Package: pymongo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for pymongo.
CVE-2024-21506[0]:
| Versions of the package pymongo before 4.6.3 are vulnerable to Out-
| of-bounds Read in the bson module. Using the crafted
+
+ * Fix CVE-2024-25447 and CVE-2024-25448 and CVE-2024-25450.
+A heap-buffer overflow vulnerability was discovered in imlib2 when using
+the tgaflip function in loader_tga.c
+
+ -- Markus Koschany Sat, 06 Apr 2024 22:40:50 +0200
+
imlib2 (1.7.1-2) unstable; urgency=medium
* Drop
Control: tags -1 moreinfo
[already CCed the submitter but forgot to add the bug report]
Hello Daniel,
On Wed, 10 Jan 2024 12:42:34 +0100 Daniel von Obernitz
wrote:
> Package: tomcat10
> Version: 10.1.6-1+deb12u1
> Severity: normal
> X-Debbugs-Cc: t...@security.debian.org
>
> Dear Maintainer,
Hello Shriram,
Am Mittwoch, dem 27.03.2024 um 15:10 +0530 schrieb Shriram Ravindranathan:
> Dear Markus,
>
> On 27/03/24 13:01, Markus Koschany wrote:
> > As this bug report proves, normal people tend to have problems with system
> > services. A system administrator would
Hi Sylvain,
Am Montag, dem 25.03.2024 um 18:48 +0100 schrieb Sylvain Rochet:
> Hi Markus,
>
> On Mon, Mar 25, 2024 at 02:36:59AM +0100, Markus Koschany wrote:
> > Sylvain Rochet wrote:
> > > Actually, the main problem is /lib/systemd/system/monopd.socket which
> >
Sylvain Rochet wrote:
> Actually, the main problem is /lib/systemd/system/monopd.socket which
> set Accept=yes while monopd needs Accept=no (which is the default value).
I wonder if monopd needs a systemd socket file at all and if we should disable
the service after the installation. We have
Hi,
Am Dienstag, dem 16.01.2024 um 08:18 +0100 schrieb Lucas Nussbaum:
> Hi,
>
> Adding debian-lts@l.d.o in the email loop, as asked on IRC.
>
> On 15/01/24 at 21:16 +0100, Lucas Nussbaum wrote:
> > On 15/01/24 at 20:31 +0100, Lucas Nussbaum wrote:
> > > Package: squid
> > > Version:
Am Freitag, dem 12.01.2024 um 03:25 -0500 schrieb Dave Vasilevsky:
> Hi again. It looks like endless-sky 0.10.2 has been in testing for awhile,
> with no reported bugs. This version is quite new, updated in 2023. What do
> you think about adding it to games-finest now?
Hi,
It's still on my todo
Hello,
> Hi,
> Lately I've been getting YouTube ads when I play videos on private windows.
> This among other YouTube bugs (slow loading and such) have been fixed for
> testing and unstable. If they can be backported it would be great.
>
>
> (can be reproduced on a VM with defaults)
My
Hi Francesco,
Am Sonntag, dem 03.12.2023 um 17:42 +0100 schrieb Francesco Ariis:
> Il 03 dicembre 2023 alle 17:14 Markus Koschany ha scritto:
> > I spoke too soon. Tested the wrong Debian release. So it appears the
> > underlying
> > problem is in python3-pygame which
Control: severity -1 grave
I spoke too soon. Tested the wrong Debian release. So it appears the underlying
problem is in python3-pygame which changed significantly between Bullseye and
Bookworm but I'm not sure how I can fix this in seahorse-adventures right now.
signature.asc
Description:
On Tue, 28 Nov 2023 17:59:18 +0100 Joan wrote:
> Package: tomcat10-common
> Version: 10.1.15-1
> Severity: normal
> X-Debbugs-Cc: aseq...@gmail.com
>
> Dear Maintainer,
>
> * What led up to the situation?
