Bug#747054: FTBFS: package javax.servlet.http does not exist

[Hideki Yamane]

control: tags -1 +unreproducible

Hi,

> I've rebuilt eclipse package in current sid using pbuilder and didn't 
> encounter any error.
> Can someone please confirm this bug is still relevant?

 me too (cowbuilder amd64/sid), so once tag it as unreproducible.

-- 
Regards,

 Hideki Yamane henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: RE: FTBFS: package javax.servlet.http does not exist

[Debian Bug Tracking System]

Processing control commands:

> tags -1 +unreproducible
Bug #747054 [eclipse] FTBFS: package javax.servlet.http does not exist
Added tag(s) unreproducible.

-- 
747054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747054
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#745897: marked as done (libstruts1.2-java: CVE-2014-0114)

[Debian Bug Tracking System]

Your message dated Sat, 31 May 2014 04:18:57 +
with message-id 
and subject line Bug#745897: fixed in libstruts1.2-java 1.2.9-9
has caused the Debian Bug report #745897,
regarding libstruts1.2-java: CVE-2014-0114
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
745897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745897
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libstruts1.2-java
Version: 1.2.9-8
Severity: grave
Tags: security

Dear Maintainer,

In https://security-tracker.debian.org/tracker/CVE-2014-0094 :

>Notes
>- libstruts1.2-java  (Affects Struts 2.0.0 - Struts 2.3.16)

But CVE-2014-0094 is known to affect Struts 1.x.


Regards,
Nobuhiro
--- End Message ---
--- Begin Message ---
Source: libstruts1.2-java
Source-Version: 1.2.9-9

