Bug#898086: libequinox-osgi-java: Does not install symlinks into /usr/lib/eclipse/plugins

2018-05-07 Thread Markus Koschany
Control: reassign -1 src:eclipse Control: retitle: Missing symlink of org.eclipse.osgi jar Hello, thank you for the bug report. The symlink must be created in the eclipse package though. Regards, Markus signature.asc Description: OpenPGP digital signature __ This is the maintainer address

Bug#891956: Your mail

2018-05-14 Thread Markus Koschany
Am 14.05.2018 um 22:21 schrieb Rafi Rubin: > The dependencies for 3.8.1-11 end up requiring libequinox-osgi-java >= > 3.9.1 (through eclipse-rcp), which doesn't have > /usr/lib/eclipse/plugins/org.eclipse.osgi_3.8.1.dist.jar > > > Going back to stable, 3.8.1-10 for the eclipse packages at least

Bug#896929: java.ext.dirs is gone

2018-05-09 Thread Markus Koschany
Hi, Am 09.05.2018 um 13:42 schrieb PaulLiu: > Hi Markus, > > > Any suggest lib for replacements of rxtx?? There is an open issue about the current (non-)activity of rxtx development. https://github.com/rxtx/rxtx/issues/13 Someone suggested to use

Bug#899183: sub...@bugs.debian.org

2018-05-20 Thread Markus Koschany
Control: retitle -1 libpdfbox2-java: Hello, Am 20.05.2018 um 14:23 schrieb Martin Kittel: > Package: libpdfbox2-java > Version: 2.0.9-1 > Severity: important > > Dear Maintainer, > > I get the exception below when running my Java program using > libpdfbox2-java. I tried running the program

Bug#899332: CVE-2018-8012: Apache ZooKeeper Quorum Peer mutual authentication

2018-05-22 Thread Markus Koschany
Package: zookeeper X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Fixed: 3.4.10-1 Hi, The following vulnerability was published for zookeeper. CVE-2018-8012[0]: | No authentication/authorization is enforced when a server attempts to | join a quorum in Apache ZooKeeper

Bug#899374: batik: CVE-2018-8013

2018-05-25 Thread Markus Koschany
This is apparently upstream bug BATIK-1222 https://issues.apache.org/jira/browse/BATIK-1222 Patch: https://svn.apache.org/viewvc?view=revision=1831241 signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team

Bug#681726: Eclipse is 6 Years Behind in Debian

2018-05-25 Thread Markus Koschany
Hello, Am 25.05.2018 um 21:50 schrieb Josh Blagden: > Hi folks, > >     I just wanted to make the observation that Debian has had the same > version of Eclipse for the last six years. When can we expect to see a > new version to the Debian repository? Maybe when a solar and lunar eclipse happen

Bug#882525: netbeans FTBFS with jaxb 2.3.0

2018-05-29 Thread Markus Koschany
Am 29.05.2018 um 13:46 schrieb Emmanuel Bourg: > Le 29/05/2018 à 13:07, Markus Koschany a écrit : > >> I have already tried that weeks ago but to no avail. > > Did you try replacing the Ant task with an task invoking > the xjc command? I can't remember. Feel free to t

Bug#882525: netbeans FTBFS with jaxb 2.3.0

2018-05-29 Thread Markus Koschany
Am 29.05.2018 um 13:28 schrieb Emmanuel Bourg: > Le 29/05/2018 à 13:07, Markus Koschany a écrit : > >> I have already tried that weeks ago but to no avail. I think the >> severity should remain RC until jaxb is updated to fix this issue. It >> blocks any way to fix o

Bug#882525: netbeans FTBFS with jaxb 2.3.0

2018-05-29 Thread Markus Koschany
Am 29.05.2018 um 14:53 schrieb Emmanuel Bourg: [...] > Well, I disagree with your analysis but since it seems you are having a > bad day I'm not going to argue and annoy you further with this issue. > I'm just asking for the severity to remain below RC until the Java 9 fix > migrates to testing.

