Processing of libspring-java_3.2.13-4_amd64.changes

[Debian FTP Masters]

libspring-java_3.2.13-4_amd64.changes uploaded successfully to localhost
along with the files:
  libspring-java_3.2.13-4.dsc
  libspring-java_3.2.13-4.debian.tar.xz
  libspring-aop-java_3.2.13-4_all.deb
  libspring-beans-java_3.2.13-4_all.deb
  libspring-context-java_3.2.13-4_all.deb
  libspring-context-support-java_3.2.13-4_all.deb
  libspring-core-java_3.2.13-4_all.deb
  libspring-expression-java_3.2.13-4_all.deb
  libspring-instrument-java_3.2.13-4_all.deb
  libspring-jdbc-java_3.2.13-4_all.deb
  libspring-jms-java_3.2.13-4_all.deb
  libspring-orm-java_3.2.13-4_all.deb
  libspring-oxm-java_3.2.13-4_all.deb
  libspring-test-java_3.2.13-4_all.deb
  libspring-transaction-java_3.2.13-4_all.deb
  libspring-web-java_3.2.13-4_all.deb
  libspring-web-portlet-java_3.2.13-4_all.deb
  libspring-web-servlet-java_3.2.13-4_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: CVE-2015-7940 assigned

[Debian Bug Tracking System]

Processing control commands:

> retitle -1 CVE-2015-7940: bouncycastle: ECC private keys can be recovered via 
> invalid curve attack
Bug #802671 [src:bouncycastle] bouncycastle: ECC private keys can be recovered 
via invalid curve attack
Changed Bug title to 'CVE-2015-7940: bouncycastle: ECC private keys can be 
recovered via invalid curve attack' from 'bouncycastle: ECC private keys can be 
recovered via invalid curve attack'

-- 
802671: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#802671: CVE-2015-7940 assigned

[Raphael Hertzog]

Control: retitle -1 CVE-2015-7940: bouncycastle: ECC private keys can be 
recovered via invalid curve attack

FTR, this issue has been assigned CVE-2015-7940

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#802701: freemind: Freemind doesn't start with OpenJDK-8

[Vincent Smeets]

Package: freemind
Version: 0.9.0+dfsg2-1
Severity: normal

Hallo,

I have installed OpenJDK-7 and OpenJDK-8.
Freemind is starting normally with OpenJDK-7 but hangs in the splash
screen when started with OpenJDK-8.

When I start freemind without any settings
  $ freemind
it will use OpenJDK-8 (from java-wrapper) and doesn't start completely.
The spalsh screen will appear as an gray rectangle but with no image in
it. The application will hang at that point. A ^C or kill -TERM doesn't
work I can only recover by a kill -KILL to the JVM.
The command:
  $ JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 freemind
gives the same behaviour.

In contrast to that, the command:
  $ JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64 freemind
works normally and starts the application in a normal way.

Regards,
Vincent

-- Package-specific info:
[debug] /usr/bin/freemind: Found JAVA_HOME = '/usr/lib/jvm/java-8-openjdk-amd64'
[debug] /usr/bin/freemind: Found JAVA_CMD = 
'/usr/lib/jvm/java-8-openjdk-amd64/bin/java'
DEBUG:   Freemind parameters are ''.
DEBUG:   Linux PC-Vincent 4.2.0-1-amd64 #1 SMP Debian 4.2.3-2 (2015-10-14) 
x86_64 GNU/Linux
No LSB modules are available.
DEBUG:   Distributor ID:Debian
Description:Debian GNU/Linux testing (stretch)
Release:testing
Codename:   stretch
DEBUG:   The following DEB packages are installed:
ii  freemind0.9.0+dfsg2-1  allJava 
Program for creating and viewing Mindmaps
DEBUG:   Link '/usr/bin/freemind' resolved to '/usr/share/freemind/freemind.sh'.
DEBUG:   Freemind Directory is '/usr/share/freemind'.
DEBUG:   Calling: '/usr/lib/jvm/java-8-openjdk-amd64/bin/java 
-Dgnu.java.awt.peer.gtk.Graphics=Graphics2D 
-Dfreemind.base.dir=/usr/share/freemind -cp 
::/usr/share/freemind/lib/freemind.jar:/usr/share/java/SimplyHTML.jar:/usr/share/java/gnu-regexp.jar:/usr/share/java/jibx-run-1.1.6a.jar:/usr/share/java/xpp3.jar:/usr/share/freemind/lib/bindings.jar:/usr/share/java/forms.jar:/usr/share/freemind
 freemind.main.FreeMindStarter  '.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages freemind depends on:
ii  default-jre 2:1.7-52
ii  libjgoodies-forms-java  1.6.0-4
ii  libjibx1.1-java 1.1.6a-4
ii  simplyhtml  0.16.08-1

Versions of packages freemind recommends:
pn  freemind-doc   
ii  java-wrappers  0.1.28
ii  xdg-utils  1.1.1-1

Versions of packages freemind suggests:
pn  freemind-browser 
pn  freemind-plugins-help
pn  freemind-plugins-script  
pn  freemind-plugins-svg 

-- no debconf information

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#777082: (no subject)

[Michael Borkowski]

Despite the fact that I'm not running on Debian, I encountered this very
bug and indeed I can confirm that it seems to be related to multiple
screens.

However, I don't have to actually disable the secondary screen, it's
enough to move the mouse to the primary one, so that the window is
initially opend in the primary screen, which makes sweethome3d start up
nicely.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of apache-log4j2_2.4-1_amd64.changes

[Debian FTP Masters]

apache-log4j2_2.4-1_amd64.changes uploaded successfully to localhost
along with the files:
  apache-log4j2_2.4-1.dsc
  apache-log4j2_2.4.orig.tar.gz
  apache-log4j2_2.4-1.debian.tar.xz
  liblog4j2-java-doc_2.4-1_all.deb
  liblog4j2-java_2.4-1_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

