Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package owasp-java-html-sanitizer
The libjsr305-java-doc package was removed from Debian but it is not
really required to build owasp-java-html-sanitizer.
unblock owasp-java
Am 11.03.19 um 15:51 schrieb Dan Poltawski:
> Thanks for your responses. One of my colleagues has been looking into this
> trying to get the bottom of it and we do seem to have identified a memory
> leak which isn't present on stretch. I note the report posted to the list
> https://bugs.debian.
Control: reopen -1
Hello Andrej,
bug 923748 is about a different issue and unrelated to your recent upload.
We need to fix it too and I proposed a patch here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923756#30
Markus
signature.asc
Description: OpenPGP digital signature
Control: retitle -1 javahelper: javadoc: error - The code being documented uses
packages in the unnamed module
Hi,
Am 10.03.19 um 18:15 schrieb Andreas Metzler:
> Control: reassign -1 javahelper 0.72.3
> Control: forcemerge 923748 924256
> Control: retitle -1 shebang line in jh_build "#!/use/bin
ood to me. I will import the next revision
into our Git repository. You can ask for access here:
https://salsa.debian.org/games-team
Cheers,
Markus
From 691369953345d31a88636c2f0f2aabdf0bb126f3 Mon Sep 17 00:00:00 2001
From: Markus Koschany
Date: Sun, 10 Mar 2019 15:22:56 +0100
Subject: [PATCH
Am 09.03.19 um 18:55 schrieb Adam D. Barratt:
> On Fri, 2019-03-01 at 23:34 +0100, Markus Koschany wrote:
>> I have removed powermock from all reverse-dependencies. This bug
>> should no longer be a blocker for Buster and powermock can be safely
>> removed from testing.
>
Control: reopen 923180
Am 07.03.19 um 05:24 schrieb Pedro Pena:
[...]
> "Bug #923180 does not belong to this package"
>
> Is this normal?
Sorry, I got confused. This is your ITP bug.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922844
It must be closed in debian/changelog, then Lintian w
Hi,
Am 07.03.19 um 05:24 schrieb Pedro Pena:
> Hello Markus,
>
> The only thing I have left is figuring out how to create an appstream
> file and how to integrate it.
There is a quick start guide which is quite helpful.
https://www.freedesktop.org/software/appstream/docs/chap-Quickstart.html#s
Am 06.03.19 um 03:20 schrieb Pedro Pena:
> Hello Markus,
> Good to hear you finally able to play infinitetux!
>
> I'll start working on applying your suggestions.
>
> As far as the OGA -BY license goes,it appears that
> OpenGameArt does indeed have a specific license.
>
> I don't see any non c
Hello Pedro,
Am 05.03.19 um 15:14 schrieb Pedro Pena:
> Hello Markus,
>
> I have been able to remove the majority of the warnings that appear.
> Unfortunately I can not seem to get lintian to show me the same errors
> locally. I have to upload to mentors.debian.net to see the warnings.
>
> I tho
Control: reassign -1 javahelper
Control: retitle -1 javahelper: javadoc: error - The code being documented uses
packages in the unnamed module
Am 05.03.19 um 21:06 schrieb Andreas Tille:
[...]
> Considering that the problem can be solved by fixing javatools instead
> of libhac-java do you think
ave more
fine grained control about their -doc packages and we don't have to
worry about those errors anymore.
Here is my proposed patch for jh_build against src:javatools master.
Regards,
Markus
From e731cb503712fea1618b9b3bff041c89800bcf1d Mon Sep 17 00:00:00 2001
From: Markus Koschany
Dat
Control: severity -1 serious
Control: reassign -1 solr-tomcat
Am 01.03.19 um 19:58 schrieb Emmanuel Bourg:
> Le 01/03/2019 à 18:29, Markus Koschany a écrit :
>
>> I have never extended security permissions of
>> another systemd service. How is this supposed to work?
>
&
Control: tags -1 moreinfo
On Tue, 26 Feb 2019 23:07:43 +0100 Sjoerd Simons wrote:
> Package: libitext-java
> Version: 2.1.7-12
> Severity: serious
> Tags: patch
>
> Hey,
>
> When rebuilding bouncy-castle the jar doesn't seem to have the same classpath
Hello, I guess you meant libitext-java?
