Bug#737969: libtcnative-1 breaks Tomcat's 'SSLProtocols'
Package: libtcnative-1 Version: 1.1.24-1 Severity: important Symptoms: The Tomcat 'SSLProtocol' configuration attribute is documented as accepting several values, but on Debian 7/Wheezy (and presumably others) only the values SSLv3 and TLSv1 are accepted; notably the default value of all is rejected. Cause: The Debian packaging of 'libtcnative-1' contains a patch that simply removes the 'SSL_PROTOCOL_SSLV2' bitmask constant and related code, but does not remove it from the matching Tomcat sources. So some other bitmask constants in the Tomcat sources contain that bitmask constant, and therefore will never match the supposedly equivalent bitmasks in 'libtcnative-1'. Comments: Given that 'libtcnative-1' is essentially a Tomcat internal plugin, a native implementation of a Tomcat Java API, introducing an incompatibility between interface and implementation creates a surprising, undocumented, user-visible breakage. Anyhow it seems to me misguided to simply disable SSLv2 in 'libtcnative-1' on other grounds: * The other role of 'libtcnative-1' is as wrapper around 'libopenssl', and the maintainers of that, both upstream and Debian ones, have not felt any need to disable SSLv2 entirely within it. Just like the Tomcat ones, both upstream and Debian, have also felt no need to entirely disable SSLv2 in it either. It is amazing that a library that is a bit of glue between Tomcat and OpenSSL prevents the use of a feature that both explicitly support. * Some aspects of the SSLv2 protocol, in particular the SSLV2 hello, supported by the 'SSLv23*' OpenSSL functions, are widely used by clients, even when SSLv2 itself is not used. It also quite safe to use the 'SSLv23*' OpenSSL functions by setting the cipher suites to HIGH:MEDIUM as that disables all the SSLv2 ciphers, making SSLv2 native negotiation fail. * Perhaps it would be sufficient to print a warning message when SSLv2 is requested, but this should be done in Tomcat, not in a user-invisible glue layer between Tomcat and OpenSSL. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737988: Cannot build package
Package: libcommons-fileupload-java Version: 1.3-3 Severity: serious For some reason libcommons-fileupload-java fails to build on my wheezy system. It fails with: --- T E S T S --- Running org.apache.commons.fileupload.ParameterParserTest Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.208 sec Running org.apache.commons.fileupload.MultipartStreamTest Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 sec Running org.apache.commons.fileupload.DiskFileItemSerializeTest Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.071 sec Running org.apache.commons.fileupload.DefaultFileItemTest Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.022 sec Running org.apache.commons.fileupload.ServletFileUploadTest Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.13 sec Running org.apache.commons.fileupload.ProgressListenerTest Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.45 sec Running org.apache.commons.fileupload.SizesTest Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.722 sec Running org.apache.commons.fileupload.StreamingTest Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.391 sec Running org.apache.commons.fileupload.FileItemHeadersTest Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 sec Running org.apache.commons.fileupload.util.mime.MimeUtilityTestCase Tests run: 6, Failures: 2, Errors: 0, Skipped: 0, Time elapsed: 0.078 sec FAILURE! Running org.apache.commons.fileupload.util.mime.QuotedPrintableDecoderTestCase Tests run: 11, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.067 sec Running org.apache.commons.fileupload.util.mime.Base64DecoderTestCase Tests run: 13, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.039 sec Results : Failed tests: decodeUtf8QuotedPrintableEncoded(org.apache.commons.fileupload.util.mime.MimeUtilityTestCase): expected: h[�! ���]u !!! but was: h[é! àèô]u !!! decodeUtf8Base64Encoded(org.apache.commons.fileupload.util.mime.MimeUtilityTestCase): expected: h[�! ���]u !!! but was: h[é! àèô]u !!! Tests run: 67, Failures: 2, Errors: 0, Skipped: 0 __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#730695: downgrading
Control: severity -1 important As discussed over at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730685#24 I believe this bug cannot be marked as serious, since this only impact backports. Downgrading to important as explained by release-team (libguava-java = 15.0 is in sid anyway) __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: downgrading
Processing control commands: severity -1 important Bug #730695 [jenkins] Jenkins should build-depends: libguava-java = 15.0 Severity set to 'important' from 'serious' -- 730695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730695 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737990: Fails to build on wheezy
