Bug#956276: runescape: downloads unverified binary and runs it

fication is done. Could you quote the relevant part of Debian Policy, that requires verification (and what kind of verification) of downloaded files. Is downloading of verified orig tarballs now a requirement or is it still just sufficient to download the tarball and verify its integrity b

Bug#956268: Problems identified in debian/copyright

he sources. The changelog copies in debian/upstream were the last time we could extract the information without any issues. Markus Koschany signature.asc Description: OpenPGP digital signature

Bug#937302: playonlinux: Python2 removal in sid/bullseye

Am 08.04.20 um 16:20 schrieb Scott Talbert: [...] > So, I took an initial look at trying to package Phoenicis, but it looks > like a rather large task (ie, lots of missing dependencies). > > On the other hand, I looked at the Python code, and at first glance, it > doesn't look like it would be *

Bug#955755: mediathekview fails to start with openjdk-11-jre version 11.0.7+9-1

Control: retitle -1 commons-text.jar is missing on the CLASSPATH of libcommons-configuration2-java Control: reassign -1 libcommons-configuration2-java Control: severity -1 serious Hi, Am 04.04.20 um 18:40 schrieb Michel Messerschmidt: > Package: mediathekview > Version: 13.2.1-3 > Severity: impo

Bug#955510: buster-pu: package jsp-api/2.3.4-2

-04-01 21:06:44.0 +0200 @@ -1,3 +1,11 @@ +jsp-api (2.3.4-2+deb10u1) buster; urgency=medium + + * Team upload. + * Change Breaks and Replaces for libservlet3.1-java to << 9 and fix dpkg +error when upgrading tomcat 8 from Stretch to Buster. + + -- Markus Koschany Wed, 01 Apr 2

Bug#955509: buster-pu: package websocket-api/1.1-1

ngelog 2020-04-01 21:11:54.0 +0200 @@ -1,3 +1,11 @@ +websocket-api (1.1-1+deb10u1) buster; urgency=medium + + * Team upload. + * Change Breaks and Replaces for libservlet3.1-java to << 9 and fix dpkg +error when upgrading tomcat 8 from Stretch to Buster. + + -- Markus Koschany

Bug#955508: buster-pu: package el-api/3.0.0-2

-01 20:59:11.0 +0200 @@ -1,3 +1,11 @@ +el-api (3.0.0-2+deb10u1) buster; urgency=medium + + * Team upload. + * Change Breaks and Replaces for libservlet3.1-java to << 9 and fix dpkg +error when upgrading tomcat 8 from Stretch to Buster. + + -- Markus Koschany Wed, 01 Apr 2020 20

Bug#947844: Same bug!

Am 28.03.20 um 17:53 schrieb Ronny Buelund: > I have also experinced the exact same bug. Upgrading from a fresh Debian > 9 install. Any chance of getting this fixed ?? I will upload new packages to stable-proposed tomorrow but it may take a few days until they will be accepted. signature.asc De

Bug#943027: fretsonfire: Python2 removal in sid/bullseye

on the Linux >> kernel, systemd, and some GNU tools only, that's the universal operating >> system for you kids. > > you may want to watch your tone, it's becoming inappropriate and > definitely unhelpful. I find that funny when I have told you in a private email be

Bug#943027: fretsonfire: Python2 removal in sid/bullseye

Am 27.03.20 um 22:41 schrieb Moritz Mühlenhoff: [...] > I agree. It's unreasonable to block this removal further. fretsonfire > is not a standalone package, but a part of a long chain of packages > affected by the Py2 removal and this can't wait longer. I completely disagree here. Fretsonfire is

Bug#954863: stretch-pu: package checkstyle/6.15-1

+External Entity (XXE) injection. (Closes: #924598) + + -- Markus Koschany Tue, 24 Mar 2020 13:18:16 +0100 + checkstyle (6.15-1) unstable; urgency=medium * Team upload. diff -Nru checkstyle-6.15/debian/patches/CVE-2019-9658-and-CVE-2019-10782.patch checkstyle-6.15/debian/patches/CVE

Bug#954862: buster-pu: package checkstyle/8.15-1

+External Entity (XXE) injection. (Closes: #924598) + + -- Markus Koschany Tue, 24 Mar 2020 14:03:07 +0100 + checkstyle (8.15-1) unstable; urgency=medium * Team upload. diff -Nru checkstyle-8.15/debian/patches/CVE-2019-9658-and-CVE-2019-10782.patch checkstyle-8.15/debian/patches/CVE-2019