apache-log4j2_2.4-1_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 22 Oct 2015 19:44:48 +0200
Source: apache-log4j2
Binary: liblog4j2-java liblog4j2-java-doc
Architecture: source all
Version: 2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 liblog4j2-java - Apache Log4j - Logging Framework for Java
 liblog4j2-java-doc - Documentation for Apache Log4j 2
Changes:
 apache-log4j2 (2.4-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release
 - New dependencies on libcommons-compress-java, libcommons-csv-java
   and libjeromq-java
 - Ignore the new liquibase module
 - Disabled the new Kafka appender
Checksums-Sha1:
 14bac3433d753073d4107f2dca8f8e0c64e7eca5 2742 apache-log4j2_2.4-1.dsc
 0b4f8fca154b959c242cb798cf146007edcaaa9c 2290193 apache-log4j2_2.4.orig.tar.gz
 854ad9adcb7798f267a3804d086b524460f567bd 5728 apache-log4j2_2.4-1.debian.tar.xz
 f9c37c04657b6b20e1edc213491686b3e1590ad4 787536 
liblog4j2-java-doc_2.4-1_all.deb
 414767cdb62cf43050934711f9ab2a5f69c102df 1075890 liblog4j2-java_2.4-1_all.deb
Checksums-Sha256:
 124589b24ce9b53f6498ddf7b487c1f62b7a9742756d7732e7797f4ec4c90779 2742 
apache-log4j2_2.4-1.dsc
 07dc623adb4f0769fb9082f526eb9b470ff2aac20cd11f36c755e7b5513044b8 2290193 
apache-log4j2_2.4.orig.tar.gz
 9d345545cda608c9b814fe79c4aa9aec2c35ddfa5e80f76567e563fec6a9cf5b 5728 
apache-log4j2_2.4-1.debian.tar.xz
 c2838b9fc55172d415358dcd82e3314ce3f2ed0824f9172a82350ccee7a4d275 787536 
liblog4j2-java-doc_2.4-1_all.deb
 cb05908779e1830c598b13475eddbeb5f1dc524810f34380448fffc45464325c 1075890 
liblog4j2-java_2.4-1_all.deb
Files:
 67c00cb84c5022f59ea341f37e4ef451 2742 java optional apache-log4j2_2.4-1.dsc
 159bd841b2f1219905215769a370da74 2290193 java optional 
apache-log4j2_2.4.orig.tar.gz
 4ee505bef87b4071afe55cc34301816f 5728 java optional 
apache-log4j2_2.4-1.debian.tar.xz
 f5ab2f552d17d799cebf026c62f508ec 787536 doc optional 
liblog4j2-java-doc_2.4-1_all.deb
 031b65d7e6ae3c460243cf67f2b98be6 1075890 java optional 
liblog4j2-java_2.4-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWKSP4AAoJEPUTxBnkudCsB2MQAMAN/ajjIv1JK2t4F5tqnOMZ
7ro6t/tb++1ASjALyTeJIvwUl1S/S+AIMZPkHAkxYCRyWFGtUV3A2IURTiBJDxPV
QBrFduYV0DLLyNr7zieuvJr/mP00iZOj7arhHsskz+/cKUrWUxkDAanxRItmjN4z
V+ODIRpp/c0VN3bOIfYIXbGeyu8LIXDMKY8/rIjYrsoxW45PFF+gh+s9lYgw85uG
TE9W36lNJ6njz9cMyQ5I0Wsk4m9KsRBJkj6RnllsfH4T1a6X06O1e+e0P6yD/zfK
IvumiruB8Hi9CsbslkE3g3zIA2+tt12GqwyDrVx7G45rTcJiY3PkPjIWYs/BJff4
vzjN/StoASiMIejh3ntJa/XuqapXpG/vBLYMvTbs9w7FYoNVx95nQrXq9xkdvzV6
2b3VKbX7TC6A7Rs8mbPg3lJGMXni5utTMVFIQ3sa1PfJeE5dDhlm+LfRCaCZGmnG
O7sGEedP9nW8EiZntigmMWEHh5k5VWtnnBxLJzwESrXIfyur6viMoseAdL+EVu72
IuqEilJ8xKXcVsrkMkR9Hy5XopbPAnSi3hHiEvUCq0JuGSM4YBHMpSVR3Hc6omew
Q8KFsshOBL5kdeEcniKQGs7BlexKHVnfL4HYZm1bPS9ZTfBo08en7XErn4J3cYhQ
fVIClvC6Rd9jC0CoUfpv
=HD5Y
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

httpcomponents-asyncclient_4.1-1_amd64.changes ACCEPTED into unstable, unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 21 Oct 2015 20:49:51 +0200
Source: httpcomponents-asyncclient
Binary: libhttpasyncclient-java
Architecture: source all
Version: 4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libhttpasyncclient-java - HTTP/1.1 compliant asynchronous HTTP agent 
implementation
Closes: 802585
Changes:
 httpcomponents-asyncclient (4.1-1) unstable; urgency=medium
 .
   * Initial release (Closes: #802585)
Checksums-Sha1:
 e548427bf2b88284fff608360341a301e579a3cb 2282 
httpcomponents-asyncclient_4.1-1.dsc
 f1760658e5551063842163ba2d7df04382d5546f 84900 
httpcomponents-asyncclient_4.1.orig.tar.xz
 299020bc62bb320c38c0d601d2b5bd91384a9d11 2764 
httpcomponents-asyncclient_4.1-1.debian.tar.xz
 09020cbaa9af173be44635c52a9b2aec0dc54896 160550 
libhttpasyncclient-java_4.1-1_all.deb
Checksums-Sha256:
 6dc036cd4fa61b83ab67e3c083d65c773b7b0e95a932c183422624315413 2282 
httpcomponents-asyncclient_4.1-1.dsc
 e356f402ebe4eacbb61055f27d76d339e62bce7b0d7ae1e0ed0bf4e286973f75 84900 
httpcomponents-asyncclient_4.1.orig.tar.xz
 24b2bb4a6059bc576e901afab48654d4a0b30b632c24a3a42898a802ebf1ffdd 2764 
httpcomponents-asyncclient_4.1-1.debian.tar.xz
 527b7d6c9b41d50338dd069866b4aa1b1d4bd168e09523af075d17e9dd9f2415 160550 
libhttpasyncclient-java_4.1-1_all.deb
Files:
 58633847ac7e24d2899878a904a64fe2 2282 java optional 
httpcomponents-asyncclient_4.1-1.dsc
 8f6b5bb96058acb18d9bf280a81d4b7b 84900 java optional 
httpcomponents-asyncclient_4.1.orig.tar.xz
 3fe0d9828edc94977c075ec690dccb9e 2764 java optional 
httpcomponents-asyncclient_4.1-1.debian.tar.xz
 9d869219abd5cd8bbb256d5f46e25b13 160550 java optional 
libhttpasyncclient-java_4.1-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWJ+ILAAoJEPUTxBnkudCskV8P/iTxmSCof+AegM6yID6SPNpv
gYBStLT7ISKs0xemC2mllj9Brc1qIXntKgpMIZAWT1czS4Xj92tUR8w3hnYoGPMZ
eH3MFfXk9XD3Vp283N/eafvsVCpsoxiXgzRNa32SSTG1GocnxR7425aLdZBke8T/
BrEmfACkVOR+OpR/hencxVAzaIxonqSoNw5wHe6cT+vuzz7utC9eyax420176QPV
/lpyjHuLwjJ50Ze7s6s9vZcSgB1VhLPALeovclJ5SNN3ZXhO5cp4iaJ5Tq57AUK3
H0YF0wO4lR0AJ3TEhqrhgwg2X5203BgIpmWZVesvDY/aXQYcn74kbP/K2RNOpJLi
sHiEjM9MdA58SF6nzBKK2EctXEUkocqoTTWdml3LORjw/r43R8dylbGq9QlvQMet
N2KIldHlYYgaYj+YJsnu/VgikKbULIVuvFQMgvQrOcJ3kDxj6TuIPmUlCBuf//Ui
r1ZG3MMLEc09/M3k7WCMMjwHIi7407eFJcqYE1t/3Sc0PWSXfU2WIG8ya4DocWd/
nWJw6zhbcmjAdwz9UuKaXKnN6z/4InN9Ee3Fldv3cxvKftSmGVgTwC/DAxwr5SKp
TIGWvMHZB/BdnbwckvmMrm9CrggCkm/35VNIP8sBhWgDWLCWKoWdcGniq4gct/Ra
HMp9FxpWc6Iq9bZ3lJty
=W5N6
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

[Branch ~openjdk/openjdk/openjdk8] Rev 655: openjdk-8 (8u66-b17-1) unstable; urgency=high

[noreply]

revno: 655
committer: Matthias Klose 
branch nick: openjdk8
timestamp: Thu 2015-10-22 14:01:37 +0200
message:
  openjdk-8 (8u66-b17-1) unstable; urgency=high
  
