plexus-compiler 2.4-2 MIGRATED to testing

[Debian testing watch]

FYI: The status of the plexus-compiler source package
in Debian's testing distribution has changed.

  Previous version: 1.9.2-2
  Current version:  2.4-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

antlr3 3.2-11 MIGRATED to testing

[Debian testing watch]

FYI: The status of the antlr3 source package
in Debian's testing distribution has changed.

  Previous version: 3.2-10
  Current version:  3.2-11

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

fop 1:1.1.dfsg2-2 MIGRATED to testing

[Debian testing watch]

FYI: The status of the fop source package
in Debian's testing distribution has changed.

  Previous version: 1:1.1.dfsg2-1
  Current version:  1:1.1.dfsg2-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

libcommons-cli-java 1.3.1-2 MIGRATED to testing

[Debian testing watch]

FYI: The status of the libcommons-cli-java source package
in Debian's testing distribution has changed.

  Previous version: 1.2-3
  Current version:  1.3.1-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

maven 3.3.3-2 MIGRATED to testing

[Debian testing watch]

FYI: The status of the maven source package
in Debian's testing distribution has changed.

  Previous version: 3.0.5-6
  Current version:  3.3.3-2

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

java-gnome 4.1.3-4 MIGRATED to testing

[Debian testing watch]

FYI: The status of the java-gnome source package
in Debian's testing distribution has changed.

  Previous version: 4.1.3-3
  Current version:  4.1.3-4

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#792676: libpdfbox-java: pdfannotextractor.pl fails to find org.pdfbox.cos.ICOSVisitor class

[gregor herrmann]

Control: reassign -1 texlive-latex-extra

On Fri, 17 Jul 2015 15:18:44 +0300, Álvaro Herrera wrote:

> I am trying to apply the solution proposed in this answer
> http://tex.stackexchange.com/a/48118/82119 but on following the first
> step, the pdfannotextractor.pl dies with:
> 
> $ /usr/share/texlive/texmf-dist/scripts/pax/pdfannotextractor.pl 
> capturing-ddl.pdf 
> PDFAnnotExtractor 0.1l, 2012/04/18 - Copyright (c) 2008, 2011, 2012 by Heiko 
> Oberdiek.
> Exception in thread "main" java.lang.NoClassDefFoundError: 
> org/pdfbox/cos/ICOSVisitor
> at java.lang.Class.getDeclaredMethods0(Native Method)
> at java.lang.Class.privateGetDeclaredMethods(Class.java:2615)
> at java.lang.Class.getMethod0(Class.java:2856)
> at java.lang.Class.getMethod(Class.java:1668)
> at sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:494)
> at 
> sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:486)
> Caused by: java.lang.ClassNotFoundException: org.pdfbox.cos.ICOSVisitor
> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
> ... 6 more
> 
> I have no idea how to fix this problem.  Maybe I need to specify a
> classpath or something?  I looked at the .pl file itself and there's a
> --install option, but on running it, it says the PDFBox "is already
> found":
> 
> $ /usr/share/texlive/texmf-dist/scripts/pax/pdfannotextractor.pl
> --install
> PDFAnnotExtractor 0.1l, 2012/04/18 - Copyright (c) 2008, 2011, 2012 by Heiko 
> Oberdiek.
> * Nothing to do, because PDFBox is already found:
>   /usr/share/java/pdfbox.jar
> 
> Not quite sure what to do next.  Maybe it's just missing a dependency?

Some observations:

* /usr/share/texlive/texmf-dist/scripts/pax/pdfannotextractor.pl would
  download PDFBox-0.7.3.zip from Sourceforge. That's a quite old
  version (in Debian in oldoldstable).
* Looking at
  pdfbox/src/main/java/org/apache/pdfbox/cos/ICOSVisitor.java (in the
  PDFBox source), I guess that this class is called
  org.apache.pdfbox.cos (and not org.pdfbox.cos) by now.
  A diff in the git repo (upstream tags) shows the same. Pseudo-diff:

diff --git a/current/src/org/pdfbox/cos/ICOSVisitor.java 
b/current/src/org/pdfbox/cos/ICOSVisitor.java
deleted file mode 100644
index 04b7542..000
--- a/current/src/org/pdfbox/cos/ICOSVisitor.java
+++ /dev/null

