date:20180506

Processing commands for cont...@bugs.debian.org:

> tags 897945 + buster sid
Bug #897945 [visualvm] visualvm will not start since upgrade of libnb-*-java to 
8.1+dfsg1-8
Added tag(s) sid and buster.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
897945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897945
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Bug #886090 in lucene-solr marked as pending

Processing control commands:

> tag -1 pending
Bug #886090 [solr-jetty] solr-jetty: Doesn't work out-of-the-box anymore; 
required symlink is missing
Ignoring request to alter tags of bug #886090 to the same tags previously set

-- 
886090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of jboss-modules_1.8.3-1_source.changes

jboss-modules_1.8.3-1_source.changes uploaded successfully to localhost
along with the files:
  jboss-modules_1.8.3-1.dsc
  jboss-modules_1.8.3.orig.tar.gz
  jboss-modules_1.8.3-1.debian.tar.xz
  jboss-modules_1.8.3-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

New version of java-common breaks autopkgtest of octave-io in testing

2018-05-06 Thread Paul Gevers

Dear maintainers,

As recently announced¹ Debian is now running autopkgtests in testing to
check if migration of a new source package causes regressions. It does
this with the binary packages of the new version of a source package
from unstable.

With the upload of version 0.65 of java-common the autopkgtest of
octave-io started to fail in testing². This is currently delaying the
migration of java-common version 0.65³.

This e-mail is meant to trigger direct communication between the
maintainers of the involved packages as one party has insight in what
changed and the other party insight in what is being tested. After all,
a regression in a reverse dependency can come due to one of the
following reasons (of course not complete):
* new bug in the candidate package (fix the package)
* bug in the test case that only gets triggered due to the update (fix
  the reverse dependency, but see below)
* out-of-date reference date in the test case that captures a former bug
  in the candidate package (fix the reverse dependency, but see below)
* deprecation of functionality that is used in the reverse dependency
  and/or its test case (discussion needed)

Unfortunately sometimes a regression is only intermittent. Ideally this
should be fixed, but it may be OK to just have the autopkgtest retried
(a link is available in the excuses³).

There are cases where it is required to have multiple packages migrate
together to have the test cases pass, e.g. when there was a bug in a
regressing test case of a reverse dependency and that got fixed. In that
case the test cases need to be triggered with both packages from
unstable (reply to this e-mail and/or contact the ci-team⁴) or just wait
until the aging time is over (if the fixed reverse dependency migrates
before that time, the failed test can be retriggered³).

Of course no system is perfect. In case a framework issue is suspected,
don't hesitate to raise the issue via bts or to the ci-team⁴ (reply to
me is also fine for initial cross-check).

To avoid stepping on peoples toes, this e-mail is not automatically
generating a bug in the bts, but it is highly recommended to forward
this e-mail there (psuedo-header boilerplate below⁵⁶) in case it is
clear which package should solve this regression.

Paul
PS: comments on the text of this e-mail are highly appreciated

¹ https://lists.debian.org/debian-devel-announce/2018/05/msg1.html
² https://ci.debian.net/packages/o/octave-io/testing/amd64/
³ https://qa.debian.org/excuses.php?package=java-common
⁴ #debci on oftc or debian...@lists.debian.org
⁵ java-common has an issue

Source: java-common
Version: 0.65
Severity: normal or higher
Control: affects -1 src:octave-io
User: debian...@lists.debian.org
Usertags: breaks

⁶ octave-io has an issue

Source: octave-io
Version: 2.4.10-3
Severity: normal or higher
Control: affects -1 src:java-common
User: debian...@lists.debian.org
Usertags: needs-update




signature.asc
Description: OpenPGP digital signature
__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of undertow_1.4.25-1_source.changes

undertow_1.4.25-1_source.changes uploaded successfully to localhost
along with the files:
  undertow_1.4.25-1.dsc
  undertow_1.4.25.orig.tar.xz
  undertow_1.4.25-1.debian.tar.xz
  undertow_1.4.25-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

