Bug#1060381: tomcat10: catalina.out is not recreated after deletion

Control: tags -1 moreinfo [already CCed the submitter but forgot to add the bug report] Hello Daniel, On Wed, 10 Jan 2024 12:42:34 +0100 Daniel von Obernitz wrote: > Package: tomcat10 > Version: 10.1.6-1+deb12u1 > Severity: normal > X-Debbugs-Cc: t...@security.debian.org > > Dear Maintainer,

Bug#1057047: tomcat10-common: Tomcat 10 helper script doesn't look for temurin based jdk installs

On Tue, 28 Nov 2023 17:59:18 +0100 Joan wrote: > Package: tomcat10-common > Version: 10.1.15-1 > Severity: normal > X-Debbugs-Cc: aseq...@gmail.com > > Dear Maintainer, > >    * What led up to the situation? > I am trying to use debian's tomcat 10 with java 21, since it's not present on debian

Bug#1057315: tiles: CVE-2023-49735

Am Sonntag, dem 03.12.2023 um 15:10 +0100 schrieb Moritz Muehlenhoff: > > But maybe we can set it as "no-dsa", is it only used as build > > dependency for libspring-java and not sensible outside? > > Spring is already marked as unsupported, so we can simply extend that. +1 This is sensible in

Bug#933264: gradle: Nearly 3-year-old version almost useless

Am Freitag, dem 01.12.2023 um 13:06 +0100 schrieb Matthias Geiger: > > Kotlin is now in debian, is there anything else blocking the update ? As a start I have built Gradle 4.6 from source with almost only system libraries but I hit a wall because there seems to be a bug in our Kotlin version or

Bug#1056754: marked as done (bouncycastle: CVE-2023-33202)

istribution: unstable > > Changed-By: Markus Koschany > >    * New upstream version 1.77. (Closes: #1049356) > > Hi Markus, > > Thank you for your efforts to get BC updated. > > >    * Remove backward-compatibility.patch. It is time to fix those issues >

Bug#1057171: libitext5-java: FTBFS with bouncycastle 1.77

Source: libitext5-java Version: 5.5.13.3-2 Severity: serious Tags: ftbfs sid User: a...@debian.org Usertags: bouncycastle-1.77 X-Debbugs-Cc: a...@debian.org Dear maintainer, libitext5-java fails to build from source with bouncycastle 1.77. The reason is the removal of long deprecated methods.

Bug#1057168: jdeb: FTBFS with bouncycastle 1.77

Source: jdeb Version: 1.9-1 Severity: serious Tags: ftbfs sid User: a...@debian.org Usertags: bouncycastle-1.77 X-Debbugs-Cc: a...@debian.org Dear maintainer, jdeb fails to build from source with bouncycastle 1.77. The reason is the removal of long deprecated methods. The (hopefully) relevant

Bug#1057167: libapache-poi-java: FTBFS with bouncycastle 1.77

Source: libapache-poi-java Version: 4.0.1-4 Severity: serious Tags: ftbfs sid User: a...@debian.org Usertags: bouncycastle-1.77 X-Debbugs-Cc: a...@debian.org Dear maintainer, libapache-poi-java fails to build from source with bouncycastle 1.77. The reason is the removal of long deprecated

Bug#1057166: pgpainless: FTBFS with bouncycastle 1.77

Source: pgpainless Version: 1.3.16-2 Severity: serious Tags: ftbfs sid User: a...@debian.org Usertags: bouncycastle-1.77 X-Debbugs-Cc: a...@debian.org Dear maintainer, pgpainless fails to build from source with bouncycastle 1.77. The reason is the removal of long deprecated methods. The

Bug#1057165: libitext-java: FTBFS with bouncycastle 1.77

Source: libitext-java Version: 2.1.7-14 Severity: serious Tags: ftbfs sid User: a...@debian.org Usertags: bouncycastle-1.77 X-Debbugs-Cc: a...@debian.org Dear maintainer, libitext-java fails to build from source with bouncycastle 1.77. The reason is the removal of long deprecated methods. The

Bug#1032164: bouncycastle: inconsistency in debian/rules?

