Re: Debian packages of (scientific) Java libraries

[Florian Rothmaier]

Hello Steffen,

thanks for your prompt reply and the useful hints for working with Java 
packages!

Best,
Florian


Am 09.02.2012 09:39, schrieb Steffen Möller:
 Hello Florian,

 On 02/08/2012 05:36 PM, Florian Rothmaier wrote:
 I work on an astronomy project called Virtual Observatory (VO) at
 the University of Heidelberg. In our working group, we had the idea to
 start Debian-packaging of VO-related software widespreadly used by
 professional and amateur astronomers.

 By creating Debian packages of VO-related libraries and applications,
 we aim at facilitating the installation and maintenance of VO clients
 on Debian(-derived) systems and the distribution of astronomical
 software and its dependencies within the open-source community.
 this is a very nice idea. Much appreciated.
 One of our projects is the dpkging of the graphical viewer and data
 editor TOPCAT, see
 http://www.star.bris.ac.uk/~mbt/topcat/ .

 When I started my packaging work, I had to note that a large number of
 external libs required by TOPCAT comes along in .jar archives.
 Fortunately, some of them have already been dpkged (e.g.
 libdomj4-java, libjetty-java or libjfreechart-java), others haven't. I
 understood that I would have to focus on the prerequisites for
 packaging TOPCAT, i.e. on generating local Debian packages for
 TOPCAT's dependencies.
 This is very typical of all those Java beasts.
 Right now, I have ~10 Debian packages of Java libraries ready, so far
 only available on my local machine.
 I would be very grateful for any hint or suggestion on the best way I
 should proceed with my astronomy packaging project.
 For a functional .deb, albeit not redistributable within Debian, you can
 still have the one or other .jar shipping along your own software. My
 suggestion is to one-by-one remove one of those of your end-user-package
 into a separate Debian package and keep testing the functionality of
 your software.  Especially when sharing with other packages, more
 complex Java software tends to have pesky version dependencies that
 sometimes only manifest at runtime.

 The regular Java bits I indeed suggest to leave with pkg-java. When it
 gets more astronomical, consider also the Debian Science community.

 For communication with others you may use the mentors.debian.net, but
 many also like using an Ubuntu PPA, so you get a free build daemon.

 Best,

 Steffen








__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#581790: me too

[Yuri]

Hi!

I0ve benn hit by this bug, installing libapache-mod-jk on squeeze don't 
create /etc/apache2/mods-enabled/jk.conf




__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#660653: FTBFS

[Moritz Muehlenhoff]

Package: akuma
Version: 1.7-1
Severity: serious

akuma fails to build from source:

dh_installpam -plibakuma-java 
dh_installlogrotate -plibakuma-java 
dh_installlogcheck -plibakuma-java 
dh_installchangelogs -plibakuma-java  
dh_installudev -plibakuma-java 
dh_lintian -plibakuma-java 
dh_bugfiles -plibakuma-java 
dh_install -plibakuma-java  
dh_link -plibakuma-java  
dh_buildinfo -plibakuma-java 
dh_installmime -plibakuma-java 
dh_installgsettings -plibakuma-java 
jh_installlibs -plibakuma-java 
jh_classpath -plibakuma-java 
IO error: opening 
debian/libakuma-java/debian/libakuma-java/usr/share/java/akuma.jar for read : 
No such file or directory 
 at /usr/share/perl5/Archive/Zip/Archive.pm line 546
Archive::Zip::Archive::read('Archive::Zip::Archive=HASH(0x1ec4940)', 
'debian/libakuma-java/debian/libakuma-java/usr/share/java/akum...') called at 
/usr/bin/jh_manifest line 295

main::update_jar('debian/libakuma-java/debian/libakuma-java/usr/share/java/akum...',
 undef) called at /usr/bin/jh_manifest line 142
jh_manifest: Could not read 
debian/libakuma-java/debian/libakuma-java/usr/share/java/akuma.jar: No such 
file or directory
make: *** [binary-post-install/libakuma-java] Error 1
dpkg-buildpackage: error: debian/rules binary gave error exit status 2



__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#660674: Please remove me from uploaders

[Daniel Leidert]

Source: cdk
Severity: minor

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm not working on the cdk package. Please remove my name from the uploaders
field. This package probably needs to be orphaned.

Regards, Daniel


- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk9CpKwACgkQm0bx+wiPa4woRgCfUS0lMb6kRc1cwfxoQzjQOpsY
RQ4AnipS6Oi2RHavWYni4CRuRXSoaN8y
=uB7i
-END PGP SIGNATURE-



__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#660688: [jenkins] Please enable maven-plugin

[Jakub Adam]

Package: jenkins
Version: 1.424.2+dfsg-2
Severity: wishlist

--- Please enter the report below this line. ---

Please enable building and packaging of maven-plugin (and possibly other 
Jenkins plugins
that are part of the core tarball). Jenkins Maven plugin is a dependency of 
another plugin
that I'd like to package (Copy Artifact Plugin).

