Bug#1071642: marked as done (javatools: Build-Depends on orphaned, RC-buggy markdown)

[Debian Bug Tracking System]

Your message dated Sun, 02 Jun 2024 17:20:32 +
with message-id 
and subject line Bug#1071642: fixed in javatools 0.80
has caused the Debian Bug report #1071642,
regarding javatools: Build-Depends on orphaned, RC-buggy markdown
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1071642: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071642
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: javatools
Version: 0.79
Severity: important
X-Debbugs-Cc: tmanc...@debian.org, ebo...@apache.org

The package Build-Depends on markdown, which is orphaned and RC-buggy.
javatools makes it a key package, which is the reason for it not being 
auto-removed.
Please consider applying the attached patch to depend on python3-markdown 
instead.diff -Nru javatools-0.79/debian/changelog javatools-0.79+nmu1/debian/changelog
--- javatools-0.79/debian/changelog 2023-07-29 05:15:46.0 +
+++ javatools-0.79+nmu1/debian/changelog2024-05-22 19:34:53.0 
+
@@ -1,3 +1,10 @@
+javatools (0.79+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * Replace orphaned Build-Depends: markdown with python3-markdown
+
+ -- Bastian Germann   Wed, 22 May 2024 19:34:53 +
+
 javatools (0.79) unstable; urgency=medium
 
   [ Vladimir Petko ]
diff -Nru javatools-0.79/debian/control javatools-0.79+nmu1/debian/control
--- javatools-0.79/debian/control   2023-07-29 05:15:46.0 +
+++ javatools-0.79+nmu1/debian/control  2024-05-22 19:32:21.0 +
@@ -11,7 +11,7 @@
  libtest-minimumversion-perl,
  libtest-perl-critic-perl,
  libtest-strict-perl,
- markdown,
+ python3-markdown,
  perl
 Rules-Requires-Root: no
 Standards-Version: 4.6.2
diff -Nru javatools-0.79/debian/rules javatools-0.79+nmu1/debian/rules
--- javatools-0.79/debian/rules 2023-07-29 05:15:46.0 +
+++ javatools-0.79+nmu1/debian/rules2024-05-22 19:30:19.0 +
@@ -38,7 +38,7 @@
# jarwrapper pod-based manpages
$(POD2MAN) -s 1 jarwrapper.pod tmp.jarwrapper/jarwrapper.1
$(POD2MAN) -s 1 jardetector.pod tmp.jarwrapper/jardetector.1
-   markdown --html4tags tutorial.txt | \
+   markdown_py -o html tutorial.txt | \
cat tutorial-header.html - tutorial-footer.html > tutorial.html
 
 runtests: jh_lib.sh
--- End Message ---
--- Begin Message ---
Source: javatools
Source-Version: 0.80
Done: tony mancill 

We believe that the bug you reported is fixed in the latest version of
javatools, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated javatools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 02 Jun 2024 09:42:31 -0700
Source: javatools
Architecture: source
Version: 0.80
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 1071642
Changes:
 javatools (0.80) unstable; urgency=medium
 .
   [ Bastian Germann ]
   * Replace orphaned Build-Depends: markdown with python3-markdown
 (Closes: #1071642)
 .
   [ tony mancill ]
   * Bump Standards-Version to 4.7.0
Checksums-Sha1:
 9dd84b3c9e9d6476208f5c2edcf204330d44d010 1940 javatools_0.80.dsc
 fdaf5cb54ead88ed0edc3869b47dcdfdde45dbc2 53608 javatools_0.80.tar.xz
 3225fcce9fbe6e246224f6856cdcddeec93c7442 12162 javatools_0.80_amd64.buildinfo
Checksums-Sha256:
 0b355c83a4eb1b2046e035c6981f7ee9577c6037cfded7a38c1d3cad95bb9924 1940 
javatools_0.80.dsc
 b3fc6f973c0e3474dcba130415eff75907249fd0c44291bf465587b5e5cbd449 53608 
javatools_0.80.tar.xz
 a00d762a65d40a72759d97e84778fb96fc6634ce601038b160192ccb146358aa 12162 
javatools_0.80_amd64.buildinfo
Files:
 0bfc0c81edff4c04a11ac442d7405dc7 1940 java optional javatools_0.80.dsc
 07ec16e9ee6bcfebcce421e6b5e7e6e4 53608 java optional javatools_0.80.tar.xz
 b226d6fe02262ad12f6e1d5bae863737 12162 java optional 
javatools_0.80_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmZcol0UHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpbcVA//Q1/Fb+IT8fROPs5MkcwMmwJTDyxJ
ynBLjROL

Processed: tagging 1072123, bug 1072123 is forwarded to https://github.com/json-path/JsonPath/issues/973

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1072123 + upstream
Bug #1072123 [src:jayway-jsonpath] jayway-jsonpath: CVE-2023-51074
Ignoring request to alter tags of bug #1072123 to the same tags previously set
> forwarded 1072123 https://github.com/json-path/JsonPath/issues/973
Bug #1072123 [src:jayway-jsonpath] jayway-jsonpath: CVE-2023-51074
Set Bug forwarded-to-address to 
'https://github.com/json-path/JsonPath/issues/973'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1072123: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072123
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: tagging 1072124, bug 1072124 is forwarded to ttps://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1072124 + upstream
Bug #1072124 [src:gnome-shell] gnome-shell: CVE-2024-36472
Added tag(s) upstream.
> forwarded 1072124 ttps://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
Bug #1072124 [src:gnome-shell] gnome-shell: CVE-2024-36472
Changed Bug forwarded-to-address to 
'ttps://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688' from 
'https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688'.
> tags 1070377 + upstream
Bug #1070377 [src:frr] frr: CVE-2024-34088
Ignoring request to alter tags of bug #1070377 to the same tags previously set
> tags 1072125 + upstream
Bug #1072125 [src:frr] frr: CVE-2024-31949
Added tag(s) upstream.
> tags 1072126 + upstream
Bug #1072126 [src:frr] frr: CVE-2024-31948
Added tag(s) upstream.
> tags 1072123 + upstream
Bug #1072123 [src:jayway-jsonpath] jayway-jsonpath: CVE-2023-51074
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1070377: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070377
1072123: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072123
1072124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072124
1072125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072125
1072126: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072126
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1039985: marked as done (libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid)

[Debian Bug Tracking System]

Your message dated Sat, 25 May 2024 11:32:37 +
with message-id 
and subject line Bug#1039985: fixed in json-smart 2.2-2+deb11u1
has caused the Debian Bug report #1039985,
regarding libjson-smart-java: buster-lts has a newer version than 
bullseye/bookworm/sid
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libjson-smart-java
Version: 2.2-2
Severity: serious
Tags: bullseye bookworm trixie sid
User: debian...@lists.debian.org
Usertags: piuparts
X-Debbugs-Cc: Bastien Roucariès 

Hi,

during a test with piuparts I noticed your package cannot be upgraded
from buster-lts to any newer release since buster-lts has a version
newer than any later release:

 json-smart | 2.2-1 | stretch | source
 json-smart | 2.2-2 | buster  | source
 json-smart | 2.2-2 | bullseye| source
 json-smart | 2.2-2 | bookworm| source
 json-smart | 2.2-2 | trixie  | source
 json-smart | 2.2-2 | sid | source
 json-smart | 2.2-2+deb10u1 | buster-security | source


Andreas
--- End Message ---
--- Begin Message ---
Source: json-smart
Source-Version: 2.2-2+deb11u1
Done: Andreas Beckmann 

We believe that the bug you reported is fixed in the latest version of
json-smart, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1039...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated json-smart package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 26 Apr 2024 12:27:32 +0200
Source: json-smart
Architecture: source
Version: 2.2-2+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Andreas Beckmann 
Closes: 1033474 1039985
Changes:
 json-smart (2.2-2+deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bullseye.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2023-1370: stack overflow due to excessive recursion
 When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
 parses an array or an object respectively. It was discovered that the
 code does not have any limit to the nesting of such arrays or
 objects. Since the parsing of nested arrays and objects is done
 recursively, nesting too many of them can cause a stack exhaustion
 (stack overflow) and crash the software. (Closes: #1033474)
   * CVE-2021-31684: Fix indexOf
 A vulnerability was discovered in the indexOf function of
 JSONParserByteArray in JSON Smart versions 1.3 and 2.4
 which causes a denial of service (DOS)
 via a crafted web request.
Checksums-Sha1:
 af2188045d10bb2a10fec9fe61ded4f58d188bf2 2098 json-smart_2.2-2+deb11u1.dsc
 a4cda87958aa72f0698e948d142e3dad35d89bec 6052 
json-smart_2.2-2+deb11u1.debian.tar.xz
 509a10c2a6ecf31f65326d2b540dda4995c4a9c2 12732 
json-smart_2.2-2+deb11u1_source.buildinfo
Checksums-Sha256:
 df75bf6c6c10fe8212d0666343008cb3ca946529dfdb08bf92e110ca43de36e5 2098 
json-smart_2.2-2+deb11u1.dsc
 40995815542b3a11e3022d252d46dacc595914a6a6cb0286fc7c5990ac19a4b7 6052 
json-smart_2.2-2+deb11u1.debian.tar.xz
 cf0c5c2730c454b2f53b378fbf103efa23ed0b53f54aed9d806e57979b20 12732 
json-smart_2.2-2+deb11u1_source.buildinfo
Files:
 3c8b3df4eb4f72be4ad7422166f27a61 2098 java optional 
json-smart_2.2-2+deb11u1.dsc
 66735a9629b9dc31c56e69560f8b6b47 6052 java optional 
json-smart_2.2-2+deb11u1.debian.tar.xz
 4b784f5b1193c7c9523e40f8710f2092 12732 java optional 
json-smart_2.2-2+deb11u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmYrghsQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCJraD/44rGniM0cf2NID2b0VpTRJzjbp0xD4DLPU
nyiR2K31wfxZZ2SzrdWZSr/SSPr3I+W/mAtxXmHjbxWJ6RC3FK5DC+zQVdD0HIdc
YpNKLml0I7PereFVHftSMek9NTgatxcK6UGXVg1G1vUCYHlAKGYUGbQj7CLGrF0o
Gi3BXCnJ5kIklOT6LaILCzy2jZgsqu5asQJFSYvzuQcnUt/RD77/KUyTGj8ncFvo
XGZZmhxfxTv+roiq5FXdpUoGYVZq6l6rVwyKjn/CIo

Bug#1039985: marked as done (libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid)

[Debian Bug Tracking System]

Your message dated Sat, 25 May 2024 11:32:08 +
with message-id 
and subject line Bug#1039985: fixed in json-smart 2.2-2+deb12u1
has caused the Debian Bug report #1039985,
regarding libjson-smart-java: buster-lts has a newer version than 
bullseye/bookworm/sid
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libjson-smart-java
Version: 2.2-2
Severity: serious
Tags: bullseye bookworm trixie sid
User: debian...@lists.debian.org
Usertags: piuparts
X-Debbugs-Cc: Bastien Roucariès 

Hi,

during a test with piuparts I noticed your package cannot be upgraded
from buster-lts to any newer release since buster-lts has a version
newer than any later release:

 json-smart | 2.2-1 | stretch | source
 json-smart | 2.2-2 | buster  | source
 json-smart | 2.2-2 | bullseye| source
 json-smart | 2.2-2 | bookworm| source
 json-smart | 2.2-2 | trixie  | source
 json-smart | 2.2-2 | sid | source
 json-smart | 2.2-2+deb10u1 | buster-security | source


Andreas
--- End Message ---
--- Begin Message ---
Source: json-smart
Source-Version: 2.2-2+deb12u1
Done: Andreas Beckmann 

We believe that the bug you reported is fixed in the latest version of
json-smart, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1039...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated json-smart package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 21 May 2024 01:38:17 +0200
Source: json-smart
Architecture: source
Version: 2.2-2+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Andreas Beckmann 
Closes: 1033474 1039985
Changes:
 json-smart (2.2-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bullseye.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2023-1370: stack overflow due to excessive recursion
 When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
 parses an array or an object respectively. It was discovered that the
 code does not have any limit to the nesting of such arrays or
 objects. Since the parsing of nested arrays and objects is done
 recursively, nesting too many of them can cause a stack exhaustion
 (stack overflow) and crash the software. (Closes: #1033474)
   * CVE-2021-31684: Fix indexOf
 A vulnerability was discovered in the indexOf function of
 JSONParserByteArray in JSON Smart versions 1.3 and 2.4
 which causes a denial of service (DOS)
 via a crafted web request.
Checksums-Sha1:
 12681d4e9c2c27df8f9718e32016c0d3c2c26612 2094 json-smart_2.2-2+deb12u1.dsc
 d24ee7eb59c736c27660c883174505eff555c03f 6084 
json-smart_2.2-2+deb12u1.debian.tar.xz
 e97b106e3c62f18fa1494eb96ccaf52cbf204e14 13530 
json-smart_2.2-2+deb12u1_source.buildinfo
Checksums-Sha256:
 15b8c906664ee685e52457c5c4bbed7307af2c260e752f8e38116c087a531762 2094 
json-smart_2.2-2+deb12u1.dsc
 7531fa48b62df60b301e81028cc6e8720860f3fd3de497ae7411c05372adcd8c 6084 
json-smart_2.2-2+deb12u1.debian.tar.xz
 bd894ea54f17c978a2cc3ab2c06136eabc4802011d2ba77138ab1f60ea5cd290 13530 
json-smart_2.2-2+deb12u1_source.buildinfo
Files:
 0f1ace273a9c8ed099a0287c017234d8 2094 java optional 
json-smart_2.2-2+deb12u1.dsc
 e0e77dba4e8b8de32567cec66b70f1d6 6084 java optional 
json-smart_2.2-2+deb12u1.debian.tar.xz
 9e2245afa710a74a0062f242ef7bd0d7 13530 java optional 
json-smart_2.2-2+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmZL4O8QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCDYvEACEo797w2S+eqfEtdwkSE9c73Bpes/Plshx
1IEhukDTPNPhEz6c6MZ6Io8zewcIiPo9nh93c12uwzRsJb2CeD2HgX40ZTrxnMR8
IgZ56xH1gAuSra99K2

Processed: bump severity for usr-merge bugs

[Debian Bug Tracking System]

ps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058846
1058856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058856
1058857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058857
1058859: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058859
1059190: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059190
1059283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059283
1059365: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059365
1059371: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059371
1059372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059372
1059378: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059378
1059379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059379
1059414: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059414
1059432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059432
1059516: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059516
1059757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059757
1060080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060080
1060195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060195
1060200: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060200
1060229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060229
1060315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060315
1060333: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060333
1060335: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060335
1060344: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060344
1060352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060352
1060356: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060356
1060358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060358
1060799: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060799
1061359: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061359
1065306: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065306
1065307: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065307
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: Bug#1025012: zookeeper: starts but is completely unusable

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 1025012 3.8.0-11+deb12u1
Bug #1025012 [zookeeper] zookeeper: starts but is completely unusable
Marked as found in versions zookeeper/3.8.0-11+deb12u1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1025012: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025012
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed (with 1 error): tags ftbfs for 1070417

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1070417 ftbfs
Bug #1070417 [src:rxtx] rxtx: FTBFS: src/RawImp.c:223:23: error: implicit 
declaration of function ‘inl’ [-Werror=implicit-function-declaration]
Added tag(s) ftbfs.
> thanks,
Unknown command or malformed arguments to command.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1070417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070417
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: tags

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 988512 + ftbfs
Bug #988512 [ca-cacert] ca-cacert: class3 certificate will expire soon (on May 
20 17:48:02 2021 GMT)
Added tag(s) ftbfs.
> tags 1035594 + ftbfs
Bug #1035594 [eclipse-tracecompass] eclipse-tracecompass: depends on no longer 
available libeclipse-osgi-util-java,libequinox-p2-ui-sdk-java
Added tag(s) ftbfs.
> tags 1036167 + ftbfs
Bug #1036167 [flask-appbuilder] flask-appbuilder: Fails to build against 
python3-flask-sqlalchemy 3.0.3-1
Added tag(s) ftbfs.
> tags 1025825 + ftbfs
Bug #1025825 [grip] ImportError: cannot import name 'safe_join' from 'flask'
Added tag(s) ftbfs.
> tags 950598 + ftbfs
Bug #950598 [python3-jupyter-sphinx] python3-jupyter-sphinx: package relies on 
unavailable `ipywidgets.embed` module
Added tag(s) ftbfs.
> tags 1056839 + ftbfs
Bug #1056839 [src:pyliblo] pyliblo: ftbfs with cython 3.0.x
Added tag(s) ftbfs.
> tags 1056874 + ftbfs
Bug #1056874 [src:python-srsly] python-srsly: ftbfs with cython 3.0.x
Added tag(s) ftbfs.
> tags 1056887 + ftbfs
Bug #1056887 [src:sfepy] sfepy: ftbfs with cython 3.0.x
Added tag(s) ftbfs.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1025825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025825
1035594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035594
1036167: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036167
1056839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056839
1056874: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056874
1056887: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056887
950598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950598
988512: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988512
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: metadata

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1063527 + ftbfs
Bug #1063527 [src:einsteinpy] einsteinpy: test_plotting fails to converge with 
scipy 1.11
Added tag(s) ftbfs.
> tags 1040334 + ftbfs
Bug #1040334 [facet-analyser] facet-analyser - build-depends on conflicting 
packages
Added tag(s) ftbfs.
> tags 1071043 + ftbfs
Bug #1071043 [libpsml-dev] libpsml-dev: unsatisfiable (Build-)Depends: 
libxmlf90-dev
Added tag(s) ftbfs.
> tags 1012320 + ftbfs
Bug #1012320 [src:materialize] materialize: build-depends on non-existing 
libjs-anime
Added tag(s) ftbfs.
> tags 1014605 + ftbfs
Bug #1014605 [src:node-functional.js] node-functional.js: FTBFS, missing 
build-dependencies
Added tag(s) ftbfs.
> tags 1002847 + ftbfs
Bug #1002847 [src:nttcp] nttcp: Removal of obsolete debhelper compat 5 and 6 in 
bookworm
Added tag(s) ftbfs.
> tags 1071017 + ftbfs
Bug #1071017 [obs-source-copy] FTBFS: source-copy.cpp:615:31: error: ‘void 
obs_sceneitem_get_info(const obs_sceneitem_t*, obs_transform_info*)’ is 
deprecated [-Werror=deprecated-declarations]
Added tag(s) ftbfs.
> severity 1070545 serious
Bug #1070545 [src:php-fig-log-test] php-fig-log-test: FTBFS with phpunit 11: 
build-dependency not installable: php-psr-log (>= 2.0)
Severity set to 'serious' from 'normal'
> tags 1019042 + ftbfs
Bug #1019042 [src:qwertone] rust-qwertone: FTBFS - dep issue
Added tag(s) ftbfs.
> severity 1057677 serious
Bug #1057677 [src:resteasy] resteasy: ftbfs due to the missing dependency 
org.jboss.resteasy:resteasy-jaxrs:jar:3.6.2.Final
Severity set to 'serious' from 'important'
> tags 1025094 + ftbfs
Bug #1025094 [ruby-behance] ruby-behance fails to rebuild after new upstream of 
ruby-faraday
Added tag(s) ftbfs.
> tags 1025092 + ftbfs
Bug #1025092 [ruby-faraday-middleware] ruby-faraday-middleware fails to rebuild 
after updating ruby-faraday
Added tag(s) ftbfs.
> tags 1025090 + ftbfs
Bug #1025090 [ruby-gh] ruby-gh fails to rebuild on updating ruby-faraday
Added tag(s) ftbfs.
> tags 1037529 + ftbfs
Bug #1037529 [ruby-jekyll-github-metadata] ruby-jekyll-github-metadata: FTBFS 
with test failures when there's no network
Added tag(s) ftbfs.
> tags 1050580 + ftbfs
Bug #1050580 [src:ruby-roxml] ruby-roxml: broken by ruby-nokogiri 1.15.4
Added tag(s) ftbfs.
> tags 1050097 + ftbfs
Bug #1050097 [scrcpy] scrcpy: fails to build from source on arch:indep
Added tag(s) ftbfs.
> tags 1063827 + ftbfs
Bug #1063827 [src:tahoe-lafs] tahoe-lafs: new package tahoe-lafs depends on 
python3-future which is pending removal
Added tag(s) ftbfs.
> severity 1063827 serious
Bug #1063827 [src:tahoe-lafs] tahoe-lafs: new package tahoe-lafs depends on 
python3-future which is pending removal
Severity set to 'serious' from 'important'
> tags 1011492 + ftbfs
Bug #1011492 [src:tika] tika: FTBFS cannot find symbols
Added tag(s) ftbfs.
> tags 1050355 + ftbfs
Bug #1050355 [src:tiledarray] tiledarray has unfulfilled build dependencies
Added tag(s) ftbfs.
> tags 934977 + ftbfs
Bug #934977 [src:verilog-mode] verilog-mode: unbuildable in testing due to 
missing B-D emacs25
Added tag(s) ftbfs.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1002847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002847
1011492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011492
1012320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012320
1014605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014605
1019042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019042
1025090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025090
1025092: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025092
1025094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025094
1037529: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037529
1040334: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040334
1050097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050097
1050355: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050355
1050580: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050580
1057677: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057677
1063527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063527
1063827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063827
1070545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070545
1071017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071017
1071043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071043
934977: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934977
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1071072: marked as done (sweethome3d: New usptream release)

[Debian Bug Tracking System]

Your message dated Tue, 14 May 2024 23:06:19 +
with message-id 
and subject line Bug#1071072: fixed in sweethome3d 7.3+dfsg-1
has caused the Debian Bug report #1071072,
regarding sweethome3d: New usptream release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1071072: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071072
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: sweethome3d
Severity: wishlist

Dear Maintainer,


Could you please upload version 7.3 ?
release notes:
https://www.sweethome3d.com/blog/2024/04/04/sweet_home_3d_7_3.html

Thanks
S


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (600, 'unstable'), (500, 'oldstable'), (300, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-5-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: sweethome3d
Source-Version: 7.3+dfsg-1
Done: Pierre Gruet 

We believe that the bug you reported is fixed in the latest version of
sweethome3d, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Gruet  (supplier of updated sweethome3d package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 14 May 2024 22:38:57 +0200
Source: sweethome3d
Architecture: source
Version: 7.3+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Pierre Gruet 
Closes: 1071072
Changes:
 sweethome3d (7.3+dfsg-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version 7.3+dfsg (Closes: #1071072)
   * Refreshing patches
   * Raising Standards version to 4.7.0 (no change)
   * Adding url and developer tags to the MetaInfo file
   * Using secure URI for homepage
 .
   [ Otto Kekäläinen ]
   * Enable Salsa-CI
Checksums-Sha1:
 2eae5ae0efd2214dae7b9bdbf1bf9a7aadb7a68a 2189 sweethome3d_7.3+dfsg-1.dsc
 dbbaf6c23d33b7761b49b2c8536b7814a174ed23 13157580 
sweethome3d_7.3+dfsg.orig.tar.xz
 26d621b26ecf90113d3e063116bc3cc19cf9c3e8 25792 
sweethome3d_7.3+dfsg-1.debian.tar.xz
 fb59c8a63399d0af32b174a051e25a3c5afa0bb0 11476 
sweethome3d_7.3+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 2c770a71296cca7b424bc11d69c56e3ea1b88c61fe5fbae096f0b73ce4913df6 2189 
sweethome3d_7.3+dfsg-1.dsc
 7834fd61f72908f150c7b73257535f6d13003b3ab9ea77e7dd9270205bf9493c 13157580 
sweethome3d_7.3+dfsg.orig.tar.xz
 bdc8a48266046dfc5c18b5812edc69c644d5e614ef69e7f9835187dbed67a289 25792 
sweethome3d_7.3+dfsg-1.debian.tar.xz
 b94d3aef07f0fea516a826fede6241289d80bc95ff901b73990e56293b05f539 11476 
sweethome3d_7.3+dfsg-1_amd64.buildinfo
Files:
 5cd0d269e2befc281eaec2604b8f119c 2189 java optional sweethome3d_7.3+dfsg-1.dsc
 28da7ef2856be115ab793558c6d099a8 13157580 java optional 
sweethome3d_7.3+dfsg.orig.tar.xz
 c965154a282cc2e2b97834a914047909 25792 java optional 
sweethome3d_7.3+dfsg-1.debian.tar.xz
 e8ccf50b0628773033f095e46cd8a3d3 11476 java optional 
sweethome3d_7.3+dfsg-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmZDz/4ACgkQYAMWptwn
dHapYA/9HjM8VY/QVn1t0IY52bpd5VR2F7vbL36gYoJtan+nle/cv8a1L8slMpHk
eERgUY5UTT7v/+FWHjHszxvxA26Ul4RW+YRhHLeojaFTo+dUZwY4cSh40UPctoQx
BIjP/mFsO93XMYI5u0WG7DEWQvj4Am0tfS/K6qHBSfutY9kLnMyua3ZNt84DqZu8
lzGElHO+/9GkkYTDy5PJcJg7WHQ8GPnsxIVITGdiHXBIF/+YOR7thU9+Hl7He5aj
eaH1x4so8fM2Ja+nVc98a6MuNFwcb85OuxaJIiaK7V5HqMI4wIyDqd3VOlVXmXS5
lindcdzAyvOMRmgbTlHLPot5OBS9Qvy+dGivWezlBwQGePdmpzLBuQPvMqP9a2kL
DCK7YYSawvqxwufNd3juTMPmGZNCvYsD5pP0tuWwctg/8CFhClU9KSWfErakpREw
vLCQMjIbSnlt49OBIoYK16mvS0tMXSGnac2a7X7GPW3wQCCbpNl2pKy3H7TsMyAA
Bm6OiBtiSVZkMxRQGjaevsE16kAUMDMIBpHzUafcl3mDyYZcWci8arVfWz0CyFVI
NtUrK3Hp9ONZUI4zqP2A4JTzBR2zf7qkDui7kHIVDXp6DZtu2V+ZgtZYtq1KVS7V
Iegsas+DnSgzMuiNexv4DRW6e2RUlwbpXhtlA4P08oXiCO6u8TM=
=2Ww9
-END PGP SIGNATURE-



pgpdbDUvVxYR8.pgp
Description: PGP signature
--- End Message

Processed: reassign 1057518 to src:byte-buddy, forcibly merging 1057493 1057518, archiving 1057493

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 1057518 src:byte-buddy
Bug #1057518 [byte-buddy] libgoby-java:  FTBFS with default Java 21
Bug reassigned from package 'byte-buddy' to 'src:byte-buddy'.
Ignoring request to alter found versions of bug #1057518 to the same values 
previously set
Ignoring request to alter fixed versions of bug #1057518 to the same values 
previously set
> forcemerge 1057493 1057518
Bug #1057493 {Done: Emmanuel Bourg } [src:byte-buddy] 
byte-buddy:  FTBFS with default Java 21
Bug #1057518 [src:byte-buddy] libgoby-java:  FTBFS with default Java 21
Marked Bug as done
Marked as fixed in versions byte-buddy/1.14.13-1.
Marked as found in versions byte-buddy/1.12.23-1.
Added tag(s) patch.
Merged 1057493 1057518
> archive 1057493
Bug #1057493 {Done: Emmanuel Bourg } [src:byte-buddy] 
byte-buddy:  FTBFS with default Java 21
Bug #1057518 {Done: Emmanuel Bourg } [src:byte-buddy] 
libgoby-java:  FTBFS with default Java 21
archived 1057493 to archive/93 (from 1057493)
archived 1057518 to archive/18 (from 1057493)
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1057493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057493
1057518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057518
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed (with 2 errors): unarchiving 1057493, forcibly merging 1057493 1057518, archiving 1057493

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unarchive 1057493
Bug #1057493 {Done: Emmanuel Bourg } [src:byte-buddy] 
byte-buddy:  FTBFS with default Java 21
Unarchived Bug 1057493
> forcemerge 1057493 1057518
Bug #1057493 {Done: Emmanuel Bourg } [src:byte-buddy] 
byte-buddy:  FTBFS with default Java 21
Unable to merge bugs because:
package of #1057518 is 'byte-buddy' not 'src:byte-buddy'
Failed to forcibly merge 1057493: Did not alter merged bugs.