Bug#882525: netbeans FTBFS with jaxb 2.3.0

2018-05-29 Thread Markus Koschany
Am 29.05.2018 um 14:00 schrieb Emmanuel Bourg: > Le 29/05/2018 à 13:51, Markus Koschany a écrit : > >> I can't remember. Feel free to try and implement your workaround but >> don't lower the severity of an 100 % RC bug until then. > > This issue matches the definition o

Bug#882525: jaxb 2.3.0.1-2 FTBFS

2018-06-03 Thread Markus Koschany
Control: reopen -1 jaxb 2.3.0.1-2 fails to build from source. Reopening. signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team . Please use

Bug#891957: netbeans "loading module" modules.netbinox NullPointerException

2018-06-07 Thread Markus Koschany
Control: reopen -1 It seems there is another issue with libequinox-osgi-java. Building Netbeans from source works again but I still get the NullPointerException. signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team

Re: lucene-solr in Debian : why not version 7.3.1?

2018-06-20 Thread Markus Koschany
Hi, Am 18.06.2018 um 13:07 schrieb Alastair McKinstry: > Hi, > > I'm wondering why lucene-solr in Debian is stuck at version 3.6.2 > (|+dfsg-13) rather than moving to 7.3.1.| > > |The package appears to be actively maintained (last upload last month) > - are there dependency issues,etc?| > >

Bug#902670: tomcat7: version number causes exception in osgi startup

2018-06-30 Thread Markus Koschany
Am 30.06.2018 um 02:04 schrieb EmTeedee: > Hi, > > On 29/06/2018 18:05, Markus Koschany wrote: >> Ok, that makes sense. If this is the only MANIFEST file that needs an update, >> we can patch it with the next update. > > I changed the version number in

Bug#902776: libpdfbox-java: CVE-2018-8036

2018-06-30 Thread Markus Koschany
Package: libpdfbox-java X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libpdfbox-java. CVE-2018-8036[0]: Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to

Bug#902776: libpdfbox-java: CVE-2018-8036

2018-06-30 Thread Markus Koschany
Control: owner -1 ! signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for discussions and questions.

Bug#896929: java.ext.dirs is gone

2018-05-01 Thread Markus Koschany
Am 01.05.2018 um 15:48 schrieb deb...@fau.xxx: > I traced this problem to RXTXCommDriver.java:415: > System.getProperty("java.ext.dirs") comes back null. It's illegal to > -Djava.ext.dirs on Java 10/11. The easiest fix appears to be to add a > second argument (default value) of the empty string,

Bug#895778: jruby: Several security vulnerabilities

2018-04-29 Thread Markus Koschany
SS vulnerability in homepage attribute +when displayed via gem server. + * Fix CVE-2018-179: Directory Traversal vulnerability in gem installation +that can result in writing to arbitrary filesystem locations during +installation of malicious gems. + (Closes: #895778) + + -- Markus Kos

Re: libjide-oss-java_3.7.4+dfsg-1_source.changes REJECTED

2018-07-28 Thread Markus Koschany
Am 29.07.2018 um 08:19 schrieb Debian FTP Masters: > > > Source-only uploads to NEW are not allowed. > > binary:libjide-oss-java-doc is NEW. Hello, this error message is very strange. I have never removed the libjide-oss-java-doc binary package from src:libjide-oss-java. It does no longer

Re: libjide-oss-java_3.7.4+dfsg-1_source.changes REJECTED

2018-07-28 Thread Markus Koschany
Hi, Am 29.07.2018 um 09:18 schrieb Chris Lamb: > apo, > >>> binary:libjide-oss-java-doc is NEW. > […] >> this error message is very strange. I have never removed the >> libjide-oss-java-doc binary package from src:libjide-oss-java. It does >> no longer exist in Debian. Any ideas why? > > Could

Bug#899183:

2018-07-27 Thread Markus Koschany
Am 27.07.2018 um 18:21 schrieb Andrea Vacondio: > Ok, I see that 2.0.11-1 works correctly but I'm a bit lost. I compiled > PDFBox using openjdk 10.0.2 with target/source 1.7 but I still get the > issue with my generated fontbox jar... see mine on the left has the > ByteBuffer return type causing

Bug#899183:

2018-07-27 Thread Markus Koschany
Am 27.07.2018 um 15:12 schrieb Andrea Vacondio: > Why not compile with --release 7 ? This way the generated bundle should > work with java 7 and above, or am I missing something? > My app is hit by this > https://bugs.launchpad.net/ubuntu/+source/pdfsam/+bug/1781130 and users > are currently

