Bug#1071642: marked as done (javatools: Build-Depends on orphaned, RC-buggy markdown)
Your message dated Sun, 02 Jun 2024 17:20:32 + with message-id and subject line Bug#1071642: fixed in javatools 0.80 has caused the Debian Bug report #1071642, regarding javatools: Build-Depends on orphaned, RC-buggy markdown to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1071642: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071642 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: javatools Version: 0.79 Severity: important X-Debbugs-Cc: tmanc...@debian.org, ebo...@apache.org The package Build-Depends on markdown, which is orphaned and RC-buggy. javatools makes it a key package, which is the reason for it not being auto-removed. Please consider applying the attached patch to depend on python3-markdown instead.diff -Nru javatools-0.79/debian/changelog javatools-0.79+nmu1/debian/changelog --- javatools-0.79/debian/changelog 2023-07-29 05:15:46.0 + +++ javatools-0.79+nmu1/debian/changelog2024-05-22 19:34:53.0 + @@ -1,3 +1,10 @@ +javatools (0.79+nmu1) unstable; urgency=medium + + * Non-maintainer upload + * Replace orphaned Build-Depends: markdown with python3-markdown + + -- Bastian Germann Wed, 22 May 2024 19:34:53 + + javatools (0.79) unstable; urgency=medium [ Vladimir Petko ] diff -Nru javatools-0.79/debian/control javatools-0.79+nmu1/debian/control --- javatools-0.79/debian/control 2023-07-29 05:15:46.0 + +++ javatools-0.79+nmu1/debian/control 2024-05-22 19:32:21.0 + @@ -11,7 +11,7 @@ libtest-minimumversion-perl, libtest-perl-critic-perl, libtest-strict-perl, - markdown, + python3-markdown, perl Rules-Requires-Root: no Standards-Version: 4.6.2 diff -Nru javatools-0.79/debian/rules javatools-0.79+nmu1/debian/rules --- javatools-0.79/debian/rules 2023-07-29 05:15:46.0 + +++ javatools-0.79+nmu1/debian/rules2024-05-22 19:30:19.0 + @@ -38,7 +38,7 @@ # jarwrapper pod-based manpages $(POD2MAN) -s 1 jarwrapper.pod tmp.jarwrapper/jarwrapper.1 $(POD2MAN) -s 1 jardetector.pod tmp.jarwrapper/jardetector.1 - markdown --html4tags tutorial.txt | \ + markdown_py -o html tutorial.txt | \ cat tutorial-header.html - tutorial-footer.html > tutorial.html runtests: jh_lib.sh --- End Message --- --- Begin Message --- Source: javatools Source-Version: 0.80 Done: tony mancill We believe that the bug you reported is fixed in the latest version of javatools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1071...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill (supplier of updated javatools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 02 Jun 2024 09:42:31 -0700 Source: javatools Architecture: source Version: 0.80 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: tony mancill Closes: 1071642 Changes: javatools (0.80) unstable; urgency=medium . [ Bastian Germann ] * Replace orphaned Build-Depends: markdown with python3-markdown (Closes: #1071642) . [ tony mancill ] * Bump Standards-Version to 4.7.0 Checksums-Sha1: 9dd84b3c9e9d6476208f5c2edcf204330d44d010 1940 javatools_0.80.dsc fdaf5cb54ead88ed0edc3869b47dcdfdde45dbc2 53608 javatools_0.80.tar.xz 3225fcce9fbe6e246224f6856cdcddeec93c7442 12162 javatools_0.80_amd64.buildinfo Checksums-Sha256: 0b355c83a4eb1b2046e035c6981f7ee9577c6037cfded7a38c1d3cad95bb9924 1940 javatools_0.80.dsc b3fc6f973c0e3474dcba130415eff75907249fd0c44291bf465587b5e5cbd449 53608 javatools_0.80.tar.xz a00d762a65d40a72759d97e84778fb96fc6634ce601038b160192ccb146358aa 12162 javatools_0.80_amd64.buildinfo Files: 0bfc0c81edff4c04a11ac442d7405dc7 1940 java optional javatools_0.80.dsc 07ec16e9ee6bcfebcce421e6b5e7e6e4 53608 java optional javatools_0.80.tar.xz b226d6fe02262ad12f6e1d5bae863737 12162 java optional javatools_0.80_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmZcol0UHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpbcVA//Q1/Fb+IT8fROPs5MkcwMmwJTDyxJ ynBLjROL
Processed: tagging 1072123, bug 1072123 is forwarded to https://github.com/json-path/JsonPath/issues/973
Processing commands for cont...@bugs.debian.org: > tags 1072123 + upstream Bug #1072123 [src:jayway-jsonpath] jayway-jsonpath: CVE-2023-51074 Ignoring request to alter tags of bug #1072123 to the same tags previously set > forwarded 1072123 https://github.com/json-path/JsonPath/issues/973 Bug #1072123 [src:jayway-jsonpath] jayway-jsonpath: CVE-2023-51074 Set Bug forwarded-to-address to 'https://github.com/json-path/JsonPath/issues/973'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1072123: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072123 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: tagging 1072124, bug 1072124 is forwarded to ttps://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 ...
Processing commands for cont...@bugs.debian.org: > tags 1072124 + upstream Bug #1072124 [src:gnome-shell] gnome-shell: CVE-2024-36472 Added tag(s) upstream. > forwarded 1072124 ttps://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 Bug #1072124 [src:gnome-shell] gnome-shell: CVE-2024-36472 Changed Bug forwarded-to-address to 'ttps://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688' from 'https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688'. > tags 1070377 + upstream Bug #1070377 [src:frr] frr: CVE-2024-34088 Ignoring request to alter tags of bug #1070377 to the same tags previously set > tags 1072125 + upstream Bug #1072125 [src:frr] frr: CVE-2024-31949 Added tag(s) upstream. > tags 1072126 + upstream Bug #1072126 [src:frr] frr: CVE-2024-31948 Added tag(s) upstream. > tags 1072123 + upstream Bug #1072123 [src:jayway-jsonpath] jayway-jsonpath: CVE-2023-51074 Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 1070377: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070377 1072123: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072123 1072124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072124 1072125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072125 1072126: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072126 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1039985: marked as done (libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid)
Your message dated Sat, 25 May 2024 11:32:37 + with message-id and subject line Bug#1039985: fixed in json-smart 2.2-2+deb11u1 has caused the Debian Bug report #1039985, regarding libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libjson-smart-java Version: 2.2-2 Severity: serious Tags: bullseye bookworm trixie sid User: debian...@lists.debian.org Usertags: piuparts X-Debbugs-Cc: Bastien Roucariès Hi, during a test with piuparts I noticed your package cannot be upgraded from buster-lts to any newer release since buster-lts has a version newer than any later release: json-smart | 2.2-1 | stretch | source json-smart | 2.2-2 | buster | source json-smart | 2.2-2 | bullseye| source json-smart | 2.2-2 | bookworm| source json-smart | 2.2-2 | trixie | source json-smart | 2.2-2 | sid | source json-smart | 2.2-2+deb10u1 | buster-security | source Andreas --- End Message --- --- Begin Message --- Source: json-smart Source-Version: 2.2-2+deb11u1 Done: Andreas Beckmann We believe that the bug you reported is fixed in the latest version of json-smart, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1039...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann (supplier of updated json-smart package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 26 Apr 2024 12:27:32 +0200 Source: json-smart Architecture: source Version: 2.2-2+deb11u1 Distribution: bullseye Urgency: high Maintainer: Debian Java Maintainers Changed-By: Andreas Beckmann Closes: 1033474 1039985 Changes: json-smart (2.2-2+deb11u1) bullseye; urgency=medium . * Non-maintainer upload. * Rebuild for bullseye. (Closes: #1039985) . json-smart (2.2-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2023-1370: stack overflow due to excessive recursion When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. (Closes: #1033474) * CVE-2021-31684: Fix indexOf A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. Checksums-Sha1: af2188045d10bb2a10fec9fe61ded4f58d188bf2 2098 json-smart_2.2-2+deb11u1.dsc a4cda87958aa72f0698e948d142e3dad35d89bec 6052 json-smart_2.2-2+deb11u1.debian.tar.xz 509a10c2a6ecf31f65326d2b540dda4995c4a9c2 12732 json-smart_2.2-2+deb11u1_source.buildinfo Checksums-Sha256: df75bf6c6c10fe8212d0666343008cb3ca946529dfdb08bf92e110ca43de36e5 2098 json-smart_2.2-2+deb11u1.dsc 40995815542b3a11e3022d252d46dacc595914a6a6cb0286fc7c5990ac19a4b7 6052 json-smart_2.2-2+deb11u1.debian.tar.xz cf0c5c2730c454b2f53b378fbf103efa23ed0b53f54aed9d806e57979b20 12732 json-smart_2.2-2+deb11u1_source.buildinfo Files: 3c8b3df4eb4f72be4ad7422166f27a61 2098 java optional json-smart_2.2-2+deb11u1.dsc 66735a9629b9dc31c56e69560f8b6b47 6052 java optional json-smart_2.2-2+deb11u1.debian.tar.xz 4b784f5b1193c7c9523e40f8710f2092 12732 java optional json-smart_2.2-2+deb11u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmYrghsQHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCJraD/44rGniM0cf2NID2b0VpTRJzjbp0xD4DLPU nyiR2K31wfxZZ2SzrdWZSr/SSPr3I+W/mAtxXmHjbxWJ6RC3FK5DC+zQVdD0HIdc YpNKLml0I7PereFVHftSMek9NTgatxcK6UGXVg1G1vUCYHlAKGYUGbQj7CLGrF0o Gi3BXCnJ5kIklOT6LaILCzy2jZgsqu5asQJFSYvzuQcnUt/RD77/KUyTGj8ncFvo XGZZmhxfxTv+roiq5FXdpUoGYVZq6l6rVwyKjn/CIo
Bug#1039985: marked as done (libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid)
Your message dated Sat, 25 May 2024 11:32:08 + with message-id and subject line Bug#1039985: fixed in json-smart 2.2-2+deb12u1 has caused the Debian Bug report #1039985, regarding libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libjson-smart-java Version: 2.2-2 Severity: serious Tags: bullseye bookworm trixie sid User: debian...@lists.debian.org Usertags: piuparts X-Debbugs-Cc: Bastien Roucariès Hi, during a test with piuparts I noticed your package cannot be upgraded from buster-lts to any newer release since buster-lts has a version newer than any later release: json-smart | 2.2-1 | stretch | source json-smart | 2.2-2 | buster | source json-smart | 2.2-2 | bullseye| source json-smart | 2.2-2 | bookworm| source json-smart | 2.2-2 | trixie | source json-smart | 2.2-2 | sid | source json-smart | 2.2-2+deb10u1 | buster-security | source Andreas --- End Message --- --- Begin Message --- Source: json-smart Source-Version: 2.2-2+deb12u1 Done: Andreas Beckmann We believe that the bug you reported is fixed in the latest version of json-smart, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1039...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann (supplier of updated json-smart package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 21 May 2024 01:38:17 +0200 Source: json-smart Architecture: source Version: 2.2-2+deb12u1 Distribution: bookworm Urgency: high Maintainer: Debian Java Maintainers Changed-By: Andreas Beckmann Closes: 1033474 1039985 Changes: json-smart (2.2-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm. (Closes: #1039985) . json-smart (2.2-2+deb11u1) bullseye; urgency=medium . * Non-maintainer upload. * Rebuild for bullseye. (Closes: #1039985) . json-smart (2.2-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2023-1370: stack overflow due to excessive recursion When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. (Closes: #1033474) * CVE-2021-31684: Fix indexOf A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. Checksums-Sha1: 12681d4e9c2c27df8f9718e32016c0d3c2c26612 2094 json-smart_2.2-2+deb12u1.dsc d24ee7eb59c736c27660c883174505eff555c03f 6084 json-smart_2.2-2+deb12u1.debian.tar.xz e97b106e3c62f18fa1494eb96ccaf52cbf204e14 13530 json-smart_2.2-2+deb12u1_source.buildinfo Checksums-Sha256: 15b8c906664ee685e52457c5c4bbed7307af2c260e752f8e38116c087a531762 2094 json-smart_2.2-2+deb12u1.dsc 7531fa48b62df60b301e81028cc6e8720860f3fd3de497ae7411c05372adcd8c 6084 json-smart_2.2-2+deb12u1.debian.tar.xz bd894ea54f17c978a2cc3ab2c06136eabc4802011d2ba77138ab1f60ea5cd290 13530 json-smart_2.2-2+deb12u1_source.buildinfo Files: 0f1ace273a9c8ed099a0287c017234d8 2094 java optional json-smart_2.2-2+deb12u1.dsc e0e77dba4e8b8de32567cec66b70f1d6 6084 java optional json-smart_2.2-2+deb12u1.debian.tar.xz 9e2245afa710a74a0062f242ef7bd0d7 13530 java optional json-smart_2.2-2+deb12u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmZL4O8QHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCDYvEACEo797w2S+eqfEtdwkSE9c73Bpes/Plshx 1IEhukDTPNPhEz6c6MZ6Io8zewcIiPo9nh93c12uwzRsJb2CeD2HgX40ZTrxnMR8 IgZ56xH1gAuSra99K2
Processed: bump severity for usr-merge bugs
ps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058846 1058856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058856 1058857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058857 1058859: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058859 1059190: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059190 1059283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059283 1059365: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059365 1059371: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059371 1059372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059372 1059378: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059378 1059379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059379 1059414: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059414 1059432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059432 1059516: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059516 1059757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059757 1060080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060080 1060195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060195 1060200: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060200 1060229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060229 1060315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060315 1060333: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060333 1060335: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060335 1060344: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060344 1060352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060352 1060356: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060356 1060358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060358 1060799: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060799 1061359: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061359 1065306: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065306 1065307: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065307 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: Bug#1025012: zookeeper: starts but is completely unusable
Processing commands for cont...@bugs.debian.org: > found 1025012 3.8.0-11+deb12u1 Bug #1025012 [zookeeper] zookeeper: starts but is completely unusable Marked as found in versions zookeeper/3.8.0-11+deb12u1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1025012: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025012 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed (with 1 error): tags ftbfs for 1070417
Processing commands for cont...@bugs.debian.org: > tags 1070417 ftbfs Bug #1070417 [src:rxtx] rxtx: FTBFS: src/RawImp.c:223:23: error: implicit declaration of function ‘inl’ [-Werror=implicit-function-declaration] Added tag(s) ftbfs. > thanks, Unknown command or malformed arguments to command. > End of message, stopping processing here. Please contact me if you need assistance. -- 1070417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070417 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: tags
Processing commands for cont...@bugs.debian.org: > tags 988512 + ftbfs Bug #988512 [ca-cacert] ca-cacert: class3 certificate will expire soon (on May 20 17:48:02 2021 GMT) Added tag(s) ftbfs. > tags 1035594 + ftbfs Bug #1035594 [eclipse-tracecompass] eclipse-tracecompass: depends on no longer available libeclipse-osgi-util-java,libequinox-p2-ui-sdk-java Added tag(s) ftbfs. > tags 1036167 + ftbfs Bug #1036167 [flask-appbuilder] flask-appbuilder: Fails to build against python3-flask-sqlalchemy 3.0.3-1 Added tag(s) ftbfs. > tags 1025825 + ftbfs Bug #1025825 [grip] ImportError: cannot import name 'safe_join' from 'flask' Added tag(s) ftbfs. > tags 950598 + ftbfs Bug #950598 [python3-jupyter-sphinx] python3-jupyter-sphinx: package relies on unavailable `ipywidgets.embed` module Added tag(s) ftbfs. > tags 1056839 + ftbfs Bug #1056839 [src:pyliblo] pyliblo: ftbfs with cython 3.0.x Added tag(s) ftbfs. > tags 1056874 + ftbfs Bug #1056874 [src:python-srsly] python-srsly: ftbfs with cython 3.0.x Added tag(s) ftbfs. > tags 1056887 + ftbfs Bug #1056887 [src:sfepy] sfepy: ftbfs with cython 3.0.x Added tag(s) ftbfs. > thanks Stopping processing here. Please contact me if you need assistance. -- 1025825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025825 1035594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035594 1036167: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036167 1056839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056839 1056874: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056874 1056887: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056887 950598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950598 988512: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988512 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: metadata
Processing commands for cont...@bugs.debian.org: > tags 1063527 + ftbfs Bug #1063527 [src:einsteinpy] einsteinpy: test_plotting fails to converge with scipy 1.11 Added tag(s) ftbfs. > tags 1040334 + ftbfs Bug #1040334 [facet-analyser] facet-analyser - build-depends on conflicting packages Added tag(s) ftbfs. > tags 1071043 + ftbfs Bug #1071043 [libpsml-dev] libpsml-dev: unsatisfiable (Build-)Depends: libxmlf90-dev Added tag(s) ftbfs. > tags 1012320 + ftbfs Bug #1012320 [src:materialize] materialize: build-depends on non-existing libjs-anime Added tag(s) ftbfs. > tags 1014605 + ftbfs Bug #1014605 [src:node-functional.js] node-functional.js: FTBFS, missing build-dependencies Added tag(s) ftbfs. > tags 1002847 + ftbfs Bug #1002847 [src:nttcp] nttcp: Removal of obsolete debhelper compat 5 and 6 in bookworm Added tag(s) ftbfs. > tags 1071017 + ftbfs Bug #1071017 [obs-source-copy] FTBFS: source-copy.cpp:615:31: error: ‘void obs_sceneitem_get_info(const obs_sceneitem_t*, obs_transform_info*)’ is deprecated [-Werror=deprecated-declarations] Added tag(s) ftbfs. > severity 1070545 serious Bug #1070545 [src:php-fig-log-test] php-fig-log-test: FTBFS with phpunit 11: build-dependency not installable: php-psr-log (>= 2.0) Severity set to 'serious' from 'normal' > tags 1019042 + ftbfs Bug #1019042 [src:qwertone] rust-qwertone: FTBFS - dep issue Added tag(s) ftbfs. > severity 1057677 serious Bug #1057677 [src:resteasy] resteasy: ftbfs due to the missing dependency org.jboss.resteasy:resteasy-jaxrs:jar:3.6.2.Final Severity set to 'serious' from 'important' > tags 1025094 + ftbfs Bug #1025094 [ruby-behance] ruby-behance fails to rebuild after new upstream of ruby-faraday Added tag(s) ftbfs. > tags 1025092 + ftbfs Bug #1025092 [ruby-faraday-middleware] ruby-faraday-middleware fails to rebuild after updating ruby-faraday Added tag(s) ftbfs. > tags 1025090 + ftbfs Bug #1025090 [ruby-gh] ruby-gh fails to rebuild on updating ruby-faraday Added tag(s) ftbfs. > tags 1037529 + ftbfs Bug #1037529 [ruby-jekyll-github-metadata] ruby-jekyll-github-metadata: FTBFS with test failures when there's no network Added tag(s) ftbfs. > tags 1050580 + ftbfs Bug #1050580 [src:ruby-roxml] ruby-roxml: broken by ruby-nokogiri 1.15.4 Added tag(s) ftbfs. > tags 1050097 + ftbfs Bug #1050097 [scrcpy] scrcpy: fails to build from source on arch:indep Added tag(s) ftbfs. > tags 1063827 + ftbfs Bug #1063827 [src:tahoe-lafs] tahoe-lafs: new package tahoe-lafs depends on python3-future which is pending removal Added tag(s) ftbfs. > severity 1063827 serious Bug #1063827 [src:tahoe-lafs] tahoe-lafs: new package tahoe-lafs depends on python3-future which is pending removal Severity set to 'serious' from 'important' > tags 1011492 + ftbfs Bug #1011492 [src:tika] tika: FTBFS cannot find symbols Added tag(s) ftbfs. > tags 1050355 + ftbfs Bug #1050355 [src:tiledarray] tiledarray has unfulfilled build dependencies Added tag(s) ftbfs. > tags 934977 + ftbfs Bug #934977 [src:verilog-mode] verilog-mode: unbuildable in testing due to missing B-D emacs25 Added tag(s) ftbfs. > thanks Stopping processing here. Please contact me if you need assistance. -- 1002847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002847 1011492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011492 1012320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012320 1014605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014605 1019042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019042 1025090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025090 1025092: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025092 1025094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025094 1037529: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037529 1040334: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040334 1050097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050097 1050355: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050355 1050580: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050580 1057677: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057677 1063527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063527 1063827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063827 1070545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070545 1071017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071017 1071043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071043 934977: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934977 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1071072: marked as done (sweethome3d: New usptream release)
Your message dated Tue, 14 May 2024 23:06:19 + with message-id and subject line Bug#1071072: fixed in sweethome3d 7.3+dfsg-1 has caused the Debian Bug report #1071072, regarding sweethome3d: New usptream release to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1071072: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071072 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: sweethome3d Severity: wishlist Dear Maintainer, Could you please upload version 7.3 ? release notes: https://www.sweethome3d.com/blog/2024/04/04/sweet_home_3d_7_3.html Thanks S -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (600, 'unstable'), (500, 'oldstable'), (300, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-5-amd64 (SMP w/20 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- no debconf information --- End Message --- --- Begin Message --- Source: sweethome3d Source-Version: 7.3+dfsg-1 Done: Pierre Gruet We believe that the bug you reported is fixed in the latest version of sweethome3d, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1071...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Gruet (supplier of updated sweethome3d package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 14 May 2024 22:38:57 +0200 Source: sweethome3d Architecture: source Version: 7.3+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Pierre Gruet Closes: 1071072 Changes: sweethome3d (7.3+dfsg-1) unstable; urgency=medium . * Team upload * New upstream version 7.3+dfsg (Closes: #1071072) * Refreshing patches * Raising Standards version to 4.7.0 (no change) * Adding url and developer tags to the MetaInfo file * Using secure URI for homepage . [ Otto Kekäläinen ] * Enable Salsa-CI Checksums-Sha1: 2eae5ae0efd2214dae7b9bdbf1bf9a7aadb7a68a 2189 sweethome3d_7.3+dfsg-1.dsc dbbaf6c23d33b7761b49b2c8536b7814a174ed23 13157580 sweethome3d_7.3+dfsg.orig.tar.xz 26d621b26ecf90113d3e063116bc3cc19cf9c3e8 25792 sweethome3d_7.3+dfsg-1.debian.tar.xz fb59c8a63399d0af32b174a051e25a3c5afa0bb0 11476 sweethome3d_7.3+dfsg-1_amd64.buildinfo Checksums-Sha256: 2c770a71296cca7b424bc11d69c56e3ea1b88c61fe5fbae096f0b73ce4913df6 2189 sweethome3d_7.3+dfsg-1.dsc 7834fd61f72908f150c7b73257535f6d13003b3ab9ea77e7dd9270205bf9493c 13157580 sweethome3d_7.3+dfsg.orig.tar.xz bdc8a48266046dfc5c18b5812edc69c644d5e614ef69e7f9835187dbed67a289 25792 sweethome3d_7.3+dfsg-1.debian.tar.xz b94d3aef07f0fea516a826fede6241289d80bc95ff901b73990e56293b05f539 11476 sweethome3d_7.3+dfsg-1_amd64.buildinfo Files: 5cd0d269e2befc281eaec2604b8f119c 2189 java optional sweethome3d_7.3+dfsg-1.dsc 28da7ef2856be115ab793558c6d099a8 13157580 java optional sweethome3d_7.3+dfsg.orig.tar.xz c965154a282cc2e2b97834a914047909 25792 java optional sweethome3d_7.3+dfsg-1.debian.tar.xz e8ccf50b0628773033f095e46cd8a3d3 11476 java optional sweethome3d_7.3+dfsg-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmZDz/4ACgkQYAMWptwn dHapYA/9HjM8VY/QVn1t0IY52bpd5VR2F7vbL36gYoJtan+nle/cv8a1L8slMpHk eERgUY5UTT7v/+FWHjHszxvxA26Ul4RW+YRhHLeojaFTo+dUZwY4cSh40UPctoQx BIjP/mFsO93XMYI5u0WG7DEWQvj4Am0tfS/K6qHBSfutY9kLnMyua3ZNt84DqZu8 lzGElHO+/9GkkYTDy5PJcJg7WHQ8GPnsxIVITGdiHXBIF/+YOR7thU9+Hl7He5aj eaH1x4so8fM2Ja+nVc98a6MuNFwcb85OuxaJIiaK7V5HqMI4wIyDqd3VOlVXmXS5 lindcdzAyvOMRmgbTlHLPot5OBS9Qvy+dGivWezlBwQGePdmpzLBuQPvMqP9a2kL DCK7YYSawvqxwufNd3juTMPmGZNCvYsD5pP0tuWwctg/8CFhClU9KSWfErakpREw vLCQMjIbSnlt49OBIoYK16mvS0tMXSGnac2a7X7GPW3wQCCbpNl2pKy3H7TsMyAA Bm6OiBtiSVZkMxRQGjaevsE16kAUMDMIBpHzUafcl3mDyYZcWci8arVfWz0CyFVI NtUrK3Hp9ONZUI4zqP2A4JTzBR2zf7qkDui7kHIVDXp6DZtu2V+ZgtZYtq1KVS7V Iegsas+DnSgzMuiNexv4DRW6e2RUlwbpXhtlA4P08oXiCO6u8TM= =2Ww9 -END PGP SIGNATURE- pgpdbDUvVxYR8.pgp Description: PGP signature --- End Message