lucene-solr_3.6.2+dfsg-13_source.changes ACCEPTED into unstable



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 06 May 2018 20:51:06 +0200
Source: lucene-solr
Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc 
libsolr-java solr-common solr-tomcat solr-jetty
Architecture: source
Version: 3.6.2+dfsg-13
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 liblucene3-contrib-java - Full-text search engine library for Java - 
additional libraries
 liblucene3-java - Full-text search engine library for Java - core library
 liblucene3-java-doc - Documentation for Lucene
 libsolr-java - Enterprise search server based on Lucene - Java libraries
 solr-common - Enterprise search server based on Lucene3 - common files
 solr-jetty - Enterprise search server based on Lucene3 - Jetty integration
 solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration
Closes: 886090
Changes:
 lucene-solr (3.6.2+dfsg-13) unstable; urgency=medium
 .
   * Team upload.
   * Symlink /etc/solr/solr-jetty.xml to /var/lib/jetty9/webapps/solr.xml
 to make solr-jetty work out-of-the-box.
 Thanks to Larocque for the report. (Closes: #886090)
Checksums-Sha1:
 1d3199ebc13cca70b57d9a224c67711fe79069df 3380 lucene-solr_3.6.2+dfsg-13.dsc
 5ba1e1a1f67f2b7a44b21f0911e3f6bd3c0fad1c 52924 
lucene-solr_3.6.2+dfsg-13.debian.tar.xz
 a9467b76916c8ea796a4b17e0e554eb075d7ee1b 15180 
lucene-solr_3.6.2+dfsg-13_amd64.buildinfo
Checksums-Sha256:
 cef1b2ee85ebea79dfe76a981b199e99521f16513e1d0c1f9b611b96b0a565b6 3380 
lucene-solr_3.6.2+dfsg-13.dsc
 3774ce38bda6f9dbbb3effc9677167ce34270264f88f78dd340ebf1ac21037aa 52924 
lucene-solr_3.6.2+dfsg-13.debian.tar.xz
 41f283d144968d7690dde5ead314d625a452509631b1fc5aaeed9289bb3e5cf2 15180 
lucene-solr_3.6.2+dfsg-13_amd64.buildinfo
Files:
 54dc75f10f8129b98b2959a62ee06274 3380 java optional 
lucene-solr_3.6.2+dfsg-13.dsc
 1197fbcb217076d0e4be5f4fb2c528c5 52924 java optional 
lucene-solr_3.6.2+dfsg-13.debian.tar.xz
 b95db0f726a29cf38573f0be2072fd64 15180 java optional 
lucene-solr_3.6.2+dfsg-13_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrvVTtfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkhZkP/iDYN1CgPzxoe3nxSikYkWM10ljdK7DhyOtG
n7ERGnt2uQT8WBaHzFTv4o3IiKZwMhhPd8t8As5rVzp0twTQHHxy4aFJuU2FTWBs
ScIPz/tHK/QU7WaBmmCarojzX70VbKxO5Fu6VLcfdsNTIVM3yg3pXM+yBW8pyXof
WkuYFxhc1qnhlBgb4+E0eQF1mFiiyiREVVaGWd9T91SnSl9MPysq+cVFBdyMs3Sm
gsnC91mWkeiGGckMLzr4eZXYYK4RmAmRy1Qm4xnVrIKHmZfgBTpdCcDG+QwiIZCI
XZFkKnGGhtLdHeIMMVm79NWsgUJu5XAETk0PZ5JnyOU1AdZ0oMA0yRPOeVE/ORWy
l/ohzVXYFte4MMkU1X+b2+BQ1aajibaW9wCOOYwT+EhNul1RJVjD+UvsLcxqIbQ5
D1dcSqczDaUCK1RJ1l/QAp5VzBb5TC1EEn/6KiRhSBjXeVWaIOYTFhI9Gbx4p7S8
7MbMBHua1xQ/8ZtDJmBItuMYBuc/i69xAeu+twN1l5dKTnsZS/qfkP5pGP40g2hq
VpUeCEjasELanJSFJbAn5W8MK7zBB+kysnt6a3C8uJEWE1HrtQ75fRZChfKxp73D
rpZfrOX31cAC/0WotdVIEjPY4Oa7Ot1jHekkjiIWrgo3AKnTtgVwmb78T+i6racj
9sy95BAv
=Eydv
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#897247: marked as done (undertow: CVE-2018-1114: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service)