> I am trying to use debian's tomcat 10 with java 21, since it's not present on
debian
Am Sonntag, dem 03.12.2023 um 15:10 +0100 schrieb Moritz Muehlenhoff:
> > But maybe we can set it as "no-dsa", is it only used as build
> > dependency for libspring-java and not sensible outside?
>
> Spring is already marked as unsupported, so we can simply extend that.
+1 This is sensible in
Control: severity -1 normal
On Wed, 01 Nov 2023 09:25:19 +0100 Francesco Ariis wrote:
> Package: seahorse-adventures
> Version: 1.1+dfsg-6
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: fa...@ariis.it
>
> Dear Maintainer,
>
> to replicate:
>
> 1. Launch
Am Freitag, dem 01.12.2023 um 13:06 +0100 schrieb Matthias Geiger:
>
> Kotlin is now in debian, is there anything else blocking the update ?
As a start I have built Gradle 4.6 from source with almost only system
libraries but I hit a wall because there seems to be a bug in our Kotlin
version or
istribution: unstable
> > Changed-By: Markus Koschany
> > * New upstream version 1.77. (Closes: #1049356)
>
> Hi Markus,
>
> Thank you for your efforts to get BC updated.
>
> > * Remove backward-compatibility.patch. It is time to fix those issues
>
Source: libitext5-java
Version: 5.5.13.3-2
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
libitext5-java fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods.
Source: ssl-utils-clojure
Version: 3.5.0-2
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
ssl-utils-clojure fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods.
Source: pdftk-java
Version: 3.3.3-1
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
pdftk-java fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The
Source: jdeb
Version: 1.9-1
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
jdeb fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The (hopefully) relevant
Source: libapache-poi-java
Version: 4.0.1-4
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
libapache-poi-java fails to build from source with bouncycastle 1.77. The
reason is the removal of long deprecated
Source: pgpainless
Version: 1.3.16-2
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
pgpainless fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The
Source: libitext-java
Version: 2.1.7-14
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
libitext-java fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The
Source: jglobus
Version: 2.1.0-8.1
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
jglobus fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The (hopefully)
Hi,
On Tue, 28 Feb 2023 22:08:12 +0100 Thomas Uhle
wrote:
> Source: bouncycastle
> Version: 1.72-1
> Severity: normal
>
> Dear maintainers,
>
> I wonder why in debian/rules the pom files were synchronized with the
> ones from Maven having the suffix "-jdk18on" while for building the binary
>
This problem still exists in 1.77 (to be released soon). That sounds like a bnd
problem. I can find a reference to a bnd.sh script but it is not included in
the source distribution. There is also a add_module.sh script. If we can't find
a way to automate this build step, we could use jh_manifest
> > https://salsa.debian.org/java-team/apache-directory-server/-/merge_requests/1
>
> The patch looks good to me. Markus, do you have a preference for this
> patch over updating to M27? I haven't looked closely at the efforts to
> update to M27 aside from the fact that our (other) patches will
Hey,
Am Montag, dem 13.11.2023 um 09:19 + schrieb Bastien Roucariès:
[...]
> Apo can I add myself to your package ? Do you care to comaintain with
> javascript team ?
I assume you are referring to wabt and this bug report [1] ?
Do you have a solution for the circular dependency that
Control: reassign -1 trapperkeeper-webserver-jetty9-clojure
Control: found -1 1.7.0-2+deb10u1
Control: close -1 1.7.0-2+deb10u2
I have just released DLA 3647-1. I believe this problem is fixed in version
1.7.0-2+deb10u2 of trapperkeeper-webserver-jetty9-clojure now.
Regards,
Markus
Am Sonntag, dem 05.11.2023 um 20:35 + schrieb Adam D. Barratt:
> [...]
> After a bit of searching, I happened across a discussion of a similar
> change in a different product that mentioned the
> SslContextFactory$Server syntax, so gave that a try. The resulting
> package is now installed on
r upload.
+ * Replace deprecated class SslContextFactory with SslContextFactory.Server.