Hi, On Tue, 28 Feb 2023 22:08:12 +0100 Thomas Uhle wrote: > Source: bouncycastle > Version: 1.72-1 > Severity: normal > > Dear maintainers, > > I wonder why in debian/rules the pom files were synchronized with the > ones from Maven having the suffix "-jdk18on" while for building the binary >

Bug#1019488: bouncycastle: incomplete information in the manifest files

This problem still exists in 1.77 (to be released soon). That sounds like a bnd problem. I can find a reference to a bnd.sh script but it is not included in the source distribution. There is also a add_module.sh script. If we can't find a way to automate this build step, we could use jh_manifest

Bug#1052589: Additional information

> > https://salsa.debian.org/java-team/apache-directory-server/-/merge_requests/1 > > The patch looks good to me.  Markus, do you have a preference for this > patch over updating to M27?  I haven't looked closely at the efforts to > update to M27 aside from the fact that our (other) patches will

Bug#1055348: jetty9: Update from DLA 3641 breaks puppetdb ("Exception in thread "main" java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.ecl

Control: reassign -1 trapperkeeper-webserver-jetty9-clojure Control: found -1 1.7.0-2+deb10u1 Control: close -1 1.7.0-2+deb10u2 I have just released DLA 3647-1. I believe this problem is fixed in version 1.7.0-2+deb10u2 of trapperkeeper-webserver-jetty9-clojure now. Regards, Markus

Bug#1055348: jetty9: Update from DLA 3641 breaks puppetdb ("Exception in thread "main" java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.ecl

Am Sonntag, dem 05.11.2023 um 20:35 + schrieb Adam D. Barratt: > [...] > After a bit of searching, I happened across a discussion of a similar > change in a different product that mentioned the > SslContextFactory$Server syntax, so gave that a try. The resulting > package is now installed on

Bug#1055348: jetty9: Update from DLA 3641 breaks puppetdb ("Exception in thread "main" java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.ecl

r upload. + * Replace deprecated class SslContextFactory with SslContextFactory.Server. + + -- Markus Koschany Sun, 05 Nov 2023 18:06:31 +0100 + trapperkeeper-webserver-jetty9-clojure (1.7.0-2+deb10u1) buster; urgency=medium [ Manfred Stock ] diff -Nru trapperkeeper-webserver-jetty9-clojure-1.7

Bug#1055348: jetty9: Update from DLA 3641 breaks puppetdb ("Exception in thread "main" java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.ecl

Hello, Am Samstag, dem 04.11.2023 um 17:03 + schrieb Adam D. Barratt: > Source: jetty9 > Version: 9.4.50-4+deb10u1 > Severity: serious > X-Debbugs-Cc: d...@debian.org > > Hi, > > Upgrading libjetty9-java and libjetty9-extra-java to the version from > DLA 3641-1 reliably causes PuppetDB to

Bug#1053820: fixed in tomcat9 9.0.43-2~deb11u8

Am Dienstag, dem 17.10.2023 um 08:00 +1100 schrieb Sam Lander: > Hi Emmanuel > Last night, I re-enabled HTTP2 with the new (9.0.43-2~deb11u8) build. > Unfortunately, it did not fix my problem. > I am going to rummage with tcpdump and a purpose-installed debian VM to > investigate further.  >

Bug#1053820: libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after upgrade 9.0.43-2~deb11u7 over u6

Hello and thanks for the report, I am currently looking into some test failures caused by the recent changes to Tomcat's HTTP2 stack. The following tests fail for Tomcat9 now. Your issue might be related. If we can find out more about the problem, we will address it in a future update as soon as

Bug#1040475: Broken symlinks cause Apache Directory Server to not work at all out-of-the-box

I believe the symlink problem is fixed in version 2.0.0~M26-2 but I'd like to test the apacheds server component more before I'm going to close this bug report. Markus signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team

Bug#1040226: tomcat10: deployment-time Java EE to Jakarta EE migration fails

Hi, Am Dienstag, dem 15.08.2023 um 14:52 +0200 schrieb J. Tóth Tamás: > Hi, > > > Please keep the bug report always in CC. > > I thought my 8 August mail contains no new information, so it makes no > sense to spam the BTS with it. But okay, next time (and this time) I’ll > use Reply All

Bug#1040226: tomcat10: deployment-time Java EE to Jakarta EE migration fails

Hello, Am Montag, dem 07.08.2023 um 20:22 +0200 schrieb J. Tóth Tamás: > Hi, > > Did you notice my reply sent on 4 July? Yes, I did. Please keep the bug report always in CC. > We’d like to gradually upgrade > to Bookworm, but I don’t want to make sysops’ lives more complicated by > giving

Bug#1040226: tomcat10: deployment-time Java EE to Jakarta EE migration fails

Am Montag, dem 03.07.2023 um 18:28 +0200 schrieb Tamás J.Tóth: > > > The web app doesn't load. The Tomcat log contains the following: > > WARNING [main] org.apache.catalina.startup.HostConfig.migrateLegacyApp > Migration failure > java.lang.NoClassDefFoundError:

Bug#1039974: tomcat10: tomcat user has wrong home "/var/lib/tomcat" directory in /etc/passwd