Bug#903428: javadocs generated by javahelper include jquery

2018-08-11 Thread Markus Koschany
FTR: I have talked to Matthias Klose (doko) at DebConf18 about the embedding of jquery into javadoc packages. He pointed me to a similar discussion in doxygen which also embeds jquery while building doc packages. In short he doesn't consider it to be a worthwhile task because there is a risk of

Bug#903428: javadocs generated by javahelper include jquery

2018-08-11 Thread Markus Koschany
Hi tony, Am 11.08.2018 um 20:12 schrieb tony mancill: [...] > Hi Markus, > > I'm glad that you were able to discuss this directly with Matthias, and > thank you for sharing the gist of that conversation. For our sanity, I > will take a look to see if we can get the severity of the lintian >

Bug#906785: version warping patch is overly aggressive

2018-08-21 Thread Markus Koschany
Hi Bdale, we all assumed that OpenJDK 11 will remove support for source/target 1.6. After a discussion on the OpenJDK mailing list they decided to postpone this change for OpenJDK 12. [1] The current patch simplifies our packaging work because we don't have to manually fix packages that still

Bug#888547: CVE-2017-1000190

2018-08-23 Thread Markus Koschany
Am 23.08.2018 um 15:55 schrieb Emmanuel Bourg: > On 23/08/2018 13:14, Markus Koschany wrote: >> Apparently upstream doesn't consider this "to be their problem". Since >> simple-xml has no reverse-dependencies and the current uploader is MIA, >> I think we should

Bug#902861: axis: FTBFS with Java 10 due to com.sun.net.ssl removal

2018-08-23 Thread Markus Koschany
Am 24.08.2018 um 01:00 schrieb Emmanuel Bourg: >> This issue was apparently fixed in version 1.10.4-2. Axis can be rebuilt >> from source again. > > Actually the issue was triggered by the automatic use of the --release > javac option in ant/1.10.3-2, the flag removed the internal com.sun.net >

Bug#906785: version warping patch is overly aggressive

2018-08-21 Thread Markus Koschany
Am 21.08.2018 um 19:47 schrieb Keith Packard: [...] > We only discovered that ant was the source of trouble by comparing the > output of a project built using that and another project build using a > simple Makefile. > > If you're going to stop supporting older API versions, I'd suggest that >

Bug#898935: Tomcat 8 security issues in Stretch

2018-08-24 Thread Markus Koschany
A security update has been sent to Debian's security team and we expect that the current open issues in Stretch will be fixed in due time. Please note that Tomcat 7 in Stretch is not vulnerable to any of those issues because we only build the servlet API. Regards, Markus signature.asc

Bug#898935: migrate fix to stretch security

2018-08-24 Thread Markus Koschany
Version: 8.5.32-1 This issue was fixed in 8.5.32-1. I am going to close this bug report now. Markus signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team .

Bug#906384: lucene-solr: FTBFS in buster/sid

2018-08-25 Thread Markus Koschany
Control: tags -1 pending The FTBFS was caused by the latest upgrade of libwoodstox-java. The jar files were renamed and could not be found anymore. I am quite sure this is related to #904063 somehow. Once #906447 is resolved I could try to verify this assumption. Markus signature.asc

Bug#906447: tomcat8: Errors thrown when connecting

2018-08-25 Thread Markus Koschany
On Fri, 17 Aug 2018 20:50:14 +0300 Vassilis Virvilis wrote: [...] > With java8 installed I am getting the following. Isn't this the sign that is > compiled again against java9/java10? > > 2018-08-17 16:20:46] [crit] java.lang.NoSuchMethodError: >

Bug#906384: lucene-solr: FTBFS in buster/sid

2018-08-25 Thread Markus Koschany
Am 25.08.2018 um 23:27 schrieb Markus Koschany: > Control: tags -1 pending > > The FTBFS was caused by the latest upgrade of libwoodstox-java. The jar > files were renamed and could not be found anymore. > > I am quite sure this is related to #904063 somehow. Once #906447 is

Bug#907477: maven-debian-helper: does not substitute values of plugins with maven.rules

2018-08-28 Thread Markus Koschany
Package: maven-debian-helper Version: 2.3 Severity: normal Currently mina2 version 2.0.16-2 fails to build from source because Plugin org.apache.xbean:maven-xbean-plugin:4.1 or one of its dependencies could not be resolved: Cannot access central (https://repo.maven.apache.org/maven2) in offline