Package: stapler Version: 1.218-1 Severity: important For some reason I cannot build stapler on wheezy system, it fails with: jh_installlibs -plibstapler-java jh_classpath -plibstapler-java error: Can't rename /usr/share/java/stapler.jar as /usr/share/java/stapler.zbk Permission denied at /usr/share/perl5/Archive/Zip/Archive.pm line 454 Archive::Zip::Archive::overwriteAs('Archive::Zip::Archive=HASH(0x19e5fa0)', '/usr/share/java/stapler.jar') called at /usr/share/perl5/Archive/Zip/Archive.pm line 422 Archive::Zip::Archive::overwrite('Archive::Zip::Archive=HASH(0x19e5fa0)') called at /usr/bin/jh_manifest line 342 main::update_jar('Getopt::Long::CallBack=HASH(0x2069ae8)', undef) called at /usr/bin/jh_manifest line 144 jh_manifest: Writing modified jar (/usr/share/java/stapler.jar) failed: Permission denied make: *** [binary-post-install/libstapler-java] Error 1 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737994: fails to build on wheezy
Package: jenkins-trilead-ssh2 Version: 217-jenkins-3-1 I cannot build the package on wheeyz system. It fails with: [INFO] Scanning for projects... [INFO] [INFO] Building Ganymed SSH2 for Java [INFO]task-segment: [package] [INFO] [INFO] [resources:resources {execution: default-resources}] [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /tmp/jenkins-trilead-ssh2-217-jenkins-3/src/main/resources [INFO] [compiler:compile {execution: default-compile}] [INFO] Compiling 130 source files to /tmp/jenkins-trilead-ssh2-217-jenkins-3/target/classes [INFO] [ERROR] BUILD FAILURE [INFO] [INFO] Compilation failure /tmp/jenkins-trilead-ssh2-217-jenkins-3/src/com/trilead/ssh2/channel/Channel.java:[13,7] static import declarations are not supported in -source 1.3 (use -source 5 or higher to enable static import declarations) import static com.trilead.ssh2.util.IOUtils.closeQuietly; /tmp/jenkins-trilead-ssh2-217-jenkins-3/src/com/trilead/ssh2/channel/FifoBuffer.java:[53,21] ';' expected [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 2 seconds [INFO] Finished at: Fri Feb 07 13:41:02 CET 2014 [INFO] Final Memory: 6M/108M [INFO] make: *** [mvn-build] Error 1 dpkg-buildpackage: error: debian/rules build gave error exit status 2 It would be nice to have it as backport (this would solve 730685) __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: your mail
Processing commands for cont...@bugs.debian.org: block 732215 by 729609 729021 729092 729607 730139 730140 Bug #732215 [src:libspring-java] libspring-java: Package 3.2.6 or more recent releases 732215 was blocked by: 737436 729087 733148 732238 737424 732215 was not blocking any bugs. Added blocking bug(s) of 732215: 730139, 730140, 729609, 729021, 729092, and 729607 fixed 729013 rome/1.0-6 Bug #729013 [librome-java] librome-java: Please provide correct Maven artifact Marked as fixed in versions rome/1.0-6. thanks Stopping processing here. Please contact me if you need assistance. -- 729013: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729013 732215: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processing of libcommons-fileupload-java_1.3.1-1_amd64.changes
libcommons-fileupload-java_1.3.1-1_amd64.changes uploaded successfully to localhost along with the files: libcommons-fileupload-java_1.3.1-1.dsc libcommons-fileupload-java_1.3.1.orig.tar.gz libcommons-fileupload-java_1.3.1-1.debian.tar.xz libcommons-fileupload-java_1.3.1-1_all.deb libcommons-fileupload-java-doc_1.3.1-1_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737988:
What's really annoying is that DEB_BUILD_OPTIONS=nocheck is not taken into account. Policy says it is recommended to support those flags: https://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737994: fails to build on wheezy
On Wheezy the maven-compiler-plugin defaults to the Java 1.3 language level. The version in unstable/testing is more recent and defaults to 1.5. To solve this you have to add this to debian/maven.properties: maven.compiler.source=1.5 maven.compiler.target=1.5 Emmanuel Bourg __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737994: fails to build on wheezy
Control: tags -1 patch Control: severity -1 wishlist On Fri, Feb 7, 2014 at 1:52 PM, Emmanuel Bourg ebo...@apache.org wrote: On Wheezy the maven-compiler-plugin defaults to the Java 1.3 language level. The version in unstable/testing is more recent and defaults to 1.5. To solve this you have to add this to debian/maven.properties: maven.compiler.source=1.5 maven.compiler.target=1.5 That work thanks ! __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737990:
Using javahelper version 0.45, I can get a little further: [INFO] [jar:jar {execution: default-jar}] [INFO] Building jar: /tmp/stapler-1.218/jsp/target/stapler-jsp-1.218.jar [INFO] [install:install {execution: default-install}] [INFO] Installing /tmp/stapler-1.218/jsp/target/stapler-jsp-1.218.jar to /tmp/stapler-1.218/debian/maven-repo/org/kohsuke/stapler/stapler-jsp/1.218/stapler-jsp-1.218.jar [INFO] [INFO] Building Stapler Jelly module [INFO]task-segment: [install] [INFO] [INFO] [ERROR] BUILD ERROR [INFO] [INFO] Failed to resolve artifact. Missing: -- 1) org.jvnet.maven-jellydoc-plugin:jellydoc-annotations:jar:debian Try downloading the file manually from the project website. Then, install it using the command: mvn install:install-file -DgroupId=org.jvnet.maven-jellydoc-plugin -DartifactId=jellydoc-annotations -Dversion=debian -Dpackaging=jar -Dfile=/path/to/file Alternatively, if you host your own repository you can deploy the file there: mvn deploy:deploy-file -DgroupId=org.jvnet.maven-jellydoc-plugin -DartifactId=jellydoc-annotations -Dversion=debian -Dpackaging=jar -Dfile=/path/to/file -Durl=[url] -DrepositoryId=[id] Path to dependency: 1) org.kohsuke.stapler:stapler-jelly:jar:1.218 2) org.jvnet.maven-jellydoc-plugin:jellydoc-annotations:jar:debian -- 1 required artifact is missing. for artifact: org.kohsuke.stapler:stapler-jelly:jar:1.218 from the specified remote repositories: central (http://repo1.maven.org/maven2) NOTE: Maven is executing in offline mode. Any artifacts not already in your local repository will be inaccessible. [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 13 seconds [INFO] Finished at: Fri Feb 07 13:38:39 CET 2014 [INFO] Final Memory: 27M/361M [INFO] make: *** [mvn-build] Error 1 dpkg-buildpackage: error: debian/rules build gave error exit status 2 __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
libcommons-fileupload-java_1.3.1-1_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 06 Feb 2014 22:11:54 +0100 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.3.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Emmanuel Bourg ebo...@apache.org Description: libcommons-fileupload-java - File upload capability to your servlets and web applications libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads Changes: libcommons-fileupload-java (1.3.1-1) unstable; urgency=medium . * New upstream release - Addresses security issue: CVE-2014-0050 * Removed 002_CVE-2013-2186.patch (applied upstream) Checksums-Sha1: b3c08313eb1a69e68a1eca54ebd0b8f51a8305bc 2401 libcommons-fileupload-java_1.3.1-1.dsc 329a9cee297f859499213e6d0e3f9a0b1ff6749e 133326 libcommons-fileupload-java_1.3.1.orig.tar.gz 45a8ac0604685a461a508454fb289beaf4158a27 6724 libcommons-fileupload-java_1.3.1-1.debian.tar.xz 275646ec2129329641871ca3d2d13a73930c5be3 63072 libcommons-fileupload-java_1.3.1-1_all.deb 56de8d7a07a686d11a5e53ec7be33bf05bf756fb 375532 libcommons-fileupload-java-doc_1.3.1-1_all.deb Checksums-Sha256: 12870650c08e75d4e76e5f6df38e961d449b69e0691dc97f128bf3721f3396fa 2401 libcommons-fileupload-java_1.3.1-1.dsc b7a3444e615702da342292d14e447fe26fe4d9b144f3dafc525870b008a6c95a 133326 libcommons-fileupload-java_1.3.1.orig.tar.gz 349110765eb274b7a50975abb4ef4101c34247db20c073a80f9b9cc7729a7d25 6724 libcommons-fileupload-java_1.3.1-1.debian.tar.xz 1f72d88a584e45fc796055e972f4b62d1b25d94325b633aace34c84bdbc36075 63072 libcommons-fileupload-java_1.3.1-1_all.deb 6bb8473d633372acab94ffc0a142cef2010fb963809d64d636e2e184a4d56f4d 375532 libcommons-fileupload-java-doc_1.3.1-1_all.deb Files: c2d16a9e761fe3caf8ba52a0e5a33b6f 2401 java optional libcommons-fileupload-java_1.3.1-1.dsc 0903f9606096d11a8ff57525fd9ee83c 133326 java optional libcommons-fileupload-java_1.3.1.orig.tar.gz c499fc3d8f6fca154717e677fc358a5c 6724 java optional libcommons-fileupload-java_1.3.1-1.debian.tar.xz 95d0c0ab6cd9831d25e4d2cef753031f 63072 java optional libcommons-fileupload-java_1.3.1-1_all.deb e494a0f9a3e4681b5e095fec981e1611 375532 doc optional libcommons-fileupload-java-doc_1.3.1-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJS9NOyAAoJEPUTxBnkudCsb10P/j0Ge2Bb2tDej8JTYzfdTdxX CPqUNrtRdF9ZFrwVgykf4maLzLBiL5pQSdIv7qQvFPjYs+vQ3nsK0DyJejyVD5/k Zntz/IdIqyj+H492tG5QrPiQ8o2Bdxo0Bhr9CkOxnShbIDqA9C0vCKQdkhGioKim hEGyAQutWaGgNzwejSl8M21+nra93wX2MMgj2hdijONqiX09higR1LRmePICaqTX P3uXQ32NOdBkg9xEoVur4/YsT2jrjsj25uQioqcMGrEnBJLkOjM9q54KOe/EOI2E DCiodibdeM4agdEUyKswHoI8fsoe38xUnxanWX6nDnMxObJcfXpFQeR7SCRTLA7q 3RHUbBX4ae0PWwvSOSTaH/r921AUjSmv+db//aUpLnMpmDfUf7ixA9ytc9ifjIsG hiiGCJ+DYnFhWYIy5avV+O5HvKCYHAuDV3PJhCLdUBfp5o7eFVBT4yJu/7S+RHtP Y9PkRMY1rO0kJ10LMuYCqUNcofkgRex94vkffGD022Y7EaZ2nn17MZ2zKbYl/hkZ G+kBXv4IMvr9hxLbh9+ueT8yHrDkeT8Vg2pHacjieJsoqhac0Qf8vmEqPuPIKXSp 3o6E+wxvazlfBeqyWYi+WmyCjgL3lGnC8hB7JrBAlINMWFXg+bN6a6s6KvjeRw7j fvJW7xCKxZ3FyBJCthN6 =UbOU -END PGP SIGNATURE- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: debian/copyright GFDL, problems in stable
Processing commands for cont...@bugs.debian.org: tags 709492 + wheezy-ignore Bug #709492 {Done: Paolo Greppi paolo.gre...@libpf.com} [src:numdiff] Numdiff doc is non free Added tag(s) wheezy-ignore. tags 709500 + wheezy-ignore Bug #709500 [src:tla] Documentation is non free Added tag(s) wheezy-ignore. tags 709498 + wheezy-ignore Bug #709498 [smbc] Documentation is non free Added tag(s) wheezy-ignore. tags 709497 + wheezy-ignore Bug #709497 {Done: Cédric Boutillier bou...@debian.org} [src:ruby-gsl] [src:ruby-gsl] Documentation is non free Added tag(s) wheezy-ignore. tags 709495 + wheezy-ignore Bug #709495 [polyorb] Documentation is non free Added tag(s) wheezy-ignore. tags 709494 + wheezy-ignore Bug #709494 {Done: Sebastien Delafond s...@debian.org} [org-mode] Documentation is under gfdl with invariants Added tag(s) wheezy-ignore. tags 709491 + wheezy-ignore Bug #709491 [src:ntfsdoc] NTFS doc is non free due to gfdl invariant Added tag(s) wheezy-ignore. tags 708969 + wheezy-ignore Bug #708969 {Done: Dimitrios Eftaxiopoulos eftax...