Control: tags -1 moreinfo > deploy .war in tomcat10 > got errors from tomcat10 in "journalctl -f" > >    * What exactly did you do that was effective ? > > change tomcat user home in /etc/passwd to /var/lib/tomcat10 > >    * What was the outcome of this action? > > Problem solved You most

Bug#1034824: tomcat9 should not be released with Bookworm

Am Freitag, dem 26.05.2023 um 21:44 +0200 schrieb Emmanuel Bourg: > > The changes to jetty9 have to be reverted too, the package is broken > (#1036798). > > Sadly we can't do without tomcat9. The path forward implies packaging > Jetty 11 or 12 first and migrating all the reverse dependencies,

Bug#1034824: tomcat9 should not be released with Bookworm

Hi, > Markus, can you please revert you logback change by tomorrow at the latest? Sure. I will take care if it. Do I understand you correctly, that we only ship libtomcat9-java in Bookworm now? Shall I upload a new revision of tomcat9 too? Regards, Markus signature.asc Description: This is

Bug#1034824: tomcat9 should not be released with Bookworm

First of all trapperkeeper-webserver-jetty9-clojure should add a build- dependency on logback to detect such regressions in advance. #1036250 is mainly a logback problem, not a tomcat problem. I still would like to hear Emmanuel's opinion. We still could revert to libtomcat9-java, if we don't

Bug#1036212: visualvm: Version 2.1.5 doesn't work with Java 17

Am Mittwoch, dem 17.05.2023 um 12:24 +0200 schrieb david: > Package: visualvm > Version: Version 2.1.5 doesn't work with Java 17 > Severity: normal > > Dear Maintainer, > > I have installed visualvm with Java 17 configured. The app doesn't work in > its > installed version. Trying 2.1.6,

Bug#1034824: tomcat9 should not be released with Bookworm

Hi Salvatore, adding Timo Aaltonen, maintainer of dogtag-pki and tomcatjss, to CC Am Samstag, dem 13.05.2023 um 20:50 +0200 schrieb Salvatore Bonaccorso: > Hi Markus, > > On Sat, May 13, 2023 at 06:27:49PM +0200, Markus Koschany wrote: > > I have just pushed the necessary cha

Bug#1034824: tomcat9 should not be released with Bookworm

I have just pushed the necessary changes to our Git repository. https://salsa.debian.org/java-team/tomcat9/-/commit/adbd0b0711de66b67278b10e258c47c805e9b993 signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team

Bug#1034824: tomcat9 should not be released with Bookworm

Hello Paul, Am Donnerstag, dem 11.05.2023 um 21:44 +0200 schrieb Paul Gevers: > Hi Markus, > > On Tue, 25 Apr 2023 16:04:09 +0200 Markus Koschany wrote: > > We can only support one major Tomcat version per release. Tomcat9 has > > been part of Buster and Bullseye alre

Bug#1034824: tomcat9 should not be released with Bookworm

Source: tomcat9 Version: 9.0.70-1 Severity: serious X-Debbugs-Cc: a...@debian.org We can only support one major Tomcat version per release. Tomcat9 has been part of Buster and Bullseye already and is superseded by Tomcat 10 in Bookworm. I wanted to wait with the removal request until the issues

Bug#1031055: apache-curator: FTBFS randomly (org.opentest4j.AssertionFailedError: expected: <1> but was: <0>)

I can reproduce the FTBFS here on my system. Apparently some of the tests are not 100 % reliable and reproducible. For now I will just disable them. Markus signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team

Bug#1033366: resteasy3.0: should migrate to tomcat10

Am Freitag, dem 21.04.2023 um 14:50 +0200 schrieb Andreas Tille: > > Ahhh, right, the repository went over to source package resteasy.  So > well, the CI log is not helpful for this bug log.  What I rather want to > know is how to proceed with this bug since some Debian Med package > received a

Bug#1033366: resteasy3.0: should migrate to tomcat10

Am Freitag, dem 21.04.2023 um 12:23 +0200 schrieb Andreas Tille: > Hi, > > I tried to rebuild this package which does not work as you can > see in Salsa CI: > >     https://salsa.debian.org/java-team/resteasy/-/jobs/4105287 > > Unfortunately I have no idea how to fix this. Hi Andreas, it

Bug#1034492: libtcnative-1: Tomcat warning suggesting a minimum version of 2.0.1 for tcnative

Hello, Am Sonntag, dem 16.04.2023 um 16:15 -0400 schrieb Jorge Moraleda: > Package: libtcnative-1 > Version: 1.2.35-1 > Severity: normal > X-Debbugs-Cc: jorge.moral...@gmail.com > > Dear Maintainer, > > When running tomcat 10 (installed from default bookworm repo) it warns that > "An > older