Bug#937302: playonlinux: Python2 removal in sid/bullseye

hat we need to do in order to get phoenicis into Debian. There is a tool called mh_make that helps to create a preliminary debian directory. http://collab.debian.net/portal/planet-debian/markus-koschany-pdfsam-how-to-upgrade-a-maven-application-for-debian It is by far not perfect but it might help

Bug#937302: playonlinux: Python2 removal in sid/bullseye

Am 02.03.20 um 23:46 schrieb Scott Talbert: [...] > Because it is preventing Python 2 removal work.  Python 2 removal is a > long process, involving nearly 3500 packages [1].  It is not happening > in one instant, but gradually over time.  At the moment, playonlinux is > a leaf package from a Pytho

Bug#937302: playonlinux: Python2 removal in sid/bullseye

Am 02.03.20 um 03:03 schrieb Scott Talbert: > On Sat, 29 Feb 2020, Bertrand Marc wrote: > >>> On Thu, 30 Jan 2020, Scott Talbert wrote: What is the games team plan for Python 3 support in playonlinux?  Do you plan to port it to Python 3?  Or remove? >> >> I don't plan to port playo

Bug#941900: Build problem with 3.3.0

Hi Russell, Am 29.02.20 um 11:42 schrieb Russell Coker: > I'm just trying to get 3.3.0 to build and I'm stuck on the micro-ECC part. > The latest version of Warzone2100 in Unstable has patches to remove use of > the > 3rdparty directory. But it seems that we don't have Micro ECC (uECC.h) by

Bug#952049: pekka-kana-2: FTBFS: SDL_image.h:100:24: error: missing binary operator before token "("

Hi Carlos, I have uploaded pekka-kana-2 to unstable. The pristine-tar commit for version 1.2.6 was missing. Please don't forget to include it next time. Regards, Markus signature.asc Description: OpenPGP digital signature

Bug#951943: blockattack: FTBFS: SagoDataHolder.hpp:26:10: fatal error: SDL_mixer.h: No such file or directory

Hi Simon, thanks for the patch, very helpful. I have forwarded it upstream to https://github.com/blockattack/blockattack-game/issues/23 Regards, Markus signature.asc Description: OpenPGP digital signature

Bug#951281: FTBFS: /usr/bin/ld: cannot find -lpthreads

On Wed, 19 Feb 2020 22:24:05 +0200 Juhani Numminen wrote: > Markus Koschany kirjoitti 19.2.2020 klo 20.32: > > Hello Juani, > > > > Am 15.02.20 um 09:49 schrieb Juhani Numminen: > > [...] > >> Markus, you have made team uploads of widelands before. I wonder i

Bug#951281: FTBFS: /usr/bin/ld: cannot find -lpthreads

Hello Juani, Am 15.02.20 um 09:49 schrieb Juhani Numminen: [...] > Markus, you have made team uploads of widelands before. I wonder if you > could make an upload that adds the patch? Could you adjust the patch to use the same mechanism to find SDL2 as in openjk? https://salsa.debian.org/games-te

Bug#950436: RM: pyblosxom -- ROM; no longer actively maintained

Package: ftp.debian.org Severity: normal Dear ftp team, please remove pyblosxom from Debian. The blog compiler is Python 2 only and upstream is no longer actively maintaining this software. We have several good alternatives in Debian like Hugo or Jekyll to compensate for the removal. Thanks, Ma

Bug#937393: pyblosxom: Python2 removal in sid/bullseye

According to upstream's notice on http://pyblosxom.github.io/, Pyblosxom is no longer in active development. There was the attempt to port it to Python 3 but this one was never completed. Nowadays we have several good alternatives in Debian that achieve the same thing, e.g. hugo or jekyll. I belie

Bug#943027: fretsonfire: Python2 removal in sid/bullseye

Am 01.02.20 um 17:06 schrieb Steve Cotton: > On Sat, Feb 01, 2020 at 04:06:56PM +0100, Markus Koschany wrote: >> Please don't remove any games from Debian because of the Python 2 >> removal and try to port the games to Python 3 instead. For instance >> Bernhard has

Bug#943027: fretsonfire: Python2 removal in sid/bullseye

Hello, Am 01.02.20 um 05:09 schrieb Sandro Tosi: > Hello everyone, > > On Wed, 23 Oct 2019 02:33:25 + mo...@debian.org wrote: >> Source: fretsonfire >> Version: 1.3.110.dfsg2-5 >> Severity: normal >> Tags: sid bullseye >> User: debian-pyt...@lists.debian.org >> Usertags: py2removal > > what

