headius-options_1.2-1_amd64.changes ACCEPTED into unstable, unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 25 Feb 2015 16:31:56 -0300 Source: headius-options Binary: libheadius-options-java libheadius-options-java-doc Architecture: source all Version: 1.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Miguel Landaeta nomad...@debian.org Description: libheadius-options-java - Java library for for JVM property-driven configuration libheadius-options-java-doc - Documentation for headius-options Closes: 779239 Changes: headius-options (1.2-1) unstable; urgency=medium . * Initial release. (Closes: #779239). Checksums-Sha1: ac0b3d0d7c175b46228fad0b51c0513b356f3037 2199 headius-options_1.2-1.dsc 2f07082f59746a6d6d53cd8a105e33a09530e3c4 6615 headius-options_1.2.orig.tar.gz 75cb2537aaf2eb366683899e28bd0bbd7f0a04f2 2696 headius-options_1.2-1.debian.tar.xz 68bb14da180ab7019f0620a1fd970a4c5fc7a440 16412 libheadius-options-java_1.2-1_all.deb 219a770cfc2de79b355d8ad955362f689ecb 99430 libheadius-options-java-doc_1.2-1_all.deb Checksums-Sha256: 9522c300283ea35286767b41a67969c5de389e4dbba54e04b1970e9f52ede77e 2199 headius-options_1.2-1.dsc 08ad78e3c1d34e95d705dd4cf2d1defec8b06d7f216dc788a175db4d0e82185f 6615 headius-options_1.2.orig.tar.gz 5b134e673ae0917045d323bc8bc3189f557e6fdfcd1ceb6fb56b42e14dff63f4 2696 headius-options_1.2-1.debian.tar.xz f503261f2d07d48daf699850048c26cbf6d9fff04e6df5ddaeb924989d41f132 16412 libheadius-options-java_1.2-1_all.deb 0b6da2bde754dc60d07949f96dca5f5b7a315515a50624e9acfad9b596a1f36e 99430 libheadius-options-java-doc_1.2-1_all.deb Files: acd14b04e58985a17eedfdd7a4aa73d6 2199 java optional headius-options_1.2-1.dsc daa7744167878061e116d66627e736df 6615 java optional headius-options_1.2.orig.tar.gz c4ab7e037737b7092f9639dd16d65153 2696 java optional headius-options_1.2-1.debian.tar.xz e8bb8a64b54883369323380d886f2e5e 16412 java optional libheadius-options-java_1.2-1_all.deb 57fc2d4469c8f70b47f4dbb187e093cf 99430 doc optional libheadius-options-java-doc_1.2-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJU7jx/AAoJEGIODQuJV82laxUP/jfwfJpbrLGjslV9Fj3UiPnv S63BfQ1ydn7bdTCyGZhod95K8C5znZ0BVHCUSTcDcO8wibD7oO2b+/1Uwov0Cv6h NVXe5/j3Pds24jub1zBWFamzFd6+cNK2V5ZMOEytMKMnsLGfJqFqGkJzHso/UOdK i6AQ4NwsJ2zTDaHnm5nJU0SSEUtAYU+q6pHTTgbDxeeva+VFPT1FUpjxO9v5Q+7w RK4njje8ixkxyDYOh6fle1TTwzTph9Z5INmdZkmu/7vrDpM+DUd8AulqqMS3LU1Q RD65oHdfFgEg4QlQEONIQJ6Lj4AnpASxAWZMjTgnoYVMvMpTqqQ/CAC6tud2VOTs r9oWAnqWzzNzR3LbqGgGIxrscs3yDCDH0c6kzqV4SUSx5JcOuaJVlw3VEHijiExX NWGYVkQug2D8IMwCr9K3Ccub+A3BJCEpCRdMaCB5D71GGyNDSihdQbk3azvSdIdk REpQ97dfegfHp6GiMwyTyEJsqD2YC7UNQUc6Qj9G1mshA8uCvTc9hD7DNwIjGN3S J8uCPVAePmwOubPCxYtkbOfpshnYmDRIIVzH+zusKDnxoDZdef00h4YAG+NJoenb AoYN6l+LUQDBQirqS1KdFgk2BYO9YVuzXTR5y5YFZ4/8fZxrxeLNxcZSeVM5NEAT km6KxwJTSruFx06OKw5j =AAou -END PGP SIGNATURE- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
libitext-java 2.1.7-9 MIGRATED to testing
FYI: The status of the libitext-java source package in Debian's testing distribution has changed. Previous version: 2.1.7-8 Current version: 2.1.7-9 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