Bug#977027: rhino breaks dojo autopkgtest: Cannot set property "dojo" of null to "[object Object]"

Hello, Am Donnerstag, dem 06.04.2023 um 12:54 +0200 schrieb Paul Gevers: > Hi, > > On Sun, 26 Mar 2023 16:26:00 +0200 Markus Koschany wrote: > > 1. There is no transition needed because only shrinksafe is affected by the > > new > > rhino version. > > I'm won

Bug#977027: rhino breaks dojo autopkgtest: Cannot set property "dojo" of null to "[object Object]"

Hi Graham, Am Sonntag, dem 26.03.2023 um 19:28 +0200 schrieb Graham Inggs: > Hi Markus > > On Sun, 26 Mar 2023 at 16:34, Markus Koschany wrote: > > 1. There is no transition needed because only shrinksafe is affected by the > > new > > rhino version. > How

Bug#977027: rhino breaks dojo autopkgtest: Cannot set property "dojo" of null to "[object Object]"

Hello, On Sun, 26 Mar 2023 09:41:48 +0200 Graham Inggs wrote: [...] > To both the rhino and dojo maintainers, please investigate so we can > have this resolved for bookworm. Here are my investigations: 1. There is no transition needed because only shrinksafe is affected by the new rhino

Bug#1033366: resteasy3.0: should migrate to tomcat10

Source: resteasy3.0 Version: 3.0.26-5 Severity: serious Tags: help X-Debbugs-Cc: a...@debian.org Hello, currently resteasy3.0 depends on libtomcat9-java but should rather depend on libtomcat10-java. The reasoning for this is the fact that we can only support one tomcat package per release for

Bug#1026639: fixed in rhino 1.7.14-1

Hi, Am Donnerstag, dem 23.03.2023 um 15:08 +0100 schrieb Paul Gevers: > Hi, > > On Mon, 13 Feb 2023 14:42:17 + Debian FTP Masters > wrote: > >    * New upstream version 1.7.14. > > - Fix FTBFS with OpenJDK 17. (Closes: #1026639) > > Is it possible to get a targeted fix? This new

Bug#1022760: openrefine: localhost:3333 returns HTTP ERROR 404 Not Found

Control: reopen -1 Control: severity -1 serious Hello Robert, Am Donnerstag, dem 23.03.2023 um 10:41 +0100 schrieb Robert Jäschke: > Dear Markus, > > I found the problem: the package misses a dependency to libjoda-time-java. thank you for debugging this problem. I will prepare an update for

Bug#1022760: openrefine: localhost:3333 returns HTTP ERROR 404 Not Found

Hi Robert, > > Sorry, I forgot to add this: > >  > dpkg -l | grep rhino > ii  librhino-java   1.7.14-2 > ii  rhino   1.7.14-2 > > I've upgraded (lib)rhino after reading the bug report but this did not help. > > Is there a way to debug Openrefine? I tried both -v debug and -v trace >

Bug#1022760: openrefine: localhost:3333 returns HTTP ERROR 404 Not Found

Am Freitag, dem 17.03.2023 um 12:38 +0100 schrieb Robert Jäschke: > Package: openrefine > Version: 3.6.2-1 > Followup-For: Bug #1022760 > X-Debbugs-Cc: jaesc...@l3s.de > > Dear Maintainer, > > I experience the exact same problem with the latest version, that is, > starting openrefine and opening

Bug#977027: rhino breaks dojo autopkgtest: Cannot set property "dojo" of null to "[object Object]"

Control: reassign -1 shrinksafe Control: severity -1 serious Hi, I uploaded a new version of rhino a while ago and it seems this bug is still relevant. I have rebuilt dojo with rhino 1.7.14 and all shrinksafe tests pass. However the same tests fail with autopkgtest and block the migration of

Bug#1031840: geogebra: FTBFS with librhino-java

Package: geogebra Version: 4.0.34.0+dfsg1-9 Severity: important X-Debbugs-Cc: a...@debian.org Hi, the Debian Java team currently "fixes" a FTBFS in geogebra by applying this patch in src:rhino.