* Update to 8u66-b01.
* Security fixes:
  - S8048030, CVE-2015-4734: Expectations should be consistent
  - S8068842, CVE-2015-4803: Better JAXP data handling
  - S8076339, CVE-2015-4903: Better handling of remote object invocation
  - S8076383, CVE-2015-4835: Better CORBA exception handling
  - S8076387, CVE-2015-4882: Better CORBA value handling
  - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
  - S8076413, CVE-2015-4883: Better JRMP message handling
  - S8078427, CVE-2015-4842: More supportive home environment
  - S8078440: Safer managed types
  - S8080541: More direct property handling
  - S8080688, CVE-2015-4860: Service for DGC services
  - S8081744, CVE-2015-4868: Clear out list corner case
  - S8081760: Better group dynamics
  - S8086092. CVE-2015-4840: More palette improvements
  - S8086733, CVE-2015-4893: Improve namespace handling
  - S8087350: Improve array conversions
  - S8103671, CVE-2015-4805: More objective stream classes
  - S8103675: Better Binary searches
  - S8129611: Accessbridge error handling improvement
  - S8130078, CVE-2015-4911: Document better processing
  - S8130185: More accessible access switch
  - S8130193, CVE-2015-4806: Improve HTTP connections
  - S8130864: Better server identity handling
  - S8130891, CVE-2015-4843: (bf) More direct buffering
  - S8131291, CVE-2015-4872: Perfect parameter patterning
  - S8132042, CVE-2015-4844: Preserve layout presentation
* Strip packages again, Debian infrastruction is fixed. Closes: #775760.
  
   -- Matthias Klose   Wed, 21 Oct 2015 22:48:28 +0200
removed:
  debian/patches/make4-compatibility.diff
modified:
  corba.tar.xz
  debian/changelog
  debian/patches/kfreebsd-support-jdk.diff
  debian/rules
  hotspot-aarch64.tar.xz
  hotspot.tar.xz
  jaxp.tar.xz
  jaxws.tar.xz
  jdk.tar.xz
  langtools.tar.xz
  nashorn.tar.xz
  root.tar.xz


--
lp:~openjdk/openjdk/openjdk8
https://code.launchpad.net/~openjdk/openjdk/openjdk8

Your team Debian Java Maintainers is subscribed to branch 
lp:~openjdk/openjdk/openjdk8.
To unsubscribe from this branch go to 
https://code.launchpad.net/~openjdk/openjdk/openjdk8/+edit-subscription
=== modified file 'corba.tar.xz'
Binary files corba.tar.xz	2015-07-27 15:41:37 + and corba.tar.xz	2015-10-22 12:01:37 + differ
=== modified file 'debian/changelog'
--- debian/changelog	2015-10-19 13:33:45 +
+++ debian/changelog	2015-10-22 12:01:37 +
@@ -1,8 +1,36 @@
-openjdk-8 (8u66-b01-7) UNRELEASED; urgency=medium
+openjdk-8 (8u66-b17-1) unstable; urgency=high
 
+  * Update to 8u66-b01.
+  * Security fixes:
+- S8048030, CVE-2015-4734: Expectations should be consistent
+- S8068842, CVE-2015-4803: Better JAXP data handling
+- S8076339, CVE-2015-4903: Better handling of remote object invocation
+- S8076383, CVE-2015-4835: Better CORBA exception handling
+- S8076387, CVE-2015-4882: Better CORBA value handling
+- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
+- S8076413, CVE-2015-4883: Better JRMP message handling
+- S8078427, CVE-2015-4842: More supportive home environment
+- S8078440: Safer managed types
+- S8080541: More direct property handling
+- S8080688, CVE-2015-4860: Service for DGC services
+- S8081744, CVE-2015-4868: Clear out list corner case
+- S8081760: Better group dynamics
+- S8086092. CVE-2015-4840: More palette improvements
+- S8086733, CVE-2015-4893: Improve namespace handling
+- S8087350: Improve array conversions
+- S8103671, CVE-2015-4805: More objective stream classes
+- S8103675: Better Binary searches
+- S8129611: Accessbridge error handling improvement
+- S8130078, CVE-2015-4911: Document better processing
+- S8130185: More accessible access switch
+- S8130193, CVE-2015-4806: Improve HTTP connections
+- S8130864: Better server identity handling
+- S8130891, CVE-2015-4843: (bf) More direct buffering
+- S8131291, CVE-2015-4872: Perfect parameter patterning
+- S8132042, CVE-2015-4844: Preserve layout presentation
   * Strip packages again, Debian infrastruction is fixed. Closes: #775760.
 
- -- Matthias Klose   Mon, 19 Oct 2015 15:31:42 +0200
+ -- Matthias Klose   Wed, 21 Oct 2015 22:48:28 +0200
 
 openjdk-8 (8u66-b01-6) unstable; urgency=medium
 

=== modified file 'debian/patches/kfreebsd-support-jdk.diff'
--- debian/patches/kfreebsd-support-jdk.diff	2015-10-15 13:48:30 +
+++ debian/patches/kfreebsd-support-jdk.diff	2015-10-22 12:01:37 +
@@ -4282,6 +4282,8 @@
  
  #define pread64 pread
  #define pwrite64 pwrite
+Index: 

[Branch ~openjdk/openjdk/openjdk8] Rev 656: - fix changelog

[noreply]

revno: 656
committer: Matthias Klose 
branch nick: openjdk8
timestamp: Thu 2015-10-22 14:05:41 +0200
message:
   - fix changelog
modified:
  debian/changelog


--
lp:~openjdk/openjdk/openjdk8
https://code.launchpad.net/~openjdk/openjdk/openjdk8

Your team Debian Java Maintainers is subscribed to branch 
lp:~openjdk/openjdk/openjdk8.
To unsubscribe from this branch go to 
https://code.launchpad.net/~openjdk/openjdk/openjdk8/+edit-subscription
=== modified file 'debian/changelog'
--- debian/changelog	2015-10-22 12:01:37 +
+++ debian/changelog	2015-10-22 12:05:41 +
@@ -1,6 +1,6 @@
 openjdk-8 (8u66-b17-1) unstable; urgency=high
 
-  * Update to 8u66-b01.
+  * Update to 8u66-b17.
   * Security fixes:
 - S8048030, CVE-2015-4734: Expectations should be consistent
 - S8068842, CVE-2015-4803: Better JAXP data handling

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

[Branch ~openjdk/openjdk/openjdk7] Rev 597: openjdk-7 (7u85-2.6.1-6) unstable; urgency=high

[noreply]

revno: 597
committer: Matthias Klose 
branch nick: openjdk7
timestamp: Thu 2015-10-22 14:00:33 +0200
message:
  openjdk-7 (7u85-2.6.1-6) unstable; urgency=high
  
[ Tiago Stürmer Daitx ]
* Security fixes
  - S8048030, CVE-2015-4734: Expectations should be consistent
  - S8068842, CVE-2015-4803: Better JAXP data handling
  - S8076339, CVE-2015-4903: Better handling of remote object invocation
  - S8076383, CVE-2015-4835: Better CORBA exception handling
  - S8076387, CVE-2015-4882: Better CORBA value handling
  - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
  - S8076413, CVE-2015-4883: Better JRMP message handling
  - S8078427, CVE-2015-4842: More supportive home environment
  - S8078440: Safer managed types
  - S8080541: More direct property handling
  - S8080688, CVE-2015-4860: Service for DGC services
  - S8081744, CVE-2015-4868: Clear out list corner case
  - S8081760: Better group dynamics
  - S8086092. CVE-2015-4840: More palette improvements
  - S8086733, CVE-2015-4893: Improve namespace handling
  - S8087350: Improve array conversions
  - S8103671, CVE-2015-4805: More objective stream classes
  - S8103675: Better Binary searches
  - S8129611: Accessbridge error handling improvement
  - S8130078, CVE-2015-4911: Document better processing
  - S8130185: More accessible access switch
  - S8130193, CVE-2015-4806: Improve HTTP connections
  - S8130864: Better server identity handling
  - S8130891, CVE-2015-4843: (bf) More direct buffering
  - S8131291, CVE-2015-4872: Perfect parameter patterning
  - S8132042, CVE-2015-4844: Preserve layout presentation
* S6966259: Make PrincipalName and Realm immutable, required for S8048030
* S8078822: 8068842 fix missed one new file
  PrimeNumberSequenceGenerator.java
  
[ Matthias Klose ]
* Re-enable the atk bridge for releases with a fixed atk bridge.
  Again closes: #797595.
  