Bug#949479: RM: libxmlrpc3-java -- ROM; EOL,unsupported,RC buggy

Package: ftp.debian.org Severity: normal Dear ftp team, please remove libxmlrpc3-java from Debian. The package is no longer actively maintained by upstream and affected by CVE-2019-17570. There are no reverse-dependencies. Regards, Markus

Bug#949089: libxmlrpc3-java: CVE-2019-17570: deserialization of server-side exception from faultCause in XMLRPC error response

Hi Salvatore, Am 17.01.20 um 06:31 schrieb Salvatore Bonaccorso: [...] > The patch proposed by Red Hat looks straightforward (with my limited > understanding though), but might have as well potential for regression > reports, as it is disabling deserialization by default, i.e. only uses > it if is

Bug#949188: starjava-topcat: Please remove unneeded build-dependency on libxmlrpc3-client-java

Source: starjava-topcat Version: 4.7-1 Severity: important Hi, please remove the build-dependency on libxmlrpc3-client-java because libxmlrpc3-java is EOL, no longer supported by upstream, affected by CVE-2019-17570 and should be removed from Debian. starjava-topcat is the only reverse-dependency

Bug#949089: libxmlrpc3-java: CVE-2019-17570: deserialization of server-side exception from faultCause in XMLRPC error response

Hi, Am 16.01.20 um 21:27 schrieb Salvatore Bonaccorso: > Source: libxmlrpc3-java > Version: 3.1.3-9 > Severity: grave > Tags: security upstream > Justification: user security hole > > Hi, > > The following vulnerability was published for libxmlrpc3-java. > > CVE-2019-17570[0]: > | Deserializati

Bug#949089: libxmlrpc3-java: CVE-2019-17570: deserialization of server-side exception from faultCause in XMLRPC error response

Control: owner -1 ! More information and proposed patch at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570 signature.asc Description: OpenPGP digital signature

Bug#923795: /etc/cron.daily/tomcat7: compresses “live” logfiles

Hello, Am 15.01.20 um 18:10 schrieb Sylvain Beucler: > Hello Thorsten, > > I'm working on a tomcat7 security-only update, and checking the pending > bugs. > > /etc/cron.daily/tomcat7 uses the "copytruncate" method, which normally > should handle this situation, where it's not possible/wanted to

Bug#948760: berusky2: Compile without warnings

Am 13.01.20 um 22:26 schrieb Bernhard Übelacker: > Hello Asher, > maybe you want to incorporate the changes given here: >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944431#31 > Unfortunately I was too late there. > > Then the call to e.g. SetThreadPriority would not needed to get > comme

Bug#948760: berusky2: Compile without warnings

Am 13.01.20 um 03:56 schrieb Asher Gordon: > Package: berusky2 > Version: 0.10+git20170630-3 > Severity: normal > Tags: patch > > Dear Maintainer, > > Currently when Berusky2 is compiled it generates a *lot* of compile > warnings, some of which seem serious. I've fixed all these warnings and >

Bug#948024: undertow: CVE-2019-19343

Hi, On Fri, 03 Jan 2020 13:34:55 +0100 Salvatore Bonaccorso wrote: > Source: undertow > Severity: important > Tags: security upstream > > Hi! > > For undertow, there was CVE-2019-19343 assigned, which refers to > https://bugzilla.redhat.com/show_bug.cgi?id=1780445 only. The provided > inforamti

Bug#948235: libhibernate-validator-java: CVE-2019-10219

Package: libhibernate-validator-java X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libhibernate-validator-java. CVE-2019-10219[0]: | A vulnerability was found in Hibernate-Validator. The SafeHtml | validator annotation

Bug#948231: fontforge: CVE-2020-5395 CVE-2020-5496

Package: fontforge X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for fontforge. CVE-2020-5395[0]: | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in | sfd.c. CVE-2020-5496[1]: | FontForge 20190801 has

Bug#948222: supertuxkart: new upstream 1.1

Control: severity -1 wishlist Control: tags -1 pending signature.asc Description: OpenPGP digital signature

Bug#948224: pillow: CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313

Package: pillow X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for pillow. It appears they are fixed in version 6.2.2. CVE-2020-5310[0]: | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding | integer overflow

Bug#948180: found 948180 in 4.1.2+dfsg-5, closing 948180

Am 05.01.20 um 13:39 schrieb Salvatore Bonaccorso: > Hi Markus, > > On Sun, Jan 05, 2020 at 01:26:37PM +0100, Markus Koschany wrote: >> Am 05.01.20 um 06:44 schrieb Salvatore Bonaccorso: >>> found 948180 4.1.2+dfsg-5 >>> close 948180 4.2.0+dfsg-1 >>>