+
+ -- Markus Koschany Sun, 05 Nov 2023 18:06:31 +0100
+
trapperkeeper-webserver-jetty9-clojure (1.7.0-2+deb10u1) buster; urgency=medium
[ Manfred Stock ]
diff -Nru trapperkeeper-webserver-jetty9-clojure-1.7
Source: trapperkeeper-webserver-jetty9-clojure
Version: 4.4.1-5
Severity: normal
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
this is a heads-up to let you know that jetty9 has reached its
end-of-life and will not receive official upstream security support anymore.
I plan to package a
Hello,
Am Samstag, dem 04.11.2023 um 17:03 + schrieb Adam D. Barratt:
> Source: jetty9
> Version: 9.4.50-4+deb10u1
> Severity: serious
> X-Debbugs-Cc: d...@debian.org
>
> Hi,
>
> Upgrading libjetty9-java and libjetty9-extra-java to the version from
> DLA 3641-1 reliably causes PuppetDB to
uld expose the application to
+DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
+
+ -- Markus Koschany Tue, 17 Oct 2023 14:05:20 +0200
+
axis (1.4-28) unstable; urgency=medium
* Fixed the build failure with Java 11 (Closes: #911187)
diff -Nru axis-1.4/debian/patches/CVE-2023-40743.p
uld expose the application to
+DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
+
+ -- Markus Koschany Tue, 17 Oct 2023 14:05:20 +0200
+
axis (1.4-28) unstable; urgency=medium
* Fixed the build failure with Java 11 (Closes: #911187)
diff -Nru axis-1.4/debian/patches/CVE-2023-40743.p
Am Dienstag, dem 17.10.2023 um 08:00 +1100 schrieb Sam Lander:
> Hi Emmanuel
> Last night, I re-enabled HTTP2 with the new (9.0.43-2~deb11u8) build.
> Unfortunately, it did not fix my problem.
> I am going to rummage with tcpdump and a purpose-installed debian VM to
> investigate further.
>
Hello and thanks for the report,
I am currently looking into some test failures caused by the recent changes to
Tomcat's HTTP2 stack. The following tests fail for Tomcat9 now. Your issue
might be related. If we can find out more about the problem, we will address it
in a future update as soon as
+
+ * Fix CVE-2023-41887 and CVE-2023-41886:
+OpenRefine is a powerful free, open source tool for working with messy
+data. Prior to this version, a remote code execution vulnerability allows
+any unauthenticated user to execute code on the server.
+
+ -- Markus Koschany Wed, 04 Oct 2023 15
Package: jss
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jss.
CVE-2022-4132[0]:
Tomcat: Memory leak in JSS
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures)
Package: hoteldruid
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for hoteldruid.
CVE-2023-43371[0]:
| Hoteldruid v3.0.5 was discovered to contain a SQL injection
| vulnerability via the numcaselle parameter at
|
od_jk only).
+(Closes: #1051956)
+
+ -- Markus Koschany Sun, 24 Sep 2023 16:40:59 +0200
+
libapache-mod-jk (1:1.2.48-2) unstable; urgency=medium
* Declare compliance with Debian Policy 4.6.2.
diff -Nru libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch
libapache-mod-jk-1.2.48/debian/patche
od_jk only).
+(Closes: #1051956)
+
+ -- Markus Koschany Sun, 24 Sep 2023 17:09:51 +0200
+
libapache-mod-jk (1:1.2.48-1) unstable; urgency=medium
* New upstream version 1.2.48.
diff -Nru libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch
libapache-mod-jk-1.2.48/debian/patches/CVE-2023-4
I have just rebuilt and uploaded xorgxrdp 0.2.12-1+deb11u1 to bullseye-
security. That should resolve the problem at hand.