Processed: reassign 1057518 to src:byte-buddy, forcibly merging 1057493 1057518, archiving 1057493
Processing commands for cont...@bugs.debian.org: > reassign 1057518 src:byte-buddy Bug #1057518 [byte-buddy] libgoby-java: FTBFS with default Java 21 Bug reassigned from package 'byte-buddy' to 'src:byte-buddy'. Ignoring request to alter found versions of bug #1057518 to the same values previously set Ignoring request to alter fixed versions of bug #1057518 to the same values previously set > forcemerge 1057493 1057518 Bug #1057493 {Done: Emmanuel Bourg } [src:byte-buddy] byte-buddy: FTBFS with default Java 21 Bug #1057518 [src:byte-buddy] libgoby-java: FTBFS with default Java 21 Marked Bug as done Marked as fixed in versions byte-buddy/1.14.13-1. Marked as found in versions byte-buddy/1.12.23-1. Added tag(s) patch. Merged 1057493 1057518 > archive 1057493 Bug #1057493 {Done: Emmanuel Bourg } [src:byte-buddy] byte-buddy: FTBFS with default Java 21 Bug #1057518 {Done: Emmanuel Bourg } [src:byte-buddy] libgoby-java: FTBFS with default Java 21 archived 1057493 to archive/93 (from 1057493) archived 1057518 to archive/18 (from 1057493) > thanks Stopping processing here. Please contact me if you need assistance. -- 1057493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057493 1057518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057518 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed (with 2 errors): unarchiving 1057493, forcibly merging 1057493 1057518, archiving 1057493
Processing commands for cont...@bugs.debian.org: > unarchive 1057493 Bug #1057493 {Done: Emmanuel Bourg } [src:byte-buddy] byte-buddy: FTBFS with default Java 21 Unarchived Bug 1057493 > forcemerge 1057493 1057518 Bug #1057493 {Done: Emmanuel Bourg } [src:byte-buddy] byte-buddy: FTBFS with default Java 21 Unable to merge bugs because: package of #1057518 is 'byte-buddy' not 'src:byte-buddy' Failed to forcibly merge 1057493: Did not alter merged bugs. > archive 1057493 > thanks Stopping processing here. Please contact me if you need assistance. -- 1057493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057493 1057518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057518 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed (with 1 error): reassign 1057518 to byte-buddy, forcibly merging 1057493 1057518
Processing commands for cont...@bugs.debian.org: > reassign 1057518 byte-buddy Bug #1057518 [src:libgoby-java] libgoby-java: FTBFS with default Java 21 Bug reassigned from package 'src:libgoby-java' to 'byte-buddy'. No longer marked as found in versions libgoby-java/3.3.1+dfsg2-9. Ignoring request to alter fixed versions of bug #1057518 to the same values previously set > forcemerge 1057493 1057518 Failed to forcibly merge 1057493: Not altering archived bugs; see unarchive. > thanks Stopping processing here. Please contact me if you need assistance. -- 1057518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057518 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1055853: marked as done (jgit: CVE-2023-4759)
Your message dated Mon, 13 May 2024 21:19:39 + with message-id and subject line Bug#1055853: fixed in jgit 6.7.0-1 has caused the Debian Bug report #1055853, regarding jgit: CVE-2023-4759 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1055853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055853 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: jgit X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for jgit. CVE-2023-4759[0]: | Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, | all versions <= 6.6.0.202305301015-r, a symbolic link present in a | specially crafted git repository can be used to write a file to | locations outside the working tree when this repository is cloned | with JGit to a case-insensitive filesystem, or when a checkout from | a clone of such a repository is performed on a case-insensitive | filesystem. This can happen on checkout (DirCacheCheckout), merge | (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using | merge), and when applying a patch (PatchApplier). This can be | exploited for remote code execution (RCE), for instance if the file | written outside the working tree is a git filter that gets executed | on a subsequent git command. The issue occurs only on case- | insensitive filesystems, like the default filesystems on Windows and | macOS. The user performing the clone or checkout must have the | rights to create symbolic links for the problem to occur, and | symbolic links must be enabled in the git configuration. Setting | git configuration option core.symlinks = false before checking out | avoids the problem. The issue was fixed in Eclipse JGit version | 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven | Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and | repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit- | releases/ . The JGit maintainers would like to thank RyotaK for | finding and reporting this issue. https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 (v6.6.1.202309021850-r) https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4759 https://www.cve.org/CVERecord?id=CVE-2023-4759 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: jgit Source-Version: 6.7.0-1 Done: Pierre Gruet We believe that the bug you reported is fixed in the latest version of jgit, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1055...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Gruet (supplier of updated jgit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 May 2024 22:35:40 +0200 Source: jgit Architecture: source Version: 6.7.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Pierre Gruet Closes: 1055853 Changes: jgit (6.7.0-1) unstable; urgency=medium . * Team upload * New upstream version 6.7.0: - Fixes CVE-2023-4759 (Closes: #1055853) * Refreshing patches * Raising Standards version to 4.7.0 (no change) * Updating build-dependencies and Maven rules * Updating the list of pom.xml files to ignore * Building the package with javac instead of the eclipse compiler * Setting the versions of the Debian-packaged Maven plugins for the build * Skipping the generation of unneeded artifacts with maven-antrun-plugin * Trim trailing whitespace in d/control Checksums-Sha1: f7cff0f496f34bb4cdf257ce2643661df8b3eac2 2557 jgit_6.7.0-1.dsc 908381a49d951d672994da90d68c96e0faeacd7a 2369792 jgit_6.7.0.orig.tar.xz 32be385b9e31688026d501b036d0aa43ba7bad07 10024 jgit_6.7.0-1.debian.tar.xz c4464b4152adfd8da73c0e97943cbb1c8b89618f 18146 jgit_6.7.0-1_amd64.buildinfo Checks
Bug#1068110: marked as done (netty: CVE-2024-29025)
Your message dated Sun, 12 May 2024 20:36:47 + with message-id and subject line Bug#1068110: fixed in netty 1:4.1.48-10 has caused the Debian Bug report #1068110, regarding netty: CVE-2024-29025 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068110: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: netty Version: 1:4.1.48-9 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for netty. CVE-2024-29025[0]: | Netty is an asynchronous event-driven network application framework | for rapid development of maintainable high performance protocol | servers & clients. The `HttpPostRequestDecoder` can be tricked to | accumulate data. While the decoder can store items on the disk if | configured so, there are no limits to the number of fields the form | can have, an attacher can send a chunked post consisting of many | small fields that will be accumulated in the `bodyListHttpData` | list. The decoder cumulates bytes in the `undecodedChunk` buffer | until it can decode a field, this field can cumulate data without | limits. This vulnerability is fixed in 4.1.108.Final. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-29025 https://www.cve.org/CVERecord?id=CVE-2024-29025 [1] https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v [2] https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: netty Source-Version: 1:4.1.48-10 Done: Markus Koschany We believe that the bug you reported is fixed in the latest version of netty, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated netty package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 12 May 2024 21:20:10 +0200 Source: netty Architecture: source Version: 1:4.1.48-10 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Closes: 1068110 Changes: netty (1:4.1.48-10) unstable; urgency=high . * Team upload. * Fix CVE-2024-29025: Julien Viet discovered that Netty, a Java NIO client/server socket framework, was vulnerable to allocation of resources without limits or throttling due to the accumulation of data in the HttpPostRequestDecoder. This would allow an attacker to cause a denial of service. Thanks to Salvatore Bonaccorso for the report. (Closes: #1068110) Checksums-Sha1: 93f3861280d96cf0d92fbb7b00b7c4022ad0a46e 2573 netty_4.1.48-10.dsc e146316f0e3aef11e1e2e31e12332f63257ce280 43116 netty_4.1.48-10.debian.tar.xz 2c13c8f43e404a0867bcf6405ff8c64eee33e8c4 16247 netty_4.1.48-10_amd64.buildinfo Checksums-Sha256: 20405785f7dbf3dfa6acab842843fd11325d070fe7933a31f3c1a5df1b262667 2573 netty_4.1.48-10.dsc 6db4654cec7819c9584f1aff7a4ba2c3712d20ab6eb8b515695bc5ef6af55b94 43116 netty_4.1.48-10.debian.tar.xz 3e414bf6b72cba2a90ef9cce9e976b79289f394fb86e176cb835d17ea3c167a0 16247 netty_4.1.48-10_amd64.buildinfo Files: 1bbc65fecdf4a69526ff1e14a7f8248f 2573 java optional netty_4.1.48-10.dsc e2a38b6bd08265c01a0d610fd497f0bb 43116 java optional netty_4.1.48-10.debian.tar.xz 44689d3be473f8cea3c1f7567d3115ee 16247 java optional netty_4.1.48-10_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmZBIdhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkB3sQAMzmQwEjy1m+UguK4FtdCgulhpbqA8FdKhEj 7hykv9dmSN0xh6NYae04cqB7TwMymBUNNRKWe37pKnYt0e3Wq30xfMwa4tQ85ucd KICsesKllcfhY6CPfwaRcyU+qpB/4iin1OsAp6y06sPH0oVFJJd+AEuw
Bug#1048315: marked as done (libfastutil-java: Fails to build source after successful build)
Your message dated Sun, 12 May 2024 20:35:55 + with message-id and subject line Bug#1048315: fixed in libfastutil-java 8.5.12+dfsg-2 has caused the Debian Bug report #1048315, regarding libfastutil-java: Fails to build source after successful build to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1048315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1048315 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libfastutil-java Version: 8.5.12+dfsg-1 Severity: minor Tags: trixie sid ftbfs User: lu...@debian.org Usertags: ftbfs-sab-20230813 ftbfs-source-after-build User: debian...@lists.debian.org Usertags: qa-doublebuild Hi, This package fails to build a source package after a successful build (dpkg-buildpackage ; dpkg-buildpackage -S). This is probably a clear violation of Debian Policy section 4.9 (clean target), but this is filed as severity:minor for now, because a discussion on debian-devel showed that we might want to revisit the requirement of a working 'clean' target. More information about this class of issues, included common problems and solutions, is available at https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild Relevant part of the build log: > cd /<> && runuser -u user42 -- dpkg-buildpackage --sanitize-env > -us -uc -rfakeroot -S > - > > dpkg-buildpackage: info: source package libfastutil-java > dpkg-buildpackage: info: source version 8.5.12+dfsg-1 > dpkg-buildpackage: info: source distribution unstable > dpkg-buildpackage: info: source changed by tony mancill > dpkg-source --before-build . > debian/rules clean > dh clean --with javahelper --with jh_maven_repo_helper >debian/rules override_dh_auto_clean > make[1]: Entering directory '/<>' > mkdir -p build > dh_auto_clean > make -j8 clean > make[2]: Entering directory '/<>' > make[2]: Leaving directory '/<>' > rm -f fastutil-*.jar > rm -rf build dist docs > find src/it/unimi/dsi/fastutil -name "*.[ch]" -delete > # delete auto-generated *.java files. > # Attention: This > # find src/it/unimi/dsi/fastutil -mindepth 2 -name "*.java" -delete > # does not work because files in /io need to remain > find \ > src/it/unimi/dsi/fastutil/booleans \ > src/it/unimi/dsi/fastutil/bytes \ > src/it/unimi/dsi/fastutil/chars \ > src/it/unimi/dsi/fastutil/doubles \ > src/it/unimi/dsi/fastutil/floats \ > src/it/unimi/dsi/fastutil/ints \ > src/it/unimi/dsi/fastutil/longs \ > src/it/unimi/dsi/fastutil/objects \ > src/it/unimi/dsi/fastutil/shorts \ > -name "*.java" -delete > rm -f src/it/unimi/dsi/fastutil/io/BinIO.java > src/it/unimi/dsi/fastutil/io/TextIO.java > make[1]: Leaving directory '/<>' >jh_clean >dh_clean > dpkg-source -b . > dpkg-source: info: using source format '3.0 (quilt)' > dpkg-source: info: building libfastutil-java using existing > ./libfastutil-java_8.5.12+dfsg.orig.tar.xz > dpkg-source: info: using patch list from debian/patches/series > dpkg-source: warning: ignoring deletion of file > src/it/unimi/dsi/fastutil/longs/package-info.java, use --include-removal to > override > dpkg-source: warning: ignoring deletion of file > src/it/unimi/dsi/fastutil/bytes/package-info.java, use --include-removal to > override > dpkg-source: warning: ignoring deletion of file > src/it/unimi/dsi/fastutil/booleans/package-info.java, use --include-removal > to override > dpkg-source: warning: ignoring deletion of file > src/it/unimi/dsi/fastutil/objects/package-info.java, use --include-removal to > override > dpkg-source: warning: ignoring deletion of file > src/it/unimi/dsi/fastutil/ints/package-info.java, use --include-removal to > override > dpkg-source: warning: ignoring deletion of file > src/it/unimi/dsi/fastutil/floats/package-info.java, use --include-removal to > override > dpkg-source: warning: ignoring deletion of file > src/it/unimi/dsi/fastutil/chars/package-info.java, use --include-removal to > override > dpkg-source: warning: ignoring deletion of file > src/it/unimi/dsi/fastutil/doubles/package-info.java, use --include-removal to > override > dpkg-source: wa
Bug#852640: marked as done (apache-mime4j: FTBFS randomly (failing tests))
Your message dated Sat, 11 May 2024 18:43:53 +0200 with message-id <2ac300a2-ef57-4531-9b32-7810dec8f...@debian.org> and subject line Re: apache-mime4j: FTBFS randomly (failing tests) has caused the Debian Bug report #852640, regarding apache-mime4j: FTBFS randomly (failing tests) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 852640: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852640 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:apache-mime4j Version: 0.7.2-4 Severity: important Dear maintainer: I tried to build this package in stretch with "dpkg-buildpackage -A" but it failed: [...] debian/rules build-indep dh build-indep --buildsystem=maven --with javahelper dh_testdir -i -O--buildsystem=maven dh_update_autotools_config -i -O--buildsystem=maven dh_auto_configure -i -O--buildsystem=maven find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-compiler/*/*.jar': No such file or directory find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-compilers/*/*.jar': No such file or directory find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-containers/*/*.jar': No such file or directory mh_patchpoms -plibapache-mime4j-java --debian-build --keep-pom-version --maven-repo=/<>/debian/maven-repo jh_linkjars -i -O--buildsystem=maven debian/rules override_dh_auto_build make[1]: Entering directory '/<>' dh_auto_build -- install javadoc:aggregate /usr/lib/jvm/default-java/bin/java -noverify -cp /usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar -Dmaven.home=/usr/share/maven -Dmaven.multiModuleProjectDirectory=/<> -Dclassworlds.conf=/etc/maven/m2-debian.conf org.codehaus.plexus.classworlds.launcher.Launcher -s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian -Dmaven.repo.local=/<>/debian/maven-repo install javadoc:aggregate -DskipTests -Dnotimestamp=true -Dlocale=en_US [... snipped ...] Running org.apache.james.mime4j.dom.MessageServiceFactoryTest Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 sec - in org.apache.james.mime4j.dom.MessageServiceFactoryTest Running org.apache.james.mime4j.dom.ExampleMessagesRoundtripTest Tests run: 79, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.301 sec - in org.apache.james.mime4j.dom.ExampleMessagesRoundtripTest Running org.apache.james.mime4j.dom.MessageCompleteMailTest Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.006 sec - in org.apache.james.mime4j.dom.MessageCompleteMailTest Results : Failed tests: org.apache.james.mime4j.message.StringInputStreamTest#testBufferedRead AssertionFailedError Tests run: 405, Failures: 1, Errors: 0, Skipped: 0 [INFO] [INFO] Reactor Summary: [INFO] [INFO] Apache JAMES Mime4j Project SUCCESS [ 0.175 s] [INFO] Apache JAMES Mime4j (Core) . SUCCESS [ 6.578 s] [INFO] Apache JAMES Mime4j (DOM) .. FAILURE [ 5.005 s] [INFO] Apache JAMES Mime4j (Storage) .. SKIPPED [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 14.299 s [INFO] Finished at: 2017-01-24T00:47:16+00:00 [INFO] Final Memory: 10M/27M [INFO] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.17:test (default-test) on project apache-mime4j-dom: There are test failures. [ERROR] [ERROR] Please refer to /<>/dom/target/surefire-reports for the individual test results. [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn -rf :apache-mime4j-dom dh_auto_test: /usr/lib/jvm/default-java/bin/java -noverify -cp /usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar -Dmaven.hom
Processed: tags
Processing commands for cont...@bugs.debian.org: > tags 852640 + ftbfs Bug #852640 [src:apache-mime4j] apache-mime4j: FTBFS randomly (failing tests) Added tag(s) ftbfs. > thanks Stopping processing here. Please contact me if you need assistance. -- 852640: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852640 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1057529: marked as done (opencensus-java: FTBFS with default Java 21)
Your message dated Wed, 08 May 2024 21:16:12 + with message-id and subject line Bug#1057529: fixed in opencensus-java 0.26.0+ds-1 has caused the Debian Bug report #1057529, regarding opencensus-java: FTBFS with default Java 21 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057529: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057529 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: opencensus-java Version: 0.24.0+ds-1 Severity: important Tags: ftbfs User: debian-j...@lists.debian.org Usertags: default-java21 Dear Maintainers, The package opencensus-java ftbfs with default Java 21. The relevant part of the build log: --- All input files are considered out-of-date for incremental task ':opencensus-api:compileJava'. Compiling with JDK Java compiler API. warning: [options] source value 8 is obsolete and will be removed in a future release warning: [options] target value 8 is obsolete and will be removed in a future release warning: [options] To suppress warnings about obsolete options, use -Xlint:-options. error: warnings found and -Werror specified :opencensus-api:compileJava FAILED :opencensus-api:compileJava (Thread[#29,Daemon worker,5,main]) completed. Took 0.819 secs. FAILURE: Build failed with an exception. --- -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-13-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: opencensus-java Source-Version: 0.26.0+ds-1 Done: Pierre Gruet We believe that the bug you reported is fixed in the latest version of opencensus-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1057...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Gruet (supplier of updated opencensus-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 08 May 2024 21:51:35 +0200 Source: opencensus-java Architecture: source Version: 0.26.0+ds-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Pierre Gruet Closes: 1057529 Changes: opencensus-java (0.26.0+ds-1) unstable; urgency=medium . * Team upload * New upstream version 0.26.0+ds * Refreshing patches * Raising Standards version to 4.7.0 (no change) * Refreshing copyright years . [ Pushkar Kulkarni ] * d/rules, d/patches: Use java_compat_level to adjust -source/-target levels (Closes: #1057529) Checksums-Sha1: 0da0e1505b32b1a1f8eb8c3198a8c5fc7773f66c 2518 opencensus-java_0.26.0+ds-1.dsc 58a45d8ae0c79d1ba92b269dd787a2ad1dcbf58b 683324 opencensus-java_0.26.0+ds.orig.tar.xz 773ebe89ebd5a8815fed18ce197c6f452a9ec01c 6028 opencensus-java_0.26.0+ds-1.debian.tar.xz 70b875e82b1f4b8c595ebc6748ae93ed43cccd18 17933 opencensus-java_0.26.0+ds-1_amd64.buildinfo Checksums-Sha256: 73510547ed184b8a7ce26b624c0fbbf504e4b9e930c7dc0aab9bdb8236f5100c 2518 opencensus-java_0.26.0+ds-1.dsc ca76b4062301641cc07e56b84e247ceab9a2dbdc3273665bc1fa14cc344f06f0 683324 opencensus-java_0.26.0+ds.orig.tar.xz d6d135cc6b277d8cce1247e4b4fa8594cdafbab118e1c342b8392b2fb3572112 6028 opencensus-java_0.26.0+ds-1.debian.tar.xz 5bbe81c461a02c421b4dfc35a03f3c8b6675b246b9b8e39c15ece52ceed5cb56 17933 opencensus-java_0.26.0+ds-1_amd64.buildinfo Files: 66e37b1ceaff741de54188fc67fb0b75 2518 java optional opencensus-java_0.26.0+ds-1.dsc 70192c6820a56c0220bf73810524ef30 683324 java optional opencensus-java_0.26.0+ds.orig.tar.xz a683f7dd471b1da01474d3142b9d6143 6028 java optional opencensus-java_0.26.0+ds-1.debian.tar.xz f602a0f84bb66e84a20b7ca6dbb844a1 17933 java optional opencensus-java_0.26.0+ds-1_amd64.buildinfo -BEGIN PGP SIGNATURE
Bug#979812: marked as done (libgrpc-java has circular Depends on libopencensus-java)
Your message dated Wed, 08 May 2024 21:12:18 + with message-id and subject line Bug#979812: fixed in grpc-java 1.41.3+ds-4 has caused the Debian Bug report #979812, regarding libgrpc-java has circular Depends on libopencensus-java to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 979812: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979812 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libgrpc-java Version: 1.26.0+ds-1 Severity: important Hello Debian Java Maintainers, There is a circular dependency between libgrpc-java and libopencensus-java: libgrpc-java:Depends: libopencensus-java (>= 0.24.0~) libopencensus-java :Depends: libgrpc-java Circular dependencies involving shared libraries are known to cause problems during upgrade between stable releases, so we should try to get rid of them. Cheers, -- Bill. Imagine a large red swirl here. --- End Message --- --- Begin Message --- Source: grpc-java Source-Version: 1.41.3+ds-4 Done: Pierre Gruet We believe that the bug you reported is fixed in the latest version of grpc-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 979...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Gruet (supplier of updated grpc-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 08 May 2024 21:44:11 +0200 Source: grpc-java Architecture: source Version: 1.41.3+ds-4 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Pierre Gruet Closes: 979812 1045096 Changes: grpc-java (1.41.3+ds-4) unstable; urgency=medium . * Team upload * Removing unneeded build-dependency on libopencensus-java (Closes: #979812) * Raising Standards version to 4.7.0 (no change) * Fixing clean rule (Closes: #1045096) Checksums-Sha1: 73e0752db66ef0152444f4cbcf70ef53aa1ad758 2796 grpc-java_1.41.3+ds-4.dsc 10dcfa7eff2dae63db2c61661e65a98b69ef1a86 15156 grpc-java_1.41.3+ds-4.debian.tar.xz 8bcb0b73a1c2023e543d706e6511d003bdd03421 20224 grpc-java_1.41.3+ds-4_amd64.buildinfo Checksums-Sha256: 861d6bcc4eaf7e94b20759ffc6a858bcbb9ada8af01c84e6d08809044a0bb188 2796 grpc-java_1.41.3+ds-4.dsc 536c5f5df9ac07a47ffa621a14ae9070819a1f6773189ea0a80b3711c40df127 15156 grpc-java_1.41.3+ds-4.debian.tar.xz 61037be8d9588f4c8033444be84c88b04813cc037b273205fdc05f6ffbf76cfc 20224 grpc-java_1.41.3+ds-4_amd64.buildinfo Files: b3922efc66108b2a57c5b0c81024fea9 2796 java optional grpc-java_1.41.3+ds-4.dsc 277762d948fc539eddeec485a3b253f0 15156 java optional grpc-java_1.41.3+ds-4.debian.tar.xz 56d7c414d949a1e717db40b70d7a8ca7 20224 java optional grpc-java_1.41.3+ds-4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmY73WgACgkQYAMWptwn dHbeQQ//WwHIXD05KVmpe1PNz46DKEo7yLeHq+t3uqyVzlfvJk3xjv1NhUtWy4Q+ aZt6827iyiNh++cT0ZgXndFNuLoZTA1Vy2R1JAa747BzdlhPirjf94qt0eMo4k8D ltVMH9zlvuXnx5YnWJ4hKhmPdGEyJ2zkOKfAq6aguWBIBob4z+0utqkdk+i24ANk ntKMU16PtFYopSExG2OY7K21gUEtIMRr+Auisbpa6nb1+Y5+vXjiR1UmxxzaPepD oaFtFWQIjCvTZrnlFewo95Auvw54Zzrn4pNdMul+4wapKuXQkF6MUHHQM7OkGelU yhdvxNmw/IbmKV3llxmdpiZP1XPBkl1R2WWCLbybo+g2NXdw0ofUB5k77f4zWxpT 1om9pVQzSgwZeulTq22Y4Sck+nR2N2VXYNVxq8Y1WlPXEPzGe8eM/GPMsVnRbAk0 YHCZ+ehiF9xJHARL+UB4LHcHcJgdXDDNtRrk5+ceaC/V/pjFOCNexj2ejXNhUXAB pWzUMXX9aDqoWJYgUtkqaYE1OgtUBb13RcnxYGPYQc9MethG4MJ2Q3X53uZkYkfZ GzqR5Kce0YatgiBg/Iu8o/OfkaQ6TGIjvU629j4vv0vxLocB8xyYMq44XxTtypeT B9yGb1AF5ntEyvms2uChIqMPGll4JsGGixHZFGaqLf1Iqtm1A4k= =+ZS/ -END PGP SIGNATURE- pgpageDGfHGVa.pgp Description: PGP signature --- End Message --- __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1045096: marked as done (grpc-java: Fails to build source after successful build)