Bug#948180: found 948180 in 4.1.2+dfsg-5, closing 948180

Am 05.01.20 um 06:44 schrieb Salvatore Bonaccorso: > found 948180 4.1.2+dfsg-5 > close 948180 4.2.0+dfsg-1 > thanks You could have kept the bug report open until the issue is really fixed in unstable. I didn't see the new version in experimental until after I filed the bug report but sometimes suc

Bug#948180: opencv: CVE-2019-5063 and CVE-2019-5064

Package: opencv X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for opencv. CVE-2019-5064[0]: | An exploitable heap buffer overflow vulnerability exists in the data | structure persistence functionality of OpenCV, version 4.1

Bug#947844: libservlet3.1-java: 8.5.50-0+deb9u1 breaks upgrades to Buster

Hello, Am 31.12.19 um 16:33 schrieb Colomban Wendling: [...] > The reason seems to be that files from this package migrated to other > packages in Buster, but at an earlier version than 8.5.50-0+deb9u1 > (looks like the move happenend in 8.5.35-3~, according to the Breaks > in the now-broken packa

Bug#947143: RFS: wordpress/5.3.2+dfsg1-0.1 [NMU] [RC] -- weblog manager

Hello Niels, Am 23.12.19 um 15:04 schrieb DebBug: > Anyone to chime in? Craig? Markus? There is a bit of confusion here, so I try to explain the situation and how we should proceed. Thank you for filing bug report #947212 to track the security issues in Wordpress. This will help to answer those

Bug#919963: One more reason to remove that package

On Sat, 14 Dec 2019 18:17:01 + Maksim Svobonas wrote: > One more reason to remove that package is here in the comments: > https://github.com/ib/xarchiver/commit/d0575bcd1321dd0d7b47c242bd355e69067752c6 > > Upstream breaks functionality and does not care about LTS distros like Debian. There is

Bug#946651: buster-pu: package dispmua/1.8.2-1

Am 13.12.19 um 01:09 schrieb Adam D. Barratt: > On Fri, 2019-12-13 at 00:08 +0100, Markus Koschany wrote: >> >> Am 12.12.19 um 23:37 schrieb Adam D. Barratt: >>> Control: tags -1 + moreinfo >>> >>> On Thu, 2019-12-12 at 21:52 +0100, Markus Koschany wro

Bug#946651: buster-pu: package dispmua/1.8.2-1

Am 12.12.19 um 23:37 schrieb Adam D. Barratt: > Control: tags -1 + moreinfo > > On Thu, 2019-12-12 at 21:52 +0100, Markus Koschany wrote: >> I would like to update dispmua in Buster because the current >> Thunderbird addon is incompatible with the latest version of &g

Bug#946654: stretch-pu: package dispmua/1.7.0-2

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hello, I would like to update dispmua in Stretch because the current Thunderbird addon is incompatible with the latest version of Thunderbird. The new version restores the old beha

Bug#946651: buster-pu: package dispmua/1.8.2-1

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hello, I would like to update dispmua in Buster because the current Thunderbird addon is incompatible with the latest version of Thunderbird. The new version restores the old behavi

Bug#946613: Consider making gtk3.22-client the one installed by 'freeciv' package

Hi Stephen, Am 12.12.19 um 17:24 schrieb Stephen Kitt: > Hi Markus, > > On Wed, 11 Dec 2019 23:44:39 +0100, Markus Koschany wrote: >> Am 11.12.19 um 23:38 schrieb Marko Lindqvist: >> [...] >>> Sorry, I didn't mean to file a bug about README.packaging, but abo

Bug#946613: Consider making gtk3.22-client the one installed by 'freeciv' package

Am 11.12.19 um 23:38 schrieb Marko Lindqvist: [...] > Sorry, I didn't mean to file a bug about README.packaging, but about > $subject. I just noticed the error in README.packaging when quoting it > for you, so wanted to clarify the situation. Sorry for the confusion. Hmm, the freeciv binary packa

Bug#946613: Consider making gtk3.22-client the one installed by 'freeciv' package

Hi Marko, Am 11.12.19 um 22:46 schrieb Marko Lindqvist: > Package: freeciv > Version: 2.6.0-4 > > Freeciv doc/README.packaging about the new gtk3.22-client: > "This client suits better for systems with gtk+-3.22 than the > gtk3-client compatible with much older gtk+ versions." > > (Since that

Bug#945107: Fix some more crashes

Hi, On Tue, 19 Nov 2019 16:07:47 -0500 Asher Gordon wrote: > Dear Maintainer, > > I have written a patch to fix some more crashes. This has not been fixed > upstream (although it is the same issue; storing a pointer in an integer > type too small to store a pointer). > > Here is the patch: Tha