Your message dated Sun, 06 May 2018 21:00:20 +
with message-id 
and subject line Bug#897247: fixed in undertow 1.4.25-1
has caused the Debian Bug report #897247,
regarding undertow: CVE-2018-1114: File descriptor leak caused by 
JarURLConnection.getLastModified() allows attacker to cause a denial of service
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
897247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: undertow
Version: 1.4.23-3
Severity: important
Tags: patch security upstream
Forwarded: https://issues.jboss.org/browse/UNDERTOW-1338

Hi,

The following vulnerability was published for undertow.

CVE-2018-1114[0]:
|File descriptor leak caused by JarURLConnection.getLastModified()
|allows attacker to cause a denial of service

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1114
[1] https://issues.jboss.org/browse/UNDERTOW-1338

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: undertow
Source-Version: 1.4.25-1

We believe that the bug you reported is fixed in the latest version of
undertow, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 897...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated undertow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 06 May 2018 21:29:28 +0200
Source: undertow
Binary: libundertow-java libundertow-java-doc
Architecture: source
Version: 1.4.25-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libundertow-java - flexible performant web server written in Java
 libundertow-java-doc - Documentation for Undertow
Closes: 897247
Changes:
 undertow (1.4.25-1) unstable; urgency=medium
 .
   * New upstream version 1.4.25
 - Fix CVE-2018-1114: File descriptor leak caused by
   JarURLConnection.getLastModified() allows attacker to cause a denial of
   service. (Closes: #897247)
 - Fix CVE-2017-12196: When using Digest authentication the server does not
   ensure that the value of URI in the Authorization header matches the URI
   in HTTP request line. This allows the attacker to cause a MITM attack and
   access the desired content on the server.
   * Declare compliance with Debian Policy 4.1.4.
Checksums-Sha1:
 9626fbf640d84557c6a3c952b568e6fc3d071317 2754 undertow_1.4.25-1.dsc
 10d9205135f8bfc095ecc95de5676466e141fcca 744588 undertow_1.4.25.orig.tar.xz
 f3943ec4f76c1c529f9066d832d0c7035fd8b072 7528 undertow_1.4.25-1.debian.tar.xz
 bf49bc5e7223bd9ac520ac867bfed034ecedafa1 17738 
undertow_1.4.25-1_amd64.buildinfo
Checksums-Sha256:
 facfa86844e8da9544f6e9deee6240493788c75e77f9fda477b6c3d8c0621b4b 2754 
undertow_1.4.25-1.dsc
 eccabc5973944010a15d2a4ec16a3a948c8cf75496d6da9013c84c1867d55a5d 744588 
undertow_1.4.25.orig.tar.xz
 650f26f47cb02a3d806fc9ec45257d85ba0ed1a02b4d3c85c05e2b52fbc0ffa0 7528 
undertow_1.4.25-1.debian.tar.xz
 4ef0e643cbabd5499d84e5d11b46a585e74a1e4688bd3969825170a2cdae1077 17738 
undertow_1.4.25-1_amd64.buildinfo
Files:
 e670ecf8ab523e51d19d7654fa76bac7 2754 java optional undertow_1.4.25-1.dsc
 91b3a5b29190017f7d119ad409690d3d 744588 java optional 
undertow_1.4.25.orig.tar.xz
 ef78fc553059accb288dacceda75edf2 7528 java

Processing of libscram-java_1.0.0~beta.2-1_amd64.changes

libscram-java_1.0.0~beta.2-1_amd64.changes uploaded successfully to localhost
along with the files:
  libscram-java_1.0.0~beta.2-1.dsc
  libscram-java_1.0.0~beta.2.orig.tar.gz
  libscram-java_1.0.0~beta.2-1.debian.tar.xz
  libscram-java-doc_1.0.0~beta.2-1_all.deb
  libscram-java_1.0.0~beta.2-1_all.deb
  libscram-java_1.0.0~beta.2-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#886090: marked as done (solr-jetty: Doesn't work out-of-the-box anymore; required symlink is missing)

Your message dated Sun, 06 May 2018 19:35:04 +
with message-id
and subject line Bug#886090: fixed in lucene-solr 3.6.2+dfsg-13
has caused the Debian Bug report #886090,
regarding solr-jetty: Doesn't work out-of-the-box anymore; required symlink is
missing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)

--
886090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: solr-jetty
Version: 3.6.2+dfsg-10
Severity: normal

Hi,

I'm using Solr to provide full-text indexing services for Dovecot,
which uses it to index e-mail bodies. I've only barely scratched the
surface of Java, and know nothing about Java web application
development or deployment.