Your message dated Wed, 08 May 2024 21:12:18 + with message-id and subject line Bug#1045096: fixed in grpc-java 1.41.3+ds-4 has caused the Debian Bug report #1045096, regarding grpc-java: Fails to build source after successful build to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1045096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1045096 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: grpc-java Version: 1.41.3+ds-1 Severity: minor Tags: trixie sid ftbfs User: lu...@debian.org Usertags: ftbfs-sab-20230813 ftbfs-source-after-build User: debian...@lists.debian.org Usertags: qa-doublebuild Hi, This package fails to build a source package after a successful build (dpkg-buildpackage ; dpkg-buildpackage -S). This is probably a clear violation of Debian Policy section 4.9 (clean target), but this is filed as severity:minor for now, because a discussion on debian-devel showed that we might want to revisit the requirement of a working 'clean' target. More information about this class of issues, included common problems and solutions, is available at https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild Relevant part of the build log: > cd /<> && runuser -u user42 -- dpkg-buildpackage --sanitize-env > -us -uc -rfakeroot -S > - > > dpkg-buildpackage: info: source package grpc-java > dpkg-buildpackage: info: source version 1.41.3+ds-1 > dpkg-buildpackage: info: source distribution unstable > dpkg-buildpackage: info: source changed by Olek Wojnar > dpkg-source --before-build . > debian/rules clean > dh clean --buildsystem=gradle --with maven_repo_helper >dh_auto_clean -O--buildsystem=gradle > sh -c "find . -wholename .*build/tmp | xargs echo | sed -e > 's^build/tmp^build^g' | xargs rm -Rf" > sh -c "find . -wholename .*build/debian | xargs echo | sed -e > 's^build/tmp^build^g' | xargs rm -Rf" > rm -Rf /<>/grpc-java-1.41.3\+ds/.gradle > /<>/grpc-java-1.41.3\+ds/buildSrc/.gradle .m2 >dh_autoreconf_clean -O--buildsystem=gradle > rm -f -- ./install-sh ./aclocal.m4 ./compiler/Makefile.in > ./compiler/src/java_plugin/cpp/Makefile.in ./autom4te.cache/requests > ./autom4te.cache/traces.2 ./autom4te.cache/output.2 ./autom4te.cache/output.1 > ./autom4te.cache/traces.1 ./autom4te.cache/output.0 ./autom4te.cache/traces.0 > ./Makefile.in ./configure ./config.h.in ./depcomp ./missing > rm -f debian/autoreconf.before debian/autoreconf.after >dh_clean -O--buildsystem=gradle > rm -f debian/debhelper-build-stamp > rm -rf debian/.debhelper/ > rm -f debian/libgrpc-java.debhelper.log > debian/protobuf-compiler-grpc-java-plugin.debhelper.log > rm -f -- debian/libgrpc-java.substvars > debian/protobuf-compiler-grpc-java-plugin.substvars debian/files > rm -fr -- debian/libgrpc-java/ debian/tmp/ > debian/protobuf-compiler-grpc-java-plugin/ > find . \( \( \ > \( -path .\*/.git -o -path .\*/.svn -o -path .\*/.bzr -o -path > .\*/.hg -o -path .\*/CVS -o -path .\*/.pc -o -path .\*/_darcs \) -prune -o > -type f -a \ > \( -name '#*#' -o -name '.*~' -o -name '*~' -o -name DEADJOE \ >-o -name '*.orig' -o -name '*.rej' -o -name '*.bak' \ >-o -name '.*.orig' -o -name .*.rej -o -name '.SUMS' \ >-o -name TAGS -o \( -path '*/.deps/*' -a -name '*.P' \) \ > \) -exec rm -f {} + \) -o \ > \( -type d -a -name autom4te.cache -prune -exec rm -rf {} + \) > \) > dpkg-source -b . > dpkg-source: info: using source format '3.0 (quilt)' > dpkg-source: info: building grpc-java using existing > ./grpc-java_1.41.3+ds.orig.tar.xz > dpkg-source: info: using patch list from debian/patches/series > dpkg-source: error: cannot represent change to > compiler/src/java_plugin/cpp/grpc_java_plugin: binary file contents changed > dpkg-source: error: add compiler/src/java_plugin/cpp/grpc_java_plugin in > debian/source/include-binaries if you want to store the modified binary in > the debian tarball > dpkg-source: warning: executable mode 0755 of > 'compiler/src/java_plugin/cpp/grpc_java_plugin' will not be represented in > diff > dpkg-source: error: cannot represent change to >
Bug#1027732: marked as done (zookeeper: Uneeded B-D on liblog4cxx-dev)
Your message dated Mon, 06 May 2024 23:06:48 + with message-id and subject line Bug#1027732: fixed in zookeeper 3.9.2-2 has caused the Debian Bug report #1027732, regarding zookeeper: Uneeded B-D on liblog4cxx-dev to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1027732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027732 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: zookeeper Severity: minor Hi, I'm currently preparing the transition for liblog4cxx and figures out that zookeeper is B-D on liblog4cxx, however its current build configuration is not using it. (It seems to be used for Zkfuse, which is not built for a Debian package.) Building with and without log4cxx and running debdiff on the result showed that there is no difference4 as well. Please consider dropping the B-D! Thanks, -- tobi -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-6-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: zookeeper Source-Version: 3.9.2-2 Done: Pierre Gruet We believe that the bug you reported is fixed in the latest version of zookeeper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1027...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Gruet (supplier of updated zookeeper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 May 2024 23:40:24 +0200 Source: zookeeper Architecture: source Version: 3.9.2-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Pierre Gruet Closes: 1027732 1069540 Changes: zookeeper (3.9.2-2) unstable; urgency=medium . * Team upload * Raising Standards version to 4.7.0 (no change) * Increasing time limit in ClientSSLReloadTest (Closes: #1069540) * Dropping unused B-D on liblog4cxx-dev (Closes: #1027732) Checksums-Sha1: 92e830922baadc7e329bb9351e07a1352579f6fe 3747 zookeeper_3.9.2-2.dsc b1a2ab2d66db3aa58e7fab18e1c4fe680d97b396 90956 zookeeper_3.9.2-2.debian.tar.xz 67bffd1c08ac8b1f21f896d21e9625bd41173029 18681 zookeeper_3.9.2-2_source.buildinfo Checksums-Sha256: 03dd70f72391437272bea8125c714e350b6a8de419c7f39c1c5b5ec1f42f88d5 3747 zookeeper_3.9.2-2.dsc 241c136971a7504f1bb58d299015fc190e79cf5b739d5d9fd709d1491e70305e 90956 zookeeper_3.9.2-2.debian.tar.xz 68d2de9df9024ab8fe5b675b274aae2864f404a72285fd4d0f4ea0673ea4a9a0 18681 zookeeper_3.9.2-2_source.buildinfo Files: cc80c0b935c02eaccd34a09fb6dc5629 3747 java optional zookeeper_3.9.2-2.dsc 86bae1e93bf5a24a5648f88e8a9cd540 90956 java optional zookeeper_3.9.2-2.debian.tar.xz 70348916f4aa1c78a320756dceb7380c 18681 java optional zookeeper_3.9.2-2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmY5Ts0ACgkQYAMWptwn dHYWoRAAnjBKIl5u98bLIPwornLFp8UHEHmDVtt2YCDtqLVq3P11wgyvSoGMgNl7 7oQ5EsRR9awAmtN/4jQ+xJvcT5+MKcJL7IyhiUcyRVv+tn311wfTQv32QZ9gdJRO SOA1a8qkSpbtoUAB7s+yip9mds7Szbh0P2VCOrJnp/FAj8hyS6udLB3YlxUlUDH5 lvUIIHWLgTCcjjfMA7GZOgCl4gVqrQ0+OdxYcHLFOblzl6ziAWMuqfv+AF9MdPS7 2Iqz5GSO8Pci+hPU2J81hPrMjCC0YssFsA5YjcfzyuOJV980UZp0+lpAt1IoRPvP /T63VYC3quxBcLRA6IxADv5uXpdJEMDioWklKJnu5O3mPI/ax4htu9FM5n9os6So CBlQ5D8XADc01UjFxBqbhyRc4Pp5Su/4wkL3/+P8WpEZCOHmXbah5itkC010bbbE RqWt8QebhOUP4viJH2dwGI8Mtm+g6EB0Xz0sgjewqqUuqJJvKzQplPPZXeVoS1T8 HVSK1ZS//DEwKbkSaRmEN0uMrSFEPZvdTjcPYD9KR1aYbPWv+s5BdI4NtBbt8FKC 6w4jzYpLTzm7x2FIEXs6dA96ZyxwzIfkkIOCfn+UIWxZix+oWELDvmsBhFRzj3jt 5ktHFojLn5DcIQHFunM6h67S95Fp+T2GdaBiHCLWhEdfCF4fJg8= =9ggJ -END PGP SIGNATURE
Bug#1070421: marked as done (src:mac-widgets: unsatisfied build dependency in testing: libjgoodies-forms-java-doc)
Your message dated Mon, 06 May 2024 04:19:21 + with message-id and subject line Bug#1070421: fixed in mac-widgets 0.10.0+svn416-dfsg1-4 has caused the Debian Bug report #1070421, regarding src:mac-widgets: unsatisfied build dependency in testing: libjgoodies-forms-java-doc to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1070421: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070421 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: mac-widgets Version: 0.10.0+svn416-dfsg1-3 Severity: serious Tags: sid trixie ftbfs User: debian...@lists.debian.org Usertags: edos-uninstallable Dear maintainer(s), Dose [1] is reporting a build issue with your package, it's missing a build dependency. Obviously your build dependencies shouldn't be removed from testing, but unfortunately there are multiple scenarios where that can happen nevertheless. To uphold our social contract, Debian requires that packages can be rebuild from source in the suite we are shipping them, so currently this is a serious issue with your package in testing. src:libjgoodies-forms-java stopped building libjgoodies-forms-java-doc in it's latest upload, so your package can no longer be build in unstable either. Can you please investigate the situation and figure out how to resolve it? Regularly, if the build dependency is available in unstable, helping the maintainer of your Build-Depends to enable migration to testing is a great way to solve the issue. If your build dependency is gone from unstable and testing, you'll have to fix the build process in some other way. Paul Note: this bug report was sent after some quick manual checks using a template. Please reach out to me if you believe I made a mistake in my process. [1] https://qa.debian.org/dose/debcheck/src_testing_main/latest/amd64.html OpenPGP_signature.asc Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Source: mac-widgets Source-Version: 0.10.0+svn416-dfsg1-4 Done: tony mancill We believe that the bug you reported is fixed in the latest version of mac-widgets, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1070...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill (supplier of updated mac-widgets package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 05 May 2024 20:56:09 -0700 Source: mac-widgets Architecture: source Version: 0.10.0+svn416-dfsg1-4 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: tony mancill Closes: 1070421 Changes: mac-widgets (0.10.0+svn416-dfsg1-4) unstable; urgency=medium . * Team upload. * Drop libmac-widgets-doc (Closes: #1070421) * Update Vcs URLs to point to Salsa Checksums-Sha1: 3a062b3348c7af71b7769e6c4acd59a17f3fe92e 2139 mac-widgets_0.10.0+svn416-dfsg1-4.dsc 008f263640802c1e59253bdf160bce5cd3ac3904 3464 mac-widgets_0.10.0+svn416-dfsg1-4.debian.tar.xz d57cf227cf9de9a4100fa3a59066c1a81ca3e045 12410 mac-widgets_0.10.0+svn416-dfsg1-4_amd64.buildinfo Checksums-Sha256: ae2dcfcfc79c112f133d4bfc93dd6dc4e6b78b9a310e2480ce724800a41e32d1 2139 mac-widgets_0.10.0+svn416-dfsg1-4.dsc f8fc286aa3fb1fb12e6b0d52a8037a78850ab18fe4c2287455c45068b881b67a 3464 mac-widgets_0.10.0+svn416-dfsg1-4.debian.tar.xz c3fee93ad7c043d167f0fcde7b450a7695c8e1a348e9c6052e0d7018657ce333 12410 mac-widgets_0.10.0+svn416-dfsg1-4_amd64.buildinfo Files: 5ab27ddc0e31d010fadd2857c3464def 2139 java optional mac-widgets_0.10.0+svn416-dfsg1-4.dsc 1ec8f573719d13d960fb75f52828611a 3464 java optional mac-widgets_0.10.0+svn416-dfsg1-4.debian.tar.xz 269cd1fef0592f32a2004498352cc741 12410 java optional mac-widgets_0.10.0+svn416-dfsg1-4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmY4WDkUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZjPxAAsszF0rx6X+tI091KRrrkZ1y2EQ+F 3eWPja9mLJr0G/SijNxgy9Op+I5xFQogTk+tDp5FM/8cDl9LUyDJkwsjHoowWvEL 8AoTsx1NYI4D1CO9EghOgGtF9Zflb9IGjvaltD+I42TJI5Y1HeNNu/CnJ1S9bKjE TtxsitjCX7r8r19xhEIm5x1VOubaYed7F0RaQEHHQPTmdWU0GcaxVkKpIwTLnNQn tzWnUC4GouADyz7XP3
Processed: Bug#1070421 marked as pending in mac-widgets
Processing control commands: > tag -1 pending Bug #1070421 [src:mac-widgets] src:mac-widgets: unsatisfied build dependency in testing: libjgoodies-forms-java-doc Added tag(s) pending. -- 1070421: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070421 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1066703: marked as done (rxtx: FTBFS: SerialImp.c:5453:23: error: implicit declaration of function ‘major’ [-Werror=implicit-function-declaration])
Your message dated Wed, 01 May 2024 10:20:30 + with message-id and subject line Bug#1066703: fixed in rxtx 2.2.0+dfsg-3 has caused the Debian Bug report #1066703, regarding rxtx: FTBFS: SerialImp.c:5453:23: error: implicit declaration of function ‘major’ [-Werror=implicit-function-declaration] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1066703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066703 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: rxtx Version: 2.2.0+dfsg-2 Severity: serious Justification: FTBFS Tags: trixie sid ftbfs User: lu...@debian.org Usertags: ftbfs-20240313 ftbfs-trixie ftbfs-impfuncdef Hi, During a rebuild of all packages in sid, your package failed to build on amd64. This is most likely caused by a change in dpkg 1.22.6, that enabled -Werror=implicit-function-declaration. For more information, see https://wiki.debian.org/qa.debian.org/FTBFS#A2024-03-13_-Werror.3Dimplicit-function-declaration Relevant part (hopefully): > /bin/bash /<>/libtool --mode=link gcc -g -O2 > -Werror=implicit-function-declaration -ffile-prefix-map=/<>=. > -fstack-protector-strong -fstack-clash-protection -Wformat > -Werror=format-security -fcf-protection -D_POSIX_SOURCE -D_BSD_SOURCE > -D__need_timespec -Wl,-z,relro -lpthread -release 2.1-7 -o librxtxSerial.la > -rpath /usr/lib/jni /<>/x86_64-pc-linux-gnu/SerialImp.lo; > \ > fi; \ > ) > libtool: compile: gcc -I/<> -Ix86_64-pc-linux-gnu -I. > -I/usr/lib/jvm/java-17-openjdk-amd64/include > -I/usr/lib/jvm/java-17-openjdk-amd64/include/./linux/ -Wdate-time > -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration > -ffile-prefix-map=/<>=. -fstack-protector-strong > -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection > -D_POSIX_SOURCE -D_BSD_SOURCE -D__need_timespec -c > /<>/./src/SerialImp.c -fPIC -DPIC -o > /<>/x86_64-pc-linux-gnu/.libs/SerialImp.o > In file included from > /usr/include/x86_64-linux-gnu/bits/libc-header-start.h:33, > from /usr/include/stdio.h:27, > from /usr/lib/jvm/java-17-openjdk-amd64/include/jni.h:39, > from ./gnu_io_RXTXPort.h:2, > from /<>/./src/SerialImp.c:64: > /usr/include/features.h:195:3: warning: #warning "_BSD_SOURCE and > _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp] > 195 | # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use > _DEFAULT_SOURCE" > | ^~~ > /<>/./src/SerialImp.c: In function ‘uucp_lock’: > /<>/./src/SerialImp.c:5453:23: error: implicit declaration of > function ‘major’ [-Werror=implicit-function-declaration] > 5453 | (int) major( buf.st_dev ), > | ^ > /<>/./src/SerialImp.c:5455:23: error: implicit declaration of > function ‘minor’ [-Werror=implicit-function-declaration] > 5455 | (int) minor( buf.st_rdev ) > | ^ > /<>/./src/SerialImp.c: In function ‘is_device_locked’: > /<>/./src/SerialImp.c:5863:33: error: implicit declaration of > function ‘asprintf’; did you mean ‘vsprintf’? > [-Werror=implicit-function-declaration] > 5863 | asprintf( , "%s/%s%s", > lockdirs[i], > | ^~~~ > | vsprintf > /<>/./src/SerialImp.c: In function ‘fhs_lock’: > /<>/./src/SerialImp.c:5377:9: warning: ignoring return value of > ‘write’ declared with attribute ‘warn_unused_result’ [-Wunused-result] > 5377 | write( fd, lockinfo, 11 ); > | ^ > /<>/./src/SerialImp.c: In function ‘uucp_lock’: > /<>/./src/SerialImp.c:5475:9: warning: ignoring return value of > ‘write’ declared with attribute ‘warn_unused_result’ [-Wunused-result] > 5475 | write( fd, lockinfo,11 ); > | ^~~~ > /<>/./src/SerialImp.c: In function ‘is_device_locked’: > /<>/./src/SerialImp.c:5940:17: warning: ignoring return value of > ‘read’ declared with attribute ‘warn_unused_result’ [-Wunused-result] > 5940 | read( fd, pid_buffer, 11 ); > |
Processed: Bug#1066703 marked as pending in rxtx
Processing control commands: > tag -1 pending Bug #1066703 [src:rxtx] rxtx: FTBFS: SerialImp.c:5453:23: error: implicit declaration of function ‘major’ [-Werror=implicit-function-declaration] Added tag(s) pending. -- 1066703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066703 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: libmariadb-java: Request to upgrade
Processing control commands: > retitle -1 libmariadb-java: Request to upgrade to MariaDB Bug #1038435 [libmariadb-java] libmariadb-java: Request to upgrade Changed Bug title to 'libmariadb-java: Request to upgrade to MariaDB' from 'libmariadb-java: Request to upgrade'. -- 1038435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038435 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1069921: marked as done (libusb-java FTCBFS: uses the build architecture compiler)
Your message dated Sun, 28 Apr 2024 18:04:45 + with message-id and subject line Bug#1069921: fixed in libusb-java 0.8+ztex20090101-10 has caused the Debian Bug report #1069921, regarding libusb-java FTCBFS: uses the build architecture compiler to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069921: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069921 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libusb-java Version: 0.8+ztex20090101-9 Tags: patch User: debian-cr...@lists.debian.org Usertags: ftcbfs libusb-java fails to cross build from source, because the upstream Makefile uses a non-standard variable (GCC) for the C compiler and because debian/rules does not pass cross tools to make. I propose renaming the variable to the usual CC variable and using dh_auto_build. Please find a patch attached. Helmut diff --minimal -Nru libusb-java-0.8+ztex20090101/debian/changelog libusb-java-0.8+ztex20090101/debian/changelog --- libusb-java-0.8+ztex20090101/debian/changelog 2021-02-07 23:29:30.0 +0100 +++ libusb-java-0.8+ztex20090101/debian/changelog 2024-04-26 11:25:31.0 +0200 @@ -1,3 +1,10 @@ +libusb-java (0.8+ztex20090101-9.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix FTCBFS: Use cross tools for build. (Closes: #-1) + + -- Helmut Grohne Fri, 26 Apr 2024 11:25:31 +0200 + libusb-java (0.8+ztex20090101-9) unstable; urgency=medium * Team upload. diff --minimal -Nru libusb-java-0.8+ztex20090101/debian/patches/cross.patch libusb-java-0.8+ztex20090101/debian/patches/cross.patch --- libusb-java-0.8+ztex20090101/debian/patches/cross.patch 1970-01-01 01:00:00.0 +0100 +++ libusb-java-0.8+ztex20090101/debian/patches/cross.patch 2024-04-26 11:25:31.0 +0200 @@ -0,0 +1,50 @@ +--- libusb-java-0.8+ztex20090101.orig/Makefile libusb-java-0.8+ztex20090101/Makefile +@@ -21,7 +21,7 @@ + ### + # this should not be modified # + ### +-GCC=gcc ++CC?=gcc + STRIP=strip + CHMOD=chmod -x + JAVAC=javac -source 7 -target 7 -encoding ISO-8859-1 +@@ -51,7 +51,7 @@ + libs: $(LIBTARGET_SH) + + %.o: %.c LibusbJava.h +- $(GCC) -fPIC -g -c -std=c99 -Wall -Wno-pointer-to-int-cast $(LIBINCS) $< -o$@ ++ $(CC) -fPIC -g -c -std=c99 -Wall -Wno-pointer-to-int-cast $(LIBINCS) $< -o$@ + + $(LIBTARGET_ST): $(LIBSRCS) + +@@ -64,25 +64,25 @@ + + + $(LIBTARGET_ST)$(VERSIONSUFFIX): $(LIBSRCS) +- $(GCC) -shared -Wl,-soname,$(LIBTARGET_ST),-static $(LIBINCS) $(LIBSRCS) -static -o $(LIBTARGET_ST)$(VERSIONSUFFIX) $(LIBLIBS) ++ $(CC) -shared -Wl,-soname,$(LIBTARGET_ST),-static $(LIBINCS) $(LIBSRCS) -static -o $(LIBTARGET_ST)$(VERSIONSUFFIX) $(LIBLIBS) + [ -r $(LIBTARGET_ST) ] || ln -s $(LIBTARGET_ST)$(VERSIONSUFFIX) $(LIBTARGET_ST) + $(STRIP) $(LIBTARGET_ST) + $(CHMOD) $(LIBTARGET_ST) + + $(LIBTARGET_SH)$(VERSIONSUFFIX): $(LIBSRCS) +- $(GCC) -fPIC -shared -Wl,-soname,$(LIBTARGET_SH) $(LIBINCS) $(LIBSRCS) -o $(LIBTARGET_SH)$(VERSIONSUFFIX) $(LIBLIBS) ++ $(CC) -fPIC -shared -Wl,-soname,$(LIBTARGET_SH) $(LIBINCS) $(LIBSRCS) -o $(LIBTARGET_SH)$(VERSIONSUFFIX) $(LIBLIBS) + [ -r $(LIBTARGET_SH) ] || ln -s $(LIBTARGET_SH)$(VERSIONSUFFIX) $(LIBTARGET_SH) + $(STRIP) $(LIBTARGET_SH) + $(CHMOD) $(LIBTARGET_SH) + + $(LIBTARGET)$(VERSIONSUFFIX): $(LIBSRCS) +- $(GCC) -fPIC -shared -Wl,-soname,$(LIBTARGET) $(LIBINCS) $(LIBSRCS) -o $(LIBTARGET)$(VERSIONSUFFIX) $(LIBLIBS) ++ $(CC) -fPIC -shared -Wl,-soname,$(LIBTARGET) $(LIBINCS) $(LIBSRCS) -o $(LIBTARGET)$(VERSIONSUFFIX) $(LIBLIBS) + [ -r $(LIBTARGET) ] || ln -s $(LIBTARGET)$(VERSIONSUFFIX) $(LIBTARGET) + $(STRIP) $(LIBTARGET) + $(CHMOD) $(LIBTARGET) + + $(LIBTARGET_64)$(VERSIONSUFFIX): $(LIBSRCS64) +- $(GCC) -fPIC -m64 -shared -std=c99 -Wall -Wno-pointer-to-int-cast -Wl,-soname,$(LIBTARGET_64) $(LIBINCS) $(LIBSRCS64) $(LIBLIBS) -o $(LIBTARGET_64)$(VERSIONSUFFIX) ++ $(CC) -fPIC -m64 -shared -std=c99 -Wall -Wno-pointer-to-int-cast -Wl,-soname,$(LIBTARGET_64) $(LIBINCS) $(LIBSRCS64) $(LIBLIBS) -o $(LIBTARGET_64)$(VERSIONSUFFIX) + [ -r $(LIBTARGET_64) ] || ln -s $(LIBTARGET_64)$(VERSIONSUFFIX) $(LIBTARGET_64) + $(STRIP) $(LIBTARGET_64) + $(CHMOD) $(LIBTARGET_64) diff --minimal -Nru libusb-java-0.8+ztex20090101/debian/patches/series libusb-java-0.8+ztex20090101/debian/patches/series --- libusb-java-0.8+ztex20090101/debian/patches/series 2020-09-05 14:43:49.0 +0200 +++ libusb-java-0.8+ztex20
Bug#1057523: marked as done (libusb-java: FTBFS with default Java 21)
Your message dated Sun, 28 Apr 2024 18:04:45 + with message-id and subject line Bug#1057523: fixed in libusb-java 0.8+ztex20090101-10 has caused the Debian Bug report #1057523, regarding libusb-java: FTBFS with default Java 21 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057523 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libusb-java Version: 0.8+ztex20090101-9build1 Severity: important Tags: ftbfs User: debian-j...@lists.debian.org Usertags: default-java21 Dear Maintainers, The package libusb-java ftbfs with default Java 21. The relevant part of the build log: --- make[2]: Entering directory '/<>' javac -source 7 -target 7 -encoding ISO-8859-1 ch/ntb/usb/Device.java ch/ntb/usb/LibLoader.java ch/ntb/usb/LibusbJava.java ch/ntb/usb/USB.java ch/ntb/usb/USBException.java ch/ntb/usb/USBTimeoutException.java ch/ntb/usb/Usb_Bus.java ch/ntb/usb/Usb_Config_Descriptor.java ch/ntb/usb/Usb_Descriptor.java ch/ntb/usb/Usb_Device.java ch/ntb/usb/Usb_Device_Descriptor.java ch/ntb/usb/Usb_Endpoint_Descriptor.java ch/ntb/usb/Usb_Interface.java ch/ntb/usb/Usb_Interface_Descriptor.java ch/ntb/usb/Utils.java ch/ntb/usb/logger/LogUtil.java warning: [options] bootstrap class path not set in conjunction with -source 7 error: Source option 7 is no longer supported. Use 8 or later. error: Target option 7 is no longer supported. Use 8 or later. make[2]: *** [Makefile:91: classes.made] Error 2 make[2]: Leaving directory '/<>' make[1]: *** [debian/rules:22: override_dh_auto_build-indep] Error 2 make[1]: Leaving directory '/<>' make: *** [debian/rules:11: build] Error 2 dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2 Build finished at 2023-12-04T10:20:45Z --- -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-13-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: libusb-java Source-Version: 0.8+ztex20090101-10 Done: tony mancill We believe that the bug you reported is fixed in the latest version of libusb-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1057...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill (supplier of updated libusb-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 28 Apr 2024 10:27:45 -0700 Source: libusb-java Architecture: source Version: 0.8+ztex20090101-10 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: tony mancill Closes: 1057523 1069921 Changes: libusb-java (0.8+ztex20090101-10) unstable; urgency=medium . * Team upload . [ Vladimir Petko ] * d/rules, d/p/java-compat.patch: use java_compat_level variable provided by java-common to adjust -source/-target level to the minimum required by the default Java (Closes: #1057523). . [ Helmut Grohne ] * Fix FTCBFS: Use cross tools for build. (Closes: #1069921) . [ Debian Janitor ] * Trim trailing whitespace. * Use versioned copyright format URI. . [ tony mancill ] * Bump Standards-Version to 4.7.0 * Set Rules-Requires-Root: no in debian/control Checksums-Sha1: af3b056d0f6c70fd9259e6c2249c8e826dac5250 2192 libusb-java_0.8+ztex20090101-10.dsc f73d61d156b99290f8585e984d80e17fabf327ec 5700 libusb-java_0.8+ztex20090101-10.debian.tar.xz cd98005eea728e01e3ba6957def9d6592a101141 10811 libusb-java_0.8+ztex20090101-10_amd64.buildinfo Checksums-Sha256: 9580b0147aa6468ba5d764bf4585ecae24c9a98906e3795560152621f9035001 2192 libusb-java_0.8+z
Processed: Bug#1069921 marked as pending in libusb-java
Processing control commands: > tag -1 pending Bug #1069921 [src:libusb-java] libusb-java FTCBFS: uses the build architecture compiler Added tag(s) pending. -- 1069921: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069921 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: rxtx: FTBFS: SerialImp.c:5453:23: error: implicit declaration of function ‘major’ [-Werror=implicit-function-declaration]
Processing control commands: > tag -1 patch Bug #1066703 [src:rxtx] rxtx: FTBFS: SerialImp.c:5453:23: error: implicit declaration of function ‘major’ [-Werror=implicit-function-declaration] Added tag(s) patch. -- 1066703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066703 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: tagging 1064282, reassign 1069433 to src:openmpi, tagging 1069433, tagging 1069840 ...