We believe that the bug you reported is fixed in the latest version of
libstruts1.2-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 745...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hideki Yamane  (supplier of updated libstruts1.2-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 31 May 2014 12:28:56 +0900
Source: libstruts1.2-java
Binary: libstruts1.2-java
Architecture: source all
Version: 1.2.9-9
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Hideki Yamane 
Description: 
 libstruts1.2-java - Java Framework for MVC web applications
Closes: 745897
Changes: 
 libstruts1.2-java (1.2.9-9) unstable; urgency=high
 .
   * Team upload.
   * debian/patches
 - add struts-1.2.9-CVE-2014-0114.patch from Red Hat to fix CVE-2014-0114
   (Closes: #745897)
Checksums-Sha1: 
 290fd8596b4efd53158530670a8ce934580895ec 2325 libstruts1.2-java_1.2.9-9.dsc
 56f193f9e3af27ee3334033da349a2e713fd3702 8236 
libstruts1.2-java_1.2.9-9.debian.tar.xz
 2a0adc7f7a2ea2f8082a077d004c41dfd5ff5eb1 621192 
libstruts1.2-java_1.2.9-9_all.deb
Checksums-Sha256: 
 2640dd0d667e7879174bbe95f088ad69997bde0a2d91de78f1e2b5a1a31e0cff 2325 
libstruts1.2-java_1.2.9-9.dsc
 8267115ffe92b225fd48000fefaab4b440fcd356085b3d5447f3fe4860335911 8236 
libstruts1.2-java_1.2.9-9.debian.tar.xz
 31520ac13076c91befbfe32da03f1655f426dc0e337a5cbd93b3de58384bdea2 621192 
libstruts1.2-java_1.2.9-9_all.deb
Files: 
 6323eccadeae834b464a27e7d44f156d 621192 java optional 
libstruts1.2-java_1.2.9-9_all.deb
 cbccb4d85125c9996980de6c3f0f0047 2325 java optional 
libstruts1.2-java_1.2.9-9.dsc
 5433eaa3d10113262fef9e3b4f1d821e 8236 java optional 
libstruts1.2-java_1.2.9-9.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJTiU4gAAoJEF0yjQgqqrFAd2IP/ROlzajD7uhEgiDFGqt5vj7Q
znVFcUINDAqar2aetouO7hkbT1J0dnweB5jOfqRNklauY27NJ7lqNHyA4B66NnGD
zs1vIay7QlQ92hSlivuxpaFfy6wh8o0Zg5fRLRBrDuaRxTwBmOzGIL33/bo3/Cqj
5OXWdH/kSauVcns+22qXOpBqXK3AcYWLJwHJkAWi5nHo1X8cLmCAuO7lO4ocf/Dh
3+Q7S6R9jqdYVufznVEDKsMx5lu4cLFUxa/E4H3q3sx3MY1ZmS8PO9Z1i5syJkPE
4QdChJxgPrEUZCt97wpXlJFs/8TSfOue3dBr/qgaoJUryFVgZQSPFG9BkfYe1B/T
JV15SgIAfdEc8YdLicjAaJrrCNDz5VrBmYAWMZnGpU1klDaoUAFGcTfbPO7GYzpa
75hvqwnGHtxt8nunWuvBMrUIGJ3Sv4a7eCkIRCO0IWldEllFlpORUJwRNNuWaHA/
34SPpSGbS88DU1BmEpoGZ1XQ6ok9uiGwqnsrhbcLtvxAzcaYqZ/SOHRCgRObQvId
APylVV468ztK6vyrSNUb48G1/QINBjTnj1d3F/izQ8DgZnzWJx7jV5obzQo7xKU8
ewel2dDU35NBzuzt7ehGHMXbLD92YGzu3PN0SWJ+gOwANF9z1LjFrmeJEClJ0xRb
4mCfQSM1wZugwKR2w7F5
=Y23l
-END PGP SIGNATURE End Message ---
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libstruts1.2-java_1.2.9-9_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 31 May 2014 12:28:56 +0900
Source: libstruts1.2-java
Binary: libstruts1.2-java
Architecture: source all
Version: 1.2.9-9
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Hideki Yamane 
Description: 
 libstruts1.2-java - Java Framework for MVC web applications
Closes: 745897
Changes: 
 libstruts1.2-java (1.2.9-9) unstable; urgency=high
 .
   * Team upload.
   * debian/patches
 - add struts-1.2.9-CVE-2014-0114.patch from Red Hat to fix CVE-2014-0114
   (Closes: #745897)
Checksums-Sha1: 
 290fd8596b4efd53158530670a8ce934580895ec 2325 libstruts1.2-java_1.2.9-9.dsc
 56f193f9e3af27ee3334033da349a2e713fd3702 8236 
libstruts1.2-java_1.2.9-9.debian.tar.xz
 2a0adc7f7a2ea2f8082a077d004c41dfd5ff5eb1 621192 
libstruts1.2-java_1.2.9-9_all.deb
Checksums-Sha256: 
 2640dd0d667e7879174bbe95f088ad69997bde0a2d91de78f1e2b5a1a31e0cff 2325 
libstruts1.2-java_1.2.9-9.dsc
 8267115ffe92b225fd48000fefaab4b440fcd356085b3d5447f3fe4860335911 8236 
libstruts1.2-java_1.2.9-9.debian.tar.xz
 31520ac13076c91befbfe32da03f1655f426dc0e337a5cbd93b3de58384bdea2 621192 
libstruts1.2-java_1.2.9-9_all.deb
Files: 
 6323eccadeae834b464a27e7d44f156d 621192 java optional 
libstruts1.2-java_1.2.9-9_all.deb
 cbccb4d85125c9996980de6c3f0f0047 2325 java optional 
libstruts1.2-java_1.2.9-9.dsc
 5433eaa3d10113262fef9e3b4f1d821e 8236 java optional 
libstruts1.2-java_1.2.9-9.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJTiU4gAAoJEF0yjQgqqrFAd2IP/ROlzajD7uhEgiDFGqt5vj7Q
znVFcUINDAqar2aetouO7hkbT1J0dnweB5jOfqRNklauY27NJ7lqNHyA4B66NnGD
zs1vIay7QlQ92hSlivuxpaFfy6wh8o0Zg5fRLRBrDuaRxTwBmOzGIL33/bo3/Cqj
5OXWdH/kSauVcns+22qXOpBqXK3AcYWLJwHJkAWi5nHo1X8cLmCAuO7lO4ocf/Dh
3+Q7S6R9jqdYVufznVEDKsMx5lu4cLFUxa/E4H3q3sx3MY1ZmS8PO9Z1i5syJkPE
4QdChJxgPrEUZCt97wpXlJFs/8TSfOue3dBr/qgaoJUryFVgZQSPFG9BkfYe1B/T
JV15SgIAfdEc8YdLicjAaJrrCNDz5VrBmYAWMZnGpU1klDaoUAFGcTfbPO7GYzpa
75hvqwnGHtxt8nunWuvBMrUIGJ3Sv4a7eCkIRCO0IWldEllFlpORUJwRNNuWaHA/
34SPpSGbS88DU1BmEpoGZ1XQ6ok9uiGwqnsrhbcLtvxAzcaYqZ/SOHRCgRObQvId
APylVV468ztK6vyrSNUb48G1/QINBjTnj1d3F/izQ8DgZnzWJx7jV5obzQo7xKU8
ewel2dDU35NBzuzt7ehGHMXbLD92YGzu3PN0SWJ+gOwANF9z1LjFrmeJEClJ0xRb
4mCfQSM1wZugwKR2w7F5
=Y23l
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libstruts1.2-java_1.2.9-9_amd64.changes