-package org.pdfbox.cos;
-public interface ICOSVisitor

diff --git a/pdfbox/src/main/java/org/apache/pdfbox/cos/ICOSVisitor.java 
b/pdfbox/src/main/java/org/apache/pdfbox/cos/ICOSVisitor.java
new file mode 100644
index 000..1a09c38
--- /dev/null
+++ b/pdfbox/src/main/java/org/apache/pdfbox/cos/ICOSVisitor.java

+package org.apache.pdfbox.cos;
+public interface ICOSVisitor


My conclusion is that /usr/share/texlive/texmf-dist/scripts/pax/pax.jar
(in texlive-latex-extra) needs to be adjusted to a "recent" version of PDFBox.

Reassigning the bug.


As a workaround it might work to
- download the old PDFBox zip, put the .jar in some directory and
- run the script as
  CLASSPATH=/path/to/PDFBox-0.7.3.jar 
/usr/share/texlive/texmf-dist/scripts/pax/pdfannotextractor.pl capturing-ddl.pdf
(or something similar)


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Crosby Stills & Nash: Teach Your Children Well


signature.asc
Description: Digital Signature
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: Bug#792676: libpdfbox-java: pdfannotextractor.pl fails to find org.pdfbox.cos.ICOSVisitor class

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 texlive-latex-extra
Bug #792676 [libpdfbox-java] libpdfbox-java: pdfannotextractor.pl fails to find 
org.pdfbox.cos.ICOSVisitor class
Bug reassigned from package 'libpdfbox-java' to 'texlive-latex-extra'.
No longer marked as found in versions libpdfbox-java/1:1.8.7+dfsg-1.
Ignoring request to alter fixed versions of bug #792676 to the same values 
previously set

-- 
792676: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792676
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

reactive-streams_1.0.0-1_amd64.changes ACCEPTED into unstable, unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Thu, 16 Jul 2015 12:37:39 +0200
Source: reactive-streams
Binary: libreactive-streams-java
Architecture: source all
Version: 1.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libreactive-streams-java - Standard for asynchronous stream processing with 
non-blocking bac
Closes: 792565
Changes:
 reactive-streams (1.0.0-1) unstable; urgency=medium
 .
   * Initial release (Closes: #792565)
Checksums-Sha1:
 cde585cdf7040c6894da2c4cb2fda2eabfb3e289 2034 reactive-streams_1.0.0-1.dsc
 c03b2b53c4151b47ba3affb1d5d0e138c94dad9d 58788 
reactive-streams_1.0.0.orig.tar.xz
 9a649075dafe1d6121213375beab79b2e992f36d 5924 
reactive-streams_1.0.0-1.debian.tar.xz
 fb23436d7e810b10f04250d4746d761a4341ffd7 6358 
libreactive-streams-java_1.0.0-1_all.deb
Checksums-Sha256:
 d92b65d56506f90e27ed05f48a20468eace088cfa098a8a1630f79ff261df149 2034 
reactive-streams_1.0.0-1.dsc
 c9ed1e0d60edf377066d1fc1c4a76d8038746076a971e7e30e5f347175e73149 58788 
reactive-streams_1.0.0.orig.tar.xz
 cc6079f4f2a948f17d365b34e0c02f439f787b6d2999840d7809671d13b139f1 5924 
reactive-streams_1.0.0-1.debian.tar.xz
 69335a0c8db3079a43c621943f68283799dfab42c6f2d0857655f05825726b52 6358 
libreactive-streams-java_1.0.0-1_all.deb
Files:
 8c75ab66db2954bdc71c524765ee1919 2034 java optional 
reactive-streams_1.0.0-1.dsc
 e14c5342beb66b0338374ebfd8b5e45e 58788 java optional 
reactive-streams_1.0.0.orig.tar.xz
 64a4dd08dc2bb36b626f7c6cd4368f4b 5924 java optional 
reactive-streams_1.0.0-1.debian.tar.xz
 27d361a1bec7ca3a1bb34cd68091a5b6 6358 java optional 
libreactive-streams-java_1.0.0-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJVp6xDAAoJEPUTxBnkudCsFVIQAJX8R0Mx9gjbwSGPegRGbPh+
k2BQjlJ2LOZLqOfXMOVXFlDgnDaxlDpVijjQEalnHYcLwfHv/qmk+t9OZxwQiak7
Sp+ELbgWdJpylddZ1LtI429q6O0qA9PUqOToR3nuEva7mZTt3RW41OSIwG/zoQsz
EIgEo4rtbakG2qibRKvvCwgko7el0GhmJoBA9C6UV7Gn5ahWHA1aQr624X8Hmi7b
y3JptlAyF5SVrDu63dRAc1cL1RroygYmtGVLhwXxGy0y2fgJMeIwd3NfgLNT6Rdd
pr8chsrIruKKdF6f2Qp/UnNtJ5cIaD5TJquAOiIyEZtSs/0ioL5GDeiI5Awt6zDo
6R13vN6MP3u3mUxXOKGlstSopVWhvixBr9v+bxCHFIPIRM5eP5H6URQ3QaJPrg3I
oaxyxrrIdvfOFF/6TToMRrHA8pjLrtBH0/Rvd/YS1g3pvrA6o3MIBNXeuh00uG6M
3AWovBVCVOUo7T+zgvCiGNun98a4da0K/zHt1cXlAGzobH3p51aX2shM5HWFaH/n
/aO8O2dd6kWeJCH9HgfXOpcMJavKE0Zx+Iqt7ftq2v5b80o9rBF/pUqTfVutO4DK
H51c1MB8TLpAUa3xX1wBHlLHZlceJNN19UkF2UNCQQnD1re4T+w3DJtp+zrH9Yq3
IyQKi79ggDeeiFXEmAOH
=NHQH
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

