Processed: Pending fixes for bugs in the tomcat8 package

Processing commands for cont...@bugs.debian.org: > tag 845393 + pending Bug #845393 [tomcat8] Privilege escalation via upgrade Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 845393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393

Bug#845393: Pending fixes for bugs in the tomcat8 package

tag 845393 + pending thanks Some bugs in the tomcat8 package are closed in revision 02570d621344cdc7cf3f3632fcbf6f6e024aa1d6 in branch ' experimental' by Emmanuel Bourg The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/tomcat8.git/commit/?id=02570d6 Commit message: No

Bug#833257: Bug#825786: tomcat8: postinst script overwrites file permissions in /etc

Le 1/12/2016 à 09:36, Emmanuel Bourg a écrit : > I observed that even when copyXML is false, Tomcat creates an empty > directory per virtualhost under /etc/tomcat8/Catalina (for example > /etc/tomcat8/Catalina/www.example.org). When I made > /etc/tomcat8/Catalina read-only Tomcat didn't complain,

libjgoodies-looks-java 2.7.0-2 MIGRATED to testing

FYI: The status of the libjgoodies-looks-java source package in Debian's testing distribution has changed. Previous version: 2.5.2-3 Current version: 2.7.0-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day

Bug#845393: marked as done (Privilege escalation via upgrade)

Your message dated Thu, 01 Dec 2016 18:20:30 + with message-id and subject line Bug#845393: fixed in tomcat8 8.5.8-2 has caused the Debian Bug report #845393, regarding Privilege escalation via upgrade to be marked as done. This means that you claim that

Bug#845385: marked as done (Privilege escalation via removal)

Your message dated Thu, 01 Dec 2016 18:20:30 + with message-id and subject line Bug#845385: fixed in tomcat8 8.5.8-2 has caused the Debian Bug report #845385, regarding Privilege escalation via removal to be marked as done. This means that you claim that

Bug#845661: marked as done (tomcat8: Access log file suffix doesn't match suffix in rotation cron job)

Your message dated Thu, 01 Dec 2016 18:20:30 + with message-id and subject line Bug#845661: fixed in tomcat8 8.5.8-2 has caused the Debian Bug report #845661, regarding tomcat8: Access log file suffix doesn't match suffix in rotation cron job to be marked

Bug#833261: marked as done (tomcat8: please set the home directory to /var/lib/tomcat8)

Your message dated Thu, 01 Dec 2016 18:20:29 + with message-id and subject line Bug#833261: fixed in tomcat8 8.5.8-2 has caused the Debian Bug report #833261, regarding tomcat8: please set the home directory to /var/lib/tomcat8 to be marked as done. This

Bug#843135: marked as done (tomcat8: /usr/share/tomcat8/logrotate.template missing "delaycompress")

Your message dated Thu, 01 Dec 2016 18:20:30 + with message-id and subject line Bug#843135: fixed in tomcat8 8.5.8-2 has caused the Debian Bug report #843135, regarding tomcat8: /usr/share/tomcat8/logrotate.template missing "delaycompress" to be marked as

libjgoodies-common-java 1.8.1-2 MIGRATED to testing

FYI: The status of the libjgoodies-common-java source package in Debian's testing distribution has changed. Previous version: 1.7.0-2 Current version: 1.8.1-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day

tomcat8_8.5.8-2_amd64.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 01 Dec 2016 18:41:14 +0100 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs

Processing of tomcat8_8.5.8-2_amd64.changes

tomcat8_8.5.8-2_amd64.changes uploaded successfully to localhost along with the files: tomcat8_8.5.8-2.dsc tomcat8_8.5.8-2.debian.tar.xz libservlet3.1-java-doc_8.5.8-2_all.deb libservlet3.1-java_8.5.8-2_all.deb libtomcat8-embed-java_8.5.8-2_all.deb libtomcat8-java_8.5.8-2_all.deb

Bug#845393: Pending fixes for bugs in the tomcat8 package

Dear Emmanuel, > No longer make /etc/tomcat8/Catalina/localhost writable ... The bug depends on "Catalina" being writable; the permissions on "localhost" are irrelevant. Please re-open. Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of

Processed: Re: Bug#845393: marked as done (Privilege escalation via upgrade)

Processing commands for cont...@bugs.debian.org: > reopen 845393 Bug #845393 {Done: Emmanuel Bourg } [tomcat8] Privilege escalation via upgrade 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to

Bug#845393: marked as done (Privilege escalation via upgrade)

reopen 845393 thanks Not done. Please fix proper. Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia __ This is the maintainer address of Debian's Java team

Re: Bug#845393: Pending fixes for bugs in the tomcat8 package

Le 1/12/2016 à 20:37, paul.sz...@sydney.edu.au a écrit : > The bug depends on "Catalina" being writable; the permissions on > "localhost" are irrelevant. Hi Paul, The postinst script no longer runs chmod 755 on the localhost directory. If I'm not mistaken this fixes the issue you reported.