Thanks

Jakub

--- System information. ---
Architecture: amd64
Kernel:   Linux 3.2.0-1-amd64

Debian Release: wheezy/sid
  500 unstableftp.cz.debian.org
  500 unstableemdebian.org
  500 testing www.debian-multimedia.org
  500 testing security.debian.org
  500 testing ftp.cz.debian.org
1 experimentalftp.debian.org

--- Package information. ---
Depends (Version) | Installed
=-+-===
adduser   | 3.113+nmu1
default-jre-headless  | 1:1.6-46
 OR java6-runtime-headless|
jenkins-common| 1.424.2+dfsg-2
daemon| 0.6.4-1
psmisc| 22.15-2


Package's Recommends field is empty.

Package's Suggests field is empty.






__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

java-package_0.50_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:
java-package_0.50.dsc
  to contrib/j/java-package/java-package_0.50.dsc
java-package_0.50.tar.gz
  to contrib/j/java-package/java-package_0.50.tar.gz
java-package_0.50_all.deb
  to contrib/j/java-package/java-package_0.50_all.deb


Override entries for your package:
java-package_0.50.dsc - optional contrib/misc
java-package_0.50_all.deb - optional contrib/misc

Announcing to debian-devel-chan...@lists.debian.org
Closing bugs: 367887 514364 


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of mojarra_2.0.3-1+squeeze1_amd64.changes

[Debian FTP Masters]

mojarra_2.0.3-1+squeeze1_amd64.changes uploaded successfully to localhost
along with the files:
  mojarra_2.0.3-1+squeeze1.dsc
  mojarra_2.0.3.orig.tar.gz
  mojarra_2.0.3-1+squeeze1.debian.tar.gz
  libjsf-api-java_2.0.3-1+squeeze1_all.deb
  libjsf-impl-java_2.0.3-1+squeeze1_all.deb
  libjsf-java-doc_2.0.3-1+squeeze1_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

mojarra_2.0.3-1+squeeze1_amd64.changes ACCEPTED into proposed-updates

[Debian FTP Masters]

Warnings:
Could not copy mojarra_2.0.3.orig.tar.gz to holding; will attempt to find in DB 
later
ignoring mojarra_2.0.3.orig.tar.gz, since it's already in the archive.

Notes:
Mapping stable-security to proposed-updates.


Accepted:
libjsf-api-java_2.0.3-1+squeeze1_all.deb
  to main/m/mojarra/libjsf-api-java_2.0.3-1+squeeze1_all.deb
libjsf-impl-java_2.0.3-1+squeeze1_all.deb
  to main/m/mojarra/libjsf-impl-java_2.0.3-1+squeeze1_all.deb
libjsf-java-doc_2.0.3-1+squeeze1_all.deb
  to main/m/mojarra/libjsf-java-doc_2.0.3-1+squeeze1_all.deb
mojarra_2.0.3-1+squeeze1.debian.tar.gz
  to main/m/mojarra/mojarra_2.0.3-1+squeeze1.debian.tar.gz
mojarra_2.0.3-1+squeeze1.dsc
  to main/m/mojarra/mojarra_2.0.3-1+squeeze1.dsc


Override entries for your package:
libjsf-api-java_2.0.3-1+squeeze1_all.deb - optional java
libjsf-impl-java_2.0.3-1+squeeze1_all.deb - optional java
libjsf-java-doc_2.0.3-1+squeeze1_all.deb - optional doc
mojarra_2.0.3-1+squeeze1.dsc - source java

Announcing to debian-chan...@lists.debian.org
Closing bugs: 650430 


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#650430: marked as done (Mojarra: CVE-2011-4358)

[Debian Bug Tracking System]

Your message dated Mon, 20 Feb 2012 22:49:11 +
with message-id e1rzc2h-00010u...@franck.debian.org
and subject line Bug#650430: fixed in mojarra 2.0.3-1+squeeze1
has caused the Debian Bug report #650430,
regarding Mojarra: CVE-2011-4358
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
650430: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650430
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: mojarra
Severity: grave
Tags: security patch

Hi there,
A vulnerability against mojarra have been reported.
http://www.openwall.com/lists/oss-security/2011/11/29/1

Please, check the reference to a get a patch and a PoC.

Best Regards,

/luciano


---End Message---
---BeginMessage---
Source: mojarra
Source-Version: 2.0.3-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
mojarra, which is due to be installed in the Debian FTP archive:

libjsf-api-java_2.0.3-1+squeeze1_all.deb
  to main/m/mojarra/libjsf-api-java_2.0.3-1+squeeze1_all.deb
libjsf-impl-java_2.0.3-1+squeeze1_all.deb
  to main/m/mojarra/libjsf-impl-java_2.0.3-1+squeeze1_all.deb
libjsf-java-doc_2.0.3-1+squeeze1_all.deb
  to main/m/mojarra/libjsf-java-doc_2.0.3-1+squeeze1_all.deb
mojarra_2.0.3-1+squeeze1.debian.tar.gz
  to main/m/mojarra/mojarra_2.0.3-1+squeeze1.debian.tar.gz
mojarra_2.0.3-1+squeeze1.dsc
  to main/m/mojarra/mojarra_2.0.3-1+squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 650...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Miguel Landaeta mig...@miguel.cc (supplier of updated mojarra package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 29 Nov 2011 19:45:48 -0430
Source: mojarra
Binary: libjsf-api-java libjsf-impl-java libjsf-java-doc
Architecture: source all
Version: 2.0.3-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Java Maintainers 
pkg-java-maintainers@lists.alioth.debian.org
Changed-By: Miguel Landaeta mig...@miguel.cc
Description: 
 libjsf-api-java - JavaServer Faces 2.0 Java EE web framework - API
 libjsf-impl-java - JavaServer Faces 2.0 Java EE web framework - Implementation
 libjsf-java-doc - Documentation for libjsf-api-java
Closes: 650430
Changes: 
 mojarra (2.0.3-1+squeeze1) stable-security; urgency=high
 .
   * Fixed critical bug by not allowing the value of UIViewParam to be an
 EL Expression: CVE-2011-4358. (Closes: #650430).
Checksums-Sha1: 
 80af96980131d17992e4b513e4261bf0c10fb198 1901 mojarra_2.0.3-1+squeeze1.dsc
 ce1cfc55dcbf12ddb56d4f7302c8aaef9514cfd4 3297582 mojarra_2.0.3.orig.tar.gz
 bf07bf5c7dec6c8796aee7a46aa8ab7609a97531 17690 
mojarra_2.0.3-1+squeeze1.debian.tar.gz
 59990e28dfa7e38194d4d44b8feb1b7d2aab2fc4 432880 
libjsf-api-java_2.0.3-1+squeeze1_all.deb
 624d10dc0757f55ea7357132ea8cb387151a7662 1410476 
libjsf-impl-java_2.0.3-1+squeeze1_all.deb
 b378bb22961c1623215425e245239d1d48dbc5fc 970868 
libjsf-java-doc_2.0.3-1+squeeze1_all.deb
Checksums-Sha256: 
 1cf2d6ae5e6b19e89cd0a9da59198d60f139513c82b4375f2798ce8bdf421179 1901 
mojarra_2.0.3-1+squeeze1.dsc
 c5a15ddc0307b39acdd0b75877c85dd755dbaec9deb37578ed2d3de8f65816d5 3297582 
mojarra_2.0.3.orig.tar.gz
 f8d8d08700f741cff7ca1525e5675162d4c58ee88fdebd2a5a1077a4d3566a4b 17690 
mojarra_2.0.3-1+squeeze1.debian.tar.gz
 eb91031cb0aca2e651b962f00b8a5ea2a544811d5eee8fee1f9b438aa88b4745 432880 
libjsf-api-java_2.0.3-1+squeeze1_all.deb
 b60c46ec99c2ab71faf0cb445aeccbd999eff80f1d5bcefe614311ce70d0107c 1410476 
libjsf-impl-java_2.0.3-1+squeeze1_all.deb
 e79608daccabbd22cdbee0b8cb765fa6011f6f658e7480fed65b94b662424a13 970868 
libjsf-java-doc_2.0.3-1+squeeze1_all.deb
Files: 
 622e7ea9f1dbf018f6818d4555f0778d 1901 java optional 
mojarra_2.0.3-1+squeeze1.dsc
 6d9b588e56dabbb4b4d684a4730c8f03 3297582 java optional 
mojarra_2.0.3.orig.tar.gz
 03b441a5e9f69266670ed2f05d7a0044 17690 java optional 
mojarra_2.0.3-1+squeeze1.debian.tar.gz
 ea73cc3ea8dd5165279fe718c01c8ff6 432880 java optional 
libjsf-api-java_2.0.3-1+squeeze1_all.deb
 2ed366d8176100d01a79a8308b824f79 1410476 java optional 
libjsf-impl-java_2.0.3-1+squeeze1_all.deb
 c3e1e043dfa3527fcfb9b1c6a299b21c 970868 doc optional 
libjsf-java-doc_2.0.3-1+squeeze1_all.deb

-BEGIN PGP 

Bug#657870: Multiple issues in Struts

[Damien Raude-Morvan]

Hi Moritz,

Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit :
 On 09/02/2012 21:16, Moritz Mühlenhoff wrote:
  There's a new issues, which affects 1.x:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007
 
  From [1], it seems there is no actual fix for this issue :(
 I'll contact Struts Security Team on this matter.

Okay, I got some feedback for Struts Security Team.

This particular security issue doesn't affect Struts as binary library (ie. 
/usr/share/java/struts-1.2.jar is unaffected) but concern only samples provided 
as source is /usr/share/doc/libstruts1.2-java/example*

Do you think we should provide an updated package for squeeze (I think we can 
just drop examples) ?

Cheers,
-- 
Damien


signature.asc
Description: This is a digitally signed message part.
__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.