   -- Matthias Klose   Thu, 22 Oct 2015 00:42:34 +0200
added:
  patches/it-update-for-7u91-secwebrevs.diff
  patches/openjdk-7u91-backport-6966259-jdk.patch
  patches/openjdk-7u91-secwebrev-8048030-jdk.patch
  patches/openjdk-7u91-secwebrev-8068842-jaxp.patch
  patches/openjdk-7u91-secwebrev-8076339-jdk.patch
  patches/openjdk-7u91-secwebrev-8076383-corba.patch
  patches/openjdk-7u91-secwebrev-8076387-corba.patch
  patches/openjdk-7u91-secwebrev-8076392-corba.patch
  patches/openjdk-7u91-secwebrev-8076413-jdk.patch
  patches/openjdk-7u91-secwebrev-8078427-jaxp.patch
  patches/openjdk-7u91-secwebrev-8078427-jdk.patch
  patches/openjdk-7u91-secwebrev-8078440-jdk.patch
  patches/openjdk-7u91-secwebrev-8078822-jaxp.patch
  patches/openjdk-7u91-secwebrev-8080541-jdk.patch
  patches/openjdk-7u91-secwebrev-8080688-jdk.patch
  patches/openjdk-7u91-secwebrev-8081744-jdk.patch
  patches/openjdk-7u91-secwebrev-8081760-jdk.patch
  patches/openjdk-7u91-secwebrev-8086092-jdk.patch
  patches/openjdk-7u91-secwebrev-8086733-jaxp.patch
  patches/openjdk-7u91-secwebrev-8087350-jdk.patch
  patches/openjdk-7u91-secwebrev-8103671-jdk.patch
  patches/openjdk-7u91-secwebrev-8103675-jdk.patch
  patches/openjdk-7u91-secwebrev-8129611-jdk.patch
  patches/openjdk-7u91-secwebrev-8130078-jaxp.patch
  patches/openjdk-7u91-secwebrev-8130185-jdk.patch
  patches/openjdk-7u91-secwebrev-8130193-jdk.patch
  patches/openjdk-7u91-secwebrev-8130864-jdk.patch
  patches/openjdk-7u91-secwebrev-8130891-jdk.patch
  patches/openjdk-7u91-secwebrev-8131291-jdk.patch
  patches/openjdk-7u91-secwebrev-8132042-jdk.patch
modified:
  changelog
  control
  patches/kfreebsd-support-corba.diff
  patches/kfreebsd-support-hotspot.diff
  patches/kfreebsd-support-jamvm.diff
  patches/kfreebsd-support-jdk.diff
  patches/series
  rules
The size of the diff (25877 lines) is larger than your specified limit of 1000 
lines

--
lp:~openjdk/openjdk/openjdk7
https://code.launchpad.net/~openjdk/openjdk/openjdk7

Your team Debian Java Maintainers is subscribed to branch 
lp:~openjdk/openjdk/openjdk7.
To unsubscribe from this branch go to 
https://code.launchpad.net/~openjdk/openjdk/openjdk7/+edit-subscription

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

[Branch ~openjdk/openjdk/openjdk8] Rev 657: - add some cross build fixes.

[noreply]

revno: 657
committer: Matthias Klose 
branch nick: openjdk8
timestamp: Thu 2015-10-22 14:11:07 +0200
message:
   - add some cross build fixes.
modified:
  debian/rules


--
lp:~openjdk/openjdk/openjdk8
https://code.launchpad.net/~openjdk/openjdk/openjdk8

Your team Debian Java Maintainers is subscribed to branch 
lp:~openjdk/openjdk/openjdk8.
To unsubscribe from this branch go to 
https://code.launchpad.net/~openjdk/openjdk/openjdk8/+edit-subscription
=== modified file 'debian/rules'
--- debian/rules	2015-10-22 12:01:37 +
+++ debian/rules	2015-10-22 12:11:07 +
@@ -16,6 +16,7 @@
 DEB_HOST_GNU_TYPE	?= $(call vafilt,$(DPKG_VARS),DEB_HOST_GNU_TYPE)
 DEB_BUILD_GNU_TYPE	?= $(call vafilt,$(DPKG_VARS),DEB_BUILD_GNU_TYPE)
 DEB_HOST_ARCH		?= $(call vafilt,$(DPKG_VARS),DEB_HOST_ARCH)
+DEB_BUILD_ARCH		?= $(call vafilt,$(DPKG_VARS),DEB_BUILD_ARCH)
 DEB_HOST_ARCH_CPU	?= $(call vafilt,$(DPKG_VARS),DEB_HOST_ARCH_CPU)
 DEB_HOST_MULTIARCH	?= $(call vafilt,$(DPKG_VARS),DEB_HOST_MULTIARCH)
 
@@ -40,6 +41,9 @@
 hotspot_archs	= amd64 i386 arm64 ppc64 ppc64el kfreebsd-amd64 kfreebsd-i386
 # FIXME: use bootcycle builds for zero archs?
 bootcycle_build  = $(if $(filter $(DEB_HOST_ARCH), $(hotspot_archs)),yes)
+ifneq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
+  bootcycle_build  =
+endif
 
 shark_archs	= amd64 i386 kfreebsd-amd64 kfreebsd-i386
 # Shark build but just crash
@@ -294,15 +298,15 @@
   export CXX = g++-4.9
 else ifneq (,$(filter $(distrel),wily sid stretch))
   ifneq (,$(filter $(DEB_HOST_ARCH), $(hotspot_archs)))
-export CC = gcc-5
-export CXX = g++-5
+export CC = $(DEB_HOST_GNU_TYPE)-gcc-5
+export CXX = $(DEB_HOST_GNU_TYPE)-g++-5
   else
-export CC = gcc-4.9
-export CXX = g++-4.9
+export CC = $(DEB_HOST_GNU_TYPE)-gcc-4.9
+export CXX = $(DEB_HOST_GNU_TYPE)-g++-4.9
   endif
 else
-  export CC = gcc-5
-  export CXX = g++-5
+  export CC = $(DEB_HOST_GNU_TYPE)-gcc-5
+  export CXX = $(DEB_HOST_GNU_TYPE)-g++-5
 endif
 
 ifneq (,$(filter $(DEB_HOST_ARCH), armel armhf))
@@ -569,7 +573,11 @@
 ZERO_CONFIGURE_ARGS += --with-jvm-variants=zero
 
 DEFAULT_CONFIGURE_ARGS += --with-boot-jdk=$(BOOTJDK_HOME)
-ZERO_CONFIGURE_ARGS += --with-boot-jdk=$(CURDIR)/$(builddir)/$(sdkimg)
+ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
+  ZERO_CONFIGURE_ARGS += --with-boot-jdk=$(CURDIR)/$(builddir)/$(sdkimg)
+else
+  ZERO_CONFIGURE_ARGS += --with-boot-jdk=$(BOOTJDK_HOME)
+endif
 
 COMMON_CONFIGURE_ARGS += --disable-ccache
 
@@ -639,8 +647,16 @@
 	--with-extra-cxxflags='-fpermissive' \
 	--with-extra-ldflags='$(EXTRA_LDFLAGS_HS)'
 