osgi-annotation_6.0.0-1_amd64.changes ACCEPTED into unstable, unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 23 Feb 2015 18:46:31 +0100 Source: osgi-annotation Binary: libosgi-annotation-java libosgi-annotation-java-doc Architecture: source all Version: 6.0.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Markus Koschany a...@gambaru.de Description: libosgi-annotation-java - Java OSGi API - annotation module libosgi-annotation-java-doc - Javadoc for Java OSGi API - annotation module Closes: 779044 Changes: osgi-annotation (6.0.0-1) unstable; urgency=medium . * Initial release. (Closes: #779044) Checksums-Sha1: 58c3dd5758d7bbb9f583e3bb8848ba75778a78d4 2142 osgi-annotation_6.0.0-1.dsc a25ed75fa11a250a9e4ac8de07e18b913846ae99 5840 osgi-annotation_6.0.0.orig.tar.xz a8150d8dab5ecca923fe0deb004ca027df678b3d 2264 osgi-annotation_6.0.0-1.debian.tar.xz 164b43038a0662f1628cbfce67d1c657092228ea 3812 libosgi-annotation-java_6.0.0-1_all.deb 080f049a3390d23884d9a3b4a90c01e270f8daa0 23786 libosgi-annotation-java-doc_6.0.0-1_all.deb Checksums-Sha256: 342de2d402ba8c8917e727bf4e9876353a0fc4fa4f272187160c17f57160d0ab 2142 osgi-annotation_6.0.0-1.dsc 7d57f0bcd56c8c9c5e5f31d9057a41346eba50346ef51db81186e4e09dc18475 5840 osgi-annotation_6.0.0.orig.tar.xz cf3ae34b8a7efa4d1e35a47affcb14e7867cee5f627273afb097d540da4e97be 2264 osgi-annotation_6.0.0-1.debian.tar.xz 818ed3c67575593a01216e24fdb74643ca61ed324239c27a050c34003abbb159 3812 libosgi-annotation-java_6.0.0-1_all.deb 521fec2cb0b3d0643e8679a0152b25baa8dfb8152316d0cb170b36f59e3d14bd 23786 libosgi-annotation-java-doc_6.0.0-1_all.deb Files: f935e4d15a6ab2bf0743964134590822 2142 java optional osgi-annotation_6.0.0-1.dsc cf47b9184ef64ae18e5c4f11d2b4ff27 5840 java optional osgi-annotation_6.0.0.orig.tar.xz 5c9349854d78b687f06a77a7419d1129 2264 java optional osgi-annotation_6.0.0-1.debian.tar.xz d2a8bb0b1e7c70acc147b1da5e3b97de 3812 java optional libosgi-annotation-java_6.0.0-1_all.deb bbcdbd2f133915f159cbf3a92c2946a1 23786 doc optional libosgi-annotation-java-doc_6.0.0-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJU7l3SAAoJEGIODQuJV82lxcwP/35qriW1Yy8CsRnRio/+u8UM N+nFUZ1O3h0kyTm/qhPeN2vOFBZGL5YJ+4yw7ZazP8rU14K1k2K1vZGxeQlsyVYD PqU1maNGkDjg/T/QgqhpYgc9hrCJceMejoqiLt4uB/6kVTdBeWJ1/dl+oEjnIvGY /7SVl8DuzPZbf7o6YHgAhKZakhOdhRjUx6AfpR6V0aFC2d1cM624Kfb6oSRPXLZA Go4ZYbiXnDwiVmglZXseYsmXF1v7ELA5kQ/sFc/Zt6nk7qjrZDnh6Zo0zMhGFCgw UX7tEMGGrpof7CBwNADYJcFJ9/xkTd4kzLTK3rj7ciY6c+0HXfJrFgrnbw6LOj8t EyWiTAhgCkjttQcX/kLeeNHUV+QqwWrvP34/sTg0+juvc0/H9bCGBZzwPI+xvSTp 94Z/OTXlIhyk8mw32Vc1CR0ZlxCmeUx3nZWZzH6Zq9QW0JGQ8INGPnuIt1oKatGE xbyKEeG78im8yPgBZwq+6j5PBnuz5EyG8TLRWPDmFYQvQOt83l+5OUAkiDzwYQrm imJZ4Wz8eIEB2AYwc4E1YCYjbOoYUTRaCIuWCIz8VIfTfkYuNSEo6aJHxjm2sIUR xuZIVp0U/OqCaLt3EAHvye3Tj5BBrC/NUUbAsV0AzinMs2okhnxZbZTgsmFYt2IV qIIgxbwKl0BbEzNI3SXC =BfvB -END PGP SIGNATURE- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
maven_3.0.4-3+deb7u1_amd64.changes ACCEPTED into proposed-updates-stable-new, proposed-updates