Bug#945115: armagetronad does not find itself (and fails to start)

Control: tags -1 pending Am 20.11.19 um 14:45 schrieb Bernhard Übelacker: > Control: tags -1 + upstream fixed-upstream patch > > > Dear Maintainer, > the issue seems to be with newer gcc versions string literals > get not put into memory mappings " r-xp ", > instead they are mapped " r--p ". >

Bug#925337: fixed in ublock-origin 1.22.2+dfsg-1~deb9u1

Hello, You have to enable the -proposed-updates archive in Stretch to download the latest version of ublock-origin. It will be merged to stable eventually. Regards, Markus signature.asc Description: OpenPGP digital signature

Bug#944630: jumpnbump-levels: suggestions for an update of the packaging

Hi, Am 15.11.19 um 12:22 schrieb Fabian Greffrath: > Hi pkg-games, > > Am 13.11.2019 00:50, schrieb Nicolas Boulenguez: >> The obsolete address in Maintainer field should probably be updated to >> something like alioth-lists or lists.debian.org. > > in this context, is there any consent in this

Bug#944431: Segfault on startup

Control: severity -1 serious Control: tags -1 confirmed Am 09.11.19 um 23:48 schrieb Enrico Zini: > Package: berusky2 > Version: 0.10-7 > Severity: normal > > Hello, > > thank you for packaging berusky2. > > I wanted to try the game but it segfaults on startup, after showing the > cinemax > lo

Bug#931640: webext-ublock-origin: confirmation

Am 10.11.19 um 20:36 schrieb wim: > Package: webext-ublock-origin > Version: 1.18.4+dfsg-2 > Followup-For: Bug #931640 > > Hello, > > confirmation: > the extension/addon > is not active or visible in firefox-esr > on the installed addons/extensions page Please disable and reenable the addon an

Bug#931309: Multiple security issues (CVE-2018-14449..14459, CVE-2018-18192..18197)

Hello libgig maintainers and security team, I have verified that all CVE still affect the latest version in Debian. Most of them just lead to a denial of service (application crash). CVE-2018-18193 leads to memory exhaustion and almost completely freezes the system. The heap-based buffer overflows

Bug#941480: mediathekview: Please package the new version of mediathekview

On Wed, 2 Oct 2019 15:55:20 +0200 Markus Koschany wrote: > Hello, > > Am 02.10.19 um 11:37 schrieb Eike Fokken: > > Dear Markus, > > > > thanks for the explanation, sounds tedious to package, thanks for your > > trouble! > > For the workaround: I can fin

Bug#942349: buster-pu: package ublock-origin/1.18.4+dfsg-2

Am 26.10.19 um 18:38 schrieb Adam D. Barratt: > On Sat, 2019-10-26 at 16:35 +0200, Markus Koschany wrote: >> >> Am 26.10.19 um 16:27 schrieb Adam D. Barratt: >> [...] >>> What does the binary debdiff for that look like? >> >> The debdiff is 6 MB. It

Bug#943564: stretch-pu: package ublock-origin/1.16.14+dfsg-2~deb9u1

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu similar to ublock-origin's buster-pu, there must be a pu for Stretch as well. See https://bugs.debian.org/942349 for further information. The dependency on fonts-font-awesome has b

Bug#942349: buster-pu: package ublock-origin/1.18.4+dfsg-2

Am 26.10.19 um 16:41 schrieb Adam D. Barratt: > On Sat, 2019-10-26 at 16:35 +0200, Markus Koschany wrote: >> >> Am 26.10.19 um 16:27 schrieb Adam D. Barratt: >> [...] >>> What does the binary debdiff for that look like? >> >> The debdiff is 6 MB. It

Bug#942349: buster-pu: package ublock-origin/1.18.4+dfsg-2

Am 26.10.19 um 16:27 schrieb Adam D. Barratt: [...] > What does the binary debdiff for that look like? The debdiff is 6 MB. It consists mostly of translation updates and changes to the various ad blocker lists. > >> If you agree with the backport I will upload >> >> 1.22.2+dfsg-1~deb10u1 to Bus

Bug#942507: pdfsam: Not working due to multiple errors

Control: severity -1 important I'm downgrading this issue to important because pdfsam in testing is not affected. As long as hibernate-validator 5.x does not migrate to testing, before this bug is fixed in unstable, it should not be a problem signature.asc Description: OpenPGP digital signatur

Bug#931640: webext-ublock-origin: no longer functional in firefox-esr

isable and then re-enable the addon. Markus Koschany signature.asc Description: OpenPGP digital signature