Bug#888547: CVE-2017-1000190

2018-08-23 Thread Markus Koschany
Apparently upstream doesn't consider this "to be their problem". Since simple-xml has no reverse-dependencies and the current uploader is MIA, I think we should consider requesting the removal of simple-xml. Markus signature.asc Description: OpenPGP digital signature __ This is the maintainer

Bug#906785: version warping patch is overly aggressive

2018-08-21 Thread Markus Koschany
Am 21.08.2018 um 18:49 schrieb Bdale Garbee: > Markus Koschany writes: [...] >> I think the patch could be removed for OpenJDK 11 but should be applied >> for OpenJDK 12 again. All build tools already emit a deprecation warning >> for source/target 1.6, so developers and

Bug#898935: migrate fix to stretch security

2018-08-24 Thread Markus Koschany
Am 24.08.2018 um 09:30 schrieb Bogdan Veringioiu: > Hello all, > > is there any plan to migrate the fix to stretch security ? > > I would be interested in the fixes for CVE-2018-1304, CVE-2018-1305 > (resolved in 7.0.88, and in 8.5.32-1 testing) which are important for a > security certification

Bug#906350: doxia: FTBFS in buster/sid (Cannot find parent dependency org.apache.maven:maven-parent:pom:27)

2018-08-29 Thread Markus Koschany
Control: tags -1 confirmed > [ERROR] The build could not read 1 project -> [Help 1] > [ERROR] > [ERROR] The project org.apache.maven.doxia:doxia:1.7 > (/<>/pom.xml) has 1 error > [ERROR] Invalid packaging for parent POM > org.apache.maven:maven-parent:27, must be "pom" but is "jar" @

Bug#907554: maven-debian-helper: relocations do not work for packaging type pom

2018-08-29 Thread Markus Koschany
Package: maven-debian-helper Version: 2.3 Severity: normal While I was investigating RC bug #906350 in doxia, I discovered that the root cause of the build failure is the relocation of org.apache.maven:maven-parent in libmaven-parent-java. Apparently the idea was to redirect the current version

Bug#886394:

2018-07-20 Thread Markus Koschany
Hello Andrea, Am 20.07.2018 um 15:52 schrieb Andrea Vacondio: > PDFsam is developed using Java 8 and JavaFX. It should work on higher > versions provided they come with their JavaFX, as far as I know Oracle > JDK still bundles JavaFX, with a plan to separate the two soon. OpenJDK > already

Bug#903916: undertow: Keep it out of Buster

2018-07-16 Thread Markus Koschany
Source: undertow Version: 1.4.25-1 Severity: serious I am filing this bug report to prevent the migration of undertow to testing and subsequently being part of the next stable release Debian 10, "Buster". This was also briefly discussed with the Security Team. Reasons: - Undertow is regularly

Bug#903428: javadocs generated by javahelper include jquery

2018-07-17 Thread Markus Koschany
Hi tony, Am 17.07.2018 um 07:00 schrieb tony mancill: [...] > > Hi Markus, > > Fair enough. I can see the value in providing javadoc (or at least a > way to build the javadoc) for older versions of libraries. > > I think Martin Quinson's suggestion of "shim" jquery package has some > merit.

Bug#903428: Got hit by #903428 too

2018-07-17 Thread Markus Koschany
Am 17.07.2018 um 01:15 schrieb Martin Quinson: > Hello, > > I'm building a package that provide some javadoc, so I got hit by that > bug myself too. The solution you propose (dropping javadoc packages) > does not exactly fit my needs, I must say ;) [...] A quick solution is to depend on

Bug#857939: [libtcnative-1] Does not work without symlink

2018-07-18 Thread Markus Koschany
Am 18.07.2018 um 13:41 schrieb Harald Dunkel: > Asking all Java Standard Edition users to perform some manual > configuration steps is not helpful. They will just dislike both > your package and openjdk for being different to the "real" > Java version they are used to. > > Just my $0.02. Regards

Bug#907477: maven-debian-helper: does not substitute values of plugins with maven.rules

2018-09-06 Thread Markus Koschany
Am 06.09.2018 um 00:03 schrieb Emmanuel Bourg: > Le 28/08/2018 à 15:25, Markus Koschany a écrit : > >> I added a new rule to debian/maven.rules >> >> org.apache.xbean maven-xbean-plugin * s/.*/4\.5/ * * >> >> Expected behavior: >> >> The version i