@otenet.gr} [src:mathgl] [mathgl] Non free GFDL Added tag(s) wheezy-ignore. tags 708966 + wheezy-ignore Bug #708966 [libmatheval] GFDL non free documentation Added tag(s) wheezy-ignore. tags 708956 + wheezy-ignore Bug #708956 [jwhois] [jwhois] GFDL non free license Added tag(s) wheezy-ignore. tags 708955 + wheezy-ignore Bug #708955 [imview-doc] GFDL Problem Added tag(s) wheezy-ignore. tags 708947 + wheezy-ignore Bug #708947 [horae] [horae] GFDL problem Added tag(s) wheezy-ignore. tags 708946 + wheezy-ignore Bug #708946 [src:grub] GFDL documentation with front and back cover Added tag(s) wheezy-ignore. tags 708942 + wheezy-ignore Bug #708942 {Done: Nicolas Boulenguez nico...@debian.org} [gprbuild] [gprbuild] GFDL non free file with front cover Added tag(s) wheezy-ignore. tags 708885 + wheezy-ignore Bug #708885 [gnade] [gnade] GFDL problem with invariant section Added tag(s) wheezy-ignore. tags 708880 + wheezy-ignore Bug #708880 [gengetopt] Manual pages have GFDL problem (no invariant) Added tag(s) wheezy-ignore. tags 708878 + wheezy-ignore Bug #708878 {Done: Michael Tautschnig m...@debian.org} [src:gcc-h8300-hms] Still some problem with GFDL with backcover/frontcover Added tag(s) wheezy-ignore. tags 708873 + wheezy-ignore Bug #708873 {Done: Jakub Adam jakub.a...@ktknet.cz} [src:eclipse-linuxtools] GFDL invariant Added tag(s) wheezy-ignore. tags 708863 + wheezy-ignore Bug #708863 [src:dico] GFDL with invariant section Added tag(s) wheezy-ignore. tags 695717 + wheezy-ignore Bug #695717 {Done: Anibal Monsalve Salazar ani...@debian.org} [src:cpio] cpio: includes non-free documentation (GFDL with unmodifiable sections) Bug #704121 {Done: Anibal Monsalve Salazar ani...@debian.org} [src:cpio] Debian cpio info pages totally gone Added tag(s) wheezy-ignore. Added tag(s) wheezy-ignore. tags 708781 + wheezy-ignore Bug #708781 [autoconf2.64] GFDL license with invariant section Added tag(s) wheezy-ignore. thanks Stopping processing here. Please contact me if you need assistance. -- 695717: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695717 704121: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704121 708781: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708781 708863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708863 708873: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708873 708878: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708878 708880: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708880 708885: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708885 708942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708942 708946: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708946 708947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708947 708955: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708955 708956: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708956 708966: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708966 708969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708969 709491: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709491 709492: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709492 709494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709494 709495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709495 709497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709497 709498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709498 709500: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709500 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#730685:
Even with an up-to-date libjenkins-trilead-ssh2-java package, the package cannot be backported to wheezy. It fails with: dh_install -plibtrilead-putty-extension-java dh_link -plibtrilead-putty-extension-java dh_installmime -plibtrilead-putty-extension-java dh_installgsettings -plibtrilead-putty-extension-java jh_installlibs -plibtrilead-putty-extension-java jh_classpath -plibtrilead-putty-extension-java error: Can't rename /usr/share/java/trilead-putty-extension.jar as /usr/share/java/trilead-putty-extension.zbk Permission denied at /usr/share/perl5/Archive/Zip/Archive.pm line 454 Archive::Zip::Archive::overwriteAs('Archive::Zip::Archive=HASH(0x19e6fc0)', '/usr/share/java/trilead-putty-extension.jar') called at /usr/share/perl5/Archive/Zip/Archive.pm line 422 Archive::Zip::Archive::overwrite('Archive::Zip::Archive=HASH(0x19e6fc0)') called at /usr/bin/jh_manifest line 342 main::update_jar('Getopt::Long::CallBack=HASH(0x280e288)', undef) called at /usr/bin/jh_manifest line 147 jh_manifest: Writing modified jar (/usr/share/java/trilead-putty-extension.jar) failed: Permission denied make: *** [binary-post-install/libtrilead-putty-extension-java] Error 1 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2 This happens with a javahelper version 0.45 My guess is that a newer maven-debian-helper should be used (wild guess). __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: Re: Bug#737988:
Processing control commands: tags -1 patch Bug #737988 [libcommons-fileupload-java] Cannot build package Added tag(s) patch. severity -1 wishlist Bug #737988 [libcommons-fileupload-java] Cannot build package Severity set to 'wishlist' from 'serious' -- 737988: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737988 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#714596: a package should build from scratch
Control: severity -1 serious I failed to understand why this would be wishlist ? Shouldn't a package in debian always build nicely from scratch ? I understand that the task is tedious, but it should bootstrap nicely instead of having to manually do steps. Right ? __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: your mail
Processing commands for cont...@bugs.debian.org: found 714596 jenkins/1.509.2+dfsg-2 Bug #714596 [jenkins] jenkins build-depends on itself: impossible to bootstrap Marked as found in versions jenkins/1.509.2+dfsg-2. End of message, stopping processing here. Please contact me if you need assistance. -- 714596: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714596 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: a package should build from scratch
Processing control commands: severity -1 serious Bug #714596 [jenkins] jenkins build-depends on itself: impossible to bootstrap Severity set to 'serious' from 'wishlist' -- 714596: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714596 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#738003: FTBFS from wheezy
Package: maven-debian-helper Version: 1.6.6 Severity: important For some reason I cannot backport the current m-d-h on my wheezy system it fails with: process-resources: process-pom: [mkdir] Created dir: /tmp/maven-debian-helper-1.6.6/debian-maven-plugin/target/classes/META-INF/maven/org.debian.maven/debian-maven-plugin [copy] Copying 2 files to /tmp/maven-debian-helper-1.6.6/debian-maven-plugin/target/classes/META-INF/maven/org.debian.maven/debian-maven-plugin mvn-generate: mvn-shared-repo: mvn-local-repo: [copy] Copying 2016 files to /tmp/maven-debian-helper-1.6.6/debian/.mh/maven-repo [java] + Error stacktraces are turned on. [java] - [java] this realm = plexus.core [java] Number of imports: 0 [java] - [java] FATAL ERROR: Unable to configure the Maven application [java] Error stacktrace: [java] org.codehaus.plexus.component.repository.exception.ComponentLookupException: Unable to lookup component 'org.apache.maven.Maven', it could not be started [java] at org.codehaus.plexus.DefaultPlexusContainer.lookup(DefaultPlexusContainer.java:339) [java] at org.codehaus.plexus.embed.Embedder.lookup(Embedder.java:78) [java] at org.apache.maven.cli.MavenCli.createMavenInstance(MavenCli.java:598) [java] at org.apache.maven.cli.MavenCli.main(MavenCli.java:335) [java] at org.apache.maven.cli.MavenCli.main(MavenCli.java:100) [java] Caused by: org.codehaus.plexus.component.repository.exception.ComponentLifecycleException: Error starting component [java] at org.codehaus.plexus.component.manager.AbstractComponentManager.startComponentLifecycle(AbstractComponentManager.java:109) [java] at org.codehaus.plexus.component.manager.AbstractComponentManager.createComponentInstance(AbstractComponentManager.java:95) [java] at org.codehaus.plexus.component.manager.ClassicSingletonComponentManager.getComponent(ClassicSingletonComponentManager.java:92) [java] at org.codehaus.plexus.DefaultPlexusContainer.lookup(DefaultPlexusContainer.java:331) [java] ... 4 more [java] Caused by: org.codehaus.plexus.personality.plexus.lifecycle.phase.PhaseExecutionException: Error composing component [java] at org.codehaus.plexus.personality.plexus.lifecycle.phase.CompositionPhase.execute(CompositionPhase.java:33) [java] at org.codehaus.plexus.lifecycle.AbstractLifecycleHandler.start(AbstractLifecycleHandler.java:101) [java] at org.codehaus.plexus.component.manager.AbstractComponentManager.startComponentLifecycle(AbstractComponentManager.java:105) [java] ... 7 more [java] Caused by: org.codehaus.plexus.component.composition.CompositionException: Composition failed of field projectBuilder in object of type org.apache.maven.DefaultMaven because the requirement ComponentRequirement{role='org.apache.maven.project.MavenProjectBuilder', roleHint='null', fieldName='null'} was missing [java] at org.codehaus.plexus.component.composition.FieldComponentComposer.assignRequirementToField(FieldComponentComposer.java:154) [java] at org.codehaus.plexus.component.composition.FieldComponentComposer.assembleComponent(FieldComponentComposer.java:73) [java] at org.codehaus.plexus.component.composition.DefaultComponentComposerManager.assembleComponent(DefaultComponentComposerManager.java:68) [java] at org.codehaus.plexus.DefaultPlexusContainer.composeComponent(DefaultPlexusContainer.java:1486) [java] at org.codehaus.plexus.personality.plexus.lifecycle.phase.CompositionPhase.execute(CompositionPhase.java:29) [java] ... 9 more [java] Caused by: org.codehaus.plexus.component.repository.exception.ComponentLookupException: Unable to lookup component 'org.apache.maven.project.MavenProjectBuilder', it could not be started [java] at org.codehaus.plexus.DefaultPlexusContainer.lookup(DefaultPlexusContainer.java:339) [java] at org.codehaus.plexus.component.composition.FieldComponentComposer.assignRequirementToField(FieldComponentComposer.java:129) [java] ... 