> archive 1057493
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1057493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057493
1057518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057518
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed (with 1 error): reassign 1057518 to byte-buddy, forcibly merging 1057493 1057518

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 1057518 byte-buddy
Bug #1057518 [src:libgoby-java] libgoby-java:  FTBFS with default Java 21
Bug reassigned from package 'src:libgoby-java' to 'byte-buddy'.
No longer marked as found in versions libgoby-java/3.3.1+dfsg2-9.
Ignoring request to alter fixed versions of bug #1057518 to the same values 
previously set
> forcemerge 1057493 1057518
Failed to forcibly merge 1057493: Not altering archived bugs; see unarchive.

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1057518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057518
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1055853: marked as done (jgit: CVE-2023-4759)

[Debian Bug Tracking System]

Your message dated Mon, 13 May 2024 21:19:39 +
with message-id 
and subject line Bug#1055853: fixed in jgit 6.7.0-1
has caused the Debian Bug report #1055853,
regarding jgit: CVE-2023-4759
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1055853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055853
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jgit
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for jgit.

CVE-2023-4759[0]:
| Arbitrary File Overwrite in Eclipse JGit <= 6.6.0  In Eclipse JGit,
| all versions <= 6.6.0.202305301015-r, a symbolic link present in a
| specially crafted git repository can be used to write a file to
| locations outside the working tree when this repository is cloned
| with JGit to a case-insensitive filesystem, or when a checkout from
| a clone of such a repository is performed on a case-insensitive
| filesystem.  This can happen on checkout (DirCacheCheckout), merge
| (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using
| merge), and when applying a patch (PatchApplier). This can be
| exploited for remote code execution (RCE), for instance if the file
| written outside the working tree is a git filter that gets executed
| on a subsequent git command.  The issue occurs only on case-
| insensitive filesystems, like the default filesystems on Windows and
| macOS. The user performing the clone or checkout must have the
| rights to create symbolic links for the problem to occur, and
| symbolic links must be enabled in the git configuration.  Setting
| git configuration option core.symlinks = false before checking out
| avoids the problem.  The issue was fixed in Eclipse JGit version
| 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via  Maven
| Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and
| repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-
| releases/ .   The JGit maintainers would like to thank RyotaK for
| finding and reporting this issue.

https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1
 (v6.6.1.202309021850-r)
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-4759
https://www.cve.org/CVERecord?id=CVE-2023-4759

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: jgit
Source-Version: 6.7.0-1
Done: Pierre Gruet 

We believe that the bug you reported is fixed in the latest version of
jgit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1055...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Gruet  (supplier of updated jgit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 13 May 2024 22:35:40 +0200
Source: jgit
Architecture: source
Version: 6.7.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Pierre Gruet 
Closes: 1055853
Changes:
 jgit (6.7.0-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version 6.7.0:
 - Fixes CVE-2023-4759 (Closes: #1055853)
   * Refreshing patches
   * Raising Standards version to 4.7.0 (no change)
   * Updating build-dependencies and Maven rules
   * Updating the list of pom.xml files to ignore
   * Building the package with javac instead of the eclipse compiler
   * Setting the versions of the Debian-packaged Maven plugins for the build
   * Skipping the generation of unneeded artifacts with maven-antrun-plugin
   * Trim trailing whitespace in d/control
Checksums-Sha1:
 f7cff0f496f34bb4cdf257ce2643661df8b3eac2 2557 jgit_6.7.0-1.dsc
 908381a49d951d672994da90d68c96e0faeacd7a 2369792 jgit_6.7.0.orig.tar.xz
 32be385b9e31688026d501b036d0aa43ba7bad07 10024 jgit_6.7.0-1.debian.tar.xz
 c4464b4152adfd8da73c0e97943cbb1c8b89618f 18146 jgit_6.7.0-1_amd64.buildinfo
Checks

Bug#1068110: marked as done (netty: CVE-2024-29025)

[Debian Bug Tracking System]

Your message dated Sun, 12 May 2024 20:36:47 +
with message-id 
and subject line Bug#1068110: fixed in netty 1:4.1.48-10
has caused the Debian Bug report #1068110,
regarding netty: CVE-2024-29025
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1068110: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: netty
Version: 1:4.1.48-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for netty.

CVE-2024-29025[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid development of maintainable high performance protocol
| servers & clients. The `HttpPostRequestDecoder` can be tricked to
| accumulate data. While the decoder can store items on the disk if
| configured so, there are no limits to the number of fields the form
| can have, an attacher can send a chunked post consisting of many
| small fields that will be accumulated in the `bodyListHttpData`
| list. The decoder cumulates bytes in the `undecodedChunk` buffer
| until it can decode a field, this field can cumulate data without
| limits. This vulnerability is fixed in 4.1.108.Final.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-29025
https://www.cve.org/CVERecord?id=CVE-2024-29025
[1] https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
[2] 
https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: netty
Source-Version: 1:4.1.48-10
Done: Markus Koschany 

We believe that the bug you reported is fixed in the latest version of
netty, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1068...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated netty package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 12 May 2024 21:20:10 +0200
Source: netty
Architecture: source
Version: 1:4.1.48-10
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1068110
Changes:
 netty (1:4.1.48-10) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2024-29025:
 Julien Viet discovered that Netty, a Java NIO client/server socket
 framework, was vulnerable to allocation of resources without limits or
 throttling due to the accumulation of data in the HttpPostRequestDecoder.
 This would allow an attacker to cause a denial of service.
 Thanks to Salvatore Bonaccorso for the report. (Closes: #1068110)
Checksums-Sha1:
 93f3861280d96cf0d92fbb7b00b7c4022ad0a46e 2573 netty_4.1.48-10.dsc
 e146316f0e3aef11e1e2e31e12332f63257ce280 43116 netty_4.1.48-10.debian.tar.xz
 2c13c8f43e404a0867bcf6405ff8c64eee33e8c4 16247 netty_4.1.48-10_amd64.buildinfo
Checksums-Sha256:
 20405785f7dbf3dfa6acab842843fd11325d070fe7933a31f3c1a5df1b262667 2573 
netty_4.1.48-10.dsc
 6db4654cec7819c9584f1aff7a4ba2c3712d20ab6eb8b515695bc5ef6af55b94 43116 
netty_4.1.48-10.debian.tar.xz
 3e414bf6b72cba2a90ef9cce9e976b79289f394fb86e176cb835d17ea3c167a0 16247 
netty_4.1.48-10_amd64.buildinfo
Files:
 1bbc65fecdf4a69526ff1e14a7f8248f 2573 java optional netty_4.1.48-10.dsc
 e2a38b6bd08265c01a0d610fd497f0bb 43116 java optional 
netty_4.1.48-10.debian.tar.xz
 44689d3be473f8cea3c1f7567d3115ee 16247 java optional 
netty_4.1.48-10_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmZBIdhfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkB3sQAMzmQwEjy1m+UguK4FtdCgulhpbqA8FdKhEj
7hykv9dmSN0xh6NYae04cqB7TwMymBUNNRKWe37pKnYt0e3Wq30xfMwa4tQ85ucd
KICsesKllcfhY6CPfwaRcyU+qpB/4iin1OsAp6y06sPH0oVFJJd+AEuw

Bug#1048315: marked as done (libfastutil-java: Fails to build source after successful build)

[Debian Bug Tracking System]

Your message dated Sun, 12 May 2024 20:35:55 +
with message-id 
and subject line Bug#1048315: fixed in libfastutil-java 8.5.12+dfsg-2
has caused the Debian Bug report #1048315,
regarding libfastutil-java: Fails to build source after successful build
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1048315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1048315
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libfastutil-java
Version: 8.5.12+dfsg-1
Severity: minor
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
User: debian...@lists.debian.org
Usertags: qa-doublebuild

Hi,

This package fails to build a source package after a successful build
(dpkg-buildpackage ; dpkg-buildpackage -S).

This is probably a clear violation of Debian Policy section 4.9 (clean target),
but this is filed as severity:minor for now, because a discussion on
debian-devel showed that we might want to revisit the requirement of a working
'clean' target.

More information about this class of issues, included common problems and
solutions, is available at
https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild

Relevant part of the build log:
> cd /<> && runuser -u user42 -- dpkg-buildpackage --sanitize-env 
> -us -uc -rfakeroot -S
> -
> 
> dpkg-buildpackage: info: source package libfastutil-java
> dpkg-buildpackage: info: source version 8.5.12+dfsg-1
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by tony mancill 
>  dpkg-source --before-build .
>  debian/rules clean
> dh clean --with javahelper --with jh_maven_repo_helper
>debian/rules override_dh_auto_clean
> make[1]: Entering directory '/<>'
> mkdir -p build
> dh_auto_clean
>   make -j8 clean
> make[2]: Entering directory '/<>'
> make[2]: Leaving directory '/<>'
> rm -f fastutil-*.jar
> rm -rf build dist docs
> find src/it/unimi/dsi/fastutil -name "*.[ch]" -delete
> # delete auto-generated *.java files.
> # Attention: This
> # find src/it/unimi/dsi/fastutil -mindepth 2 -name "*.java" -delete
> # does not work because files in /io need to remain
> find \
>   src/it/unimi/dsi/fastutil/booleans \
>   src/it/unimi/dsi/fastutil/bytes \
>   src/it/unimi/dsi/fastutil/chars \
>   src/it/unimi/dsi/fastutil/doubles \
>   src/it/unimi/dsi/fastutil/floats \
>   src/it/unimi/dsi/fastutil/ints \
>   src/it/unimi/dsi/fastutil/longs \
>   src/it/unimi/dsi/fastutil/objects \
>   src/it/unimi/dsi/fastutil/shorts \
>   -name "*.java" -delete
> rm -f src/it/unimi/dsi/fastutil/io/BinIO.java 
> src/it/unimi/dsi/fastutil/io/TextIO.java
> make[1]: Leaving directory '/<>'
>jh_clean
>dh_clean
>  dpkg-source -b .
> dpkg-source: info: using source format '3.0 (quilt)'
> dpkg-source: info: building libfastutil-java using existing 
> ./libfastutil-java_8.5.12+dfsg.orig.tar.xz
> dpkg-source: info: using patch list from debian/patches/series
> dpkg-source: warning: ignoring deletion of file 
> src/it/unimi/dsi/fastutil/longs/package-info.java, use --include-removal to 
> override
> dpkg-source: warning: ignoring deletion of file 
> src/it/unimi/dsi/fastutil/bytes/package-info.java, use --include-removal to 
> override
> dpkg-source: warning: ignoring deletion of file 
> src/it/unimi/dsi/fastutil/booleans/package-info.java, use --include-removal 
> to override
> dpkg-source: warning: ignoring deletion of file 
> src/it/unimi/dsi/fastutil/objects/package-info.java, use --include-removal to 
> override
> dpkg-source: warning: ignoring deletion of file 
> src/it/unimi/dsi/fastutil/ints/package-info.java, use --include-removal to 
> override
> dpkg-source: warning: ignoring deletion of file 
> src/it/unimi/dsi/fastutil/floats/package-info.java, use --include-removal to 
> override
> dpkg-source: warning: ignoring deletion of file 
> src/it/unimi/dsi/fastutil/chars/package-info.java, use --include-removal to 
> override
> dpkg-source: warning: ignoring deletion of file 
> src/it/unimi/dsi/fastutil/doubles/package-info.java, use --include-removal to 
> override
> dpkg-source: wa

Bug#852640: marked as done (apache-mime4j: FTBFS randomly (failing tests))

[Debian Bug Tracking System]

Your message dated Sat, 11 May 2024 18:43:53 +0200
with message-id <2ac300a2-ef57-4531-9b32-7810dec8f...@debian.org>
and subject line Re: apache-mime4j: FTBFS randomly (failing tests)
has caused the Debian Bug report #852640,
regarding apache-mime4j: FTBFS randomly (failing tests)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
852640: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852640
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:apache-mime4j
Version: 0.7.2-4
Severity: important

Dear maintainer:

I tried to build this package in stretch with "dpkg-buildpackage -A"
but it failed:


[...]
 debian/rules build-indep
dh build-indep --buildsystem=maven --with javahelper
   dh_testdir -i -O--buildsystem=maven
   dh_update_autotools_config -i -O--buildsystem=maven
   dh_auto_configure -i -O--buildsystem=maven
find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-compiler/*/*.jar': No 
such file or directory
find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-compilers/*/*.jar': No 
such file or directory
find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-containers/*/*.jar': No 
such file or directory
mh_patchpoms -plibapache-mime4j-java --debian-build --keep-pom-version 
--maven-repo=/<>/debian/maven-repo
   jh_linkjars -i -O--buildsystem=maven
   debian/rules override_dh_auto_build
make[1]: Entering directory '/<>'
dh_auto_build -- install javadoc:aggregate
/usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar
 -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml -Ddebian.dir=/<>/debian 
-Dmaven.repo.local=/<>/debian/maven-repo install javadoc:aggregate 
-DskipTests -Dnotimestamp=true -Dlocale=en_US

[... snipped ...]

Running org.apache.james.mime4j.dom.MessageServiceFactoryTest
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 sec - in 
org.apache.james.mime4j.dom.MessageServiceFactoryTest
Running org.apache.james.mime4j.dom.ExampleMessagesRoundtripTest
Tests run: 79, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.301 sec - in 
org.apache.james.mime4j.dom.ExampleMessagesRoundtripTest
Running org.apache.james.mime4j.dom.MessageCompleteMailTest
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.006 sec - in 
org.apache.james.mime4j.dom.MessageCompleteMailTest

Results :

Failed tests: 
  org.apache.james.mime4j.message.StringInputStreamTest#testBufferedRead 
AssertionFailedError

Tests run: 405, Failures: 1, Errors: 0, Skipped: 0

[INFO] 
[INFO] Reactor Summary:
[INFO] 
[INFO] Apache JAMES Mime4j Project  SUCCESS [  0.175 s]
[INFO] Apache JAMES Mime4j (Core) . SUCCESS [  6.578 s]
[INFO] Apache JAMES Mime4j (DOM) .. FAILURE [  5.005 s]
[INFO] Apache JAMES Mime4j (Storage) .. SKIPPED
[INFO] 
[INFO] BUILD FAILURE
[INFO] 
[INFO] Total time: 14.299 s
[INFO] Finished at: 2017-01-24T00:47:16+00:00
[INFO] Final Memory: 10M/27M
[INFO] 
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-surefire-plugin:2.17:test (default-test) on 
project apache-mime4j-dom: There are test failures.
[ERROR] 
[ERROR] Please refer to /<>/dom/target/surefire-reports for the 
individual test results.
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please 
read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR] 
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn  -rf :apache-mime4j-dom
dh_auto_test: /usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar
 -Dmaven.hom

Processed: tags

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 852640 + ftbfs
Bug #852640 [src:apache-mime4j] apache-mime4j: FTBFS randomly (failing tests)
Added tag(s) ftbfs.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
852640: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852640
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1057529: marked as done (opencensus-java: FTBFS with default Java 21)

[Debian Bug Tracking System]

Your message dated Wed, 08 May 2024 21:16:12 +
with message-id 
and subject line Bug#1057529: fixed in opencensus-java 0.26.0+ds-1
has caused the Debian Bug report #1057529,
regarding opencensus-java:  FTBFS with default Java 21
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1057529: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057529
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: opencensus-java
Version: 0.24.0+ds-1
Severity: important
Tags: ftbfs
User: debian-j...@lists.debian.org
Usertags: default-java21

Dear Maintainers,

The package opencensus-java ftbfs with default Java 21.
The relevant part of the build log:
---
All input files are considered out-of-date for incremental task 
':opencensus-api:compileJava'.
Compiling with JDK Java compiler API.
warning: [options] source value 8 is obsolete and will be removed in a future 
release
warning: [options] target value 8 is obsolete and will be removed in a future 
release
warning: [options] To suppress warnings about obsolete options, use 
-Xlint:-options.
error: warnings found and -Werror specified
:opencensus-api:compileJava FAILED
:opencensus-api:compileJava (Thread[#29,Daemon worker,5,main]) completed. Took 
0.819 secs.

FAILURE: Build failed with an exception.
---


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-13-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: opencensus-java
Source-Version: 0.26.0+ds-1
Done: Pierre Gruet 

We believe that the bug you reported is fixed in the latest version of
opencensus-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1057...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Gruet  (supplier of updated opencensus-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 08 May 2024 21:51:35 +0200
Source: opencensus-java
Architecture: source
Version: 0.26.0+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Pierre Gruet 
Closes: 1057529
Changes:
 opencensus-java (0.26.0+ds-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version 0.26.0+ds
   * Refreshing patches
   * Raising Standards version to 4.7.0 (no change)
   * Refreshing copyright years
 .
   [ Pushkar Kulkarni ]
   * d/rules, d/patches: Use java_compat_level to adjust -source/-target levels
 (Closes: #1057529)
Checksums-Sha1:
 0da0e1505b32b1a1f8eb8c3198a8c5fc7773f66c 2518 opencensus-java_0.26.0+ds-1.dsc
 58a45d8ae0c79d1ba92b269dd787a2ad1dcbf58b 683324 
opencensus-java_0.26.0+ds.orig.tar.xz
 773ebe89ebd5a8815fed18ce197c6f452a9ec01c 6028 
opencensus-java_0.26.0+ds-1.debian.tar.xz
 70b875e82b1f4b8c595ebc6748ae93ed43cccd18 17933 
opencensus-java_0.26.0+ds-1_amd64.buildinfo
Checksums-Sha256:
 73510547ed184b8a7ce26b624c0fbbf504e4b9e930c7dc0aab9bdb8236f5100c 2518 
opencensus-java_0.26.0+ds-1.dsc
 ca76b4062301641cc07e56b84e247ceab9a2dbdc3273665bc1fa14cc344f06f0 683324 
opencensus-java_0.26.0+ds.orig.tar.xz
 d6d135cc6b277d8cce1247e4b4fa8594cdafbab118e1c342b8392b2fb3572112 6028 
opencensus-java_0.26.0+ds-1.debian.tar.xz
 5bbe81c461a02c421b4dfc35a03f3c8b6675b246b9b8e39c15ece52ceed5cb56 17933 
opencensus-java_0.26.0+ds-1_amd64.buildinfo
Files:
 66e37b1ceaff741de54188fc67fb0b75 2518 java optional 
opencensus-java_0.26.0+ds-1.dsc
 70192c6820a56c0220bf73810524ef30 683324 java optional 
opencensus-java_0.26.0+ds.orig.tar.xz
 a683f7dd471b1da01474d3142b9d6143 6028 java optional 
opencensus-java_0.26.0+ds-1.debian.tar.xz
 f602a0f84bb66e84a20b7ca6dbb844a1 17933 java optional 
opencensus-java_0.26.0+ds-1_amd64.buildinfo

-BEGIN PGP SIGNATURE

Bug#979812: marked as done (libgrpc-java has circular Depends on libopencensus-java)

[Debian Bug Tracking System]

Your message dated Wed, 08 May 2024 21:12:18 +
with message-id 
and subject line Bug#979812: fixed in grpc-java 1.41.3+ds-4
has caused the Debian Bug report #979812,
regarding libgrpc-java has circular Depends on libopencensus-java
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
979812: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979812
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libgrpc-java
Version: 1.26.0+ds-1
Severity: important

Hello Debian Java Maintainers,

There is a circular dependency between libgrpc-java and libopencensus-java:

libgrpc-java:Depends: libopencensus-java (>= 0.24.0~)
libopencensus-java  :Depends: libgrpc-java

Circular dependencies involving shared libraries are known to cause problems
during upgrade between stable releases, so we should try to get rid of them.

Cheers,
-- 
Bill. 

Imagine a large red swirl here. 
--- End Message ---
--- Begin Message ---
Source: grpc-java
Source-Version: 1.41.3+ds-4
Done: Pierre Gruet 

We believe that the bug you reported is fixed in the latest version of
grpc-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 979...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Gruet  (supplier of updated grpc-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 08 May 2024 21:44:11 +0200
Source: grpc-java
Architecture: source
Version: 1.41.3+ds-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Pierre Gruet 
Closes: 979812 1045096
Changes:
 grpc-java (1.41.3+ds-4) unstable; urgency=medium
 .
   * Team upload
   * Removing unneeded build-dependency on libopencensus-java (Closes: #979812)
   * Raising Standards version to 4.7.0 (no change)
   * Fixing clean rule (Closes: #1045096)
Checksums-Sha1:
 73e0752db66ef0152444f4cbcf70ef53aa1ad758 2796 grpc-java_1.41.3+ds-4.dsc
 10dcfa7eff2dae63db2c61661e65a98b69ef1a86 15156 
grpc-java_1.41.3+ds-4.debian.tar.xz
 8bcb0b73a1c2023e543d706e6511d003bdd03421 20224 
grpc-java_1.41.3+ds-4_amd64.buildinfo
Checksums-Sha256:
 861d6bcc4eaf7e94b20759ffc6a858bcbb9ada8af01c84e6d08809044a0bb188 2796 
grpc-java_1.41.3+ds-4.dsc
 536c5f5df9ac07a47ffa621a14ae9070819a1f6773189ea0a80b3711c40df127 15156 
grpc-java_1.41.3+ds-4.debian.tar.xz
 61037be8d9588f4c8033444be84c88b04813cc037b273205fdc05f6ffbf76cfc 20224 
grpc-java_1.41.3+ds-4_amd64.buildinfo
Files:
 b3922efc66108b2a57c5b0c81024fea9 2796 java optional grpc-java_1.41.3+ds-4.dsc
 277762d948fc539eddeec485a3b253f0 15156 java optional 
grpc-java_1.41.3+ds-4.debian.tar.xz
 56d7c414d949a1e717db40b70d7a8ca7 20224 java optional 
grpc-java_1.41.3+ds-4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmY73WgACgkQYAMWptwn
dHbeQQ//WwHIXD05KVmpe1PNz46DKEo7yLeHq+t3uqyVzlfvJk3xjv1NhUtWy4Q+
aZt6827iyiNh++cT0ZgXndFNuLoZTA1Vy2R1JAa747BzdlhPirjf94qt0eMo4k8D
ltVMH9zlvuXnx5YnWJ4hKhmPdGEyJ2zkOKfAq6aguWBIBob4z+0utqkdk+i24ANk
ntKMU16PtFYopSExG2OY7K21gUEtIMRr+Auisbpa6nb1+Y5+vXjiR1UmxxzaPepD
oaFtFWQIjCvTZrnlFewo95Auvw54Zzrn4pNdMul+4wapKuXQkF6MUHHQM7OkGelU
yhdvxNmw/IbmKV3llxmdpiZP1XPBkl1R2WWCLbybo+g2NXdw0ofUB5k77f4zWxpT
1om9pVQzSgwZeulTq22Y4Sck+nR2N2VXYNVxq8Y1WlPXEPzGe8eM/GPMsVnRbAk0
YHCZ+ehiF9xJHARL+UB4LHcHcJgdXDDNtRrk5+ceaC/V/pjFOCNexj2ejXNhUXAB
pWzUMXX9aDqoWJYgUtkqaYE1OgtUBb13RcnxYGPYQc9MethG4MJ2Q3X53uZkYkfZ
GzqR5Kce0YatgiBg/Iu8o/OfkaQ6TGIjvU629j4vv0vxLocB8xyYMq44XxTtypeT
B9yGb1AF5ntEyvms2uChIqMPGll4JsGGixHZFGaqLf1Iqtm1A4k=
=+ZS/
-END PGP SIGNATURE-



pgpageDGfHGVa.pgp
Description: PGP signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1045096: marked as done (grpc-java: Fails to build source after successful build)

[Debian Bug Tracking System]

Your message dated Wed, 08 May 2024 21:12:18 +
with message-id 
and subject line Bug#1045096: fixed in grpc-java 1.41.3+ds-4
has caused the Debian Bug report #1045096,
regarding grpc-java: Fails to build source after successful build
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1045096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1045096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: grpc-java
Version: 1.41.3+ds-1
Severity: minor
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
User: debian...@lists.debian.org
Usertags: qa-doublebuild

Hi,

This package fails to build a source package after a successful build
(dpkg-buildpackage ; dpkg-buildpackage -S).

This is probably a clear violation of Debian Policy section 4.9 (clean target),
but this is filed as severity:minor for now, because a discussion on
debian-devel showed that we might want to revisit the requirement of a working
'clean' target.