Bug#845393: Pending fixes for bugs in the tomcat8 package

Hmm... I just accused you of being mistaken... but maybe it is I who is wrong. - Now thinking it through again. Cheers, Paul __ This is the maintainer address of Debian's Java team . Please use

Bug#845393: Pending fixes for bugs in the tomcat8 package

Dear Emmanuel, >> The bug depends on "Catalina" being writable; the permissions on >> "localhost" are irrelevant. > > The postinst script no longer runs chmod 755 on the localhost directory. > If I'm not mistaken this fixes the issue you reported. > >

Bug#845393: Pending fixes for bugs in the tomcat8 package

Dear Emmanuel, Sorry for my previous outbursts. I was wrong. Your fix (chmod-ing just Catalina, not localhost) is fine: if you do not chmod localhost, then there is no issue even if localhost is replaced by a symlink pointing somewhere. However... will tomcat still "work"? On my machine, I have

Bug#845393: Pending fixes for bugs in the tomcat8 package

Le 1/12/2016 à 21:49, paul.sz...@sydney.edu.au a écrit : > Sorry for my previous outbursts. I was wrong. No problem, thanks a lot for the review. > However... will tomcat still "work"? On my machine, I have one XML file > /etc/tomcat8/Catalina/localhost/mapleta.xml > in there, for the one

Bug#845393: Pending fixes for bugs in the tomcat8 package

Dear Emmanuel, (Yes I had tomcat6, then went to tomcat8, skipping tomcat7; and have inherited things.) You seem to say that /etc/tomcat8/Catalina/localhost does not need to be writable by tomcat8, setting it so was useless (thus wrong). What about the /etc/tomcat8/Catalina directory, is

Bug#845393: Pending fixes for bugs in the tomcat8 package

Le 2/12/2016 à 00:32, Markus Koschany a écrit : > Just my 2 cents about the "other" packages that install files into > /etc/tomcat8/Catalina/localhost. In my opinion they should just symlink > files into this path if at all. You mentioned jspwiki as one possible > candidate in one of your earlier

Bug#845393: Pending fixes for bugs in the tomcat8 package

On 02.12.2016 00:15, Emmanuel Bourg wrote: > Le 1/12/2016 à 21:49, paul.sz...@sydney.edu.au a écrit : [...] >> Maybe /etc/tomcat8/Catalina/localhost is to be "delivered" writable from >> the DEB package, the ownership only to be fixed in postinst? In the >> current DEB, that directory is not

Processed: Pending fixes for bugs in the tomcat8 package

Processing commands for cont...@bugs.debian.org: > tag 845385 + pending Bug #845385 [tomcat8] Privilege escalation via removal Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 845385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385

Bug#846463: Depends on default-jre-headless and Suggests default-jre?

Package: proguard Version: 5.3.1-1 Severity: wishlist proguard is mostly used as a command line program and used by various build systems such as the Gradle Android Plugin. There's no need to force install the headful JRE together with Proguard. Perhaps putting it to Suggests is a better

Bug#833257: Bug#825786: tomcat8: postinst script overwrites file permissions in /etc

On Tue, 2 Aug 2016 11:06:56 +0200 Markus Koschany wrote: > Tomcat 8 should not write files into /etc/tomcat8/Catalina. The fact that Tomcat is able to write to /etc/tomcat8/Catalina contributed to the vulnerability described in #845393. This directory is writable because

Bug#846463: Depends on default-jre-headless and Suggests default-jre?