>
Control: tags -1 pending
Hello,
Am 02.03.19 um 01:59 schrieb Lars Kruse:
> Package: freeciv-client-sdl
> Version: 2.6.0-1
> Severity: important
>
> Dear Maintainer,
>
> I tried to run freeciv-sdl2, but sadly it failed with the following
> output:
>
> $ LANG= freeciv-sdl2
> 2: Didn't find th
I have removed powermock from all reverse-dependencies. This bug should
no longer be a blocker for Buster and powermock can be safely removed
from testing.
signature.asc
Description: OpenPGP digital signature
Am 01.03.19 um 18:24 schrieb Emmanuel Bourg:
> Le 01/03/2019 à 18:19, Markus Koschany a écrit :
>
>> I think just creating /var/lib/solr with tomcat9.dirs is sufficient. I
>> tested both cases, installing tomcat9 first and then solr-tomcat and
>> vice versa, and t
Hi,
I think just creating /var/lib/solr with tomcat9.dirs is sufficient. I
tested both cases, installing tomcat9 first and then solr-tomcat and
vice versa, and the server always started correctly. SystemD just
requires an existing directory. Do you agree with this change?
https://salsa.debian.org
Am 28.02.19 um 13:48 schrieb Sjoerd Simons:
[...]
> I can drop some into salsa and do an MR if you prefer; I don't really
> want to join the java team though, I mostly hope to be able to forget
> about all these java pains asap :)
You discovered all those bugs during the freeze, of course you m
Hi Sjoerd,
Am 28.02.19 um 13:38 schrieb Sjoerd Simons:
> Source: netty
> Version: 4.1.33-1
> Severity: important
> Tags: ftbfs
> Justification: fails to build from source
>
> Hey,
>
> It seems that netty fails to build on 32 bit architectures, we hit that in our
> rebuild on 32 bit as does the r
Am 26.02.19 um 21:34 schrieb Markus Koschany:
> Thanks for reporting and the hint how to fix this problem. I'll take a
> closer look soon.
Unfortunately there is another issue that prevents jajuk from starting.
This appears to be the same one which affects triplea as w
Control: severity -1 grave
Hello Bertrand, hello Werner
Am 26.02.19 um 21:13 schrieb Bertrand Florat:
> Hi,
>
> Current develop branch fixes that :
> https://github.com/jajuk-team/jajuk/blob/develop/src/main/java/org/jajuk/Main.java
>
> We now just throw an error if JVM is < 1.8.
>
[...]
> pri
Hi,
Am 25.02.19 um 19:40 schrieb Miguel Landaeta:
> Hi Markus,
>
> On Sun, Feb 24, 2019 at 08:39:48PM +0100, Markus Koschany wrote:
>> JRuby is a mess. I guess we "just" need to package the latest upstream
>> release to fix the FTBFS bugs. Nobody felt like doing th
Am 26.02.19 um 09:46 schrieb Emmanuel Bourg:
> Control: reopen -1
> Control: notfixed -1 9.0.16-2
>
> Le 17/02/2019 à 12:38, Markus Koschany a écrit :
>
>> Thank you for the confirmation. Then I think reassigning this issue to
>> src:tomcat9 and fixing it there is s
JRuby is a mess. I guess we "just" need to package the latest upstream
release to fix the FTBFS bugs. Nobody felt like doing that in the past
twelve months, so I think it is unrealistic to believe we can make it
happen within one week. Of course if the release team can be convinced
to accept a new
libjogl2-java still FTBFS on armel, mips64el and mipsel. I don't know
why the build process requires so much time on these platforms excluding
mips64el which never built before. On mips the build succeeded after six
hours.
I don't believe that mips and arm architectures are really supported by
ups
Control: severity -1 important
On Sat, 23 Feb 2019 21:20:42 -0500 Michael Gilbert
wrote:
> control: severity -1 serious
>
> Increasing severity since policy 10.7.3 is violated:
>
> "Obsolete configuration files without local changes should be removed
> by the package during upgrade."
>
> The f
Hi,
powermock has been failing to build from source since we introduced
OpenJDK 9 to Debian. It has not been removed yet because several
packages build-depend on it.
reverse-depends -b libpowermock-java
Reverse-Build-Depends-Indep
===
* jline2
Reverse-Build-Depends
=
Control: tags -1 pending
Am 20.02.19 um 11:45 schrieb Ritesh Raj Sarraf:
> Source: groovy
> Severity: serious
> Tags: ftbfs
> Justification: fails to build from source
>
> Dear Maintainer,
>
> The package fails to build on Buster/Sid. The relevant build failure
> snippet is below and full build
Am 19.02.19 um 17:40 schrieb Moritz Mühlenhoff:
> On Fri, Feb 15, 2019 at 11:21:13AM +0100, Markus Koschany wrote:
[...]