More information about this class of issues, included common problems and
solutions, is available at
https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild

Relevant part of the build log:
> cd /<> && runuser -u user42 -- dpkg-buildpackage --sanitize-env 
> -us -uc -rfakeroot -S
> -
> 
> dpkg-buildpackage: info: source package grpc-java
> dpkg-buildpackage: info: source version 1.41.3+ds-1
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Olek Wojnar 
>  dpkg-source --before-build .
>  debian/rules clean
> dh clean --buildsystem=gradle --with maven_repo_helper
>dh_auto_clean -O--buildsystem=gradle
>   sh -c "find . -wholename .*build/tmp | xargs echo | sed -e 
> 's^build/tmp^build^g' | xargs rm -Rf"
>   sh -c "find . -wholename .*build/debian | xargs echo | sed -e 
> 's^build/tmp^build^g' | xargs rm -Rf"
>   rm -Rf /<>/grpc-java-1.41.3\+ds/.gradle 
> /<>/grpc-java-1.41.3\+ds/buildSrc/.gradle .m2
>dh_autoreconf_clean -O--buildsystem=gradle
>   rm -f -- ./install-sh ./aclocal.m4 ./compiler/Makefile.in 
> ./compiler/src/java_plugin/cpp/Makefile.in ./autom4te.cache/requests 
> ./autom4te.cache/traces.2 ./autom4te.cache/output.2 ./autom4te.cache/output.1 
> ./autom4te.cache/traces.1 ./autom4te.cache/output.0 ./autom4te.cache/traces.0 
> ./Makefile.in ./configure ./config.h.in ./depcomp ./missing
>   rm -f debian/autoreconf.before debian/autoreconf.after
>dh_clean -O--buildsystem=gradle
>   rm -f debian/debhelper-build-stamp
>   rm -rf debian/.debhelper/
>   rm -f debian/libgrpc-java.debhelper.log 
> debian/protobuf-compiler-grpc-java-plugin.debhelper.log
>   rm -f -- debian/libgrpc-java.substvars 
> debian/protobuf-compiler-grpc-java-plugin.substvars debian/files
>   rm -fr -- debian/libgrpc-java/ debian/tmp/ 
> debian/protobuf-compiler-grpc-java-plugin/
>   find .  \( \( \
>   \( -path .\*/.git -o -path .\*/.svn -o -path .\*/.bzr -o -path 
> .\*/.hg -o -path .\*/CVS -o -path .\*/.pc -o -path .\*/_darcs \) -prune -o 
> -type f -a \
>   \( -name '#*#' -o -name '.*~' -o -name '*~' -o -name DEADJOE \
>-o -name '*.orig' -o -name '*.rej' -o -name '*.bak' \
>-o -name '.*.orig' -o -name .*.rej -o -name '.SUMS' \
>-o -name TAGS -o \( -path '*/.deps/*' -a -name '*.P' \) \
>   \) -exec rm -f {} + \) -o \
>   \( -type d -a -name autom4te.cache -prune -exec rm -rf {} + \) 
> \)
>  dpkg-source -b .
> dpkg-source: info: using source format '3.0 (quilt)'
> dpkg-source: info: building grpc-java using existing 
> ./grpc-java_1.41.3+ds.orig.tar.xz
> dpkg-source: info: using patch list from debian/patches/series
> dpkg-source: error: cannot represent change to 
> compiler/src/java_plugin/cpp/grpc_java_plugin: binary file contents changed
> dpkg-source: error: add compiler/src/java_plugin/cpp/grpc_java_plugin in 
> debian/source/include-binaries if you want to store the modified binary in 
> the debian tarball
> dpkg-source: warning: executable mode 0755 of 
> 'compiler/src/java_plugin/cpp/grpc_java_plugin' will not be represented in 
> diff
> dpkg-source: error: cannot represent change to 
>

Bug#1027732: marked as done (zookeeper: Uneeded B-D on liblog4cxx-dev)

[Debian Bug Tracking System]

Your message dated Mon, 06 May 2024 23:06:48 +
with message-id 
and subject line Bug#1027732: fixed in zookeeper 3.9.2-2
has caused the Debian Bug report #1027732,
regarding zookeeper: Uneeded B-D on liblog4cxx-dev
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1027732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027732
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: zookeeper
Severity: minor

Hi,

I'm currently preparing the transition for liblog4cxx and figures out that 
zookeeper is B-D on liblog4cxx,
however its current build configuration is not using it. (It seems to be used 
for Zkfuse, which is not built
for a Debian package.)

Building with and without log4cxx and running debdiff on the result showed that 
there is no difference4 as well.

Please consider dropping the B-D!

Thanks,

-- 
tobi


-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (100, 
'bullseye-fasttrack'), (100, 'bullseye-backports-staging'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-6-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: zookeeper
Source-Version: 3.9.2-2
Done: Pierre Gruet 

We believe that the bug you reported is fixed in the latest version of
zookeeper, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1027...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Gruet  (supplier of updated zookeeper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 06 May 2024 23:40:24 +0200
Source: zookeeper
Architecture: source
Version: 3.9.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Pierre Gruet 
Closes: 1027732 1069540
Changes:
 zookeeper (3.9.2-2) unstable; urgency=medium
 .
   * Team upload
   * Raising Standards version to 4.7.0 (no change)
   * Increasing time limit in ClientSSLReloadTest (Closes: #1069540)
   * Dropping unused B-D on liblog4cxx-dev (Closes: #1027732)
Checksums-Sha1:
 92e830922baadc7e329bb9351e07a1352579f6fe 3747 zookeeper_3.9.2-2.dsc
 b1a2ab2d66db3aa58e7fab18e1c4fe680d97b396 90956 zookeeper_3.9.2-2.debian.tar.xz
 67bffd1c08ac8b1f21f896d21e9625bd41173029 18681 
zookeeper_3.9.2-2_source.buildinfo
Checksums-Sha256:
 03dd70f72391437272bea8125c714e350b6a8de419c7f39c1c5b5ec1f42f88d5 3747 
zookeeper_3.9.2-2.dsc
 241c136971a7504f1bb58d299015fc190e79cf5b739d5d9fd709d1491e70305e 90956 
zookeeper_3.9.2-2.debian.tar.xz
 68d2de9df9024ab8fe5b675b274aae2864f404a72285fd4d0f4ea0673ea4a9a0 18681 
zookeeper_3.9.2-2_source.buildinfo
Files:
 cc80c0b935c02eaccd34a09fb6dc5629 3747 java optional zookeeper_3.9.2-2.dsc
 86bae1e93bf5a24a5648f88e8a9cd540 90956 java optional 
zookeeper_3.9.2-2.debian.tar.xz
 70348916f4aa1c78a320756dceb7380c 18681 java optional 
zookeeper_3.9.2-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmY5Ts0ACgkQYAMWptwn
dHYWoRAAnjBKIl5u98bLIPwornLFp8UHEHmDVtt2YCDtqLVq3P11wgyvSoGMgNl7
7oQ5EsRR9awAmtN/4jQ+xJvcT5+MKcJL7IyhiUcyRVv+tn311wfTQv32QZ9gdJRO
SOA1a8qkSpbtoUAB7s+yip9mds7Szbh0P2VCOrJnp/FAj8hyS6udLB3YlxUlUDH5
lvUIIHWLgTCcjjfMA7GZOgCl4gVqrQ0+OdxYcHLFOblzl6ziAWMuqfv+AF9MdPS7
2Iqz5GSO8Pci+hPU2J81hPrMjCC0YssFsA5YjcfzyuOJV980UZp0+lpAt1IoRPvP
/T63VYC3quxBcLRA6IxADv5uXpdJEMDioWklKJnu5O3mPI/ax4htu9FM5n9os6So
CBlQ5D8XADc01UjFxBqbhyRc4Pp5Su/4wkL3/+P8WpEZCOHmXbah5itkC010bbbE
RqWt8QebhOUP4viJH2dwGI8Mtm+g6EB0Xz0sgjewqqUuqJJvKzQplPPZXeVoS1T8
HVSK1ZS//DEwKbkSaRmEN0uMrSFEPZvdTjcPYD9KR1aYbPWv+s5BdI4NtBbt8FKC
6w4jzYpLTzm7x2FIEXs6dA96ZyxwzIfkkIOCfn+UIWxZix+oWELDvmsBhFRzj3jt
5ktHFojLn5DcIQHFunM6h67S95Fp+T2GdaBiHCLWhEdfCF4fJg8=
=9ggJ
-END PGP SIGNATURE

Bug#1070421: marked as done (src:mac-widgets: unsatisfied build dependency in testing: libjgoodies-forms-java-doc)

[Debian Bug Tracking System]

Your message dated Mon, 06 May 2024 04:19:21 +
with message-id 
and subject line Bug#1070421: fixed in mac-widgets 0.10.0+svn416-dfsg1-4
has caused the Debian Bug report #1070421,
regarding src:mac-widgets: unsatisfied build dependency in testing: 
libjgoodies-forms-java-doc
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1070421: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070421
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: mac-widgets
Version: 0.10.0+svn416-dfsg1-3
Severity: serious
Tags: sid trixie ftbfs
User: debian...@lists.debian.org
Usertags: edos-uninstallable

Dear maintainer(s),

Dose [1] is reporting a build issue with your package, it's missing a
build dependency. Obviously your build dependencies shouldn't be
removed from testing, but unfortunately there are multiple scenarios
where that can happen nevertheless. To uphold our social contract,
Debian requires that packages can be rebuild from source in the suite
we are shipping them, so currently this is a serious issue with your
package in testing. src:libjgoodies-forms-java stopped building 
libjgoodies-forms-java-doc in it's latest upload, so your package can no 
longer be build in unstable either.


Can you please investigate the situation and figure out how to resolve
it? Regularly, if the build dependency is available in unstable,
helping the maintainer of your Build-Depends to enable migration to
testing is a great way to solve the issue. If your build dependency is
gone from unstable and testing, you'll have to fix the build process
in some other way.

Paul

Note: this bug report was sent after some quick manual checks using a
template. Please reach out to me if you believe I made a mistake in my
process.

[1] https://qa.debian.org/dose/debcheck/src_testing_main/latest/amd64.html



OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: mac-widgets
Source-Version: 0.10.0+svn416-dfsg1-4
Done: tony mancill 

We believe that the bug you reported is fixed in the latest version of
mac-widgets, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1070...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated mac-widgets package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 05 May 2024 20:56:09 -0700
Source: mac-widgets
Architecture: source
Version: 0.10.0+svn416-dfsg1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 1070421
Changes:
 mac-widgets (0.10.0+svn416-dfsg1-4) unstable; urgency=medium
 .
   * Team upload.
   * Drop libmac-widgets-doc (Closes: #1070421)
   * Update Vcs URLs to point to Salsa
Checksums-Sha1:
 3a062b3348c7af71b7769e6c4acd59a17f3fe92e 2139 
mac-widgets_0.10.0+svn416-dfsg1-4.dsc
 008f263640802c1e59253bdf160bce5cd3ac3904 3464 
mac-widgets_0.10.0+svn416-dfsg1-4.debian.tar.xz
 d57cf227cf9de9a4100fa3a59066c1a81ca3e045 12410 
mac-widgets_0.10.0+svn416-dfsg1-4_amd64.buildinfo
Checksums-Sha256:
 ae2dcfcfc79c112f133d4bfc93dd6dc4e6b78b9a310e2480ce724800a41e32d1 2139 
mac-widgets_0.10.0+svn416-dfsg1-4.dsc
 f8fc286aa3fb1fb12e6b0d52a8037a78850ab18fe4c2287455c45068b881b67a 3464 
mac-widgets_0.10.0+svn416-dfsg1-4.debian.tar.xz
 c3fee93ad7c043d167f0fcde7b450a7695c8e1a348e9c6052e0d7018657ce333 12410 
mac-widgets_0.10.0+svn416-dfsg1-4_amd64.buildinfo
Files:
 5ab27ddc0e31d010fadd2857c3464def 2139 java optional 
mac-widgets_0.10.0+svn416-dfsg1-4.dsc
 1ec8f573719d13d960fb75f52828611a 3464 java optional 
mac-widgets_0.10.0+svn416-dfsg1-4.debian.tar.xz
 269cd1fef0592f32a2004498352cc741 12410 java optional 
mac-widgets_0.10.0+svn416-dfsg1-4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmY4WDkUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZjPxAAsszF0rx6X+tI091KRrrkZ1y2EQ+F
3eWPja9mLJr0G/SijNxgy9Op+I5xFQogTk+tDp5FM/8cDl9LUyDJkwsjHoowWvEL
8AoTsx1NYI4D1CO9EghOgGtF9Zflb9IGjvaltD+I42TJI5Y1HeNNu/CnJ1S9bKjE
TtxsitjCX7r8r19xhEIm5x1VOubaYed7F0RaQEHHQPTmdWU0GcaxVkKpIwTLnNQn
tzWnUC4GouADyz7XP3

Processed: Bug#1070421 marked as pending in mac-widgets

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1070421 [src:mac-widgets] src:mac-widgets: unsatisfied build dependency in 
testing: libjgoodies-forms-java-doc
Added tag(s) pending.

-- 
1070421: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070421
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1066703: marked as done (rxtx: FTBFS: SerialImp.c:5453:23: error: implicit declaration of function ‘major’ [-Werror=implicit-function-declaration])

[Debian Bug Tracking System]

Your message dated Wed, 01 May 2024 10:20:30 +
with message-id 
and subject line Bug#1066703: fixed in rxtx 2.2.0+dfsg-3
has caused the Debian Bug report #1066703,
regarding rxtx: FTBFS: SerialImp.c:5453:23: error: implicit declaration of 
function ‘major’ [-Werror=implicit-function-declaration]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1066703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: rxtx
Version: 2.2.0+dfsg-2
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20240313 ftbfs-trixie ftbfs-impfuncdef

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.

This is most likely caused by a change in dpkg 1.22.6, that enabled
-Werror=implicit-function-declaration. For more information, see
https://wiki.debian.org/qa.debian.org/FTBFS#A2024-03-13_-Werror.3Dimplicit-function-declaration

Relevant part (hopefully):
>   /bin/bash /<>/libtool --mode=link gcc -g -O2 
> -Werror=implicit-function-declaration -ffile-prefix-map=/<>=. 
> -fstack-protector-strong -fstack-clash-protection -Wformat 
> -Werror=format-security -fcf-protection -D_POSIX_SOURCE -D_BSD_SOURCE 
> -D__need_timespec -Wl,-z,relro -lpthread -release 2.1-7 -o librxtxSerial.la 
> -rpath /usr/lib/jni /<>/x86_64-pc-linux-gnu/SerialImp.lo;
> \
> fi;   \
> )
> libtool: compile:  gcc -I/<> -Ix86_64-pc-linux-gnu -I. 
> -I/usr/lib/jvm/java-17-openjdk-amd64/include 
> -I/usr/lib/jvm/java-17-openjdk-amd64/include/./linux/ -Wdate-time 
> -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration 
> -ffile-prefix-map=/<>=. -fstack-protector-strong 
> -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection 
> -D_POSIX_SOURCE -D_BSD_SOURCE -D__need_timespec -c 
> /<>/./src/SerialImp.c  -fPIC -DPIC -o 
> /<>/x86_64-pc-linux-gnu/.libs/SerialImp.o
> In file included from 
> /usr/include/x86_64-linux-gnu/bits/libc-header-start.h:33,
>  from /usr/include/stdio.h:27,
>  from /usr/lib/jvm/java-17-openjdk-amd64/include/jni.h:39,
>  from ./gnu_io_RXTXPort.h:2,
>  from /<>/./src/SerialImp.c:64:
> /usr/include/features.h:195:3: warning: #warning "_BSD_SOURCE and 
> _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
>   195 | # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use 
> _DEFAULT_SOURCE"
>   |   ^~~
> /<>/./src/SerialImp.c: In function ‘uucp_lock’:
> /<>/./src/SerialImp.c:5453:23: error: implicit declaration of 
> function ‘major’ [-Werror=implicit-function-declaration]
>  5453 | (int) major( buf.st_dev ),
>   |   ^
> /<>/./src/SerialImp.c:5455:23: error: implicit declaration of 
> function ‘minor’ [-Werror=implicit-function-declaration]
>  5455 | (int) minor( buf.st_rdev )
>   |   ^
> /<>/./src/SerialImp.c: In function ‘is_device_locked’:
> /<>/./src/SerialImp.c:5863:33: error: implicit declaration of 
> function ‘asprintf’; did you mean ‘vsprintf’? 
> [-Werror=implicit-function-declaration]
>  5863 | asprintf( , "%s/%s%s", 
> lockdirs[i],
>   | ^~~~
>   | vsprintf
> /<>/./src/SerialImp.c: In function ‘fhs_lock’:
> /<>/./src/SerialImp.c:5377:9: warning: ignoring return value of 
> ‘write’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
>  5377 | write( fd, lockinfo, 11 );
>   | ^
> /<>/./src/SerialImp.c: In function ‘uucp_lock’:
> /<>/./src/SerialImp.c:5475:9: warning: ignoring return value of 
> ‘write’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
>  5475 | write( fd, lockinfo,11 );
>   | ^~~~
> /<>/./src/SerialImp.c: In function ‘is_device_locked’:
> /<>/./src/SerialImp.c:5940:17: warning: ignoring return value of 
> ‘read’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
>  5940 | read( fd, pid_buffer, 11 );
>   |

Processed: Bug#1066703 marked as pending in rxtx

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1066703 [src:rxtx] rxtx: FTBFS: SerialImp.c:5453:23: error: implicit 
declaration of function ‘major’ [-Werror=implicit-function-declaration]
Added tag(s) pending.

-- 
1066703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: libmariadb-java: Request to upgrade

[Debian Bug Tracking System]

Processing control commands:

> retitle -1 libmariadb-java: Request to upgrade to MariaDB
Bug #1038435 [libmariadb-java] libmariadb-java: Request to upgrade
Changed Bug title to 'libmariadb-java: Request to upgrade to MariaDB' from 
'libmariadb-java: Request to upgrade'.

-- 
1038435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1069921: marked as done (libusb-java FTCBFS: uses the build architecture compiler)

[Debian Bug Tracking System]

Your message dated Sun, 28 Apr 2024 18:04:45 +
with message-id 
and subject line Bug#1069921: fixed in libusb-java 0.8+ztex20090101-10
has caused the Debian Bug report #1069921,
regarding libusb-java FTCBFS: uses the build architecture compiler
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1069921: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069921
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libusb-java
Version: 0.8+ztex20090101-9
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

libusb-java fails to cross build from source, because the upstream
Makefile uses a non-standard variable (GCC) for the C compiler and
because debian/rules does not pass cross tools to make. I propose
renaming the variable to the usual CC variable and using dh_auto_build.
Please find a patch attached.

Helmut
diff --minimal -Nru libusb-java-0.8+ztex20090101/debian/changelog 
libusb-java-0.8+ztex20090101/debian/changelog
--- libusb-java-0.8+ztex20090101/debian/changelog   2021-02-07 
23:29:30.0 +0100
+++ libusb-java-0.8+ztex20090101/debian/changelog   2024-04-26 
11:25:31.0 +0200
@@ -1,3 +1,10 @@
+libusb-java (0.8+ztex20090101-9.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Use cross tools for build. (Closes: #-1)
+
+ -- Helmut Grohne   Fri, 26 Apr 2024 11:25:31 +0200
+
 libusb-java (0.8+ztex20090101-9) unstable; urgency=medium
 
   * Team upload.
diff --minimal -Nru libusb-java-0.8+ztex20090101/debian/patches/cross.patch 
libusb-java-0.8+ztex20090101/debian/patches/cross.patch
--- libusb-java-0.8+ztex20090101/debian/patches/cross.patch 1970-01-01 
01:00:00.0 +0100
+++ libusb-java-0.8+ztex20090101/debian/patches/cross.patch 2024-04-26 
11:25:31.0 +0200
@@ -0,0 +1,50 @@
+--- libusb-java-0.8+ztex20090101.orig/Makefile
 libusb-java-0.8+ztex20090101/Makefile
+@@ -21,7 +21,7 @@
+ ###
+ # this should not be modified #
+ ###
+-GCC=gcc
++CC?=gcc
+ STRIP=strip
+ CHMOD=chmod -x
+ JAVAC=javac -source 7 -target 7 -encoding ISO-8859-1
+@@ -51,7 +51,7 @@
+ libs: $(LIBTARGET_SH)
+ 
+ %.o: %.c LibusbJava.h
+-  $(GCC) -fPIC -g -c -std=c99 -Wall -Wno-pointer-to-int-cast $(LIBINCS) 
$< -o$@
++  $(CC) -fPIC -g -c -std=c99 -Wall -Wno-pointer-to-int-cast $(LIBINCS) $< 
-o$@
+ 
+ $(LIBTARGET_ST): $(LIBSRCS)
+ 
+@@ -64,25 +64,25 @@
+ 
+ 
+ $(LIBTARGET_ST)$(VERSIONSUFFIX): $(LIBSRCS)
+-  $(GCC) -shared -Wl,-soname,$(LIBTARGET_ST),-static $(LIBINCS) 
$(LIBSRCS) -static -o $(LIBTARGET_ST)$(VERSIONSUFFIX) $(LIBLIBS)
++  $(CC) -shared -Wl,-soname,$(LIBTARGET_ST),-static $(LIBINCS) $(LIBSRCS) 
-static -o $(LIBTARGET_ST)$(VERSIONSUFFIX) $(LIBLIBS)
+   [ -r $(LIBTARGET_ST) ] || ln -s $(LIBTARGET_ST)$(VERSIONSUFFIX) 
$(LIBTARGET_ST)
+   $(STRIP) $(LIBTARGET_ST)
+   $(CHMOD) $(LIBTARGET_ST)
+ 
+ $(LIBTARGET_SH)$(VERSIONSUFFIX): $(LIBSRCS)
+-  $(GCC) -fPIC -shared -Wl,-soname,$(LIBTARGET_SH) $(LIBINCS) $(LIBSRCS) 
-o $(LIBTARGET_SH)$(VERSIONSUFFIX) $(LIBLIBS)
++  $(CC) -fPIC -shared -Wl,-soname,$(LIBTARGET_SH) $(LIBINCS) $(LIBSRCS) 
-o $(LIBTARGET_SH)$(VERSIONSUFFIX) $(LIBLIBS)
+   [ -r $(LIBTARGET_SH) ] || ln -s $(LIBTARGET_SH)$(VERSIONSUFFIX) 
$(LIBTARGET_SH)
+   $(STRIP) $(LIBTARGET_SH)
+   $(CHMOD) $(LIBTARGET_SH)
+ 
+ $(LIBTARGET)$(VERSIONSUFFIX): $(LIBSRCS)
+-  $(GCC) -fPIC -shared -Wl,-soname,$(LIBTARGET) $(LIBINCS) $(LIBSRCS) -o 
$(LIBTARGET)$(VERSIONSUFFIX) $(LIBLIBS)
++  $(CC) -fPIC -shared -Wl,-soname,$(LIBTARGET) $(LIBINCS) $(LIBSRCS) -o 
$(LIBTARGET)$(VERSIONSUFFIX) $(LIBLIBS)
+   [ -r $(LIBTARGET) ] || ln -s $(LIBTARGET)$(VERSIONSUFFIX) $(LIBTARGET)
+   $(STRIP) $(LIBTARGET)
+   $(CHMOD) $(LIBTARGET)
+ 
+ $(LIBTARGET_64)$(VERSIONSUFFIX): $(LIBSRCS64)
+-  $(GCC) -fPIC -m64 -shared -std=c99 -Wall -Wno-pointer-to-int-cast 
-Wl,-soname,$(LIBTARGET_64) $(LIBINCS) $(LIBSRCS64) $(LIBLIBS) -o 
$(LIBTARGET_64)$(VERSIONSUFFIX)
++  $(CC) -fPIC -m64 -shared -std=c99 -Wall -Wno-pointer-to-int-cast 
-Wl,-soname,$(LIBTARGET_64) $(LIBINCS) $(LIBSRCS64) $(LIBLIBS) -o 
$(LIBTARGET_64)$(VERSIONSUFFIX)
+   [ -r $(LIBTARGET_64) ] || ln -s $(LIBTARGET_64)$(VERSIONSUFFIX) 
$(LIBTARGET_64)
+   $(STRIP) $(LIBTARGET_64)
+   $(CHMOD) $(LIBTARGET_64)
diff --minimal -Nru libusb-java-0.8+ztex20090101/debian/patches/series 
libusb-java-0.8+ztex20090101/debian/patches/series
--- libusb-java-0.8+ztex20090101/debian/patches/series  2020-09-05 
14:43:49.0 +0200
+++ libusb-java-0.8+ztex20

Bug#1057523: marked as done (libusb-java: FTBFS with default Java 21)

[Debian Bug Tracking System]

Your message dated Sun, 28 Apr 2024 18:04:45 +
with message-id 
and subject line Bug#1057523: fixed in libusb-java 0.8+ztex20090101-10
has caused the Debian Bug report #1057523,
regarding libusb-java:  FTBFS with default Java 21
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1057523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057523
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libusb-java
Version: 0.8+ztex20090101-9build1
Severity: important
Tags: ftbfs
User: debian-j...@lists.debian.org
Usertags: default-java21

Dear Maintainers,

The package libusb-java ftbfs with default Java 21.
The relevant part of the build log:
---
make[2]: Entering directory '/<>'
javac -source 7 -target 7 -encoding ISO-8859-1 ch/ntb/usb/Device.java 
ch/ntb/usb/LibLoader.java ch/ntb/usb/LibusbJava.java ch/ntb/usb/USB.java 
ch/ntb/usb/USBException.java ch/ntb/usb/USBTimeoutException.java 
ch/ntb/usb/Usb_Bus.java ch/ntb/usb/Usb_Config_Descriptor.java 
ch/ntb/usb/Usb_Descriptor.java ch/ntb/usb/Usb_Device.java 
ch/ntb/usb/Usb_Device_Descriptor.java ch/ntb/usb/Usb_Endpoint_Descriptor.java 
ch/ntb/usb/Usb_Interface.java ch/ntb/usb/Usb_Interface_Descriptor.java 
ch/ntb/usb/Utils.java ch/ntb/usb/logger/LogUtil.java
warning: [options] bootstrap class path not set in conjunction with -source 7
error: Source option 7 is no longer supported. Use 8 or later.
error: Target option 7 is no longer supported. Use 8 or later.
make[2]: *** [Makefile:91: classes.made] Error 2
make[2]: Leaving directory '/<>'
make[1]: *** [debian/rules:22: override_dh_auto_build-indep] Error 2
make[1]: Leaving directory '/<>'
make: *** [debian/rules:11: build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2

Build finished at 2023-12-04T10:20:45Z
---


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-13-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: libusb-java
Source-Version: 0.8+ztex20090101-10
Done: tony mancill 

We believe that the bug you reported is fixed in the latest version of
libusb-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1057...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated libusb-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 28 Apr 2024 10:27:45 -0700
Source: libusb-java
Architecture: source
Version: 0.8+ztex20090101-10
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 1057523 1069921
Changes:
 libusb-java (0.8+ztex20090101-10) unstable; urgency=medium
 .
   * Team upload
 .
   [ Vladimir Petko ]
   * d/rules, d/p/java-compat.patch: use java_compat_level variable provided
 by java-common to adjust -source/-target level to the minimum required
 by the default Java (Closes: #1057523).
 .
   [ Helmut Grohne ]
   * Fix FTCBFS: Use cross tools for build. (Closes: #1069921)
 .
   [ Debian Janitor ]
   * Trim trailing whitespace.
   * Use versioned copyright format URI.
 .
   [ tony mancill ]
   * Bump Standards-Version to 4.7.0
   * Set Rules-Requires-Root: no in debian/control
Checksums-Sha1:
 af3b056d0f6c70fd9259e6c2249c8e826dac5250 2192 
libusb-java_0.8+ztex20090101-10.dsc
 f73d61d156b99290f8585e984d80e17fabf327ec 5700 
libusb-java_0.8+ztex20090101-10.debian.tar.xz
 cd98005eea728e01e3ba6957def9d6592a101141 10811 
libusb-java_0.8+ztex20090101-10_amd64.buildinfo
Checksums-Sha256:
 9580b0147aa6468ba5d764bf4585ecae24c9a98906e3795560152621f9035001 2192 
libusb-java_0.8+z

Processed: Bug#1069921 marked as pending in libusb-java

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1069921 [src:libusb-java] libusb-java FTCBFS: uses the build architecture 
compiler
Added tag(s) pending.