Processing commands for cont...@bugs.debian.org: > tags 1064282 + experimental Bug #1064282 [src:poppler] poppler: NMU diff for 64-bit time_t transition Added tag(s) experimental. > reassign 1069433 src:openmpi 4.1.6-3 Bug #1069433 [openmpi] gtg-trace: FTBFS on armhf: tests fail Bug reassigned from package 'openmpi' to 'src:openmpi'. No longer marked as found in versions 4.1.6-5. Ignoring request to alter fixed versions of bug #1069433 to the same values previously set Bug #1069433 [src:openmpi] gtg-trace: FTBFS on armhf: tests fail Marked as found in versions openmpi/4.1.6-3. > tags 1069433 - sid trixie Bug #1069433 [src:openmpi] gtg-trace: FTBFS on armhf: tests fail Removed tag(s) sid and trixie. > tags 1069840 + sid trixie Bug #1069840 [src:maven-dependency-analyzer] maven-dependency-analyzer: FTBFS: [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.10.1:testCompile (default-testCompile) on project maven-dependency-analyzer: Compilation failure Added tag(s) trixie and sid. > retitle 1069374 python-grpc-tools: FTBFS: aborting due to unexpected upstream > changes in grpc_tools/_protoc_compiler.cpp (generated by cython) Bug #1069374 [src:python-grpc-tools] python-grpc-tools: FTBFS on arm64: aborting due to unexpected upstream changes in grpc_tools/_protoc_compiler.cpp Changed Bug title to 'python-grpc-tools: FTBFS: aborting due to unexpected upstream changes in grpc_tools/_protoc_compiler.cpp (generated by cython)' from 'python-grpc-tools: FTBFS on arm64: aborting due to unexpected upstream changes in grpc_tools/_protoc_compiler.cpp'. > retitle 1069370 shasta: FTBFS: dpkg-shlibdeps: error: cannot find library > shasta.cpython-311-aarch64-linux-gnu.so needed by debian/shasta/usr/bin/shasta Bug #1069370 [src:shasta] shasta: FTBFS: dpkg-shlibdeps: error: cannot continue due to the error above Changed Bug title to 'shasta: FTBFS: dpkg-shlibdeps: error: cannot find library shasta.cpython-311-aarch64-linux-gnu.so needed by debian/shasta/usr/bin/shasta' from 'shasta: FTBFS: dpkg-shlibdeps: error: cannot continue due to the error above'. > found 1061025 1.3.0-1 Bug #1061025 [src:libcommons-logging-java] httpcomponents-client: FTBFS: make: *** [debian/rules:4: build] Error 25 Marked as found in versions libcommons-logging-java/1.3.0-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061025 1064282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064282 1069370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069370 1069374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069374 1069433: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069433 1069840: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069840 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: antlr4-maven-plugin: please provide debian-versioned maven coordinates
Processing control commands: > severity -1 important Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide debian-versioned maven coordinates Severity set to 'important' from 'serious' > tags -1 - ftbfs Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide debian-versioned maven coordinates Removed tag(s) ftbfs. -- 1065660: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065660 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: antlr4-maven-plugin: please provide debian-versioned maven coordinates
Processing commands for cont...@bugs.debian.org: > severity 1065660 serious Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide debian-versioned maven coordinates Severity set to 'serious' from 'normal' > tags 1065660 + ftbfs Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide debian-versioned maven coordinates Added tag(s) ftbfs. > thanks Stopping processing here. Please contact me if you need assistance. -- 1065660: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065660 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1069015: marked as done (libnb-platform18-java is unable to set security manager with default Java 21)
Your message dated Wed, 24 Apr 2024 05:12:22 + with message-id and subject line Bug#1069015: fixed in libnb-platform18-java 12.1-3 has caused the Debian Bug report #1069015, regarding libnb-platform18-java is unable to set security manager with default Java 21 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libnb-platform18-java Version: 12.1-2 Severity: important User: debian-j...@lists.debian.org Usertags: default-java21 Dear Maintainers, When preparing an upgrade to VisualVM 2.1.8 I encountered the following exception: -- $visualvm java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release at java.base/java.lang.System.setSecurityManager(System.java:430) at org.netbeans.TopSecurityManager.install(Unknown Source) at org.netbeans.core.NbLifecycleManager.advancePolicy(Unknown Source) at org.netbeans.core.GuiRunLevel.run(Unknown Source) at org.netbeans.core.startup.Main.start(Unknown Source) at org.netbeans.core.startup.TopThreadGroup.run(Unknown Source) at java.base/java.lang.Thread.run(Thread.java:1583) --- This is caused by Java 21 changes to SecurityManager and is already fixed upstream[1] [1] https://github.com/apache/netbeans/commit/4c9d9492f70b09aaeae2b8b10fc26ae29433d667 -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic'), (100, 'mantic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-27-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: libnb-platform18-java Source-Version: 12.1-3 Done: Vladimir Petko We believe that the bug you reported is fixed in the latest version of libnb-platform18-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vladimir Petko (supplier of updated libnb-platform18-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 15 Apr 2024 17:24:38 +1200 Source: libnb-platform18-java Architecture: source Version: 12.1-3 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Vladimir Petko Closes: 1069015 Changes: libnb-platform18-java (12.1-3) unstable; urgency=medium . * Team upload * d/p/allow-security-manager.patch: cherry-pick upstream patch to allow setting Java Security Manager (Closes: #1069015). Checksums-Sha1: 6d6c9a850251c31785371f97bbc97d3cc0efeb97 3002 libnb-platform18-java_12.1-3.dsc 4a4c00c7b2cdd0f882a1492a480b30e20f22dc9b 41956 libnb-platform18-java_12.1-3.debian.tar.xz 0fbbbd103299ac4751ec4c813e59642d3d59e595 15106 libnb-platform18-java_12.1-3_amd64.buildinfo Checksums-Sha256: 4433dd0f604eaca2a541cfdb20fa8fae5bc461b3f18f0862aa33606510770622 3002 libnb-platform18-java_12.1-3.dsc 1394ce0ad1a4f2238043f1599cd348bbfb494439ffa68ec0f780fa034c4e1b07 41956 libnb-platform18-java_12.1-3.debian.tar.xz a0fe8828ae6f5040f4d9eacdcf84c5e0bac28a27790798e70b2fabf12dd4cf72 15106 libnb-platform18-java_12.1-3_amd64.buildinfo Files: c2ae868db8561d59b80e94d81a33763d 3002 java optional libnb-platform18-java_12.1-3.dsc 0eb29dfd4a39e0a87a73ce84d85c9405 41956 java optional libnb-platform18-java_12.1-3.debian.tar.xz 9595a8c6719863f1134dc52034312d68 15106 java optional libnb-platform18-java_12.1-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYoj3oUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZKNhAArFL9U6hLgg1J48lk3Dukj+LGJ5Gw 2IETO8PF3nDH4WEf8dqQBST/LVzcZk+WrTLknXcwSjCffEI8phbgCQQfhRpsD7Z+ 7q8FbiZa31NRMg7mdyI8mtXpwVP9QWrhLKrUuvzqbRi9jV1jWeqMeS+dhNfjPiyy fvMOA0FOrxVM1VYq01bkZe1N
Processed: Bug#1069015 marked as pending in libnb-platform-java
Processing control commands: > tag -1 pending Bug #1069015 [src:libnb-platform18-java] libnb-platform18-java is unable to set security manager with default Java 21 Added tag(s) pending. -- 1069015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: tagging 1069678
Processing commands for cont...@bugs.debian.org: > tags 1069678 + upstream Bug #1069678 {Done: Thorsten Glaser } [src:openjdk-8] openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 1069678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069678 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1069678: marked as done (openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094)
Your message dated Mon, 22 Apr 2024 23:34:17 + with message-id and subject line Bug#1069678: fixed in openjdk-8 8u412-ga-1 has caused the Debian Bug report #1069678, regarding openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069678 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjdk-8 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for openjdk-8. CVE-2024-21011[0]: | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle | GraalVM Enterprise Edition product of Oracle Java SE (component: | Hotspot). Supported versions that are affected are Oracle Java SE: | 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for | JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: | 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows | unauthenticated attacker with network access via multiple protocols | to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM | Enterprise Edition. Successful attacks of this vulnerability can | result in unauthorized ability to cause a partial denial of service | (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle | GraalVM Enterprise Edition. Note: This vulnerability can be | exploited by using APIs in the specified Component, e.g., through a | web service which supplies data to the APIs. This vulnerability also | applies to Java deployments, typically in clients running sandboxed | Java Web Start applications or sandboxed Java applets, that load and | run untrusted code (e.g., code that comes from the internet) and | rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2024-21068[1]: | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle | GraalVM Enterprise Edition product of Oracle Java SE (component: | Hotspot). Supported versions that are affected are Oracle Java SE: | 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: | 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. | Difficult to exploit vulnerability allows unauthenticated attacker | with network access via multiple protocols to compromise Oracle Java | SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. | Successful attacks of this vulnerability can result in unauthorized | update, insert or delete access to some of Oracle Java SE, Oracle | GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. | Note: This vulnerability can be exploited by using APIs in the | specified Component, e.g., through a web service which supplies data | to the APIs. This vulnerability also applies to Java deployments, | typically in clients running sandboxed Java Web Start applications | or sandboxed Java applets, that load and run untrusted code (e.g., | code that comes from the internet) and rely on the Java sandbox for | security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2024-21085[2]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise | Edition product of Oracle Java SE (component: Concurrency). | Supported versions that are affected are Oracle Java SE: 8u401, | 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and | 21.3.9. Difficult to exploit vulnerability allows unauthenticated | attacker with network access via multiple protocols to compromise | Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a partial denial of service (partial DOS) of Oracle Java SE, | Oracle GraalVM Enterprise Edition. Note: This vulnerability can be | exploited by using APIs in the specified Component, e.g., through a | web service which supplies data to the APIs. This vulnerability also | applies to Java deployments, typically in clients running sandboxed | Java Web Start applications or sandboxed Java applets, that load and | run untrusted code (e.g., code that comes from the internet) and | rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2024-21094[3]: | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle | GraalVM Enterprise Edition product of Oracle Java SE
Processed: Re: Bug#1069678: openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094
Processing commands for cont...@bugs.debian.org: > tags 1069678 + pending Bug #1069678 [src:openjdk-8] openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1069678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069678 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: add patch
Processing commands for cont...@bugs.debian.org: > tags 1061025 patch Bug #1061025 [src:libcommons-logging-java] httpcomponents-client: FTBFS: make: *** [debian/rules:4: build] Error 25 Added tag(s) patch. > End of message, stopping processing here. Please contact me if you need assistance. -- 1061025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061025 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: add patch
Processing commands for cont...@bugs.debian.org: > tags 1069015 patch Bug #1069015 [src:libnb-platform18-java] libnb-platform18-java is unable to set security manager with default Java 21 Added tag(s) patch. > End of message, stopping processing here. Please contact me if you need assistance. -- 1069015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1067209: marked as done (jruby: please update libfixposix4 runtime depency)
Your message dated Fri, 19 Apr 2024 22:35:55 + with message-id and subject line Bug#1067209: fixed in jruby 9.4.6.0+ds-1.1 has caused the Debian Bug report #1067209, regarding jruby: please update libfixposix4 runtime depency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067209: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067209 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: jruby Version: 9.4.6.0+ds-1 Severity: serious Tags: patch Hello, libfixposix4 was renamed in libfixposix4t64, please drop or update the runtime dependency accordingly Thanks for considering the patch. diff -Nru jruby-9.4.6.0+ds/debian/control jruby-9.4.6.0+ds/debian/control --- jruby-9.4.6.0+ds/debian/control 2024-03-08 08:55:39.0 +0100 +++ jruby-9.4.6.0+ds/debian/control 2024-03-20 07:56:30.0 +0100 @@ -63,7 +62,7 @@ libasm-java (>= 9.5), libbackport9-java (>= 1.10), libdirgra-java, - libfixposix4, + libfixposix4t64, libheadius-options-java (>= 1.4), libinvokebinder-java (>= 1.13), libjansi1-java, OpenPGP_signature.asc Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Source: jruby Source-Version: 9.4.6.0+ds-1.1 Done: Bastian Germann We believe that the bug you reported is fixed in the latest version of jruby, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Germann (supplier of updated jruby package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 19 Apr 2024 22:06:26 + Source: jruby Architecture: source Version: 9.4.6.0+ds-1.1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Bastian Germann Closes: 1067209 Changes: jruby (9.4.6.0+ds-1.1) unstable; urgency=medium . * Non-maintainer upload . [ Gianfranco Costamagna ] * d/control: update libfixposix4 runtime depency (Closes: #1067209) Checksums-Sha1: 0851c4c86b106db437db7f9423b69ee1a5909443 3342 jruby_9.4.6.0+ds-1.1.dsc 725dc4d63e020554083268efac5c280b919e2aab 3 jruby_9.4.6.0+ds-1.1.debian.tar.xz 52d1898b4440f3750aab4c437888c53294621e85 14837 jruby_9.4.6.0+ds-1.1_source.buildinfo Checksums-Sha256: 9e7a53a2cd26d9d9713cd08bf49efc6beaad1458c2f4b1dad926c4e3cc4bc0b3 3342 jruby_9.4.6.0+ds-1.1.dsc 0bb73e9a579aa9cd37a847f48e53cfb7bb0a04122615ca340affce4f920f126d 3 jruby_9.4.6.0+ds-1.1.debian.tar.xz ec16a5077ebb39f0a5c1e1306b109f96ce8b5e150b7ee7b11e980dd3840ba224 14837 jruby_9.4.6.0+ds-1.1_source.buildinfo Files: 633bc300048fec4b5ad8afa25fb53cf6 3342 ruby optional jruby_9.4.6.0+ds-1.1.dsc ff70a6762925531c0a7d124634f9f1dd 3 ruby optional jruby_9.4.6.0+ds-1.1.debian.tar.xz 47ba88aaf02234214416e5ee2c77ed19 14837 ruby optional jruby_9.4.6.0+ds-1.1_source.buildinfo -BEGIN PGP SIGNATURE- iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmYi7hYQHGJhZ2VAZGVi aWFuLm9yZwAKCRAfXHqLRVZDFOvjC/9NWZIpvgy2QyuB/0vS71Un+qW4oHWGdxp5 xe6lh7Tz/EiUD8G5vlZYfqg3BoNVxhoH2nYbV9WqwBGOghp/1xCV1yT5ZiIX11D4 PGp73B85kE1GtVBfyb4iGeQEAnNlRyHVm7BaRNSRV0fZ/KySrYovcnxlhOijx/tg N8RfrjnZO1UFlwxDIPKQLrvF8sz0OYU/LYocp09RvXAuf2odCkmC/kLgfzmQvOrl C7elT061ZS8i+t/VcBF3VBMYPEhXjVJXq9AppEiUjVq/csZ9S54j9GXLSxvqZmGh Ex0G2hZfFtmYucMyYfKR+pKaj8Y36228Emaf7JRxWTsD2f2TVarPNCCHtrLgUww1 BJ9GPjgNqen3hmiuqwoym4By6pW3krU7FqLBJfUEasfDjC7S5lWvGziQloOsYsKg yUEJfG5LN9Mo3z3REVTf/aAUR02GIte61LmG60smZI403ulGTFb1qvaMDc52uTsS umL9N4XdKmKJGsi7jF2sCKmxaJqJVoo= =UMSM -END PGP SIGNATURE- pgp5fW8FPDxiM.pgp Description: PGP signature --- End Message --- __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: found 1050407 in 1.6.0-2, tagging 1050407, found 1064516 in 0.9.1-1, block 1062029 with 1037597 ...
Processing commands for cont...@bugs.debian.org: > found 1050407 1.6.0-2 Bug #1050407 [src:tycho] tycho: build-depends on obsolete libeclipse-osgi-util-java Marked as found in versions tycho/1.6.0-2. > tags 1050407 + sid trixie experimental Bug #1050407 [src:tycho] tycho: build-depends on obsolete libeclipse-osgi-util-java Added tag(s) experimental, trixie, and sid. > found 1064516 0.9.1-1 Bug #1064516 [src:ruby-rack] ruby-rack: CVE-2024-26141 CVE-2024-25126 CVE-2024-26146 The source 'ruby-rack' and version '0.9.1-1' do not appear to match any binary packages Marked as found in versions ruby-rack/0.9.1-1. > block 1062029 with 1037597 Bug #1062029 [src:broker] broker: NMU diff for 64-bit time_t transition 1062029 was not blocked by any bugs. 1062029 was not blocking any bugs. Added blocking bug(s) of 1062029: 1037597 > tags 1069261 + sid trixie Bug #1069261 [cwlformat] cwlformat: fails with newer ruamel.yaml Added tag(s) trixie and sid. > tags 1050843 + sid trixie Bug #1050843 {Done: Stefano Rivera } [python3.11] Use-after-free crash when deallocating a frame object Added tag(s) sid and trixie. > found 1062171 2.0.0~svngit.20240121.06990a6+dfsg-1~exp1 Bug #1062171 {Done: Steve Langasek } [src:gmerlin] gmerlin: NMU diff for 64-bit time_t transition Marked as found in versions gmerlin/2.0.0~svngit.20240121.06990a6+dfsg-1~exp1 and reopened. > found 1062392 13.0.0-1 Bug #1062392 {Done: Benjamin Drung } [src:libkiwix] libkiwix: NMU diff for 64-bit time_t transition Marked as found in versions libkiwix/13.0.0-1 and reopened. > tags 1069258 + sid trixie Bug #1069258 [src:ruby-curb] ruby-curb: FTBFS: 178 tests, 699 assertions, 0 failures, 7 errors, 0 pendings, 0 omissions, 0 notifications Added tag(s) sid and trixie. > thanks Stopping processing here. Please contact me if you need assistance. -- 1050407: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050407 1050843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050843 1062029: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062029 1062171: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062171 1062392: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062392 1064516: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516 1069258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069258 1069261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1069003: marked as done (visualvm: please update to visualvm 2.1.8 to support Java 21 and 22)
Your message dated Thu, 18 Apr 2024 08:53:32 +1200 with message-id and subject line Re: visualvm: please update to visualvm 2.1.8 to support Java 21 and 22 has caused the Debian Bug report #1069003, regarding visualvm: please update to visualvm 2.1.8 to support Java 21 and 22 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069003: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069003 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: visualvm Version: 2.1.6-1 Severity: wishlist Dear Maintainer, Would it be possible to package visualvm 2.1.8 to enable support of Java 21 and 22? Best Regards, Vladimir. -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic'), (100, 'mantic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-27-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Please close the bug, the issue is fixed in 2.1.8-2[1]. [1] https://tracker.debian.org/news/1519394/accepted-visualvm-218-2-source-into-unstable/--- End Message --- __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: retitle 1064925 to RFP: fail2ban-prometheus-exporter -- collect and export Prometheus metrics on Fail2Ban ...