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 27 Feb 2015 17:56:07 +0100 Source: maven Binary: maven Architecture: source all Version: 3.0.4-3+deb7u1 Distribution: stable Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Emmanuel Bourg ebo...@apache.org Description: maven - Java software project management and comprehension tool Closes: 779331 Changes: maven (3.0.4-3+deb7u1) stable; urgency=high . * Team upload. * Use a secure connection by default to download artifacts from the Maven Central repository (Closes: #779331) Checksums-Sha1: 4d63a82a0f2c9aa9cbdf42bda59cc35e0986c854 2504 maven_3.0.4-3+deb7u1.dsc 95c29f95f34664a87c28e14aabdc1a0aad4fe37b 14603 maven_3.0.4-3+deb7u1.debian.tar.gz 73c8337239edfa12a5ffdb7ea37361685a3fda72 1293492 maven_3.0.4-3+deb7u1_all.deb Checksums-Sha256: 8a0dbba189c06d64b1dc083cb2b6df2d69f7618f466dd573d4483cb5bd163705 2504 maven_3.0.4-3+deb7u1.dsc 49c2b9bc24eb25baeb00da34539a6797fbb6ec7b11e9572877d5f02ace4b2471 14603 maven_3.0.4-3+deb7u1.debian.tar.gz 3c06782f6581c3598f30fc402f76b88fc6e6cbffd6dd7714d06e0cd609b38794 1293492 maven_3.0.4-3+deb7u1_all.deb Files: d27d12e5cb9756ccfd5dc8a541d5c5ec 2504 java optional maven_3.0.4-3+deb7u1.dsc 88c2d10e6577ba3981eab8f0ed0a6a25 14603 java optional maven_3.0.4-3+deb7u1.debian.tar.gz 5f855c9dd4d0ee072973054c63ecad93 1293492 java optional maven_3.0.4-3+deb7u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJU9YNlAAoJEPUTxBnkudCsMrMP/Rg26ZrSFjEcl0xxoqdY8Z61 3H+NNIMQlERWraXePMwU5ago7v89T0fpj342oJw23bKESiOVuIM2mN5tspekPXls cDL9l3wU9Hzava3n8GuPLZZCb5DtkKcwowZxKD5+FljLuwmD2+wvQ5Psxx8hnKft D7ArcGtc1/2duxQL5mZLFgPRjsDGjXtdj4HrbglmaZU0OgQKv3gEoV8a8AdkQIAb L0syzD9+DfuMJXCyBZxaXARCr6hU2kkuujWyBb/7OidKUCQQZpFM3ETGRYswxahN f+6iaqcYdHm8sd7IyO7DCGhgkf8zlCbVo85oHCcA1NDJwP4TXOEfIZEVMdKyyQB1 B6ST4rCbcmADh5bEZcPHn9LKkM4o4Jt0LL1wqkgkaQGICoA1t++8kChf/AG0gMcS qA4BxsnUxbx1BdwVH5w6XewB0dh+7gKWNG1MPVX9ialWHiu1ZoCKssYxfOlCiRHs b9ooDisxIr5WJEXRh+rDx8VVgpilaOCjeSP+RtUOhweFrHyLWqZMjsD6vLg2aPhC dwCT92S5z6yKX96Xp0uXOYvO0OVxP8VKqjXgj4rbRuYoogwpfQLX8SejXlrg2s28 UIZun8qEgSQzeNZlYq+IhK/1qLuAr21jnlxwj5k/bBTw2EeZklSZiqRaMFGhNlON LH+BaFgzzyCV+ylbLQDs =6bOO -END PGP SIGNATURE- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#779331: marked as done (maven downloads and runs completely unauthed jars via HTTP)
Your message dated Fri, 06 Mar 2015 21:17:11 + with message-id e1ytzcn-0001yd...@franck.debian.org and subject line Bug#779331: fixed in maven 3.0.4-3+deb7u1 has caused the Debian Bug report #779331, regarding maven downloads and runs completely unauthed jars via HTTP to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 779331: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779331 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: maven Version: 3.0.4-3 Severity: grave Tags: security By default, maven versions before v3.2.3 downloads from Maven Central using plain HTTP and do not check any kind of signature on the code before running it. This is a very bad situation, making it quite easy for malicious actors take over the machines where maven is used: http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/ Luckily, there is a simple step that greatly improves the situation. HTTPS is now fully supported on maven central, so Debian's maven should also default to HTTPS. A user can set this in ~/.m2/settings.xml, and it works fine with the Debian version of maven. But this really needs to be the default, and it should just be a matter of adding this config information to /etc/maven/settings.xml http://central.sonatype.org/pages/consumers.html#apache-maven signature.asc Description: OpenPGP digital signature ---End Message--- ---BeginMessage--- Source: maven Source-Version: 3.0.4-3+deb7u1 We believe that the bug you reported is fixed in the latest version of maven, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 779...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg ebo...@apache.org (supplier of updated maven package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 27 Feb 2015 17:56:07 +0100 Source: maven Binary: maven Architecture: source all Version: 3.0.4-3+deb7u1 Distribution: stable Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Emmanuel Bourg ebo...@apache.org Description: maven - Java software project management and comprehension tool Closes: 779331 Changes: maven (3.0.4-3+deb7u1) stable; urgency=high . * Team upload. * Use a secure connection by default to download artifacts from the Maven Central repository (Closes: #779331) Checksums-Sha1: 4d63a82a0f2c9aa9cbdf42bda59cc35e0986c854 2504 maven_3.0.4-3+deb7u1.dsc 95c29f95f34664a87c28e14aabdc1a0aad4fe37b 14603 maven_3.0.4-3+deb7u1.debian.tar.gz 73c8337239edfa12a5ffdb7ea37361685a3fda72 1293492 maven_3.0.4-3+deb7u1_all.deb Checksums-Sha256: 8a0dbba189c06d64b1dc083cb2b6df2d69f7618f466dd573d4483cb5bd163705 2504 maven_3.0.4-3+deb7u1.dsc 49c2b9bc24eb25baeb00da34539a6797fbb6ec7b11e9572877d5f02ace4b2471 14603 maven_3.0.4-3+deb7u1.debian.tar.gz 3c06782f6581c3598f30fc402f76b88fc6e6cbffd6dd7714d06e0cd609b38794 1293492 maven_3.0.4-3+deb7u1_all.deb Files: d27d12e5cb9756ccfd5dc8a541d5c5ec 2504 java optional maven_3.0.4-3+deb7u1.dsc 88c2d10e6577ba3981eab8f0ed0a6a25 14603 java optional maven_3.0.4-3+deb7u1.debian.tar.gz 5f855c9dd4d0ee072973054c63ecad93 1293492 java optional maven_3.0.4-3+deb7u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJU9YNlAAoJEPUTxBnkudCsMrMP/Rg26ZrSFjEcl0xxoqdY8Z61 3H+NNIMQlERWraXePMwU5ago7v89T0fpj342oJw23bKESiOVuIM2mN5tspekPXls cDL9l3wU9Hzava3n8GuPLZZCb5DtkKcwowZxKD5+FljLuwmD2+wvQ5Psxx8hnKft D7ArcGtc1/2duxQL5mZLFgPRjsDGjXtdj4HrbglmaZU0OgQKv3gEoV8a8AdkQIAb L0syzD9+DfuMJXCyBZxaXARCr6hU2kkuujWyBb/7OidKUCQQZpFM3ETGRYswxahN f+6iaqcYdHm8sd7IyO7DCGhgkf8zlCbVo85oHCcA1NDJwP4TXOEfIZEVMdKyyQB1 B6ST4rCbcmADh5bEZcPHn9LKkM4o4Jt0LL1wqkgkaQGICoA1t++8kChf/AG0gMcS qA4BxsnUxbx1BdwVH5w6XewB0dh+7gKWNG1MPVX9ialWHiu1ZoCKssYxfOlCiRHs b9ooDisxIr5WJEXRh+rDx8VVgpilaOCjeSP+RtUOhweFrHyLWqZMjsD6vLg2aPhC dwCT92S5z6yKX96Xp0uXOYvO0OVxP8VKqjXgj4rbRuYoogwpfQLX8SejXlrg2s28 UIZun8qEgSQzeNZlYq+IhK/1qLuAr21jnlxwj5k/bBTw2EeZklSZiqRaMFGhNlON LH+BaFgzzyCV+ylbLQDs =6bOO -END PGP SIGNATUREEnd Message--- __ This is the maintainer address of Debian's Java team