Bug#1069251: ca-certificates-java: keystore is not updated

Package: ca-certificates-java Version: 20230710~deb12u1 Severity: important Hey. Actually I think this should have a higher severity, since the trusted certs may very well be quit security critical. Nevertheless: I just traced a bug for some hours, where it eventually turned out that

Bug#1025012: zookeeper: starts but is completely unusable

Hey Pierre. On Tue, 2022-12-06 at 23:08 +0100, Pierre Gruet wrote: > Thanks for the bug report (and the follow-up precisions you sent)! > > Yet I fail to reproduce it on testing. I installed zookeeper and > zookeeperd on testing, then ran > > $ /usr/share/zookeeper/bin/zkCli.sh > specifying

Bug#1025043: zookeeper: various improvement ideas for the package

Source: zookeeper Version: 3.8.0-10 Severity: wishlist Hey. While trying out the new packaging of 3.8, I've noticed a number of things, which seem at least a bit unusual: 1) Using updates-alternatives mechanism, to set up the config. That seems quite unsual, and updates-alternatives is even

Bug#950386: zookeeperd: missing-systemd-service-for-init.d-script

Hey. Just a side note on this: One further problem with the sysvinit script, when via the virtual systemd units, seems to be, that stopping that unit via systemd does no necessarily work. Namely if a connection to zookeeper is still open (e.g. via zkCli) the daemon continued to run, and closed

Bug#1025042: zookeeperd: zookeeper may be started before network and crashes

Control: tags -1 + patch I've made a simple PR at: https://salsa.debian.org/java-team/zookeeper/-/merge_requests/8 Cheers, Chris. __ This is the maintainer address of Debian's Java team . Please use

Bug#1025042: zookeeperd: zookeeper may be started before network and crashes

Package: zookeeperd Version: 3.8.0-10 Severity: important Hey. The init.d script doesn't require networking, therefore it may happen. that e.g. systemd starts zookeeper before the network is brought up, in which case zookeeper crashes, as it cannot bind to the configured server.N-option

Bug#1025012: zookeeper: starts but is completely unusable

And here we go: CLASSPATH="/etc/zookeeper/conf:/usr/share/java/zookeeper.jar:/usr/share/java/slf4j-log4j12.jar:/usr/share/java/log4j-1.2.jar" Seems to do the trick to get logging to /var/log/zookeeper/foobar . The zkCli shows still no prompt, though. It also needs the

Bug#1025012: zookeeper: starts but is completely unusable

I got a bit further: Setting: CLASSPATH="/etc/zookeeper/conf:/usr/share/java/zookeeper.jar:/usr/share/java/slf4j-simple.jar" i.e. adding the ":/usr/share/java/slf4j-simple.jar" helps a bit... The server seems to start now, and via zkCli, I can `ls` my paths and `get` values. But there's still

Bug#1025012: zookeeper: starts but is completely unusable

I should perhaps add, that I have installed the zookeeper packages (zookeeper zookeeperd libzookeeper-java) from testing into stable (bullseye), all other dependencies were already met with bullseye versions. Also, according to https://www.slf4j.org/codes.html#StaticLoggerBinder and there the

Bug#1025012: zookeeper: starts but is completely unusable

Package: zookeeper Version: 3.8.0-10 Severity: grave Justification: renders package unusable Hey. I've tried the new packagin, but while all my config and data files are in place, and while the server "runs", there is no logging (neither to stdout/err for systemd nor /var/log/zookeeper .. not

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Hey. I've just installed this again on some node, and for some reason apt- listbugs still shows it as open: # aptitude Performing actions... Retrieving bug reports... Done Parsing Found/Fixed information... Done grave bugs of liblog4j1.2-java (→ 1.2.17-10+deb11u1) b1 - #1004482 -

Bug#1024674: libphonenumber8: breaks Evolution

On Tue, 2022-11-22 at 21:11 -0800, tony mancill wrote: > Yes, totally.  I didn't mean to imply that the bug shouldn't be here. Sure... just wanted to point out, that I don't consider it your fault or so :-) > > I had evolution running, while I've upgraded. And didn't restart it > > afterwards

Bug#1024674: libphonenumber8: breaks Evolution

Hey Tony. On Tue, 2022-11-22 at 20:40 -0800, tony mancill wrote: > Thank you for the bug report.  libphonenumber 8.12.57+ds-1 has been > in > testing for longer than a month at this point [1].  Has it been > broken > all of this time?  If not, I suspect this is related the protobuf > transition

Bug#1024674: libphonenumber8: breaks Evolution

Package: libphonenumber8 Version: 8.12.57+ds-1+b2 Severity: serious Hey. After the upgrade, evolution crashes when started: $ evolution evolution: symbol lookup error: /usr/lib/x86_64-linux-gnu/libebook-contacts-1.2.so.4: undefined symbol:

Bug#1008817: libphonenumber8: breaks evolution

On Sat, 2022-04-02 at 08:14 -0700, tony mancill wrote: > Thank you for the bug report Chris, for setting the severity so > as to block the migration, and noting the affected packages. Actually, the latter two were done by some other helpers :-) Thanks, Chris. __ This is the maintainer address

Bug#1008817: libphonenumber8: breaks evolution

Package: libphonenumber8 Version: 8.12.46-1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) Hi. 8.12.46-1 causes evolution to fail: $ evolution evolution: symbol lookup error: /usr/lib/x86_64-linux-gnu/libphonenumber.so.8: undefined

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Hey. Is that going to be fixed in stable, too? Cheers, Chris. __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for discussions and questions.

Bug#990345: zookeeper: various security issues

Further for the records (for a future upgrade to newer ZK versions): There will likely need to be a NEWS.Debian entry about the following: https://issues.apache.org/jira/browse/ZOOKEEPER-3056 In short: - apparently they've added a check that prevents ZK from starting, when no snapshots were

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Package: liblog4j1.2-java Version: 1.2.17-10 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: Debian Security Team Hey. A number of holes was found in the 1.2 branch of log4j. The following is apparently critical (code injection):

Bug#927673: new upstream version

Just for the records: It seems that the build dependencies listed by current ZK 3.7.0’s README_packaging.md would be as follows: libcppunit-dev python-setuptools python2.7-dev openssl libssl-dev libsasl2-modules-gssapi-mit libsasl2-modules libsasl2-dev But python2.7-dev didn't really seem to

Bug#927673: new upstream version

Hey. I've tried to upgrade the package locally to 3.7.x ... but unfortunately there seem to be considerable changes, the whole source structure seem to have changed. Right now we have all in: src but apparently already with 3.5.x things changed and no there's: bin conf dev tools

Bug#990674: s2-geometry-library: The Homepage is wrong in metadata

On Mon, 2021-09-13 at 11:32 +0100, Sudip Mukherjee wrote: > Yes, and what about mentioning in the package description: > "Additional documents can be found at https://s2geometry.io/; Sounds reasonable :-) > Google one got its commit after 10 years :) > Anyways, s2-geometry-library is a

Bug#990674: s2-geometry-library: The Homepage is wrong in metadata

Hey. https://s2geometry.io/ indeed also mentiones a Java port, but the one at https://github.com/google/s2-geometry-library-java and not what you said you'd have used (https://github.com/io-sgr/s2-geometry-library-java ?) But even the "official" Google port to Java is listed only as "Ported

Bug#990345: zookeeper: various security issues

On Thu, 2021-07-15 at 21:18 -0700, tony mancill wrote: > The Debian package disables building against Netty via this patch: > https://salsa.debian.org/java-team/zookeeper/-/blob/master/debian/patches/13-disable-netty-connection-factory.patch Ah I see. > This is certainly a valid point.  There

Bug#990698: zookeeperd: legacy conffiles leftover

Package: zookeeperd Version: 3.4.13-6 Severity: normal Hi. Apparently the package used to contain the conffiles: /etc/init/zookeeper.conf but no longer does so. Please properly clean them up using dpkg-maintscript-helper(1). (AFAIU, the version that needs to be specified for that is NOT the

Bug#950386: zookeeperd: missing-systemd-service-for-init.d-script

Hey. It seems that zookeeper actually already contained a systemd unit in stretch (and still does so in the source package): https://packages.debian.org/stretch/all/zookeeperd/filelist but apparently this got already lost in buster (and by the way not properly cleaned up, so there remain dead

Bug#990345: zookeeper: various security issues

Hey. On Sun, 2021-06-27 at 14:46 +0200, Salvatore Bonaccorso wrote: > To me this looks like CVEs in other products, but which zookeeper > uses > as dependency? Is this correct? Indeed, but I couldn't find that the zookeeper package depends on these while it does contain: zookeeper-3.4.13/src$

Bug#990345: zookeeper: various security issues

Source: zookeeper Version: 3.4.13-6 Severity: grave Tags: security Justification: user security hole X-Debbugs-Cc: Debian Security Team Hi. The release notes for https://zookeeper.apache.org/doc/r3.6.3/releasenotes.html list various security issues: CVE-2020-25649 CVE-2021-21295 CVE-2021-28165

Bug#927673: new upstream version

Control: retitle -1 new upstream version Hey. Anything new about this? 3.4.x is pretty old by now and 3.6.x is out since a while. Any chance to get that upgraded? Thanks, Chris. __ This is the maintainer address of Debian's Java team