openhft-chronicle-queue_2.0.3-1_amd64.changes ACCEPTED into unstable, unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Fri, 17 Jul 2015 00:06:59 +0200
Source: openhft-chronicle-queue
Binary: libopenhft-chronicle-queue-java
Architecture: source all
Version: 2.0.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libopenhft-chronicle-queue-java - Java library for persisted low latency 
messaging
Closes: 792630
Changes:
 openhft-chronicle-queue (2.0.3-1) unstable; urgency=medium
 .
   * Initial release (Closes: #792630)
Checksums-Sha1:
 e38f06cbe11b13a8c5123edb6698ff5066db1076 2187 
openhft-chronicle-queue_2.0.3-1.dsc
 2b80c85357873d013fc62aece8835130a4a1edad 74436 
openhft-chronicle-queue_2.0.3.orig.tar.gz
 ab3c65a2563aeb9c4748e56c2769d69ab7683082 2976 
openhft-chronicle-queue_2.0.3-1.debian.tar.xz
 e2dd97a14a103be4645c7a64c64e14b9696e60b7 56208 
libopenhft-chronicle-queue-java_2.0.3-1_all.deb
Checksums-Sha256:
 bfccb6600156f0c286edcf3655bdacd64f088df7cedfc0b5259d524b5d67c67c 2187 
openhft-chronicle-queue_2.0.3-1.dsc
 9fdce5e16c2dfbb23d82c8e47d4888fed5e41d8df9180fcb0a010814156f838f 74436 
openhft-chronicle-queue_2.0.3.orig.tar.gz
 086ba8df28115e9aaae57601b6030452244fb1696c135b23f1b24e6d429e 2976 
openhft-chronicle-queue_2.0.3-1.debian.tar.xz
 44b827bdcf0ab4121549415ac7fb984b366a85759ffa636de9ca36f1087630fd 56208 
libopenhft-chronicle-queue-java_2.0.3-1_all.deb
Files:
 d18ad2b1960aac5fa442e7861106c5ea 2187 java optional 
openhft-chronicle-queue_2.0.3-1.dsc
 f2089354bfa59271b631053725a0f3bd 74436 java optional 
openhft-chronicle-queue_2.0.3.orig.tar.gz
 71014b8dc3e39bfa555ccfc50bc3b0f9 2976 java optional 
openhft-chronicle-queue_2.0.3-1.debian.tar.xz
 b0c0ca3edcaff141d4bfc66d9e0ad491 56208 java optional 
libopenhft-chronicle-queue-java_2.0.3-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJVqDK9AAoJEPUTxBnkudCs5aMP/RmKR/b42fwwAPYuHZGcJJvC
PWxOopq5x+HRG6H8MjfL8QlY1uHu4aMHFIbaWp+DBlSGTTV/ZR6o5saw3p0foKFb
cB9TeovcANzZ3xQVSNu4U5LJ/2Cd3LxZVGFdhywD/urj1CNhnTSUAZpwpPZd82/5
EgRvyxr7so+M1S1ILZPqEfmyRVdWIAXns4Tr9BdfepLUGzuVe/jerhI0OilCroXF
BRiRgHP+4S0pn5Tm5wAm/sfrI/ngQ55XdffP72v/GgnvwmTSAoZhsOHL0zvrayi/
hL6v6wzZPrQf2FQL7TgETYAzYorHx+1ZnBOdT8CRkkBSfCgNAArYPv9Yl/xsHn3W
kYtR4F3g7/gN0vCf7jNLnnSMV9o69ksKiKSgui8zYq1lIlHSReGrapL9uTPnHtcC
MNiEUClydnN5tW9pEDVfiuYEItg5vf3RyKvq3eFEEuLfqS4NVP6uxxRXidZVhaxp
H9Du25RWZ41AGBCMWJlBb7SJfolmwoxHnMOUZdSROw6xlnkOfhOke1aX9/ppvYzA
x8PT66nD+GtGtVCJQPpV48ib4gH+auog3pEDRmDJx2Sg9hw+FavevImY+h2gQk0b
fWNWXqfb5p1V+jdTycxXs0cwJvpVUBI3aERvFLwsX8PqJJYymhP9gfsXVtOG+blo
L4D7enoGdidY73r5dqri
=i3dm
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