>>
>> Upstream solved this problem by adding a new whitelist option for nodes
>> and shards and what they can request. In the latest version Zookeeper
&
On Sun, 10 Sep 2017 21:41:52 +0100 Chris West wrote:
> Source: powermock
> Version: 1.6.6
> Severity: normal
> User: debian-j...@lists.debian.org
> Usertags: default-java9
>
> Powermock fails to work properly on Java 9.
Powermock still fails to build but has not been removed from testing yet
be
Control: severity -1 important
On Fri, 06 Jul 2018 13:25:28 + Santiago Vila wrote:
> Package: src:exec-maven-plugin
> Version: 1.1.1+dfsg-3
> Severity: serious
> Tags: ftbfs
Buster/Sid is not affected. Since there is also a simple workaround for
stable and oldstable (disabling the tests), I
Contol: severity -1 normal
On Mon, 21 Jan 2019 20:13:37 -0800 tony mancill wrote:
> On Sun, Jan 20, 2019 at 06:14:31PM +0100, Andreas Beckmann wrote:
> > Package: yui-compressor
> > Version: 2.4.7-2
> > Severity: serious
> > Tags: jessie
> > User: debian...@lists.debian.org
> > Usertags: piuparts
Control: reassign -1 src:tomcat9
Am 17.02.19 um 06:58 schrieb Michael Welsh Duggan:
[...]
> Based on your prior tip, I had already done that. (Only the
> /var/lib/solr/ entry seemed to be necessary.) This caused things to
> work again.
Thank you for the confirmation. Then I think reassigning th
Control: tags -1 confirmed pending
Hi!
Am 16.02.19 um 22:10 schrieb Johann Suhter:
> Package: brainparty
> Version: 0.61+dfsg-3+b1
> Severity: normal
> Tags: patch
>
> Dear Maintainer,
>
> the minigame "Symbolic Logic" whithin brainparty cannot be played
> because the premises are not shown.
T
Package: fonts-roboto-hinted
Version: 2:0~20170802-1
Severity: serious
Dear maintainer,
the recent upload of fonts-roboto broke reverse-dependencies like
renpy because you removed or renamed previously installed files in
fonts-roboto-hinted. I find that less than optimal given that we have
enter
Hello Joey,
Am 15.02.19 um 20:17 schrieb Joey Hess:
> Package: iftop
> Version: 1.0~pre4-6
> Severity: normal
>
> The way iftop calibrates its linear scale, it seems to often make the
> scale much wider than the actual available network bandwidth, leading to
> bar graphs that are quite narrow, of
Hi tony!
Am 15.02.19 um 15:42 schrieb tony mancill:
[...]
> Hi Markus,
>
> We independently executed identical experiments, which I'm glad for,
> because I would have wanted some external verification before uploading
> any of this to unstable. (I started building the r-build-deps of
> libplexus
On Wed, 13 Feb 2019 17:43:43 +0100 Salvatore Bonaccorso
wrote:
> Source: lucene-solr
> Version: 3.6.2+dfsg-16
> Severity: important
> Tags: security upstream
> Forwarded: https://issues.apache.org/jira/browse/SOLR-12770
> Control: found -1 3.6.2+dfsg-10+deb9u2
> Control: found -1 3.6.2+dfsg-10
>
Hello Michael,
On Fri, 18 Jan 2019 01:19:36 -0500 Michael Welsh Duggan
wrote:
> Package: solr-tomcat
> Version: 3.6.2+dfsg-16
> Severity: important
>
> Dear Maintainer,
>
> After updating tomcat to tomcat9 and solr-tomcat to 3.6.2+dfsg-16, it
> seems to be having problems writing to its index
Control: tags -1 pending
On Tue, 20 Nov 2018 21:11:14 +0300 sergio wrote:
> Package: solr-jetty
> Version: 3.6.2+dfsg-10+deb9u2
> Severity: serious
> Justification: Policy 10.9
>
> solr-jetty was installed and purged from host. I'm not able to
> dist-upgrade more:
>
> dpkg: unrecoverable fatal
On Sat, 29 Dec 2018 23:26:49 +0100 Lucas Nussbaum wrote:
> Source: lucene-solr
> Version: 3.6.2+dfsg-16
> Severity: serious
> Justification: FTBFS on amd64
> Tags: buster sid
> Usertags: ftbfs-20181229 ftbfs-buster
>
> Hi,
>
> During a rebuild of all packages in sid, your package failed to build
Hi Gustavo,
Am 13.02.19 um 23:23 schrieb Gustavo Castro:
[...]