I installed Solr on my mail server when it was running Jessie or an
earlier release of Debian. I seem to recall that the setup process at
that point in time was pretty straightforward. Recreating the
scenario on a fresh Jessie system now, I see that all I needed to do
to get Jetty responding with Solr-generated responses was to install
solr-jetty, edit /etc/default/jetty8 to set NO_START=0, and restart
jetty8.

When I upgraded my mail server to Debian Stretch, Solr stopped
working. Jetty responded with status 404 instead:

$ curl --verbose http://localhost:8080/solr/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /solr/ HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: text/html; charset=ISO-8859-1
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Length: 289
< Server: Jetty(9.2.21.v20170120)
<

Error 404 Not Found

HTTP ERROR 404
Problem accessing /solr/. Reason:
Not FoundPowered by Jetty://

* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact

Because of my lack of experience with the Java and Jetty ecosystem, it
was a confusing and frustrating process to get Solr working again. It
seemed like the symlink /etc/jetty9/contexts/solr.xml ->
../../solr/solr-jetty.xml was supposed to be doing something, but it
apparently wasn't. (On my Jessie test system, a similar symlink in
/etc/jetty8/contexts/ seems to be the piece that configures Jetty for
Solr.)

It seems like some configuration methods changed between Jetty 8
(Jessie) and Jetty 9 (Stretch). Eventually, I found a helpful message
on jetty-users [1], and a pointer to the right part of the Jetty
documentation [2]. I created this symlink:

$ sudo ln -s /etc/solr/solr-jetty.xml /var/lib/jetty9/webapps/solr.xml

After restarting Jetty, Jetty responded to /solr URLs again, and Solr
worked with my existing configuration and application as it did
previously.

If this symlink is always the right thing to do for an upgrade or a
new installation, would you please consider including it in the
package or having it created upon installation? If it's not the right
thing to do in all cases, could you please add some instructions or
hints to README.Debian?

1. https://dev.eclipse.org/mhonarc/lists/jetty-users/msg05035.html
2.
https://www.eclipse.org/jetty/documentation/current/deployment-architecture.html#default-web-app-provider

Thanks,

-J.P. Larocque

-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to
en_US.UTF-8), LANGUAGE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages solr-jetty depends on:
ii default-jdk [java5-sdk]2:1.8-58
ii jetty9 9.2.21-1
ii libjetty9-extra-java 9.2.21-1
ii openjdk-8-jdk [java5-sdk] 8u151-b12-1~deb9u1
ii solr-common3.6.2+dfsg-10

solr-jetty recommends no packages.

solr-jetty suggests no packages.

-- no debconf information

--
J.P. Larocque
--- End Message ---
--- Begin Message ---
Source: lucene-solr
Source-Version: 3.6.2+dfsg-13

We believe that the bug you reported is fixed in the latest version of
lucene-solr, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 886...@bugs.debian.org,
and the

Bug#891928: marked as done (CVE-2018-1048: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser)

Your message dated Sun, 6 May 2018 21:38:09 +0200
with message-id <91171867-7d8b-c53d-14c9-223822ec9...@debian.org>
and subject line Re: CVE-2018-1048: ALLOW_ENCODED_SLASH option not taken into 
account in the AjpRequestParser
has caused the Debian Bug report #891928,
regarding CVE-2018-1048: ALLOW_ENCODED_SLASH option not taken into account in 
the AjpRequestParser
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
891928: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: undertow
Version: 1.4.8-1+deb9u1
Severity: grave
Tags: security
Forwarded: https://issues.jboss.org/browse/UNDERTOW-1245

It was found that the AJP connector in undertow, as shipped in Jboss
EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus
allow the the slash / anti-slash characters encoded in the url which
may lead to path traversal and result in the information disclosure of
arbitrary local files.