Processing commands for cont...@bugs.debian.org: > retitle 1064925 RFP: fail2ban-prometheus-exporter -- collect and export > Prometheus metrics on Fail2Ban Bug #1064925 [wnpp] RFP: fail2ban-prometheus-exporter - collect and export Prometheus metrics on Fail2Ban) Changed Bug title to 'RFP: fail2ban-prometheus-exporter -- collect and export Prometheus metrics on Fail2Ban' from 'RFP: fail2ban-prometheus-exporter - collect and export Prometheus metrics on Fail2Ban)'. > retitle 1000161 ITP: himalaya -- cli to manage emails Bug #1000161 [wnpp] ITP: cli to manage emails Changed Bug title to 'ITP: himalaya -- cli to manage emails' from 'ITP: cli to manage emails'. > found 1061212 3.1.6~dfsg-7 Bug #1061212 [src:emscripten] Please upgrade to llvm-toolchain-17 Marked as found in versions emscripten/3.1.6~dfsg-7. > found 1061215 21.10-4 Bug #1061215 [src:oclgrind] Please upgrade to llvm-toolchain-17 Marked as found in versions oclgrind/21.10-4. > found 1061216 10.0.1-2.1 Bug #1061216 [src:openvdb] Please upgrade to llvm-toolchain-17 Marked as found in versions openvdb/10.0.1-2.1. > found 1061213 1.0.15136.3-1 Bug #1061213 [src:intel-graphics-compiler] Please upgrade to llvm-toolchain-17 Marked as found in versions intel-graphics-compiler/1.0.15136.3-1. > found 1061214 0.41.1-1 Bug #1061214 [src:llvmlite] Please upgrade to llvm-toolchain-17 Marked as found in versions llvmlite/0.41.1-1. > fixed 1039985 2.2-3 Bug #1039985 [libjson-smart-java] libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid Marked as fixed in versions json-smart/2.2-3. > tags 1068975 + sid trixie Bug #1068975 [src:python-zxcvbn] Abandoned upstream and unmaintained Added tag(s) trixie and sid. > tags 1068937 + sid trixie Bug #1068937 {Done: Mathias Gibbens } [python3-lxc] python3-lxc: hard-coded dependency on liblcx1 Added tag(s) trixie and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 1000161: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000161 1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985 1061212: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061212 1061213: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061213 1061214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061214 1061215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061215 1061216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061216 1064925: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064925 1068937: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068937 1068975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068975 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1033474: marked as done (json-smart: CVE-2023-1370)
Your message dated Sat, 13 Apr 2024 18:56:44 + with message-id and subject line Bug#1033474: fixed in json-smart 2.2-3 has caused the Debian Bug report #1033474, regarding json-smart: CVE-2023-1370 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: json-smart Version: 2.2-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for json-smart. CVE-2023-1370[0]: | [Json-smart](https://netplex.github.io/json-smart/) is a performance | focused, JSON processor lib. When reaching a #8216;[#8216; | or #8216;{#8216; character in the JSON input, the code | parses an array or an object respectively. It was discovered that the | code does not have any limit to the nesting of such arrays or objects. | Since the parsing of nested arrays and objects is done recursively, | nesting too many of them can cause a stack exhaustion (stack overflow) | and crash the software. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-1370 https://www.cve.org/CVERecord?id=CVE-2023-1370 [1] https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a [2] https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/ Regards, Salvatore --- End Message --- --- Begin Message --- Source: json-smart Source-Version: 2.2-3 Done: Bastien Roucariès We believe that the bug you reported is fixed in the latest version of json-smart, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès (supplier of updated json-smart package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 13 Apr 2024 14:43:01 + Source: json-smart Architecture: source Version: 2.2-3 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Bastien Roucariès Closes: 1033474 Changes: json-smart (2.2-3) unstable; urgency=medium . * Team upload * Add watch file * Fix CVE-2023-1370: When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. (Closes: #1033474) * Use compat level 13 * Bump policy to 4.7.7 * Add salsa-CI Checksums-Sha1: 9382d735a0c6eb22fe6f440f87370d7815071501 1999 json-smart_2.2-3.dsc 2b9020109eec357581c68d20c786ede3d62097f6 5740 json-smart_2.2-3.debian.tar.xz 92a1016f504df1de1c331ba2dfab33b8b93c035e 14934 json-smart_2.2-3_amd64.buildinfo Checksums-Sha256: dcd3ef598ec1fcab84429c966d3e831e7b683f96dc981d06c38af4a6d1522894 1999 json-smart_2.2-3.dsc da2e03d8383aa613e0395796e20269fd40e0b030d0be9faae510ade8d6f3607d 5740 json-smart_2.2-3.debian.tar.xz e55bf71b35e5f316a01af4e2d5a63f57144d07276c3a4989eba670b348b7219d 14934 json-smart_2.2-3_amd64.buildinfo Files: c3491d3a9c1180b3aa47e385cf70628a 1999 java optional json-smart_2.2-3.dsc 700b6ba60861609cec67f5fd7488f663 5740 java optional json-smart_2.2-3.debian.tar.xz e15cd953d4cc385530cb25081bf9a02b 14934 java optional json-smart_2.2-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYazPwRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF/mGA/9FFGCBY8h2TFb9okdeQ362m0KEvYwS+VT aBLB0UOoxDLsqKRqMwUi1A7qahBZ78MKSCiyM10CMdPx7vUl3s/F7ELdk72gK29g uzK+XgrSGxDy8s/Vi2zGEgzoxSbBQG2fOLyqScUQDk24ihpFSVztU03EIvxJWs5L ZyhuNRGtnKwVN9qzbYS4ZQgYsDBJvDLt9XAZDopPRwy7rDcZQKy/h5KjO26+SW2x Ppg1PS8bD
Processed: Bug#1033474 marked as pending in json-smart
Processing control commands: > tag -1 pending Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370 Ignoring request to alter tags of bug #1033474 to the same tags previously set -- 1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1057531: marked as done (openjfx: FTBFS with default Java 21)
Your message dated Sat, 13 Apr 2024 13:46:23 + with message-id and subject line Bug#1057531: fixed in openjfx 11.0.11+1-3.2 has caused the Debian Bug report #1057531, regarding openjfx: FTBFS with default Java 21 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057531 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjfx Version: 11.0.11+1-3.1 Severity: important Tags: ftbfs User: debian-j...@lists.debian.org Usertags: default-java21 Dear Maintainers, The package openjfx ftbfs with default Java 21. The relevant part of the build log: --- Up-to-date check for task ':graphics:compileJava' took 0.162 secs. It is not up-to-date because: No history is available. All input files are considered out-of-date for incremental task ':graphics:compileJava'. Compiling with Java command line compiler '/usr/lib/jvm/java-21-openjdk-amd64/bin/javac'. Starting process 'command '/usr/lib/jvm/java-21-openjdk-amd64/bin/javac''. Working directory: /<>/modules/javafx.graphics Command: /usr/lib/jvm/java-21-openjdk-amd64/bin/javac @/<>/modules/javafx.graphics/build/tmp/compileJava/java-compiler-args.txt Successfully started process 'command '/usr/lib/jvm/java-21-openjdk-amd64/bin/javac'' /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:693: error: reference to State is ambiguous private ObjectProperty state = new SimpleObjectProperty<>(this, "state", State.READY); ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:694: error: reference to State is ambiguous final void setState(State value) { // package access for the Service ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:732: error: reference to State is ambiguous @Override public final State getState() { checkThread(); return state.get(); } ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:733: error: reference to State is ambiguous @Override public final ReadOnlyObjectProperty stateProperty() { checkThread(); return state; } ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:693: error: reference to State is ambiguous private ObjectProperty state = new SimpleObjectProperty<>(this, "state", State.READY); ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:696: error: reference to State is ambiguous final State s = getState(); ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:697: error: reference to State is ambiguous if (s != State.CANCELLED) { ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:700: error: reference to State is ambiguous setRunning(value == State.SCHEDULED || value == State.RUNNING); ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:700: error: reference to State is ambiguous setRunning(value == State.SCHEDULED || value == State.RUNNING); ^ both enum java.util.concurrent.Future.State in Future and enum javafx.concurrent.Worker.State in Worker match /<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:1027: error: reference
Bug#1068159: marked as done (openjfx: FTBFS on arm{el,hf}: /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64")
Your message dated Sat, 13 Apr 2024 13:46:23 + with message-id and subject line Bug#1068159: fixed in openjfx 11.0.11+1-3.2 has caused the Debian Bug report #1068159, regarding openjfx: FTBFS on arm{el,hf}: /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64" to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068159 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjfx Version: 11.0.11+1-3.1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: sramac...@debian.org https://buildd.debian.org/status/fetch.php?pkg=openjfx=armel=11.0.11%2B1-3.1%2Bb2=1711746481=0 gcc -fPIC -Wformat -Wextra -Wformat-security -fstack-protector -Werror=implicit-function-declaration -Werror=trampolines -D_GNU_SOURCE -DGST_REMOVE_DEPRECATED -DGSTREAMER_LITE -DHAVE_CONFIG_H -DOUTSIDE_SPEEX -DLINUX -DGST_DISABLE_GST_DEBUG -DGST_DISABLE_LOADSAVE -ffunction-sections -fdata-sections -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<>/modules/javafx.media/src/main/native/gstreamer/projects/linux/gstreamer-lite=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -Wall -I../../../plugins -I../../../gstreamer-lite/projects/build/linux/common -I../../../gstreamer-lite/gstreamer -I../../../gstreamer-lite/gstreamer/libs -I../../../gstreamer-lite/gstreamer/gst/parse -I../../../gstreamer-lite/gst-plugins-base -I../../../gstreamer-lite/gst-plugins-base/gst-libs -I../../../gstreamer-lite/projects/plugins -I../../../gstreamer-lite/gst-plugins-base/gst-libs -I../../../gstreamer-lite/gst-plugins-good/gst-libs -I../../../gstreamer-lite/gst-plugins-good/gst/isomp4 -I../../../gstreamer-lite/gst-plugins-bad/gst-libs -I/usr/include/glib-2.0 -I/usr/lib/arm-linux-gnueabi/glib-2.0/include -c ../../../gstreamer-lite/gstreamer/gst/gst.c -o /<>/modules/javafx.media/build/native/linux/Release/obj/gstreamer-lite/gstreamer/gst/gst.o In file included from /usr/include/features.h:393, from /usr/include/arm-linux-gnueabi/bits/libc-header-start.h:33, from /usr/include/limits.h:26, from /usr/lib/gcc/arm-linux-gnueabi/13/include/limits.h:205, from /usr/lib/gcc/arm-linux-gnueabi/13/include/syslimits.h:7, from /usr/lib/gcc/arm-linux-gnueabi/13/include/limits.h:34, from /usr/lib/arm-linux-gnueabi/glib-2.0/include/glibconfig.h:11, from /usr/include/glib-2.0/glib/gtypes.h:34, from /usr/include/glib-2.0/glib/galloca.h:34, from /usr/include/glib-2.0/glib.h:32, from ../../../gstreamer-lite/gstreamer/gst/gst_private.h:36, from ../../../gstreamer-lite/gstreamer/gst/gst.c:94: /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64" 26 | # error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64" | ^ gcc -fPIC -Wformat -Wextra -Wformat-security -fstack-protector -Werror=implicit-function-declaration -Werror=trampolines -D_GNU_SOURCE -DGST_REMOVE_DEPRECATED -DGSTREAMER_LITE -DHAVE_CONFIG_H -DOUTSIDE_SPEEX -DLINUX -DGST_DISABLE_GST_DEBUG -DGST_DISABLE_LOADSAVE -ffunction-sections -fdata-sections -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<>/modules/javafx.media/src/main/native/gstreamer/projects/linux/gstreamer-lite=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -Wall -I../../../plugins -I../../../gstreamer-lite/projects/build/linux/common -I../../../gstreamer-lite/gstreamer -I../../../gstreamer-lite/gstreamer/libs -I../../../gstreamer-lite/gstreamer/gst/parse -I../../../gstreamer-lite/gst-plugins-base -I../../../gstreamer-lite/gst-plugins-base/gst-libs -I../../../gstreamer-lite/projects/plugins -I../../../gstreamer-lite/gst-plugins-base/gst-libs -I../../../gstreamer-lite/gst-plugins-good/gst-libs -I../../../gstreamer-lite/gst-plugins-good/gst/isomp4 -I../../../gstreamer-lite/gst-plugins-bad/gst-libs -I/usr/include/glib-2.0 -I/usr/lib/arm-linux-gnueabi/glib-2.0/include -c ../../../gstreamer-lite/gstreamer/gst/gstallocator.c -o /&l
Processed: openjfx: diff for NMU version 11.0.11+1-3.2
Processing control commands: > tags 1057531 + patch Bug #1057531 [src:openjfx] openjfx: FTBFS with default Java 21 Ignoring request to alter tags of bug #1057531 to the same tags previously set -- 1057531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057531 1068159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068159 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: openjfx: diff for NMU version 11.0.11+1-3.2
Processing control commands: > tags 1057531 + patch Bug #1057531 [src:openjfx] openjfx: FTBFS with default Java 21 Added tag(s) patch. -- 1057531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057531 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: severity of 1023702 is serious, tagging 1023702
Processing commands for cont...@bugs.debian.org: > severity 1023702 serious Bug #1023702 [src:openjfx] openjfx build depends on gcc-11 that should not be in bookworm Severity set to 'serious' from 'important' > tags 1023702 + sid trixie Bug #1023702 [src:openjfx] openjfx build depends on gcc-11 that should not be in bookworm Added tag(s) trixie and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 1023702: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023702 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: re: openjfx: FTBFS on arm{el, hf}: /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
Processing commands for cont...@bugs.debian.org: > Tags 1068159 +patch Bug #1068159 [src:openjfx] openjfx: FTBFS on arm{el,hf}: /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64" Added tag(s) patch. > Thanks Stopping processing here. Please contact me if you need assistance. -- 1068159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068159 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: notfound 1068806 in 1.5.0dfsg1-2, found 1068806 in 1.5.0+dfsg1-2, tagging 1068806 ...
/cgi-bin/bugreport.cgi?bug=1062235 1063328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063328 1063329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063329 1064582: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064582 1064740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064740 1065725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065725 1066403: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066403 1066452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066452 1066455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066455 1066456: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066456 1067321: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067321 1067532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067532 1067636: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067636 1067816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067816 1068066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068066 1068484: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068484 1068609: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068609 1068721: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068721 1068730: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068730 1068756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068756 1068757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068757 1068796: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068796 1068805: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068805 1068806: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068806 980833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980833 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed (with 1 error): tagging 1068815, tagging 1068816, tagging 1068817, tagging 168818, tagging 1068820, tagging 1068819 ...
Processing commands for cont...@bugs.debian.org: > tags 1068815 + upstream Bug #1068815 [src:undertow] undertow: CVE-2023-1973 Added tag(s) upstream. > tags 1068816 + upstream Bug #1068816 [src:undertow] undertow: CVE-2024-1459 Added tag(s) upstream. > tags 1068817 + upstream Bug #1068817 [src:undertow] undertow: CVE-2024-1635 Added tag(s) upstream. > tags 168818 + upstream Failed to alter tags of Bug 168818: Not altering archived bugs; see unarchive. > tags 1068820 + upstream Bug #1068820 [src:qemu] qemu: CVE-2024-3446 Added tag(s) upstream. > tags 1068819 + upstream Bug #1068819 [src:qemu] qemu: CVE-2024-26327 CVE-2024-26328 Added tag(s) upstream. > tags 1068821 + upstream Bug #1068821 [src:qemu] qemu: CVE-2024-3447 Added tag(s) upstream. > tags 1068822 + upstream Bug #1068822 [src:qemu] qemu: CVE-2024-3567 Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 1068815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815 1068816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816 1068817: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068817 1068819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068819 1068820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068820 1068821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068821 1068822: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068822 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1057493: marked as done (byte-buddy: FTBFS with default Java 21)
Your message dated Tue, 09 Apr 2024 12:34:51 + with message-id and subject line Bug#1057493: fixed in byte-buddy 1.14.13-1 has caused the Debian Bug report #1057493, regarding byte-buddy: FTBFS with default Java 21 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: byte-buddy Version: 1.12.23-1 Severity: important Tags: ftbfs User: debian-j...@lists.debian.org Usertags: default-java21 Dear Maintainers, The package byte-buddy ftbfs with default Java 21. The relevant part of the build log: --- [INFO] Processing class files located in in: /<>/byte-buddy-dep/target/classes [WARNING] Failed to transform class net.bytebuddy.utility.FileSystem using net.bytebuddy.build.CachedReturnPlugin@7e53b92e java.lang.IllegalArgumentException: Java 21 (65) is not supported by the current version of Byte Buddy which officially supports Java 20 (64) - update Byte Buddy or set net.bytebuddy.experimental as a VM property at net.bytebuddy.utility.OpenedClassReader.of (OpenedClassReader.java:96) at net.bytebuddy.pool.TypePool$Default.parse (TypePool.java:855) at net.bytebuddy.pool.TypePool$Default.doDescribe (TypePool.java:841) at net.bytebuddy.pool.TypePool$AbstractBase.describe (TypePool.java:574) at net.bytebuddy.pool.TypePool$AbstractBase$Hierarchical.describe (TypePool.java:657) at net.bytebuddy.pool.TypePool$Default$LazyTypeDescription$TokenizedGenericType.toErasure (TypePool.java:6875) at net.bytebuddy.pool.TypePool$Default$LazyTypeDescription$GenericTypeToken$Resolution$Raw$RawAnnotatedType.of (TypePool.java:3757) at net.bytebuddy.pool.TypePool$Default$LazyTypeDescription$GenericTypeToken$Resolution$Raw.resolveReturnType (TypePool.java:3665) at net.bytebuddy.pool.TypePool$Default$LazyTypeDescription$LazyMethodDescription.getReturnType (TypePool.java:7437) at net.bytebuddy.asm.Advice$Dispatcher$Resolved$AbstractBase. (Advice.java:7975) at net.bytebuddy.asm.Advice$Dispatcher$Inlining$Resolved. (Advice.java:8261) at net.bytebuddy.asm.Advice$Dispatcher$Inlining$Resolved$ForMethodEnter. (Advice.java:8659) at net.bytebuddy.asm.Advice$Dispatcher$Inlining$Resolved$ForMethodEnter$WithRetainedEnterType. (Advice.java:8861) at net.bytebuddy.asm.Advice$Dispatcher$Inlining$Resolved$ForMethodEnter.of (Advice.java:8701) at net.bytebuddy.asm.Advice$Dispatcher$Inlining.asMethodEnter (Advice.java:8206) at net.bytebuddy.asm.Advice.to (Advice.java:360) at net.bytebuddy.asm.Advice$WithCustomMapping.to (Advice.java:14427) at net.bytebuddy.build.CachedReturnPlugin.apply (CachedReturnPlugin.java:166) at net.bytebuddy.build.Plugin$Engine$Default$Preprocessor$Resolved.call (Plugin.java:4877) at net.bytebuddy.build.Plugin$Engine$Default$Preprocessor$Resolved.call (Plugin.java:4850) at net.bytebuddy.build.Plugin$Engine$Dispatcher$ForSerialTransformation.accept (Plugin.java:3902) at net.bytebuddy.build.Plugin$Engine$Default.apply (Plugin.java:4697) at net.bytebuddy.build.maven.ByteBuddyMojo.apply (ByteBuddyMojo.java:451) at net.bytebuddy.build.maven.ByteBuddyMojo.execute (ByteBuddyMojo.java:323) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:298) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.ja
Processed: Re: libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid
Processing control commands: > tag -1 pending Bug #1039985 [libjson-smart-java] libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid Added tag(s) pending. > tag 1033474 pending Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370 Added tag(s) pending. > fixed 1033474 2.2-2+deb10u1 Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370 The source 'json-smart' and version '2.2-2+deb10u1' do not appear to match any binary packages Marked as fixed in versions json-smart/2.2-2+deb10u1. -- 1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474 1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: bookworm-pu: package json-smart/2.2-2+deb12u1
Processing control commands: > affects -1 + src:json-smart Bug #1068695 [release.debian.org] bookworm-pu: package json-smart/2.2-2+deb12u1 Added indication that 1068695 affects src:json-smart > block 1039985 with -1 Bug #1039985 [libjson-smart-java] libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid 1039985 was blocked by: 1068694 1039985 was not blocking any bugs. Added blocking bug(s) of 1039985: 1068695 > block 1033474 with -1 Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370 1033474 was blocked by: 1068694 1033474 was not blocking any bugs. Added blocking bug(s) of 1033474: 1068695 -- 1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474 1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985 1068695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068695 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: bullseye-pu: package json-smart/2.2-2+deb11u1