However I recommend to keep this bug report open and try to address the
dependency problem between xrdp and xorgxrdp. If you claim that without a
rebuild of xorgxrdp a new
Hello,
the new Bullseye version of xrdp is identical to the version in Bookworm. Thus
the underlying problem is probably more complex and I don't suspect that
something is wrong with xrdp itself but more likely with a configuration option
or related software packages which do something different
Control: reassign -1 src:clanlib
Control: tags -1 pending
This is actually a bug in clanlib which surfaced because of the recent uploads
/ rebuilds against glibc > 2.34. The pthread_mutexattr_setkind_np symbol is
obsolete and has been replaced by pthread_mutexattr_settype.
signature.asc
Package: emscripten
Version: 3.1.6~dfsg-5
Severity: important
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
emscripten fails to build from source with the latest version of
binaryen, currently 116, in experimental.
I'm attaching the complete build log. I intend to upload a new version
of
Control: forwarded -1 https://github.com/WebAssembly/binaryen/issues/5947
signature.asc
Description: This is a digitally signed message part
Control: forwarded -1 https://github.com/WebAssembly/binaryen/issues/5946
signature.asc
Description: This is a digitally signed message part
to import it. (Closes: #1041422)
+
+ -- Markus Koschany Thu, 07 Sep 2023 21:22:17 +0200
+
openrefine (3.6.2-2) unstable; urgency=medium
* Depend on libjoda-time-java and liboro-java.
diff -Nru openrefine-3.6.2/debian/patches/CVE-2023-37476.patch
openrefine-3.6.2/debian/patches/CVE-2023-37476.patch
There was another vulnerability, CVE-2023-40477, fixed in version 2:6.23-
1~deb11u1 now.
signature.asc
Description: This is a digitally signed message part
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Please see Debian bug #1050044. Same reasoning applies to Bookworm.
Here rar is only affected by CVE-2023-40477 though.
[ Checklist ]
[x] *all*
:6.0.3-1+deb11u2) bullseye; urgency=high
+
+ [ Markus Koschany ]
+ * Fix CVE-2022-48579:
+It was discovered that UnRAR, an unarchiver for rar files, allows
+extraction of files outside of the destination folder via symlink chains.
+(Closes: #1050080)
+
+ -- YOKOTA Hiroshi Thu, 17 Aug
) bookworm; urgency=medium
+
+ * Fix imlib_clone_image() no longer preserves the alpha channel flag.
+ (Closes: #1041406)
+
+ -- Markus Koschany Tue, 22 Aug 2023 22:52:24 +0200
+
imlib2 (1.10.0-4) unstable; urgency=medium
* Really ignore libjxl-dev on s390x.
diff -Nru imlib2-1.10.0/debian
=high
+
+ * Non maintainer upload.
+ * Fix CVE-2022-48579:
+It was discovered that UnRAR, an unarchiver for rar files, allows
+extraction of files outside of the destination folder via symlink chains.
+(Closes: #1050080)
+
+ -- Markus Koschany Sun, 20 Aug 2023 09:58:26 +0200
+
unrar
I believe the symlink problem is fixed in version 2.0.0~M26-2 but I'd like to
test the apacheds server component more before I'm going to close this bug
report.
Markus
signature.asc
Description: This is a digitally signed message part
Hello,
I wanted to prepare a fix for CVE-2022-48579 in Bullseye and release it via a
bullsye point update. Do you want to take care of the upload instead?
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
Am Samstag, dem 19.08.2023 um 06:13 + schrieb Bastien Roucariès:
> [...]
> No unfortunatly this is transpiled aka compiled by webpack
> see the first line
> export default (function() {
>
> This is make by webpack or rollup that are automated tools. This means that
> this code is transpiled
Am Montag, dem 31.07.2023 um 11:56 + schrieb Bastien Roucariès:
> Source: ublock-origin
> Severity: serious
> Justification: not prefered form of modification
>
> Dear Maintainer,
>
> src/lib include a few library that are already packaged for debian.
>
> per se it is not a serious bug, but
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hello,
[ Reason ]
I would like to update rar in bullseye because it is affected by
CVE-2022-30333. This issue has been fixed in all other suites
Hi,
Am Dienstag, dem 15.08.2023 um 14:52 +0200 schrieb J. Tóth Tamás:
> Hi,
>
> > Please keep the bug report always in CC.