Bug#925337: webext-ublock-origin: deactivated with Firefox 66

Control: block 943470 by 942349 Hello, Am 25.10.19 um 01:49 schrieb Jens Rottmann: > Ping. > > As Jonas anticipated, regression in Stable: ublock no longer works after > Firefox ESR updated to 68. > > Thanks and best regards, > Jens The testing version of ublock-origin is pending approval by t

Bug#943439: src:asc: Please update/remove libwxgtk3.0-dev build-dependency

Hi Olly, Am 24.10.19 um 21:31 schrieb Olly Betts: > Package: src:asc > Version: 2.6.1.0-5 > Severity: serious > Justification: blocks the almost-complete wxwidgets3.0-gtk3 transition [...] Thanks for reporting. I have uploaded a new revision of asc that uses libwxgtk3.0-gtk3-dev instead of libwx

Bug#943443: retroarch: screensaver/power management issue should build with --enable-dbus

Package: retroarch Version: 1.7.3+dfsg1-1 Severity: normal Forwarded: https://github.com/libretro/RetroArch/issues/7472 I am hereby forwarding a bug report from Guo Yunhe, 24.10.2019 on pkg-games-devel to the BTS. " Greetings from openSUSE! I found that here is a power management issue with Retr

Bug#942814: libhibernate-validator-java: update to 5.3.6 breaks reverse-dependencies

Package: libhibernate-validator-java Version: 5.3.6-1 Severity: serious The update of libhibernate-validator-java to version 5.3.6. broke at least pdfsam (#942507) and libspring-java. The new version is incompatible with libgeronimo-validation-1.0-spec-java and requires libgeronimo-validation-1.1-

Bug#942507: pdfsam: Not working due to multiple errors

Control: tags -1 confirmed On Thu, 17 Oct 2019 12:41:57 +0200 Domenico Cufalo wrote: > Package: pdfsam > Version: 4.0.4-1 > Severity: grave > Justification: renders package unusable > > Dear Maintainer, > > I'm sorry for the generic subject of this bug report, but... I don't know how > to expla

Bug#935669: assaultcube-data (1.2.0.2.1-3) in enabled autobuilding

Hi, Am 17.10.19 um 01:53 schrieb Carlos Donizete Froes: > Hi, > > The assaultcube-data (1.2.0.2.1-3) package includes "XS-Autobuild: yes" in the > header portion of "debian/control"[1] and the disclaimer compliance with the > licenses contained in "debian/copyright"[2] where It's okay to create t

Bug#942315: tcpdump: Version in oldoldstable is higher than oldstable and stable

Hello, Am 16.10.19 um 20:30 schrieb Romain Francoise: > Hi Guillem, > > On Mon, Oct 14, 2019 at 3:45 PM Guillem Jover wrote: >> With the latest upload to oldoldstable-security, the versions in >> oldstable and stable are now lower. This means that upgrades will >> not take effect for this packag

Bug#906565: wordpress: CVE-2018-14028

Hello Craig, while I was preparing a Wordpress update for Jessie I discovered that CVE-2018-14028 has not been fixed yet. The upstream ticket is still open https://core.trac.wordpress.org/ticket/44710 and there was no mention of a fix in the release changelog of version 4.9.8. https://wordpress

Bug#942349: buster-pu: package ublock-origin/1.18.4+dfsg-2

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hello release team, there will be a new Firefox ESR version in Buster and Stretch soon. Unfortunately the popular Firefox/Chromium addon ublock-origin in Buster and Stretch will not

Bug#942019: Assembling an .apk fails with: Invalid file name: must contain only [a-z0-9_.]

Control: reassign -1 aapt Control: affects -1 apktool On Wed, 09 Oct 2019 06:23:00 + Georg Koppen wrote: > Package: apktool > Version: 2.4.0-1 > > When using apktool to assemble a .apk after decompiling it I get the > following error: Hello, thanks for the detailed bug report. I believe th

Bug#941027: transition: bullet

Am 12.10.19 um 15:46 schrieb Emilio Pozuelo Monfort: > Control: tags -1 confirmed [...] > Please go ahead. > > Emilio Uploaded to unstable, thanks. Markus signature.asc Description: OpenPGP digital signature

Bug#941687: lablie: FTBFS with jackson-databind 2.10.0

Hello Miroslav, Am 07.10.19 um 09:36 schrieb Miroslav Kravec: > Hello Markus, > > thank you for informing about this issue. Is this blocking you? Are > you releasing a new version of jackson databind to Debian? > > Kind regards, > Miro Not at all. I had to package a new release of jackson-datab