13 more [java] Caused by: org.codehaus.plexus.component.repository.exception.ComponentLifecycleException: Error starting component [java] at org.codehaus.plexus.component.manager.AbstractComponentManager.startComponentLifecycle(AbstractComponentManager.java:109) [java] at org.codehaus.plexus.component.manager.AbstractComponentManager.createComponentInstance(AbstractComponentManager.java:95) [java] at org.codehaus.plexus.component.manager.ClassicSingletonComponentManager.getComponent(ClassicSingletonComponentManager.java:92) [java] at org.codehaus.plexus.DefaultPlexusContainer.lookup(DefaultPlexusContainer.java:331) [java] ... 14 more [java] Caused by: org.codehaus.plexus.personality.plexus.lifecycle.phase.PhaseExecutionException: Error composing component [java] at
Bug#738003: FTBFS from wheezy
Here is the relevant error: java.lang.ClassNotFoundException: edu.emory.mathcs.backport.java.util.concurrent.BlockingQueue libbackport-util-concurrent-java is in the process of being removed in Jessie (there are 3 rdeps left). backport-util-concurrent.jar has been removed from the classpath set my maven-ant-helper, that may explain the issue. Emmanuel Bourg __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737988:
I think the project.build.sourceEncoding property is not honored in Wheezy (older Maven plugins). Try disabling the tests by turning maven.test.skip to true in debian/maven.properties. Changing this property according to the value of DEB_BUILD_OPTIONS is a good improvement idea for maven-debian-helper. Emmanuel Bourg __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#714596: a package should build from scratch
'Tedious' is probably an euphemism. There are many Java packages that can't be bootstrapped properly due to circular dependencies. If it's not a hard requirement mandated by the policies I don't think it's fair to mark this as serious. It's certainly nice to have, hence the wishlist severity, but that doesn't limit our ability to use and modify the packages. Emmanuel Bourg __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: your mail
Processing commands for cont...@bugs.debian.org: severity 714596 wishlist Bug #714596 [jenkins] jenkins build-depends on itself: impossible to bootstrap Severity set to 'wishlist' from 'serious' End of message, stopping processing here. Please contact me if you need assistance. -- 714596: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714596 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: owner 732215 !
Processing commands for cont...@bugs.debian.org: owner 732215 ! Bug #732215 [src:libspring-java] libspring-java: Package 3.2.6 or more recent releases Owner changed from Miguel Landaeta nomad...@debian.org to Adrian Alves aal...@gmail.com. End of message, stopping processing here. Please contact me if you need assistance. -- 732215: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
freeplane 1.2.23+dfsg1-1 MIGRATED to testing
FYI: The status of the freeplane source package in Debian's testing distribution has changed. Previous version: 1.2.23-2 Current version: 1.2.23+dfsg1-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
sbbi-upnplib 1.0.4+triplea-1 MIGRATED to testing
FYI: The status of the sbbi-upnplib source package in Debian's testing distribution has changed. Previous version: (not in testing) Current version: 1.0.4+triplea-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#738110: libjsf-api-java: Please provide Maven artifact
Package: libjsf-api-java Version: 2.0.3-3 Severity: normal Dear Maintainer, Please provide a Maven artifact for your package as it will aid with packaging other software. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libjsf-api-java depends on: ii libservlet2.5-java 6.0.37-1 Versions of packages libjsf-api-java recommends: ii libjsf-impl-java 2.0.3-3 Versions of packages libjsf-api-java suggests: ii glassfish-javaee 1:2.1.1-b31g-3 pn libjsf-java-doc none -- no debconf information __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#738111: libvelocity-tools-java: Please provide Maven artifact
Package: libvelocity-tools-java Version: 2.0-2 Severity: normal Dear Maintainer, Please can you provide a Maven artifact jar for the *-view.jar part of Velocity Tools. It will help with packaging other software in Debian. Thank you. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libvelocity-tools-java depends on: ii libcommons-beanutils-java 1.9.1-1 ii libcommons-collections3-java 3.2.1-6 ii libcommons-digester-java 1.8.1-4 ii libcommons-lang-java 2.6-4 ii libcommons-logging-java 1.1.3-1 ii libcommons-validator-java 1:1.4.0-2 ii libdom4j-java 1.6.1+dfsg.3-2 ii liboro-java 2.0.8a-9 ii libservlet2.5-java6.0.37-1 ii velocity 1.7-4 libvelocity-tools-java recommends no packages. libvelocity-tools-java suggests no packages. -- no debconf information __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processed: your mail