-# FIXME: this, or use target ..., fix cross builds
-#CONFIGURE_ARGS += --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE)
+ifneq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
+  COMMON_CONFIGURE_ARGS += \
+	--build=$(DEB_BUILD_GNU_TYPE) \
+	--host=$(DEB_HOST_GNU_TYPE) \
+	--target=$(DEB_HOST_GNU_TYPE) \
+	BUILD_CC=$(subst $(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE),$(CC)) \
+	BUILD_LD=$(subst $(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE),$(CC)) \
+	BUILD_CXX=$(subst $(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE),$(CXX)) \
+
+endif
 
 # (most) jre and jdk tools handled by the alternatives system.
 # dups in heimdal-clients, krb5-user: kinit, klist, ktab, no alternatives

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#802716: libjetty-extra-java: Jasper symlinks are broken after switch to tomcat7

[Hans Joachim Desserud]

Package: libjetty-extra-java
Version: 6.1.26-5
Severity: important

Dear Maintainer,

Some time back (version 6.1.26-2), jetty switched dependencies from
tomcat6 to tomcat7. Things seemed to be working fine and I don't see
any tomcat-related entries in the changelog since then.

However, there was recently a bug report for the Ubuntu package
which points out that some of the symlinks from libjetty-extra-java
no longer works with tomcat7.

The package install the following symlinks:
$ ls -l /usr/share/jetty/lib/jsp-2.1/
total 0
lrwxrwxrwx 1 root root 21 Jun  4 08:39 ant.jar -> ../../../java/ant.jar
lrwxrwxrwx 1 root root 30 Jun  4 08:39 ant-launcher.jar -> 
../../../java/ant-launcher.jar
lrwxrwxrwx 1 root root 27 Jun  4 08:39 commons-el.jar -> 
../../../java/jasper-el.jar
lrwxrwxrwx 1 root root 28 Jun  4 08:39 el-api.jar -> 
../../../java/el-api-2.1.jar
lrwxrwxrwx 1 root root 24 Jun  4 08:39 jasper.jar -> 
../../../java/jasper.jar
lrwxrwxrwx 1 root root 32 Jun  4 08:39 jcl-over-slf4j.jar -> 
../../../java/jcl-over-slf4j.jar
lrwxrwxrwx 1 root root 29 Jun  4 08:39 jsp-api.jar -> 
../../../java/jsp-api-2.1.jar
lrwxrwxrwx 1 root root 27 Jun  4 08:39 slf4j-api.jar -> 
../../../java/slf4j-api.jar
lrwxrwxrwx 1 root root 30 Jun  4 08:39 slf4j-simple.jar -> 
../../../java/slf4j-simple.jar
lrwxrwxrwx 1 root root 29 Jun  4 08:39 tomcat-juli.jar -> 
../../../java/tomcat-juli.jar
lrwxrwxrwx 1 root root 28 Jun  4 08:39 xercesImpl.jar -> 
../../../java/xercesImpl.jar
lrwxrwxrwx 1 root root 31 Jun  4 08:39 xmlParserAPIs.jar -> 
../../../java/xmlParserAPIs.jar


Of these, commons-el.jar and jasper.jar have broken symlinks. The
reporter tried to point them to the corresponding tomcat7 jars, but
ran into different problems. Please see
https://bugs.launchpad.net/ubuntu/+source/jetty/+bug/1508562
for more information.

As a side note, the package was naturally synced to the development
release of Ubuntu at the time. However, due to conflicts when
attempting to install packages depending on different tomcat
versions, the patch was also applied as a stable release upgrade.
The transition patch looked rather small and fixed the dependencies,
so everything seemed fine up until now.

I've since verified that this symlink issue affects not only that
release, but also later Ubuntu releases and Debian Sid. So I believe
that we need to resolve this and once we have a solution look at
whether that should be applied for older releases too (might be
relevant in both Debian- and Ubuntu-land).

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libjetty-extra-java depends on:
ii  ant   
1.9.6-1
ii  libgeronimo-jta-1.1-spec-java [libgeronimo-jta-1.0.1b-spec-java]  
1.1.1-3
ii  libjetty-java 
6.1.26-5
ii  libmail-java  
1.5.3-1
ii  libslf4j-java 
1.7.12-2
ii  libtomcat7-java   
7.0.64-1
ii  libxerces2-java   
2.11.0-7


Versions of packages libjetty-extra-java recommends:
ii  libjetty-extra  6.1.26-5

Versions of packages libjetty-extra-java suggests:
pn  jetty  

-- no debconf information


--
mvh / best regards
Hans Joachim Desserud
http://desserud.org

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libjson-java_2.4-1_amd64.changes

[Debian FTP Masters]

libjson-java_2.4-1_amd64.changes uploaded successfully to localhost
along with the files:
  libjson-java_2.4-1.dsc
  libjson-java_2.4.orig.tar.xz
  libjson-java_2.4-1.debian.tar.xz
  libjson-java_2.4-1_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libjson-java_2.4-1_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 22 Oct 2015 23:34:54 +0200
Source: libjson-java
Binary: libjson-java
Architecture: source all
Version: 2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libjson-java - library for transforming Java objects and XML to JSON and back 
ag
Changes:
 libjson-java (2.4-1) unstable; urgency=medium
 .
   * New upstream release
   * Standards-Version updated to 3.9.6 (no changes)
   * Use XZ compression for the upstream tarball
   * Moved the package to Git
Checksums-Sha1:
 ec9647f08e529a8d1c2edfbb6e82957df27ab1f9 2213 libjson-java_2.4-1.dsc
 d1c9aaa37eef7c8b76ed0cef8f6e56c0763cff08 51936 libjson-java_2.4.orig.tar.xz
 3c7150c4307707f6d6be4d4a7e40b7d5ebede941 3496 libjson-java_2.4-1.debian.tar.xz
 22a5c21acf402ee719304ef86a0e1d369a37aaa0 124704 libjson-java_2.4-1_all.deb
Checksums-Sha256:
 85abd610660cafc303041fd173f134d995c275d954f7cf3af3f0266037ba967d 2213 
libjson-java_2.4-1.dsc
 2d1efba89953fea8d0883d41e9422ebb5b498f310e2f8275fc0bfc8ef4d0baf0 51936 
libjson-java_2.4.orig.tar.xz
 d482af35de7f351d3433d9e2d9f3844dbe6b199e6c51f87f14c77190ed89c135 3496 
libjson-java_2.4-1.debian.tar.xz
 427510b55dc5e5ef9e5e758a924c6160c003c74e9be23c2bf6212a3e474ca63a 124704 
libjson-java_2.4-1_all.deb
Files:
 6807c7abc260eb94cc84df7f31f3dc2f 2213 java optional libjson-java_2.4-1.dsc
 1b59ce1957040216592c560817b5537b 51936 java optional 
libjson-java_2.4.orig.tar.xz
 ed56f3a7404b83360ca9b870646eb278 3496 java optional 
libjson-java_2.4-1.debian.tar.xz
 e27b698e739fe4fc07709d440a2fc7c4 124704 java optional 
libjson-java_2.4-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWKWl2AAoJEPUTxBnkudCsCLsQAKB5BnzX8NnwlH+LuJ0c7HEr
zKVIgRXebW8zPZLk6NTtfL++a/1UONUtaKOfkreD9YBeExzEjN5HFf6Oupku0nih
AVvei9gZ9OrPdY83iEauGdn/CSg5B/ldIu8JHJG3ndXA9o6LwTihWtQln/rauSlF
EeCJnGrkRWIjH7vPdvLSSjXyO7euVNzR4765O5foPOrfFVTzpY+MdGw8P7nlD479
c7V9qC2eaYarU4njojZJeE2E2IKSJ0ozjilFBXdfT6ZlAWG9ZqcuxiBZN5o5kVfy
5r/+gwHcuA4KGB4r9ZnLs8zKOt0kk04QEx56XPUwLgOfJlfir4EndlIamJjSxf0Z
WOwmV4b2Sb8LR7YCqx6RFiP0H25wMy++kWsGwY9ViyNYyh/5fTkfxNntfUqLVscd
Q8C2uKNdv3n0coGSOeq++mhAgFXBML2jBbB28exEDSLux5tbiStMmOkYKFv1WW4p
p3bNfuuAnWts/8GY1DKUaC67/uPHUMZJSYsj7mP/2wV8qSU9F2QGgvAD22tVxr93
pFUCKzEIIdlZD9zqdO3pk1RkpBQiESLaj1skvX79zyb4eh+6c1xKuxDGuZGj0PhX
nx1Kgdg5Y2f4FhncuSt5u72BDhJUNYmkGPVwgNt9PlIMqp/aS3EUY4iGXmGuYZtl
UPcIhjO9ixREwqYNh1C3
=WE1s
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reproducible.debian.net status changes for libspring-java