Le 1/12/2016 à 10:36, 殷啟聰 a écrit : > proguard is mostly used as a command line program and used by various > build systems such as the Gradle Android Plugin. There's no need to > force install the headful JRE together with Proguard. Perhaps putting > it to Suggests is a better approach? This is

Processed: Pending fixes for bugs in the tomcat8 package

Processing commands for cont...@bugs.debian.org: > tag 833261 + pending Bug #833261 [src:tomcat8] tomcat8: please set the home directory to /var/lib/tomcat8 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 833261:

Bug#833261: Pending fixes for bugs in the tomcat8 package

tag 833261 + pending thanks Some bugs in the tomcat8 package are closed in revision 0a7e74a658aa3f91f17a7fb447647aac62b345bb in branch ' experimental' by Emmanuel Bourg The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/tomcat8.git/commit/?id=0a7e74a Commit message:

Processed: Pending fixes for bugs in the tomcat8 package

Processing commands for cont...@bugs.debian.org: > tag 843135 + pending Bug #843135 [tomcat8] tomcat8: /usr/share/tomcat8/logrotate.template missing "delaycompress" Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 843135:

Bug#843135: Pending fixes for bugs in the tomcat8 package

tag 843135 + pending thanks Some bugs in the tomcat8 package are closed in revision 213d93c4675e4724682b9dfe9eaed8530375f9c2 in branch ' experimental' by Emmanuel Bourg The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/tomcat8.git/commit/?id=213d93c Commit message:

Bug#844336: marked as done (gradle: fails to upgrade to 3.1-1)

Your message dated Thu, 1 Dec 2016 18:40:30 +0800 with message-id

Bug#845661: Pending fixes for bugs in the tomcat8 package

tag 845661 + pending thanks Some bugs in the tomcat8 package are closed in revision 740422a83e7760fb478dfbac791d1272ae574d16 in branch ' experimental' by Emmanuel Bourg The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/tomcat8.git/commit/?id=740422a Commit message:

Processed: Pending fixes for bugs in the tomcat8 package

Processing commands for cont...@bugs.debian.org: > tag 845661 + pending Bug #845661 [tomcat8] tomcat8: Access log file suffix doesn't match suffix in rotation cron job Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 845661:

Bug#844336: Fixed in 3.1-2

Control: fixed -1 3.1-2 Turns out you can't use controls in the closing emails. __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for discussions and questions.

Processed: Fixed in 3.1-2

Processing control commands: > fixed -1 3.1-2 Bug #844336 {Done: 殷啟聰 } [gradle] gradle: fails to upgrade to 3.1-1 Marked as fixed in versions gradle/3.1-2. -- 844336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844336 Debian Bug Tracking System Contact

Bug#844021: libnative-platform-java 0.11-4 is not compatible with programs built with 0.10*

Hi Vincent, Thanks for the patch, I think breaking libgradle-core-java is enough as this is the very package that uses libnative-platform-java. I'm uploading it soon. __ This is the maintainer address of Debian's Java team

Bug#844021: Pending fixes for bugs in the libnative-platform-java package

tag 844021 + pending thanks Some bugs in the libnative-platform-java package are closed in revision b36b795efd6d814b25541bbd61b514ec0c39bd1c in branch 'master' by Kai-Chung Yan (殷啟聰) The full diff can be seen at

Processed: Pending fixes for bugs in the libnative-platform-java package

Processing commands for cont...@bugs.debian.org: > tag 844021 + pending Bug #844021 [libnative-platform-java] libnative-platform-java 0.11-4 is not compatible with programs built with 0.10* Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. --

Processing of libnative-platform-java_0.11-5_source.changes

libnative-platform-java_0.11-5_source.changes uploaded successfully to localhost along with the files: libnative-platform-java_0.11-5.dsc libnative-platform-java_0.11-5.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the maintainer

libnative-platform-java_0.11-5_source.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 02 Dec 2016 14:15:16 +0800 Source: libnative-platform-java Binary: libnative-platform-java libnative-platform-jni libnative-platform-java-doc Architecture: source Version: 0.11-5 Distribution: unstable Urgency:

Bug#844021: marked as done (libnative-platform-java 0.11-4 is not compatible with programs built with 0.10*)

Your message dated Fri, 02 Dec 2016 06:33:52 + with message-id and subject line Bug#844021: fixed in libnative-platform-java 0.11-5 has caused the Debian Bug report #844021, regarding libnative-platform-java 0.11-4 is not compatible with programs built

Processed: tagging 846116

Processing commands for cont...@bugs.debian.org: > tags 846116 + confirmed Bug #846116 [src:libhamcrest-java] libhamcrest-java: FTBFS randomly (error: cannot access Description) Added tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 846116: