Bug#698108: java-package: diff for NMU version 0.50+nmu2
On 01/14/2013 11:48 PM, Niels Thykier wrote: On 2013-01-15 00:57, David Prévot wrote: tags 698108 + patch thanks Dear maintainer, I've prepared an NMU for java-package (versioned as 0.50+nmu2) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer (or even if I should dcut it to 0-day, given the security matter). If you prefer to fix it in another not intrusive way (not c1fb4d0), I'm happy to (quickly) sponsor your package too. Regards. David [...] Seems to me your patch will prevent anyone from using java-package on the older Java7 binaries. If we do remove this support because they are infested with security issues making them unsuitable for anything at all[1], I think it should have a nice little error message saying Nope, won't do this - That version is vulnerable/unsupported/$whatever. Just so people are aware it is a deliberate choice from our side and not a buggy script crashing. (Particularly people have been using it with older versions before. They might be surprised to see that non-descriptive error message the reporter included in the original mail). I had the same thought - there may be a valid reason for someone to want to run jdk-7u9. This issue already appears to be addressed in the 0.51 package (but with a different patch). I'm assuming we want to keep the patch minimal - can we use this these patterns instead? jdk-7u+([0-9])-linux-i586.tar.gz jdk-7u+([0-9])-linux-x64.tar.gz David, if you'd prefer not to upload again, could you remove the upload and I'll prepare the update. (But thank you for taking the initiative in the first place!) Thank you, tony signature.asc Description: OpenPGP digital signature
Bug#698108: java-package: diff for NMU version 0.50+nmu2
Hi, Thanks Niels and Tony for your reviews and advices! Le 15/01/2013 11:38, tony mancill a écrit : On 01/14/2013 11:48 PM, Niels Thykier wrote: Seems to me your patch will prevent anyone from using java-package on the older Java7 binaries. Right, I didn't thought it would worth the trouble to support “infested with security issues making them unsuitable”-versions. I think it should have a nice little error message saying Nope, won't do this - That version is vulnerable/unsupported/$whatever. Right, I did bother to update the (multiple duplicates of the same) documentation, but a better handling of such error would have indeed be worthwhile. I had the same thought - there may be a valid reason for someone to want to run jdk-7u9. OK, so let's just continue to support its building then. This issue already appears to be addressed in the 0.51 package (but with a different patch). I'm assuming we want to keep the patch minimal That was the idea (both because we're in freeze, and because it's an NMU to fix an issue opened yesterday). If the release team is fine with 0.51, I guess it could be uploaded to unstable ;). can we use this these patterns instead? jdk-7u+([0-9])-linux-i586.tar.gz jdk-7u+([0-9])-linux-x64.tar.gz I'm afraid it won't cope with the ${archive_name:6:1} versus ${archive_name:6:2} expansion currently used in the scripts (or would need some more intrusive changes that may not be desirable). David, if you'd prefer not to upload again, could you remove the upload and I'll prepare the update. (But thank you for taking the initiative in the first place!) I've prepared another one, debdiff attached. It explicitly adds support for two digits version, without touching to the one digit version support nor the documentation (since it's still accurate with that change). I'll upload it to DELAYED/1 in about four hours (that is one day after after the initial DELAYED/2 upload), unless we find something else that need fixing in the mean time or if someone prefers to take care of it another way. Regards. David diff -Nru java-package-0.50+nmu1/debian/changelog java-package-0.50+nmu2/debian/changelog --- java-package-0.50+nmu1/debian/changelog 2012-09-06 18:38:09.0 -0400 +++ java-package-0.50+nmu2/debian/changelog 2013-01-15 15:07:11.0 -0400 @@ -1,3 +1,10 @@ +java-package (0.50+nmu2) unstable; urgency=high + + * Non-maintainer upload. + * Allow two digits in Java 7 updates. Closes: #597294, #698108 + + -- David Prévot taf...@debian.org Tue, 15 Jan 2013 15:06:26 -0400 + java-package (0.50+nmu1) unstable; urgency=low * Non-maintainer upload. diff -Nru java-package-0.50+nmu1/lib/oracle-j2re.sh java-package-0.50+nmu2/lib/oracle-j2re.sh --- java-package-0.50+nmu1/lib/oracle-j2re.sh 2012-01-21 08:21:00.0 -0400 +++ java-package-0.50+nmu2/lib/oracle-j2re.sh 2013-01-15 15:03:51.0 -0400 @@ -18,6 +18,12 @@ j2se_priority=316 found=true ;; + jre-7u[0-9][0-9]-linux-i586.tar.gz) # SUPPORTED + j2se_version=1.7.0+update${archive_name:6:2}${revision} + j2se_expected_min_size=94 #Mb + j2se_priority=316 + found=true + ;; esac ;; amd64|x86_64-linux-gnu) @@ -33,6 +39,12 @@ j2se_expected_min_size=88 #Mb j2se_priority=316 found=true + ;; + jre-7u[0-9][0-9]-linux-x64.tar.gz) # SUPPORTED + j2se_version=1.7.0+update${archive_name:6:2}${revision} + j2se_expected_min_size=88 #Mb + j2se_priority=316 + found=true ;; esac ;; diff -Nru java-package-0.50+nmu1/lib/oracle-j2sdk-doc.sh java-package-0.50+nmu2/lib/oracle-j2sdk-doc.sh --- java-package-0.50+nmu1/lib/oracle-j2sdk-doc.sh 2012-01-21 08:21:00.0 -0400 +++ java-package-0.50+nmu2/lib/oracle-j2sdk-doc.sh 2013-01-15 15:02:36.0 -0400 @@ -12,6 +12,11 @@ j2se_expected_min_size=290 #Mb found=true ;; + jdk-7u[0-9][0-9]-apidocs.zip) # SUPPORTED + j2se_version=1.7.0+update${archive_name:6:2}${revision} + j2se_expected_min_size=290 #Mb + found=true + ;; esac if [[ -n $found ]]; then cat EOF diff -Nru java-package-0.50+nmu1/lib/oracle-j2sdk.sh java-package-0.50+nmu2/lib/oracle-j2sdk.sh --- java-package-0.50+nmu1/lib/oracle-j2sdk.sh 2012-01-21 08:21:00.0 -0400 +++ java-package-0.50+nmu2/lib/oracle-j2sdk.sh 2013-01-15 15:02:05.0 -0400 @@ -18,6 +18,12 @@ j2se_priority=317 found=true ;; + jdk-7u[0-9][0-9]-linux-i586.tar.gz) # SUPPORTED + j2se_version=1.7.0+update${archive_name:6:2}${revision} + j2se_expected_min_size=190 #Mb + j2se_priority=317 + found=true + ;; esac ;; amd64|x86_64-linux-gnu) @@ -33,6 +39,12 @@
Bug#698108: java-package: diff for NMU version 0.50+nmu2
tags 698108 + patch thanks Dear maintainer, I've prepared an NMU for java-package (versioned as 0.50+nmu2) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer (or even if I should dcut it to 0-day, given the security matter). If you prefer to fix it in another not intrusive way (not c1fb4d0), I'm happy to (quickly) sponsor your package too. Regards. David diff -Nru java-package-0.50+nmu1/debian/changelog java-package-0.50+nmu2/debian/changelog --- java-package-0.50+nmu1/debian/changelog 2012-09-06 18:38:09.0 -0400 +++ java-package-0.50+nmu2/debian/changelog 2013-01-14 19:31:25.0 -0400 @@ -1,3 +1,11 @@ +java-package (0.50+nmu2) unstable; urgency=high + + * Non-maintainer upload. + * Java 7 updates now get two digits. Closes: #698108 + * Update documentation accordingly. + + -- David Prévot taf...@debian.org Mon, 14 Jan 2013 19:30:55 -0400 + java-package (0.50+nmu1) unstable; urgency=low * Non-maintainer upload. diff -Nru java-package-0.50+nmu1/debian/control java-package-0.50+nmu2/debian/control --- java-package-0.50+nmu1/debian/control 2012-09-06 18:38:27.0 -0400 +++ java-package-0.50+nmu2/debian/control 2013-01-14 19:40:26.0 -0400 @@ -19,10 +19,10 @@ (with archive files downloaded from providers listed below) . Supported java binary distributions currently include: - * Oracle (http://www.oracle.com/technetwork/java/javase/downloads) : - - The J2SE Development Kit (JDK), version 6 (update = 10), 7 - - The J2SE Runtime Environment (JRE), version 6 (update = 10), 7 - - The J2SE API Javadoc, version 6 (update = 10), 7 + * Oracle (http://www.oracle.com/technetwork/java/javase/downloads): + - The J2SE Development Kit (JDK), version 6 and 7 (update = 10) + - The J2SE Runtime Environment (JRE), version 6 and 7 (update = 10) + - The J2SE API Javadoc, version 6 and 7 (update = 10) (Choose tar.gz archives or self-extracting archives, do _not_ choose the RPM!) . Please note that Debian recommends the use of openjdk-6-jdk/openjdk-6-jre diff -Nru java-package-0.50+nmu1/debian/README.Debian java-package-0.50+nmu2/debian/README.Debian --- java-package-0.50+nmu1/debian/README.Debian 2012-02-08 19:52:45.0 -0400 +++ java-package-0.50+nmu2/debian/README.Debian 2013-01-14 19:40:33.0 -0400 @@ -15,10 +15,10 @@ - installing the generated package Supported java binary distributions currently include: - * Oracle (http://www.oracle.com/technetwork/java/javase/downloads) : -- The J2SE Development Kit (JDK), version 6 (update = 10), 7 -- The J2SE Runtime Environment (JRE), version 6 (update = 10), 7 -- The J2SE API Javadoc, version 6 (update = 10), 7 + * Oracle (http://www.oracle.com/technetwork/java/javase/downloads): +- The J2SE Development Kit (JDK), version 6 and 7 (update = 10) +- The J2SE Runtime Environment (JRE), version 6 and 7 (update = 10) +- The J2SE API Javadoc, version 6 and 7 (update = 10) (Choose tar.gz archives or self-extracting archives, do _not_ choose the RPM!) All other previously supported jvm (Blackdown, IBM, ..) have been removed and diff -Nru java-package-0.50+nmu1/lib/oracle-j2re.sh java-package-0.50+nmu2/lib/oracle-j2re.sh --- java-package-0.50+nmu1/lib/oracle-j2re.sh 2012-01-21 08:21:00.0 -0400 +++ java-package-0.50+nmu2/lib/oracle-j2re.sh 2013-01-14 19:10:30.0 -0400 @@ -12,8 +12,8 @@ j2se_priority=314 found=true ;; - jre-7u[0-9]-linux-i586.tar.gz) # SUPPORTED - j2se_version=1.7.0+update${archive_name:6:1}${revision} + jre-7u[0-9][0-9]-linux-i586.tar.gz) # SUPPORTED + j2se_version=1.7.0+update${archive_name:6:2}${revision} j2se_expected_min_size=94 #Mb j2se_priority=316 found=true @@ -28,8 +28,8 @@ j2se_priority=314 found=true ;; - jre-7u[0-9]-linux-x64.tar.gz) # SUPPORTED - j2se_version=1.7.0+update${archive_name:6:1}${revision} + jre-7u[0-9][0-9]-linux-x64.tar.gz) # SUPPORTED + j2se_version=1.7.0+update${archive_name:6:2}${revision} j2se_expected_min_size=88 #Mb j2se_priority=316 found=true diff -Nru java-package-0.50+nmu1/lib/oracle-j2sdk-doc.sh java-package-0.50+nmu2/lib/oracle-j2sdk-doc.sh --- java-package-0.50+nmu1/lib/oracle-j2sdk-doc.sh 2012-01-21 08:21:00.0 -0400 +++ java-package-0.50+nmu2/lib/oracle-j2sdk-doc.sh 2013-01-14 19:09:57.0 -0400 @@ -7,8 +7,8 @@ j2se_expected_min_size=44 #Mb found=true ;; - jdk-7u[0-9]-apidocs.zip) # SUPPORTED - j2se_version=1.7.0+update${archive_name:6:1}${revision} + jdk-7u[0-9][0-9]-apidocs.zip) # SUPPORTED + j2se_version=1.7.0+update${archive_name:6:2}${revision} j2se_expected_min_size=290 #Mb found=true ;; diff -Nru java-package-0.50+nmu1/lib/oracle-j2sdk.sh java-package-0.50+nmu2/lib/oracle-j2sdk.sh --- java-package-0.50+nmu1/lib/oracle-j2sdk.sh 2012-01-21 08:21:00.0 -0400 +++ java-package-0.50+nmu2/lib/oracle-j2sdk.sh
Bug#698108: java-package: diff for NMU version 0.50+nmu2
On 2013-01-15 00:57, David Prévot wrote: tags 698108 + patch thanks Dear maintainer, I've prepared an NMU for java-package (versioned as 0.50+nmu2) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer (or even if I should dcut it to 0-day, given the security matter). If you prefer to fix it in another not intrusive way (not c1fb4d0), I'm happy to (quickly) sponsor your package too. Regards. David [...] Seems to me your patch will prevent anyone from using java-package on the older Java7 binaries. If we do remove this support because they are infested with security issues making them unsuitable for anything at all[1], I think it should have a nice little error message saying Nope, won't do this - That version is vulnerable/unsupported/$whatever. Just so people are aware it is a deliberate choice from our side and not a buggy script crashing. (Particularly people have been using it with older versions before. They might be surprised to see that non-descriptive error message the reporter included in the original mail). ~Niels [1] Something I would find entirely plausible at this point. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org