[Debian FTP Masters]

libstruts1.2-java_1.2.9-9_amd64.changes uploaded successfully to localhost
along with the files:
  libstruts1.2-java_1.2.9-9_all.deb
  libstruts1.2-java_1.2.9-9.dsc
  libstruts1.2-java_1.2.9-9.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#749957: lwjgl: FTBFS - build-conflicts binutils-gold (which binutils provides)

[Michael Tautschnig]

Package: lwjgl
Version: 2.7.1+dfsg-3
Severity: serious
Usertags: goto-cc

During a rebuild of all Debian packages in a clean sid chroot (using cowbuilder
and pbuilder) the build failed with the following error.

[...]
I: Running /usr/bin/dpkg-buildpackage -rfakeroot -us -uc ${DEBBUILDOPTS}
dpkg-buildpackage: source package lwjgl
dpkg-buildpackage: source version 2.7.1+dfsg-3
dpkg-buildpackage: source distribution unstable
dpkg-buildpackage: source changed by Michael Gilbert 
 dpkg-source --before-build lwjgl-2.7.1+dfsg
dpkg-buildpackage: host architecture amd64

dpkg-source: warning: unknown information field 'Dm-Upload-Allowed' in input 
data in general section of control info file
dpkg-checkbuilddeps: Build conflicts: binutils-gold
dpkg-buildpackage: warning: build dependencies/conflicts unsatisfied; aborting
dpkg-buildpackage: warning: (Use -d flag to override.)

While you may with to cleanup the DM-Upload-Allowed bit, the build conflicts on
binutils-gold is the main problem:

~/lwjgl-2.7.1+dfsg# apt-cache show binutils
Package: binutils
Version: 2.24.51.20140425-1
Installed-Size: 18611
Maintainer: Matthias Klose 
Architecture: amd64
Replaces: binutils-gold (<< 2.20.51.20100415), binutils-mingw-w64-i686 (<< 
2.23.52.20130612-1+3), binutils-mingw-w64-x86-64 (<< 2.23.52.20130612-1+3)
Provides: binutils-gold, elf-binutils

Removing binutils is obviously not an option.

Best,
Michael



pgpWF6utuZuiR.pgp
Description: PGP signature
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: RE: lucene-solr: FTBFS - java.lang.NoClassDefFoundError: org/apache/tomcat/util/descriptor/LocalResolver

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 libtomcat6-java
Bug #749364 [lucene-solr] lucene-solr: FTBFS - java.lang.NoClassDefFoundError: 
org/apache/tomcat/util/descriptor/LocalResolver
Bug reassigned from package 'lucene-solr' to 'libtomcat6-java'.
No longer marked as found in versions 3.6.2+dfsg-2.
Ignoring request to alter fixed versions of bug #749364 to the same values 
previously set

-- 
749364: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749364
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#749364: lucene-solr: FTBFS - java.lang.NoClassDefFoundError: org/apache/tomcat/util/descriptor/LocalResolver

[Hideki Yamane]

control: reassign -1 libtomcat6-java

Hi,

> [...]
> BUILD FAILED
> /srv/jenkins-slave/workspace/sid-goto-cc-lucene-solr/lucene-solr-3.6.2+dfsg/solr/build.xml:322:
>  The following error occurred while executing this line:
> /srv/jenkins-slave/workspace/sid-goto-cc-lucene-solr/lucene-solr-3.6.2+dfsg/solr/webapp/build.xml:36:
>  java.lang.NoClassDefFoundError: 
> org/apache/tomcat/util/descriptor/LocalResolver

 It seems to be caused by changes in tomcat6 upstream.
 Once failed to build lucene-solr, I've downgraded libtomcat6-java package
 to libtomcat6-java_6.0.35-6+deb7u1_all.deb and then succeeded to build.