-- 
1069921: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069921
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: rxtx: FTBFS: SerialImp.c:5453:23: error: implicit declaration of function ‘major’ [-Werror=implicit-function-declaration]

[Debian Bug Tracking System]

Processing control commands:

> tag -1 patch
Bug #1066703 [src:rxtx] rxtx: FTBFS: SerialImp.c:5453:23: error: implicit 
declaration of function ‘major’ [-Werror=implicit-function-declaration]
Added tag(s) patch.

-- 
1066703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: tagging 1064282, reassign 1069433 to src:openmpi, tagging 1069433, tagging 1069840 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1064282 + experimental
Bug #1064282 [src:poppler] poppler: NMU diff for 64-bit time_t transition
Added tag(s) experimental.
> reassign 1069433 src:openmpi 4.1.6-3
Bug #1069433 [openmpi] gtg-trace: FTBFS on armhf: tests fail
Bug reassigned from package 'openmpi' to 'src:openmpi'.
No longer marked as found in versions 4.1.6-5.
Ignoring request to alter fixed versions of bug #1069433 to the same values 
previously set
Bug #1069433 [src:openmpi] gtg-trace: FTBFS on armhf: tests fail
Marked as found in versions openmpi/4.1.6-3.
> tags 1069433 - sid trixie
Bug #1069433 [src:openmpi] gtg-trace: FTBFS on armhf: tests fail
Removed tag(s) sid and trixie.
> tags 1069840 + sid trixie
Bug #1069840 [src:maven-dependency-analyzer] maven-dependency-analyzer: FTBFS: 
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-compiler-plugin:3.10.1:testCompile 
(default-testCompile) on project maven-dependency-analyzer: Compilation failure
Added tag(s) trixie and sid.
> retitle 1069374 python-grpc-tools: FTBFS: aborting due to unexpected upstream 
> changes in grpc_tools/_protoc_compiler.cpp (generated by cython)
Bug #1069374 [src:python-grpc-tools] python-grpc-tools: FTBFS on arm64: 
aborting due to unexpected upstream changes in grpc_tools/_protoc_compiler.cpp
Changed Bug title to 'python-grpc-tools: FTBFS: aborting due to unexpected 
upstream changes in grpc_tools/_protoc_compiler.cpp (generated by cython)' from 
'python-grpc-tools: FTBFS on arm64: aborting due to unexpected upstream changes 
in grpc_tools/_protoc_compiler.cpp'.
> retitle 1069370 shasta: FTBFS: dpkg-shlibdeps: error: cannot find library 
> shasta.cpython-311-aarch64-linux-gnu.so needed by debian/shasta/usr/bin/shasta
Bug #1069370 [src:shasta] shasta: FTBFS: dpkg-shlibdeps: error: cannot continue 
due to the error above
Changed Bug title to 'shasta: FTBFS: dpkg-shlibdeps: error: cannot find library 
shasta.cpython-311-aarch64-linux-gnu.so needed by debian/shasta/usr/bin/shasta' 
from 'shasta: FTBFS: dpkg-shlibdeps: error: cannot continue due to the error 
above'.
> found 1061025 1.3.0-1
Bug #1061025 [src:libcommons-logging-java] httpcomponents-client: FTBFS: make: 
*** [debian/rules:4: build] Error 25
Marked as found in versions libcommons-logging-java/1.3.0-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1061025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061025
1064282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064282
1069370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069370
1069374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069374
1069433: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069433
1069840: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069840
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: antlr4-maven-plugin: please provide debian-versioned maven coordinates

[Debian Bug Tracking System]

Processing control commands:

> severity -1 important
Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide 
debian-versioned maven coordinates
Severity set to 'important' from 'serious'
> tags -1 - ftbfs
Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide 
debian-versioned maven coordinates
Removed tag(s) ftbfs.

-- 
1065660: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065660
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: antlr4-maven-plugin: please provide debian-versioned maven coordinates

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 1065660 serious
Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide 
debian-versioned maven coordinates
Severity set to 'serious' from 'normal'
> tags 1065660 + ftbfs
Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide 
debian-versioned maven coordinates
Added tag(s) ftbfs.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1065660: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065660
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1069015: marked as done (libnb-platform18-java is unable to set security manager with default Java 21)

[Debian Bug Tracking System]

Your message dated Wed, 24 Apr 2024 05:12:22 +
with message-id 
and subject line Bug#1069015: fixed in libnb-platform18-java 12.1-3
has caused the Debian Bug report #1069015,
regarding libnb-platform18-java is unable to set security manager with default 
Java 21
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1069015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069015
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libnb-platform18-java
Version: 12.1-2
Severity: important
User: debian-j...@lists.debian.org
Usertags: default-java21

Dear Maintainers,

When preparing an upgrade to VisualVM 2.1.8 I encountered the following 
exception:
--
$visualvm
java.lang.UnsupportedOperationException: The Security Manager is deprecated and 
will be removed in a future release
 at java.base/java.lang.System.setSecurityManager(System.java:430)
 at org.netbeans.TopSecurityManager.install(Unknown Source)
 at org.netbeans.core.NbLifecycleManager.advancePolicy(Unknown Source)
 at org.netbeans.core.GuiRunLevel.run(Unknown Source)
 at org.netbeans.core.startup.Main.start(Unknown Source)
 at org.netbeans.core.startup.TopThreadGroup.run(Unknown Source)
 at java.base/java.lang.Thread.run(Thread.java:1583)

---

This is caused by Java 21 changes to SecurityManager and is already fixed 
upstream[1]

[1] 
https://github.com/apache/netbeans/commit/4c9d9492f70b09aaeae2b8b10fc26ae29433d667


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 
'mantic'), (100, 'mantic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-27-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: libnb-platform18-java
Source-Version: 12.1-3
Done: Vladimir Petko 

We believe that the bug you reported is fixed in the latest version of
libnb-platform18-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1069...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vladimir Petko  (supplier of updated 
libnb-platform18-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 15 Apr 2024 17:24:38 +1200
Source: libnb-platform18-java
Architecture: source
Version: 12.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Vladimir Petko 
Closes: 1069015
Changes:
 libnb-platform18-java (12.1-3) unstable; urgency=medium
 .
   * Team upload
   * d/p/allow-security-manager.patch: cherry-pick upstream patch to
 allow setting Java Security Manager (Closes: #1069015).
Checksums-Sha1:
 6d6c9a850251c31785371f97bbc97d3cc0efeb97 3002 libnb-platform18-java_12.1-3.dsc
 4a4c00c7b2cdd0f882a1492a480b30e20f22dc9b 41956 
libnb-platform18-java_12.1-3.debian.tar.xz
 0fbbbd103299ac4751ec4c813e59642d3d59e595 15106 
libnb-platform18-java_12.1-3_amd64.buildinfo
Checksums-Sha256:
 4433dd0f604eaca2a541cfdb20fa8fae5bc461b3f18f0862aa33606510770622 3002 
libnb-platform18-java_12.1-3.dsc
 1394ce0ad1a4f2238043f1599cd348bbfb494439ffa68ec0f780fa034c4e1b07 41956 
libnb-platform18-java_12.1-3.debian.tar.xz
 a0fe8828ae6f5040f4d9eacdcf84c5e0bac28a27790798e70b2fabf12dd4cf72 15106 
libnb-platform18-java_12.1-3_amd64.buildinfo
Files:
 c2ae868db8561d59b80e94d81a33763d 3002 java optional 
libnb-platform18-java_12.1-3.dsc
 0eb29dfd4a39e0a87a73ce84d85c9405 41956 java optional 
libnb-platform18-java_12.1-3.debian.tar.xz
 9595a8c6719863f1134dc52034312d68 15106 java optional 
libnb-platform18-java_12.1-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYoj3oUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZKNhAArFL9U6hLgg1J48lk3Dukj+LGJ5Gw
2IETO8PF3nDH4WEf8dqQBST/LVzcZk+WrTLknXcwSjCffEI8phbgCQQfhRpsD7Z+
7q8FbiZa31NRMg7mdyI8mtXpwVP9QWrhLKrUuvzqbRi9jV1jWeqMeS+dhNfjPiyy
fvMOA0FOrxVM1VYq01bkZe1N

Processed: Bug#1069015 marked as pending in libnb-platform-java

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1069015 [src:libnb-platform18-java] libnb-platform18-java is unable to set 
security manager with default Java 21
Added tag(s) pending.

-- 
1069015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069015
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: tagging 1069678

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1069678 + upstream
Bug #1069678 {Done: Thorsten Glaser } [src:openjdk-8] 
openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1069678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1069678: marked as done (openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094)

[Debian Bug Tracking System]

Your message dated Mon, 22 Apr 2024 23:34:17 +
with message-id 
and subject line Bug#1069678: fixed in openjdk-8 8u412-ga-1
has caused the Debian Bug report #1069678,
regarding openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1069678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for openjdk-8.

CVE-2024-21011[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE (component:
| Hotspot).  Supported versions that are affected are Oracle Java SE:
| 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for
| JDK: 17.0.10, 21.0.2, 22;   Oracle GraalVM Enterprise Edition:
| 20.3.13 and  21.3.9. Difficult to exploit vulnerability allows
| unauthenticated attacker with network access via multiple protocols
| to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
| Enterprise Edition.  Successful attacks of this vulnerability can
| result in unauthorized ability to cause a partial denial of service
| (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition. Note: This vulnerability can be
| exploited by using APIs in the specified Component, e.g., through a
| web service which supplies data to the APIs. This vulnerability also
| applies to Java deployments, typically in clients running sandboxed
| Java Web Start applications or sandboxed Java applets, that load and
| run untrusted code (e.g., code that comes from the internet) and
| rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7
| (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2024-21068[1]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE (component:
| Hotspot).  Supported versions that are affected are Oracle Java SE:
| 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK:
| 17.0.10, 21.0.2 and  22; Oracle GraalVM Enterprise Edition: 21.3.9.
| Difficult to exploit vulnerability allows unauthenticated attacker
| with network access via multiple protocols to compromise Oracle Java
| SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.
| Successful attacks of this vulnerability can result in  unauthorized
| update, insert or delete access to some of Oracle Java SE, Oracle
| GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
| Note: This vulnerability can be exploited by using APIs in the
| specified Component, e.g., through a web service which supplies data
| to the APIs. This vulnerability also applies to Java deployments,
| typically in clients running sandboxed Java Web Start applications
| or sandboxed Java applets, that load and run untrusted code (e.g.,
| code that comes from the internet) and rely on the Java sandbox for
| security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).


CVE-2024-21085[2]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
| Edition product of Oracle Java SE (component: Concurrency).
| Supported versions that are affected are Oracle Java SE: 8u401,
| 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and
| 21.3.9. Difficult to exploit vulnerability allows unauthenticated
| attacker with network access via multiple protocols to compromise
| Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a partial denial of service (partial DOS) of Oracle Java SE,
| Oracle GraalVM Enterprise Edition. Note: This vulnerability can be
| exploited by using APIs in the specified Component, e.g., through a
| web service which supplies data to the APIs. This vulnerability also
| applies to Java deployments, typically in clients running sandboxed
| Java Web Start applications or sandboxed Java applets, that load and
| run untrusted code (e.g., code that comes from the internet) and
| rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7
| (Availability impacts).  CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).


CVE-2024-21094[3]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE

Processed: Re: Bug#1069678: openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1069678 + pending
Bug #1069678 [src:openjdk-8] openjdk-8: CVE-2024-21011 CVE-2024-21068 
CVE-2024-21085 CVE-2024-21094
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1069678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: add patch

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1061025 patch
Bug #1061025 [src:libcommons-logging-java] httpcomponents-client: FTBFS: make: 
*** [debian/rules:4: build] Error 25
Added tag(s) patch.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1061025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061025
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: add patch

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1069015 patch
Bug #1069015 [src:libnb-platform18-java] libnb-platform18-java is unable to set 
security manager with default Java 21
Added tag(s) patch.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1069015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069015
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1067209: marked as done (jruby: please update libfixposix4 runtime depency)

[Debian Bug Tracking System]

Your message dated Fri, 19 Apr 2024 22:35:55 +
with message-id 
and subject line Bug#1067209: fixed in jruby 9.4.6.0+ds-1.1
has caused the Debian Bug report #1067209,
regarding jruby: please update libfixposix4 runtime depency
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1067209: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067209
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: jruby
Version: 9.4.6.0+ds-1
Severity: serious
Tags: patch

Hello, libfixposix4 was renamed in libfixposix4t64, please drop or update the 
runtime dependency accordingly


Thanks for considering the patch.

diff -Nru jruby-9.4.6.0+ds/debian/control jruby-9.4.6.0+ds/debian/control
--- jruby-9.4.6.0+ds/debian/control 2024-03-08 08:55:39.0 +0100
+++ jruby-9.4.6.0+ds/debian/control 2024-03-20 07:56:30.0 +0100
@@ -63,7 +62,7 @@
  libasm-java (>= 9.5),
  libbackport9-java (>= 1.10),
  libdirgra-java,
- libfixposix4,
+ libfixposix4t64,
  libheadius-options-java (>= 1.4),
  libinvokebinder-java (>= 1.13),
  libjansi1-java,


OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: jruby
Source-Version: 9.4.6.0+ds-1.1
Done: Bastian Germann 

We believe that the bug you reported is fixed in the latest version of
jruby, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Germann  (supplier of updated jruby package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 19 Apr 2024 22:06:26 +
Source: jruby
Architecture: source
Version: 9.4.6.0+ds-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Bastian Germann 
Closes: 1067209
Changes:
 jruby (9.4.6.0+ds-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload
 .
   [ Gianfranco Costamagna ]
   * d/control: update libfixposix4 runtime depency (Closes: #1067209)
Checksums-Sha1:
 0851c4c86b106db437db7f9423b69ee1a5909443 3342 jruby_9.4.6.0+ds-1.1.dsc
 725dc4d63e020554083268efac5c280b919e2aab 3 
jruby_9.4.6.0+ds-1.1.debian.tar.xz
 52d1898b4440f3750aab4c437888c53294621e85 14837 
jruby_9.4.6.0+ds-1.1_source.buildinfo
Checksums-Sha256:
 9e7a53a2cd26d9d9713cd08bf49efc6beaad1458c2f4b1dad926c4e3cc4bc0b3 3342 
jruby_9.4.6.0+ds-1.1.dsc
 0bb73e9a579aa9cd37a847f48e53cfb7bb0a04122615ca340affce4f920f126d 3 
jruby_9.4.6.0+ds-1.1.debian.tar.xz
 ec16a5077ebb39f0a5c1e1306b109f96ce8b5e150b7ee7b11e980dd3840ba224 14837 
jruby_9.4.6.0+ds-1.1_source.buildinfo
Files:
 633bc300048fec4b5ad8afa25fb53cf6 3342 ruby optional jruby_9.4.6.0+ds-1.1.dsc
 ff70a6762925531c0a7d124634f9f1dd 3 ruby optional 
jruby_9.4.6.0+ds-1.1.debian.tar.xz
 47ba88aaf02234214416e5ee2c77ed19 14837 ruby optional 
jruby_9.4.6.0+ds-1.1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmYi7hYQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFOvjC/9NWZIpvgy2QyuB/0vS71Un+qW4oHWGdxp5
xe6lh7Tz/EiUD8G5vlZYfqg3BoNVxhoH2nYbV9WqwBGOghp/1xCV1yT5ZiIX11D4
PGp73B85kE1GtVBfyb4iGeQEAnNlRyHVm7BaRNSRV0fZ/KySrYovcnxlhOijx/tg
N8RfrjnZO1UFlwxDIPKQLrvF8sz0OYU/LYocp09RvXAuf2odCkmC/kLgfzmQvOrl
C7elT061ZS8i+t/VcBF3VBMYPEhXjVJXq9AppEiUjVq/csZ9S54j9GXLSxvqZmGh
Ex0G2hZfFtmYucMyYfKR+pKaj8Y36228Emaf7JRxWTsD2f2TVarPNCCHtrLgUww1
BJ9GPjgNqen3hmiuqwoym4By6pW3krU7FqLBJfUEasfDjC7S5lWvGziQloOsYsKg
yUEJfG5LN9Mo3z3REVTf/aAUR02GIte61LmG60smZI403ulGTFb1qvaMDc52uTsS
umL9N4XdKmKJGsi7jF2sCKmxaJqJVoo=
=UMSM
-END PGP SIGNATURE-



pgp5fW8FPDxiM.pgp
Description: PGP signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: found 1050407 in 1.6.0-2, tagging 1050407, found 1064516 in 0.9.1-1, block 1062029 with 1037597 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 1050407 1.6.0-2
Bug #1050407 [src:tycho] tycho: build-depends on obsolete 
libeclipse-osgi-util-java
Marked as found in versions tycho/1.6.0-2.
> tags 1050407 + sid trixie experimental
Bug #1050407 [src:tycho] tycho: build-depends on obsolete 
libeclipse-osgi-util-java
Added tag(s) experimental, trixie, and sid.
> found 1064516 0.9.1-1
Bug #1064516 [src:ruby-rack] ruby-rack: CVE-2024-26141 CVE-2024-25126 
CVE-2024-26146
The source 'ruby-rack' and version '0.9.1-1' do not appear to match any binary 
packages
Marked as found in versions ruby-rack/0.9.1-1.
> block 1062029 with 1037597
Bug #1062029 [src:broker] broker: NMU diff for 64-bit time_t transition
1062029 was not blocked by any bugs.
1062029 was not blocking any bugs.
Added blocking bug(s) of 1062029: 1037597
> tags 1069261 + sid trixie
Bug #1069261 [cwlformat] cwlformat: fails with newer ruamel.yaml
Added tag(s) trixie and sid.
> tags 1050843 + sid trixie
Bug #1050843 {Done: Stefano Rivera } [python3.11] 
Use-after-free crash when deallocating a frame object
Added tag(s) sid and trixie.
> found 1062171 2.0.0~svngit.20240121.06990a6+dfsg-1~exp1
Bug #1062171 {Done: Steve Langasek } [src:gmerlin] gmerlin: 
NMU diff for 64-bit time_t transition
Marked as found in versions gmerlin/2.0.0~svngit.20240121.06990a6+dfsg-1~exp1 
and reopened.
> found 1062392 13.0.0-1
Bug #1062392 {Done: Benjamin Drung } [src:libkiwix] 
libkiwix: NMU diff for 64-bit time_t transition
Marked as found in versions libkiwix/13.0.0-1 and reopened.
> tags 1069258 + sid trixie
Bug #1069258 [src:ruby-curb] ruby-curb: FTBFS: 178 tests, 699 assertions, 0 
failures, 7 errors, 0 pendings, 0 omissions, 0 notifications
Added tag(s) sid and trixie.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1050407: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050407
1050843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050843
1062029: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062029
1062171: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062171
1062392: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062392
1064516: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
1069258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069258
1069261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069261
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1069003: marked as done (visualvm: please update to visualvm 2.1.8 to support Java 21 and 22)

[Debian Bug Tracking System]

Your message dated Thu, 18 Apr 2024 08:53:32 +1200
with message-id 

and subject line Re: visualvm: please update to visualvm 2.1.8 to support Java 
21 and 22
has caused the Debian Bug report #1069003,
regarding visualvm: please update to visualvm 2.1.8 to support Java 21 and 22
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1069003: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069003
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: visualvm
Version: 2.1.6-1
Severity: wishlist

Dear Maintainer,

Would it be possible to package visualvm 2.1.8 to enable support of Java 21 and
22?

Best Regards,
 Vladimir.


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 
'mantic'), (100, 'mantic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-27-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Please close the bug, the issue is fixed in 2.1.8-2[1].

[1] 
https://tracker.debian.org/news/1519394/accepted-visualvm-218-2-source-into-unstable/--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: retitle 1064925 to RFP: fail2ban-prometheus-exporter -- collect and export Prometheus metrics on Fail2Ban ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 1064925 RFP: fail2ban-prometheus-exporter -- collect and export 
> Prometheus metrics on Fail2Ban
Bug #1064925 [wnpp] RFP: fail2ban-prometheus-exporter - collect and export 
Prometheus metrics on Fail2Ban)
Changed Bug title to 'RFP: fail2ban-prometheus-exporter -- collect and export 
Prometheus metrics on Fail2Ban' from 'RFP: fail2ban-prometheus-exporter - 
collect and export Prometheus metrics on Fail2Ban)'.
> retitle 1000161 ITP: himalaya -- cli to manage emails
Bug #1000161 [wnpp] ITP: cli to manage emails
Changed Bug title to 'ITP: himalaya -- cli to manage emails' from 'ITP: cli to 
manage emails'.
> found 1061212 3.1.6~dfsg-7
Bug #1061212 [src:emscripten] Please upgrade to llvm-toolchain-17
Marked as found in versions emscripten/3.1.6~dfsg-7.
> found 1061215 21.10-4
Bug #1061215 [src:oclgrind] Please upgrade to llvm-toolchain-17
Marked as found in versions oclgrind/21.10-4.
> found 1061216 10.0.1-2.1
Bug #1061216 [src:openvdb] Please upgrade to llvm-toolchain-17
Marked as found in versions openvdb/10.0.1-2.1.
> found 1061213 1.0.15136.3-1
Bug #1061213 [src:intel-graphics-compiler] Please upgrade to llvm-toolchain-17
Marked as found in versions intel-graphics-compiler/1.0.15136.3-1.
> found 1061214 0.41.1-1
Bug #1061214 [src:llvmlite] Please upgrade to llvm-toolchain-17
Marked as found in versions llvmlite/0.41.1-1.
> fixed 1039985 2.2-3
Bug #1039985 [libjson-smart-java] libjson-smart-java: buster-lts has a newer 
version than bullseye/bookworm/sid
Marked as fixed in versions json-smart/2.2-3.
> tags 1068975 + sid trixie
Bug #1068975 [src:python-zxcvbn] Abandoned upstream and unmaintained
Added tag(s) trixie and sid.
> tags 1068937 + sid trixie
Bug #1068937 {Done: Mathias Gibbens } [python3-lxc] 
python3-lxc: hard-coded dependency on liblcx1
Added tag(s) trixie and sid.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1000161: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000161
1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985
1061212: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061212
1061213: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061213
1061214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061214
1061215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061215
1061216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061216
1064925: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064925
1068937: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068937
1068975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1033474: marked as done (json-smart: CVE-2023-1370)

[Debian Bug Tracking System]

Your message dated Sat, 13 Apr 2024 18:56:44 +
with message-id 
and subject line Bug#1033474: fixed in json-smart 2.2-3
has caused the Debian Bug report #1033474,
regarding json-smart: CVE-2023-1370
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: json-smart
Version: 2.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for json-smart.