>
> I thought my 8 August mail contains no new information, so it makes no
> sense to spam the BTS with it. But okay, next time (and this time) I’ll
> use Reply All
Hello,
Am Montag, dem 07.08.2023 um 20:22 +0200 schrieb J. Tóth Tamás:
> Hi,
>
> Did you notice my reply sent on 4 July?
Yes, I did. Please keep the bug report always in CC.
> We’d like to gradually upgrade
> to Bookworm, but I don’t want to make sysops’ lives more complicated by
> giving
debian-parl and boxer-data have been updated in unstable thus nothing in Debian
references https-everywhere anymore. It should be ready to be removed now.
signature.asc
Description: This is a digitally signed message part
I have uploaded a new revision of boxer-data and debian-parl to Bookworm now.
This update removes the dependency on webext-https-everywhere. Jonas agreed to
this change.
https://bugs.debian.org/1041350
AFAIK nothing else should prevent the removal of https-everywhere from
Bookworm.
Markus
upload.
+ * Fix class Desktop.web.firefox.harden. No longer install obsolete Firefox
+addon https-everywhere.
+
+ -- Markus Koschany Wed, 19 Jul 2023 00:04:50 +0200
+
boxer-data (10.9.12) unstable; urgency=medium
* add class l10n.mythes.pt.BR since bookworm
Control: forwarded -1 https://git.enlightenment.org/old/legacy-imlib2/issues/17
Thanks for the report!
signature.asc
Description: This is a digitally signed message part
I was unaware about one r-dep that references https-everywhere.
https://bugs.debian.org/1041350
I get back to you as soon as this problem has been resolved.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
rtags 1041348 = rm
> tags 1041348 + bookworm moreinfo
> thanks
>
> On Mon, 2023-07-17 at 21:07 +0200, Markus Koschany wrote:
> > Dear ftp and release team,
> >
>
> Just Release. Reassigning and fixing up the metadata.
Perhaps we should change the reportbug template
Package: parl-desktop
Version: 1.9.31
Severity: important
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
the addon https-everywhere has become obsolete. Nowadays all major
browsers offer native support for HTTPS only mode. I have requested the
removal of https-everywhere from Debian and your
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: debian-rele...@lists.debian.org, a...@debian.org
Dear ftp and release team,
please remove https-everywhere from stable. This addon for Firefox and
Chromium has become obsolete because major browsers offer native
support for HTTPS only mode
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: a...@debian.org
Dear ftp team,
please remove https-everywhere from Debian. This addon for Firefox and
Chromium has become obsolete because major browsers offer native
support for HTTPS only mode now.
Hi,
Am Montag, dem 17.07.2023 um 17:41 +0200 schrieb michel:
> Package: webext-https-everywhere
> Severity: wishlist
> Tags: upstream
> X-Debbugs-Cc: okgomdjgbm...@gmail.com
>
> Dear Maintainer,
>
>
>
> https-everywhere is obsolete, it was sunset january 2023. It seams you forgot
> about it.
Am Montag, dem 03.07.2023 um 18:28 +0200 schrieb Tamás J.Tóth:
>
>
> The web app doesn't load. The Tomcat log contains the following:
>
> WARNING [main] org.apache.catalina.startup.HostConfig.migrateLegacyApp
> Migration failure
> java.lang.NoClassDefFoundError:
Control: tags -1 moreinfo
> deploy .war in tomcat10
> got errors from tomcat10 in "journalctl -f"
>
> * What exactly did you do that was effective ?
>
> change tomcat user home in /etc/passwd to /var/lib/tomcat10
>
> * What was the outcome of this action?
>
> Problem solved
You most
Control: severity -1 grave
Control: tags -1 help
Am Sonntag, dem 18.06.2023 um 04:23 + schrieb Zach:
> File "/usr/share/games/renpy/renpy/sl2/slast.py", line 84, in compile_expr
> return compile(expr, filename, "eval", flags, 1)
> ValueError: AST node line range (628, 1) is not valid
Package: gnome-control-center
Version: 1:43.4.1-1
Severity: normal
X-Debbugs-Cc: a...@debian.org
I just installed GNOME 3 on a Lenovo X280 and X230i Thinkpad. I used the most
recent Debian installer as of 10.06.2023 which was still an RC candidate for
Bookworm.