Processing control commands: > affects -1 + src:json-smart Bug #1068694 [release.debian.org] bullseye-pu: package json-smart/2.2-2+deb11u1 Added indication that 1068694 affects src:json-smart > block 1039985 with -1 Bug #1039985 [libjson-smart-java] libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid 1039985 was not blocked by any bugs. 1039985 was not blocking any bugs. Added blocking bug(s) of 1039985: 1068694 > block 1033474 with -1 Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370 1033474 was not blocked by any bugs. 1033474 was not blocking any bugs. Added blocking bug(s) of 1033474: 1068694 -- 1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474 1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985 1068694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068694 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1041435: marked as done (bitsnpicas: Contains potentially non-free binary unicode data)
Your message dated Mon, 08 Apr 2024 11:05:36 +0200 with message-id and subject line bitsnpicas: Contains potentially non-free binary unicode data has caused the Debian Bug report #1041435, regarding bitsnpicas: Contains potentially non-free binary unicode data to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1041435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041435 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: bitsnpicas Version: 2.0+ds-1 Severity: serious X-Debbugs-Cc: t...@debian.org Dear Maintainer, bitsnpicas is currently unusable and chokes with: $ bitsnpicas Exception in thread "main" java.lang.NullPointerException at java.base/java.io.Reader.(Reader.java:168) at java.base/java.io.InputStreamReader.(InputStreamReader.java:76) at java.base/java.util.Scanner.(Scanner.java:566) at com.kreative.unicode.data.Encoding.(Encoding.java:26) at com.kreative.unicode.data.EncodingList.(EncodingList.java:58) at com.kreative.unicode.data.EncodingList.instance(EncodingList.java:20) at com.kreative.bitsnpicas.edit.GlyphListModelList$GlyphListModelRootNode.(GlyphListModelList.java:93) at com.kreative.bitsnpicas.edit.GlyphListModelList.(GlyphListModelList.java:29) at com.kreative.bitsnpicas.edit.GlyphListPanel.(GlyphListPanel.java:34) at com.kreative.bitsnpicas.edit.BitmapListFrame.(BitmapListFrame.java:19) at com.kreative.bitsnpicas.edit.Main.openFont(Main.java:158) at com.kreative.bitsnpicas.edit.Main.newBitmapFont(Main.java:71) at com.kreative.bitsnpicas.edit.Main.main(Main.java:55) at com.kreative.bitsnpicas.main.Main.main(Main.java:12) This is because of the exclusion of following files w/o patching the code properly main/java/BitsNPicas/src/com/kreative/unicode/mappings/Mac*.txt main/java/BitsNPicas/src/com/kreative/unicode/mappings/Windows*.txt main/java/BitsNPicas/src/com/kreative/unicode/mappings/IBM*.txt I applied a patch trying to exclude unicodes and can get it to a usable state. The patch is attached with this bug report. However, even after being able to launch the menu, I see windows and IBM related unicode options in the menu. I did not dive deep into the code, but it could be stemming from main/java/BitsNPicas/src/com/kreative/unicode/data/unidata.ucd In which case the unicode bin itself contains non-free content and needs fixing accordingly. Thanks, Nilesh -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_IN, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bitsnpicas depends on: ii xdg-utils 1.1.3-4.1 bitsnpicas recommends no packages. bitsnpicas suggests no packages. -- no debconf information diff --git a/main/java/BitsNPicas/Makefile b/main/java/BitsNPicas/Makefile index d339248..3955afc 100644 --- a/main/java/BitsNPicas/Makefile +++ b/main/java/BitsNPicas/Makefile @@ -48,47 +48,16 @@ BitsNPicas.jar: bin jar cmf dep/MANIFEST.MF BitsNPicas.jar -C bin com/kreative/unicode -C bin com/kreative/bitsnpicas chmod +x BitsNPicas.jar -BitsNPicas.app: BitsNPicas-Pre10.15.app BitsNPicas-MacOS10.15.app BitsNPicas-MacOS11.0.app +BitsNPicas.app: BitsNPicas-Pre10.15.app BitsNPicas-Pre10.15.app: dep BitsNPicas.jar - mkdir -p BitsNPicas-Pre10.15.app/Contents/MacOS mkdir -p BitsNPicas-Pre10.15.app/Contents/Resources/Java cp -f dep/PkgInfo BitsNPicas-Pre10.15.app/Contents cp -f dep/Info.plist BitsNPicas-Pre10.15.app/Contents - cp -f dep/universalJavaApplicationStub-Pre10.15 BitsNPicas-Pre10.15.app/Contents/MacOS/BitsNPicas cp -f dep/kbnp*.icns dep/dmov*.icns dep/movr*.icns BitsNPicas-Pre10.15.app/Contents/Resources cp -f dep/*.jar BitsNPicas-Pre10.15.app/Contents/Resources/Java cp -f BitsNPicas.jar BitsNPicas-Pre10.15.app/Contents/Resources/Java -BitsNPicas-MacOS10.15.app: dep BitsNPicas.jar - mkdir -p BitsNPicas-MacOS10.15.app/Contents/MacOS - mkdir -p BitsNPicas-MacOS10.15.app/Contents/Resources/Java - cp -f dep/PkgInfo BitsNPicas-MacOS10.15.app/Contents - cp -f dep/Info.plist BitsNPicas-MacOS10.15.app/Contents - cp -f dep/universalJavaApplicationStub-MacOS10.15 BitsNPicas-MacOS10.15.app/Contents/MacOS/BitsNPicas - cp -f dep/kbnp*.icns dep/dmov*.icns dep/movr*.icns BitsNPicas-MacOS10.15.ap
Bug#1067929: marked as done (Update Depends for the time64 renames)
Your message dated Sun, 07 Apr 2024 17:45:53 + with message-id and subject line Bug#1067929: fixed in java-package 0.64 has caused the Debian Bug report #1067929, regarding Update Depends for the time64 renames to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067929 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: java-package Version: 0.63 Severity: serious The package explicitly lists some library packages in Depends, at least libasound2 needs to be changed to libasound2t64 there, I haven't checked if any others also were renamed. -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: java-package Source-Version: 0.64 Done: tony mancill We believe that the bug you reported is fixed in the latest version of java-package, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill (supplier of updated java-package package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Apr 2024 10:05:17 -0700 Source: java-package Architecture: source Version: 0.64 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: tony mancill Closes: 1067929 Changes: java-package (0.64) unstable; urgency=medium . * Team upload. * Update java-package Depends for time64 transition (Closes: #1067929) Checksums-Sha1: 3770267022d8139b5b955b4e1f81721ab35b2e74 1661 java-package_0.64.dsc a6a0bec6e1e94a0f0b1f3e0fe3a27adffd92a5a9 20016 java-package_0.64.tar.xz bb7ec3f5dd656a0cfedd7c0e55f9419c0ca5439b 5946 java-package_0.64_amd64.buildinfo Checksums-Sha256: bab24c607403060c57a759d7670306b605b2106d9076517897260556c6870f25 1661 java-package_0.64.dsc 234bba26b6beee72baf3c465a17e51f4e63cc5447ab74a13351a7d88294bdd60 20016 java-package_0.64.tar.xz 4fbbfb71213fe33374f9cd599247d9f9c9bfec41bbb86a70dccf3dcedad2574e 5946 java-package_0.64_amd64.buildinfo Files: d2cf5a802161ed50e2c9f38211e8947c 1661 contrib/misc optional java-package_0.64.dsc 8f61c798a6e26d5ff31bb0b8dc56c8e7 20016 contrib/misc optional java-package_0.64.tar.xz 80aeb1255a8f496519f092da00a9d161 5946 contrib/misc optional java-package_0.64_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYS04gUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpbm9BAAvJOrjbJwPqUWYYV/hvTFiHc2JlrJ A7QrOAf7e39c5SjKrK7ZiqQQjx+imNED9XoiK3EW8oNxQfrT7c5ww49BkRfa2MeS LSfO3kEJ6tULxDpWK6S1RJPMUifbrglsW2PSTAHcSdth1rnKA/Yy4kvZjTwwlTDs o4QBYqttS5/JUGgNQGhgwGY9ReH/yggY0hZ1eLwbHkNYrs9WMDFHtF6oRnlQPvC/ 3XonXBA8Dc9cQvhRaGwyqno5HOTA/Y56lTbBgZ1AM5iWvPH5/PaAvozNjcZurXJ/ tHhx2Irxxj6DD3/NC2n1xULLOh1P/hX6htFo2Tr/zJ3EsvPQbxN8dB0839N8VaNf dBNFSKva+sYPHjYr0GLeMbLle5UZ1hXdlPS4Ogoq1WOSM0j2M/9s1cce7XQ5vj23 CrGD3a24VGGoLjczX/a4T/1eSLF/ixz/eNH08HpfWiEypDvnFaxO4D/S0JmiF9aI 2BtWtDchNTLnqIJ7uTOyo5EO3r+xsJ4CQGsuP3kqjsbBbSRVgdG2rw9zVlImTo4T kKn9QJIUaqBIFyWTHHQxUTaq+oTYpQNx0uoeZUOaOEOGZX5KttQ9NH2kSdOQk41I PdFES3+HHVajHgwqM61itMoRBNtigExNzAi+P1UzMQJ+l1KbuS9TmaLEg7LzEcdH n74AlyIrlrJU9Vs= =gPuR -END PGP SIGNATURE- pgpN6_rbo8ENg.pgp Description: PGP signature --- End Message --- __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Bug#1067929 marked as pending in java-package
Processing control commands: > tag -1 pending Bug #1067929 [src:java-package] Update Depends for the time64 renames Added tag(s) pending. -- 1067929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067929 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Bug#1068233 marked as pending in snappy-java
Processing control commands: > tag -1 pending Bug #1068233 [src:snappy-java] snappy-java: please add support for loong64 Added tag(s) pending. -- 1068233: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068233 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1064192: marked as done (openrefine: CVE-2024-23833)
Your message dated Sat, 06 Apr 2024 20:37:30 + with message-id and subject line Bug#1064192: fixed in openrefine 3.7.8-1 has caused the Debian Bug report #1064192, regarding openrefine: CVE-2024-23833 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1064192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064192 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openrefine Version: 3.7.7-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for openrefine. Markus, please adjust severity if you think grave/RC severity is not appropriate. openrefine updates were batches previously as well just in point release, that might be enough here as well. CVE-2024-23833[0]: | OpenRefine is a free, open source power tool for working with messy | data and improving it. A jdbc attack vulnerability exists in | OpenRefine(version<=3.7.7) where an attacker may construct a JDBC | query which may read files on the host filesystem. Due to the newer | MySQL driver library in the latest version of OpenRefine (8.0.30), | there is no associated deserialization utilization point, so | original code execution cannot be achieved, but attackers can use | this vulnerability to read sensitive files on the target server. | This issue has been addressed in version 3.7.8. Users are advised to | upgrade. There are no known workarounds for this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-23833 https://www.cve.org/CVERecord?id=CVE-2024-23833 [1] https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4 [2] https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openrefine Source-Version: 3.7.8-1 Done: Markus Koschany We believe that the bug you reported is fixed in the latest version of openrefine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1064...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated openrefine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 06 Apr 2024 21:45:36 +0200 Source: openrefine Architecture: source Version: 3.7.8-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Closes: 1064192 Changes: openrefine (3.7.8-1) unstable; urgency=high . * New upstream version 3.7.8 - Fix CVE-2024-23833: A jdbc attack vulnerability exists in OpenRefine where an attacker may construct a JDBC query which may read files on the host filesystem. (Closes: #1064192) Thanks to Salvatore Bonaccorso for the report. Checksums-Sha1: db1ea80492009c7f88022b910aa0d0f569fb9dc7 3613 openrefine_3.7.8-1.dsc 13d0d733d33971054fa7871f5f7c7dd9452670a2 4288064 openrefine_3.7.8.orig.tar.xz b3e70722ffd02b68caf7d650281a49c1e2b3e254 309112 openrefine_3.7.8-1.debian.tar.xz 16c43d96f6fe57d6f2bf869d9d9b528b741179a6 19133 openrefine_3.7.8-1_amd64.buildinfo Checksums-Sha256: 0a9fbb24aa4a25d676370fb9043bb77ef8777982d2b3222486f8759e4f5dbd9c 3613 openrefine_3.7.8-1.dsc 7d79bc097c47d7fe1aae4f14c72a96a5a954f2423f13d5805b88e6e54fd73b36 4288064 openrefine_3.7.8.orig.tar.xz 7b9718dc85bf8a51bb81598bef739233a11d28294f0e1d2d5fd362bcf089f9f8 309112 openrefine_3.7.8-1.debian.tar.xz 109398ee7b162bdfa5f1f462394bdd8b2c6ea93f74edf7327c8d0e2f02b0f4c6 19133 openrefine_3.7.8-1_amd64.buildinfo Files: bb8e95ddf713492ab47fc311d3b6c94e 3613 java optional openrefine_3.7.8-1.dsc 9d8c0ccd036a61609d402d99cf6c0503 4288064 java optional openrefine_3.7.8.orig.tar.xz ebf7337b97b7bbceb84f48c4585eff0e 309112 java optional openrefine_3.7.8-1.debian.tar.xz aae95b881f31b05963a9f681a10c31d7 19133 java optional openrefine_3.7.8-1_amd64.buildinfo -BE
Bug#1027309: marked as done (jetty9: dpkg-source died)
Your message dated Sat, 06 Apr 2024 15:46:27 +0200 with message-id and subject line Close 1027309, not a bug has caused the Debian Bug report #1027309, regarding jetty9: dpkg-source died to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1027309: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027309 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: jetty9 Version: 9.4.49-1.1 Severity: normal Tags: ftbfs Dear Maintainer, I cloned the jetty9 repo from https://salsa.debian.org/java-team/jetty9.git. I did not change anything and tried to build the package from source,it complains: https://salsa.debian.org/java-team/jetty9.gitdpkg-source: warning: extracting unsigned source package (jetty9_9.4.50-1.dsc) dpkg-source: info: extracting jetty9 in /<> dpkg-source: info: unpacking jetty9_9.4.50.orig.tar.bz2 dpkg-source: info: unpacking jetty9_9.4.50-1.debian.tar.xz dpkg-source: info: using patch list from debian/patches/series dpkg-source: info: applying 01-maven-bundle-plugin-version.patch dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -E -b -B .pc/01-maven-bundle-plugin-version.patch/ --reject-file=- < /<>/debian/patches/01-maven-bundle-plugin-version.patch subprocess returned exit status 1 patching file pom.xml Reversed (or previously applied) patch detected! Skipping patch. 1 out of 1 hunk ignored dpkg-source: info: the patch has fuzz which is not allowed, or is malformed dpkg-source: info: if patch '01-maven-bundle-plugin-version.patch' is correctly applied by quilt, use 'quilt refresh' to update it dpkg-source: info: if the file is present in the unpacked source, make sure it is also present in the orig tarball E: FAILED [dpkg-source died] +--+ | Cleanup | +--+ Purging /<> Not cleaning session: cloned chroot in use E: FAILED [dpkg-source died] +--+ | Summary | +--+ Build Architecture: amd64 Build Type: full Build-Space: 114756 Build-Time: 0 Distribution: unstable Fail-Stage: unpack Host Architecture: amd64 Install-Time: 1769 Job: /home/sunmin/src/java-jetty9/salsa-fork/jetty9_9.4.50-1.dsc Machine Architecture: amd64 Package: jetty9 Package-Time: 0 Source-Version: 9.4.50-1 Space: 114756 Status: given-back Version: 9.4.50-1 Finished at 2022-12-30T02:22:39Z Build needed 00:00:00, 114756k disk space E: FAILED [dpkg-source died] I'm sure the patch files do exist and this error is strange, please help resolve it. Thanks! -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') merged-usr: no Architecture: amd64 (x86_64) Foreign Architectures: riscv64 Kernel: Linux 5.10.102.1-microsoft-standard-WSL2+ (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages jetty9 depends on: ii adduser 3.128 ii apache2-utils 2.4.54-4 ii default-jre-headless [java8-runtime-headless] 2:1.11-72 ii libecj-java 3.16.0-1 ii libjetty9-extra-java 9.4.49-1.1 ii libjetty9-java9.4.49-1.1 ii lsb-base 11.2 ii openjdk-11-jre-headless [java8-runtime-headless] 11.0.17+8-2 Versions of packages jetty9 recommends: ii authbind 2.1.3 jetty9 suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- jetty9 can be downloaded from Debian and build from source. Closing as not a bug. signature.asc Description: This is a digitally signed message part --- End Message --- __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1066878: marked as done (tomcat10: CVE-2024-24549)
Your message dated Sat, 06 Apr 2024 12:21:29 + with message-id and subject line Bug#1066878: fixed in tomcat10 10.1.20-1 has caused the Debian Bug report #1066878, regarding tomcat10: CVE-2024-24549 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1066878: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: tomcat10 Version: 10.1.16-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for tomcat10. CVE-2024-24549[0]: | Denial of Service due to improper input validation vulnerability for | HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, | if the request exceeded any of the configured limits for headers, | the associated HTTP/2 stream was not reset until after all of the | headers had been processed.This issue affects Apache Tomcat: from | 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from | 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are | recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or | 8.5.99 which fix the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-24549 https://www.cve.org/CVERecord?id=CVE-2024-24549 [1] https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: tomcat10 Source-Version: 10.1.20-1 Done: Markus Koschany We believe that the bug you reported is fixed in the latest version of tomcat10, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1066...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated tomcat10 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 06 Apr 2024 13:43:19 +0200 Source: tomcat10 Architecture: source Version: 10.1.20-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Closes: 1066877 1066878 Changes: tomcat10 (10.1.20-1) unstable; urgency=high . * New upstream version 10.1.20. - Fix CVE-2024-24549: Denial of Service due to improper input validation vulnerability. (Closes: #1066878) - Fix CVE-2024-23672: Denial of Service via incomplete cleanup vulnerability. (Closes: #1066877) * Remove obsolete dependency on lsb-base from tomcat10 binary package. Checksums-Sha1: 133357fea4ff5d111927f152c513e467cc152179 2982 tomcat10_10.1.20-1.dsc 6f598d68a306ecf85420b82bc59fbaa03d811dcf 4045252 tomcat10_10.1.20.orig.tar.xz 27f6a7a10a8babb1534baa003cefafec772679b3 36832 tomcat10_10.1.20-1.debian.tar.xz ac9c22b2fe2c3cbba9dad1da9370662bd546518b 16741 tomcat10_10.1.20-1_amd64.buildinfo Checksums-Sha256: 9bf13e950be9045ec5f6aef375f4ca93a2ba2a50f7452cae089fc3e578a11bb2 2982 tomcat10_10.1.20-1.dsc 35f6966065c77de6785e5002b3745bd388d169ced4e4beb8d2f908d98eaa8969 4045252 tomcat10_10.1.20.orig.tar.xz 57776897862bcc416aa059d35bd04a30eb73be58dfe35b7b7d37d00a09c7f4b6 36832 tomcat10_10.1.20-1.debian.tar.xz 5b4fe7b64bd097ae26fca31f709d8ca5aa62cd174b436a98123cfaa567c5fcc9 16741 tomcat10_10.1.20-1_amd64.buildinfo Files: 29927bc8821131930531197ba0dd39db 2982 java optional tomcat10_10.1.20-1.dsc f6b238c3f28196f1ea27a6f9213085ee 4045252 java optional tomcat10_10.1.20.orig.tar.xz 028489e456cf4d67a3f7760c6ddec556 36832 java optional tomcat10_10.1.20-1.debian.tar.xz 7c85908c95811529be3dcb24a011f7ac 16741 java optional tomcat10_10.1.20-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYROOBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk2oMP/jbh9+v3Fd/SX2AY7wWj6h5FBa7UesfroUDb 4Y07AbaN+gO63VO2mEWCKWtbZoeAa2b5VmCH4kD/lPaYYVTrDIXADrtu5bbrRvS
Bug#1066877: marked as done (tomcat10: CVE-2024-23672)
Your message dated Sat, 06 Apr 2024 12:21:29 + with message-id and subject line Bug#1066877: fixed in tomcat10 10.1.20-1 has caused the Debian Bug report #1066877, regarding tomcat10: CVE-2024-23672 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1066877: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066877 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: tomcat10 Version: 10.1.16-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for tomcat10. CVE-2024-23672[0]: | Denial of Service via incomplete cleanup vulnerability in Apache | Tomcat. It was possible for WebSocket clients to keep WebSocket | connections open leading to increased resource consumption.This | issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from | 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 | through 8.5.98. Users are recommended to upgrade to version | 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-23672 https://www.cve.org/CVERecord?id=CVE-2024-23672 [1] https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: tomcat10 Source-Version: 10.1.20-1 Done: Markus Koschany We believe that the bug you reported is fixed in the latest version of tomcat10, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1066...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated tomcat10 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 06 Apr 2024 13:43:19 +0200 Source: tomcat10 Architecture: source Version: 10.1.20-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Closes: 1066877 1066878 Changes: tomcat10 (10.1.20-1) unstable; urgency=high . * New upstream version 10.1.20. - Fix CVE-2024-24549: Denial of Service due to improper input validation vulnerability. (Closes: #1066878) - Fix CVE-2024-23672: Denial of Service via incomplete cleanup vulnerability. (Closes: #1066877) * Remove obsolete dependency on lsb-base from tomcat10 binary package. Checksums-Sha1: 133357fea4ff5d111927f152c513e467cc152179 2982 tomcat10_10.1.20-1.dsc 6f598d68a306ecf85420b82bc59fbaa03d811dcf 4045252 tomcat10_10.1.20.orig.tar.xz 27f6a7a10a8babb1534baa003cefafec772679b3 36832 tomcat10_10.1.20-1.debian.tar.xz ac9c22b2fe2c3cbba9dad1da9370662bd546518b 16741 tomcat10_10.1.20-1_amd64.buildinfo Checksums-Sha256: 9bf13e950be9045ec5f6aef375f4ca93a2ba2a50f7452cae089fc3e578a11bb2 2982 tomcat10_10.1.20-1.dsc 35f6966065c77de6785e5002b3745bd388d169ced4e4beb8d2f908d98eaa8969 4045252 tomcat10_10.1.20.orig.tar.xz 57776897862bcc416aa059d35bd04a30eb73be58dfe35b7b7d37d00a09c7f4b6 36832 tomcat10_10.1.20-1.debian.tar.xz 5b4fe7b64bd097ae26fca31f709d8ca5aa62cd174b436a98123cfaa567c5fcc9 16741 tomcat10_10.1.20-1_amd64.buildinfo Files: 29927bc8821131930531197ba0dd39db 2982 java optional tomcat10_10.1.20-1.dsc f6b238c3f28196f1ea27a6f9213085ee 4045252 java optional tomcat10_10.1.20.orig.tar.xz 028489e456cf4d67a3f7760c6ddec556 36832 java optional tomcat10_10.1.20-1.debian.tar.xz 7c85908c95811529be3dcb24a011f7ac 16741 java optional tomcat10_10.1.20-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYROOBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk2oMP/jbh9+v3Fd/SX2AY7wWj6h5FBa7UesfroUDb 4Y07AbaN+gO63VO2mEWCKWtbZoeAa2b5VmCH4kD/lPaYYVTrDIXADrtu5bbrRvSJ EO/h6cl7mOGtjSzISFithpNevpLBROeh/oxgnqroZ3g8TrGofFisKJtULf4kONYi 98//hAxgCAu6sVK1mXZ7cuY7m3+/s
Processed: Re: tomcat10: catalina.out is not recreated after deletion
Processing control commands: > tags -1 moreinfo Bug #1060381 [tomcat10] tomcat10: catalina.out is not recreated after deletion Ignoring request to alter tags of bug #1060381 to the same tags previously set -- 1060381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060381 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: tomcat10: catalina.out is not recreated after deletion
Processing control commands: > tags -1 moreinfo Bug #1060381 [tomcat10] tomcat10: catalina.out is not recreated after deletion Added tag(s) moreinfo. -- 1060381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060381 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1064923: marked as done (jetty9: CVE-2024-22201)