Bug#991408: Netbeans: source code problem

Am Montag, dem 20.02.2023 um 12:41 -0300 schrieb Leandro Cunha: > Hi Markus, > > I have no interest in keeping Netbeans on Debian, but when I mention > consistency (according to the dictionary: state or quality of what is > coherent), it would be consistent with the reality that would be >

Bug#991408: Netbeans: source code problem

Am Sonntag, dem 19.02.2023 um 03:34 -0300 schrieb Leandro Cunha: > Hi, > > For some consistency please request the removal of this package > including unstable. It makes no sense to have the name of an IDE and > install a Java LayoutManager to allow placement in absolute positions. > I even agree

Bug#1022760: openrefine: localhost:3333 returns HTTP ERROR 404 Not Found

On Tue, 25 Oct 2022 10:44:19 + Francesco Frassinelli wrote: > Package: openrefine > Version: 3.6.1-1 > Severity: important > X-Debbugs-Cc: francesco.frassine...@nina.no > > Dear Maintainer, > > I started openrefine and try to connect to it using the web brower (http://localhost:), but I

Bug#1026639: rhino FTBFS

I believe I have corrected all regressions except of one in closure-compiler which I will fix later today (renamed class). It turned out that I had to update the Manifest file and include another META-INF file, javax.script.ScriptEngineFactory, to solve some FTBFS in reverse-dependencies. This is

Bug#1026639: rhino FTBFS

Am Montag, dem 13.02.2023 um 11:04 +0100 schrieb Markus Koschany: > preserve-backward-compatibility.patch To answer my own question. Yes, this is still needed otherwise closure-compiler starts to FTBFS signature.asc Description: This is a digitally signed message p

Bug#1026639: rhino FTBFS

Am Montag, dem 13.02.2023 um 12:14 +0200 schrieb Adrian Bunk: > On Mon, Feb 13, 2023 at 11:04:38AM +0100, Markus Koschany wrote: > > ... > > I don't really like to use gradle for a key package. > > ... > > FTR, gradle is already a key package: > libxi -> asciid

Bug#1026639: rhino FTBFS

Am Montag, dem 13.02.2023 um 09:33 +0100 schrieb Emmanuel Bourg: > I don't think this should be assigned to rhino. ckeditor should > open the internal packages it touches. I'm currently working on rhino. I have packaged 1.7.14 now. I haven't looked into ckeditor yet but it seems we have to

Bug#1026639: rhino FTBFS

Control: owner -1 ! signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for discussions and

Bug#1030869: tomcat10: Catalina won't deploy applications missing class jakarta.websocket.DeploymentException

Control: tags -1 pending On Wed, 08 Feb 2023 11:38:25 -0500 Jorge Moraleda wrote: > Package: tomcat10 > Version: 10.1.5-1 > Severity: grave > Justification: renders package unusable > X-Debbugs-Cc: jorge.moral...@gmail.com > > Dear Maintainer, > > Catalina is unable to deploy any applications

Bug#1016131: libapache2-mod-jk: Apache does not start after upgrade (JkWorkersFile only allowed once)

Hello, On Wed, 27 Jul 2022 20:36:06 +0200 Thorsten Glaser wrote: > Package: libapache2-mod-jk > Version: 1:1.2.48-1 > Severity: critical > Justification: breaks unrelated software > X-Debbugs-Cc: t...@mirbsd.de > > After upgrading from buster to bullseye, apache2 does not start any more > if

Bug#1030046: Document snakeyaml security expectations

Hi, Am Montag, dem 30.01.2023 um 18:44 +0100 schrieb Moritz Muehlenhoff: > > Could we please add a README.Debian.security with something like the > following > to make this also visible to users? > > > Note that snakeyaml isn't designed to operate on YAML data coming from > untrusted >

Bug#1026766: sweethome3d: Crashes with "Assertion `!xcb_xlib_threads_sequence_lost' failed"

Hello, Am Freitag, dem 27.01.2023 um 08:29 +0100 schrieb Lluís Gras: > Hi, > > It seems somehow related to VGA in use. > > Same setup (cloned boxes) works with  > > 00:02.0 VGA compatible controller [0300]: Intel Corporation GeminiLake [UHD > Graphics 600] [8086:3185] (rev 06) >  DeviceName:

Bug#1026695: undertow: FTBFS: make: *** [debian/rules:4: build] Error 25

This is some kind of incompatibility with jboss-classfilewriter 1.3.0. I will look into it after the release of Debian 12. Undertow should not be part of a stable release as long as there is no real demand for another Java web server anyway. signature.asc Description: This is a digitally signed

Bug#1027687: netty: please package 4.1.86 or later

Source: netty Version: 1:4.1.48-5 Severity: wishlist I have uploaded my preliminary packaging work to experimental in Git but could not finish it yet. __ This is the maintainer address of Debian's Java team . Please

Bug#1025910: libcommons-net-java: CVE-2021-37533

Hello tony, Am Dienstag, dem 27.12.2022 um 08:40 -0800 schrieb tony mancill: > On Sun, Dec 11, 2022 at 09:02:16PM +0100, Salvatore Bonaccorso wrote: > > Source: libcommons-net-java > > Version: 3.6-1 > > Severity: important > > Tags: security upstream > > Forwarded:

Bug#1021935: syncany: FTBFS: Could not resolve javax.servlet:javax.servlet-api:4.0.1.