[Reproducible builds folks]

2015-10-22 16:42 https://reproducible.debian.net/unstable/amd64/libspring-java 
changed from unreproducible -> FTBFS
2015-10-22 18:52 https://reproducible.debian.net/unstable/amd64/libspring-java 
changed from FTBFS -> unreproducible

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libspring-java_3.2.13-4_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 21 Oct 2015 23:32:19 +0200
Source: libspring-java
Binary: libspring-core-java libspring-beans-java libspring-aop-java 
libspring-context-java libspring-context-support-java libspring-web-java 
libspring-web-servlet-java libspring-web-portlet-java libspring-test-java 
libspring-transaction-java libspring-jdbc-java libspring-jms-java 
libspring-orm-java libspring-expression-java libspring-oxm-java 
libspring-instrument-java
Architecture: source all
Version: 3.2.13-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libspring-aop-java - modular Java/J2EE application framework - AOP
 libspring-beans-java - modular Java/J2EE application framework - Beans
 libspring-context-java - modular Java/J2EE application framework - Context
 libspring-context-support-java - modular Java/J2EE application framework - 
Context Support
 libspring-core-java - modular Java/J2EE application framework - Core
 libspring-expression-java - modular Java/J2EE application framework - 
Expression language
 libspring-instrument-java - modular Java/J2EE application framework - 
Instrumentation
 libspring-jdbc-java - modular Java/J2EE application framework - JDBC tools
 libspring-jms-java - modular Java/J2EE application framework - JMS tools
 libspring-orm-java - modular Java/J2EE application framework - ORM tools
 libspring-oxm-java - modular Java/J2EE application framework - Object/XML 
Mapping
 libspring-test-java - modular Java/J2EE application framework - Test helpers
 libspring-transaction-java - modular Java/J2EE application framework - 
transaction
 libspring-web-java - modular Java/J2EE application framework - Web
 libspring-web-portlet-java - modular Java/J2EE application framework - Portlet 
MVC
 libspring-web-servlet-java - modular Java/J2EE application framework - Web 
Portlet
Changes:
 libspring-java (3.2.13-4) unstable; urgency=medium
 .
   * Team upload.
   * Fixed the build failure with Quartz 1.8.6
   * Fixed a compatibility issue with Gradle 2
   * Build with gradle-debian-helper
   * Removed the compatibility patches for Gradle < 1.7
   * Removed the dependency on the Servlet API from the binary packages
Checksums-Sha1:
 645d2d4aa1e9822eaf772da48c5c5236b9b82e04 4783 libspring-java_3.2.13-4.dsc
 ba5c81a4bde814b5d649ed5dcd550e46738284df 17824 
libspring-java_3.2.13-4.debian.tar.xz
 cca956129fb4572b809260f36e1f86f69d2984fa 336512 
libspring-aop-java_3.2.13-4_all.deb
 509ea49a415b05f3466ab793bdc27f0cb6ddf1dd 552056 
libspring-beans-java_3.2.13-4_all.deb
 f63a271462ca7e5bd347550fd3a933343703e8bf 752890 
libspring-context-java_3.2.13-4_all.deb
 3cd985b0a67d7aad58a77a440572133dddfb9731 123850 
libspring-context-support-java_3.2.13-4_all.deb
 f2fc9254ba3f10173267acfea7ef3592aa3dfd34 794792 
libspring-core-java_3.2.13-4_all.deb
 e5b2a9bc235dffaffb190653f5143fc3ca8a2c67 184586 
libspring-expression-java_3.2.13-4_all.deb
 adbfbc22650aaff1b11ff0b3c8164fdd01487a26 19480 
libspring-instrument-java_3.2.13-4_all.deb
 9fc5d0bc75f078ae327202c751b1f398b0b5726a 361358 
libspring-jdbc-java_3.2.13-4_all.deb
 6248f09c4f65c2f263b2114db9dc98311d2e55db 190978 
libspring-jms-java_3.2.13-4_all.deb
 e8bfe17e35deed884529ff6e64518ad4f29565ef 314074 
libspring-orm-java_3.2.13-4_all.deb
 8bedd45e53f064565a923352d7b0baa550112aae 77256 
libspring-oxm-java_3.2.13-4_all.deb
 5841737b72be4559bc3438bc64dd7fa99e088616 238466 
libspring-test-java_3.2.13-4_all.deb
 10a9c02084729fae08cbc17bd4db887920aa86d5 206700 
libspring-transaction-java_3.2.13-4_all.deb
 036c8e85a739572be39d155eb64f28ce3a548829 558860 
libspring-web-java_3.2.13-4_all.deb
 e04d8f229496932a06a622043c63dd57a30d65ec 175876 
libspring-web-portlet-java_3.2.13-4_all.deb
 3ea62df662d577510126fa807f7de3c7d92844e9 565130 
libspring-web-servlet-java_3.2.13-4_all.deb
Checksums-Sha256:
 466ed3ecbb3687c0a94777fe1b576b9a4c1756855c4b2491cbb6e574309cb4b8 4783 
libspring-java_3.2.13-4.dsc
 c09e78aa01d45b54d105c98d635a2fee621f6fdb8792d5f01c1f1f530660d85c 17824 
libspring-java_3.2.13-4.debian.tar.xz
 0eee610a1b9d8e79a52a58689ae9bdc384296287165e663b89c162bdb2e31a5c 336512 
libspring-aop-java_3.2.13-4_all.deb
 410b8345e31c7bf426445f7a634fd723e74120d7ed2049e5feb71a1db628b55e 552056 
libspring-beans-java_3.2.13-4_all.deb
 2d3dcb8f88c07904c71cdc479af5a9e30b26e28aedf411d52197be41520762d4 752890 
libspring-context-java_3.2.13-4_all.deb
 a9a7d13e9d3bdd1212e515ab67fad383940d6d1754721a03c4c901633c6b0952 123850 
libspring-context-support-java_3.2.13-4_all.deb
 2a8b9aa46a312695bdb82d9edd6763b6a3739018daf98c8f34996fef8e4f7eac 794792 
libspring-core-java_3.2.13-4_all.deb
 9f0933afe5771be805dbefbab3e18998e042cb96caa0d3895ba89c2f21254787 184586 
libspring-expression-java_3.2.13-4_all.deb
 6432e34660f2c9f468ed1d33ba8b6da4a4fb662159577f65c0c2b55186392dee 19480 
libspring-instrument-java_3.2.13-4_all.deb
 