openhft-lang_6.1.4-1_amd64.changes ACCEPTED into unstable, unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Fri, 17 Jul 2015 00:06:30 +0200
Source: openhft-lang
Binary: libopenhft-lang-java
Architecture: source all
Version: 6.1.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Description:
 libopenhft-lang-java - High Performance Java library for High Frequency Trading
Closes: 792611
Changes:
 openhft-lang (6.1.4-1) unstable; urgency=medium
 .
   * Initial release (Closes: #792611)
Checksums-Sha1:
 cb3046a0acc757a4b5c2b52009761317af102ab6 2090 openhft-lang_6.1.4-1.dsc
 2360fe0ae0e8123d906f082e1dfa81f87d41362d 84057 openhft-lang_6.1.4.orig.tar.gz
 90fd2fa83407561cfebbef97bb2a04ca7e5eae8d 2888 
openhft-lang_6.1.4-1.debian.tar.xz
 9bb72df10998808112cdbe3f442782648750f534 132012 
libopenhft-lang-java_6.1.4-1_all.deb
Checksums-Sha256:
 813406bb1fc735809062b98d1d98c000ae538e91faa9f0c0337ee6deb846eb4d 2090 
openhft-lang_6.1.4-1.dsc
 cf98533710073f09d924eade14d90a8db8f31c022ead9b4347b7a91dd634c719 84057 
openhft-lang_6.1.4.orig.tar.gz
 c7bef39ff85cf7ea188ca0e983bb76428c498cf25c3ddc5311c35a87b5faff48 2888 
openhft-lang_6.1.4-1.debian.tar.xz
 a533479f2c0c996d4ef9d157847d0bb8c346b893036b68a83387f724799e5057 132012 
libopenhft-lang-java_6.1.4-1_all.deb
Files:
 96a0b3ab6d62e047ecf200b626e45c51 2090 java optional openhft-lang_6.1.4-1.dsc
 2ef13bf895c226098c3537763acfd8f4 84057 java optional 
openhft-lang_6.1.4.orig.tar.gz
 48048dafde18ce661d36d0b9f3d99ad2 2888 java optional 
openhft-lang_6.1.4-1.debian.tar.xz
 472111669f837224737ebc3dc5650e1c 132012 java optional 
libopenhft-lang-java_6.1.4-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJVqDJPAAoJEPUTxBnkudCsH00P/17zgYQuiGGDN46A/CrT8CtA
z1u6DH7pXjLx1xCsVnop8U8jaQfZkK5hj9FhMxnGKnf4kgGJhzMigDuEHrF8fsxs
J5K8EsV/ph0X3c8g4n+rrvEGcRg7b6+j8PDg9QZ06H5gOsb5HzlXPMMYTmQq8U/y
k/VIBZsWqgYUP8uvWD/xMCQaEN+6UE1uZe4rKmsRFT1XLb6z7kH7sc+I1wh6/hvG
AixXBR5Ocxsun5ggV6Bni0g8SztoHlkhSA1wlMHiqOy9ODANVCIOx5fSJgqPO377
sito1T7VDOZwKhQ2nAtHKwxuCdPFeeymO8wLE2uTD/fHjoaoBNr1xkYwEvIT8ROi
d1E/HJuLN7YlwtcdCJOhz8e+gycIwFltNVUg7Ok8NQ0m6nfohsIAqaDntuWXElmK
cG9onzAP0tIqR1KFN+5Wb2qXaRHezN+Tt+9BBMH+UIvZvRGEeWaaZ5CrUf8QdWso
GuN0TyaweEFzh4nucqVVYAsghpxTSt2Lyj6QzOxa87FKYuf79kh14/rZpTaigv4n
PUWnnUFIcDxGeunIj3BAZXr1hWcTzOdrMbWPsJLAY5lyzG/2yIOVL1nll4cPgAvh
T2LVhj346o8qzN1NllZBihfiPxf6cWgkapbMtkr6RJO0HikMBcCOgLzX6een6NIh
9HE7SVYjYvIK91vdNHmA
=rdoM
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#792670: androidsdk-ddms: android sdk license appears to violate debian charter