Open the gnome-control-center,
> We think this will be fixed in gnome-control-center 42.4 (not released yet).
FTR: This is still a problem in Bookworm (43.4.1). Just did a clean GNOME 3
installation with the Debian installer and as soon as I click on the Sharing
menu item in gnome-control-center, the whole application
Hi Andreas,
Am Donnerstag, dem 08.06.2023 um 18:05 +0200 schrieb Andreas Beckmann:
> Hi Markus,
>
> you took care of fixing this bug in stretch-lts. Can you look into
> fixing this in buster-lts, too? Right now buster(-lts) has a lower
> version than stretch-lts.
Thanks! I'll take care of
Thanks for your help and explanations Max. I am going to release an updated
version for Buster soon. Apparently I somehow missed the
io_kpse_check_permissions function despite following the "Patching older
versions" paragraph.
Best,
Markus
signature.asc
Description: This is a digitally
Am Mittwoch, dem 31.05.2023 um 14:41 +0200 schrieb Andreas Beckmann:
> On 31/05/2023 14.26, Markus Koschany wrote:
> > Hello Andreas,
> >
> > Neither fig2dev or transfig are supported in jessie-elts anymore. I
> > appreciate
> > the report though. Since Stretch i
Hello Andreas,
Neither fig2dev or transfig are supported in jessie-elts anymore. I appreciate
the report though. Since Stretch is no longer supported by Debian I believe
this issue is no longer actionable by the maintainer.
Regards,
Markus
signature.asc
Description: This is a digitally
Hi Hilmar,
Am Dienstag, dem 30.05.2023 um 23:32 +0200 schrieb Preuße, Hilmar:
> On 30.05.2023 20:37, Salvatore Bonaccorso wrote:
>
> Hi Salvatore, hi Markus,
>
> > No, buster is under LTS support which does not have point releases.
> > But as I understand this is a regression from DLA
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: a...@debian.org
Please unblock package closure-compiler
[ Reason ]
It turned out that closure-compiler would not function correctly with
the latest version of librhino-java
.
+(Closes: #1034824)
+
+ -- Markus Koschany Sat, 27 May 2023 17:51:32 +0200
+
tomcat9 (9.0.70-1) unstable; urgency=medium
* New upstream release
diff -Nru tomcat9-9.0.70/debian/control tomcat9-9.0.70/debian/control
--- tomcat9-9.0.70/debian/control 2022-12-05 16:29:55.0
to libtomcat10-java. For now Jetty 9 only works correctly
+with libtomcat9-java. (Closes: #1036798)
+
+ -- Markus Koschany Sat, 27 May 2023 16:28:19 +0200
+
jetty9 (9.4.50-3) unstable; urgency=medium
* Team upload.
diff -Nru jetty9-9.4.50/debian/control jetty9-9.4.50/debian/control
--- jetty9-9.4.50
Am Donnerstag, dem 25.05.2023 um 19:22 -0700 schrieb Daniel Markstedt:
> [...]
> Thank you very much for taking swift action on this!
> Please forgive my ignorance here, but are these patches active already
> if I apt install netatalk (3.1.12~ds-3+deb10u1) on Buster?
> Or do they have to be picked
Am Freitag, dem 26.05.2023 um 21:44 +0200 schrieb Emmanuel Bourg:
>
> The changes to jetty9 have to be reverted too, the package is broken
> (#1036798).
>
> Sadly we can't do without tomcat9. The path forward implies packaging
> Jetty 11 or 12 first and migrating all the reverse dependencies,
Hi,
I have just rebuilt all reverse-dependencies of closure-compiler again,
ckbuilder and ckeditor also build fine now. Thus the upload of ckbuilder
2.4.3+dfsg-2 was successful.