geronimo-jta-1.2-spec_1.0~alpha-1-1_amd64.changes ACCEPTED into unstable, unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 21 Oct 2015 23:13:05 +0200
Source: geronimo-jta-1.2-spec
Binary: libgeronimo-jta-1.2-spec-java
Architecture: source all
Version: 1.0~alpha-1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libgeronimo-jta-1.2-spec-java - Apache Geronimo JTA 1.2 API
Closes: 802629
Changes:
 geronimo-jta-1.2-spec (1.0~alpha-1-1) unstable; urgency=medium
 .
   * Initial release (Closes: #802629)
Checksums-Sha1:
 ceba7490667b514a58fb3acb19c29523c8ab8d33 2253 
geronimo-jta-1.2-spec_1.0~alpha-1-1.dsc
 05c6d5e9c1ce13c765d520542b07519c6d651541 7476 
geronimo-jta-1.2-spec_1.0~alpha-1.orig.tar.xz
 f6f6815cf39d995c2f8dcb93a45183018a837433 3052 
geronimo-jta-1.2-spec_1.0~alpha-1-1.debian.tar.xz
 d78b57954823dfe0f68c40ea3dd47409b30a5b28 13524 
libgeronimo-jta-1.2-spec-java_1.0~alpha-1-1_all.deb
Checksums-Sha256:
 7a2f1fd21e176ab08841b0b47ffb576c00f8a6f406978e5c0dbc4b0a9e3e52b0 2253 
geronimo-jta-1.2-spec_1.0~alpha-1-1.dsc
 b447ffdc0076ef2e306ea0c24c791e11aa2e9a2beb6c86497ab821dcd00ff46f 7476 
geronimo-jta-1.2-spec_1.0~alpha-1.orig.tar.xz
 b6e85b2eb36bce70153ede4ac33ff8163876d8cc136ad60174db90482d85028c 3052 
geronimo-jta-1.2-spec_1.0~alpha-1-1.debian.tar.xz
 5282ca51b1181ac0ac3284540622bb00534436678825f5ab21b9f4f0e513ce29 13524 
libgeronimo-jta-1.2-spec-java_1.0~alpha-1-1_all.deb
Files:
 dab51c04ed0ec33b7a318a9884fcb969 2253 java optional 
geronimo-jta-1.2-spec_1.0~alpha-1-1.dsc
 c275bfa78ac70e9e6220e0f35616cf2a 7476 java optional 
geronimo-jta-1.2-spec_1.0~alpha-1.orig.tar.xz
 dbf0885b27dae686bc4a5999c80b4a7c 3052 java optional 
geronimo-jta-1.2-spec_1.0~alpha-1-1.debian.tar.xz
 04f4989e2e4787a90118d0dd213e6366 13524 java optional 
libgeronimo-jta-1.2-spec-java_1.0~alpha-1-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWKACsAAoJEPUTxBnkudCs+cgQAJZF+X8ozsbr3hPaFCjjKt+L
KJxH4ou/RuI3tdnWVrop8MmAymI+ZZJLyop9eAL43dWlnL21iqIj/HTP9xGIuWh2
2UinOjatIfjpKZjGe/ND4WH9+psrZ3MOLydPFI9El80LQ7A4JIVtcaOD4zWsYMpQ
qNGfBIe8//2eFVjRzNrSzcXZM7jTdEBAaydC5BLGKdqHb28g95WsbDjRsV563wE+
TlVdQt0SXzdTcx+hXvF0erUtFOcarp5v7LEAzh85XnXtO1c64jdQbUM9nBPqazw9
y6oRPFAlrnD2qlxArQjn8AvoZBYUdLmtacTZ3YYbJbkjrUBd9XHhcpuJzMlPLyYA
2REQFEQh2HrJgt4Bif13Vs5hCJckfSMtXzuKbueSidpJy+vnJQlcPtUlJEErjrUT
AFNrUMpUb175NDHNDkrb+mX+yI7hWAeIQbbmDKNtNmRZT3WQaUyxXpjnoVYS1fG0
w4qDJHr/eVT+KcTaPx4yxTYIGJ4b7ByOaP5O5xfAqONCebxbAirkv1beqaf33vNS
9Er9oI9JxAATlRHTBdNcLodOE5gThClEXewlHQEDopDqDT7H/AasVshxE3FRvkF+
OuMFEaanK2LT8LhYtTQVgQUpSKCr9/PeKx3oV5t9bRm+Z+v8UNagAiK2EZmQScEn
3q1LUMJYcF2gaQdTlBLv
=m12B
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#802671: bouncycastle: ECC private keys can be recovered via invalid curve attack

[Raphaël Hertzog]

Source: bouncycastle
Version: 1.44+dfsg-2
Severity: serious
Tags: security
Control: fixed -1 1.51-1

Hello,

bouncycastle 1.49 in stable/testing/unstable (and 1.44 in wheezy/squeeze)
is vulnerable to an invalid curve attack as described here:
https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html

This is fixed in version 1.51 (in experimental).

The upstream patches that fix this issue should be those ones:
https://github.com/bcgit/bc-java/commit/5cb2f05
https://github.com/bcgit/bc-java/commit/e25e94a

A CVE has been requested here:
http://www.openwall.com/lists/oss-security/2015/10/22/7

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#581790: marked as done (libapache2-mod-jk: tomcat auto-configure could be easier)

[Debian Bug Tracking System]

Your message dated Fri, 23 Oct 2015 03:46:03 +0200
with message-id <1976896.OHRq8Vx7hr@bagend>
and subject line Closing bug
has caused the Debian Bug report #581790,
regarding libapache2-mod-jk: tomcat auto-configure could be easier
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
581790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libapache2-mod-jk
Version: 1:1.2.28-2
Severity: wishlist

webserver_howto/apache.html of libapache-mod-jk-doc describes how to connect
apache2 and tomcat. According to that page in the "Using Tomcat auto-configure"
 section it should be as simple as adding the following line to the Engine tag 
of the /etc/tomcat6/server.xml :
  

Doing that and restarting tomcat6 results in a failure, since it tries to write 
files to locations in which it can't write since they don't exist.

I got it working file the following Listener tag:
  

The link to the "Tomcat docs website" in that section was quite helpful though.

After I'd figured it out, I read the README.Debian which pointed to the 
httpd_example_apache2.conf, but that explains the/a debian way to use 
"Custom mod_jk configuration". But in my situation I have both apache2 and
tomcat on the same machine, so I went for the auto-configure variant.

There are a couple of ways to fix this and I'll leave it up to the maintainers 
to choose which one(s).
1. Update libapache-mod-jk-doc to mention that auto-configure doesn't work as 
   described there and the user should use the custom configuration option. 
   Optionally mention the README.Debian there, since I/most people(?) expect
   to find all info in a -doc package. 
   Note 1: If it applies to tomcat6 as well, please mention that. If not please
   specify what to do when using tomcat6.
   Note 2: libapache2-mod-jk-doc would make for a more logical package name IMO.
2. Use debconf or sth like that to set the package up (including 
   workers.properties, see below for my workers.java_home value).
3. Extend the README.Debian, so it includes the configuration for 
auto-configure.
4. Provide a manpage for this package which explains how to set it up. For help 
   that's the first place to check I thought. It wasn't until later that I 
found 
   the README.Debian.

If you have question or need more info, don't hesitate to ask.

Regards,
  Diederik

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libapache2-mod-jk depends on:
ii  apache2-mpm-prefork [apache2] 2.2.15-5   Apache HTTP Server - traditional n
ii  apache2.2-common  2.2.15-5   Apache HTTP Server common files
ii  libc6 2.10.2-8   Embedded GNU C Library: Shared lib

libapache2-mod-jk recommends no packages.

