Re: [mdt-papyrus.dev] Batik 1.16 and GMF Runtime 1.15.3 for Eclipse 2022

[Pierre-Charles David <pierre-charles.david@xxxxxxx>]

Le 14/11/2022 à 12:02, LE MENEZ Quentin a écrit :

Hi Pierre Charles,

 

Thanks for the heads up !

 

The current main codebase should be compatible with your latest releases. Do you need an integration release today based on your latest revisions or would on Wednesday suffice ?

Actually, Ed (Merks) has merged my patch with Sirius and GMF [1] and **disabled Papyrus** to get it through.
So, at the moment Sirius or GMF are OK for 2022-12 (except maybe a GMF rebuild due to the unrelated signing problems, see Ed's latest message), but Papyrus needs to contribute a compatible version and re-enable its contribution, ideally for M3+3 (Wednesday).

[1] https://git.eclipse.org/r/c/simrel/org.eclipse.simrel.build/+/196896

We’ll keep you informed if we encounter any problems on the way but the latest tests seem fine on our end.

 

Best Regards,

Quentin Le Menez

CEA List  | NANO-Innov | Bât. 862-PC174 | 2, Boulevard Thomas GOBERT| F-91120 PALAISEAU

T. +33 1 69 08 63 73

 

De : mdt-papyrus.dev <mdt-papyrus.dev-bounces@xxxxxxxxxxx> De la part de Pierre-Charles David
Envoyé : lundi 14 novembre 2022 10:36
À : Papyrus Project list <mdt-papyrus.dev@xxxxxxxxxxx>
Objet : [mdt-papyrus.dev] Batik 1.16 and GMF Runtime 1.15.3 for Eclipse 2022-12

 

Hi Papyrus Team,

As you may have seen in this thread [1], the Orbit repo for 2022-12 has replaced all old versions of Apache Batik with the new version 1.16.0 (released on October 22). GMF Runtime, Graphiti, Sirius and Papyrus are impacted. We all depended on Batik 1.14 (released this summer), but version 1.15 and 1.16 released since then have fixed several CVEs (see [2]).

I think Graphiti has been updated (at least they contributed a new version [3]).

I  have release candidates versions of GMF Runtime (1.15.3) and Sirius (7.0.6) which both move to Batik 1.16 ready for inclusion [4], but can not merge them yet as it break Papyrus:

Missing requirement: Papyrus GMF Diagrams Support 4.3.0.202210051746

  (org.eclipse.papyrus.infra.gmfdiag.common 4.3.0.202210051746) requires 'osgi.bundle; org.apache.batik.dom [1.14.0,1.15.0)' but it could not be found

Indeed, the repo for GMF Runtime 1.15.3 now only contains Batik 1.16: https://download.eclipse.org/modeling/gmp/gmf-runtime/updates/milestones/S202211041032/plugins/

Do you think you can get a new version which depends on Batik 1.16 for M3 (I know it's late, M3+3 is this Wednesday), or at least for RC1 next week?

The corresponding GMF Runtime release will be 1.15.3, see the above patch for the URL of the RC repo.

Regards,
Pierre-Charles David

PS: Note that it is probable that there will be a Batik 1.17 released in the near future; new security fixes have been merged after the 1.16 release. I have no idea when it is planned, but we should all be ready to switch (again...).

[1] https://www.eclipse.org/lists/cross-project-issues-dev/msg19431.html
[2] https://github.com/eclipse/gmf-runtime/issues/23
[3] https://git.eclipse.org/r/c/simrel/org.eclipse.simrel.build/+/196609
[4] https://git.eclipse.org/r/c/simrel/org.eclipse.simrel.build/+/196896

 

-- 

Pierre-Charles David (Obeo)I have 

_______________________________________________
mdt-papyrus.dev mailing list
mdt-papyrus.dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mdt-papyrus.dev

-- 
Pierre-Charles David (Obeo)