$ diff -urN tomcat6-6.0.35 tomcat6-6.0.41 | grep LocalResolver
+import org.apache.tomcat.util.descriptor.LocalResolver;
+this.entityResolver = new LocalResolver(
+import org.apache.tomcat.util.descriptor.LocalResolver;
+this.entityResolverInstance = new LocalResolver(
+EntityResolver2 resolver = new LocalResolver(SERVLET_API_PUBLIC_IDS,
diff -urN 
tomcat6-6.0.35/java/org/apache/tomcat/util/descriptor/LocalResolver.java 
tomcat6-6.0.41/java/org/apache/tomcat/util/descriptor/LocalResolver.java
--- tomcat6-6.0.35/java/org/apache/tomcat/util/descriptor/LocalResolver.java
1970-01-01 09:00:00.0 +0900
+++ tomcat6-6.0.41/java/org/apache/tomcat/util/descriptor/LocalResolver.java
2014-04-11 08:25:06.0 +0900
+public class LocalResolver implements EntityResolver2 {
+public LocalResolver(Map publicIds,

 In stable package, there's no 
java/org/apache/tomcat/util/descriptor/LocalResolver.java
 file.

-- 
Regards,

 Hideki Yamane henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libowasp-antisamy-java_1.5.3+dfsg-1_amd64.changes ACCEPTED into unstable, unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 30 May 2014 14:23:32 +0100
Source: libowasp-antisamy-java
Binary: libowasp-antisamy-java libowasp-antisamy-java-doc
Architecture: source all
Version: 1.5.3+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers 

