 2021-06-12, Gary Gregory wrote:
>> Please note that the Java 16 and 17 builds are now green on GitHub after my
>> changes this morning to update some dependencies.
> They haven't been green before - or for any JDK > 14 - because
On 2021-06-12, Gary Gregory wrote:
> Please note that the Java 16 and 17 builds are now green on GitHub after my
> changes this morning to update some dependencies.
They haven't been green before - or for any JDK > 14 - because of
missing pack200 classes inside of the classlib.
Stefan
On 2021-06-06, Gilles Sadowski wrote:
> Le dim. 6 juin 2021 à 07:51, Stefan Bodewig a écrit :
>> Hi
>> I'm thinking about a specific IOException subclass that is thrown when a
>> RuntimeException "happens" somewhere in the code that parses data in
>> Zi
Hi
I'm thinking about a specific IOException subclass that is thrown when a
RuntimeException "happens" somewhere in the code that parses data in
Zip/SevenZ/TarFile, see
https://github.com/apache/commons-compress/compare/catch-RuntimeExceptions
is this a good idea? Should anything be
Hi all
7z archives provide CRCs for the metadata section so you can quickly
identify a wide range of broken archives - which is far better than what
you get for ZIP for example.
It is possible to recover from a certain type of broken archive. A case
where the archive has been written almost
On 2021-05-24, Bernd wrote:
> Am Mo., 24. Mai 2021 um 20:46 Uhr schrieb Matt Sicker :
>> There's also a bit of an issue of fixing these types of
>> vulnerabilities at the library level. The library itself typically
>> won't have much in the way of a security model until you integrate it
>> into
On 2021-05-24, Tero Saarni wrote:
> We are getting reports from JFrog Xray vulnerability scanner that seem
> to be related to recently fixed OSS-Fuzz issues:
I wasn't aware of this effect. This is very unfortunate.
> * Summary: Apache Commons Compress archivers/zip/ZipFile.java
>
[
https://issues.apache.org/jira/browse/COMPRESS-566?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Bodewig resolved COMPRESS-566.
-
Fix Version/s: 1.21
Resolution: Fixed
> make gzip deflate buffer s
Hi all
it looks as if we didn't do what we preach, see
https://bz.apache.org/bugzilla/show_bug.cgi?id=65315 :-)
Over the past three years we haven't seen any reason to change anything
inside of AntUnit. The issue above is probably standing in the way for
somebody, so I'd like to cut a fresh
[
https://issues.apache.org/jira/browse/COMPRESS-562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17349780#comment-17349780
]
Stefan Bodewig commented on COMPRESS-562:
-
well the zero bytes look like padding, unfortunately
[
https://issues.apache.org/jira/browse/COMPRESS-574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17349775#comment-17349775
]
Stefan Bodewig commented on COMPRESS-574:
-
[~gaellalire] many thanks for your code
[
https://issues.apache.org/jira/browse/COMPRESS-578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Bodewig resolved COMPRESS-578.
-
Fix Version/s: 1.21
Resolution: Fixed
PR merged, thank you
> Jav
201 - 300 of 18302 matches
Mail list logo