spam related white list
Hi, I've added these senders to the white list for pkg-java-maintainers und pkg-java-commits to ease the moderater's job: ^.+@alioth.debian.org ^.+@debian.org ^.+@canonical.com ^.+@kubuntu.org ^.+@ubuntu.com And I have whitelisted the [SCM] subject for pkg-java-commits if I got the syntax correctly. Keep up the good work! Torsten __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
tomcat7 7.0.28-4 MIGRATED to testing
FYI: The status of the tomcat7 source package in Debian's testing distribution has changed. Previous version: 7.0.28-3+nmu1 Current version: 7.0.28-4 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processing of jruby_1.5.6-5_amd64.changes
jruby_1.5.6-5_amd64.changes uploaded successfully to localhost along with the files: jruby_1.5.6-5.dsc jruby_1.5.6-5.debian.tar.gz jruby_1.5.6-5_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
jruby_1.5.6-5_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 11 Dec 2012 21:22:36 +0100 Source: jruby Binary: jruby Architecture: source all Version: 1.5.6-5 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Martin Quinson mquin...@debian.org Description: jruby - 100% pure-Java implementation of Ruby Closes: 694694 Changes: jruby (1.5.6-5) unstable; urgency=medium . * Team upload. * Add patch for CVE-2012-5370: Use PerlHash instead of MurmurHash (that is vulnerable to DoS attacks). (Closes: #694694) [Patch adapted from 5e4aab28 upstream] Checksums-Sha1: 4d13ae8ecbdd8028f0f1ea189fb27f2cd60c0ff4 2283 jruby_1.5.6-5.dsc fe062783f707c446d149cb293e1f71decd34ef5b 30568 jruby_1.5.6-5.debian.tar.gz cd2fd4e5d344ac1ed7d0612c67f72c886d038663 8918352 jruby_1.5.6-5_all.deb Checksums-Sha256: a0d0e96cf2b6e8f93ec6c54455807876faafd2baf4eee3db35baad83b6e9efd7 2283 jruby_1.5.6-5.dsc 89b92389ef3863225237e1de776807fb7455f0003fd0bb90c54e312291143749 30568 jruby_1.5.6-5.debian.tar.gz 7fa01aaa7b2d12eea1184488c9a130e71dfa1e40194c2180ec06840d82032ca0 8918352 jruby_1.5.6-5_all.deb Files: 07da0a29ffec6d0846389e685a0fe72b 2283 ruby optional jruby_1.5.6-5.dsc 96926425a15a98d304b93ca3bd3fdda7 30568 ruby optional jruby_1.5.6-5.debian.tar.gz 3d8a3fe64808709079620a709c8a66c6 8918352 ruby optional jruby_1.5.6-5_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQx5ecAAoJEJi9lyRPc76nGCEP+wcfLnUFNlfnNovHHwqrfxlC cLlLzPooRa3OAZ0IHgLhuHEXKzHAPGi5VLYSkLare6mxJcJDBCA0k0YADksLDOXF T+LoRC1Rk9/ywLFOrvetkmEl5KEWL4QdQ4msXhG+1Fc6vwcDOITZeqMkki8VWQc1 SLL8UX20iyyMHqZ+cmuGFS7JV5KvoIlNWuQWoQkatGQNoJIelUa+RrUwhhupO7RH AvMW8UK7MARgkGgde4LP0ONcQjvL9TmOEmW2bzfhSibZB162ArHhjGpmTL49jJ0x o4t90LmHs5x/y7eQfAEpohAq8vaXJQ6m2E3inm5xOq3EGzYUwjp0jRzEqeiDhIjP rRTc2MTG3szk8uSWM1wiHsAtuhQiDU1SyVQ6T//VXjd7Oo/prObxVZniDPdy9H/r izK9eSNWZQeYaOzLSAG0IAWDgtyC7KT2m2j1VPLN2YzjWI4QhkdU9sTHfS70PeTT pvXEqHyV0I3ICyq9tSKe/j1Wwipf3Mg80eW9o0tExRSGYJTsQ+aBDI5zZdXBLLyT gdBjVaCMol13O1g7HZRacR+SxJwpJgkkwwIzkjUHSIdsCRWFH3Z+/ehxa+QO57cY igXLZzliBp2ms1KW7zd9SNa7e9NEkCY2LDOalDYksqkLrDlCgVJXhDysjf1fWzkQ RaTGj9VBACdnMFyum7pe =nAUa -END PGP SIGNATURE- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#694694: marked as done (jruby: CVE-2012-5370)
Your message dated Tue, 11 Dec 2012 20:48:14 + with message-id e1tiwkq-0006d7...@franck.debian.org and subject line Bug#694694: fixed in jruby 1.5.6-5 has caused the Debian Bug report #694694, regarding jruby: CVE-2012-5370 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694694: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694694 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: jruby Severity: grave Tags: security Justification: user security hole Hi, please see the Red Hat bug for details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5370 Cheers, Moritz ---End Message--- ---BeginMessage--- Source: jruby Source-Version: 1.5.6-5 We believe that the bug you reported is fixed in the latest version of jruby, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Martin Quinson mquin...@debian.org (supplier of updated jruby package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 11 Dec 2012 21:22:36 +0100 Source: jruby Binary: jruby Architecture: source all Version: 1.5.6-5 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Martin Quinson mquin...