CVE-2023-1370[0]:
| [Json-smart](https://netplex.github.io/json-smart/) is a performance
| focused, JSON processor lib. When reaching a #8216;[#8216;
| or #8216;{#8216; character in the JSON input, the code
| parses an array or an object respectively. It was discovered that the
| code does not have any limit to the nesting of such arrays or objects.
| Since the parsing of nested arrays and objects is done recursively,
| nesting too many of them can cause a stack exhaustion (stack overflow)
| and crash the software.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-1370
https://www.cve.org/CVERecord?id=CVE-2023-1370
[1] 
https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a
[2] 
https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: json-smart
Source-Version: 2.2-3
Done: Bastien Roucariès 

We believe that the bug you reported is fixed in the latest version of
json-smart, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès  (supplier of updated json-smart package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 13 Apr 2024 14:43:01 +
Source: json-smart
Architecture: source
Version: 2.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Bastien Roucariès 
Closes: 1033474
Changes:
 json-smart (2.2-3) unstable; urgency=medium
 .
   * Team upload
   * Add watch file
   * Fix CVE-2023-1370: When reaching a ‘[‘ or ‘{‘ character
 in the JSON input, the code parses an array or
 an object respectively. It was discovered that the
 code does not have any limit to the nesting of such arrays
 or objects. Since the parsing of nested arrays and objects is
 done recursively, nesting too many of them can cause
 a stack exhaustion (stack overflow) and crash the software.
 (Closes: #1033474)
   * Use compat level 13
   * Bump policy to 4.7.7
   * Add salsa-CI
Checksums-Sha1:
 9382d735a0c6eb22fe6f440f87370d7815071501 1999 json-smart_2.2-3.dsc
 2b9020109eec357581c68d20c786ede3d62097f6 5740 json-smart_2.2-3.debian.tar.xz
 92a1016f504df1de1c331ba2dfab33b8b93c035e 14934 json-smart_2.2-3_amd64.buildinfo
Checksums-Sha256:
 dcd3ef598ec1fcab84429c966d3e831e7b683f96dc981d06c38af4a6d1522894 1999 
json-smart_2.2-3.dsc
 da2e03d8383aa613e0395796e20269fd40e0b030d0be9faae510ade8d6f3607d 5740 
json-smart_2.2-3.debian.tar.xz
 e55bf71b35e5f316a01af4e2d5a63f57144d07276c3a4989eba670b348b7219d 14934 
json-smart_2.2-3_amd64.buildinfo
Files:
 c3491d3a9c1180b3aa47e385cf70628a 1999 java optional json-smart_2.2-3.dsc
 700b6ba60861609cec67f5fd7488f663 5740 java optional 
json-smart_2.2-3.debian.tar.xz
 e15cd953d4cc385530cb25081bf9a02b 14934 java optional 
json-smart_2.2-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYazPwRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/mGA/9FFGCBY8h2TFb9okdeQ362m0KEvYwS+VT
aBLB0UOoxDLsqKRqMwUi1A7qahBZ78MKSCiyM10CMdPx7vUl3s/F7ELdk72gK29g
uzK+XgrSGxDy8s/Vi2zGEgzoxSbBQG2fOLyqScUQDk24ihpFSVztU03EIvxJWs5L
ZyhuNRGtnKwVN9qzbYS4ZQgYsDBJvDLt9XAZDopPRwy7rDcZQKy/h5KjO26+SW2x
Ppg1PS8bD

Processed: Bug#1033474 marked as pending in json-smart

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370
Ignoring request to alter tags of bug #1033474 to the same tags previously set

-- 
1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1057531: marked as done (openjfx: FTBFS with default Java 21)

[Debian Bug Tracking System]

Your message dated Sat, 13 Apr 2024 13:46:23 +
with message-id 
and subject line Bug#1057531: fixed in openjfx 11.0.11+1-3.2
has caused the Debian Bug report #1057531,
regarding openjfx:  FTBFS with default Java 21
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1057531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057531
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openjfx
Version: 11.0.11+1-3.1
Severity: important
Tags: ftbfs
User: debian-j...@lists.debian.org
Usertags: default-java21

Dear Maintainers,

The package openjfx ftbfs with default Java 21.
The relevant part of the build log:
---
Up-to-date check for task ':graphics:compileJava' took 0.162 secs. It is not 
up-to-date because:
  No history is available.
All input files are considered out-of-date for incremental task 
':graphics:compileJava'.
Compiling with Java command line compiler 
'/usr/lib/jvm/java-21-openjdk-amd64/bin/javac'.
Starting process 'command '/usr/lib/jvm/java-21-openjdk-amd64/bin/javac''. 
Working directory: /<>/modules/javafx.graphics Command: 
/usr/lib/jvm/java-21-openjdk-amd64/bin/javac 
@/<>/modules/javafx.graphics/build/tmp/compileJava/java-compiler-args.txt
Successfully started process 'command 
'/usr/lib/jvm/java-21-openjdk-amd64/bin/javac''
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:693:
 error: reference to State is ambiguous
private ObjectProperty state = new SimpleObjectProperty<>(this, 
"state", State.READY);
   ^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:694:
 error: reference to State is ambiguous
final void setState(State value) { // package access for the Service
^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:732:
 error: reference to State is ambiguous
@Override public final State getState() { checkThread(); return 
state.get(); }
   ^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:733:
 error: reference to State is ambiguous
@Override public final ReadOnlyObjectProperty stateProperty() { 
checkThread(); return state; }
  ^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:693:
 error: reference to State is ambiguous
private ObjectProperty state = new SimpleObjectProperty<>(this, 
"state", State.READY);

^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:696:
 error: reference to State is ambiguous
final State s = getState();
  ^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:697:
 error: reference to State is ambiguous
if (s != State.CANCELLED) {
 ^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:700:
 error: reference to State is ambiguous
setRunning(value == State.SCHEDULED || value == State.RUNNING);
^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:700:
 error: reference to State is ambiguous
setRunning(value == State.SCHEDULED || value == State.RUNNING);
^
  both enum java.util.concurrent.Future.State in Future and enum 
javafx.concurrent.Worker.State in Worker match
/<>/modules/javafx.graphics/src/main/java/javafx/concurrent/Task.java:1027:
 error: reference

Bug#1068159: marked as done (openjfx: FTBFS on arm{el,hf}: /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64")

[Debian Bug Tracking System]

Your message dated Sat, 13 Apr 2024 13:46:23 +
with message-id 
and subject line Bug#1068159: fixed in openjfx 11.0.11+1-3.2
has caused the Debian Bug report #1068159,
regarding openjfx: FTBFS on arm{el,hf}: /usr/include/features-time64.h:26:5: 
error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1068159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068159
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openjfx
Version: 11.0.11+1-3.1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: sramac...@debian.org

https://buildd.debian.org/status/fetch.php?pkg=openjfx=armel=11.0.11%2B1-3.1%2Bb2=1711746481=0

gcc -fPIC -Wformat -Wextra -Wformat-security -fstack-protector 
-Werror=implicit-function-declaration -Werror=trampolines -D_GNU_SOURCE 
-DGST_REMOVE_DEPRECATED -DGSTREAMER_LITE -DHAVE_CONFIG_H -DOUTSIDE_SPEEX 
-DLINUX -DGST_DISABLE_GST_DEBUG -DGST_DISABLE_LOADSAVE -ffunction-sections 
-fdata-sections -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 
-Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/<>/modules/javafx.media/src/main/native/gstreamer/projects/linux/gstreamer-lite=.
 -fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -Wall -I../../../plugins 
-I../../../gstreamer-lite/projects/build/linux/common 
-I../../../gstreamer-lite/gstreamer -I../../../gstreamer-lite/gstreamer/libs 
-I../../../gstreamer-lite/gstreamer/gst/parse 
-I../../../gstreamer-lite/gst-plugins-base 
-I../../../gstreamer-lite/gst-plugins-base/gst-libs 
-I../../../gstreamer-lite/projects/plugins 
-I../../../gstreamer-lite/gst-plugins-base/gst-libs 
-I../../../gstreamer-lite/gst-plugins-good/gst-libs 
-I../../../gstreamer-lite/gst-plugins-good/gst/isomp4 
-I../../../gstreamer-lite/gst-plugins-bad/gst-libs -I/usr/include/glib-2.0 
-I/usr/lib/arm-linux-gnueabi/glib-2.0/include  -c 
../../../gstreamer-lite/gstreamer/gst/gst.c -o 
/<>/modules/javafx.media/build/native/linux/Release/obj/gstreamer-lite/gstreamer/gst/gst.o
In file included from /usr/include/features.h:393,
 from 
/usr/include/arm-linux-gnueabi/bits/libc-header-start.h:33,
 from /usr/include/limits.h:26,
 from /usr/lib/gcc/arm-linux-gnueabi/13/include/limits.h:205,
 from /usr/lib/gcc/arm-linux-gnueabi/13/include/syslimits.h:7,
 from /usr/lib/gcc/arm-linux-gnueabi/13/include/limits.h:34,
 from 
/usr/lib/arm-linux-gnueabi/glib-2.0/include/glibconfig.h:11,
 from /usr/include/glib-2.0/glib/gtypes.h:34,
 from /usr/include/glib-2.0/glib/galloca.h:34,
 from /usr/include/glib-2.0/glib.h:32,
 from ../../../gstreamer-lite/gstreamer/gst/gst_private.h:36,
 from ../../../gstreamer-lite/gstreamer/gst/gst.c:94:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed 
only with _FILE_OFFSET_BITS=64"
   26 | #   error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
  | ^
gcc -fPIC -Wformat -Wextra -Wformat-security -fstack-protector 
-Werror=implicit-function-declaration -Werror=trampolines -D_GNU_SOURCE 
-DGST_REMOVE_DEPRECATED -DGSTREAMER_LITE -DHAVE_CONFIG_H -DOUTSIDE_SPEEX 
-DLINUX -DGST_DISABLE_GST_DEBUG -DGST_DISABLE_LOADSAVE -ffunction-sections 
-fdata-sections -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 
-Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/<>/modules/javafx.media/src/main/native/gstreamer/projects/linux/gstreamer-lite=.
 -fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -Wall -I../../../plugins 
-I../../../gstreamer-lite/projects/build/linux/common 
-I../../../gstreamer-lite/gstreamer -I../../../gstreamer-lite/gstreamer/libs 
-I../../../gstreamer-lite/gstreamer/gst/parse 
-I../../../gstreamer-lite/gst-plugins-base 
-I../../../gstreamer-lite/gst-plugins-base/gst-libs 
-I../../../gstreamer-lite/projects/plugins 
-I../../../gstreamer-lite/gst-plugins-base/gst-libs 
-I../../../gstreamer-lite/gst-plugins-good/gst-libs 
-I../../../gstreamer-lite/gst-plugins-good/gst/isomp4 
-I../../../gstreamer-lite/gst-plugins-bad/gst-libs -I/usr/include/glib-2.0 
-I/usr/lib/arm-linux-gnueabi/glib-2.0/include  -c 
../../../gstreamer-lite/gstreamer/gst/gstallocator.c -o 
/&l

Processed: openjfx: diff for NMU version 11.0.11+1-3.2

[Debian Bug Tracking System]

Processing control commands:

> tags 1057531 + patch
Bug #1057531 [src:openjfx] openjfx:  FTBFS with default Java 21
Ignoring request to alter tags of bug #1057531 to the same tags previously set

-- 
1057531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057531
1068159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068159
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: openjfx: diff for NMU version 11.0.11+1-3.2

[Debian Bug Tracking System]

Processing control commands:

> tags 1057531 + patch
Bug #1057531 [src:openjfx] openjfx:  FTBFS with default Java 21
Added tag(s) patch.

-- 
1057531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057531
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: severity of 1023702 is serious, tagging 1023702

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 1023702 serious
Bug #1023702 [src:openjfx] openjfx build depends on gcc-11 that should not be 
in bookworm
Severity set to 'serious' from 'important'
> tags 1023702 + sid trixie
Bug #1023702 [src:openjfx] openjfx build depends on gcc-11 that should not be 
in bookworm
Added tag(s) trixie and sid.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1023702: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023702
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: re: openjfx: FTBFS on arm{el, hf}: /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> Tags 1068159 +patch
Bug #1068159 [src:openjfx] openjfx: FTBFS on arm{el,hf}: 
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed 
only with _FILE_OFFSET_BITS=64"
Added tag(s) patch.
> Thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1068159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068159
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: notfound 1068806 in 1.5.0dfsg1-2, found 1068806 in 1.5.0+dfsg1-2, tagging 1068806 ...

[Debian Bug Tracking System]

/cgi-bin/bugreport.cgi?bug=1062235
1063328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063328
1063329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063329
1064582: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064582
1064740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064740
1065725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065725
1066403: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066403
1066452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066452
1066455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066455
1066456: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066456
1067321: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067321
1067532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067532
1067636: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067636
1067816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067816
1068066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068066
1068484: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068484
1068609: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068609
1068721: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068721
1068730: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068730
1068756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068756
1068757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068757
1068796: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068796
1068805: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068805
1068806: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068806
980833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed (with 1 error): tagging 1068815, tagging 1068816, tagging 1068817, tagging 168818, tagging 1068820, tagging 1068819 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1068815 + upstream
Bug #1068815 [src:undertow] undertow: CVE-2023-1973
Added tag(s) upstream.
> tags 1068816 + upstream
Bug #1068816 [src:undertow] undertow: CVE-2024-1459
Added tag(s) upstream.
> tags 1068817 + upstream
Bug #1068817 [src:undertow] undertow: CVE-2024-1635
Added tag(s) upstream.
> tags 168818 + upstream
Failed to alter tags of Bug 168818: Not altering archived bugs; see unarchive.

> tags 1068820 + upstream
Bug #1068820 [src:qemu] qemu: CVE-2024-3446
Added tag(s) upstream.
> tags 1068819 + upstream
Bug #1068819 [src:qemu] qemu: CVE-2024-26327 CVE-2024-26328
Added tag(s) upstream.
> tags 1068821 + upstream
Bug #1068821 [src:qemu] qemu: CVE-2024-3447
Added tag(s) upstream.
> tags 1068822 + upstream
Bug #1068822 [src:qemu] qemu: CVE-2024-3567
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1068815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815
1068816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
1068817: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068817
1068819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068819
1068820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068820
1068821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068821
1068822: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068822
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1057493: marked as done (byte-buddy: FTBFS with default Java 21)

[Debian Bug Tracking System]

Your message dated Tue, 09 Apr 2024 12:34:51 +
with message-id 
and subject line Bug#1057493: fixed in byte-buddy 1.14.13-1
has caused the Debian Bug report #1057493,
regarding byte-buddy:  FTBFS with default Java 21
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1057493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057493
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: byte-buddy
Version: 1.12.23-1
Severity: important
Tags: ftbfs
User: debian-j...@lists.debian.org
Usertags: default-java21

Dear Maintainers,

The package byte-buddy ftbfs with default Java 21.
The relevant part of the build log:
---
[INFO] Processing class files located in in: 
/<>/byte-buddy-dep/target/classes
[WARNING] Failed to transform class net.bytebuddy.utility.FileSystem using 
net.bytebuddy.build.CachedReturnPlugin@7e53b92e
java.lang.IllegalArgumentException: Java 21 (65) is not supported by the 
current version of Byte Buddy which officially supports Java 20 (64) - update 
Byte Buddy or set net.bytebuddy.experimental as a VM property
at net.bytebuddy.utility.OpenedClassReader.of (OpenedClassReader.java:96)
at net.bytebuddy.pool.TypePool$Default.parse (TypePool.java:855)
at net.bytebuddy.pool.TypePool$Default.doDescribe (TypePool.java:841)
at net.bytebuddy.pool.TypePool$AbstractBase.describe (TypePool.java:574)
at net.bytebuddy.pool.TypePool$AbstractBase$Hierarchical.describe 
(TypePool.java:657)
at 
net.bytebuddy.pool.TypePool$Default$LazyTypeDescription$TokenizedGenericType.toErasure
 (TypePool.java:6875)
at 
net.bytebuddy.pool.TypePool$Default$LazyTypeDescription$GenericTypeToken$Resolution$Raw$RawAnnotatedType.of
 (TypePool.java:3757)
at 
net.bytebuddy.pool.TypePool$Default$LazyTypeDescription$GenericTypeToken$Resolution$Raw.resolveReturnType
 (TypePool.java:3665)
at 
net.bytebuddy.pool.TypePool$Default$LazyTypeDescription$LazyMethodDescription.getReturnType
 (TypePool.java:7437)
at net.bytebuddy.asm.Advice$Dispatcher$Resolved$AbstractBase. 
(Advice.java:7975)
at net.bytebuddy.asm.Advice$Dispatcher$Inlining$Resolved. 
(Advice.java:8261)
at 
net.bytebuddy.asm.Advice$Dispatcher$Inlining$Resolved$ForMethodEnter. 
(Advice.java:8659)
at 
net.bytebuddy.asm.Advice$Dispatcher$Inlining$Resolved$ForMethodEnter$WithRetainedEnterType.
 (Advice.java:8861)
at net.bytebuddy.asm.Advice$Dispatcher$Inlining$Resolved$ForMethodEnter.of 
(Advice.java:8701)
at net.bytebuddy.asm.Advice$Dispatcher$Inlining.asMethodEnter 
(Advice.java:8206)
at net.bytebuddy.asm.Advice.to (Advice.java:360)
at net.bytebuddy.asm.Advice$WithCustomMapping.to (Advice.java:14427)
at net.bytebuddy.build.CachedReturnPlugin.apply 
(CachedReturnPlugin.java:166)
at net.bytebuddy.build.Plugin$Engine$Default$Preprocessor$Resolved.call 
(Plugin.java:4877)
at net.bytebuddy.build.Plugin$Engine$Default$Preprocessor$Resolved.call 
(Plugin.java:4850)
at 
net.bytebuddy.build.Plugin$Engine$Dispatcher$ForSerialTransformation.accept 
(Plugin.java:3902)
at net.bytebuddy.build.Plugin$Engine$Default.apply (Plugin.java:4697)
at net.bytebuddy.build.maven.ByteBuddyMojo.apply (ByteBuddyMojo.java:451)
at net.bytebuddy.build.maven.ByteBuddyMojo.execute (ByteBuddyMojo.java:323)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo 
(DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 
(MojoExecutor.java:370)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute 
(MojoExecutor.java:351)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute 
(MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute 
(MojoExecutor.java:171)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute 
(MojoExecutor.java:163)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject 
(LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject 
(LifecycleModuleBuilder.java:81)
at 
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
 (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute 
(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:298)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.ja

Processed: Re: libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1039985 [libjson-smart-java] libjson-smart-java: buster-lts has a newer 
version than bullseye/bookworm/sid
Added tag(s) pending.
> tag 1033474 pending
Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370
Added tag(s) pending.
> fixed 1033474 2.2-2+deb10u1
Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370
The source 'json-smart' and version '2.2-2+deb10u1' do not appear to match any 
binary packages
Marked as fixed in versions json-smart/2.2-2+deb10u1.

-- 
1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: bookworm-pu: package json-smart/2.2-2+deb12u1

[Debian Bug Tracking System]

Processing control commands:

> affects -1 + src:json-smart
Bug #1068695 [release.debian.org] bookworm-pu: package json-smart/2.2-2+deb12u1
Added indication that 1068695 affects src:json-smart
> block 1039985 with -1
Bug #1039985 [libjson-smart-java] libjson-smart-java: buster-lts has a newer 
version than bullseye/bookworm/sid
1039985 was blocked by: 1068694
1039985 was not blocking any bugs.
Added blocking bug(s) of 1039985: 1068695
> block 1033474 with -1
Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370
1033474 was blocked by: 1068694
1033474 was not blocking any bugs.
Added blocking bug(s) of 1033474: 1068695

-- 
1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985
1068695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: bullseye-pu: package json-smart/2.2-2+deb11u1

[Debian Bug Tracking System]

Processing control commands:

> affects -1 + src:json-smart
Bug #1068694 [release.debian.org] bullseye-pu: package json-smart/2.2-2+deb11u1
Added indication that 1068694 affects src:json-smart
> block 1039985 with -1
Bug #1039985 [libjson-smart-java] libjson-smart-java: buster-lts has a newer 
version than bullseye/bookworm/sid
1039985 was not blocked by any bugs.
1039985 was not blocking any bugs.
Added blocking bug(s) of 1039985: 1068694
> block 1033474 with -1
Bug #1033474 [src:json-smart] json-smart: CVE-2023-1370
1033474 was not blocked by any bugs.
1033474 was not blocking any bugs.
Added blocking bug(s) of 1033474: 1068694

-- 
1033474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985
1068694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068694
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1041435: marked as done (bitsnpicas: Contains potentially non-free binary unicode data)

[Debian Bug Tracking System]

Your message dated Mon, 08 Apr 2024 11:05:36 +0200
with message-id 
and subject line bitsnpicas: Contains potentially non-free binary unicode data
has caused the Debian Bug report #1041435,
regarding bitsnpicas: Contains potentially non-free binary unicode data
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bitsnpicas
Version: 2.0+ds-1
Severity: serious
X-Debbugs-Cc: t...@debian.org

Dear Maintainer,

bitsnpicas is currently unusable and chokes with:

$ bitsnpicas
Exception in thread "main" java.lang.NullPointerException
at java.base/java.io.Reader.(Reader.java:168)
at java.base/java.io.InputStreamReader.(InputStreamReader.java:76)
at java.base/java.util.Scanner.(Scanner.java:566)
at com.kreative.unicode.data.Encoding.(Encoding.java:26)
at com.kreative.unicode.data.EncodingList.(EncodingList.java:58)
at com.kreative.unicode.data.EncodingList.instance(EncodingList.java:20)
at 
com.kreative.bitsnpicas.edit.GlyphListModelList$GlyphListModelRootNode.(GlyphListModelList.java:93)
at 
com.kreative.bitsnpicas.edit.GlyphListModelList.(GlyphListModelList.java:29)
at 
com.kreative.bitsnpicas.edit.GlyphListPanel.(GlyphListPanel.java:34)
at 
com.kreative.bitsnpicas.edit.BitmapListFrame.(BitmapListFrame.java:19)
at com.kreative.bitsnpicas.edit.Main.openFont(Main.java:158)
at com.kreative.bitsnpicas.edit.Main.newBitmapFont(Main.java:71)
at com.kreative.bitsnpicas.edit.Main.main(Main.java:55)
at com.kreative.bitsnpicas.main.Main.main(Main.java:12)

This is because of the exclusion of following files w/o patching the
code properly

 main/java/BitsNPicas/src/com/kreative/unicode/mappings/Mac*.txt
 main/java/BitsNPicas/src/com/kreative/unicode/mappings/Windows*.txt
 main/java/BitsNPicas/src/com/kreative/unicode/mappings/IBM*.txt

I applied a patch trying to exclude unicodes and can get it to a usable state. 
The patch is
attached with this bug report. However, even after being able to launch
the menu, I see windows and IBM related unicode options in the menu. I
did not dive deep into the code, but it could be stemming from

main/java/BitsNPicas/src/com/kreative/unicode/data/unidata.ucd

In which case the unicode bin itself contains non-free content and needs
fixing accordingly.

Thanks,
Nilesh

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_IN, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bitsnpicas depends on:
ii  xdg-utils  1.1.3-4.1

bitsnpicas recommends no packages.

bitsnpicas suggests no packages.

-- no debconf information
diff --git a/main/java/BitsNPicas/Makefile b/main/java/BitsNPicas/Makefile
index d339248..3955afc 100644
--- a/main/java/BitsNPicas/Makefile
+++ b/main/java/BitsNPicas/Makefile
@@ -48,47 +48,16 @@ BitsNPicas.jar: bin
 	jar cmf dep/MANIFEST.MF BitsNPicas.jar -C bin com/kreative/unicode -C bin com/kreative/bitsnpicas
 	chmod +x BitsNPicas.jar
 
-BitsNPicas.app: BitsNPicas-Pre10.15.app BitsNPicas-MacOS10.15.app BitsNPicas-MacOS11.0.app
+BitsNPicas.app: BitsNPicas-Pre10.15.app
 
 BitsNPicas-Pre10.15.app: dep BitsNPicas.jar
-	mkdir -p BitsNPicas-Pre10.15.app/Contents/MacOS
 	mkdir -p BitsNPicas-Pre10.15.app/Contents/Resources/Java
 	cp -f dep/PkgInfo BitsNPicas-Pre10.15.app/Contents
 	cp -f dep/Info.plist BitsNPicas-Pre10.15.app/Contents
-	cp -f dep/universalJavaApplicationStub-Pre10.15 BitsNPicas-Pre10.15.app/Contents/MacOS/BitsNPicas
 	cp -f dep/kbnp*.icns dep/dmov*.icns dep/movr*.icns BitsNPicas-Pre10.15.app/Contents/Resources
 	cp -f dep/*.jar BitsNPicas-Pre10.15.app/Contents/Resources/Java
 	cp -f BitsNPicas.jar BitsNPicas-Pre10.15.app/Contents/Resources/Java
 
-BitsNPicas-MacOS10.15.app: dep BitsNPicas.jar
-	mkdir -p BitsNPicas-MacOS10.15.app/Contents/MacOS
-	mkdir -p BitsNPicas-MacOS10.15.app/Contents/Resources/Java
-	cp -f dep/PkgInfo BitsNPicas-MacOS10.15.app/Contents
-	cp -f dep/Info.plist BitsNPicas-MacOS10.15.app/Contents
-	cp -f dep/universalJavaApplicationStub-MacOS10.15 BitsNPicas-MacOS10.15.app/Contents/MacOS/BitsNPicas
-	cp -f dep/kbnp*.icns dep/dmov*.icns dep/movr*.icns BitsNPicas-MacOS10.15.ap

Bug#1067929: marked as done (Update Depends for the time64 renames)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2024 17:45:53 +
with message-id 
and subject line Bug#1067929: fixed in java-package 0.64
has caused the Debian Bug report #1067929,
regarding Update Depends for the time64 renames
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1067929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067929
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: java-package
Version: 0.63
Severity: serious

The package explicitly lists some library packages in Depends, at least
libasound2 needs to be changed to libasound2t64 there, I haven't checked if any
others also were renamed.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: java-package
Source-Version: 0.64
Done: tony mancill 

We believe that the bug you reported is fixed in the latest version of
java-package, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated java-package package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 07 Apr 2024 10:05:17 -0700
Source: java-package
Architecture: source
Version: 0.64
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 1067929
Changes:
 java-package (0.64) unstable; urgency=medium
 .
   * Team upload.
   * Update java-package Depends for time64 transition (Closes: #1067929)
Checksums-Sha1:
 3770267022d8139b5b955b4e1f81721ab35b2e74 1661 java-package_0.64.dsc
 a6a0bec6e1e94a0f0b1f3e0fe3a27adffd92a5a9 20016 java-package_0.64.tar.xz
 bb7ec3f5dd656a0cfedd7c0e55f9419c0ca5439b 5946 java-package_0.64_amd64.buildinfo
Checksums-Sha256:
 bab24c607403060c57a759d7670306b605b2106d9076517897260556c6870f25 1661 
java-package_0.64.dsc
 234bba26b6beee72baf3c465a17e51f4e63cc5447ab74a13351a7d88294bdd60 20016 
java-package_0.64.tar.xz
 4fbbfb71213fe33374f9cd599247d9f9c9bfec41bbb86a70dccf3dcedad2574e 5946 
java-package_0.64_amd64.buildinfo
Files:
 d2cf5a802161ed50e2c9f38211e8947c 1661 contrib/misc optional 
java-package_0.64.dsc
 8f61c798a6e26d5ff31bb0b8dc56c8e7 20016 contrib/misc optional 
java-package_0.64.tar.xz
 80aeb1255a8f496519f092da00a9d161 5946 contrib/misc optional 
java-package_0.64_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYS04gUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpbm9BAAvJOrjbJwPqUWYYV/hvTFiHc2JlrJ
A7QrOAf7e39c5SjKrK7ZiqQQjx+imNED9XoiK3EW8oNxQfrT7c5ww49BkRfa2MeS
LSfO3kEJ6tULxDpWK6S1RJPMUifbrglsW2PSTAHcSdth1rnKA/Yy4kvZjTwwlTDs
o4QBYqttS5/JUGgNQGhgwGY9ReH/yggY0hZ1eLwbHkNYrs9WMDFHtF6oRnlQPvC/
3XonXBA8Dc9cQvhRaGwyqno5HOTA/Y56lTbBgZ1AM5iWvPH5/PaAvozNjcZurXJ/
tHhx2Irxxj6DD3/NC2n1xULLOh1P/hX6htFo2Tr/zJ3EsvPQbxN8dB0839N8VaNf
dBNFSKva+sYPHjYr0GLeMbLle5UZ1hXdlPS4Ogoq1WOSM0j2M/9s1cce7XQ5vj23
CrGD3a24VGGoLjczX/a4T/1eSLF/ixz/eNH08HpfWiEypDvnFaxO4D/S0JmiF9aI
2BtWtDchNTLnqIJ7uTOyo5EO3r+xsJ4CQGsuP3kqjsbBbSRVgdG2rw9zVlImTo4T
kKn9QJIUaqBIFyWTHHQxUTaq+oTYpQNx0uoeZUOaOEOGZX5KttQ9NH2kSdOQk41I
PdFES3+HHVajHgwqM61itMoRBNtigExNzAi+P1UzMQJ+l1KbuS9TmaLEg7LzEcdH
n74AlyIrlrJU9Vs=
=gPuR
-END PGP SIGNATURE-



pgpN6_rbo8ENg.pgp
Description: PGP signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Bug#1067929 marked as pending in java-package

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1067929 [src:java-package] Update Depends for the time64 renames
Added tag(s) pending.

