Red Hat Bugzilla – Bug 820117
azureus: Bundled libraries
Last modified: 2014-03-18 04:08:46 EDT
azureus is bundling several libraries, including:
According to Fedora Java Packaging Guidelines this is unacceptable. See: https://fedoraproject.org/wiki/Packaging:Java#Pre-built_JAR_files_.2F_Other_bundled_software
Please remove these libraries from packaging and add them as external dependencies.
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.
(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)
More information and reason for this action is here:
Created attachment 863653 [details]
remove half unbundle bouncycastle
(In reply to Mikolaj Izdebski from comment #0)
> azureus is bundling several libraries, including:
apache-commons is already unbundle :
rm -fR org/apache
Json was recently unbundle :
rm -fR org/json
what is not unbundle :
# http://www.programmers-friend.org/download/ not found in fedora repos
#rm -fR org/pf
and bouncycastle ,
bouncycastle .spec try unbundled but requires org.bouncycastle.jce.provider
which is not part of bouncycastle 1.46 on fedora
by this link http://www.cs.berkeley.edu/~jonah/bc/org/bouncycastle/jce/provider/JCEECDHKeyAgreement.html
seems need Bouncy Castle Cryptography Library 1.37
so I propose revert this half unbundling , because as it is, azureus use 2 bouncycastle jars, one bundled and one from the system , for me seems that is not good.
Created attachment 863654 [details]
remove half unbundle bouncycastle updated
Created attachment 863655 [details]
sorry, another update to remove half unbundle bouncycastle
I'm not sure I understand the reason for the patch in #4.
For sure, the bundled BouncyCastle classes are still used until someone comes around to patch the source and I don't claim to understand all the fine details of classloading but I don't really see any harm in having BouncyCastle in the classpath. In my opinion, we should focus on really removing the bundled BouncyCastle cocde from azureus instead. Or to put it the other way around, what is the problem you're trying to solve?
(In reply to David Juran from comment #5)
> I don't claim to understand all the
> fine details of classloading but I don't really see any harm in having
> BouncyCastle in the classpath.
As I see it, is more optimized if we just use one BouncyCastle, is not a good option have two BouncyCastle in the classpath . On the other hand will be more easier remove bundled BouncyCastle code .
> In my opinion, we should focus on really
> removing the bundled BouncyCastle code from azureus instead.
I'm focus on this, but don't had much time , I will try find a manual that explains how upgrade BouncyCastle from 1.37 to 1.46
> Or to put it
> the other way around, what is the problem you're trying to solve?
Meanwhile I had use Azureus with my this patch and F21 commits and I like the results, anyway I also use swt M5, so I can't ensure that patch solves crashes .
azureus-188.8.131.52-6.fc20 has been submitted as an update for Fedora 20.
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing azureus-184.108.40.206-6.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
IMHO , we should merge azureus-SecureMessageServiceClientHelper-bcprov.patch into azureus-220.127.116.11-no-bundled-bouncycastle patch since they try resolve the same thing , unbundle bouncycastle
and why for F20 we have Azureus outdated, I don't see any reason for F19 , F20 and rawhide haven't the same source . The kernel guys update F19 with kernel major version 3.12 to 3.13 which bumped many bugs and if kernel don't have this limits , why you are so conservative in updates of Azureus , but not with yours patches.
(In reply to Sergio Monteiro Basto from comment #9)
> and why for F20 we have Azureus outdated, I don't see any reason for F19 ,
> F20 and rawhide haven't the same source . The kernel guys update F19 with
> kernel major version 3.12 to 3.13 which bumped many bugs and if kernel don't
> have this limits , why you are so conservative in updates of Azureus , but
> not with yours patches.
Kernel package has exception granted by FESCO and that's why major updates can be pushed to stable releases.
"particularly when those features would materially affect the user or developer experience"
not the case , my interpretation Azureus 18.104.22.168 is stable, was consider stable by upstream, so should go to stable releases.
kernel is an exception , Firefox (enabled gstreamer) , libreoffice (4.1.3 to 4.2.1), kde ( 4.11 to 4.12) after F20 released, are also exceptions ?
Conclusion please update Azureus in F20 and possible in F19 , or let me update it for you, give me commit permissions .
azureus-22.214.171.124-6.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.