Processing commands for cont...@bugs.debian.org: block 732215 by 738111 738110 Bug #732215 [src:libspring-java] libspring-java: Package 3.2.6 or more recent releases 732215 was blocked by: 737436 730139 729087 733148 729609 729092 729607 730140 732238 737424 729021 732215 was not blocking any bugs. Added blocking bug(s) of 732215: 738111 and 738110 thanks Stopping processing here. Please contact me if you need assistance. -- 732215: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
snappy-java REMOVED from testing
FYI: The status of the snappy-java source package in Debian's testing distribution has changed. Previous version: 1.0.4.1~dfsg-1 Current version: (not in testing) Hint: http://release.debian.org/britney/hints/auto-removals Bug #734599: libsnappy-java: Fails with FAILED_TO_LOAD_NATIVE_LIBRARY The script that generates this mail tries to extract removal reasons from comments in the britney hint files. Those comments were not originally meant to be machine readable, so if the reason for removing your package seems to be nonsense, it is probably the reporting script that got confused. Please check the actual hints file before you complain about meaningless removals. -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processing of libcommons-fileupload-java_1.2.2-1+deb6u2_amd64.changes
libcommons-fileupload-java_1.2.2-1+deb6u2_amd64.changes uploaded successfully to localhost along with the files: libcommons-fileupload-java_1.2.2-1+deb6u2.dsc libcommons-fileupload-java_1.2.2-1+deb6u2.debian.tar.gz libcommons-fileupload-java_1.2.2-1+deb6u2_all.deb libcommons-fileupload-java-doc_1.2.2-1+deb6u2_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Processing of libcommons-fileupload-java_1.2.2-1+deb7u2_amd64.changes
libcommons-fileupload-java_1.2.2-1+deb7u2_amd64.changes uploaded successfully to localhost along with the files: libcommons-fileupload-java_1.2.2-1+deb7u2.dsc libcommons-fileupload-java_1.2.2-1+deb7u2.debian.tar.gz libcommons-fileupload-java_1.2.2-1+deb7u2_all.deb libcommons-fileupload-java-doc_1.2.2-1+deb7u2_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
libcommons-fileupload-java_1.2.2-1+deb6u2_amd64.changes ACCEPTED into oldstable-proposed-updates-oldstable-new
Mapping oldstable-security to oldstable-proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 07 Feb 2014 17:12:35 +0100 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.2.2-1+deb6u2 Distribution: squeeze-security Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Emmanuel Bourg ebo...@apache.org Description: libcommons-fileupload-java - File upload capability to your servlets and web applications libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads Changes: libcommons-fileupload-java (1.2.2-1+deb6u2) squeeze-security; urgency=high . * Team upload. * Fix CVE-2014-0050: Specially crafted input can trigger an infinite loop if the buffer used by the MultipartStream is not big enough. When constructing MultipartStream enforce the requirements for buffer size by throwing an IllegalArgumentException if the requested buffer size is too small. This prevents the DoS. * Enable the unit tests Checksums-Sha1: e9de424554b69c030387f1e34242057dda45fc60 1981 libcommons-fileupload-java_1.2.2-1+deb6u2.dsc 6ec5a162d5c120916559755990e619a9d106cd75 9551 libcommons-fileupload-java_1.2.2-1+deb6u2.debian.tar.gz 8f6286f7f0153b165ecbeabe7f95ab0cd72a40db 55570 libcommons-fileupload-java_1.2.2-1+deb6u2_all.deb 34ca54d4f75615193b7ca29468907ca1a1d5a131 112124 libcommons-fileupload-java-doc_1.2.2-1+deb6u2_all.deb Checksums-Sha256: f674ddb438a8a92463e9ede2f56d1773a80ad730ac70f21c9ed4a397b36b6c44 1981 libcommons-fileupload-java_1.2.2-1+deb6u2.dsc 701993d92c0efa720971f0352068fbe78f7efe6ce9665c8fb06c61a4338a2486 9551 libcommons-fileupload-java_1.2.2-1+deb6u2.debian.tar.gz 50a042878083c20922c3ab2f2e807de6d04860e1f667dd55bee59ac09b9ad656 55570 libcommons-fileupload-java_1.2.2-1+deb6u2_all.deb 1518be94ae5f82efcde6f15fa970435ed89540d3dcc07517e5c69962cb1c77b1 112124 libcommons-fileupload-java-doc_1.2.2-1+deb6u2_all.deb Files: 89110e5afc4176407e1d2a7ce10dd2e7 1981 java optional libcommons-fileupload-java_1.2.2-1+deb6u2.dsc 2a01eaddece4e66386a4cb08d04c498e 9551 java optional libcommons-fileupload-java_1.2.2-1+deb6u2.debian.tar.gz ac575de41261c7e15feabd37e928a715 55570 java optional libcommons-fileupload-java_1.2.2-1+deb6u2_all.deb 7ed1eb427608cd017ddd78d1d9c578b4 112124 doc optional libcommons-fileupload-java-doc_1.2.2-1+deb6u2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJS9TKEAAoJEL97/wQC1SS+ygkH/igVk1nMsrx4tB3eAiiCProl OGGPBZJpF2DsWU7ttjStaoJNig/lt40FvTPR/810GtK7wBcqeR1lJIG04zr6lQfu ouZH5MlfpVb0lsIWAmemhW13RVBSHNzyGoNozfopX4edz5q+m22QAzMJJLw3CxNL i6g1ktHJfSxUecy2rdb4fFHUWoHzlwHQVIxTKTJ4kbad30hPROfzs7CsEGn4lY1j ATeZ4SgIZQ/0wuiOSL+FEUjLh6D9jmH7b9DXdPXV/sst7BkUpiC+mX9nLX5PlhtR ToAzsHL+9dgJJcjzp9pSjSMPnde3kzWlGtX1N0KLVc2oys7J+P9TAHdnkPiirUs= =pEKL -END PGP SIGNATURE- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
libcommons-fileupload-java_1.2.2-1+deb7u2_amd64.changes ACCEPTED into proposed-updates-stable-new