[Luke Kenneth Casson Leighton]

On Fri, Jul 17, 2015 at 1:39 PM, Emmanuel Bourg  wrote:
> I couldn't find these T&C in the upstream Git repository [1].

 oh - that's very good.  ok, that helps enormously... you don't need
to go to the sdk site, you can just bypass it and compile the code
directly from source.  i like that.  ok sorry to have taken up your
time emmanuel, but better safe than sorry :)

l.

> They seem
> to be specific to the SDK package distributed by Google at
> https://developer.android.com/sdk. That doesn't prevent downstream
> packagers like Debian from distributing it under the original Apache-2.0
> license.
>
> [1] https://android.googlesource.com/platform/tools/base/+/master

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#792670: androidsdk-ddms: android sdk license appears to violate debian charter

[Luke Kenneth Casson Leighton]

On Fri, Jul 17, 2015 at 1:11 PM, Emmanuel Bourg  wrote:
> Le 17/07/2015 12:06, Luke Kenneth Casson Leighton a écrit :
>
>> thoughts?
>
> The code from android.googlesource.com clearly comes with an Apache-2.0
> license though. I wonder if these terms and conditions only apply to the
> SDK distributed by Google on developer.android.com. That would be
> somewhat similar to Oracle distributing Java with different terms than
> OpenJDK.

 the discussion is ongoing on a gnu list, and there it was raised that
the T&C are a generic overview that is required to be agreed with *in
addition* to the licenses, some of which, it was pointed out, are GPL
as well as apache2.

 there was an announcement only a few days ago where the FSF pointed
out that canonical's T&Cs clearly contradict the GPL...

  so this is not something that can be taken lightly.

 (case 1) - the T&Cs are over-and-above (i.e. in addition to) the
apache2 license, making the entire software non-free.  this would be
acceptable if and only if the android sdk code was moved to the
"nonfree" section.

 (case 2) the T&Cs *contradict* the GPL (if the person who assessed
the software on the gnu list is correct in that there is some GPL
software), thus placing debian in the rather awkward position of
violating its charter and quite possibly copyright law as well.

 this is why i raised this as "important" as it really really needs a
full and thorough review.  this _should_ be quite straightforward as
the rules on checking that the software is properly compliant
(copyright file) are very clear.  however if you'd like to do a more
thorough audit i have a program called copyright_check.py which does a
heck of a lot more than lintian.  it's an O(N^3) algorithm that
carries out a two-way verification of the copyright file's regexps
with the *actual* copright notices.

it would at least help you to verify that the copyright file correctly
matches (with nothing missing for example) the actual files.