Upstream bug:

https://issues.jboss.org/browse/UNDERTOW-1245

This was apparently fixed in 1.4.22.
--- End Message ---
--- Begin Message ---
I am going to close this bug report because CVE-2018-1048 will not be
fixed in Stretch. As discussed with the security team the package will
be removed instead.



signature.asc
Description: OpenPGP digital signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

undertow_1.4.25-1_source.changes ACCEPTED into unstable



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 06 May 2018 21:29:28 +0200
Source: undertow
Binary: libundertow-java libundertow-java-doc
Architecture: source
Version: 1.4.25-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libundertow-java - flexible performant web server written in Java
 libundertow-java-doc - Documentation for Undertow
Closes: 897247
Changes:
 undertow (1.4.25-1) unstable; urgency=medium
 .
   * New upstream version 1.4.25
 - Fix CVE-2018-1114: File descriptor leak caused by
   JarURLConnection.getLastModified() allows attacker to cause a denial of
   service. (Closes: #897247)
 - Fix CVE-2017-12196: When using Digest authentication the server does not
   ensure that the value of URI in the Authorization header matches the URI
   in HTTP request line. This allows the attacker to cause a MITM attack and
   access the desired content on the server.
   * Declare compliance with Debian Policy 4.1.4.
Checksums-Sha1:
 9626fbf640d84557c6a3c952b568e6fc3d071317 2754 undertow_1.4.25-1.dsc
 10d9205135f8bfc095ecc95de5676466e141fcca 744588 undertow_1.4.25.orig.tar.xz
 f3943ec4f76c1c529f9066d832d0c7035fd8b072 7528 undertow_1.4.25-1.debian.tar.xz
 bf49bc5e7223bd9ac520ac867bfed034ecedafa1 17738 
undertow_1.4.25-1_amd64.buildinfo
Checksums-Sha256:
 facfa86844e8da9544f6e9deee6240493788c75e77f9fda477b6c3d8c0621b4b 2754 
undertow_1.4.25-1.dsc
 eccabc5973944010a15d2a4ec16a3a948c8cf75496d6da9013c84c1867d55a5d 744588 
undertow_1.4.25.orig.tar.xz
 650f26f47cb02a3d806fc9ec45257d85ba0ed1a02b4d3c85c05e2b52fbc0ffa0 7528 
undertow_1.4.25-1.debian.tar.xz
 4ef0e643cbabd5499d84e5d11b46a585e74a1e4688bd3969825170a2cdae1077 17738 
undertow_1.4.25-1_amd64.buildinfo
Files:
 e670ecf8ab523e51d19d7654fa76bac7 2754 java optional undertow_1.4.25-1.dsc
 91b3a5b29190017f7d119ad409690d3d 744588 java optional 
undertow_1.4.25.orig.tar.xz
 ef78fc553059accb288dacceda75edf2 7528 java optional 
undertow_1.4.25-1.debian.tar.xz
 500f45ee38b3fdc6fbf7baf7c07c1c2b 17738 java optional 
undertow_1.4.25-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrvW2pfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkoYQP/2Bvz84AdDycU11v3r79/odyjY3s4bLHVyq1
/KuuqtNtSxOA0+lHd7h11576hF88FoipwnrPlzvUs7Y4sfezdRSRkFJHKja5kjEW
HpFg/rKBnmnMNsmt+Xd53Omgc8eKP1dxA5sH9525UvzCB3dIN2Q56MGQJkfDzD1J
5ASKdWL2lwehnq05reK/l94s5nc3jGOyfb3aZ88mRyw7KMH4LKI/g+1TB2jFnZcG
L1mS7zGI41nVD026H8mlTbJWmB6YaVeIkOa332juvDzSsJonbn4GyeGP9wK1nQnw
pJbX8OMk3tUlAaCyiyJqmtiC+TNpUb3rGf6RNQpNOHVnri6X+2NpsuNkw5RFB68s
uc+7p/krVoVV6FkyJuGrPGdNR5s6c3ouikRGmD9SQW9CQp+t0e3xpgbuRLHigYQ8
mSoxtMtdD9ReA+M1E6BcjmmWCiUFIIoqh3EEYwgq1oYZRMPo6hvBOEq+hYW3Cq6m
CtY4cvbigorFsHxpm0XBO0ywwwKG9bzFOL2Wb4nnalINplABqaRyPJb8ljJ1A6HH
nRFAvpNoqK3B2dA0efvvza/k/U1PX3L/k0CyIfTBWgRHO8+QrGtTBv1ciphZEHeG
rdlOhe1f0cW129LUggmSP8EzMEd/QzAl/H/Q3/3LKd970OxRDH868HL4hLXqqKb6
fRYdKZtZ
=O3cH
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#898086: libequinox-osgi-java: Does not install symlinks into /usr/lib/eclipse/plugins