Mapping stable-security to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 07 Feb 2014 17:12:35 +0100 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.2.2-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Emmanuel Bourg ebo...@apache.org Description: libcommons-fileupload-java - File upload capability to your servlets and web applications libcommons-fileupload-java-doc - Javadoc API documentation for Commons FileUploads Changes: libcommons-fileupload-java (1.2.2-1+deb7u2) wheezy-security; urgency=high . * Team upload. * Fix CVE-2014-0050: Specially crafted input can trigger an infinite loop if the buffer used by the MultipartStream is not big enough. When constructing MultipartStream enforce the requirements for buffer size by throwing an IllegalArgumentException if the requested buffer size is too small. This prevents the DoS. * Enable the unit tests Checksums-Sha1: 26bb187457db31d6b4ca47a1db570ebcb922f111 2091 libcommons-fileupload-java_1.2.2-1+deb7u2.dsc ca98f223746257eb301f8b5e19eb91a26d66aa33 9255 libcommons-fileupload-java_1.2.2-1+deb7u2.debian.tar.gz 75b2145ce06e7b159bb2ff42f67795840e733919 55202 libcommons-fileupload-java_1.2.2-1+deb7u2_all.deb 544e3b4f1e549456070d87ca72fb4c79c8af3c71 369724 libcommons-fileupload-java-doc_1.2.2-1+deb7u2_all.deb Checksums-Sha256: 8a9eec433604921a16f7a58975f8eeb64bd35aafaa4c375f07e111f0557907d8 2091 libcommons-fileupload-java_1.2.2-1+deb7u2.dsc 7e5f691e7e14c04afda91fc762e9f5104b49d6dd2aaeb7761614d975a2742052 9255 libcommons-fileupload-java_1.2.2-1+deb7u2.debian.tar.gz 6f91742e500f062b5aef9dde55499aeb1779391ba7f71af2aeb4f02c75292fcc 55202 libcommons-fileupload-java_1.2.2-1+deb7u2_all.deb cfd3dc1c72fd2510e3398f10fd8e3e4108a20c5bace315c8db056bdaf68623a1 369724 libcommons-fileupload-java-doc_1.2.2-1+deb7u2_all.deb Files: 9f0c5475cfdc64d81f72380172dc3d92 2091 java optional libcommons-fileupload-java_1.2.2-1+deb7u2.dsc b61b2cedf8844c7a8919d48a328e7076 9255 java optional libcommons-fileupload-java_1.2.2-1+deb7u2.debian.tar.gz 241d68785016f9e252b9ac727565a1b6 55202 java optional libcommons-fileupload-java_1.2.2-1+deb7u2_all.deb cc7e50dc81c803f34140269c9aa4ed83 369724 doc optional libcommons-fileupload-java-doc_1.2.2-1+deb7u2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJS9TKEAAoJEL97/wQC1SS+5AYH/i6/3o0Zl0POe8UhP4iPVB7j u2GHDOLL3Fpi9fCt91iCmIgz79uxpMrC8yi6JHS3mPxNRhYtolrPiY8NHRel3hiT 1lDvzBA3C/CTXdwqfJGWNVQi2uvNivf6iZKHFbwfJmazy23PR4cMzkqvbQPYfgc5 6G29d1Sj0785HcK2i52mKbHrUO4rFHSyUNj1c/hjYLrHCks+iqi4Es10aoTUGNS5 sTdUV50OxjEUFlgMO0dESCU3fFNlzIn0dEo5oCDRnKy+kN8PJzQoyXnO4KYO8VFd YgbHkUgCp2guSneTFi3D3Op38/bz6fHVJacsDB+ZYPQmqmVPvBDXCxf2eamNtQE= =HNzr -END PGP SIGNATURE- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#737969: libtcnative-1 breaks Tomcat's 'SSLProtocols'
On 02/07/2014 02:53 AM, Peter Grandi wrote: Package: libtcnative-1 Version: 1.1.24-1 Severity: important Symptoms: The Tomcat 'SSLProtocol' configuration attribute is documented as accepting several values, but on Debian 7/Wheezy (and presumably others) only the values SSLv3 and TLSv1 are accepted; notably the default value of all is rejected. Cause: The Debian packaging of 'libtcnative-1' contains a patch that simply removes the 'SSL_PROTOCOL_SSLV2' bitmask constant and related code, but does not remove it from the matching Tomcat sources. So some other bitmask constants in the Tomcat sources contain that bitmask constant, and therefore will never match the supposedly equivalent bitmasks in 'libtcnative-1'. Comments: Given that 'libtcnative-1' is essentially a Tomcat internal plugin, a native implementation of a Tomcat Java API, introducing an incompatibility between interface and implementation creates a surprising, undocumented, user-visible breakage. Anyhow it seems to me misguided to simply disable SSLv2 in 'libtcnative-1' on other grounds: * The other role of 'libtcnative-1' is as wrapper around 'libopenssl', and the maintainers of that, both upstream and Debian ones, have not felt any need to disable SSLv2 entirely within it. Just like the Tomcat ones, both upstream and Debian, have also felt no need to entirely disable SSLv2 in it either. It is amazing that a library that is a bit of glue between Tomcat and OpenSSL prevents the use of a feature that both explicitly support. * Some aspects of the SSLv2 protocol, in particular the SSLV2 hello, supported by the 'SSLv23*' OpenSSL functions, are widely used by clients, even when SSLv2 itself is not used. It also quite safe to use the 'SSLv23*' OpenSSL functions by setting the cipher suites to HIGH:MEDIUM as that disables all the SSLv2 ciphers, making SSLv2 native negotiation fail. * Perhaps it would be sufficient to print a warning message when SSLv2 is requested, but this should be done in Tomcat, not in a user-invisible glue layer between Tomcat and OpenSSL. Hi Peter, Thank you for the analysis. I'm simply updating the bug with some background information. Please refer to Debian #622141 [0] for background on why/how the drop SSLv2 patch was introduced, and to discussion upstream [1]. tony [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141 [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=51056 signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.