-- 
1067929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067929
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Bug#1068233 marked as pending in snappy-java

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1068233 [src:snappy-java] snappy-java: please add support for loong64
Added tag(s) pending.

-- 
1068233: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068233
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1064192: marked as done (openrefine: CVE-2024-23833)

[Debian Bug Tracking System]

Your message dated Sat, 06 Apr 2024 20:37:30 +
with message-id 
and subject line Bug#1064192: fixed in openrefine 3.7.8-1
has caused the Debian Bug report #1064192,
regarding openrefine: CVE-2024-23833
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1064192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064192
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openrefine
Version: 3.7.7-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for openrefine.

Markus, please adjust severity if you think grave/RC severity is not
appropriate. openrefine updates were batches previously as well just
in point release, that might be enough here as well.

CVE-2024-23833[0]:
| OpenRefine is a free, open source power tool for working with messy
| data and improving it. A jdbc attack vulnerability exists in
| OpenRefine(version<=3.7.7) where an attacker may construct a JDBC
| query which may read files on the host filesystem. Due to the newer
| MySQL driver library in the latest version of OpenRefine (8.0.30),
| there is no associated deserialization utilization point, so
| original code execution cannot be achieved, but attackers can use
| this vulnerability to read sensitive files on the target server.
| This issue has been addressed in version 3.7.8. Users are advised to
| upgrade. There are no known workarounds for this vulnerability.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-23833
https://www.cve.org/CVERecord?id=CVE-2024-23833
[1] 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4
[2] 
https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openrefine
Source-Version: 3.7.8-1
Done: Markus Koschany 

We believe that the bug you reported is fixed in the latest version of
openrefine, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated openrefine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 06 Apr 2024 21:45:36 +0200
Source: openrefine
Architecture: source
Version: 3.7.8-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1064192
Changes:
 openrefine (3.7.8-1) unstable; urgency=high
 .
   * New upstream version 3.7.8
 - Fix CVE-2024-23833: A jdbc attack vulnerability exists in OpenRefine
   where an attacker may construct a JDBC query which may read files on
   the host filesystem. (Closes: #1064192)
   Thanks to Salvatore Bonaccorso for the report.
Checksums-Sha1:
 db1ea80492009c7f88022b910aa0d0f569fb9dc7 3613 openrefine_3.7.8-1.dsc
 13d0d733d33971054fa7871f5f7c7dd9452670a2 4288064 openrefine_3.7.8.orig.tar.xz
 b3e70722ffd02b68caf7d650281a49c1e2b3e254 309112 
openrefine_3.7.8-1.debian.tar.xz
 16c43d96f6fe57d6f2bf869d9d9b528b741179a6 19133 
openrefine_3.7.8-1_amd64.buildinfo
Checksums-Sha256:
 0a9fbb24aa4a25d676370fb9043bb77ef8777982d2b3222486f8759e4f5dbd9c 3613 
openrefine_3.7.8-1.dsc
 7d79bc097c47d7fe1aae4f14c72a96a5a954f2423f13d5805b88e6e54fd73b36 4288064 
openrefine_3.7.8.orig.tar.xz
 7b9718dc85bf8a51bb81598bef739233a11d28294f0e1d2d5fd362bcf089f9f8 309112 
openrefine_3.7.8-1.debian.tar.xz
 109398ee7b162bdfa5f1f462394bdd8b2c6ea93f74edf7327c8d0e2f02b0f4c6 19133 
openrefine_3.7.8-1_amd64.buildinfo
Files:
 bb8e95ddf713492ab47fc311d3b6c94e 3613 java optional openrefine_3.7.8-1.dsc
 9d8c0ccd036a61609d402d99cf6c0503 4288064 java optional 
openrefine_3.7.8.orig.tar.xz
 ebf7337b97b7bbceb84f48c4585eff0e 309112 java optional 
openrefine_3.7.8-1.debian.tar.xz
 aae95b881f31b05963a9f681a10c31d7 19133 java optional 
openrefine_3.7.8-1_amd64.buildinfo

-BE

Bug#1027309: marked as done (jetty9: dpkg-source died)

[Debian Bug Tracking System]

Your message dated Sat, 06 Apr 2024 15:46:27 +0200
with message-id 
and subject line Close 1027309, not a bug
has caused the Debian Bug report #1027309,
regarding jetty9: dpkg-source died
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1027309: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027309
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: jetty9
Version: 9.4.49-1.1
Severity: normal
Tags: ftbfs

Dear Maintainer,

I cloned the jetty9 repo from https://salsa.debian.org/java-team/jetty9.git.

I did not change anything and tried to build the package from source,it 
complains:

https://salsa.debian.org/java-team/jetty9.gitdpkg-source: warning: extracting 
unsigned source package (jetty9_9.4.50-1.dsc)
dpkg-source: info: extracting jetty9 in /<>
dpkg-source: info: unpacking jetty9_9.4.50.orig.tar.bz2
dpkg-source: info: unpacking jetty9_9.4.50-1.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying 01-maven-bundle-plugin-version.patch
dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -E -b -B 
.pc/01-maven-bundle-plugin-version.patch/ --reject-file=- < 
/<>/debian/patches/01-maven-bundle-plugin-version.patch subprocess 
returned exit status 1
patching file pom.xml
Reversed (or previously applied) patch detected!  Skipping patch.
1 out of 1 hunk ignored
dpkg-source: info: the patch has fuzz which is not allowed, or is malformed
dpkg-source: info: if patch '01-maven-bundle-plugin-version.patch' is correctly 
applied by quilt, use 'quilt refresh' to update it
dpkg-source: info: if the file is present in the unpacked source, make sure it 
is also present in the orig tarball
E: FAILED [dpkg-source died]

+--+
| Cleanup  |
+--+

Purging /<>
Not cleaning session: cloned chroot in use
E: FAILED [dpkg-source died]

+--+
| Summary  |
+--+

Build Architecture: amd64
Build Type: full
Build-Space: 114756
Build-Time: 0
Distribution: unstable
Fail-Stage: unpack
Host Architecture: amd64
Install-Time: 1769
Job: /home/sunmin/src/java-jetty9/salsa-fork/jetty9_9.4.50-1.dsc
Machine Architecture: amd64
Package: jetty9
Package-Time: 0
Source-Version: 9.4.50-1
Space: 114756
Status: given-back
Version: 9.4.50-1

Finished at 2022-12-30T02:22:39Z
Build needed 00:00:00, 114756k disk space
E: FAILED [dpkg-source died]

I'm sure the patch files do exist and this error is strange, please help 
resolve it.

Thanks!

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: riscv64

Kernel: Linux 5.10.102.1-microsoft-standard-WSL2+ (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages jetty9 depends on:
ii  adduser   3.128
ii  apache2-utils 2.4.54-4
ii  default-jre-headless [java8-runtime-headless] 2:1.11-72
ii  libecj-java   3.16.0-1
ii  libjetty9-extra-java  9.4.49-1.1
ii  libjetty9-java9.4.49-1.1
ii  lsb-base  11.2
ii  openjdk-11-jre-headless [java8-runtime-headless]  11.0.17+8-2

Versions of packages jetty9 recommends:
ii  authbind  2.1.3

jetty9 suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
jetty9 can be downloaded from Debian and build from source. Closing as not a
bug.



signature.asc
Description: This is a digitally signed message part
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1066878: marked as done (tomcat10: CVE-2024-24549)

[Debian Bug Tracking System]

Your message dated Sat, 06 Apr 2024 12:21:29 +
with message-id 
and subject line Bug#1066878: fixed in tomcat10 10.1.20-1
has caused the Debian Bug report #1066878,
regarding tomcat10: CVE-2024-24549
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1066878: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for tomcat10.

CVE-2024-24549[0]:
| Denial of Service due to improper input validation vulnerability for
| HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request,
| if the request exceeded any of the configured limits for headers,
| the associated HTTP/2 stream was not reset until after all of the
| headers had been processed.This issue affects Apache Tomcat: from
| 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from
| 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.  Users are
| recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or
| 8.5.99 which fix the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-24549
https://www.cve.org/CVERecord?id=CVE-2024-24549
[1] https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tomcat10
Source-Version: 10.1.20-1
Done: Markus Koschany 

We believe that the bug you reported is fixed in the latest version of
tomcat10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1066...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated tomcat10 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 06 Apr 2024 13:43:19 +0200
Source: tomcat10
Architecture: source
Version: 10.1.20-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1066877 1066878
Changes:
 tomcat10 (10.1.20-1) unstable; urgency=high
 .
   * New upstream version 10.1.20.
 - Fix CVE-2024-24549: Denial of Service due to improper input validation
   vulnerability. (Closes: #1066878)
 - Fix CVE-2024-23672: Denial of Service via incomplete cleanup
   vulnerability. (Closes: #1066877)
   * Remove obsolete dependency on lsb-base from tomcat10 binary package.
Checksums-Sha1:
 133357fea4ff5d111927f152c513e467cc152179 2982 tomcat10_10.1.20-1.dsc
 6f598d68a306ecf85420b82bc59fbaa03d811dcf 4045252 tomcat10_10.1.20.orig.tar.xz
 27f6a7a10a8babb1534baa003cefafec772679b3 36832 tomcat10_10.1.20-1.debian.tar.xz
 ac9c22b2fe2c3cbba9dad1da9370662bd546518b 16741 
tomcat10_10.1.20-1_amd64.buildinfo
Checksums-Sha256:
 9bf13e950be9045ec5f6aef375f4ca93a2ba2a50f7452cae089fc3e578a11bb2 2982 
tomcat10_10.1.20-1.dsc
 35f6966065c77de6785e5002b3745bd388d169ced4e4beb8d2f908d98eaa8969 4045252 
tomcat10_10.1.20.orig.tar.xz
 57776897862bcc416aa059d35bd04a30eb73be58dfe35b7b7d37d00a09c7f4b6 36832 
tomcat10_10.1.20-1.debian.tar.xz
 5b4fe7b64bd097ae26fca31f709d8ca5aa62cd174b436a98123cfaa567c5fcc9 16741 
tomcat10_10.1.20-1_amd64.buildinfo
Files:
 29927bc8821131930531197ba0dd39db 2982 java optional tomcat10_10.1.20-1.dsc
 f6b238c3f28196f1ea27a6f9213085ee 4045252 java optional 
tomcat10_10.1.20.orig.tar.xz
 028489e456cf4d67a3f7760c6ddec556 36832 java optional 
tomcat10_10.1.20-1.debian.tar.xz
 7c85908c95811529be3dcb24a011f7ac 16741 java optional 
tomcat10_10.1.20-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYROOBfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk2oMP/jbh9+v3Fd/SX2AY7wWj6h5FBa7UesfroUDb
4Y07AbaN+gO63VO2mEWCKWtbZoeAa2b5VmCH4kD/lPaYYVTrDIXADrtu5bbrRvS

Bug#1066877: marked as done (tomcat10: CVE-2024-23672)

[Debian Bug Tracking System]

Your message dated Sat, 06 Apr 2024 12:21:29 +
with message-id 
and subject line Bug#1066877: fixed in tomcat10 10.1.20-1
has caused the Debian Bug report #1066877,
regarding tomcat10: CVE-2024-23672
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1066877: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066877
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for tomcat10.

CVE-2024-23672[0]:
| Denial of Service via incomplete cleanup vulnerability in Apache
| Tomcat. It was possible for WebSocket clients to keep WebSocket
| connections open leading to increased resource consumption.This
| issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from
| 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0
| through 8.5.98.  Users are recommended to upgrade to version
| 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-23672
https://www.cve.org/CVERecord?id=CVE-2024-23672
[1] https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tomcat10
Source-Version: 10.1.20-1
Done: Markus Koschany 

We believe that the bug you reported is fixed in the latest version of
tomcat10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1066...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated tomcat10 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 06 Apr 2024 13:43:19 +0200
Source: tomcat10
Architecture: source
Version: 10.1.20-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1066877 1066878
Changes:
 tomcat10 (10.1.20-1) unstable; urgency=high
 .
   * New upstream version 10.1.20.
 - Fix CVE-2024-24549: Denial of Service due to improper input validation
   vulnerability. (Closes: #1066878)
 - Fix CVE-2024-23672: Denial of Service via incomplete cleanup
   vulnerability. (Closes: #1066877)
   * Remove obsolete dependency on lsb-base from tomcat10 binary package.
Checksums-Sha1:
 133357fea4ff5d111927f152c513e467cc152179 2982 tomcat10_10.1.20-1.dsc
 6f598d68a306ecf85420b82bc59fbaa03d811dcf 4045252 tomcat10_10.1.20.orig.tar.xz
 27f6a7a10a8babb1534baa003cefafec772679b3 36832 tomcat10_10.1.20-1.debian.tar.xz
 ac9c22b2fe2c3cbba9dad1da9370662bd546518b 16741 
tomcat10_10.1.20-1_amd64.buildinfo
Checksums-Sha256:
 9bf13e950be9045ec5f6aef375f4ca93a2ba2a50f7452cae089fc3e578a11bb2 2982 
tomcat10_10.1.20-1.dsc
 35f6966065c77de6785e5002b3745bd388d169ced4e4beb8d2f908d98eaa8969 4045252 
tomcat10_10.1.20.orig.tar.xz
 57776897862bcc416aa059d35bd04a30eb73be58dfe35b7b7d37d00a09c7f4b6 36832 
tomcat10_10.1.20-1.debian.tar.xz
 5b4fe7b64bd097ae26fca31f709d8ca5aa62cd174b436a98123cfaa567c5fcc9 16741 
tomcat10_10.1.20-1_amd64.buildinfo
Files:
 29927bc8821131930531197ba0dd39db 2982 java optional tomcat10_10.1.20-1.dsc
 f6b238c3f28196f1ea27a6f9213085ee 4045252 java optional 
tomcat10_10.1.20.orig.tar.xz
 028489e456cf4d67a3f7760c6ddec556 36832 java optional 
tomcat10_10.1.20-1.debian.tar.xz
 7c85908c95811529be3dcb24a011f7ac 16741 java optional 
tomcat10_10.1.20-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYROOBfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk2oMP/jbh9+v3Fd/SX2AY7wWj6h5FBa7UesfroUDb
4Y07AbaN+gO63VO2mEWCKWtbZoeAa2b5VmCH4kD/lPaYYVTrDIXADrtu5bbrRvSJ
EO/h6cl7mOGtjSzISFithpNevpLBROeh/oxgnqroZ3g8TrGofFisKJtULf4kONYi
98//hAxgCAu6sVK1mXZ7cuY7m3+/s

Processed: Re: tomcat10: catalina.out is not recreated after deletion

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #1060381 [tomcat10] tomcat10: catalina.out is not recreated after deletion
Ignoring request to alter tags of bug #1060381 to the same tags previously set

-- 
1060381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060381
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: tomcat10: catalina.out is not recreated after deletion

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #1060381 [tomcat10] tomcat10: catalina.out is not recreated after deletion
Added tag(s) moreinfo.

-- 
1060381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060381
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1064923: marked as done (jetty9: CVE-2024-22201)

[Debian Bug Tracking System]

Your message dated Sat, 06 Apr 2024 11:20:05 +
with message-id 
and subject line Bug#1064923: fixed in jetty9 9.4.54-1
has caused the Debian Bug report #1064923,
regarding jetty9: CVE-2024-22201
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1064923: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jetty9
Version: 9.4.53-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/jetty/jetty.project/issues/11256
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for jetty9.

CVE-2024-22201[0]:
| Jetty is a Java based web server and servlet engine. An HTTP/2 SSL
| connection that is established and TCP congested will be leaked when
| it times out. An attacker can cause many connections to end up in
| this state, and the server may run out of file descriptors,
| eventually causing the server to stop accepting new connections from
| valid clients. The vulnerability is patched in 9.4.54, 10.0.20,
| 11.0.20, and 12.0.6.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-22201
https://www.cve.org/CVERecord?id=CVE-2024-22201
[1] https://github.com/jetty/jetty.project/issues/11256
[2] 
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jetty9
Source-Version: 9.4.54-1
Done: Markus Koschany 

We believe that the bug you reported is fixed in the latest version of
jetty9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated jetty9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 06 Apr 2024 12:54:58 +0200
Source: jetty9
Architecture: source
Version: 9.4.54-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1064923
Changes:
 jetty9 (9.4.54-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 9.4.54.
 - Fix CVE-2024-22201:
   It was discovered that remote attackers may leave many HTTP/2 connections
   in ESTABLISHED state (not closed), TCP congested and idle. Eventually the
   server will stop accepting new connections from valid clients which can
   cause a denial of service. (Closes: #1064923)
   Thanks to Salvatore Bonaccorso for the report.
Checksums-Sha1:
 6f7ec9eca790dda15ebefa4cdef5ba1f5ec7cb70 2804 jetty9_9.4.54-1.dsc
 0916554e9ad12ec48e0a141e07012e263bbe7c4f 9877252 jetty9_9.4.54.orig.tar.xz
 646b89885eab28846d1430c9a442b6032eeb9f3f 30480 jetty9_9.4.54-1.debian.tar.xz
 970f196a4279d640f1eb04705566e5ac1112dc3b 19404 jetty9_9.4.54-1_amd64.buildinfo
Checksums-Sha256:
 674811a262d25aa3534275d44b009341eb1e37aef7a379a50954923f226a1124 2804 
jetty9_9.4.54-1.dsc
 8fd58cfa055424cae97ce2dc7e2b5b717ff390e7aeecc72998c21a23bea9104c 9877252 
jetty9_9.4.54.orig.tar.xz
 351edbed121652049c6fc83d49738884fc258d5bf72b7fcb1922b3a291b17748 30480 
jetty9_9.4.54-1.debian.tar.xz
 f07de135abafc7e3d1ccbfdeaa568e1f80c70464cf42bb46d0f1b65bff2ff6b2 19404 
jetty9_9.4.54-1_amd64.buildinfo
Files:
 55703a729cce7be9fcb0e2d2c656b1c5 2804 java optional jetty9_9.4.54-1.dsc
 e98515258f92ec2b1aea4f0d71167069 9877252 java optional 
jetty9_9.4.54.orig.tar.xz
 993e59e5b0225080b5381a18f2170bf6 30480 java optional 
jetty9_9.4.54-1.debian.tar.xz
 38794c89605a432b735a57df50e7a7be 19404 java optional 
jetty9_9.4.54-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYRLABfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkimUQALrTr2l/4/E0FLy1vQUwIKe5NV3LkKT3yhtc
sDKrOKWaKb712hPhtX8uH6VNI1PJAMJsUODf6KsqVlGlBLn4TdI41a2hTsri

Bug#1068463: marked as done (procyon: Untrusted code execution via cwd in classpath)

[Debian Bug Tracking System]

Your message dated Sat, 06 Apr 2024 09:21:26 +
with message-id 
and subject line Bug#1068463: fixed in procyon 0.6.0-2
has caused the Debian Bug report #1068463,
regarding procyon: Untrusted code execution via cwd in classpath
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1068463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068463
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: procyon-decompiler
Version: 0.6.0-1
Tags: security
Severity: grave

In the default configuration, procyon prepends current working directory
to the java classpath.
This is done in the shell script /usr/bin/procyon, which sets, apparently
by mistake, CLASSPATH=$CLASSPATH:..., where $CLASSPATH is a usually
empty environment variable - and empty string in this context is
interpreted as a current working directory by java.

This is potentially dangerous, especially with a decompiler, which is
supposed to deal with untrusted code. In a possible bad scenario, a user
(without CLASSPATH environment variable, which is the debian default)
might try to decompile an untrusted malicious jar:

wget ".../bad.jar"
jar xf bad.jar
procyon ...

Regardless of what command line arguments are given to procyon,
if the extracted jar contained e.g. the jcommander class, then
it will get executed.
--- End Message ---
--- Begin Message ---
Source: procyon
Source-Version: 0.6.0-2
Done: Emmanuel Bourg 

We believe that the bug you reported is fixed in the latest version of
procyon, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1068...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg  (supplier of updated procyon package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 06 Apr 2024 10:46:00 +0200
Source: procyon
Architecture: source
Version: 0.6.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Closes: 1068463
Changes:
 procyon (0.6.0-2) unstable; urgency=medium
 .
   * Prevent untrusted code execution from the command line (Closes: #1068463)
Checksums-Sha1:
 a81914368787af40ac2ca79a0c10433f263ae7cf 2126 procyon_0.6.0-2.dsc
 2356ad74e4f3d3120d4fb6567274d139c938db80 8352 procyon_0.6.0-2.debian.tar.xz
 494205d5b18a9550ef3168058ba99de961859d0c 16872 procyon_0.6.0-2_source.buildinfo
Checksums-Sha256:
 110e78a5f31f17fa10793498be633bd6e5713264584b4cfdf35bdf3cdb3ba691 2126 
procyon_0.6.0-2.dsc
 1a0fdea456430d40370f3ab8a1bfc8036427cd8c9eeb0b3c41b1be290637d30d 8352 
procyon_0.6.0-2.debian.tar.xz
 f361ec278567bb4f95f40efa87804af890e928277126dca59fca9872cc92d8a1 16872 
procyon_0.6.0-2_source.buildinfo
Files:
 88699c5c3e942ae1ffbb4bfe9cb07f13 2126 java optional procyon_0.6.0-2.dsc
 8eaaab4134da64ba14feec086274367b 8352 java optional 
procyon_0.6.0-2.debian.tar.xz
 3c28b430258f0e6a55d70e803043e5b1 16872 java optional 
procyon_0.6.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAmYRC+kSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsK+gP/1h4cdjx6L8cy6+vGqEtdajM+usbc8Lg
uFc2cC9Q7P2kuL7uDZZvhUCMFa/zVsc5rfF/6NQNRGq1GgkxbGy7G/bkXZiVsdbu
agbKukEpDGE3CEJWmfM+umVua6gJX5ZTOUf/Waq+Me9uYtAJAfT6USx0LhvC2LLE
sWqi4b0fItaaftMOVfSEWf6OjK4gb3VISRi28VoZzqaWllU9IqqaIFqei80BMig6
pNVHJilfm1oGphABM/mFUWU1D363f+uAO4A7uAD05trGJ6XQLbDEZiSy6ridcCV0
Oyfn/Gh/7ScqG342t24AdJPtNPPEKyIyxcHnCB4OkwDhV2AY04jD6JHgx8dP5XL6
Dt20VOXJyIuABTjBPuHZV0NX2do6262VwprgUL6X35Qt7fbYN0NpgQx23NLFTDZJ
WGhLsDPNoJbGlFWsxFn82ivOo3CjzL4Td210GfduW46Fe7m+hF9s1/BYI7m0gUwP
iWmwh3lKtCWVVYPC6+gb+PQb9sW6d17jPDXdura2cWVpRS22JEoQCem9KvkbEuke
fkNp24u/8vTjkCs+wwlqDZr2WxQGu4J1646EpjLtH94+JM4QTOyKYhkv5b4jo20N
jwSKf+E+06PkOj+eU/lSKWmNQlxIASiQiCdBX8MoJFKBs24gpWPP0qqPPXn9639b
2LaHNWndI2xa
=LXjA
-END PGP SIGNATURE-



pgpwxazb2rPrA.pgp
Description: PGP signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Bug#1068463 marked as pending in procyon

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1068463 [procyon-decompiler] procyon: Untrusted code execution via cwd in 
classpath
Added tag(s) pending.

-- 
1068463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068463
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1022105: marked as done (pentaho-reporting-flow-engine: ships patches but doesn't apply them)

[Debian Bug Tracking System]

Your message dated Tue, 02 Apr 2024 19:21:31 +
with message-id 
and subject line Bug#1022105: fixed in pentaho-reporting-flow-engine 0.9.4-5.2
has caused the Debian Bug report #1022105,
regarding pentaho-reporting-flow-engine: ships patches but doesn't apply them
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1022105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022105
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pentaho-reporting-flow-engine
Version: 0.9.4-5
Severity: important

Hi,

pentaho-reporting-flow-engine 0.9.4-5 switched from dpatch to quilt:

pentaho-reporting-flow-engine (0.9.4-5) unstable; urgency=medium
[...]
  * drop dependency on dpatch and add dependency on quilt
  * disable timestamps in javadoc (Closes: #859976)

The quilt build-dep was added, but there's no integration of quilt in d/rules.
A way to fix this would be to switch to source format 3.0 (quilt), see #1007086.