> java.lang.SecurityException: sealing violation
> at org.netbeans.JarClassLoader.doLoadClass(Unknown Source)
> at org.netbeans.ProxyClassLoader.selfLoadClass(Unknown Source)
> at org.netbeans.ProxyClassLoader.loadClass(Unk
Hi,
Am 26.01.19 um 20:07 schrieb tony mancill:
[...]
> I'm trying to peel the onion and believe that this is a problem in the
> maven-javadoc-plugin package. I found the same issue for a project
> outside of Debian, for example [1], which refers to a JIRA ticket for that
> plugin [2]. There is a
Hi,
Am 13.02.19 um 02:45 schrieb Gustavo Castro:
> Package: netbeans
> Version: 10.0-2
> Severity: normal
>
> Dear Maintainer,
>
> netbeans has a failure at the beginning
>
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by
> org.netbeans.core
Control: severity -1 important
Am 10.02.19 um 12:20 schrieb Adrian Bunk:
[...]
> Teeworlds runs fine on some i386 machines.
>
> Individual packages cannot just use non-baseline features like
> SSE or AVX without runtime detection, this results in nothing
> but crashes on hardware officially supp
Control: tags -1 moreinfo
Control: severity -1 important
On Wed, 6 Feb 2019 22:39:02 +0100 Markus Koschany wrote:
> On Sun, 03 Feb 2019 22:35:22 +0200 Adrian Bunk wrote:
> > Source: teeworlds
> > Version: 0.7.2-2
> > Severity: serious
> > Tags: patch
> >
Am 07.02.19 um 08:56 schrieb Alois Schlögl:
> Package: mediathekview
> Version: 13.2.1-2
> Severity: important
> [warning] /usr/bin/mediathekview: JVM flavor 'java9' not understood
> [warning] /usr/bin/mediathekview: No java runtime was found
>
> * What outcome did you expect instea
On Sun, 03 Feb 2019 22:35:22 +0200 Adrian Bunk wrote:
> Source: teeworlds
> Version: 0.7.2-2
> Severity: serious
> Tags: patch
>
> SSE is not part of the i386 baseline, fix attached.
Could you go into more detail why this is release-critical and what
issue we are trying to solve?
Markus
sign
-2018-1320.patch 1970-01-01
01:00:00.0 +0100
+++ libthrift-java-0.9.1/debian/patches/CVE-2018-1320.patch 2019-02-06
19:04:12.0 +0100
@@ -0,0 +1,32 @@
+From: Markus Koschany
+Date: Wed, 6 Feb 2019 18:59:31 +0100
+Subject: CVE-2018-1320
+
+Bug-Debian: https://bugs.debia
Hi Bret,
Am 06.02.19 um 11:43 schrieb psi...@gmail.com:
> Hello!
>
> Hot off the presses, OpenMW 0.45.0
> https://salsa.debian.org/games-team/openmw
>
> I built it against buster and sid, tested both and ran without segfaults.
> This should wrap up this bug (closes in changelog entry).
>
> Plea
Am 04.02.19 um 14:56 schrieb Per Lundberg:
> On 2/1/19 11:20 AM, Matthias Klose wrote:
>> On 01.02.19 10:03, Emmanuel Bourg wrote:
>
>>> This is an excellent suggestion. We should file a bug for openjdk-8 to
>>> implement that.
>> please attach the patch.
>
> Sure, I should be able to write som
Am 04.02.19 um 14:31 schrieb psi...@gmail.com:
> Hello Markus,
>
> as it turns out, we're about to have another release 0.45 that has been in
> 'the-works' for the past month. It's been ready for awhile, we've just been
> waiting on PR to make a release video and finish up a write-up.
>
> I'll a
On Sun, 25 Nov 2018 20:15:08 +0100 bret curtis wrote:
> Thanks Fred!
>
> We're tracking it upstream. Will keep this bug posted with results.