2018-05-06 Thread Nick Morrott

Source: libequinox-osgi-java
Version: 3.9.1-1
Severity: grave
Justification: renders package unusable
Control: affects eclipse

Dear Maintainer,

The separation of the libequinox-osgi-java binary package from the eclipse
source appears to break fresh installations of eclipse.

On a fresh installation of eclipse on buster/sid (using a supported JDK
version), it is apparent that eclipse is unable to locate
/usr/lib/eclipse/plugins/org.eclipse.osgi_3.8.1.dist.jar (configured in
/usr/lib/eclipse/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info).

On stretch (3.8.1-10), the relevant symlinks between
/usr/lib/eclipse/plugins and
/usr/share/java are present.

On buster/sid, no symlink is created to /usr/lib/eclipse/plugins,
which causes eclipse to immediately crash.

Manually installing the following symlink resolves the issue:

cd /usr/lib/eclipse/plugins
ln -s ../../../share/java/org.eclipse.osgi-3.9.1.jar
org.eclipse.osgi_3.8.1.dist.jar



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (600, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for javamail

2018-05-06 23:35 
https://tests.reproducible-builds.org/debian/unstable/amd64/javamail changed 
from reproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

uddi4j 2.0.5-4 MIGRATED to testing

2018-05-06 Thread Debian testing watch

FYI: The status of the uddi4j source package
in Debian's testing distribution has changed.

  Previous version: 2.0.5-3
  Current version:  2.0.5-4

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for junit4

2018-05-07 00:25 
https://tests.reproducible-builds.org/debian/unstable/amd64/junit4 changed from 
reproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

modulator 1.0-3 MIGRATED to testing

2018-05-06 Thread Debian testing watch

FYI: The status of the modulator source package
in Debian's testing distribution has changed.

  Previous version: 1.0-2
  Current version:  1.0-3

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for java-gnome

2018-05-07 00:24 
https://tests.reproducible-builds.org/debian/unstable/amd64/java-gnome changed 
from reproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for icu4j

2018-05-06 22:31 
https://tests.reproducible-builds.org/debian/unstable/amd64/icu4j changed from 
reproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for groovy

2018-05-06 19:49 
https://tests.reproducible-builds.org/debian/unstable/amd64/groovy changed from 
unreproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for jinput

2018-05-07 00:19 
https://tests.reproducible-builds.org/debian/unstable/amd64/jinput changed from 
reproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for jblas

2018-05-06 23:36 
https://tests.reproducible-builds.org/debian/unstable/amd64/jblas changed from 
reproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for jffi

2018-05-06 23:27 
https://tests.reproducible-builds.org/debian/unstable/amd64/jffi changed from 
reproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

libjsyntaxpane-java 0.9.6~r156-7 MIGRATED to testing

2018-05-06 Thread Debian testing watch

FYI: The status of the libjsyntaxpane-java source package
in Debian's testing distribution has changed.

  Previous version: 0.9.6~r156-6
  Current version:  0.9.6~r156-7

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for java3d

2018-05-06 23:47 
https://tests.reproducible-builds.org/debian/unstable/amd64/java3d changed from 
reproducible -> FTBFS

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

tests.reproducible-builds.org/debian status changes for jmagick