Your message dated Sun, 12 Jun 2016 19:19:17 +0000
with message-id <[email protected]>
and subject line Bug#797296: fixed in shiro 1.2.5-1
has caused the Debian Bug report #797296,
regarding shiro: please make the build reproducible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
797296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797296
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: shiro
Version: 1.2.4-1
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: username
X-Debbugs-Cc: [email protected]
Hi,
While working on the "reproducible builds" effort [1], we have noticed
that shiro could not be built reproducibly.
The attached patch removes username capturing from the build system by
replacing it with "debian" which is probably more useful from upstream's
PoV, especially as the build date (which *is* reproducible due to [2])
is
not the current date.
Once applied, shiro can be built reproducibly in our reproducible
toolchain.
[1]: https://wiki.debian.org/ReproducibleBuilds
[2]:
http://sources.debian.net/src/maven2-core/2.2.1-22/debian/patches/0006-reproducible-built-timestamp.patch/?hl=1#L1
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
diff --git a/pom.xml b/pom.xml
index 6ed97d5..9fbbcb5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,7 +65,7 @@
<properties>
<!-- Replaced by the build number plugin at build time: -->
- <buildNumber>${user.name}-${maven.build.timestamp}</buildNumber>
+ <buildNumber>debian-${maven.build.timestamp}</buildNumber>
<!-- non-dependency-based properties: -->
<shiro.osgi.importRange>[1.2, 2)</shiro.osgi.importRange>
--- End Message ---
--- Begin Message ---
Source: shiro
Source-Version: 1.2.5-1
We believe that the bug you reported is fixed in the latest version of
shiro, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
tony mancill <[email protected]> (supplier of updated shiro package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Jun 2016 11:57:59 -0700
Source: shiro
Binary: libshiro-java
Architecture: source all
Version: 1.2.5-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: tony mancill <[email protected]>
Description:
libshiro-java - Apache Shiro - Java Security Framework
Closes: 797296 826653
Changes:
shiro (1.2.5-1) unstable; urgency=high
.
* Team upload.
* New upstream release.
Fixes CVE-2016-4437 (Closes: #826653)
* Bump Standards-Version to 3.9.8 (no changes).
* Include reproducible build patch.
Thank you to Chris Lamb. (Closes: #797296)
Checksums-Sha1:
73795ee606e4406ce9004ec7209b3480da741d13 2228 shiro_1.2.5-1.dsc
e46f46adefd5a6c8e1b3bbd5dc9a00957a4510cf 416288 shiro_1.2.5.orig.tar.xz
e610719085d54282a319ec78ed9949bc6edc43e4 4544 shiro_1.2.5-1.debian.tar.xz
df36b099ca355be7c5ad2a1d78317e65565372cf 533630 libshiro-java_1.2.5-1_all.deb
Checksums-Sha256:
bb696800b6bbeb4301865b8c23776488c6b35c1d2eca09640803e003906d5129 2228
shiro_1.2.5-1.dsc
c4b50f9c1db3f272e8e665f14d641a5cf8a337bae03da5351e66f8e94255b28c 416288
shiro_1.2.5.orig.tar.xz
f8bd9d3c26db1f3015d9ba51a70c956da03fc40a62fbef75f61865bfd0497e3b 4544
shiro_1.2.5-1.debian.tar.xz
29162bd8d464c79e3e77e3ecc277591301db9f802e39afa3ed9d80864e1a48c0 533630
libshiro-java_1.2.5-1_all.deb
Files:
057c73e7f918562edb8ba46494d42115 2228 java optional shiro_1.2.5-1.dsc
5bcf23c4a79e9d7fddfb98893bd1adc1 416288 java optional shiro_1.2.5.orig.tar.xz
8bf8a6e15fbe997dac68cc0cef1b0010 4544 java optional shiro_1.2.5-1.debian.tar.xz
a672a61287834ec4417c74568c8668a0 533630 java optional
libshiro-java_1.2.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXXbF2AAoJECHSBYmXSz6WAQ4P/i+juE4kZz8i+2ItCKaQoImh
yrBK1bVlHGuQMAnMczW90jrAQExPXWVcaBAWGZIQjO/gDdIiioaSaHL01GcoiqXB
66bTf01l/wcpT4G8Cs5/XEcbprf2dpwtUnChdV6rhvMM6RkyG9KHAaYn9Qo+PohW
C8gQvk0WHJ5B2H1QSmENMHwPnWk4j+XDEb3WfjEGVYnKOtC0Y+XSu74PityYzk3f
6G0nuhX5W+zeg17kMPFvbbPFxg8PexVUmdSwVQFoo6zDoMg9i/7RUqjwAy+L/56p
6XlbSO5dNzoNTbPg+fNtwRHoEmrov+8OZpRGMoZS5BYgj+VwJnTkDvwGvNek8k8W
TKYTKkrJ6BTreGj2k3PkP8ZPJUhK0pKRcXV7j505V7QZI75Z41fhjYEb9/ONyS/2
caWD4CLLU/dG754zLuKh2cFS4NhNHdf1grIlM/7+DasM8jYu3yqIWX+JpgOdmmh0
K3XFK50CgPO0hoFJtFSp+iNWfuDRwvXz43zXrQHz2/i/4cEpdhVL9WnQJBdJS7Js
oyY52pBtu6jzTzXJCGM33VVqBr4v5idV8VnYlBy9y3Q3kgwwBQ6iLvKLZzco9qAm
N4xKqA3tpdQ6MBvz65i8ZuwChhIMv1bHSaMVKz89kDxobSFlZFUIDEuU7wBPTN7b
R/ivPXzOe2Bl5z6/F4wr
=MGMp
-----END PGP SIGNATURE-----
--- End Message ---