Bug#941530: jackson-databind: CVE-2019-16942 CVE-2019-16943

Control: clone 941530 -1 Control: retitle -1 jackson-databind: consider using a whitelist Control: severity -1 wishlist Hi, Am 02.10.19 um 09:43 schrieb Salvatore Bonaccorso: [...] > Whilst I'm not yet sure if we should really release a futher DSA for > jackson-databind (we will come back to you

Bug#941480: mediathekview: Please package the new version of mediathekview

Hello, Am 02.10.19 um 11:37 schrieb Eike Fokken: > Dear Markus, > > thanks for the explanation, sounds tedious to package, thanks for your > trouble! > For the workaround: I can find no such setting, can you direct me to it in > detail? > > Best > > Eike You can disable the search for new ve

Bug#941530: jackson-databind: CVE-2019-16942 CVE-2019-16943

Hi Salvatore, Am 01.10.19 um 22:34 schrieb Salvatore Bonaccorso: > Source: jackson-databind > Version: 2.10.0-1 > Severity: grave > Tags: security upstream > Justification: user security hole > Forwarded: https://github.com/FasterXML/jackson-databind/issues/2478 > Control: found -1 2.9.8-3 > Contr

Bug#941480: mediathekview: Please package the new version of mediathekview

Hello, Am 01.10.19 um 11:53 schrieb Eike Fokken: > Package: mediathekview > Version: 13.2.1-3 > Severity: wishlist > > Dear Maintainer, > > mediathekview tells me with a popup window, that I should update to the newest > version. > The current version is 13.2.1. > The new version advertised by t

Bug#874870: Version 2.x is qt5-based

Hello, Am 29.09.19 um 22:38 schrieb Moritz Mühlenhoff: > On Sun, Mar 18, 2018 at 09:11:24PM -0300, Lisandro Damián Nicanor Pérez Meyer > wrote: >> Hi! Version 2.x is qt5-based. Please check if you can update this game. Feel >> free to ask for help with Qt5 if needed. > > It's been 1.5 years and

Bug#925078: Please do a NMU of sgt-puzzles

Hello, Am 29.09.19 um 07:44 schrieb Сергей Трофимов: > Seems that the freeze has ended. Maybe now it's the time? > > On Thu, 6 Jun 2019 at 23:10, Philipp Kern > wrote: > > On 6/6/2019 1:07 PM, Moshe Piekarski wrote: > > On 6/6/19 6:41 AM, Sergey Trofimov wrote:

Bug#940498: jackson-databind: CVE-2019-14540 CVE-2019-16335

Control: tags -1 pending On Mon, 16 Sep 2019 15:14:37 +0200 Salvatore Bonaccorso wrote: > Source: jackson-databind > Version: 2.9.9.3-1 > Severity: grave > Tags: security upstream > Justification: user security hole [...] > p.s.: wondering where that will going to end ;-) Hi, I also think it

Bug#929475: "webext-privacy-badger" should only recommend "fonts-open-sans"

sans fonts is used by upstream and shipped with the upstream sources. We just replace it with a system fonts to reduce the fonts duplication in Debian. The intention is really to display the firstRun page with this fonts and not with something else and to ensure that we have to depend on fonts-open-sans. This is not a bug. Regards, Markus Koschany signature.asc Description: OpenPGP digital signature

Bug#941315: atomix: Please update to 3.34.0

Am 28.09.19 um 20:11 schrieb Jeremy Bicha: > On Sat, Sep 28, 2019 at 1:58 PM Markus Koschany wrote: >> Am 28.09.19 um 16:47 schrieb Jeremy Bicha: >>> Source: atomix >>> Version: 3.32.1-1 >>> Severity: wishlist >>> >>> atomix 3.34.0 has

Bug#941315: atomix: Please update to 3.34.0

Am 28.09.19 um 16:47 schrieb Jeremy Bicha: > Source: atomix > Version: 3.32.1-1 > Severity: wishlist > > atomix 3.34.0 has been released. Please upload this version to Unstable. > > https://gitlab.gnome.org/GNOME/atomix/blob/master/NEWS > https://gitlab.gnome.org/GNOME/atomix/commits/master > >

Bug#941027: transition: bullet

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I would like to request a transition slot for Bullet 2.88 which is already available in experimental. The affected reverse-dependencies are: * cyphesis-cpp * efl * gazebo * hkl * kido *

Bug#940557: apache-pom: typo in artifactId apache.

Am 17.09.19 um 12:20 schrieb Emmanuel Bourg: > Le 17/09/2019 à 11:50, Markus Koschany a écrit : > >> There is a typo in apache-pom's artifactId. It should be just apache >> without the dot (apache.) It could be that packages fail to find some >> of the files. >

Bug#940557: apache-pom: typo in artifactId apache.