Versions of packages libapache2-mod-jk suggests:
ii  libapache-mod-jk-doc  1:1.2.28-2 Documentation of libapache2-mod-jk
ii  tomcat6   6.0.26-1   Servlet and JSP engine

-- Configuration Files:
/etc/libapache2-mod-jk/workers.properties changed:
workers.tomcat_home=/usr/share/tomcat6
workers.java_home=/usr/lib/jvm/java-6-sun
ps=/
worker.list=ajp13_worker
worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13
worker.ajp13_worker.lbfactor=1
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=ajp13_worker


-- no debconf information


--- End Message ---
--- Begin Message ---
I'm hereby closing the bug as it was a user error and furthermore I have no 
interest in this package/bug anymore.

signature.asc
Description: This is a digitally signed message part.
--- End Message ---
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: bouncycastle: ECC private keys can be recovered via invalid curve attack

[Debian Bug Tracking System]

Processing control commands:

> fixed -1 1.51-1
Bug #802671 [src:bouncycastle] bouncycastle: ECC private keys can be recovered 
via invalid curve attack
Marked as fixed in versions bouncycastle/1.51-1.

-- 
802671: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libgpars-groovy-java 1.2.1-4 MIGRATED to testing

[Debian testing watch]

FYI: The status of the libgpars-groovy-java source package
in Debian's testing distribution has changed.

  Previous version: 1.2.1-3
  Current version:  1.2.1-4

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

felix-main 5.0.0-2 MIGRATED to testing

[Debian testing watch]

FYI: The status of the felix-main source package
in Debian's testing distribution has changed.

  Previous version: 5.0.0-1
  Current version:  5.0.0-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

gradle-debian-helper 1.1 MIGRATED to testing

[Debian testing watch]

FYI: The status of the gradle-debian-helper source package
in Debian's testing distribution has changed.

  Previous version: (not in testing)
  Current version:  1.1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

[bts-link] source package jackrabbit

[bts-link-upstream]

#
# bts-link upstream status pull for source package jackrabbit
# see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
#

user bts-link-upstr...@lists.alioth.debian.org

# remote status report for #800993 (http://bugs.debian.org/800993)
# Bug title: jackrabbit: depends on obsolete libcommons-httpclient-java library
#  * http://issues.apache.org/jira/browse/JCR-3912
#  * remote status changed: Open -> Resolved
#  * remote resolution changed: (?) -> Duplicate
#  * closed upstream
tags 800993 + fixed-upstream
usertags 800993 - status-Open
usertags 800993 + status-Resolved resolution-Duplicate

thanks

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: [bts-link] source package jackrabbit

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package jackrabbit
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> #
> user bts-link-upstr...@lists.alioth.debian.org
Setting user to bts-link-upstr...@lists.alioth.debian.org (was 
bts-link-de...@lists.alioth.debian.org).
> # remote status report for #800993 (http://bugs.debian.org/800993)
> # Bug title: jackrabbit: depends on obsolete libcommons-httpclient-java 
> library
> #  * http://issues.apache.org/jira/browse/JCR-3912
> #  * remote status changed: Open -> Resolved
> #  * remote resolution changed: (?) -> Duplicate
> #  * closed upstream
> tags 800993 + fixed-upstream
Bug #800993 [jackrabbit] jackrabbit: depends on obsolete 
libcommons-httpclient-java library
Added tag(s) fixed-upstream.
> usertags 800993 - status-Open
Usertags were: status-Open.
Usertags are now: .
> usertags 800993 + status-Resolved resolution-Duplicate
There were no usertags set.
Usertags are now: status-Resolved resolution-Duplicate.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
800993: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800993
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jeromq_0.3.5-1_amd64.changes ACCEPTED into unstable, unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 19 Oct 2015 09:37:49 +0200
Source: jeromq
Binary: libjeromq-java
Architecture: source all
Version: 0.3.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libjeromq-java - Java implementation of the ZeroMQ messaging library
Closes: 802279
Changes:
 jeromq (0.3.5-1) unstable; urgency=medium
 .
   * Initial release (Closes: #802279)
Checksums-Sha1:
 030e5f21c66026a5376b79817170223f3d47dd41 1996 jeromq_0.3.5-1.dsc
 62c6ea3793a6adc711c46c64533237dc79667bad 230798 jeromq_0.3.5.orig.tar.gz
 31d876ee7cac34f08455aaa0ca10ce7acc1af455 2912 jeromq_0.3.5-1.debian.tar.xz
 c449a3dfa9731b0d7e3c2a9e0a5e28d71375952a 229516 libjeromq-java_0.3.5-1_all.deb
Checksums-Sha256:
 e032f097a22a50199d15c3a9a42b9f1685cc1f57f7620347946f1fbbb496c32c 1996 
jeromq_0.3.5-1.dsc
 3f1fddf982de73b8a63b6051017a6a0945cfab036e0b7a858152d748c755d736 230798 
jeromq_0.3.5.orig.tar.gz
 2a4cbcfe6f7e14ae15f0b34502f42721176c1f22c86190482c8b79e4e42f225a 2912 
jeromq_0.3.5-1.debian.tar.xz
 12abb931bfd2a04634e2a744facff7055ee825b91f36f8e50b838f022d2338b3 229516 
libjeromq-java_0.3.5-1_all.deb
Files:
 8eb99eead6d2c84111c875585f50e901 1996 java optional jeromq_0.3.5-1.dsc
 fae2f1502353db7ce7f34fd1b0012709 230798 java optional jeromq_0.3.5.orig.tar.gz
 c6af5d315f998ef1c23047110afd35d7 2912 java optional 
jeromq_0.3.5-1.debian.tar.xz
 cd5cf22d955b5777f72491192d896845 229516 java optional 
libjeromq-java_0.3.5-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWJJ/6AAoJEPUTxBnkudCsv18P/2+18WYGxHBxpLgj0Z3vQeqd
ECJUG0/21f4jTw5KLPZNqFnqFxPFwD9gZ2YgkRVknwciSre4WQ46puDv7tVK6WO4
yszjRzazCa8kQqafewvtUiS7K0xPJ8ux+YO0qvNDseAd9HtnRZ0dQGcHs7KKfpny
dOsBKmpnqPThxRAKUlxrTcw1i1ZUAeXRe+15sfQiNTArIBvZ8bFPeXF5QRGpn1CH
/nD/npuNHC4XovO/q88Ntu44k6UdP5Kv6DLUH1/1wG++JbvEJHH9HsedFAnZYCpC
du3TK3/cQ7g5u1Nea52J+7h3sZg0XCLSBhFa1rvWJaZDsxzXGUi40xPcLdnZrKW0
YlLOzse2m7edLbD7ANIY5zbkP/xClbvZgx0DwpOBrcL1uxhXIGw2VVma7ipAm87u
OXem/AH8Ci8MHLmQMv5/LR8xrgy0BiipEPr1AACq7bH3RtMMDyIymvkOtezpayAH
ogw69yUqdFBdObXd9IbAohncKeOMcNh00tqW34VQUReMv3pyCkEcHibeO8XAc+ST
cfKyZlVKH7w2vJBPqkVvXisxYRM/MoukNkJH6wB+IOO/a8b3WHo5vLVOBhBtcXeN
hgjXQ6E2rd8nmXZzLyowU1OcTNgp9wizM8mLRzNBnWd+xlDMtpBRi0VxuhlUl9rg
nxmHULKJQVR6hpXcfAV3
=+d/8
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.