[jbosstools-issues] [JBoss JIRA] (JBDS-3562) Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)
Nick Boldt (JIRA)
issues at jboss.org
Tue Dec 8 13:12:00 EST 2015
[ https://issues.jboss.org/browse/JBDS-3562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138596#comment-13138596 ]
Nick Boldt edited comment on JBDS-3562 at 12/8/15 1:11 PM:
-----------------------------------------------------------
If the build currently staged in CSP / GG is no longer considered acceptable, I can respin it using a different JBDS update site as input to the installer build process. (I'll have to create a composite site exclusively for this process, because as has been noted already, we've never done this whole "just build the installer using previous GA bits as input" before.)
Please advise here or in DEVELOPER-1435.
I'm also unclear how we want to display this new build on tools.jboss.org. Is is a whole new release, or just a drop-in replacement for the existing JBDS 9.0.0.GA installer jar link?
was (Author: nickboldt):
TL;DR:
after spending a few days to concoct a special, one-off solution to doing a rebuild of JUST the installers (first time ever) based on a previous GA release...
even when there's an explanation in a JIRA for slight deviations from 100% identicalness, and QE accepts it and signs off on it...
some people are not satisfied and feel compelled to post snarky comments.
It would have taken less effort and time to simply state "The staged build for QE is unacceptable; we need a respin."
> Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)
> --------------------------------------------------------------------------
>
> Key: JBDS-3562
> URL: https://issues.jboss.org/browse/JBDS-3562
> Project: Developer Studio (JBoss Developer Studio)
> Issue Type: Bug
> Components: build
> Affects Versions: 9.0.0.CVE-2015-7501-GA
> Reporter: Nick Boldt
> Assignee: Nick Boldt
> Fix For: 9.0.0.CVE-2015-7501-GA
>
> Attachments: 900GAvs901GA_B6.p2diff.txt, JBDS900GA-respin_diffs__EAP640-BZ1281963.png, JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640.png, JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640__002.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_210_refs.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_224_refs.png, JBDS900GA-respin_diffs__o.e.jst.plugins.manifest.mf.png, JBDS900GA-respin_diffs__p2director.manifest.mf.png, JBDS900GA-respin_diffs__plugins_including_gson2.1.0vs.2.2.4.png, JBDS900GA-respin_diffs__readme.txt.png
>
>
> Tracker JIRA to house things to do to prepare for 9.0.1 / 9.1.0 branches & builds.
> Because JBDS 9.0.0 includes the compromised version of
> apache.commons.collections (JBDS-3560, JBDS-3561), we need to at some point respin it, which
> will include:
> a) updated JBT/JBDS target platforms 4.50.1.* and 4.51.1.*
> b) repin of JBDS update sites and installer jars
> To that end, I've created the following new branches:
> https://github.com/jbosstools/jbosstools-target-platforms/commits/4.50.1.x
> https://github.com/jbosstools/jbosstools-target-platforms/commits/4.51.1.x
> And I've bumped the version of the target platforms in the 4.50.x and
> 4.51.x branches to 4.50.2.Beta1-SNAPSHOT and 4.51.2.Beta1-SNAPSHOT,
> respectively.
> JBDS is now at version 9.1.0 in the 4.3.x branch and 9.0.1 in the
> 4.3.1.x branch.
> https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.1.x
> (new, 9.0.1)
> https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.x
> (updated to 9.1.0)
> So, now we just need to ensure that the correct BUILD_ALIAS (CR1 for
> 9.0.1, Beta1 for 9.1.0) and target platforms are used.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jbosstools-issues
mailing list