Another would be to add the quilt magic (e.g. via dh_quilt_patch / 
dh_quilt_unpatch)
to d/rules.

btw if the reproducible folks haven't complained, perhaps the timestamps patch
can be dropped.

Cheers,
Emilio
--- End Message ---
--- Begin Message ---
Source: pentaho-reporting-flow-engine
Source-Version: 0.9.4-5.2
Done: Bastian Germann 

We believe that the bug you reported is fixed in the latest version of
pentaho-reporting-flow-engine, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1022...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Germann  (supplier of updated 
pentaho-reporting-flow-engine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 23 Mar 2024 18:23:01 +
Source: pentaho-reporting-flow-engine
Architecture: source
Version: 0.9.4-5.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Bastian Germann 
Closes: 1007086 1022105
Changes:
 pentaho-reporting-flow-engine (0.9.4-5.2) unstable; urgency=medium
 .
   * Non-maintainer upload
   * Convert to source format 3.0 (closes: #1007086)
   * Apply formerly ignored quilt series (closes: #1022105)
Checksums-Sha1:
 a34007df7cceaaa485cf83f4cfe35ddef7b1c8da 2509 
pentaho-reporting-flow-engine_0.9.4-5.2.dsc
 7b13bfb0668a9c32c240234f241c74373688390b 4100 
pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz
 966ff906b5263bb14c34c7cd46c691e8fe26c759 17804 
pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo
Checksums-Sha256:
 b9810070d563b13b395fbe4fbdb16c2416ee232756739b0fb2549eac8ae1bde9 2509 
pentaho-reporting-flow-engine_0.9.4-5.2.dsc
 b9b4c5cbc2dc0397239cf05a23a009f4e7e9f389f0dc49760c1fe2ecb25116ee 4100 
pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz
 38751c8c89c4e22264e53324bf7962cf28219a3ba963081b9eb33a86875671b8 17804 
pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo
Files:
 3f10527169c8c7a01102f6b3a5ae7ee8 2509 libs optional 
pentaho-reporting-flow-engine_0.9.4-5.2.dsc
 912488ea00858095cb529da0cc78210d 4100 libs optional 
pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz
 663b9497bcd63cc1447c2880f7cb31a2 17804 libs optional 
pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmX/H24QHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFP4lDACzkZ8RjgByWgotvGobJWVYqkA7vC0DdoRA
kcW2OvRVQWdn3ZNt6QoK7BpfqBFRYhPSMBBVoMDFE3eQvf8dXoKIFCyYlC1+cpIt
+MUURuB+2/RMiEY3QIiI0ewkHH29wVUPlqOOEceUnIwXpsSh8wIPtExTtkHtRW8d
VgFIiB5GkiAKd116S/Dx8jbXwkH0SlJRpSRNQuwowN/AfM1/wIaisGPFK7bVolyI
U6DNgdrPMAVggyxZA8LzfN+alLN40Cuz+Nq+++61JL8v0bApmDjACdGsmWcnUB6G
X7aLYA6INAL8CdB9slST70FB1uSWaqrhBQXmAGdXwJ/SAcTix+C/tKQ/0LyLQNgi
91TKS9ACGEkIwMGVgWG89iDqmi7roxCYSouN6NZKyiF4hbesCWmyLQuLGN/4F5Mo
9GIys8wKTsgw9GQu+hcojrn/TEUvOXTr/LM4ykR7TW2o5DIviOHQ3KUbB2smmW8O
JhlDI1WF74dZmK0ZRGJuCsH+sb2NqKM=
=Dfvm
-END PGP SIGNATURE-



pgppyBQ5lhWWX.pgp
Description: PGP signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1007086: marked as done (pentaho-reporting-flow-engine: please consider upgrading to 3.0 source format)

[Debian Bug Tracking System]

Your message dated Tue, 02 Apr 2024 19:21:31 +
with message-id 
and subject line Bug#1007086: fixed in pentaho-reporting-flow-engine 0.9.4-5.2
has caused the Debian Bug report #1007086,
regarding pentaho-reporting-flow-engine: please consider upgrading to 3.0 
source format
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1007086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007086
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pentaho-reporting-flow-engine
Version: 0.9.4-5.1
Severity: wishlist
Tags: bookworm sid
Usertags: format1.0 format1.0-kp-nv

Dear maintainer,

This package is among the few (1.9%) that still use source format 1.0 in
bookworm.  Please upgrade it to source format 3.0, as (1) this format has many
advantages, as documented in https://wiki.debian.org/Projects/DebSrc3.0 ; (2)
this contributes to standardization of packaging practices.

Please note that this is also a sign that the packaging of this software
could maybe benefit from a refresh. It might be a good opportunity to
look at other aspects as well.

This mass bug filing was discussed on debian-devel@:
https://lists.debian.org/debian-devel/2022/03/msg00074.html

Thanks

Lucas
--- End Message ---
--- Begin Message ---
Source: pentaho-reporting-flow-engine
Source-Version: 0.9.4-5.2
Done: Bastian Germann 

We believe that the bug you reported is fixed in the latest version of
pentaho-reporting-flow-engine, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1007...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Germann  (supplier of updated 
pentaho-reporting-flow-engine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 23 Mar 2024 18:23:01 +
Source: pentaho-reporting-flow-engine
Architecture: source
Version: 0.9.4-5.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Bastian Germann 
Closes: 1007086 1022105
Changes:
 pentaho-reporting-flow-engine (0.9.4-5.2) unstable; urgency=medium
 .
   * Non-maintainer upload
   * Convert to source format 3.0 (closes: #1007086)
   * Apply formerly ignored quilt series (closes: #1022105)
Checksums-Sha1:
 a34007df7cceaaa485cf83f4cfe35ddef7b1c8da 2509 
pentaho-reporting-flow-engine_0.9.4-5.2.dsc
 7b13bfb0668a9c32c240234f241c74373688390b 4100 
pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz
 966ff906b5263bb14c34c7cd46c691e8fe26c759 17804 
pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo
Checksums-Sha256:
 b9810070d563b13b395fbe4fbdb16c2416ee232756739b0fb2549eac8ae1bde9 2509 
pentaho-reporting-flow-engine_0.9.4-5.2.dsc
 b9b4c5cbc2dc0397239cf05a23a009f4e7e9f389f0dc49760c1fe2ecb25116ee 4100 
pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz
 38751c8c89c4e22264e53324bf7962cf28219a3ba963081b9eb33a86875671b8 17804 
pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo
Files:
 3f10527169c8c7a01102f6b3a5ae7ee8 2509 libs optional 
pentaho-reporting-flow-engine_0.9.4-5.2.dsc
 912488ea00858095cb529da0cc78210d 4100 libs optional 
pentaho-reporting-flow-engine_0.9.4-5.2.debian.tar.xz
 663b9497bcd63cc1447c2880f7cb31a2 17804 libs optional 
pentaho-reporting-flow-engine_0.9.4-5.2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmX/H24QHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFP4lDACzkZ8RjgByWgotvGobJWVYqkA7vC0DdoRA
kcW2OvRVQWdn3ZNt6QoK7BpfqBFRYhPSMBBVoMDFE3eQvf8dXoKIFCyYlC1+cpIt
+MUURuB+2/RMiEY3QIiI0ewkHH29wVUPlqOOEceUnIwXpsSh8wIPtExTtkHtRW8d
VgFIiB5GkiAKd116S/Dx8jbXwkH0SlJRpSRNQuwowN/AfM1/wIaisGPFK7bVolyI
U6DNgdrPMAVggyxZA8LzfN+alLN40Cuz+Nq+++61JL8v0bApmDjACdGsmWcnUB6G
X7aLYA6INAL8CdB9slST70FB1uSWaqrhBQXmAGdXwJ/SAcTix+C/tKQ/0LyLQNgi
91TKS9ACGEkIwMGVgWG89iDqmi7roxCYSouN6NZKyiF4hbesCWmyLQuLGN/4F5Mo
9GIys8wKTsgw9GQu+hcojrn/TEUvOXTr/LM4ykR7TW2o5DIviOHQ3KUbB2smmW8O
JhlDI1WF74dZmK0ZRGJuCsH+sb2NqKM=
=Dfvm
-END PGP SIGNATURE-



pgp_pkOzXl4z5.pgp
Description: PGP signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debi

Processed: opensearch: FTBFS with lucene9/9.10.0+dfsg

[Debian Bug Tracking System]

Processing control commands:

> retitle -1 opensearch: FTBFS with lucene9/9.10.0+dfsg
Bug #1066450 [src:opensearch] opensearch: FTBFS: 
server/src/main/java/org/opensearch/index/codec/CodecService.java:37: error: 
cannot find symbol
Changed Bug title to 'opensearch: FTBFS with lucene9/9.10.0+dfsg' from 
'opensearch: FTBFS: 
server/src/main/java/org/opensearch/index/codec/CodecService.java:37: error: 
cannot find symbol'.

-- 
1066450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066450
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1057520: marked as done (libjxmpp-java: FTBFS with default Java 21)

[Debian Bug Tracking System]

Your message dated Mon, 01 Apr 2024 19:36:32 +
with message-id 
and subject line Bug#1057520: fixed in libjxmpp-java 1.0.1-4
has caused the Debian Bug report #1057520,
regarding libjxmpp-java:  FTBFS with default Java 21
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1057520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057520
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libjxmpp-java
Version: 1.0.1-3
Severity: important
Tags: ftbfs
User: debian-j...@lists.debian.org
Usertags: default-java21

Dear Maintainers,

The package libjxmpp-java ftbfs with default Java 21.
The relevant part of the build log:
---
Putting task artifact state for task ':jxmpp-core:debianMavenPom' into context 
took 0.0 secs.
Up-to-date check for task ':jxmpp-core:debianMavenPom' took 0.0 secs. It is not 
up-to-date because:
  No history is available.
Generating pom file 
/<>/jxmpp-jid/build/debian/jxmpp-jid.pom
Generating pom file 
/<>/jxmpp-stringprep-icu4j/build/debian/jxmpp-stringprep-icu4j.pom
Generating pom file 
/<>/jxmpp-core/build/debian/jxmpp-core.pom
:jxmpp-jid:debianMavenPom (Thread[#43,Task worker for ':' Thread 3,5,main]) 
completed. Took 0.052 secs.
:jxmpp-stringprep-icu4j:debianMavenPom (Thread[#41,Task worker for ':',5,main]) 
completed. Took 0.055 secs.
:jxmpp-core:debianMavenPom (Thread[#42,Task worker for ':' Thread 2,5,main]) 
completed. Took 0.057 secs.
/<>/jxmpp-util-cache/src/main/java/org/jxmpp/util/cache/ExpirationCache.java:38:
 warning: [this-escape] possible 'this' escape before subclass is fully 
initialized
setDefaultExpirationTime(defaultExpirationTime);
^
error: warnings found and -Werror specified
1 error
1 warning
:jxmpp-util-cache:compileJava FAILED
:jxmpp-util-cache:compileJava (Thread[#29,Daemon worker,5,main]) completed. 
Took 0.487 secs.

FAILURE: Build failed with an exception.
---


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-13-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: libjxmpp-java
Source-Version: 1.0.1-4
Done: James Valleroy 

We believe that the bug you reported is fixed in the latest version of
libjxmpp-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1057...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Valleroy  (supplier of updated libjxmpp-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 15:13:17 -0400
Source: libjxmpp-java
Architecture: source
Version: 1.0.1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: James Valleroy 
Closes: 1057520
Changes:
 libjxmpp-java (1.0.1-4) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Remove constraints unnecessary since buster (oldstable):
 + Build-Depends: Drop versioned constraint on gradle-debian-helper.
   * Apply multi-arch hints.
 + libjxmpp-java: Add Multi-Arch: foreign.
 .
   [ Vladimir Petko ]
   * d/p/02-avoid-this-escape.patch: workaround 'this-escape' warnings for
 Java 21 (Closes: #1057520).
 .
   [ James Valleroy ]
   * Follows policy 4.6.2
   * Update debian/* copyright statements
Checksums-Sha1:
 2aa7246f4fad38e3510b77710c538f606cc83532 2106 libjxmpp-java_1.0.1-4.dsc
 84d141571e7f0febd34217226858ba57612df171 5572 
libjxmpp-java_1.0.1-4.debian.tar.xz
 36f1e280039a302bc0a18d8158fe996292f59581 13547 
libjxmpp-java_1.0.1-4_amd64.buildinfo
Checksums-Sha256:
 dec7b1913e044ffa159daac24e28c057046ae2eecbf7b078f25393374fe371d0 2106 
libjxmpp-java_1.0.1-4.dsc
 9430c297be94a6a1339d72a4a076839c4efacb7185c2d821a4d3319

Processed: Re: Bug#1067934: jameica: Jameica cannot load plugins | service "database" not found

[Debian Bug Tracking System]

Processing control commands:

> severity -1 normal
Bug #1067934 [jameica] jameica: Jameica cannot load plugins | service 
"database" not found
Severity set to 'normal' from 'grave'

-- 
1067934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067934
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1066649: marked as done (libtritonus-java: FTBFS: org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration])

[Debian Bug Tracking System]

Your message dated Thu, 28 Mar 2024 21:15:52 +
with message-id 
and subject line Bug#1066649: fixed in libtritonus-java 20070428-14.2
has caused the Debian Bug report #1066649,
regarding libtritonus-java: FTBFS: org_tritonus_lowlevel_pogg_Buffer.c:224:16: 
error: implicit declaration of function ‘memcpy’ 
[-Werror=implicit-function-declaration]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1066649: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066649
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libtritonus-java
Version: 20070428-14.1
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20240313 ftbfs-trixie ftbfs-impfuncdef

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.

This is most likely caused by a change in dpkg 1.22.6, that enabled
-Werror=implicit-function-declaration. For more information, see
https://wiki.debian.org/qa.debian.org/FTBFS#A2024-03-13_-Werror.3Dimplicit-function-declaration

Relevant part (hopefully):
> gcc -g -O2 -Werror=implicit-function-declaration 
> -ffile-prefix-map=/<>=. -fstack-protector-strong 
> -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -g 
> -Wall -I. -I/usr/lib/jvm/default-java/include 
> -I/usr/lib/jvm/default-java/include/linux -I../../../jni/ -fPIC -D_REENTRANT  
>  -c -o org_tritonus_lowlevel_pogg_Buffer.o org_tritonus_lowlevel_pogg_Buffer.c
> In file included from common.h:24,
>  from org_tritonus_lowlevel_pogg_Buffer.c:27:
> org_tritonus_lowlevel_pogg_Buffer.c: In function ‘setHandle’:
> ../common/HandleFieldHandler.h:59:57: warning: cast from pointer to integer 
> of different size [-Wpointer-to-int-cast]
>59 | (*env)->SetLongField(env, obj, fieldID, (jlong) (int) 
> handle);   \
>   | ^
> org_tritonus_lowlevel_pogg_Buffer.c:30:1: note: in expansion of macro 
> ‘HandleFieldHandlerDeclaration’
>30 | HandleFieldHandlerDeclaration(handler, oggpack_buffer*)
>   | ^
> org_tritonus_lowlevel_pogg_Buffer.c: In function ‘getHandle’:
> ../common/HandleFieldHandler.h:66:26: warning: cast to pointer from integer 
> of different size [-Wint-to-pointer-cast]
>66 | _type   handle = (_type) (int) (*env)->GetLongField(env, obj, 
> fieldID); \
>   |  ^
> org_tritonus_lowlevel_pogg_Buffer.c:30:1: note: in expansion of macro 
> ‘HandleFieldHandlerDeclaration’
>30 | HandleFieldHandlerDeclaration(handler, oggpack_buffer*)
>   | ^
> org_tritonus_lowlevel_pogg_Buffer.c: In function 
> ‘Java_org_tritonus_lowlevel_pogg_Buffer_readInit’:
> org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of 
> function ‘memcpy’ [-Werror=implicit-function-declaration]
>   224 | (void) memcpy(buffer2, buffer, nBytes);
>   |^~
> org_tritonus_lowlevel_pogg_Buffer.c:29:1: note: include ‘’ or 
> provide a declaration of ‘memcpy’
>28 | #include "org_tritonus_lowlevel_pogg_Buffer.h"
>   +++ |+#include 
>29 | 
> org_tritonus_lowlevel_pogg_Buffer.c:224:16: warning: incompatible implicit 
> declaration of built-in function ‘memcpy’ [-Wbuiltin-declaration-mismatch]
>   224 | (void) memcpy(buffer2, buffer, nBytes);
>   |^~
> org_tritonus_lowlevel_pogg_Buffer.c:224:16: note: include ‘’ or 
> provide a declaration of ‘memcpy’
> org_tritonus_lowlevel_pogg_Buffer.c: In function 
> ‘Java_org_tritonus_lowlevel_pogg_Buffer_getBuffer’:
> org_tritonus_lowlevel_pogg_Buffer.c:439:61: warning: pointer targets in 
> passing argument 5 of ‘(*env)->SetByteArrayRegion’ differ in signedness 
> [-Wpointer-sign]
>   439 | (*env)->SetByteArrayRegion(env, abBuffer, 0, bytes, buffer);
>   | ^~
>   | |
>   | unsigned 
> char *
> org_tritonus_lowlevel_pogg_Buffer.c:439:61: note: expected ‘const jbyte *’ 
> {aka ‘const signed char *’} but argument is of type ‘unsigned char *’
> cc1: some warnings being treated as errors
> make[2]: *** [: org_tritonus_lowlevel_pogg_Buffer.o] Error 1


The 

Processed: libtritonus-java: diff for NMU version 20070428-14.2

[Debian Bug Tracking System]

Processing control commands:

> tags 1066649 + patch
Bug #1066649 [src:libtritonus-java] libtritonus-java: FTBFS: 
org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of 
function ‘memcpy’ [-Werror=implicit-function-declaration]
Added tag(s) patch.
> tags 1066649 + pending
Bug #1066649 [src:libtritonus-java] libtritonus-java: FTBFS: 
org_tritonus_lowlevel_pogg_Buffer.c:224:16: error: implicit declaration of 
function ‘memcpy’ [-Werror=implicit-function-declaration]
Added tag(s) pending.

-- 
1066649: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066649
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: jh_installjavadoc: should not write duplicative doc-base files.

[Debian Bug Tracking System]

Processing control commands:

> affects -1 libpixels-java
Bug #1067901 [javahelper] jh_installjavadoc: should not write duplicative 
doc-base files.
Added indication that 1067901 affects libpixels-java

-- 
1067901: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067901
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1066045: marked as done (maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers)

[Debian Bug Tracking System]

Your message dated Thu, 28 Mar 2024 08:49:51 +
with message-id 
and subject line Bug#1066045: fixed in maven-bundle-plugin 3.5.1-2.1
has caused the Debian Bug report #1066045,
regarding maven-bundle-plugin: produces nondeterministic ordering in 
MANIFEST.MF headers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1066045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libmaven-bundle-plugin-java
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: toolchain

Dear Maintainer,

The maven-bundle-plugin utility creates Java .jar archives that contain
non-deterministic contents in the Export-Package, Private-Package and
Include-Resource header fields of the MANIFEST.MF file when listing those files
from the underlying filesystem returns them in differing order.

There is an exisiting report[1] of this problem upstream in the Apache Felix
project, and it has been resolved by a subsequent change[2] to sort the
contents of the relevant field values before they're written to the manifest.

Please find attached a backport of the upstream changeset, which applies
cleanly to the maven-bundle-plugin-3.5.1 sources.

Thank you,
James

[1] - https://issues.apache.org/jira/browse/FELIX-6602

[2] - https://github.com/apache/felix-dev/pull/208
>From d885d99a6a16660f655a4fd18e8a1a39beef0a15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20Boutemy?= 
Date: Sat, 25 Mar 2023 00:18:11 +0100
Subject: [PATCH] FELIX-6602 sort resources and exported packages

---
 .../java/org/apache/felix/bundleplugin/BundlePlugin.java | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/src/main/java/org/apache/felix/bundleplugin/BundlePlugin.java
+++ b/src/main/java/org/apache/felix/bundleplugin/BundlePlugin.java
@@ -1938,6 +1938,7 @@ public class BundlePlugin extends AbstractMojo
 scanner.scan();
 
 String[] paths = scanner.getIncludedFiles();
+Arrays.sort( paths );
 for ( int i = 0; i < paths.length; i++ )
 {
 packages.put( analyzer.getPackageRef( getPackageName( paths[i] 
) ) );
@@ -2076,7 +2077,9 @@ public class BundlePlugin extends AbstractMojo
 scanner.addDefaultExcludes();
 scanner.scan();
 
-List includedFiles = Arrays.asList( 
scanner.getIncludedFiles() );
+String[] f = scanner.getIncludedFiles();
+Arrays.sort( f );
+List includedFiles = Arrays.asList( f );
 
 for ( Iterator j = includedFiles.iterator(); 
j.hasNext(); )
 {
-- 
2.43.0

--- End Message ---
--- Begin Message ---
Source: maven-bundle-plugin
Source-Version: 3.5.1-2.1
Done: Mattia Rizzolo 

We believe that the bug you reported is fixed in the latest version of
maven-bundle-plugin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1066...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mattia Rizzolo  (supplier of updated maven-bundle-plugin 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 27 Mar 2024 18:13:06 +0100
Source: maven-bundle-plugin
Architecture: source
Version: 3.5.1-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Mattia Rizzolo 
Closes: 1066045
Changes:
 maven-bundle-plugin (3.5.1-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Apply patch from upstream to fix nondeterministic ordering in MANIFEST.MF
 headers.  Closes: #1066045
 Thanks to James Addison  for bringing up the patch.
Checksums-Sha1:
 2d62d1229202afb2c698da7edd7f4f7ef1c8f9f2 2528 maven-bundle-plugin_3.5.1-2.1.dsc
 462903578303f600dd3738186596caa41c0053e3 9880 
maven-bundle-plugin_3.5.1-2.1.debian.tar.xz
 bb3b8c4c230bc869366907e16e2bf0a61e479fa5 11473 
maven-bundle-plugin_3.5.1-2.1_amd64.buildinfo
Checksums-Sha256:
 cd5e51ce3e59d563d964a883dcff27bcbf965e4d7008605b1f5f9a7b477a65e1 2528 
maven-bundle-plugin_3.5.1-2.1.dsc
 866ebb653bc825b05a9f272f7c518132631a59bd88a77de2a70399b71883a9b

Processed: tagging 1067188, tagging 1067795, tagging 1067796

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1067188 + sid trixie
Bug #1067188 [src:gcc-mingw-w64] gdb-mingw-w64: FTBFS in trixie
Added tag(s) sid and trixie.
> tags 1067795 + sid trixie
Bug #1067795 [src:httpcomponents-client] httpcomponents-client: FTBFS: failing 
tests
Added tag(s) trixie and sid.
> tags 1067796 + sid trixie
Bug #1067796 [src:mailscripts] mailscripts: FTBFS: 
email-print-mime-structure:51: error: Unused "type: ignore" comment
Added tag(s) trixie and sid.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1067188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067188
1067795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067795
1067796: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067796
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers

[Debian Bug Tracking System]

Processing control commands:

> forwarded -1 
> https://salsa.debian.org/java-team/maven-bundle-plugin/-/merge_requests/1
Bug #1066045 [libmaven-bundle-plugin-java] maven-bundle-plugin: produces 
nondeterministic ordering in MANIFEST.MF headers
Set Bug forwarded-to-address to 
'https://salsa.debian.org/java-team/maven-bundle-plugin/-/merge_requests/1'.
> tags -1 pending
Bug #1066045 [libmaven-bundle-plugin-java] maven-bundle-plugin: produces 
nondeterministic ordering in MANIFEST.MF headers
Ignoring request to alter tags of bug #1066045 to the same tags previously set

-- 
1066045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: maven-bundle-plugin: diff for NMU version 3.5.1-2.1

[Debian Bug Tracking System]

Processing control commands:

> tags 1066045 + pending
Bug #1066045 [libmaven-bundle-plugin-java] maven-bundle-plugin: produces 
nondeterministic ordering in MANIFEST.MF headers
Added tag(s) pending.

-- 
1066045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1067514: marked as done (commons-configuration2: CVE-2024-29133)

[Debian Bug Tracking System]

Your message dated Mon, 25 Mar 2024 05:35:03 +
with message-id 
and subject line Bug#1067514: fixed in commons-configuration2 2.10.1-1
has caused the Debian Bug report #1067514,
regarding commons-configuration2: CVE-2024-29133
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1067514: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067514
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-841
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for commons-configuration2.