Hi tony, Am Montag, dem 17.10.2022 um 20:09 -0700 schrieb tony mancill: > > For any syncany users out there, is there any reason to continue to > upload to experimental?  Is there anything preventing an upload to > unstable? Unfortunately the development of syncany has been discontinued a few

Bug#1015860: libxalan2-java: CVE-2022-34169

Control: reassign -1 src:bcel Control: tags -1 pending I have notified oss-security about the find. Reassigning to bcel. signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team

Bug#1015860: libxalan2-java: CVE-2022-34169

Hi, I just had a go at this issue and I discovered that libxalan2-java in Debian is not affected but rather bcel. https://tracker.debian.org/pkg/bcel The fixing commit in OpenJDK addresses the same code which is nowhere to be found in libxalan2-java but is present in bcel. The bcel upstream

Bug#1013959: Upgrade package to latest upstream version

> Dear maintainer, > > Please upgrade mockito to the latest version, 4.6.1. Hello, The latest 4.x series introduces many breaking changes and not all reverse- dependencies are ready for that. As long as projects continue to use 2.x it would require some effort from our side to port them to

Bug#1012214: gradle: FTBFS with jansi 2

Control: retitle -1 gradle: FTBFS with jansi 2 Let me try to fix this signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team . Please use

Bug#1012214: gradle: unknown option --add-opens breaks OpenJDK 11 packages

Am Samstag, dem 20.08.2022 um 16:35 + schrieb Thorsten Glaser: > Markus Koschany dixit: > > > The newly added --add-opens option is only valid for OpenJDK 17. I > > understand that we switch to it for Debian 12 but it currently breaks > > all packages that are bui

Bug#1013565: libitext5-java: FTBFS: dh_auto_test: error:

Same here. Looks related to maven-resource-plugins / maven-filtering and #1013582 and #1013586 signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team

Bug#1013586: Bug#1013595: plexus-io: FTBFS: Failed to execute goal org.apache.maven.plugins:maven-resources-plugin:3.1.0:testResources

I believe this is related to a bug in maven-filtering or maven-resources- plugin. According to https://issues.apache.org/jira/browse/MRESOURCES-237 the behavior how symlinks are handled has changed between version 2.7 and 3.0.x of maven-resources-plugin. This is apparently fixed in

Bug#1013582: libapache-jena-java: Jena shell utilities are missing

> I would also call the binary package > apache-jena-bin and omit the lib prefix because this one is reserved for > libraries only. On second thought, maybe we can just ship the shell scripts with libapache- jena-java. It is an arch:all package anyway and space is not an issue here.

Bug#1013582: libapache-jena-java: Jena shell utilities are missing

Control: severity -1 wishlist Am Freitag, dem 24.06.2022 um 13:17 +0200 schrieb David Haller: > Package: libapache-jena-java > Version: 3.17.0-3 > Severity: normal > X-Debbugs-Cc: david.hal...@fau.de > > Hello there, > > the package includes the Java libraries of Jena only, but not their

Bug#1013355: groovy: FTBFS with jansi 2.4.0-1

Forgot to CC the bug report Am Mittwoch, dem 22.06.2022 um 18:14 +0200 schrieb Emmanuel Bourg: > Le 2022-06-22 17:54, Markus Koschany a écrit : > > > groovy FTBFS with jansi 2.4.0. I intend to either prepare a patch or > > upgrade to a newer upstream release in the future

Bug#1013355: groovy: FTBFS with jansi 2.4.0-1

Package: groovy Version: 2.4.21-1 Severity: serious X-Debbugs-Cc: a...@debian.org groovy FTBFS with jansi 2.4.0. I intend to either prepare a patch or upgrade to a newer upstream release in the future. Markus __ This is the maintainer address of Debian's Java team

Bug#1012215: gradle-debian-helper: unknown option --add-opens breaks OpenJDK 11 packages

Am Mittwoch, dem 01.06.2022 um 17:36 +0200 schrieb Emmanuel Bourg: > gradle-debian-helper/2.2 already checks if the JDK supports modules before > adding the --add-opens options, but it checks the default JDK and not the one > specified by JAVA_HOME, that's why it fails when OpenJDK 8 is used. ok,

Bug#1012215: gradle-debian-helper: unknown option --add-opens breaks OpenJDK 11 packages

Am Mittwoch, dem 01.06.2022 um 15:03 +0200 schrieb Emmanuel Bourg: > The --add-opens option was introduced in Java 9, so this shouldn't cause an > issue with Java 11. What error did you get? The compiler complains about "unknown option --add-opens" when I try to rebuild kotlin in unstable.