> Should we clone this bug to ensure we have a proper (tracking) solution
> after the bookworm release. If binaries
Hi,
> Markus, can you please revert you logback change by tomorrow at the latest?
Sure. I will take care if it.
Do I understand you correctly, that we only ship libtomcat9-java in Bookworm
now? Shall I upload a new revision of tomcat9 too?
Regards,
Markus
signature.asc
Description: This is
First of all trapperkeeper-webserver-jetty9-clojure should add a build-
dependency on logback to detect such regressions in advance.
#1036250 is mainly a logback problem, not a tomcat problem. I still would like
to hear Emmanuel's opinion. We still could revert to libtomcat9-java, if we
don't
Sorry, that should have been #1036249.
signature.asc
Description: This is a digitally signed message part
Control: tags -1 patch
Hello,
I have been working on #1036159 and before I go ahead with my solution I would
like to hear your opinion whether this is acceptable.
Apparently closure-compiler embeds rhino classes and thus every time rhino is
updated, closure-compiler must be rebuilt too. I did
Source: ckbuilder
Version: 2.4.3+dfsg-1
Severity: serious
X-Debbugs-Cc: a...@debian.org
ckbuilder must be rebuilt against rhino 1.7.14. This is a no-change
rebuild. Otherwise ckeditor will continue to FTBFS. This was already
reported in #1026639. This issue has also been reported upstream as
Hello Daniel,
Am Donnerstag, dem 25.05.2023 um 08:02 +0200 schrieb Salvatore Bonaccorso:
> >
> > These two commits in upstream addressed this:
> > https://github.com/Netatalk/netatalk/commit/9d0c21298363e8174cdfca657e66c4d10819507b
> >
I have identified the rhino upstream commit which caused the FTBFS in closure-
compiler. If I revert said commit in rhino, then closure-compiler builds from
source without any additional patches needed.
https://github.com/mozilla/rhino/commit/fb77164ac4889ffa4be26d5d24cb538a8dbd632b
However I
reopen 1036249
thanks
The missing source files have been included with revision -14. Apparently
closure-compiler embeds rhino classes but renames them to avoid conflicts.
There is still a parsing error when closure-compiler tries to optimize
Javascript files at runtime. E.g. ERROR - Parse error.
FTBFS with latest Jetty and Logback
+versions in Debian. (Closes: #1036250)
+ * Work around a test failure by disabling request-logging-test.
+(Closes: #1034855)
+
+ -- Markus Koschany Fri, 19 May 2023 15:19:10 +0200
+
trapperkeeper-webserver-jetty9-clojure (4.4.1-5) unstable; urgency
) unstable; urgency=medium
+
+ * Add noiz2sa.maintscript: Handle symlink to directory conversion.
+Thanks to Andreas Beckmann for the report. (Closes: #1035632)
+
+ -- Markus Koschany Sun, 14 May 2023 15:10:17 +0200
+
noiz2sa (0.51a-12) unstable; urgency=medium
* d/control: Add Vcs fields.
Am Mittwoch, dem 17.05.2023 um 12:24 +0200 schrieb david:
> Package: visualvm
> Version: Version 2.1.5 doesn't work with Java 17
> Severity: normal
>
> Dear Maintainer,
>
> I have installed visualvm with Java 17 configured. The app doesn't work in
> its
> installed version. Trying 2.1.6,
have DejaVuSans which is the
+better alternative. (Closes: #1020237)
+ * Remove the symlinks to gsfonts-x11 fonts.
+ * Rename VeraBd.ttf symlink to DejaVuSans-Bold.ttf.
+
+ -- Markus Koschany Mon, 15 May 2023 00:44:03 +0200
+
pokerth (1.1.2-1.1) unstable; urgency=medium
* Non-maintainer
Control: tags -1 patch
Hi,
bazel-bootstrap already build-depends on libgeronimo-annotation-1.3-spec-java.
The fix is trivial. Patch is attached.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
1 - 100 of 3519 matches
Mail list logo