Your message dated Sat, 06 Apr 2024 11:20:05 + with message-id and subject line Bug#1064923: fixed in jetty9 9.4.54-1 has caused the Debian Bug report #1064923, regarding jetty9: CVE-2024-22201 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1064923: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: jetty9 Version: 9.4.53-1 Severity: important Tags: security upstream Forwarded: https://github.com/jetty/jetty.project/issues/11256 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for jetty9. CVE-2024-22201[0]: | Jetty is a Java based web server and servlet engine. An HTTP/2 SSL | connection that is established and TCP congested will be leaked when | it times out. An attacker can cause many connections to end up in | this state, and the server may run out of file descriptors, | eventually causing the server to stop accepting new connections from | valid clients. The vulnerability is patched in 9.4.54, 10.0.20, | 11.0.20, and 12.0.6. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-22201 https://www.cve.org/CVERecord?id=CVE-2024-22201 [1] https://github.com/jetty/jetty.project/issues/11256 [2] https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: jetty9 Source-Version: 9.4.54-1 Done: Markus Koschany We believe that the bug you reported is fixed in the latest version of jetty9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1064...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated jetty9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 06 Apr 2024 12:54:58 +0200 Source: jetty9 Architecture: source Version: 9.4.54-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Closes: 1064923 Changes: jetty9 (9.4.54-1) unstable; urgency=high . * Team upload. * New upstream version 9.4.54. - Fix CVE-2024-22201: It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. (Closes: #1064923) Thanks to Salvatore Bonaccorso for the report. Checksums-Sha1: 6f7ec9eca790dda15ebefa4cdef5ba1f5ec7cb70 2804 jetty9_9.4.54-1.dsc 0916554e9ad12ec48e0a141e07012e263bbe7c4f 9877252 jetty9_9.4.54.orig.tar.xz 646b89885eab28846d1430c9a442b6032eeb9f3f 30480 jetty9_9.4.54-1.debian.tar.xz 970f196a4279d640f1eb04705566e5ac1112dc3b 19404 jetty9_9.4.54-1_amd64.buildinfo Checksums-Sha256: 674811a262d25aa3534275d44b009341eb1e37aef7a379a50954923f226a1124 2804 jetty9_9.4.54-1.dsc 8fd58cfa055424cae97ce2dc7e2b5b717ff390e7aeecc72998c21a23bea9104c 9877252 jetty9_9.4.54.orig.tar.xz 351edbed121652049c6fc83d49738884fc258d5bf72b7fcb1922b3a291b17748 30480 jetty9_9.4.54-1.debian.tar.xz f07de135abafc7e3d1ccbfdeaa568e1f80c70464cf42bb46d0f1b65bff2ff6b2 19404 jetty9_9.4.54-1_amd64.buildinfo Files: 55703a729cce7be9fcb0e2d2c656b1c5 2804 java optional jetty9_9.4.54-1.dsc e98515258f92ec2b1aea4f0d71167069 9877252 java optional jetty9_9.4.54.orig.tar.xz 993e59e5b0225080b5381a18f2170bf6 30480 java optional jetty9_9.4.54-1.debian.tar.xz 38794c89605a432b735a57df50e7a7be 19404 java optional jetty9_9.4.54-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYRLABfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkimUQALrTr2l/4/E0FLy1vQUwIKe5NV3LkKT3yhtc sDKrOKWaKb712hPhtX8uH6VNI1PJAMJsUODf6KsqVlGlBLn4TdI41a2hTsri
Bug#1068463: marked as done (procyon: Untrusted code execution via cwd in classpath)
Your message dated Sat, 06 Apr 2024 09:21:26 + with message-id and subject line Bug#1068463: fixed in procyon 0.6.0-2 has caused the Debian Bug report #1068463, regarding procyon: Untrusted code execution via cwd in classpath to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: procyon-decompiler Version: 0.6.0-1 Tags: security Severity: grave In the default configuration, procyon prepends current working directory to the java classpath. This is done in the shell script /usr/bin/procyon, which sets, apparently by mistake, CLASSPATH=$CLASSPATH:..., where $CLASSPATH is a usually empty environment variable - and empty string in this context is interpreted as a current working directory by java. This is potentially dangerous, especially with a decompiler, which is supposed to deal with untrusted code. In a possible bad scenario, a user (without CLASSPATH environment variable, which is the debian default) might try to decompile an untrusted malicious jar: wget ".../bad.jar" jar xf bad.jar procyon ... Regardless of what command line arguments are given to procyon, if the extracted jar contained e.g. the jcommander class, then it will get executed. --- End Message --- --- Begin Message --- Source: procyon Source-Version: 0.6.0-2 Done: Emmanuel Bourg We believe that the bug you reported is fixed in the latest version of procyon, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg (supplier of updated procyon package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 06 Apr 2024 10:46:00 +0200 Source: procyon Architecture: source Version: 0.6.0-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Emmanuel Bourg Closes: 1068463 Changes: procyon (0.6.0-2) unstable; urgency=medium . * Prevent untrusted code execution from the command line (Closes: #1068463) Checksums-Sha1: a81914368787af40ac2ca79a0c10433f263ae7cf 2126 procyon_0.6.0-2.dsc 2356ad74e4f3d3120d4fb6567274d139c938db80 8352 procyon_0.6.0-2.debian.tar.xz 494205d5b18a9550ef3168058ba99de961859d0c 16872 procyon_0.6.0-2_source.buildinfo Checksums-Sha256: 110e78a5f31f17fa10793498be633bd6e5713264584b4cfdf35bdf3cdb3ba691 2126 procyon_0.6.0-2.dsc 1a0fdea456430d40370f3ab8a1bfc8036427cd8c9eeb0b3c41b1be290637d30d 8352 procyon_0.6.0-2.debian.tar.xz f361ec278567bb4f95f40efa87804af890e928277126dca59fca9872cc92d8a1 16872 procyon_0.6.0-2_source.buildinfo Files: 88699c5c3e942ae1ffbb4bfe9cb07f13 2126 java optional procyon_0.6.0-2.dsc 8eaaab4134da64ba14feec086274367b 8352 java optional procyon_0.6.0-2.debian.tar.xz 3c28b430258f0e6a55d70e803043e5b1 16872 java optional procyon_0.6.0-2_source.buildinfo -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAmYRC+kSHGVib3VyZ0Bh cGFjaGUub3JnAAoJEPUTxBnkudCsK+gP/1h4cdjx6L8cy6+vGqEtdajM+usbc8Lg uFc2cC9Q7P2kuL7uDZZvhUCMFa/zVsc5rfF/6NQNRGq1GgkxbGy7G/bkXZiVsdbu agbKukEpDGE3CEJWmfM+umVua6gJX5ZTOUf/Waq+Me9uYtAJAfT6USx0LhvC2LLE sWqi4b0fItaaftMOVfSEWf6OjK4gb3VISRi28VoZzqaWllU9IqqaIFqei80BMig6 pNVHJilfm1oGphABM/mFUWU1D363f+uAO4A7uAD05trGJ6XQLbDEZiSy6ridcCV0 Oyfn/Gh/7ScqG342t24AdJPtNPPEKyIyxcHnCB4OkwDhV2AY04jD6JHgx8dP5XL6 Dt20VOXJyIuABTjBPuHZV0NX2do6262VwprgUL6X35Qt7fbYN0NpgQx23NLFTDZJ WGhLsDPNoJbGlFWsxFn82ivOo3CjzL4Td210GfduW46Fe7m+hF9s1/BYI7m0gUwP iWmwh3lKtCWVVYPC6+gb+PQb9sW6d17jPDXdura2cWVpRS22JEoQCem9KvkbEuke fkNp24u/8vTjkCs+wwlqDZr2WxQGu4J1646EpjLtH94+JM4QTOyKYhkv5b4jo20N jwSKf+E+06PkOj+eU/lSKWmNQlxIASiQiCdBX8MoJFKBs24gpWPP0qqPPXn9639b 2LaHNWndI2xa =LXjA -END PGP SIGNATURE- pgpwxazb2rPrA.pgp Description: PGP signature --- End Message --- __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Bug#1068463 marked as pending in procyon
Processing control commands: > tag -1 pending Bug #1068463 [procyon-decompiler] procyon: Untrusted code execution via cwd in classpath Added tag(s) pending. -- 1068463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1022105: marked as done (pentaho-reporting-flow-engine: ships patches but doesn't apply them)
Your message dated Tue, 02 Apr 2024 19:21:31 + with message-id and subject line Bug#1022105: fixed in pentaho-reporting-flow-engine 0.9.4-5.2 has caused the Debian Bug report #1022105, regarding pentaho-reporting-flow-engine: ships patches but doesn't apply them to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1022105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022105 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: pentaho-reporting-flow-engine Version: 0.9.4-5 Severity: important Hi, pentaho-reporting-flow-engine 0.9.4-5 switched from dpatch to quilt: pentaho-reporting-flow-engine (0.9.4-5) unstable; urgency=medium [...] * drop dependency on dpatch and add dependency on quilt * disable timestamps in javadoc (Closes: #859976) The quilt build-dep was added, but there's no integration of quilt in d/rules. A way to fix this would be to switch to source format 3.0 (quilt), see #1007086. Another would be to add the quilt magic (e.g. via dh_quilt_patch / dh_quilt_unpatch) to d/rules. btw if the reproducible folks haven't complained, perhaps the timestamps patch can be dropped. Cheers, Emilio --- End Message --- --- Begin Message --- Source: pentaho-reporting-flow-engine Source-Version: 0.9.4-5.2 Done: Bastian Germann We believe that the bug you reported is fixed in the latest version of pentaho-reporting-flow-engine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1022...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Germann (supplier of updated pentaho-reporting-flow-engine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 23 Mar 2024 18:23:01 + Source: pentaho-reporting-flow-engine Architecture: source Version: 0.9.4-5.2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Bastian Germann Closes: 1007086 1022105 Changes: pentaho-reporting-flow-engine (0.9.4-5.2) unstable; urgency=medium . * Non-maintainer upload * Convert to source format 3.0 (closes: #1007086) * Apply formerly ignored quilt series (closes: #1022105) Checksums-Sha1: a34007df7cceaaa485cf83f4cfe35ddef7b1c8da 2509 pentaho-reporting-flow-engine_0.9.4-5.2.dsc 7b13bfb0668a9c32c240234f241c74373688390b 4100 pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz 966ff906b5263bb14c34c7cd46c691e8fe26c759 17804 pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo Checksums-Sha256: b9810070d563b13b395fbe4fbdb16c2416ee232756739b0fb2549eac8ae1bde9 2509 pentaho-reporting-flow-engine_0.9.4-5.2.dsc b9b4c5cbc2dc0397239cf05a23a009f4e7e9f389f0dc49760c1fe2ecb25116ee 4100 pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz 38751c8c89c4e22264e53324bf7962cf28219a3ba963081b9eb33a86875671b8 17804 pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo Files: 3f10527169c8c7a01102f6b3a5ae7ee8 2509 libs optional pentaho-reporting-flow-engine_0.9.4-5.2.dsc 912488ea00858095cb529da0cc78210d 4100 libs optional pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz 663b9497bcd63cc1447c2880f7cb31a2 17804 libs optional pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo -BEGIN PGP SIGNATURE- iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmX/H24QHGJhZ2VAZGVi aWFuLm9yZwAKCRAfXHqLRVZDFP4lDACzkZ8RjgByWgotvGobJWVYqkA7vC0DdoRA kcW2OvRVQWdn3ZNt6QoK7BpfqBFRYhPSMBBVoMDFE3eQvf8dXoKIFCyYlC1+cpIt +MUURuB+2/RMiEY3QIiI0ewkHH29wVUPlqOOEceUnIwXpsSh8wIPtExTtkHtRW8d VgFIiB5GkiAKd116S/Dx8jbXwkH0SlJRpSRNQuwowN/AfM1/wIaisGPFK7bVolyI U6DNgdrPMAVggyxZA8LzfN+alLN40Cuz+Nq+++61JL8v0bApmDjACdGsmWcnUB6G X7aLYA6INAL8CdB9slST70FB1uSWaqrhBQXmAGdXwJ/SAcTix+C/tKQ/0LyLQNgi 91TKS9ACGEkIwMGVgWG89iDqmi7roxCYSouN6NZKyiF4hbesCWmyLQuLGN/4F5Mo 9GIys8wKTsgw9GQu+hcojrn/TEUvOXTr/LM4ykR7TW2o5DIviOHQ3KUbB2smmW8O JhlDI1WF74dZmK0ZRGJuCsH+sb2NqKM= =Dfvm -END PGP SIGNATURE- pgppyBQ5lhWWX.pgp Description: PGP signature --- End Message --- __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1007086: marked as done (pentaho-reporting-flow-engine: please consider upgrading to 3.0 source format)
Your message dated Tue, 02 Apr 2024 19:21:31 + with message-id and subject line Bug#1007086: fixed in pentaho-reporting-flow-engine 0.9.4-5.2 has caused the Debian Bug report #1007086, regarding pentaho-reporting-flow-engine: please consider upgrading to 3.0 source format to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1007086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007086 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: pentaho-reporting-flow-engine Version: 0.9.4-5.1 Severity: wishlist Tags: bookworm sid Usertags: format1.0 format1.0-kp-nv Dear maintainer, This package is among the few (1.9%) that still use source format 1.0 in bookworm. Please upgrade it to source format 3.0, as (1) this format has many advantages, as documented in https://wiki.debian.org/Projects/DebSrc3.0 ; (2) this contributes to standardization of packaging practices. Please note that this is also a sign that the packaging of this software could maybe benefit from a refresh. It might be a good opportunity to look at other aspects as well. This mass bug filing was discussed on debian-devel@: https://lists.debian.org/debian-devel/2022/03/msg00074.html Thanks Lucas --- End Message --- --- Begin Message --- Source: pentaho-reporting-flow-engine Source-Version: 0.9.4-5.2 Done: Bastian Germann We believe that the bug you reported is fixed in the latest version of pentaho-reporting-flow-engine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1007...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Germann (supplier of updated pentaho-reporting-flow-engine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 23 Mar 2024 18:23:01 + Source: pentaho-reporting-flow-engine Architecture: source Version: 0.9.4-5.2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Bastian Germann Closes: 1007086 1022105 Changes: pentaho-reporting-flow-engine (0.9.4-5.2) unstable; urgency=medium . * Non-maintainer upload * Convert to source format 3.0 (closes: #1007086) * Apply formerly ignored quilt series (closes: #1022105) Checksums-Sha1: a34007df7cceaaa485cf83f4cfe35ddef7b1c8da 2509 pentaho-reporting-flow-engine_0.9.4-5.2.dsc 7b13bfb0668a9c32c240234f241c74373688390b 4100 pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz 966ff906b5263bb14c34c7cd46c691e8fe26c759 17804 pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo Checksums-Sha256: b9810070d563b13b395fbe4fbdb16c2416ee232756739b0fb2549eac8ae1bde9 2509 pentaho-reporting-flow-engine_0.9.4-5.2.dsc b9b4c5cbc2dc0397239cf05a23a009f4e7e9f389f0dc49760c1fe2ecb25116ee 4100 pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz 38751c8c89c4e22264e53324bf7962cf28219a3ba963081b9eb33a86875671b8 17804 pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo Files: 3f10527169c8c7a01102f6b3a5ae7ee8 2509 libs optional pentaho-reporting-flow-engine_0.9.4-5.2.dsc 912488ea00858095cb529da0cc78210d 4100 libs optional pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz 663b9497bcd63cc1447c2880f7cb31a2 17804 libs optional pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo -BEGIN PGP SIGNATURE- iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmX/H24QHGJhZ2VAZGVi aWFuLm9yZwAKCRAfXHqLRVZDFP4lDACzkZ8RjgByWgotvGobJWVYqkA7vC0DdoRA kcW2OvRVQWdn3ZNt6QoK7BpfqBFRYhPSMBBVoMDFE3eQvf8dXoKIFCyYlC1+cpIt +MUURuB+2/RMiEY3QIiI0ewkHH29wVUPlqOOEceUnIwXpsSh8wIPtExTtkHtRW8d VgFIiB5GkiAKd116S/Dx8jbXwkH0SlJRpSRNQuwowN/AfM1/wIaisGPFK7bVolyI U6DNgdrPMAVggyxZA8LzfN+alLN40Cuz+Nq+++61JL8v0bApmDjACdGsmWcnUB6G X7aLYA6INAL8CdB9slST70FB1uSWaqrhBQXmAGdXwJ/SAcTix+C/tKQ/0LyLQNgi 91TKS9ACGEkIwMGVgWG89iDqmi7roxCYSouN6NZKyiF4hbesCWmyLQuLGN/4F5Mo 9GIys8wKTsgw9GQu+hcojrn/TEUvOXTr/LM4ykR7TW2o5DIviOHQ3KUbB2smmW8O JhlDI1WF74dZmK0ZRGJuCsH+sb2NqKM= =Dfvm -END PGP SIGNATURE- pgp_pkOzXl4z5.pgp Description: PGP signature --- End Message --- __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debi
Processed: opensearch: FTBFS with lucene9/9.10.0+dfsg
Processing control commands: > retitle -1 opensearch: FTBFS with lucene9/9.10.0+dfsg Bug #1066450 [src:opensearch] opensearch: FTBFS: server/src/main/java/org/opensearch/index/codec/CodecService.java:37: error: cannot find symbol Changed Bug title to 'opensearch: FTBFS with lucene9/9.10.0+dfsg' from 'opensearch: FTBFS: server/src/main/java/org/opensearch/index/codec/CodecService.java:37: error: cannot find symbol'. -- 1066450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066450 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1057520: marked as done (libjxmpp-java: FTBFS with default Java 21)
Your message dated Mon, 01 Apr 2024 19:36:32 + with message-id and subject line Bug#1057520: fixed in libjxmpp-java 1.0.1-4 has caused the Debian Bug report #1057520, regarding libjxmpp-java: FTBFS with default Java 21 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057520 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libjxmpp-java Version: 1.0.1-3 Severity: important Tags: ftbfs User: debian-j...@lists.debian.org Usertags: default-java21 Dear Maintainers, The package libjxmpp-java ftbfs with default Java 21. The relevant part of the build log: --- Putting task artifact state for task ':jxmpp-core:debianMavenPom' into context took 0.0 secs. Up-to-date check for task ':jxmpp-core:debianMavenPom' took 0.0 secs. It is not up-to-date because: No history is available. Generating pom file /<>/jxmpp-jid/build/debian/jxmpp-jid.pom Generating pom file /<>/jxmpp-stringprep-icu4j/build/debian/jxmpp-stringprep-icu4j.pom Generating pom file /<>/jxmpp-core/build/debian/jxmpp-core.pom :jxmpp-jid:debianMavenPom (Thread[#43,Task worker for ':' Thread 3,5,main]) completed. Took 0.052 secs. :jxmpp-stringprep-icu4j:debianMavenPom (Thread[#41,Task worker for ':',5,main]) completed. Took 0.055 secs. :jxmpp-core:debianMavenPom (Thread[#42,Task worker for ':' Thread 2,5,main]) completed. Took 0.057 secs. /<>/jxmpp-util-cache/src/main/java/org/jxmpp/util/cache/ExpirationCache.java:38: warning: [this-escape] possible 'this' escape before subclass is fully initialized setDefaultExpirationTime(defaultExpirationTime); ^ error: warnings found and -Werror specified 1 error 1 warning :jxmpp-util-cache:compileJava FAILED :jxmpp-util-cache:compileJava (Thread[#29,Daemon worker,5,main]) completed. Took 0.487 secs. FAILURE: Build failed with an exception. --- -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-13-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: libjxmpp-java Source-Version: 1.0.1-4 Done: James Valleroy We believe that the bug you reported is fixed in the latest version of libjxmpp-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1057...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Valleroy (supplier of updated libjxmpp-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 01 Apr 2024 15:13:17 -0400 Source: libjxmpp-java Architecture: source Version: 1.0.1-4 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: James Valleroy Closes: 1057520 Changes: libjxmpp-java (1.0.1-4) unstable; urgency=medium . [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable): + Build-Depends: Drop versioned constraint on gradle-debian-helper. * Apply multi-arch hints. + libjxmpp-java: Add Multi-Arch: foreign. . [ Vladimir Petko ] * d/p/02-avoid-this-escape.patch: workaround 'this-escape' warnings for Java 21 (Closes: #1057520). . [ James Valleroy ] * Follows policy 4.6.2 * Update debian/* copyright statements Checksums-Sha1: 2aa7246f4fad38e3510b77710c538f606cc83532 2106 libjxmpp-java_1.0.1-4.dsc 84d141571e7f0febd34217226858ba57612df171 5572 libjxmpp-java_1.0.1-4.debian.tar.xz 36f1e280039a302bc0a18d8158fe996292f59581 13547 libjxmpp-java_1.0.1-4_amd64.buildinfo Checksums-Sha256: dec7b1913e044ffa159daac24e28c057046ae2eecbf7b078f25393374fe371d0 2106 libjxmpp-java_1.0.1-4.dsc 9430c297be94a6a1339d72a4a076839c4efacb7185c2d821a4d3319
Processed: Re: Bug#1067934: jameica: Jameica cannot load plugins | service "database" not found
Processing control commands: > severity -1 normal Bug #1067934 [jameica] jameica: Jameica cannot load plugins | service "database" not found Severity set to 'normal' from 'grave' -- 1067934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067934 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1066649: marked as done (libtritonus-java: FTBFS: org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration])
Your message dated Thu, 28 Mar 2024 21:15:52 + with message-id and subject line Bug#1066649: fixed in libtritonus-java 20070428-14.2 has caused the Debian Bug report #1066649, regarding libtritonus-java: FTBFS: org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1066649: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066649 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libtritonus-java Version: 20070428-14.1 Severity: serious Justification: FTBFS Tags: trixie sid ftbfs User: lu...@debian.org Usertags: ftbfs-20240313 ftbfs-trixie ftbfs-impfuncdef Hi, During a rebuild of all packages in sid, your package failed to build on amd64. This is most likely caused by a change in dpkg 1.22.6, that enabled -Werror=implicit-function-declaration. For more information, see https://wiki.debian.org/qa.debian.org/FTBFS#A2024-03-13_-Werror.3Dimplicit-function-declaration Relevant part (hopefully): > gcc -g -O2 -Werror=implicit-function-declaration > -ffile-prefix-map=/<>=. -fstack-protector-strong > -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -g > -Wall -I. -I/usr/lib/jvm/default-java/include > -I/usr/lib/jvm/default-java/include/linux -I../../../jni/ -fPIC -D_REENTRANT > -c -o org_tritonus_lowlevel_pogg_Buffer.o org_tritonus_lowlevel_pogg_Buffer.c > In file included from common.h:24, > from org_tritonus_lowlevel_pogg_Buffer.c:27: > org_tritonus_lowlevel_pogg_Buffer.c: In function ‘setHandle’: > ../common/HandleFieldHandler.h:59:57: warning: cast from pointer to integer > of different size [-Wpointer-to-int-cast] >59 | (*env)->SetLongField(env, obj, fieldID, (jlong) (int) > handle); \ > | ^ > org_tritonus_lowlevel_pogg_Buffer.c:30:1: note: in expansion of macro > ‘HandleFieldHandlerDeclaration’ >30 | HandleFieldHandlerDeclaration(handler, oggpack_buffer*) > | ^ > org_tritonus_lowlevel_pogg_Buffer.c: In function ‘getHandle’: > ../common/HandleFieldHandler.h:66:26: warning: cast to pointer from integer > of different size [-Wint-to-pointer-cast] >66 | _type handle = (_type) (int) (*env)->GetLongField(env, obj, > fieldID); \ > | ^ > org_tritonus_lowlevel_pogg_Buffer.c:30:1: note: in expansion of macro > ‘HandleFieldHandlerDeclaration’ >30 | HandleFieldHandlerDeclaration(handler, oggpack_buffer*) > | ^ > org_tritonus_lowlevel_pogg_Buffer.c: In function > ‘Java_org_tritonus_lowlevel_pogg_Buffer_readInit’: > org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of > function ‘memcpy’ [-Werror=implicit-function-declaration] > 224 | (void) memcpy(buffer2, buffer, nBytes); > |^~ > org_tritonus_lowlevel_pogg_Buffer.c:29:1: note: include ‘’ or > provide a declaration of ‘memcpy’ >28 | #include "org_tritonus_lowlevel_pogg_Buffer.h" > +++ |+#include >29 | > org_tritonus_lowlevel_pogg_Buffer.c:224:16: warning: incompatible implicit > declaration of built-in function ‘memcpy’ [-Wbuiltin-declaration-mismatch] > 224 | (void) memcpy(buffer2, buffer, nBytes); > |^~ > org_tritonus_lowlevel_pogg_Buffer.c:224:16: note: include ‘’ or > provide a declaration of ‘memcpy’ > org_tritonus_lowlevel_pogg_Buffer.c: In function > ‘Java_org_tritonus_lowlevel_pogg_Buffer_getBuffer’: > org_tritonus_lowlevel_pogg_Buffer.c:439:61: warning: pointer targets in > passing argument 5 of ‘(*env)->SetByteArrayRegion’ differ in signedness > [-Wpointer-sign] > 439 | (*env)->SetByteArrayRegion(env, abBuffer, 0, bytes, buffer); > | ^~ > | | > | unsigned > char * > org_tritonus_lowlevel_pogg_Buffer.c:439:61: note: expected ‘const jbyte *’ > {aka ‘const signed char *’} but argument is of type ‘unsigned char *’ > cc1: some warnings being treated as errors > make[2]: *** [: org_tritonus_lowlevel_pogg_Buffer.o] Error 1 The
Processed: libtritonus-java: diff for NMU version 20070428-14.2
Processing control commands: > tags 1066649 + patch Bug #1066649 [src:libtritonus-java] libtritonus-java: FTBFS: org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration] Added tag(s) patch. > tags 1066649 + pending Bug #1066649 [src:libtritonus-java] libtritonus-java: FTBFS: org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration] Added tag(s) pending. -- 1066649: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066649 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: jh_installjavadoc: should not write duplicative doc-base files.