>
> https://gitlab.com/OpenMW/openmw/issues/4737
Hello Bret,
we are running out of time for Debian 10 "Buster" because the soft
freeze starts next week.
Am 29.01.19 um 23:09 schrieb Santiago Vila:
> On Tue, Jan 29, 2019 at 11:00:25PM +0100, Gilles Filippini wrote:
>
>> No, this is a misunderstanding: the code snippet above scans
>> Build-Depends* fields from debian/control. If default-jdk-doc is
>> installed but not referenced in Build-Depends*, t
Control: tags -1 pending
Hi!
Am 29.01.19 um 21:40 schrieb Salvatore Bonaccorso:
> Source: binaryen
> Version: 64-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> The following vulnerabilities were published for binaryen.
>
> I was initially confused about the intersting versioning
Am 29.01.19 um 14:19 schrieb Per Lundberg:
> Hi Markus,
>
> On 1/29/19 1:32 PM, Markus Koschany wrote:
>>
>>> I am sorry but OpenJDK 8 will not be supported at runtime in
>>> Buster.
> Another question: if this is the case, should the openjdk-8-jdk package
&
Am 29.01.19 um 13:54 schrieb Per Lundberg:
[...]
> But, the approach you suggest is fine. Markus, will you reopen this bug
> or should we file a new one about it, what do you prefer?
I think we don't need a new bug report for that. I will change that
later today.
Regards,
Markus
signature.a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am 29.01.19 um 12:06 schrieb Markus Koschany:
> I am sorry but OpenJDK 8 will not be supported at runtime in
> Buster. If it works with OpenJDK 11, which it does, then we should
> spend the remaining time before the release on more urge
Am 29.01.19 um 10:58 schrieb Emmanuel Bourg:
> Le 29/01/2019 à 10:40, Per Lundberg a écrit :
>> FWIW, version 1.4.2-1 works correctly with openjdk-11-jdk version
>> 11.0.2+7-1, but it _does not_ work correct any more with Java 8
>> (openjdk-8-jdk version 8u191-b12-2)
>
> Thank you for the feedb
forwarded -1 https://github.com/uBlockOrigin/uBlock-issues/issues/407
thanks
signature.asc
Description: OpenPGP digital signature
On Sun, 28 Oct 2018 22:53:56 +0100 =?UTF-8?Q?Gero_M=c3=bcller?=
wrote:
> Package: ca-certificates-java
> Version: 20170531+nmu1
>
> On armhf the server JVM is not available. But the postinst script
> assumes so and uses it to setup a temporary configuration in
> /etc/java-8-openjdk/jvm-armhf.cfg
On Wed, 23 Jan 2019 21:27:09 +0100 Markus Koschany wrote:
> Of course I meant default-jre-headless | java7-runtime-headless.
If nobody objects, I will implement this change tomorrow.
signature.asc
Description: OpenPGP digital signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I think I have found the root cause of this issue now. If I replace
the installed vapi-webrequest.js file with
platform/firefox/vapi-webrequest.js, everything works again. I'm not
sure why the firefox version differs from the webext version but this
Source: netbeans
Version: 10.0-2
Severity: normal
The nb-javac module was not initially detected. It turned out that I
had to modify the MANIFEST file in org-netbeans-libs-javacimpl.jar and
org-netbeans-libs-javacapi.jar to point to the system jar file of
nb-javac-9-api-jar and nb-javac-9-impl.jar
Package: libnb-ide14-java
Version: 10.0-2
Severity: normal
Unfortunately Netbeans 10.0 does not support Git out-of-the-box
anymore. This used to work with version 8.1. The reason is that
several modules cannot be actived (installed in Netbeans terms) at
startup, among others libs.jgit and jsch (di
Package: ftp.debian.org
Severity: normal
Dear ftp team,
please remove mysql-connector-java from Debian. It was replaced by
mariadb-connector-java which is a drop-in-replacement. No other
package depends on it anymore. See also
https://bugs.debian.org/912916
Regards,
Markus
Package: webext-ublock-origin
Version: 1.18.2+dfsg-1
Severity: important
ublock origin version 1.18.2+dfsg-1 fails to display the list of
blocked or existing hosts which you can see when you toggle "all". There is no
indication that the addon blocks any content at the moment. All the
menus appear
Control: severity -1 serious
On Fri, 09 Nov 2018 18:40:44 +0100 Markus Koschany wrote:
> Package: jclic
> Version: 0.3.2.8-1
> Severity: important
> Tags: patch
>
> Hello,
>
> we would like to remove libmysql-java from Debian because it is
> frequently affected
Am 25.01.19 um 13:23 schrieb seam...@debian.org:
>> I believe the only chance to save this package in time for Buster is to use
>> OpenJDK 8.
