Bug#641530: fop: fails with java.lang.IllegalArgumentException: Cannot open file sRGB.pf

2011-09-14 Thread Raphaël Hertzog 
Package: fop
Version: 1:1.0.dfsg2-2
Severity: grave
Justification: renders package unusable

As you can see in #640308, fop doesn't work any longer... and I have the exact
same problem when trying to build the publican package.

I'm not sure what's the root cause of the problem but it might be similar
to this report:
http://www-01.ibm.com/support/docview.wss?uid=swg1PM17433

So possibly a security change that forbids the automatic discovery
of files with a relative path if some symlinks are involved. CCing debian-java
as their input can be useful here.

I'm using:
$ java -version
java version 1.6.0_23
OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre9-1)
OpenJDK Server VM (build 20.0-b11, mixed mode)

Failure log:

[warning] /usr/bin/fop: Unable to locate servlet-api in /usr/share/java
java.lang.IllegalArgumentException: Cannot open file sRGB.pf
at 
java.awt.color.ICC_Profile.activateDeferredProfile(ICC_Profile.java:1085)
at java.awt.color.ICC_Profile$1.activate(ICC_Profile.java:741)
at 
sun.java2d.cmm.ProfileDeferralMgr.activateProfiles(ProfileDeferralMgr.java:93)
at java.awt.color.ICC_Profile.getInstance(ICC_Profile.java:774)
at java.awt.color.ICC_Profile.getInstance(ICC_Profile.java:994)
at 
org.apache.fop.pdf.PDFICCBasedColorSpace.setupsRGBColorProfile(PDFICCBasedColorSpace.java:141)
at 
org.apache.fop.pdf.PDFICCBasedColorSpace.setupsRGBAsDefaultRGBColorSpace(PDFICCBasedColorSpace.java:109)
at 
org.apache.fop.render.pdf.PDFRenderingUtil.addsRGBColorSpace(PDFRenderingUtil.java:265)
at 
org.apache.fop.render.pdf.PDFRenderingUtil.setupPDFDocument(PDFRenderingUtil.java:378)
at 
org.apache.fop.render.pdf.PDFDocumentHandler.startDocument(PDFDocumentHandler.java:144)
at 
org.apache.fop.render.intermediate.IFRenderer.startRenderer(IFRenderer.java:253)
at org.apache.fop.area.RenderPagesModel.init(RenderPagesModel.java:79)
at 
org.apache.fop.area.AreaTreeHandler.setupModel(AreaTreeHandler.java:130)
at org.apache.fop.area.AreaTreeHandler.init(AreaTreeHandler.java:102)
at 
org.apache.fop.render.RendererFactory.createFOEventHandler(RendererFactory.java:359)
at org.apache.fop.fo.FOTreeBuilder.init(FOTreeBuilder.java:105)
at org.apache.fop.apps.Fop.createDefaultHandler(Fop.java:101)
at org.apache.fop.apps.Fop.init(Fop.java:79)
at org.apache.fop.apps.FopFactory.newFop(FopFactory.java:271)
at org.apache.fop.cli.InputHandler.renderTo(InputHandler.java:109)
at org.apache.fop.cli.Main.startFOP(Main.java:174)
at org.apache.fop.cli.Main.main(Main.java:207)


-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fop depends on:
ii  default-jre-headless [java2-runtime-headless]1:1.6-43   
ii  gcj-4.4-jre-headless [java2-runtime-headless]4.4.6-10   
ii  gcj-4.6-jre-headless [java2-runtime-headless]4.6.1-4
ii  gcj-jre-headless [java2-runtime-headless]4:4.6.1-2  
ii  java-wrappers0.1.23 
ii  libavalon-framework-java 4.2.0-7
ii  libbatik-java1.7-7  
ii  libbsf-java  1:2.4.0-4  
ii  libcommons-io-java   1.4-3  
ii  libcommons-logging-java  1.1.1-8
ii  libxalan2-java   2.7.1-5
ii  libxerces2-java  2.11.0-2   
ii  libxml-commons-external-java 1.4.01-2   
ii  libxmlgraphics-commons-java  1.4.dfsg-3 
ii  libxt6   1:1.1.1-2  
ii  libxtst6 2:1.2.0-3  
ii  openjdk-6-jre-headless [java2-runtime-headless]  6b23~pre9-1
ii  sun-java6-jre [java2-runtime-headless]   6.26-3 