@debian.org Description: jruby - 100% pure-Java implementation of Ruby Closes: 694694 Changes: jruby (1.5.6-5) unstable; urgency=medium . * Team upload. * Add patch for CVE-2012-5370: Use PerlHash instead of MurmurHash (that is vulnerable to DoS attacks). (Closes: #694694) [Patch adapted from 5e4aab28 upstream] Checksums-Sha1: 4d13ae8ecbdd8028f0f1ea189fb27f2cd60c0ff4 2283 jruby_1.5.6-5.dsc fe062783f707c446d149cb293e1f71decd34ef5b 30568 jruby_1.5.6-5.debian.tar.gz cd2fd4e5d344ac1ed7d0612c67f72c886d038663 8918352 jruby_1.5.6-5_all.deb Checksums-Sha256: a0d0e96cf2b6e8f93ec6c54455807876faafd2baf4eee3db35baad83b6e9efd7 2283 jruby_1.5.6-5.dsc 89b92389ef3863225237e1de776807fb7455f0003fd0bb90c54e312291143749 30568 jruby_1.5.6-5.debian.tar.gz 7fa01aaa7b2d12eea1184488c9a130e71dfa1e40194c2180ec06840d82032ca0 8918352 jruby_1.5.6-5_all.deb Files: 07da0a29ffec6d0846389e685a0fe72b 2283 ruby optional jruby_1.5.6-5.dsc 96926425a15a98d304b93ca3bd3fdda7 30568 ruby optional jruby_1.5.6-5.debian.tar.gz 3d8a3fe64808709079620a709c8a66c6 8918352 ruby optional jruby_1.5.6-5_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQx5ecAAoJEJi9lyRPc76nGCEP+wcfLnUFNlfnNovHHwqrfxlC cLlLzPooRa3OAZ0IHgLhuHEXKzHAPGi5VLYSkLare6mxJcJDBCA0k0YADksLDOXF T+LoRC1Rk9/ywLFOrvetkmEl5KEWL4QdQ4msXhG+1Fc6vwcDOITZeqMkki8VWQc1 SLL8UX20iyyMHqZ+cmuGFS7JV5KvoIlNWuQWoQkatGQNoJIelUa+RrUwhhupO7RH AvMW8UK7MARgkGgde4LP0ONcQjvL9TmOEmW2bzfhSibZB162ArHhjGpmTL49jJ0x o4t90LmHs5x/y7eQfAEpohAq8vaXJQ6m2E3inm5xOq3EGzYUwjp0jRzEqeiDhIjP rRTc2MTG3szk8uSWM1wiHsAtuhQiDU1SyVQ6T//VXjd7Oo/prObxVZniDPdy9H/r izK9eSNWZQeYaOzLSAG0IAWDgtyC7KT2m2j1VPLN2YzjWI4QhkdU9sTHfS70PeTT pvXEqHyV0I3ICyq9tSKe/j1Wwipf3Mg80eW9o0tExRSGYJTsQ+aBDI5zZdXBLLyT gdBjVaCMol13O1g7HZRacR+SxJwpJgkkwwIzkjUHSIdsCRWFH3Z+/ehxa+QO57cY igXLZzliBp2ms1KW7zd9SNa7e9NEkCY2LDOalDYksqkLrDlCgVJXhDysjf1fWzkQ RaTGj9VBACdnMFyum7pe =nAUa -END PGP SIGNATUREEnd Message--- __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784
Hi. Both patches attached at upstream JIRA and reopened HTTPCLIENT-1265. Waiting for response. Kind regards Alberto __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#687692: examples
Hi Tobias
Here's a testcase.
In sid it works fine, but if I use the jars provided in testing it
fails.
Important: the pdf file is protected , so it's necesary bouncycastle
to decrpyt it. Normal pdf files don't fail because they don't need
bouncycastle.
Attached sample pdf and sample java that counts the pages of a pdf.
Sid. It prints the expected output
pages = 1
In Testing: throws this exception:
Exception in thread main java.lang.NoClassDefFoundError:
org/bouncycastle/asn1/ASN1ObjectIdentifier
at com.lowagie.text.pdf.PdfEncryption.init(Unknown Source)
at com.lowagie.text.pdf.PdfReader.readDecryptedDocObj(Unknown Source)
at com.lowagie.text.pdf.PdfReader.readDocObj(Unknown Source)
at com.lowagie.text.pdf.PdfReader.readPdf(Unknown Source)
at com.lowagie.text.pdf.PdfReader.init(Unknown Source)
at com.lowagie.text.pdf.PdfReader.init(Unknown Source)
at Main.main(Main.java:17)
Caused by: java.lang.ClassNotFoundException:
org.bouncycastle.asn1.ASN1ObjectIdentifier
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:423)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
... 7 more
example2.pdf
Description: Adobe PDF document
import java.io.IOException;
import com.lowagie.text.pdf.PdfReader;
public class Main {
/**
* Test http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687692
* @throws IOException
*/
public static void main(String[] args) throws IOException {
String fileName = example2.pdf;
if (args != null args.length 0){
fileName = args[0];
}
PdfReader reader = new PdfReader(fileName);
System.out.println(pages = + reader.getNumberOfPages());
reader.close();
}
}
__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers.
Please use
debian-j...@lists.debian.org for discussions and questions.
Bug#687692: testcase bug 687692
Hie Tobias and Niels I've upload to the BTS a testcase for the bug. It's a protected pdf sample file and a simple java program that counts the number of pages of a PDF. It works fine in sid and fails in testing. Grettings Alberto __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