Processing control commands: > affects -1 libpixels-java Bug #1067901 [javahelper] jh_installjavadoc: should not write duplicative doc-base files. Added indication that 1067901 affects libpixels-java -- 1067901: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067901 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1066045: marked as done (maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers)
Your message dated Thu, 28 Mar 2024 08:49:51 + with message-id and subject line Bug#1066045: fixed in maven-bundle-plugin 3.5.1-2.1 has caused the Debian Bug report #1066045, regarding maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1066045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066045 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libmaven-bundle-plugin-java Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: toolchain Dear Maintainer, The maven-bundle-plugin utility creates Java .jar archives that contain non-deterministic contents in the Export-Package, Private-Package and Include-Resource header fields of the MANIFEST.MF file when listing those files from the underlying filesystem returns them in differing order. There is an exisiting report[1] of this problem upstream in the Apache Felix project, and it has been resolved by a subsequent change[2] to sort the contents of the relevant field values before they're written to the manifest. Please find attached a backport of the upstream changeset, which applies cleanly to the maven-bundle-plugin-3.5.1 sources. Thank you, James [1] - https://issues.apache.org/jira/browse/FELIX-6602 [2] - https://github.com/apache/felix-dev/pull/208 >From d885d99a6a16660f655a4fd18e8a1a39beef0a15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Boutemy?= Date: Sat, 25 Mar 2023 00:18:11 +0100 Subject: [PATCH] FELIX-6602 sort resources and exported packages --- .../java/org/apache/felix/bundleplugin/BundlePlugin.java | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) --- a/src/main/java/org/apache/felix/bundleplugin/BundlePlugin.java +++ b/src/main/java/org/apache/felix/bundleplugin/BundlePlugin.java @@ -1938,6 +1938,7 @@ public class BundlePlugin extends AbstractMojo scanner.scan(); String[] paths = scanner.getIncludedFiles(); +Arrays.sort( paths ); for ( int i = 0; i < paths.length; i++ ) { packages.put( analyzer.getPackageRef( getPackageName( paths[i] ) ) ); @@ -2076,7 +2077,9 @@ public class BundlePlugin extends AbstractMojo scanner.addDefaultExcludes(); scanner.scan(); -List includedFiles = Arrays.asList( scanner.getIncludedFiles() ); +String[] f = scanner.getIncludedFiles(); +Arrays.sort( f ); +List includedFiles = Arrays.asList( f ); for ( Iterator j = includedFiles.iterator(); j.hasNext(); ) { -- 2.43.0 --- End Message --- --- Begin Message --- Source: maven-bundle-plugin Source-Version: 3.5.1-2.1 Done: Mattia Rizzolo We believe that the bug you reported is fixed in the latest version of maven-bundle-plugin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1066...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mattia Rizzolo (supplier of updated maven-bundle-plugin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 27 Mar 2024 18:13:06 +0100 Source: maven-bundle-plugin Architecture: source Version: 3.5.1-2.1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Mattia Rizzolo Closes: 1066045 Changes: maven-bundle-plugin (3.5.1-2.1) unstable; urgency=medium . * Non-maintainer upload. * Apply patch from upstream to fix nondeterministic ordering in MANIFEST.MF headers. Closes: #1066045 Thanks to James Addison for bringing up the patch. Checksums-Sha1: 2d62d1229202afb2c698da7edd7f4f7ef1c8f9f2 2528 maven-bundle-plugin_3.5.1-2.1.dsc 462903578303f600dd3738186596caa41c0053e3 9880 maven-bundle-plugin_3.5.1-2.1.debian.tar.xz bb3b8c4c230bc869366907e16e2bf0a61e479fa5 11473 maven-bundle-plugin_3.5.1-2.1_amd64.buildinfo Checksums-Sha256: cd5e51ce3e59d563d964a883dcff27bcbf965e4d7008605b1f5f9a7b477a65e1 2528 maven-bundle-plugin_3.5.1-2.1.dsc 866ebb653bc825b05a9f272f7c518132631a59bd88a77de2a70399b71883a9b
Processed: tagging 1067188, tagging 1067795, tagging 1067796
Processing commands for cont...@bugs.debian.org: > tags 1067188 + sid trixie Bug #1067188 [src:gcc-mingw-w64] gdb-mingw-w64: FTBFS in trixie Added tag(s) sid and trixie. > tags 1067795 + sid trixie Bug #1067795 [src:httpcomponents-client] httpcomponents-client: FTBFS: failing tests Added tag(s) trixie and sid. > tags 1067796 + sid trixie Bug #1067796 [src:mailscripts] mailscripts: FTBFS: email-print-mime-structure:51: error: Unused "type: ignore" comment Added tag(s) trixie and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 1067188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067188 1067795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067795 1067796: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067796 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers
Processing control commands: > forwarded -1 > https://salsa.debian.org/java-team/maven-bundle-plugin/-/merge_requests/1 Bug #1066045 [libmaven-bundle-plugin-java] maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers Set Bug forwarded-to-address to 'https://salsa.debian.org/java-team/maven-bundle-plugin/-/merge_requests/1'. > tags -1 pending Bug #1066045 [libmaven-bundle-plugin-java] maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers Ignoring request to alter tags of bug #1066045 to the same tags previously set -- 1066045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066045 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: maven-bundle-plugin: diff for NMU version 3.5.1-2.1
Processing control commands: > tags 1066045 + pending Bug #1066045 [libmaven-bundle-plugin-java] maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers Added tag(s) pending. -- 1066045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066045 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1067514: marked as done (commons-configuration2: CVE-2024-29133)
Your message dated Mon, 25 Mar 2024 05:35:03 + with message-id and subject line Bug#1067514: fixed in commons-configuration2 2.10.1-1 has caused the Debian Bug report #1067514, regarding commons-configuration2: CVE-2024-29133 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067514: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067514 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: commons-configuration2 Version: 2.8.0-2 Severity: important Tags: security upstream Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-841 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for commons-configuration2. CVE-2024-29133[0]: | Out-of-bounds Write vulnerability in Apache Commons | Configuration.This issue affects Apache Commons Configuration: from | 2.0 before 2.10.1. Users are recommended to upgrade to version | 2.10.1, which fixes the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-29133 https://www.cve.org/CVERecord?id=CVE-2024-29133 [1] https://issues.apache.org/jira/browse/CONFIGURATION-841 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: commons-configuration2 Source-Version: 2.10.1-1 Done: tony mancill We believe that the bug you reported is fixed in the latest version of commons-configuration2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill (supplier of updated commons-configuration2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Mar 2024 21:43:35 -0700 Source: commons-configuration2 Architecture: source Version: 2.10.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: tony mancill Closes: 1067513 1067514 Changes: commons-configuration2 (2.10.1-1) unstable; urgency=medium . * Team upload. * New upstream version 2.10.1 (Closes: #1067513, #1067514) CVE-2024-29131, CVE-2024-29133 * Ignore spotbugs maven plugin * Ignore org.apache.maven.plugins:maven-pmd-plugin * Add Build-Dep on libmockito-java and liblog4j2-java Checksums-Sha1: f87b15f4c5b13254dfeb3057fd0b31f64df1c6c2 2684 commons-configuration2_2.10.1-1.dsc a7bd29e7072c432344e781f6c6d7096541a38fb7 666940 commons-configuration2_2.10.1.orig.tar.xz 4071172cca28491af971e5e7f821f91a1994320d 5036 commons-configuration2_2.10.1-1.debian.tar.xz d46822382aa88fbd87821a5e4e7b64edc4018746 17604 commons-configuration2_2.10.1-1_amd64.buildinfo Checksums-Sha256: 52b9ee19c3572e46f83de7bc2e563135dd2cf85366952fc8bc7abb6c594efb6d 2684 commons-configuration2_2.10.1-1.dsc 3df256ecf5683cdc9b7b72113712a0d31e2d72eabc645406db134dc22439 666940 commons-configuration2_2.10.1.orig.tar.xz 44b3dd85437f546b41ed6c838ca117be209bf57f5ae6ae4a46811032de59a6ba 5036 commons-configuration2_2.10.1-1.debian.tar.xz 9449cb8d86e5e46f6336f9ad2a5bed247954b3fca2fe48cd0249672f1587262a 17604 commons-configuration2_2.10.1-1_amd64.buildinfo Files: e0500831e9f927a4590fa3425620800a 2684 java optional commons-configuration2_2.10.1-1.dsc cbd39112a507d641371276333c2a439d 666940 java optional commons-configuration2_2.10.1.orig.tar.xz 2311ad118ce1d9204788e582f220768c 5036 java optional commons-configuration2_2.10.1-1.debian.tar.xz 196b33ff8b525fe38b0990e56db934bf 17604 java optional commons-configuration2_2.10.1-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYBBakUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpb0QRAAm1bUxAJjLaheyPrgBQAx6wzX11AH jOuBlImXvFHx8MM/dkKJGJX6Y020YEvsT5Fu+CnUiEPXxngj3R2sv28j910bLjBB DVGrQACox6J3yUKdfPrASOCahjT+dFP4XVuzNKdJPTW5Kw1ifldveA7VSN+tAVMj U/PLO8RusBDpQhpv3sSrIGjcxD6XzV/+jW2MJ1V2Ltt+NaD7PKc5Wdp3BJK3jQ2H p6y67/BAYja/irxX1d56WenI+4Z9L8kvFpMt3vxQLl7CZhgNPoPbR6HpS2lbp+LI 34Gf6N+cT2qhfIOWFoEO9rSP
Bug#1067513: marked as done (commons-configuration2: CVE-2024-29131)
Your message dated Mon, 25 Mar 2024 05:35:03 + with message-id and subject line Bug#1067513: fixed in commons-configuration2 2.10.1-1 has caused the Debian Bug report #1067513, regarding commons-configuration2: CVE-2024-29131 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067513 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: commons-configuration2 Version: 2.8.0-2 Severity: important Tags: security upstream Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-840 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for commons-configuration2. CVE-2024-29131[0]: | Out-of-bounds Write vulnerability in Apache Commons | Configuration.This issue affects Apache Commons Configuration: from | 2.0 before 2.10.1. Users are recommended to upgrade to version | 2.10.1, which fixes the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-29131 https://www.cve.org/CVERecord?id=CVE-2024-29131 [1] https://issues.apache.org/jira/browse/CONFIGURATION-840 [2] https://www.openwall.com/lists/oss-security/2024/03/20/4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: commons-configuration2 Source-Version: 2.10.1-1 Done: tony mancill We believe that the bug you reported is fixed in the latest version of commons-configuration2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill (supplier of updated commons-configuration2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Mar 2024 21:43:35 -0700 Source: commons-configuration2 Architecture: source Version: 2.10.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: tony mancill Closes: 1067513 1067514 Changes: commons-configuration2 (2.10.1-1) unstable; urgency=medium . * Team upload. * New upstream version 2.10.1 (Closes: #1067513, #1067514) CVE-2024-29131, CVE-2024-29133 * Ignore spotbugs maven plugin * Ignore org.apache.maven.plugins:maven-pmd-plugin * Add Build-Dep on libmockito-java and liblog4j2-java Checksums-Sha1: f87b15f4c5b13254dfeb3057fd0b31f64df1c6c2 2684 commons-configuration2_2.10.1-1.dsc a7bd29e7072c432344e781f6c6d7096541a38fb7 666940 commons-configuration2_2.10.1.orig.tar.xz 4071172cca28491af971e5e7f821f91a1994320d 5036 commons-configuration2_2.10.1-1.debian.tar.xz d46822382aa88fbd87821a5e4e7b64edc4018746 17604 commons-configuration2_2.10.1-1_amd64.buildinfo Checksums-Sha256: 52b9ee19c3572e46f83de7bc2e563135dd2cf85366952fc8bc7abb6c594efb6d 2684 commons-configuration2_2.10.1-1.dsc 3df256ecf5683cdc9b7b72113712a0d31e2d72eabc645406db134dc22439 666940 commons-configuration2_2.10.1.orig.tar.xz 44b3dd85437f546b41ed6c838ca117be209bf57f5ae6ae4a46811032de59a6ba 5036 commons-configuration2_2.10.1-1.debian.tar.xz 9449cb8d86e5e46f6336f9ad2a5bed247954b3fca2fe48cd0249672f1587262a 17604 commons-configuration2_2.10.1-1_amd64.buildinfo Files: e0500831e9f927a4590fa3425620800a 2684 java optional commons-configuration2_2.10.1-1.dsc cbd39112a507d641371276333c2a439d 666940 java optional commons-configuration2_2.10.1.orig.tar.xz 2311ad118ce1d9204788e582f220768c 5036 java optional commons-configuration2_2.10.1-1.debian.tar.xz 196b33ff8b525fe38b0990e56db934bf 17604 java optional commons-configuration2_2.10.1-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYBBakUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpb0QRAAm1bUxAJjLaheyPrgBQAx6wzX11AH jOuBlImXvFHx8MM/dkKJGJX6Y020YEvsT5Fu+CnUiEPXxngj3R2sv28j910bLjBB DVGrQACox6J3yUKdfPrASOCahjT+dFP4XVuzNKdJPTW5Kw1ifldveA7VSN+tAVMj U/PLO8RusBDpQhpv3sSrIGjcxD6XzV/+jW2MJ1V2Ltt+NaD7PKc5Wdp3BJK3jQ2H p6y67/BAYja/irxX1d56
Bug#1025042: marked as done (zookeeperd: zookeeper may be started before network and crashes)
Your message dated Sun, 24 Mar 2024 23:36:06 + with message-id and subject line Bug#1025042: fixed in zookeeper 3.9.2-1 has caused the Debian Bug report #1025042, regarding zookeeperd: zookeeper may be started before network and crashes to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1025042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025042 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: zookeeperd Version: 3.8.0-10 Severity: important Hey. The init.d script doesn't require networking, therefore it may happen. that e.g. systemd starts zookeeper before the network is brought up, in which case zookeeper crashes, as it cannot bind to the configured server.N-option address. Could be solved either by using e.g.: # Required-Start:$remote_fs $network # Required-Stop: $remote_fs $network or by solving bug #950386 and providing systemd units, which would make this bug obsole (unless sysvinit compatibility was to be kept). Cheers, Chris. --- End Message --- --- Begin Message --- Source: zookeeper Source-Version: 3.9.2-1 Done: Bastien Roucariès We believe that the bug you reported is fixed in the latest version of zookeeper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1025...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès (supplier of updated zookeeper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Mar 2024 21:19:51 + Source: zookeeper Architecture: source Version: 3.9.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Bastien Roucariès Closes: 1025042 1066947 Changes: zookeeper (3.9.2-1) unstable; urgency=medium . * Team upload * New upstream version 3.9.2 * Bug fix: CVE-2024-23944 (Closes: #1066947): An information disclosure in persistent watchers handling was found in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. * Let sysvinit init script depend on networking (Closes: #1025042) * Add salsa CI * Refresh patches Checksums-Sha1: 3c11da7860b08d7d6b1aa02edd5724cc8ee5023d 3788 zookeeper_3.9.2-1.dsc 3a4467abfa2401af9a5edd259b52e5bdb86190e1 4684368 zookeeper_3.9.2.orig.tar.gz 86d0c7e6ea1c2a06ac434613427934d9e07000ad 833 zookeeper_3.9.2.orig.tar.gz.asc f0f2832dab05a8332fe6271b1ae0830882edc599 90740 zookeeper_3.9.2-1.debian.tar.xz 7e8adca2febc5790177093d17c57a1ab7ce63bf9 24964 zookeeper_3.9.2-1_amd64.buildinfo Checksums-Sha256: 78cba7d05dec290e24b74f7349491232fedb585ae264185610bd6e4d703cb582 3788 zookeeper_3.9.2-1.dsc bbdea19a91d11bc55071fdd7c83109afb6ee791a7b0733fde0baaa44029cbd77 4684368 zookeeper_3.9.2.orig.tar.gz 91572bf432f38cf5c4eb4570a79cbc9809963f961f1d6278360e86d3ae4c32e0 833 zookeeper_3.9.2.orig.tar.gz.asc 2d53d059e8a36d510c57d9c54c6b093b0f7e6b015e4fce4878f701b7883279b0 90740 zookeeper_3.9.2-1.debian.tar.xz db1e8b2985dc3e94a46bfbab463891d7054f224f6dab3493e8138d91607fc716 24964 zookeeper_3.9.2-1_amd64.buildinfo Files: 4787cb5820f605db03dea0be53a237f7 3788 java optional zookeeper_3.9.2-1.dsc e75afdf8f4f4da2ea5c861ba9e9448a8 4684368 java optional zookeeper_3.9.2.orig.tar.gz 376fb556cb78dd3b9891384275776efb 833 java optional zookeeper_3.9.2.orig.tar.gz.asc 5efcee1c0532665292233a2df907b21f 90740 java optional zookeeper_3.9.2-1.debian.tar.xz fc91796959d0c387650d9ded00a539cb 24964 java optional zookeeper_3.9.2-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYAo8MRHHJvdWNhQGRl
Bug#1066947: marked as done (zookeeper: CVE-2024-23944)
Your message dated Sun, 24 Mar 2024 23:36:12 + with message-id and subject line Bug#1066947: fixed in zookeeper 3.9.2-1 has caused the Debian Bug report #1066947, regarding zookeeper: CVE-2024-23944 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1066947: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066947 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: zookeeper Version: 3.9.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for zookeeper. CVE-2024-23944[0]: | Information disclosure in persistent watchers handling in Apache | ZooKeeper due to missing ACL check. It allows an attacker to monitor | child znodes by attaching a persistent watcher (addWatch command) to | a parent which the attacker has already access to. ZooKeeper server | doesn't do ACL check when the persistent watcher is triggered and as | a consequence, the full path of znodes that a watch event gets | triggered upon is exposed to the owner of the watcher. It's | important to note that only the path is exposed by this | vulnerability, not the data of znode, but since znode path can | contain sensitive information like user name or login ID, this issue | is potentially critical. Users are recommended to upgrade to | version 3.9.2, 3.8.4 which fixes the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-23944 https://www.cve.org/CVERecord?id=CVE-2024-23944 [1] https://www.openwall.com/lists/oss-security/2024/03/14/2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: zookeeper Source-Version: 3.9.2-1 Done: Bastien Roucariès We believe that the bug you reported is fixed in the latest version of zookeeper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1066...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès (supplier of updated zookeeper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Mar 2024 21:19:51 + Source: zookeeper Architecture: source Version: 3.9.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Bastien Roucariès Closes: 1025042 1066947 Changes: zookeeper (3.9.2-1) unstable; urgency=medium . * Team upload * New upstream version 3.9.2 * Bug fix: CVE-2024-23944 (Closes: #1066947): An information disclosure in persistent watchers handling was found in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. * Let sysvinit init script depend on networking (Closes: #1025042) * Add salsa CI * Refresh patches Checksums-Sha1: 3c11da7860b08d7d6b1aa02edd5724cc8ee5023d 3788 zookeeper_3.9.2-1.dsc 3a4467abfa2401af9a5edd259b52e5bdb86190e1 4684368 zookeeper_3.9.2.orig.tar.gz 86d0c7e6ea1c2a06ac434613427934d9e07000ad 833 zookeeper_3.9.2.orig.tar.gz.asc f0f2832dab05a8332fe6271b1ae0830882edc599 90740 zookeeper_3.9.2-1.debian.tar.xz 7e8adca2febc5790177093d17c57a1ab7ce63bf9 24964 zookeeper_3.9.2-1_amd64.buildinfo Checksums-Sha256: 78cba7d05dec290e24b74f7349491232fedb585ae264185610bd6e4d703cb582 3788 zookeeper_3.9.2-1.dsc bbdea19a91d11bc55071fdd7c83109afb6ee791a7b0733fde0baaa44029cbd77 4684368 zookeeper_3.9.2.orig.ta
Processed: Bug#1025042 marked as pending in zookeeper
Processing control commands: > tag -1 pending Bug #1025042 [zookeeperd] zookeeperd: zookeeper may be started before network and crashes Added tag(s) pending. -- 1025042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025042 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1057933: marked as done (libjose4j-java: FTBFS: IOException: Only named ECParameters supported)
Your message dated Sun, 24 Mar 2024 21:58:14 +0100 with message-id and subject line Re: Bug#1057933: libjose4j-java: FTBFS: IOException: Only named ECParameters supported has caused the Debian Bug report #1057933, regarding libjose4j-java: FTBFS: IOException: Only named ECParameters supported to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057933: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057933 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:libjose4j-java Version: 0.7.12-2 Severity: serious Tags: ftbfs Dear maintainer: During a rebuild of all packages in unstable, your package failed to build: [...] debian/rules binary dh binary dh_update_autotools_config dh_autoreconf dh_auto_configure mh_patchpoms -plibjose4j-java --debian-build --keep-pom-version --maven-repo=/<>/debian/maven-repo dh_auto_build /usr/lib/jvm/default-java/bin/java -noverify -cp /usr/share/maven/boot/plexus-classworlds-2.x.jar -Dmaven.home=/usr/share/maven -Dmaven.multiModuleProjectDirectory=/<> -Dclassworlds.conf=/etc/maven/m2-debian.conf -Dproperties.file.manual=/<>/debian/maven.properties org.codehaus.plexus.classworlds.launcher.Launcher -s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian -Dmaven.repo.local=/<>/debian/maven-repo --batch-mode package -DskipTests -Dnotimestamp=true -Dlocale=en_US OpenJDK 64-Bit Server VM warning: Options -Xverify:none and -noverify were deprecated in JDK 13 and will likely be removed in a future release. [0m[0m[INFO] Scanning for projects... [INFO] [INFO] --< org.bitbucket.b_c:jose4j >-- [INFO] Building jose4j 0.7.12 [INFO] [ jar ]- [... snipped ...] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:61) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at org.junit.runners.ParentRunner.run(ParentRunner.java:413) at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:365) at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:273) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:159) at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:384) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:345) at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:126) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:418) 14:19:37.806 DEBUG org.jose4j.jwk.JsonWebKeySet - Ignoring an individual JWK in a JWKS due to a problem processing it. JWK params: {kty=null, x=riwTtQeRjmlDsR4PUQELhejpPkZkQstb0_Lf08qeBzM, y=izN8y6z-8j8bB_Lj10gX9mnaE_E0ZK5fl0hJVyLWMKA, crv=P-256} and the full JW
Processed: bug 1066947 is forwarded to https://issues.apache.org/jira/browse/ZOOKEEPER-4799
Processing commands for cont...@bugs.debian.org: > forwarded 1066947 https://issues.apache.org/jira/browse/ZOOKEEPER-4799 Bug #1066947 [src:zookeeper] zookeeper: CVE-2024-23944 Set Bug forwarded-to-address to 'https://issues.apache.org/jira/browse/ZOOKEEPER-4799'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1066947: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066947 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: severity of 1065108 is important, user release.debian....@packages.debian.org, usertagging 1065108
Processing commands for cont...@bugs.debian.org: > severity 1065108 important Bug #1065108 {Done: tony mancill } [src:java3d] java3d: FTBFS: missing build-dep on libnsl-dev Severity set to 'important' from 'serious' > user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was sebas...@debian.org). > usertags 1065108 time-t-downgrade There were no usertags set. Usertags are now: time-t-downgrade. > thanks Stopping processing here. Please contact me if you need assistance. -- 1065108: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065108 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Bug#1067209 marked as pending in jruby
Processing control commands: > tag -1 pending Bug #1067209 [jruby] jruby: please update libfixposix4 runtime depency Added tag(s) pending. -- 1067209: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067209 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1064191: marked as done (openjdk-8: fails to install on i386 mantic, focal and jammy)
Your message dated Wed, 13 Mar 2024 23:20:33 + with message-id and subject line Bug#1064191: fixed in openjdk-8 8u402-ga-3 has caused the Debian Bug report #1064191, regarding openjdk-8: fails to install on i386 mantic, focal and jammy to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1064191: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064191 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openjdk-8 Severity: wishlist Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Dear Maintainer, openjdk-8 402-ga-2 introduced changes that make the package fail to install in i386 Ubuntu noble. binfmt-support might not be installed and /usr/share/binfmts directory might not exist. This causes postinstall script to fail in a new installation. ATK wrapper package for i386 is not present in stable releases of Ubuntu and will require SRU process to be introduced. This makes package uninstallable. Would it be possible to consider the following changes: * Fix installation issue on i386 (LP: #2053110): - d/rules: build without atk bridge on i386 for Ubuntu versions that do not have it. - d/JB-jre-headless.postinst.in: check that /usr/share/binfmts exists before trying to delete it. Thanks for considering the patch. -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic'), (100, 'mantic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-17-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru openjdk-8-8u402-ga/debian/JB-jre-headless.postinst.in openjdk-8-8u402-ga/debian/JB-jre-headless.postinst.in --- openjdk-8-8u402-ga/debian/JB-jre-headless.postinst.in 2024-01-31 18:05:28.0 +1300 +++ openjdk-8-8u402-ga/debian/JB-jre-headless.postinst.in 2024-02-14 19:58:48.0 +1300 @@ -19,7 +19,9 @@ --remove jar /usr/bin/jexec 2>/dev/null || true update-alternatives --remove jexec \ $basedir/jre/lib/jexec 2>/dev/null || true - rmdir --ignore-fail-on-non-empty /usr/share/binfmts + if [ -e /usr/share/binfmts ]; then + rmdir --ignore-fail-on-non-empty /usr/share/binfmts + fi fi # fail early. java currently uses tricks to find its own shared diff -Nru openjdk-8-8u402-ga/debian/rules openjdk-8-8u402-ga/debian/rules --- openjdk-8-8u402-ga/debian/rules 2024-01-31 18:05:28.0 +1300 +++ openjdk-8-8u402-ga/debian/rules 2024-02-14 19:58:48.0 +1300 @@ -305,6 +305,16 @@ with_bridge = atk endif +ifeq ($(derivative),Ubuntu) + ifeq ($(DEB_HOST_ARCH),i386) +# disable bridge on focal, jammy and mantic until atk wrapper is introduced +# in those releases on i386 +ifneq (,$(filter $(distrel),focal jammy mantic)) + with_bridge = +endif + endif +endif + with_nss = yes on_buildd := $(shell [ -f /CurrentlyBuilding -o "$$LOGNAME" = buildd ] && echo yes) --- End Message --- --- Begin Message --- Source: openjdk-8 Source-Version: 8u402-ga-3 Done: Thorsten Glaser We believe that the bug you reported is fixed in the latest version of openjdk-8, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1064...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Glaser (supplier of updated openjdk-8 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA384 Format: 1.8 Date: Wed, 13 Mar 2024 22:46:46 +0100 Source: openjdk-8 Architecture: source Version: 8u402-ga-3 Distribution: unstable Urgency: medium Maintainer: Java Maintenance Changed-By: Thorsten Glaser Closes: 1064191 Changes: openjdk-8 (8u402-ga-3) unstable; urgency=medium . [ Vladimir Petko ] * Unbreak installability with missing /usr/share/binfmts . [ Thorsten Glaser, V
Processed: Re: Bug#1066051: openjdk-8: make package usable on systems without t64 packages
Processing commands for cont...@bugs.debian.org: > close 1066051 Bug #1066051 [src:openjdk-8] openjdk-8: make package usable on systems without t64 packages Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 1066051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066051 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: antlr4-maven-plugin: please provide debian-versioned maven coordinates
Processing control commands: > affects -1 src:chemicaltagger Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide debian-versioned maven coordinates Added indication that 1065660 affects src:chemicaltagger -- 1065660: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065660 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#1065455: marked as done (libapache-poi-java: FTBFS due to commons-compress upgrade)
Your message dated Thu, 07 Mar 2024 06:21:27 + with message-id and subject line Bug#1065455: fixed in libapache-poi-java 4.0.1-6 has caused the Debian Bug report #1065455, regarding libapache-poi-java: FTBFS due to commons-compress upgrade to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1065455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065455 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libapache-poi-java Version: 4.0.1-4 Severity: important Tags: ftbfs User: debian-j...@lists.debian.org Usertags: default-java21 Dear Maintainers, The package libapache-poi-java ftbfs with default Java 21. The relevant part of the build log: --- [javac] /<>/src/ooxml/testcases/org/apache/poi/openxml4j/opc/internal/marshallers/TestZipPackagePropertiesMarshaller.java:61: error: name clash: putArchiveEntry(ArchiveEntry) in and putArchiveEntry(ZipArchiveEntry) in ArchiveOutputStream have the same erasure, yet neither overrides the other [javac] public void putArchiveEntry(final ArchiveEntry archiveEntry) throws IOException { [javac] ^ [javac] Note: Some input files use or override a deprecated API. [javac] Note: Recompile with -Xlint:deprecation for details. [javac] Note: /<>/src/ooxml/testcases/org/apache/poi/sl/TestOleShape.java uses unchecked or unsafe operations. [javac] Note: Recompile with -Xlint:unchecked for details. [javac] 1 error [javac] 3 warnings --- -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic'), (100, 'mantic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-21-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: libapache-poi-java Source-Version: 4.0.1-6 Done: Vladimir Petko We believe that the bug you reported is fixed in the latest version of libapache-poi-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1065...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vladimir Petko (supplier of updated libapache-poi-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 07 Mar 2024 15:21:27 +1300 Source: libapache-poi-java Architecture: source Version: 4.0.1-6 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Vladimir Petko Closes: 1065455 Changes: libapache-poi-java (4.0.1-6) unstable; urgency=medium . * Team upload . [ Vladimir Petko ] * d/p/17_commons-compress-upgrade.patch: apply upstream patch to resolve ftbfs (Closes: #1065455). Checksums-Sha1: eb0e8ac1be009940a23e98894ee6767a7a5195b5 2574 libapache-poi-java_4.0.1-6.dsc ce7cf1dd4b915675a5e343d1e165d9adc77473fe 16972 libapache-poi-java_4.0.1-6.debian.tar.xz db531711a5d2fcbfc01f6f8ed8e7e1b80dce0e97 15646 libapache-poi-java_4.0.1-6_amd64.buildinfo Checksums-Sha256: 75d6a4fd3846c7d95bdfcc5c2430fdbc806449ec03572e9b5bee339a217200a6 2574 libapache-poi-java_4.0.1-6.dsc 044358e85a7d16476b8ed833f81e5aa67ba2b50ed6ff2e7ece644c879a357c88 16972 libapache-poi-java_4.0.1-6.debian.tar.xz 73a088a3a24a424bbc32224fff995c2892e199176025086e593258988eef5f22 15646 libapache-poi-java_4.0.1-6_amd64.buildinfo Files: 027f90dc2f7e9ec9030e9e17de5f7059 2574 java optional libapache-poi-java_4.0.1-6.dsc 95c078192dab690267234c430aeee8bb 16972 java optional libapache-poi-java_4.0.1-6.debian.tar.xz 3878181e2f49d7c3756602afa5693483 15646 java optional libapache-poi-java_4.0.1-6_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmXpSuMUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpbuehAAypNcvMyb4zsWJmyaFf7AosoWtLGH Wo61lUAEt+ABJrqE99BlCIrT2XRyISkTcoRrJrOBt861kgg0r6h+
Processed: owner 1065455
Processing commands for cont...@bugs.debian.org: > owner 1065455 ! Bug #1065455 [src:libapache-poi-java] libapache-poi-java: FTBFS due to commons-compress upgrade Owner recorded as tony mancill . > thanks Stopping processing here. Please contact me if you need assistance. -- 1065455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065455 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: remove java 21 ftbfs
Processing commands for cont...@bugs.debian.org: > user debian-j...@lists.debian.org Setting user to debian-j...@lists.debian.org (was vladimir.pe...@canonical.com). > usertag 1065455 -default-java21 Usertags were: default-java21. There are now no usertags set. > retitle 1065455 libapache-poi-java: FTBFS due to commons-compress upgrade Bug #1065455 [src:libapache-poi-java] libapache-poi-java: FTBFS with default Java 21 Changed Bug title to 'libapache-poi-java: FTBFS due to commons-compress upgrade' from 'libapache-poi-java: FTBFS with default Java 21'. > End of message, stopping processing here. Please contact me if you need assistance. -- 1065455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065455 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.