Changed-By: Matthew Vernon 
Description: 
 libowasp-antisamy-java - OWASP AntiSamy
 libowasp-antisamy-java-doc - Documentation for OWASP AntiSamy
Changes: 
 libowasp-antisamy-java (1.5.3+dfsg-1) unstable; urgency=low
 .
   * Remove src/test/resources/s from source tarball, as not distributable
Checksums-Sha1: 
 f091f621b14be4fcf75f6c8e2fcdfaaa8e20e216 2374 
libowasp-antisamy-java_1.5.3+dfsg-1.dsc
 cc98f82c999dee0b273146c548cc07b99dbfb3c4 60989 
libowasp-antisamy-java_1.5.3+dfsg.orig.tar.bz2
 fcce22b580710e217c9d8ee19397b4278e44c80d 3345 
libowasp-antisamy-java_1.5.3+dfsg-1.debian.tar.gz
 1842a44c8bb37528e75fef4f440d00e996d223e8 86698 
libowasp-antisamy-java_1.5.3+dfsg-1_all.deb
 c2076251071eb0268dbb3fc485687cf23eb77a4b 250406 
libowasp-antisamy-java-doc_1.5.3+dfsg-1_all.deb
Checksums-Sha256: 
 3443efd02a793eb134de00d94fce5f2816b970bdc94944e046cc8e4d9acc135c 2374 
libowasp-antisamy-java_1.5.3+dfsg-1.dsc
 4c3b220a03cfec13177fbfb668401e4849fa6b04f7a8aa4c2614d6bbc78c000e 60989 
libowasp-antisamy-java_1.5.3+dfsg.orig.tar.bz2
 001ce8abbe0849828c3b4887729c73b0519e0462d246827603faa6e490824f05 3345 
libowasp-antisamy-java_1.5.3+dfsg-1.debian.tar.gz
 32aa5b8aa36245cf2b37d59939aad18783c0aa88da87ca31e898647d6d70af03 86698 
libowasp-antisamy-java_1.5.3+dfsg-1_all.deb
 f3cebc02beb586e40017b264dc383c0c8a87d069b12d24bcb921ad85a9ce968e 250406 
libowasp-antisamy-java-doc_1.5.3+dfsg-1_all.deb
Files: 
 53d3d0b029cf7554a3bc30bd773be51d 2374 java optional 
libowasp-antisamy-java_1.5.3+dfsg-1.dsc
 8a60f1e3b76e749b694702985495fae4 60989 java optional 
libowasp-antisamy-java_1.5.3+dfsg.orig.tar.bz2
 fca6e226a29e5ba22e4bfea9deb8c92f 3345 java optional 
libowasp-antisamy-java_1.5.3+dfsg-1.debian.tar.gz
 cdb36e7d38ab5606c69fc0c33205c695 86698 java optional 
libowasp-antisamy-java_1.5.3+dfsg-1_all.deb
 eb783f0853e51c0c27cd7aca1dfae5f9 250406 doc optional 
libowasp-antisamy-java-doc_1.5.3+dfsg-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIVAwUBU4iffxL00hyPamPIAQjldhAAqDFvsdO1W92/D2vhKnD7h3M2+tU0wjL8
3lNdbMkXcgDFUI+TR/mM+4VOJIT+OpjMHL7FpPsbKIIqRFKT5xxAGJB7gbujFoRS
god+EFXCz7RvihLGzw/FtNkRz8h50Gc61k/5NL16BWHBRm5gpYwwB+4GHl0LBvIa
y6J6/q1MVDV4P/oYC1vsbyEdqPKA6an3jAsQODvJ6PnnuIsbbNaqiqDKRgs3sYU/
C8kXZrw2NWCU95hVRZ7PIRsYqm8wZtggLSXeNrZK5tWq8Z7Gw9fLcDf29jQH/3fF
B3Wa/d7P9334OBCxFHz4IoiMtIkvy39UKwJRfd4P/2w4yc6giWvgz6PcggG+wSPH
Td0N24UVma2/nNz8wbVN4qWwMeH5iVBe0NzaGkKJXRvQitivpQex/K36rF1ozY3o
U/eJQnsU2EkqCk/m7x1smufYN3LR5WEmk6OZjrK6ufq4RXRJfoOzWqAGmmrCRlex
3KM0p0/AsNFOT6w6eKqiancdr9R/o3Vbcb9n7rjDUy6M2nMPkIq6S+yQpX3dbXJj
UPpEof8Q9xGiCi0h7hOpgCe38asWzaiAmKbhPV5EXn6b2JdtxwrVGCOOXxb/VCQK
vrCKLTTIVTnys7w8pvbZnYfy0kFPJEB0zQ0rvr9vw+z7xtQ2UxRKrZGF8y1XT8EG
OU0J+CkyM9U=
=I8iy
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Comments regarding libowasp-antisamy-java_1.5.3+dfsg-1_amd64.changes

[Thorsten Alteholz]

Hi Matthew,

I marked your package for accept now, but please take care of:
 W: libowasp-antisamy-java: copyright-refers-to-deprecated-bsd-license-file

Thanks!
 Thorsten



__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libasm4-java 5.0.3-1 MIGRATED to testing

[Debian testing watch]

FYI: The status of the libasm4-java source package
in Debian's testing distribution has changed.

  Previous version: 5.0.1-2
  Current version:  5.0.3-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

groovy 1.8.6-4 MIGRATED to testing

[Debian testing watch]

FYI: The status of the groovy source package
in Debian's testing distribution has changed.

  Previous version: 1.8.6-1
  Current version:  1.8.6-4

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

jssc 2.6.0-5 MIGRATED to testing

[Debian testing watch]

FYI: The status of the jssc source package
in Debian's testing distribution has changed.

  Previous version: 2.6.0-2
  Current version:  2.6.0-5

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libowasp-antisamy-java_1.5.3+dfsg-1_amd64.changes is NEW

[Debian FTP Masters]

binary:libowasp-antisamy-java is NEW.
binary:libowasp-antisamy-java-doc is NEW.
source:libowasp-antisamy-java is NEW.

Your package has been put into the NEW queue, which requires manual action
from the ftpteam to process. The upload was otherwise valid (it had a good
OpenPGP signature and file hashes are valid), so please be patient.