CVE-2024-29133[0]:
| Out-of-bounds Write vulnerability in Apache Commons
| Configuration.This issue affects Apache Commons Configuration: from
| 2.0 before 2.10.1.  Users are recommended to upgrade to version
| 2.10.1, which fixes the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-29133
https://www.cve.org/CVERecord?id=CVE-2024-29133
[1] https://issues.apache.org/jira/browse/CONFIGURATION-841

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: commons-configuration2
Source-Version: 2.10.1-1
Done: tony mancill 

We believe that the bug you reported is fixed in the latest version of
commons-configuration2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated commons-configuration2 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Mar 2024 21:43:35 -0700
Source: commons-configuration2
Architecture: source
Version: 2.10.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 1067513 1067514
Changes:
 commons-configuration2 (2.10.1-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 2.10.1 (Closes: #1067513, #1067514)
 CVE-2024-29131, CVE-2024-29133
   * Ignore spotbugs maven plugin
   * Ignore org.apache.maven.plugins:maven-pmd-plugin
   * Add Build-Dep on libmockito-java and liblog4j2-java
Checksums-Sha1:
 f87b15f4c5b13254dfeb3057fd0b31f64df1c6c2 2684 
commons-configuration2_2.10.1-1.dsc
 a7bd29e7072c432344e781f6c6d7096541a38fb7 666940 
commons-configuration2_2.10.1.orig.tar.xz
 4071172cca28491af971e5e7f821f91a1994320d 5036 
commons-configuration2_2.10.1-1.debian.tar.xz
 d46822382aa88fbd87821a5e4e7b64edc4018746 17604 
commons-configuration2_2.10.1-1_amd64.buildinfo
Checksums-Sha256:
 52b9ee19c3572e46f83de7bc2e563135dd2cf85366952fc8bc7abb6c594efb6d 2684 
commons-configuration2_2.10.1-1.dsc
 3df256ecf5683cdc9b7b72113712a0d31e2d72eabc645406db134dc22439 666940 
commons-configuration2_2.10.1.orig.tar.xz
 44b3dd85437f546b41ed6c838ca117be209bf57f5ae6ae4a46811032de59a6ba 5036 
commons-configuration2_2.10.1-1.debian.tar.xz
 9449cb8d86e5e46f6336f9ad2a5bed247954b3fca2fe48cd0249672f1587262a 17604 
commons-configuration2_2.10.1-1_amd64.buildinfo
Files:
 e0500831e9f927a4590fa3425620800a 2684 java optional 
commons-configuration2_2.10.1-1.dsc
 cbd39112a507d641371276333c2a439d 666940 java optional 
commons-configuration2_2.10.1.orig.tar.xz
 2311ad118ce1d9204788e582f220768c 5036 java optional 
commons-configuration2_2.10.1-1.debian.tar.xz
 196b33ff8b525fe38b0990e56db934bf 17604 java optional 
commons-configuration2_2.10.1-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYBBakUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpb0QRAAm1bUxAJjLaheyPrgBQAx6wzX11AH
jOuBlImXvFHx8MM/dkKJGJX6Y020YEvsT5Fu+CnUiEPXxngj3R2sv28j910bLjBB
DVGrQACox6J3yUKdfPrASOCahjT+dFP4XVuzNKdJPTW5Kw1ifldveA7VSN+tAVMj
U/PLO8RusBDpQhpv3sSrIGjcxD6XzV/+jW2MJ1V2Ltt+NaD7PKc5Wdp3BJK3jQ2H
p6y67/BAYja/irxX1d56WenI+4Z9L8kvFpMt3vxQLl7CZhgNPoPbR6HpS2lbp+LI
34Gf6N+cT2qhfIOWFoEO9rSP

Bug#1067513: marked as done (commons-configuration2: CVE-2024-29131)

[Debian Bug Tracking System]

Your message dated Mon, 25 Mar 2024 05:35:03 +
with message-id 
and subject line Bug#1067513: fixed in commons-configuration2 2.10.1-1
has caused the Debian Bug report #1067513,
regarding commons-configuration2: CVE-2024-29131
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1067513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067513
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-840
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for commons-configuration2.

CVE-2024-29131[0]:
| Out-of-bounds Write vulnerability in Apache Commons
| Configuration.This issue affects Apache Commons Configuration: from
| 2.0 before 2.10.1.  Users are recommended to upgrade to version
| 2.10.1, which fixes the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-29131
https://www.cve.org/CVERecord?id=CVE-2024-29131
[1] https://issues.apache.org/jira/browse/CONFIGURATION-840
[2] https://www.openwall.com/lists/oss-security/2024/03/20/4

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: commons-configuration2
Source-Version: 2.10.1-1
Done: tony mancill 

We believe that the bug you reported is fixed in the latest version of
commons-configuration2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated commons-configuration2 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Mar 2024 21:43:35 -0700
Source: commons-configuration2
Architecture: source
Version: 2.10.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 1067513 1067514
Changes:
 commons-configuration2 (2.10.1-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 2.10.1 (Closes: #1067513, #1067514)
 CVE-2024-29131, CVE-2024-29133
   * Ignore spotbugs maven plugin
   * Ignore org.apache.maven.plugins:maven-pmd-plugin
   * Add Build-Dep on libmockito-java and liblog4j2-java
Checksums-Sha1:
 f87b15f4c5b13254dfeb3057fd0b31f64df1c6c2 2684 
commons-configuration2_2.10.1-1.dsc
 a7bd29e7072c432344e781f6c6d7096541a38fb7 666940 
commons-configuration2_2.10.1.orig.tar.xz
 4071172cca28491af971e5e7f821f91a1994320d 5036 
commons-configuration2_2.10.1-1.debian.tar.xz
 d46822382aa88fbd87821a5e4e7b64edc4018746 17604 
commons-configuration2_2.10.1-1_amd64.buildinfo
Checksums-Sha256:
 52b9ee19c3572e46f83de7bc2e563135dd2cf85366952fc8bc7abb6c594efb6d 2684 
commons-configuration2_2.10.1-1.dsc
 3df256ecf5683cdc9b7b72113712a0d31e2d72eabc645406db134dc22439 666940 
commons-configuration2_2.10.1.orig.tar.xz
 44b3dd85437f546b41ed6c838ca117be209bf57f5ae6ae4a46811032de59a6ba 5036 
commons-configuration2_2.10.1-1.debian.tar.xz
 9449cb8d86e5e46f6336f9ad2a5bed247954b3fca2fe48cd0249672f1587262a 17604 
commons-configuration2_2.10.1-1_amd64.buildinfo
Files:
 e0500831e9f927a4590fa3425620800a 2684 java optional 
commons-configuration2_2.10.1-1.dsc
 cbd39112a507d641371276333c2a439d 666940 java optional 
commons-configuration2_2.10.1.orig.tar.xz
 2311ad118ce1d9204788e582f220768c 5036 java optional 
commons-configuration2_2.10.1-1.debian.tar.xz
 196b33ff8b525fe38b0990e56db934bf 17604 java optional 
commons-configuration2_2.10.1-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYBBakUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpb0QRAAm1bUxAJjLaheyPrgBQAx6wzX11AH
jOuBlImXvFHx8MM/dkKJGJX6Y020YEvsT5Fu+CnUiEPXxngj3R2sv28j910bLjBB
DVGrQACox6J3yUKdfPrASOCahjT+dFP4XVuzNKdJPTW5Kw1ifldveA7VSN+tAVMj
U/PLO8RusBDpQhpv3sSrIGjcxD6XzV/+jW2MJ1V2Ltt+NaD7PKc5Wdp3BJK3jQ2H
p6y67/BAYja/irxX1d56

Bug#1025042: marked as done (zookeeperd: zookeeper may be started before network and crashes)

[Debian Bug Tracking System]

Your message dated Sun, 24 Mar 2024 23:36:06 +
with message-id 
and subject line Bug#1025042: fixed in zookeeper 3.9.2-1
has caused the Debian Bug report #1025042,
regarding zookeeperd: zookeeper may be started before network and crashes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1025042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025042
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: zookeeperd
Version: 3.8.0-10
Severity: important


Hey.

The init.d script doesn't require networking, therefore it may happen.
that e.g. systemd starts zookeeper before the network is brought up,
in which case zookeeper crashes, as it cannot bind to the configured
server.N-option address.

Could be solved either by using e.g.:
# Required-Start:$remote_fs $network
# Required-Stop: $remote_fs $network

or by solving bug #950386 and providing systemd units, which would
make this bug obsole (unless sysvinit compatibility was to be kept).


Cheers,
Chris.
--- End Message ---
--- Begin Message ---
Source: zookeeper
Source-Version: 3.9.2-1
Done: Bastien Roucariès 

We believe that the bug you reported is fixed in the latest version of
zookeeper, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1025...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès  (supplier of updated zookeeper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Mar 2024 21:19:51 +
Source: zookeeper
Architecture: source
Version: 3.9.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Bastien Roucariès 
Closes: 1025042 1066947
Changes:
 zookeeper (3.9.2-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version 3.9.2
   * Bug fix: CVE-2024-23944 (Closes: #1066947):
 An information disclosure in persistent watchers handling was found in
 Apache ZooKeeper due to missing ACL check.  It allows an attacker to
 monitor child znodes by attaching a persistent watcher (addWatch
 command) to a parent which the attacker has already access
 to. ZooKeeper server doesn't do ACL check when the persistent watcher
 is triggered and as a consequence, the full path of znodes that a
 watch event gets triggered upon is exposed to the owner of the
 watcher. It's important to note that only the path is exposed by this
 vulnerability, not the data of znode, but since znode path can contain
 sensitive information like user name or login ID, this issue is
 potentially critical.
   * Let sysvinit init script depend on networking (Closes: #1025042)
   * Add salsa CI
   * Refresh patches
Checksums-Sha1:
 3c11da7860b08d7d6b1aa02edd5724cc8ee5023d 3788 zookeeper_3.9.2-1.dsc
 3a4467abfa2401af9a5edd259b52e5bdb86190e1 4684368 zookeeper_3.9.2.orig.tar.gz
 86d0c7e6ea1c2a06ac434613427934d9e07000ad 833 zookeeper_3.9.2.orig.tar.gz.asc
 f0f2832dab05a8332fe6271b1ae0830882edc599 90740 zookeeper_3.9.2-1.debian.tar.xz
 7e8adca2febc5790177093d17c57a1ab7ce63bf9 24964 
zookeeper_3.9.2-1_amd64.buildinfo
Checksums-Sha256:
 78cba7d05dec290e24b74f7349491232fedb585ae264185610bd6e4d703cb582 3788 
zookeeper_3.9.2-1.dsc
 bbdea19a91d11bc55071fdd7c83109afb6ee791a7b0733fde0baaa44029cbd77 4684368 
zookeeper_3.9.2.orig.tar.gz
 91572bf432f38cf5c4eb4570a79cbc9809963f961f1d6278360e86d3ae4c32e0 833 
zookeeper_3.9.2.orig.tar.gz.asc
 2d53d059e8a36d510c57d9c54c6b093b0f7e6b015e4fce4878f701b7883279b0 90740 
zookeeper_3.9.2-1.debian.tar.xz
 db1e8b2985dc3e94a46bfbab463891d7054f224f6dab3493e8138d91607fc716 24964 
zookeeper_3.9.2-1_amd64.buildinfo
Files:
 4787cb5820f605db03dea0be53a237f7 3788 java optional zookeeper_3.9.2-1.dsc
 e75afdf8f4f4da2ea5c861ba9e9448a8 4684368 java optional 
zookeeper_3.9.2.orig.tar.gz
 376fb556cb78dd3b9891384275776efb 833 java optional 
zookeeper_3.9.2.orig.tar.gz.asc
 5efcee1c0532665292233a2df907b21f 90740 java optional 
zookeeper_3.9.2-1.debian.tar.xz
 fc91796959d0c387650d9ded00a539cb 24964 java optional 
zookeeper_3.9.2-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYAo8MRHHJvdWNhQGRl

Bug#1066947: marked as done (zookeeper: CVE-2024-23944)

[Debian Bug Tracking System]

Your message dated Sun, 24 Mar 2024 23:36:12 +
with message-id 
and subject line Bug#1066947: fixed in zookeeper 3.9.2-1
has caused the Debian Bug report #1066947,
regarding zookeeper: CVE-2024-23944
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1066947: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066947
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: zookeeper
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for zookeeper.

CVE-2024-23944[0]:
| Information disclosure in persistent watchers handling in Apache
| ZooKeeper due to missing ACL check. It allows an attacker to monitor
| child znodes by attaching a persistent watcher (addWatch command) to
| a parent which the attacker has already access to. ZooKeeper server
| doesn't do ACL check when the persistent watcher is triggered and as
| a consequence, the full path of znodes that a watch event gets
| triggered upon is exposed to the owner of the watcher. It's
| important to note that only the path is exposed by this
| vulnerability, not the data of znode, but since znode path can
| contain sensitive information like user name or login ID, this issue
| is potentially critical.  Users are recommended to upgrade to
| version 3.9.2, 3.8.4 which fixes the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-23944
https://www.cve.org/CVERecord?id=CVE-2024-23944
[1] https://www.openwall.com/lists/oss-security/2024/03/14/2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: zookeeper
Source-Version: 3.9.2-1
Done: Bastien Roucariès 

We believe that the bug you reported is fixed in the latest version of
zookeeper, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1066...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès  (supplier of updated zookeeper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Mar 2024 21:19:51 +
Source: zookeeper
Architecture: source
Version: 3.9.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Bastien Roucariès 
Closes: 1025042 1066947
Changes:
 zookeeper (3.9.2-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version 3.9.2
   * Bug fix: CVE-2024-23944 (Closes: #1066947):
 An information disclosure in persistent watchers handling was found in
 Apache ZooKeeper due to missing ACL check.  It allows an attacker to
 monitor child znodes by attaching a persistent watcher (addWatch
 command) to a parent which the attacker has already access
 to. ZooKeeper server doesn't do ACL check when the persistent watcher
 is triggered and as a consequence, the full path of znodes that a
 watch event gets triggered upon is exposed to the owner of the
 watcher. It's important to note that only the path is exposed by this
 vulnerability, not the data of znode, but since znode path can contain
 sensitive information like user name or login ID, this issue is
 potentially critical.
   * Let sysvinit init script depend on networking (Closes: #1025042)
   * Add salsa CI
   * Refresh patches
Checksums-Sha1:
 3c11da7860b08d7d6b1aa02edd5724cc8ee5023d 3788 zookeeper_3.9.2-1.dsc
 3a4467abfa2401af9a5edd259b52e5bdb86190e1 4684368 zookeeper_3.9.2.orig.tar.gz
 86d0c7e6ea1c2a06ac434613427934d9e07000ad 833 zookeeper_3.9.2.orig.tar.gz.asc
 f0f2832dab05a8332fe6271b1ae0830882edc599 90740 zookeeper_3.9.2-1.debian.tar.xz
 7e8adca2febc5790177093d17c57a1ab7ce63bf9 24964 
zookeeper_3.9.2-1_amd64.buildinfo
Checksums-Sha256:
 78cba7d05dec290e24b74f7349491232fedb585ae264185610bd6e4d703cb582 3788 
zookeeper_3.9.2-1.dsc
 bbdea19a91d11bc55071fdd7c83109afb6ee791a7b0733fde0baaa44029cbd77 4684368 
zookeeper_3.9.2.orig.ta

Processed: Bug#1025042 marked as pending in zookeeper

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1025042 [zookeeperd] zookeeperd: zookeeper may be started before network 
and crashes
Added tag(s) pending.

-- 
1025042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025042
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1057933: marked as done (libjose4j-java: FTBFS: IOException: Only named ECParameters supported)

[Debian Bug Tracking System]

Your message dated Sun, 24 Mar 2024 21:58:14 +0100
with message-id 
and subject line Re: Bug#1057933: libjose4j-java: FTBFS: IOException: Only 
named ECParameters supported
has caused the Debian Bug report #1057933,
regarding libjose4j-java: FTBFS: IOException: Only named ECParameters supported
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1057933: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057933
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: src:libjose4j-java
Version: 0.7.12-2
Severity: serious
Tags: ftbfs

Dear maintainer:

During a rebuild of all packages in unstable, your package failed to build:


[...]
 debian/rules binary
dh binary
   dh_update_autotools_config
   dh_autoreconf
   dh_auto_configure
mh_patchpoms -plibjose4j-java --debian-build --keep-pom-version 
--maven-repo=/<>/debian/maven-repo
   dh_auto_build
/usr/lib/jvm/default-java/bin/java -noverify -cp /usr/share/maven/boot/plexus-classworlds-2.x.jar 
-Dmaven.home=/usr/share/maven -Dmaven.multiModuleProjectDirectory=/<> 
-Dclassworlds.conf=/etc/maven/m2-debian.conf -Dproperties.file.manual=/<>/debian/maven.properties 
org.codehaus.plexus.classworlds.launcher.Launcher -s/etc/maven/settings-debian.xml 
-Ddebian.dir=/<>/debian -Dmaven.repo.local=/<>/debian/maven-repo --batch-mode 
package -DskipTests -Dnotimestamp=true -Dlocale=en_US
OpenJDK 64-Bit Server VM warning: Options -Xverify:none and -noverify were 
deprecated in JDK 13 and will likely be removed in a future release.
[INFO] Scanning for projects...
[INFO]
[INFO] --< org.bitbucket.b_c:jose4j >--
[INFO] Building jose4j 0.7.12
[INFO] [ jar ]-

[... snipped ...]

at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at 
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
at 
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at 
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:61)
at 
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at 
org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)
at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)
at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)
at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)
at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at org.junit.runners.ParentRunner.run(ParentRunner.java:413)
at 
org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:365)
at 
org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:273)
at 
org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238)
at 
org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:159)
at 
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:384)
at 
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:345)
at 
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:126)
at 
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:418)
14:19:37.806 DEBUG org.jose4j.jwk.JsonWebKeySet - Ignoring an individual JWK in a JWKS due to a problem processing it. JWK params: {kty=null, x=riwTtQeRjmlDsR4PUQELhejpPkZkQstb0_Lf08qeBzM, y=izN8y6z-8j8bB_Lj10gX9mnaE_E0ZK5fl0hJVyLWMKA, crv=P-256} and the full JW

Processed: bug 1066947 is forwarded to https://issues.apache.org/jira/browse/ZOOKEEPER-4799

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 1066947 https://issues.apache.org/jira/browse/ZOOKEEPER-4799
Bug #1066947 [src:zookeeper] zookeeper: CVE-2024-23944
Set Bug forwarded-to-address to 
'https://issues.apache.org/jira/browse/ZOOKEEPER-4799'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1066947: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066947
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: severity of 1065108 is important, user release.debian....@packages.debian.org, usertagging 1065108

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 1065108 important
Bug #1065108 {Done: tony mancill } [src:java3d] java3d: 
FTBFS: missing build-dep on libnsl-dev
Severity set to 'important' from 'serious'
> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was 
sebas...@debian.org).
> usertags 1065108 time-t-downgrade
There were no usertags set.
Usertags are now: time-t-downgrade.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1065108: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065108
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Bug#1067209 marked as pending in jruby

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1067209 [jruby] jruby: please update libfixposix4 runtime depency
Added tag(s) pending.

-- 
1067209: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067209
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1064191: marked as done (openjdk-8: fails to install on i386 mantic, focal and jammy)

[Debian Bug Tracking System]

Your message dated Wed, 13 Mar 2024 23:20:33 +
with message-id 
and subject line Bug#1064191: fixed in openjdk-8 8u402-ga-3
has caused the Debian Bug report #1064191,
regarding openjdk-8: fails to install on i386 mantic, focal and jammy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1064191: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064191
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openjdk-8
Severity: wishlist
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch

Dear Maintainer,

  openjdk-8 402-ga-2 introduced changes that make the package fail to install
in i386 Ubuntu noble.
  binfmt-support might not be installed and /usr/share/binfmts directory might
not exist. This causes postinstall script to fail in a new installation.
  ATK wrapper package for i386 is not present in stable releases of Ubuntu and
will require SRU process to be introduced. This makes package uninstallable.

 Would it be possible to consider the following changes:

  * Fix installation issue on i386 (LP: #2053110):
- d/rules: build without atk bridge on i386 for Ubuntu versions that
  do not have it.
- d/JB-jre-headless.postinst.in: check that /usr/share/binfmts exists
  before trying to delete it.


Thanks for considering the patch.


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 
'mantic'), (100, 'mantic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-17-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru openjdk-8-8u402-ga/debian/JB-jre-headless.postinst.in 
openjdk-8-8u402-ga/debian/JB-jre-headless.postinst.in
--- openjdk-8-8u402-ga/debian/JB-jre-headless.postinst.in   2024-01-31 
18:05:28.0 +1300
+++ openjdk-8-8u402-ga/debian/JB-jre-headless.postinst.in   2024-02-14 
19:58:48.0 +1300
@@ -19,7 +19,9 @@
  --remove jar /usr/bin/jexec 2>/dev/null || true
update-alternatives --remove jexec \
  $basedir/jre/lib/jexec 2>/dev/null || true
-   rmdir --ignore-fail-on-non-empty /usr/share/binfmts
+   if [ -e /usr/share/binfmts ]; then
+   rmdir --ignore-fail-on-non-empty /usr/share/binfmts
+   fi
 fi
 
 # fail early.  java currently uses tricks to find its own shared
diff -Nru openjdk-8-8u402-ga/debian/rules openjdk-8-8u402-ga/debian/rules
--- openjdk-8-8u402-ga/debian/rules 2024-01-31 18:05:28.0 +1300
+++ openjdk-8-8u402-ga/debian/rules 2024-02-14 19:58:48.0 +1300
@@ -305,6 +305,16 @@
   with_bridge = atk
 endif
 
+ifeq ($(derivative),Ubuntu)
+  ifeq ($(DEB_HOST_ARCH),i386)
+# disable bridge on focal, jammy and mantic until atk wrapper is introduced
+# in those releases on i386
+ifneq (,$(filter $(distrel),focal jammy mantic))
+  with_bridge =
+endif
+  endif
+endif
+
 with_nss = yes
 
 on_buildd := $(shell [ -f /CurrentlyBuilding -o "$$LOGNAME" = buildd ] && echo 
yes)
--- End Message ---
--- Begin Message ---
Source: openjdk-8
Source-Version: 8u402-ga-3
Done: Thorsten Glaser 

We believe that the bug you reported is fixed in the latest version of
openjdk-8, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Glaser  (supplier of updated openjdk-8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384

Format: 1.8
Date: Wed, 13 Mar 2024 22:46:46 +0100
Source: openjdk-8
Architecture: source
Version: 8u402-ga-3
Distribution: unstable
Urgency: medium
Maintainer: Java Maintenance 
Changed-By: Thorsten Glaser 
Closes: 1064191
Changes:
 openjdk-8 (8u402-ga-3) unstable; urgency=medium
 .
   [ Vladimir Petko ]
   * Unbreak installability with missing /usr/share/binfmts
 .
   [ Thorsten Glaser, V

Processed: Re: Bug#1066051: openjdk-8: make package usable on systems without t64 packages

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> close 1066051
Bug #1066051 [src:openjdk-8] openjdk-8: make package usable on systems without 
t64 packages
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1066051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: antlr4-maven-plugin: please provide debian-versioned maven coordinates

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:chemicaltagger
Bug #1065660 [antlr4-maven-plugin] antlr4-maven-plugin: please provide 
debian-versioned maven coordinates
Added indication that 1065660 affects src:chemicaltagger

-- 
1065660: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065660
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1065455: marked as done (libapache-poi-java: FTBFS due to commons-compress upgrade)

[Debian Bug Tracking System]

Your message dated Thu, 07 Mar 2024 06:21:27 +
with message-id 
and subject line Bug#1065455: fixed in libapache-poi-java 4.0.1-6
has caused the Debian Bug report #1065455,
regarding libapache-poi-java: FTBFS due to commons-compress upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1065455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libapache-poi-java
Version: 4.0.1-4
Severity: important
Tags: ftbfs
User: debian-j...@lists.debian.org
Usertags: default-java21

Dear Maintainers,

The package libapache-poi-java ftbfs with default Java 21.
The relevant part of the build log:
---
  [javac] 
/<>/src/ooxml/testcases/org/apache/poi/openxml4j/opc/internal/marshallers/TestZipPackagePropertiesMarshaller.java:61:
 error: name clash: putArchiveEntry(ArchiveEntry) in 
 and putArchiveEntry(ZipArchiveEntry) in ArchiveOutputStream have the same 
erasure, yet neither overrides the other
[javac] public void putArchiveEntry(final ArchiveEntry 
archiveEntry) throws IOException {
[javac] ^
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: 
/<>/src/ooxml/testcases/org/apache/poi/sl/TestOleShape.java uses 
unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] 1 error
[javac] 3 warnings
---


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 
'mantic'), (100, 'mantic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-21-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: libapache-poi-java
Source-Version: 4.0.1-6
Done: Vladimir Petko 

We believe that the bug you reported is fixed in the latest version of
libapache-poi-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1065...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vladimir Petko  (supplier of updated 
libapache-poi-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 07 Mar 2024 15:21:27 +1300
Source: libapache-poi-java
Architecture: source
Version: 4.0.1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Vladimir Petko 
Closes: 1065455
Changes:
 libapache-poi-java (4.0.1-6) unstable; urgency=medium
 .
   * Team upload
 .
   [ Vladimir Petko ]
   * d/p/17_commons-compress-upgrade.patch: apply upstream patch to resolve 
ftbfs
 (Closes: #1065455).
Checksums-Sha1:
 eb0e8ac1be009940a23e98894ee6767a7a5195b5 2574 libapache-poi-java_4.0.1-6.dsc
 ce7cf1dd4b915675a5e343d1e165d9adc77473fe 16972 
libapache-poi-java_4.0.1-6.debian.tar.xz
 db531711a5d2fcbfc01f6f8ed8e7e1b80dce0e97 15646 
libapache-poi-java_4.0.1-6_amd64.buildinfo
Checksums-Sha256:
 75d6a4fd3846c7d95bdfcc5c2430fdbc806449ec03572e9b5bee339a217200a6 2574 
libapache-poi-java_4.0.1-6.dsc
 044358e85a7d16476b8ed833f81e5aa67ba2b50ed6ff2e7ece644c879a357c88 16972 
libapache-poi-java_4.0.1-6.debian.tar.xz
 73a088a3a24a424bbc32224fff995c2892e199176025086e593258988eef5f22 15646 
libapache-poi-java_4.0.1-6_amd64.buildinfo
Files:
 027f90dc2f7e9ec9030e9e17de5f7059 2574 java optional 
libapache-poi-java_4.0.1-6.dsc
 95c078192dab690267234c430aeee8bb 16972 java optional 
libapache-poi-java_4.0.1-6.debian.tar.xz
 3878181e2f49d7c3756602afa5693483 15646 java optional 
libapache-poi-java_4.0.1-6_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmXpSuMUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpbuehAAypNcvMyb4zsWJmyaFf7AosoWtLGH
Wo61lUAEt+ABJrqE99BlCIrT2XRyISkTcoRrJrOBt861kgg0r6h+

Processed: owner 1065455

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> owner 1065455 !
Bug #1065455 [src:libapache-poi-java] libapache-poi-java: FTBFS due to 
commons-compress upgrade
Owner recorded as tony mancill .
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1065455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: remove java 21 ftbfs

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> user debian-j...@lists.debian.org
Setting user to debian-j...@lists.debian.org (was vladimir.pe...@canonical.com).
> usertag 1065455 -default-java21
Usertags were: default-java21.
There are now no usertags set.
> retitle 1065455 libapache-poi-java: FTBFS due to commons-compress upgrade
Bug #1065455 [src:libapache-poi-java] libapache-poi-java:  FTBFS with default 
Java 21
Changed Bug title to 'libapache-poi-java: FTBFS due to commons-compress 
upgrade' from 'libapache-poi-java:  FTBFS with default Java 21'.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1065455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.