Source: apache-pom Version: 18-1 Severity: normal There is a typo in apache-pom's artifactId. It should be just apache without the dot (apache.) It could be that packages fail to find some of the files. /usr/share/doc/libapache-pom-java/changelog.Debian.gz /usr/share/doc/libapache-pom-java/copyri

Bug#939782: sweethome3d: Crash on draw

Control: retitle -1 nouveau_dri.so: SIGSEGV crashes sweethome3d Control: reassign -1 libgl1-mesa-dri Hello, Am 08.09.19 um 20:23 schrieb Bardot Jerome: > Package: sweethome3d > Version: 6.2+dfsg-1 > Severity: important > > Dear Maintainer, > > When i try to draw a wall SH3D crash. > > The cons

Bug#918754: bash: $PATH in bash does not include /sbin and /usr/sbin

This is a new behavior because the util-linux implementation of su is used now. See also /usr/share/doc/util-linux/NEWS.Debian.gz for more information. "If you want to restore behaviour more similar to the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs." Markus signature.a

Bug#939432: buster-pu: package lucene-solr/3.6.2+dfsg-20

/system/jetty9.service.d/ and +override read-only permissions of Jetty9 which will allow the service to +start out-of-the-box again. +Thanks to Stephan Beirer for the report. (Closes: #933854, #933857) + + -- Markus Koschany Wed, 04 Sep 2019 22:30:29 +0200 + lucene-solr (3.6.2+dfsg-20

Bug#874809: [alsoft-conf] Future Qt4 removal from Buster

Hi, Am 02.09.19 um 20:56 schrieb Moritz Mühlenhoff: [...] > alsoft-conf is dead upstream, does anyone in the Debian Games Team intend to > port it themselves? Otherwise I'll file a removal bug. I'm fine with removing alsoft-conf from Debian. There was only one initial upload by the actual uploade

Bug#933715: jh_linkjars: dpkg -L "debhelper-compat" returned exit code 1

Am 02.09.19 um 20:16 schrieb Niels Thykier: > Control: severity -1 important > > On Fri, 02 Aug 2019 14:05:25 +0200 Markus Koschany wrote: >> Package: javahelper >> Version: 0.72.9 >> Severity: serious >> >> >> jh_linkjars apparently chokes on the new

Bug#933854: solr-jetty: Jetty lacks necessary write permissions to /var/lib/solr/data/index/

Control: tags 933857 pending Control: tags 933854 pending On Sun, 1 Sep 2019 19:47:48 -0700 "J.P. Larocque" wrote: > stephan, thanks for tracking this down. I almost figured it out, and > then I found that you already reported this bug. Your other bug > report was also super helpful for me to g

Bug#923330: jajuk: Fails to start with Java Runtime Environment 1.7 minimum required. You use a JVM ext.JVM@23fc625e

I pushed more changes to Git. We could fix the NullPointerException in insubstantial but now I get two different errors. Failed to register bus name / null and NoClassDefFoundError: org/slf4j/LoggerFactory I don't know why this class is suddenly missing from the classpath. signature.asc Desc

Bug#911078: triplea: Fails to start with NullPointerException

Hello, On Wed, 7 Aug 2019 08:36:38 -0700 Dan Van Atta wrote: > Apologies for the long delay, updates to Debian are a deeper issue than I > initially realized. TripleA has had a history of maintenance overhead > problems, seeing the Debian fork has me realize that it is a fork with its > own uniqu

Bug#935842: jh_buld: Make java source version configurable

Am 27.08.19 um 00:02 schrieb darkdragon: > Thanks for your help! > > If I could create an account for the wiki, I had updated it -.- > The Debian development workflow is just so complicated and time > consuming! If you would use github/gitlab, I would send a lot more > patches directly! We hav

Bug#935849: tutorial: wrong bin link

Am 26.08.19 um 23:31 schrieb darkdragon: > Thank you so much for your detailed answer! You're welcome! > Adding "jarwrapper" to my runtime dependencies and changing > "debian/salliere.links" to "usr/share/salliere/salliere.jar > usr/bin/salliere.jar" solved my issue. > > Nevertheless, the tutori

Bug#935842: jh_buld: Make java source version configurable

Am 26.08.19 um 22:51 schrieb darkdragon: > If you would also tell me HOW or even better add this to the tutorial > (https://people.debian.org/~apo/java/tutorial.html), I would be really > happy! Compiling Java source files to a specific release is not Debian specific. Take a look at man javac for

<    1   2   3   4   5   6   7   8   9   10   >