Packages are routinely processed through to the archive, and do feel
free to browse the NEW queue[1].

If there is an issue with the upload, you will recieve an email from a
member of the ftpteam.

If you have any questions, you may reply to this email.

[1]: https://ftp-master.debian.org/new.html

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

commons-beanutils_1.9.2-1_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Fri, 30 May 2014 13:58:47 +0200
Source: commons-beanutils
Binary: libcommons-beanutils-java libcommons-beanutils-java-doc
Architecture: source all
Version: 1.9.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description: 
 libcommons-beanutils-java - Apache Commons BeanUtils - Utility for 
manipulating Java beans
 libcommons-beanutils-java-doc - Apache Commons BeanUtils - Documentation
Changes: 
 commons-beanutils (1.9.2-1) unstable; urgency=medium
 .
   * New upstream release
   * Disabled the BeanMap test which relies on a class not packaged in Debian
   * Moved the package to Git
Checksums-Sha1: 
 6a252ceb85321f9de0ed8fee6b7abad0a584e8bc 2490 commons-beanutils_1.9.2-1.dsc
 7817503fffe5c0f4d6b3ba7a840cea7f4eba199a 396910 
commons-beanutils_1.9.2.orig.tar.gz
 209f930ca62875beb48d2279e1355985479eb6ec 5188 
commons-beanutils_1.9.2-1.debian.tar.xz
 54a7305dac1ba94ccf97142e1f2ca8d67806d93e 216548 
libcommons-beanutils-java_1.9.2-1_all.deb
 d9069f87ffe82660fc37f76a0b0b377437dd1c9c 1630218 
libcommons-beanutils-java-doc_1.9.2-1_all.deb
Checksums-Sha256: 
 9f0fc4dd20174ae91f1542efab06f41fbe4ded13f60e334ce31d90e9af8347d5 2490 
commons-beanutils_1.9.2-1.dsc
 91fccad3b65f278bad98df1aa8467f2d3df6095f41b2db39d2c12863fb2c0049 396910 
commons-beanutils_1.9.2.orig.tar.gz
 a7af769f55763ba30d03aae046d53b583fbff66ab464ad294217dc14fc8ea141 5188 
commons-beanutils_1.9.2-1.debian.tar.xz
 d477f9a5d0aefb7edd0cf5f1e15cbb3774fac9ef370ae521b45b3b35c81d63cd 216548 
libcommons-beanutils-java_1.9.2-1_all.deb
 588ed362bd5c803b0a74d854794eb53ee96c5eb3f11d1e073c80ce69ad42ed32 1630218 
libcommons-beanutils-java-doc_1.9.2-1_all.deb
Files: 
 5eefd4ca0fed7ff56c010ac509542b52 216548 java optional 
libcommons-beanutils-java_1.9.2-1_all.deb
 bfe516a2369540311c822846f7db0781 1630218 doc optional 
libcommons-beanutils-java-doc_1.9.2-1_all.deb
 605ff1bda2ac6f0d95dd075f26c5fa31 2490 java optional 
commons-beanutils_1.9.2-1.dsc
 13233b217eca7af8abdfa66a20dcc020 396910 java optional 
commons-beanutils_1.9.2.orig.tar.gz
 ebc4d5b007f69366ea0f88242e9ee27f 5188 java optional 
commons-beanutils_1.9.2-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJTiJGGAAoJEPUTxBnkudCsiA8QAIk7MOkt9g/oBb45xYYc2cmd
XuWdCO4LXRi647iPXJkONOcZKn7nJgJhcafSbKBbZ945qsBBFkPva6iBx85sDP0x
0kbOLKH0Bqg7tgEDAaMdVFB0lkaLnzmVgn8IkOV2CTiAU89sGTxK3bic4bxVCTfG
WiLCrGWEXpZaq4lYFLaGBtIqs26AMIYcnAJtTYqIuww/NM7DmEbI9oZhhjhHKA9u
2NOI4ZTk+enGt3m8iyEx/5DlVAqrSVxDldxN/FSgnGukKdtqZyKLkSHubR7c/M84
hDRElgKGBBEfCnL5HYJgGhzZcWWtAcrdIhisPLeZfoaJGv/7I88kgCTMJlfYUxiz
y3U34hYIfKrzby8ZiLOYNmyKuZVmMmhwv+FL4Te22h1FCmfRDtGjhBiERSf2yTAK
5BYVmVXEjzKC+RPyyjlGQHa0HJ6qbSl/Sg/R4eGc4aVazXLywfzQSJ1j3fYytbmq
Yz92YzCUiBZar75I5alrPub2WRlNZuI0qzpPCHPyX7kQ2yaQtaASroHf2EzvjME5
X8rN/ScvQbQkjeb+8QX0vx9LFcIw+aJHcBhEhFS69hs+TGwb8izpoZTvrBJ7vRGc
4mBjWP8hSPdJTU5FoPm6+4FaIqkQHtFCy2xMTbHRvFlNe0PY+ZBvc74NtvK39Z4Y
KWnCU6VqL2mYaoLppF/x
=dqaB
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libowasp-antisamy-java_1.5.3+dfsg-1_amd64.changes