Versions of packages fop recommends:
ii  libsaxon-java  1:6.5.5-7

Versions of packages fop suggests:
pn  fop-doc none
pn  libservlet2.4-java  none

-- no debconf information



__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#649476: fop: Fails to build publican's user guide with org.apache.fop.apps.FOPException java.lang.NullPointerException

2011-11-21 Thread Raphaël Hertzog 
Package: fop
Version: 1:1.0.dfsg2-3
Severity: important

publican 2.8 (that I just uploaded to unstable) has a test suite and fop is
called as part of this test suite since it's the tool used to generate
the PDF output. But fop fails with this highly unhelpful error message:
Exception
org.apache.fop.apps.FOPException
java.lang.NullPointerException

It works fine with the manual in the version 2.5. I'm not sure what is
the change that fop does not like. I disabled the test suite for now but
it would be nice to see fop fixed instead. :)

A bit more context in the build log gives this:

Making portrait pages on A4 paper (210mmx297mm)
No en localization of other exists.
[warning] /usr/bin/fop: Unable to locate servlet-api in /usr/share/java
Couldn't find hyphenation pattern en
Invalid property value encountered in keep-together.within-column=: 
org.apache.fop.fo.expr.PropertyException: 
file:/«PKGBUILDDIR»/Users_Guide/build/en-US/xml/Users_Guide.fo:413:27: No 
conversion defined ; property:'keep-together.within-column' (See position 
413:399)
Invalid property value encountered in keep-together.within-column=: 
org.apache.fop.fo.expr.PropertyException: 
file:/«PKGBUILDDIR»/Users_Guide/build/en-US/xml/Users_Guide.fo:486:27: No 
conversion defined ; property:'keep-together.within-column' (See position 
486:399)
Invalid property value encountered in keep-together.within-column=: 
org.apache.fop.fo.expr.PropertyException: 
file:/«PKGBUILDDIR»/Users_Guide/build/en-US/xml/Users_Guide.fo:534:27: No 
conversion defined ; property:'keep-together.within-column' (See position 
534:399)
Invalid property value encountered in keep-together.within-column=: 
org.apache.fop.fo.expr.PropertyException: 
file:/«PKGBUILDDIR»/Users_Guide/build/en-US/xml/Users_Guide.fo:806:24: No 
conversion defined ; property:'keep-together.within-column' (See position 
806:396)
Invalid property value encountered in keep-together.within-column=: 
org.apache.fop.fo.expr.PropertyException: 
file:/«PKGBUILDDIR»/Users_Guide/build/en-US/xml/Users_Guide.fo:1288:88: No 
conversion defined ; property:'keep-together.within-column' (See position 
1288:461)
Invalid property value encountered in keep-together.within-column=: 
org.apache.fop.fo.expr.PropertyException: 
file:/«PKGBUILDDIR»/Users_Guide/build/en-US/xml/Users_Guide.fo:1320:955: No 
conversion defined ; property:'keep-together.within-column' (See position 
1320:1327)
Exception
org.apache.fop.apps.FOPException
java.lang.NullPointerException


FOP error, PDF generation failed. Check log for details.
 at /«PKGBUILDDIR»/blib/script/publican line 763
# 
# result 5 = 512

#   Failed test 'build the Users Guide in all formats'
#   at t/910.publican.Users_Guide.t line 69.
#  got: '512'
# expected: '0'
# Looks like you failed 1 test of 5.
t/910.publican.Users_Guide.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/5 subtests 
t/perlcritic.t  ok
t/pod-coverage.t .. ok
t/pod.t ... ok
Failed 1/10 test programs. 1/68 subtests failed.




