Your message dated Mon, 18 Jan 2021 13:18:27 +0000
with message-id <[email protected]>
and subject line Bug#800973: fixed in ivy 2.5.0-1
has caused the Debian Bug report #800973,
regarding ivy: depends on obsolete libcommons-httpclient-java library
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
800973: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800973
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ivy
Severity: normal
User: [email protected]
Usertags: oldlibs libcommons-httpclient-java
Hi,
ivy depends on libcommons-httpclient-java, which is obsolete and was
replaced by libhttpclient-java. It has reached EOL status in 2011! It is no
longer supported upstream [1] and was affected by multiple security issues in
the recent past. ivy should be ported to the new libhttpclient-java
version, so that we can remove the old, unmaintained one. Please forward this
issue upstream, if you can't migrate the package yourself.
We would like to see libcommons-httpclient-java removed during the Stretch
release cycle but due to the large number of reverse-dependencies the outcome
depends more than ever on your help.
Please help us to accomplish this goal. We will bump this issue to important
when the list of rdeps is getting smaller and we think that the removal is
possible. We will eventually raise the severity to serious when the number
of rdeps is small.
If you have any questions don't hesitate to ask and contact us on
[email protected]
Regards,
Markus
[1] https://hc.apache.org/httpclient-3.x/
[2]
https://security-tracker.debian.org/tracker/source-package/commons-httpclient
--- End Message ---
--- Begin Message ---
Source: ivy
Source-Version: 2.5.0-1
Done: Emmanuel Bourg <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ivy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <[email protected]> (supplier of updated ivy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Jan 2021 13:51:46 +0100
Source: ivy
Architecture: source
Version: 2.5.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Emmanuel Bourg <[email protected]>
Closes: 800973
Changes:
ivy (2.5.0-1) unstable; urgency=medium
.
* New upstream release
- Removed the patches
- Depend on libhttpclient-java instead of libcommons-httpclient-java
(Closes: #800973)
- Set the source/target level to Java 7
- Updated the Maven pom
* Standards-Version updated to 4.5.1
* Switch to debhelper level 13
* Removed debian/orig-tar.sh
Checksums-Sha1:
acd0f80a5540bb25032b0d8c173abee4456508ab 2302 ivy_2.5.0-1.dsc
dc76369c03ca8034fd7751429601fcd621528f04 412564 ivy_2.5.0.orig.tar.xz
fd65e104cf71da1768cd4b5b63b48ea995f2a3a9 5776 ivy_2.5.0-1.debian.tar.xz
1071cf60a8dd475f1d9cffe8b907805b7cc1573c 10569 ivy_2.5.0-1_source.buildinfo
Checksums-Sha256:
8409b13303e129c07a4edfe8627011db64c5318d41f8e61fb0a8f1ccd52e41e5 2302
ivy_2.5.0-1.dsc
eb35144cc9de8f9ecf548a53f53407a6e97b34db84a7def3bf9c710ae5e5ab14 412564
ivy_2.5.0.orig.tar.xz
fb1ca1a9e6841265a2d3b663b106bc5bc6e8eb2ddea9d8e2d2d76b6493fbec19 5776
ivy_2.5.0-1.debian.tar.xz
363ed3df2fba2ce1cf47a80cf59968dd60095d4e3ecc908d212044ce021c3400 10569
ivy_2.5.0-1_source.buildinfo
Files:
6c6e5f741ae81708d2050f913eb1e9f6 2302 java optional ivy_2.5.0-1.dsc
3360830e08ed9fc262ae47757ce0aaf5 412564 java optional ivy_2.5.0.orig.tar.xz
4b5a2fc67a77c87991366f3b299995b3 5776 java optional ivy_2.5.0-1.debian.tar.xz
2cd8f4f9139b27b1b7fe3cbcd0aefa4f 10569 java optional
ivy_2.5.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAmAFhR8SHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCs8cEP/2MQ2+eGsS1+nysXuxiw38xJneZ1kdIH
wGLExOy/g6m36boPMHE9ebTUmpw6t8UOwzwc5Y3kobgc0BWH7/7wLZ0MBtFF4VE9
S8oOBHS3HeDexJYtpOcbG/3KAm2XFETsAmsgnh39KzPMEl6uRbRdvv/fbJo8uhgJ
WZrQCmx+RPU/aW0hmsHWJiptRr6GTdZ9bdNquLexasHgPrRolld0oVAXmTFeb1qI
vu/LAHEXjHtcTJv6zqqSnYKqSrBrh4PO8c94LN1UnejTYTBCUaFFU00s/M3JwY3N
2+6TqX2guwObfRzmIFZWZTMhq9j2HUz8eE/JaAbes+UI93CaUsAFQ4Uwvc6nDlTT
2bPCHxcEkglVG0Mr44G4O6BTBI69QzEG5lYUl+KfjRZ5FvGHWJdUnflApkQw1IJD
Xi5YS22ZLtpjvBmpB/XKQlV97cnpBozsDVZ7Xx5qn7/QZshtd+yOLdlSZZemnmf2
+OekYNpSuPWE5juEqyDi18cuM6zGJ++6ULn6SrODK7JQN5sZN7bm1wl/6sqwh6kD
vWZ9uJYHeLI4V8Wwh3mWaMmZSdZSlQYxX4nJOdVtn/0EaTdHfa0QGPKyM0W4ZAgu
hoJO47D6JdSKOeK5GoEFnZdAzK496Jm/4OOr8ZPv5L4FLmtDPB2e+7sOh44Te9x+
blV1BsBhZK3j
=K3C2
-----END PGP SIGNATURE-----
--- End Message ---