Bug#1012215: gradle-debian-helper: unknown option --add-opens breaks OpenJDK 11 packages

Package: gradle-debian-helper Version: 2.2 Severity: serious X-Debbugs-Cc: a...@debian.org Hi, The newly added --add-opens option is only valid for OpenJDK 17. I understand that we switch to it for Debian 12 but it currently breaks all packages that are built with OpenJDK 11. I am currently in

Bug#1012214: gradle: unknown option --add-opens breaks OpenJDK 11 packages

Package: gradle Version: 4.4.1-14 Severity: serious X-Debbugs-Cc: a...@debian.org Hi, The newly added --add-opens option is only valid for OpenJDK 17. I understand that we switch to it for Debian 12 but it currently breaks all packages that are built with OpenJDK 11. I am currently in the

Bug#1011492: tika: FTBFS cannot find symbols

Source: tika Version: 1.22-2 Severity: serious X-Debbugs-Cc: a...@debian.org I just stumbled upon this FTBFS while rebuilding some packages for a new jsoup release. There are some missing symbols but it is not related to jsoup. I am just filing this bug report for further investigation later.

Bug#1010657: google-oauth-client-java: CVE-2021-22573 - IdTokenVerifier does not verify the signature of ID Token

Hi tony, Am Sonntag, dem 15.05.2022 um 11:17 -0700 schrieb tony mancill: > [...] > Any thoughts?  It's a tad messy either way, but using current versions > simplifies the porting of patches. I haven't investigated the CVE closely enough but the current reverse- dependencies in Bullseye don't

Bug#1010558: jetty9: FTBFS An API incompatibility was encountered while executing org.apache.maven.plugins:maven-assembly-plugin

Package: jetty9 Version: 9.4.46-1 Severity: serious X-Debbugs-Cc: a...@debian.org Hi, I have just discovered that jetty9 fails to build from source. An API incompatibility was encountered while executing org.apache.maven.plugins:maven-assembly-plugin Probably some recently upgraded

Bug#1008668: bug #1008668: tomcat9: logrotated is not able to truncate catalina.out

Am Donnerstag, dem 14.04.2022 um 16:23 +0530 schrieb Utkarsh Gupta: > Hi Emmanuel, > > We have bug #1008668 that's causing problems on the Ubuntu side and is > also reproducible via the Debian package (essentially, it's the same > in both places). Hi Utkarsh, I have been trying to reproduce

Bug#1007923: maven-*-helper JAR placement seems to contradict Java policy

Am Montag, dem 28.03.2022 um 21:06 -0700 schrieb tony mancill: > [...] > I am interested to hear other opinions from the Debian Java Team. I have no objections with implementing this change and I agree that a versionless symlink is preferable for consistency reasons. The current behavior doesn't

Bug#1006647: libeclipse-jdt-core-java 4.21 breaks Java 8 compatibility for Tomcat

Hi, Am Mittwoch, dem 02.03.2022 um 16:43 +0200 schrieb Per Lundberg: [...] > (Speaking about tomcat10, I noted the package in experimental is really > old - doesn't seem to have been updated for a few years. Do you know if > anyone is working on updating the package to e.g. Tomcat 10.0.17 or

Bug#1006647: libeclipse-jdt-core-java 4.21 breaks Java 8 compatibility for Tomcat

Hello Per, Am Mittwoch, dem 02.03.2022 um 12:54 +0200 schrieb Per Lundberg: > reassign 1006647 tomcat9 > thanks > > This might better belong to this package, since the problem is that > tomcat9-common depends on default-jre-headless | java8-runtime-headless > > java8-runtime, while in reality

Bug#1006140: New version can't load old databases

Hi Jochen, Am Donnerstag, dem 24.02.2022 um 11:26 +0100 schrieb Jochen Sprickerhof: > > > - Keep the current (old) version of h2 in Debian till jameica is >    updated, given that jameica is the only user. > > - Upload the old version of h2 as jameica-h2database and move the jar to >   

Bug#1006140: New version can't load old databases

Am Samstag, dem 19.02.2022 um 23:13 +0100 schrieb Jochen Sprickerhof: > * Markus Koschany [2022-02-19 22:38]: > > Ok. Did you file an upstream bug report already? > > I did not yet. Upstream bundles the old binary version so I don't think > I can convince them to do a quick

Bug#1006140: New version can't load old databases

Hi Jochen, Am Samstag, dem 19.02.2022 um 21:21 +0100 schrieb Jochen Sprickerhof: > Hi Markus, > > thanks for your quick reply. > > * Markus Koschany [2022-02-19 21:01]: > > That means only hibiscus/jameica require our attention. I would try to > > remove > >

Bug#1003894: fixed in h2database 2.1.210-1

Control: fixed -1 1.4.197-4+deb10u1 Control: fixed -1 1.4.197-4+deb11u1 signature.asc Description: This is a digitally signed message part __ This is the maintainer address of Debian's Java team . Please use

Bug#1006140: New version can't load old databases

Hi, Am Samstag, dem 19.02.2022 um 18:52 +0100 schrieb Jochen Sprickerhof: > Package: libh2-java > Version: 2.1.210-1 > Severity: important > X-Debbugs-Cc: jspri...@debian.org, Markus Koschany > Control: -1 affects mediathekview jameica hibiscus > > Hi, > > the new

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Hi, Am Donnerstag, dem 10.02.2022 um 17:22 +0100 schrieb Christoph Anton Mitterer: > Hey. > > Is that going to be fixed in stable, too? > > Cheers, > Chris. Yes, these issues will be fixed with a stable point update. Regards, Markus signature.asc Description: This is a digitally signed

Bug#1004284: tomcat9: postinst creates wrong userhome via systemd-sysusers

Control: tags -1 moreinfo Hello, > Dear Maintainer, > > Debian creates in the postinst script via systemd-sysusers > a system user named tomcat whose home directory is /var/lib/tomcat. > This directory does not exist, but /var/lib/tomcat9 The idea was to create a general tomcat system user

Re: apache-jena_3.17.0-1_amd64.changes REJECTED

Hi Thorsten, Am Sonntag, dem 06.02.2022 um 19:28 +0100 schrieb Thorsten Alteholz: > Hi Markus, > > On 06.01.22 22:23, Markus Koschany wrote: > > > > thanks for reviewing apache-jena, much appreciated. If you have more time > > on > > your hands I would also appr

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Am Sonntag, dem 30.01.2022 um 16:49 -0800 schrieb tony mancill: > On Mon, Jan 31, 2022 at 01:18:49AM +0100, Emmanuel Bourg wrote: > > Le 31/01/2022 à 00:47, Markus Koschany a écrit : > > > > > Thanks tony! I'm currently rebuilding all reverse-dependencies of > > >

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Am Sonntag, dem 30.01.2022 um 15:20 -0800 schrieb tony mancill: > > Hi Markus, > > You might take some inspiration and/or patches from the reload4j > project. > >   https://reload4j.qos.ch/  > > I have been using it as drop-in replacement for the log4j 1.2.x jar for > applications at

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Control: owner -1 ! On Fri, 28 Jan 2022 17:04:08 +0100 Christoph Anton Mitterer wrote: > Package: liblog4j1.2-java > Version: 1.2.17-10 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: Debian Security Team > > Hey. > > A number of holes was found

Re: libmarc4j-java_2.9.1-1_amd64.changes REJECTED

Am Samstag, dem 15.01.2022 um 19:00 + schrieb Thorsten Alteholz: > > Please ping me again after the next upload. Hello Thorsten, thanks for your diligent work. I have added Bas Peters to debian/copyright and uploaded libmarc4j-java to NEW again. Regards, Markus signature.asc

Re: libodfdom-java_0.9.0~RC2-1_amd64.changes REJECTED

Am Freitag, dem 07.01.2022 um 01:00 + schrieb Thorsten Alteholz: > > Hi Markus, > > I am bit stuck. LICENSE contains some remarks that third party stuff is added > to this package. > > I can find text that was taken from the ODF spec (in [1]), so this copyright > information is missing in

Re: apache-jena_3.17.0-1_amd64.changes REJECTED

Hi Thorsten, Am Donnerstag, dem 06.01.2022 um 19:00 + schrieb Thorsten Alteholz: > > Hi Markus, > > our hardworking trainees left a note at your package: thanks for reviewing apache-jena, much appreciated. If you have more time on your hands I would also appreciate a review of

Bug#970721: xom: new releases available

Am Dienstag, dem 04.01.2022 um 16:45 +0200 schrieb Andrius Merkys: > Hello, > > I have packaged successfully packaged xom v1.3.7 locally and launched > ratt to test-rebuild the reverse dependencies. 81 of 137 of them are > done at the moment, all of the failures happened in already RC-buggy >

Bug#1001891: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion

Control: owner -1 ! Am Samstag, dem 18.12.2021 um 14:37 +0100 schrieb Salvatore Bonaccorso: > Source: apache-log4j2 > Version: 2.16.0-1 > Severity: grave > Tags: security upstream > Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230 > X-Debbugs-Cc: car...@debian.org, Debian Security

  1   2   3   4   >