>
> That seems to be a reasonable choice. Right now Android apps are simply not
> supposed to use Java 9+.
>
> But for how long will JDK8 be supported in
Control: reassign -1 libequinox-osgi-java
Control: found -1 3.9.1-1
This issue is actually caused by missing files in libequionx-osgi-java.
The sources from Maven did neither contain the *.profile nor .properties
files which caused a NullPointerException in Netbeans and made the
program unusable.
Am 24.01.19 um 23:51 schrieb Hans-Christoph Steiner:
>
> I can get some of this compiling with openjdk-11, but not all.
>
> Ok, here's a fun problem: looks like I can build android-platform-23
> with java11, but since it is in effect building Java core classes, the
> compiler freaks.
>
> There s
Of course I meant default-jre-headless | java7-runtime-headless.
signature.asc
Description: OpenPGP digital signature
On Wed, 23 Jan 2019 19:08:27 + Marcin Kulisz wrote:
> Package: ca-certificates-java
> Followup-For: Bug #864657
>
> Hi I just want to add that at the moment Stretch current stable has this
> broken
> to the point that neither openjdk nor ca-certificates-java packages can be
> installed makin
Control: reassign -1 libnb-platform18-java
On Thu, 27 Oct 2016 12:23:11 -0400 "Roberto C. Sanchez"
wrote:
> Package: visualvm
> Version: 1.3.8-1
> Severity: normal
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> When launched, the visualvm package phones home to perform an update
> ch
Hello Jeremy,
Am 20.01.19 um 02:45 schrieb Jeremy Bicha:
> Source: mgba
> Version: 0.6.3+dfsg1-2
> X-Debbugs-CC: sergio_...@yahoo.com.br
>
> The AppStream metadata that was added to the Debian package isn't
> being used because its metadata_license isn't on the short list of
> approved licenses.
Hello,
Am 20.01.19 um 23:37 schrieb Nikolas Nyby:
> Package: blockattack
> Version: 2.3.0-1+b1
> Severity: normal
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
>* What led up to the situation?
>
> I started blockattack with no opt
Am 12.01.19 um 23:15 schrieb Pavel Kreuzt:
> Here is the result of the BT:
>
> (gdb) bt
> #0 0xda15 in std::_List_iterator::operator--
> (this=0x55568500 ) at /usr/include/c++/8/bits/stl_list.h:239
> #1 mapIcons () at ../src/core/Main.cc:443
> #2 0xaaad in main (ar
Hello,
Am 12.01.19 um 20:24 schrieb Pavel Kreuzt:
> Package: wbar
> Version: 2.3.4-9
> Severity: normal
>
> Dear Maintainer,
>
> Running wbar in an openbox session with compton as WM, it segfaults sometimes
> with this message on syslog:
>
> Jan 12 20:18:18 Desktop kernel: [10939.231130] traps
Am 08.01.19 um 14:25 schrieb Timo Kalliomäki:
> Package: libhttpclient-java
> Version: 4.5.6-1
> Severity: important
>
> Dear Maintainer,
>
> The parsing functionality under URLEncodedUtils fails when running under Java
> 8.
> This seems to be due to the return type of java.nio.ByteBuffer.flip()
Control: severity -1 important
Hi,
I have reverted the change and uploaded the old 2.14.6 version of
jackrabbit again. This will ensure that davmail also continues to work
in Ubuntu and other distributions that sync packages directly from
unstable. As I previously wrote davmail should be updated
Control: reopen -1
The removal of commons-httpclient has to be postponed for a while. See
also #917174 for further information.
I had a go at this and it looks like the package simply is not ready for
Java 9+. The unmappable character error is bogus. Rather issues like
using an underscore character as a variable name (which is forbidden in
Java 9) or naming a package java.lang ... are the root cause of the FTBFS.
Markus
Hello Alex,
Am 04.01.19 um 13:16 schrieb Alexandre Rossi:
>>> unfortunately davmail fails to build from source with
>>> libjackrabbit-java 2.18.0. Long deprecated methods have been removed.
>>> Your package build-depends on a very old version of jackrabbit (2.4.3).