-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fop depends on:
ii  default-jre-headless [java2-runtime-headless]1:1.6-43
ii  gcj-4.6-jre-headless [java2-runtime-headless]4.6.2-2 
ii  gcj-jre-headless [java2-runtime-headless]4:4.6.1-3   
ii  java-wrappers0.1.24  
ii  libavalon-framework-java 4.2.0-8 
ii  libbatik-java1.7-8   
ii  libbsf-java  1:2.4.0-4   
ii  libcommons-io-java   1.4-4   
ii  libcommons-logging-java  1.1.1-8 
ii  libxalan2-java   2.7.1-5 
ii  libxerces2-java  2.11.0-3
ii  libxml-commons-external-java 1.4.01-2
ii  libxmlgraphics-commons-java  1.4.dfsg-3  
ii  libxt6   1:1.1.1-2   
ii  libxtst6 2:1.2.0-4   
ii  openjdk-6-jre-headless [java2-runtime-headless]  6b23~pre11-1
ii  sun-java6-jre [java2-runtime-headless]   6.26-3  

Versions of packages fop recommends:
ii  libsaxon-java  1:6.5.5-7

Versions of packages fop suggests:
pn  fop-doc none
pn  libservlet2.4-java  none

-- no debconf information



__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and

Bug#762462: glassfish: Current version no longer supported upstream

2014-09-22 Thread Raphaël Hertzog 
Source: glassfish
Version: 1:2.1.1-b31g+dfsg1-1
Severity: serious
Tags: security

Hello,

while looking up open security issues in glassfish I noticed that the
current version is no longer supported upstream (according to
http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf).

You already have open security issues that nobody knows how to fix so
it's clearly not acceptable to release this version in jessie:
https://security-tracker.debian.org/tracker/source-package/glassfish

Please consider packaging version 4.x which seems to be mentionned
on the upstream homepage:
https://glassfish.java.net/download.html

Regards,

-- System Information:
Debian Release: jessie/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#795027: jarwrapper: Does not work when installed in chroot while already active outside the chroot

2015-08-09 Thread Raphaël Hertzog 
Package: jarwrapper
Version: 0.52
Severity: important
User: de...@kali.org
Usertags: origin-kali

In Kali, we have a package depending on jarwrapper and which provides
/usr/bin/burpsuite as an executable jar. However when it gets installed
in the build chroot of our live ISO image, the postinst of jarwrapper does
nothing because it believes that the required binfmt-support is already
there:

Setting up jarwrapper (0.48) ...
update-binfmts: warning: found manually created entry for jarwrapper in 
/proc/sys/fs/binfmt_misc; leaving it alone

Thus nothing is stored in /var/lib/binfmts/ and the required binfmt_misc
support is not setup when you boot the generated live image.

$ ls -al /var/lib/binfmts/
total 12
drwxr-xr-x  2 root root 4096 août   9 19:15 .
drwxr-xr-x 17 root root 4096 août   9 19:15 ..
-rw-r--r--  1 root root   58 août   9 19:15 python2.7

I believe that the proper fix for this is also the proper fix for
#779895 : shipping a file ready to use by binfmt-support
in /usr/share/binfmts as /usr/share/doc/binfmt-support/README.Debian
suggests.

A patch will follow.

-- System Information:
Debian Release: stretch/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages jarwrapper depends on:
ii  binfmt-support  2.1.5-1
ii  fastjar 2:0.98-5

jarwrapper recommends no packages.

jarwrapper suggests no packages.

-- no debconf information

__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#802671: bouncycastle: ECC private keys can be recovered via invalid curve attack

2015-10-22 Thread Raphaël Hertzog 
Source: bouncycastle
Version: 1.44+dfsg-2
Severity: serious
Tags: security
Control: fixed -1 1.51-1

Hello,

bouncycastle 1.49 in stable/testing/unstable (and 1.44 in wheezy/squeeze)
is vulnerable to an invalid curve attack as described here:
https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html

This is fixed in version 1.51 (in experimental).

The upstream patches that fix this issue should be those ones:
https://github.com/bcgit/bc-java/commit/5cb2f05
https://github.com/bcgit/bc-java/commit/e25e94a

A CVE has been requested here:
http://www.openwall.com/lists/oss-security/2015/10/22/7

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.