Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package lucene4.10 We would like to remove simple-xml from Buster (#888547) because the package is unmaintained and affected by CVE-2017-1000190. In order to achieve that the build-dependency on simple-xml in carrotsearch-randomizedtesting had to be removed which makes lucene4.10 FTBFS now. Since carrotsearch-randomizedtesting is only a test dependency, I have added a patch to fix this problem. unblock lucene4.10/4.10.4+dfsg-5 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
diff -Nru lucene4.10-4.10.4+dfsg/debian/changelog lucene4.10-4.10.4+dfsg/debian/changelog --- lucene4.10-4.10.4+dfsg/debian/changelog 2019-01-19 23:19:03.000000000 +0100 +++ lucene4.10-4.10.4+dfsg/debian/changelog 2019-04-17 00:24:30.000000000 +0200 @@ -1,3 +1,12 @@ +lucene4.10 (4.10.4+dfsg-5) unstable; urgency=medium + + * Team upload. + * Add carrotsearch-juni4-ant.patch and do not require + libcarrotsearch-randomizedtesting-java as a test dependency anymore. + This allows us to remove libsimple-xml-java from Buster. + + -- Markus Koschany <a...@debian.org> Wed, 17 Apr 2019 00:24:30 +0200 + lucene4.10 (4.10.4+dfsg-4) unstable; urgency=medium * Team upload. diff -Nru lucene4.10-4.10.4+dfsg/debian/patches/carrotsearch-juni4-ant.patch lucene4.10-4.10.4+dfsg/debian/patches/carrotsearch-juni4-ant.patch --- lucene4.10-4.10.4+dfsg/debian/patches/carrotsearch-juni4-ant.patch 1970-01-01 01:00:00.000000000 +0100 +++ lucene4.10-4.10.4+dfsg/debian/patches/carrotsearch-juni4-ant.patch 2019-04-17 00:24:30.000000000 +0200 @@ -0,0 +1,22 @@ +From: Markus Koschany <a...@debian.org> +Date: Sun, 14 Apr 2019 23:09:21 +0200 +Subject: carrotsearch juni4-ant + +Do not use com.carrotsearch.randomizedtesting, so that libsimple-xml-java can +be removed from Buster. +--- + test-framework/ivy.xml | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/test-framework/ivy.xml b/test-framework/ivy.xml +index 7390a0a..ace6359 100644 +--- a/test-framework/ivy.xml ++++ b/test-framework/ivy.xml +@@ -33,7 +33,6 @@ + + <dependency org="junit" name="junit" rev="${/junit/junit}" conf="compile,junit4-stdalone"/> + <dependency org="org.hamcrest" name="hamcrest-core" rev="debian" conf="compile,junit4-stdalone"/> +- <dependency org="com.carrotsearch.randomizedtesting" name="junit4-ant" rev="${/com.carrotsearch.randomizedtesting/junit4-ant}" conf="compile,junit4-stdalone"/> + <dependency org="com.carrotsearch.randomizedtesting" name="randomizedtesting-runner" rev="${/com.carrotsearch.randomizedtesting/randomizedtesting-runner}" conf="compile,junit4-stdalone"/> + + <exclude org="*" ext="*" matcher="regexp" type="${ivy.exclude.types}"/> diff -Nru lucene4.10-4.10.4+dfsg/debian/patches/series lucene4.10-4.10.4+dfsg/debian/patches/series --- lucene4.10-4.10.4+dfsg/debian/patches/series 2016-08-03 18:54:38.000000000 +0200 +++ lucene4.10-4.10.4+dfsg/debian/patches/series 2019-04-17 00:24:30.000000000 +0200 @@ -1,3 +1,4 @@ 0005-Revert-upstream-removal-of-deprecated-QueryParser-co.patch 0006-use-local-artifacts.patch 0007-missing-hamcrest-dependency.patch +carrotsearch-juni4-ant.patch