>
> This is too much work and I
Control: tags -1 pending
Am 31.12.18 um 06:13 schrieb Le Gall Guillaume:
> Hello,
>
>
> and thank you very much for your answer.
>
>
> First, about OpenJDK 11, and "debian/patches/javah.patch". You are
> absolutely right to point that out. Actually, I had missed that the
> "javah" tool was rem
Hi Bruno,
Am 31.12.18 um 06:54 schrieb Bruno Kleinert:
> Package: webext-privacy-badger
> Version: 2018.12.17-1
> Severity: important
>
> Hi,
>
> in Firefox ESR (currently 60.4.0esr-1) the pluget appears as if it is
> successfully loaded, but when browsing the web it seems to do nothing.
> I.e.,
Control: tags -1 patch
Control: reassign -1 hibiscus
Hi,
Am 30.12.18 um 18:33 schrieb Christian Weiske:
> Package: jameica
> Version: 2.8.2+dfsg-6
> Severity: normal
>
> Dear Maintainer,
>
> I would like to use Jameica/Hibiscus with my MySQL server because I have a
> central
> hibiscusserver i
Control: owner -1 !
Control: tags -1 pending
Fix is pending.
Markus
signature.asc
Description: OpenPGP digital signature
Control: severity -1 grave
Hello,
first of all both of you, thank you very much for the report and
investigation and sorry for the late response.
Unfortunately we can't remove the javah.patch because we have to use
OpenJDK 11 to build lwjgl. But we have to improve it if we want to
compile the mi
upload.
+ * Fix CVE-2018-20433.
+A XML External Entity (XXE) vulnerability was discovered in c3p0 that may
+be used to resolve information outside of the intended sphere of control.
+(Closes: #917257)
+
+ -- Markus Koschany Fri, 28 Dec 2018 18:41:05 +0100
+
c3p0 (0.9.1.2-9) unstable
Package: davmail
Version: 5.0.0.2801-2
Severity: normal
davmail depends on libcommons-httpclient-java, which is obsolete and was
replaced by libhttpclient-java. It has reached EOL status in 2011! It is no
longer supported upstream [1] and was affected by multiple security issues in
the past. davma
Package: davmail
Version: 5.0.0.2801-2
Severity: serious
Hello,
unfortunately davmail fails to build from source with
libjackrabbit-java 2.18.0. Long deprecated methods have been removed.
Your package build-depends on a very old version of jackrabbit (2.4.3).
See also the deprecated list that ex
Package: hoteldruid
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for hoteldruid. I couldn't
find a bug tracker or code repository for hoteldruid but it seems you
are involved in upstream development somehow. Are you aware of t
Package: libvncserver
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libvncserver.
CVE-2018-15126[0]:
| LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains
| heap use-after-free vulnerability in server
Hi,
Am 19.12.18 um 22:32 schrieb Emmanuel Bourg:
> Le 29/10/2018 à 23:32, Markus Koschany a écrit :
>> The OpenJDK 11 issue is rather simple to fix, however the build fails
>> later on with this error message, a Gradle issue?
>
> I've figured out what is causing the
Package: yara
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for yara.
CVE-2018-19974[0]:
| In YARA 3.8.1, bytecode in a specially crafted compiled rule can read
| uninitialized data from VM scratch memory in libyara/exe
Hi,
Am 19.12.18 um 09:58 schrieb Andreas Tille:
[...]
> Any hint how to fix this?
The missing class is in libjaxb-api-java. Just make sure it's on the
CLASSPATH.
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
Package: wnpp
Severity: wishlist
Owner: Markus Koschany
* Package name: binaryen
Version : 61
Upstream Author : WebAssembly Community Group participants
* URL : https://github.com/WebAssembly/binaryen
* License : Apache-2.0
Programming Lang: C
Package: wnpp
Severity: wishlist
Owner: Markus Koschany
* Package name: wabt
Version : 1.0.6
Upstream Author : WebAssembly Community Group participants
* URL : https://github.com/WebAssembly/wabt
* License : Apache-2.0
Programming Lang: C++
Description
FTR: I just came across
https://bugs.debian.org/827517
which points to
https://bugzilla.mozilla.org/show_bug.cgi?id=1286634
Apparently this issue is a Firefox bug which was marked as "wontfix".
Relative symlinks in Firefox extensions are not supported.
The proposed fix is to use absolute symli
701 - 800 of 3519 matches
Mail list logo