 ... apologies for the extra work!

l.

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#792670: androidsdk-ddms: android sdk license appears to violate debian charter

[Emmanuel Bourg]

I couldn't find these T&C in the upstream Git repository [1]. They seem
to be specific to the SDK package distributed by Google at
https://developer.android.com/sdk. That doesn't prevent downstream
packagers like Debian from distributing it under the original Apache-2.0
license.

[1] https://android.googlesource.com/platform/tools/base/+/master

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#792676: libpdfbox-java: pdfannotextractor.pl fails to find org.pdfbox.cos.ICOSVisitor class

[Álvaro Herrera]

Package: libpdfbox-java
Version: 1:1.8.7+dfsg-1
Severity: important

Dear Maintainer,

I am trying to apply the solution proposed in this answer
http://tex.stackexchange.com/a/48118/82119 but on following the first
step, the pdfannotextractor.pl dies with:

$ /usr/share/texlive/texmf-dist/scripts/pax/pdfannotextractor.pl 
capturing-ddl.pdf 
PDFAnnotExtractor 0.1l, 2012/04/18 - Copyright (c) 2008, 2011, 2012 by Heiko 
Oberdiek.
Exception in thread "main" java.lang.NoClassDefFoundError: 
org/pdfbox/cos/ICOSVisitor
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Class.java:2615)
at java.lang.Class.getMethod0(Class.java:2856)
at java.lang.Class.getMethod(Class.java:1668)
at sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:494)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:486)
Caused by: java.lang.ClassNotFoundException: org.pdfbox.cos.ICOSVisitor
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
... 6 more

I have no idea how to fix this problem.  Maybe I need to specify a
classpath or something?  I looked at the .pl file itself and there's a
--install option, but on running it, it says the PDFBox "is already
found":

$ /usr/share/texlive/texmf-dist/scripts/pax/pdfannotextractor.pl
--install
PDFAnnotExtractor 0.1l, 2012/04/18 - Copyright (c) 2008, 2011, 2012 by Heiko 
Oberdiek.
* Nothing to do, because PDFBox is already found:
  /usr/share/java/pdfbox.jar

Not quite sure what to do next.  Maybe it's just missing a dependency?


-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_CL.utf8, LC_CTYPE=es_CL.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpdfbox-java depends on:
ii  libfontbox-java  1:1.8.7+dfsg-1

libpdfbox-java recommends no packages.

libpdfbox-java suggests no packages.

-- no debconf information

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#792617: marked as done (elasticsearch: CVE-2015-5377 CVE-2015-5531)

[Debian Bug Tracking System]

Your message dated Fri, 17 Jul 2015 12:19:00 +
with message-id 
and subject line Bug#792617: fixed in elasticsearch 1.6.1+dfsg-1
has caused the Debian Bug report #792617,
regarding elasticsearch: CVE-2015-5377 CVE-2015-5531
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
792617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792617
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: elasticsearch
Version: 1.0.3+dfsg-5
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole

Hi,

the following vulnerabilities were published for elasticsearch.
Reporting them right now as severity grave since some details are
missed so feel free to downgrade.