[Debian FTP Masters]

libowasp-antisamy-java_1.5.3+dfsg-1_amd64.changes uploaded successfully to 
localhost
along with the files:
  libowasp-antisamy-java_1.5.3+dfsg-1.dsc
  libowasp-antisamy-java_1.5.3+dfsg.orig.tar.bz2
  libowasp-antisamy-java_1.5.3+dfsg-1.debian.tar.gz
  libowasp-antisamy-java_1.5.3+dfsg-1_all.deb
  libowasp-antisamy-java-doc_1.5.3+dfsg-1_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of commons-beanutils_1.9.2-1_amd64.changes

[Debian FTP Masters]

commons-beanutils_1.9.2-1_amd64.changes uploaded successfully to localhost
along with the files:
  libcommons-beanutils-java_1.9.2-1_all.deb
  libcommons-beanutils-java-doc_1.9.2-1_all.deb
  commons-beanutils_1.9.2-1.dsc
  commons-beanutils_1.9.2.orig.tar.gz
  commons-beanutils_1.9.2-1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Re: libowasp-antisamy-java_1.5.3-1_amd64.changes REJECTED

[Matthew Vernon]

On 30/05/14 10:47, Emmanuel Bourg wrote:
> Le 30/05/2014 11:37, Matthew Vernon a écrit :
> 
>> It's difficult to determine what license they might be covered by;
>> AFAICT they are the result of pointing something like wget at a bunch of
>> sites, namely: cnn.com, deadspin.com, fark.com, google.com,
>> microsoft.com, slashdot.org
> 
> In this case I don't think we are allowed to distribute them.
> libjsoup-java also had HTML pages from Google, Yahoo and The New York
> Times, and we replaced them with pages from Wikipedia.

Right, I think then the answer is to remove the src/test/resources/s
directory.

Thanks,

Matthew


__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Re: libowasp-antisamy-java_1.5.3-1_amd64.changes REJECTED

[Emmanuel Bourg]

Le 30/05/2014 11:37, Matthew Vernon a écrit :

> It's difficult to determine what license they might be covered by;
> AFAICT they are the result of pointing something like wget at a bunch of
> sites, namely: cnn.com, deadspin.com, fark.com, google.com,
> microsoft.com, slashdot.org

In this case I don't think we are allowed to distribute them.
libjsoup-java also had HTML pages from Google, Yahoo and The New York
Times, and we replaced them with pages from Wikipedia.

Emmanuel Bourg


__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Re: libowasp-antisamy-java_1.5.3-1_amd64.changes REJECTED

[Emmanuel Bourg]

Le 30/05/2014 11:11, Matthew Vernon a écrit :

> What would you prefer? i) has the advantages of leaving the source as
> upstream have it in their SVN ; ii) is perhaps the right compromise
> option; iii) seems too extreme.

IMHO if the minified JavaScript files are only test objects they should
be left as is (assuming they are available under an appropriate license).

If the purpose of a library is to process a prebuilt binary we should
allow the binaries used for testing purposes to remain in the source
package. For example there are Java libraries that process .jar files,
and in these cases the binary objects processed by the tests are
preserved in the source packages.