CVE-2015-5377[0]:
Remote code execution vulnerability

CVE-2015-5531[1]:
Directory traversal vulnerability

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-5377
[1] https://security-tracker.debian.org/tracker/CVE-2015-5531
[2] https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: elasticsearch
Source-Version: 1.6.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
elasticsearch, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 792...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilko Bengen  (supplier of updated elasticsearch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 17 Jul 2015 13:18:00 +0200
Source: elasticsearch
Binary: libelasticsearch1.6-java elasticsearch
Architecture: source all
Version: 1.6.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Hilko Bengen 
Changed-By: Hilko Bengen 
Description:
 elasticsearch - Open Source, Distributed, RESTful Search Engine
 libelasticsearch1.6-java - Open Source, Distributed, RESTful Search Engine -- 
libraries
Closes: 792617
Changes:
 elasticsearch (1.6.1+dfsg-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version
 - This fixes CVE-2015-5377 CVE-2015-5531 (Closes: #792617)
Checksums-Sha1:
 1eb21f5295e08033c8cd5df18261fbbc31f8eb46 2733 elasticsearch_1.6.1+dfsg-1.dsc
 c1f34cc1779b847128fabd0e1ba9e5945f96139c 9295720 
elasticsearch_1.6.1+dfsg.orig.tar.xz
 1cddae2da97901e7b550a7e7efa31c12219fdf0c 9492 
elasticsearch_1.6.1+dfsg-1.debian.tar.xz
 4852f5c97092e81864886a911cf9796bce9704ce 18576 
elasticsearch_1.6.1+dfsg-1_all.deb
 6c40cf27821aa3b8e69498cdeb7fcd9e840197f6 12168804 
libelasticsearch1.6-java_1.6.1+dfsg-1_all.deb
Checksums-Sha256:
 30a43f8da4c436d00f382de51df795b640fd2165abf63658b9dac303457d5388 2733 
elasticsearch_1.6.1+dfsg-1.dsc
 e00c88f0d516797778058dffe306180933471fda9897d7295440876c352421fa 9295720 
elasticsearch_1.6.1+dfsg.orig.tar.xz
 b5c358503040706ebfc1ef74daf4c88fac5210dd194ed76b44930488eb8a0015 9492 
elasticsearch_1.6.1+dfsg-1.debian.tar.xz
 f0312af5d526b11560b6e12ac9e5cebcb5160acddbc60f3c9e334202c5882672 18576 
elasticsearch_1.6.1+dfsg-1_all.deb
 e2d028ef300ebc61fff22264a377e4b6318a28c45d8487d4e9ba04e2ee21675a 12168804 
libelasticsearch1.6-java_1.6.1+dfsg-1_all.deb
Files:
 9e4ae87dbb84d9ff0757c39e01993630 2733 database optional 
elasticsearch_1.6.1+dfsg-1.dsc
 32d2d21a8c58609bff401fe776e94f97 9295720 database optional 
elasticsearch_1.6.1+dfsg.orig.tar.xz
 b80dd3df43b32946fab33567abec82e2 9492 database optional 
elasticsearch_1.6.1+dfsg-1.debian.tar.xz
 d1f0532149ed346d12752dce689372f7 18576 database optional 
elasticsearch_1.6.1+dfsg-1_all.deb
 b7d5d6b7598ff4a759917e0fdad2a355 12168804 java optional 
libelasticsearch1.6-java_1.6.1+dfsg-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJVqO7EAAoJEHW3EGNcITp+F2gP/ilNwPQPTfFvjGeuSSYYpP0q
1qZWIZZZ4R517TjPDa4eryWkRzqiSUJlJNwXMqz6HltX5Y0BBlm2+kgrTmaZzQFD
35zhnLSXb9T8+27yqpKkNWHryJGoYVtHFUEg5HEeQ8mIMiEYFSQyOS3ohKRnrT+j
hz50LnaMcVn8ZSEIY9d1bborJaT0kj/7mdG/cK+A0GjMjLVTBS/vcfLXH9mm+5jn
XwvulDmC3o6t0XxKe1MdRF4iURGpQUELgYkybj5mtFzooquli5Fw8OikhBUWk5RF
3X

Bug#792670: androidsdk-ddms: android sdk license appears to violate debian charter

[Emmanuel Bourg]

Le 17/07/2015 12:06, Luke Kenneth Casson Leighton a écrit :

> thoughts?

The code from android.googlesource.com clearly comes with an Apache-2.0
license though. I wonder if these terms and conditions only apply to the
SDK distributed by Google on developer.android.com. That would be
somewhat similar to Oracle distributing Java with different terms than
OpenJDK.

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#792670: androidsdk-ddms: android sdk license appears to violate debian charter

[Luke Kenneth Casson Leighton]

Package: androidsdk-ddms
Severity: important

Dear Maintainer,

i've been alerted to the following in the android sdk terms and conditions:

  3.4 You agree that you will not take any actions that may cause or
  result in the fragmentation of Android, including but not limited to
  distributing, participating in the creation of, or promoting in any
  way a software development kit derived from the SDK.

this is, in my mind, in clear violation of the debian charter and,
if correct, means that the entire android sdk should be pulled,
or at least moved to non-free.

thoughts?

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.