Emmanuel Bourg


__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Re: libowasp-antisamy-java_1.5.3-1_amd64.changes REJECTED

[Matthew Vernon]

On 30/05/14 10:32, Emmanuel Bourg wrote:
> Le 30/05/2014 11:11, Matthew Vernon a écrit :
> 
>> What would you prefer? i) has the advantages of leaving the source as
>> upstream have it in their SVN ; ii) is perhaps the right compromise
>> option; iii) seems too extreme.
> 
> IMHO if the minified JavaScript files are only test objects they should
> be left as is (assuming they are available under an appropriate license).

It's difficult to determine what license they might be covered by;
AFAICT they are the result of pointing something like wget at a bunch of
sites, namely: cnn.com, deadspin.com, fark.com, google.com,
microsoft.com, slashdot.org

They're used for testing the performance of the library; the library is
aimed at letting you handle user-supplied HTML/CSS safely (i.e. avoiding
XSS etc.) [see
https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project for more
on the purpose of antisamy]

Regards,

Matthew

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libowasp-esapi-java_2.1.0-2_amd64.changes is NEW

[Debian FTP Masters]

binary:libowasp-esapi-java is NEW.
binary:libowasp-esapi-java-doc is NEW.
source:libowasp-esapi-java is NEW.

Your package has been put into the NEW queue, which requires manual action
from the ftpteam to process. The upload was otherwise valid (it had a good
OpenPGP signature and file hashes are valid), so please be patient.

Packages are routinely processed through to the archive, and do feel
free to browse the NEW queue[1].

If there is an issue with the upload, you will recieve an email from a
member of the ftpteam.

If you have any questions, you may reply to this email.

[1]: https://ftp-master.debian.org/new.html

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Re: libowasp-esapi-java_2.1.0-1_amd64.changes REJECTED

[Matthew Vernon]

Hi,

On 22/05/14 14:00, Thorsten Alteholz wrote:

> For example src/test/resources/log4j.dtd is licensed under Apache-2, 
> which is not mentioned in debian/coypright. 
> There might be other licenses missing!

Well spotted; I rashly belived upstream's LICENSE-README :-/. I did some
grepping and just found 2 apache-2 licensed files; I've updated
copyright accordingly, and uploaded again (also noting the git repo
location).

> Do you really want to dirstribute all those .svn-directories in the 
> source tarball?

Oops. Fixed.

Thanks,

Matthew


__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Re: libowasp-antisamy-java_1.5.3-1_amd64.changes REJECTED

[Matthew Vernon]

Hi,

On 22/05/14 14:00, Thorsten Alteholz wrote:

> Some js-files are licensed under MIT, GPL or Apache-2. These licenses are 
> not mentioned in debian/copyright.
> Please also remove all minified js-files where no sources are provided.

Right, I understand the problem now, and I'd like some advice, please,
before proceeding.

libowasp-antisamy-java (hereafter "antisamy") comes with a test suite,
which we don't use during the build process, as that would involve
creating a policy file just for the build-time tests, and I don't think
that's worth the pain right now.

Part of that test suite is a performance test (
src/test/java/org/owasp/validator/html/test/AntiSamyPerformanceTest.java
) which uses some larger items previously downloaded by upstream from
the internet ( src/test/resources/s ); it's those that contain the
minified js of uncertain license.

I can see 3 ways forward:

i) leave tarball as-is, since the test data aren't used in the build process
ii) rm src/test/resources/s and leave a note in README saying the tests
won't work even if you write a policy file because of the missing data
iii) remove the entire test suite code

What would you prefer? i) has the advantages of leaving the source as
upstream have it in their SVN ; ii) is perhaps the right compromise
option; iii) seems too extreme.

Thanks,

Matthew

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libowasp-esapi-java_2.1.0-2_amd64.changes

[Debian FTP Masters]

libowasp-esapi-java_2.1.0-2_amd64.changes uploaded successfully to localhost
along with the files:
  libowasp-esapi-java_2.1.0-2.dsc
  libowasp-esapi-java_2.1.0.orig.tar.bz2
  libowasp-esapi-java_2.1.0-2.debian.tar.gz
  libowasp-esapi-java_2.1.0-2_all.deb
  libowasp-esapi-java-doc_2.1.0-2_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.