Bug#908091: sweethome3d: Immediate crash upon starting 'sweethome3d'

2018-09-06 Thread Markus Koschany
On Thu, 06 Sep 2018 07:59:41 +0300 nikobit wrote: > Package: sweethome3d > Version: 5.7+dfsg-2 > Severity: normal > Tags: newcomer > > Dear Maintainer, > Same as previous bug reporter I would like to say thank you for maintaining > such extraordinary job. Afraid I'm reporting bug 884057 once

Bug#902991: tomcat 7.0.56-3+really7.0.88-* regression

2018-07-05 Thread Markus Koschany
Control: retitle -1 jetty8: missing symlink to tomcat-coyote.jar Control: reassign -1 libjetty8-extra-java Control: found -1 8.1.16-4 Am 05.07.2018 um 09:35 schrieb Sébastien QUESSON: [...] > With tomcat-coyote-7.0.56-3+really7.0.88-2, UriUtil class is found: > jar tvf

Bug#903428: javadocs generated by javahelper include jquery

2018-07-09 Thread Markus Koschany
Am 09.07.2018 um 23:35 schrieb Emmanuel Bourg: > Le 09/07/2018 à 23:29, Markus Koschany a écrit : > >> We should really aim for the simplest solution. Actually I don't see any >> need to patch the javadoc tool because we could easily solve this at the >> packaging level. J

Bug#903428: javadocs generated by javahelper include jquery

2018-07-09 Thread Markus Koschany
Am 09.07.2018 um 23:01 schrieb Emmanuel Bourg: > Le 09/07/2018 à 22:41, Christoph Berg a écrit : > >> Or even better, have javadoc put in the symlink. > > Not a good idea. The javadoc generated would no longer be usable outside > Debian. Developers would no longer be able to generate the javadoc

Bug#903428: javadocs generated by javahelper include jquery

2018-07-09 Thread Markus Koschany
Am 09.07.2018 um 23:26 schrieb Emmanuel Bourg: > Le 09/07/2018 à 23:14, Markus Koschany a écrit : > >> I believe the use case of viewing javadoc outside of a Debian >> system is negligible and we should just symlink jquery. > > Viewing an API documentation from a lib*-

Bug#903428: javadocs generated by javahelper include jquery

2018-07-11 Thread Markus Koschany
Hi tony, Am 10.07.2018 um 05:22 schrieb tony mancill: [...] > I'm in favor of dropping the -java-doc packages completely and instead > using our time and effort to improve the state of our runtime libraries, > toolchain and application packages. (It would be a different story if > we were

Bug#902991: tomcat 7.0.56-3+really7.0.88-* regression

2018-07-04 Thread Markus Koschany
Hello, Am 04.07.2018 um 17:54 schrieb Sébastien QUESSON: [...] > Caused by: > javax.servlet.ServletException: java.lang.NoClassDefFoundError: > org/apache/tomcat/util/buf/UriUtil > ... > Caused by: > java.lang.NoClassDefFoundError: org/apache/tomcat/util/buf/UriUtil > at >

Bug#895920: ecj: only a virtual package and not installable

2018-04-17 Thread Markus Koschany
Source: ecj Version: 3.13.2-2 Severity: serious while I was having some fun with lombok, I discovered that ecj is just a virtual package and not installable. I don't think that's intended. Markus __ This is the maintainer address of Debian's Java team

Bug#896439: gradle-debian-helper points to an invalid java api directory

2018-04-21 Thread Markus Koschany
Am 21.04.2018 um 19:57 schrieb Emmanuel Bourg: > Hi Tiago, > > I don't think gradle-debian-helper should depend on default-jdk-doc by > default, this is a rather big dependency and it's preferable to keep it > optional to speed up the builds a bit. I think the packages using >

Bug#895778: jruby: Several security vulnerabilities

2018-04-15 Thread Markus Koschany
Package: jruby X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for jruby. Apparently rubygems is embedded into jruby which makes it vulnerable to. CVE-2018-179[0]: | RubyGems version Ruby 2.2 series: 2.2.9 and earlier,

Bug#896604: lucene-solr: CVE-2018-1308 XXE in DataImportHandler

2018-04-22 Thread Markus Koschany
Package: lucene-solr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for lucene-solr. CVE-2018-1308[0]: | This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 | relates to an XML external entity expansion (XXE) in

Bug#893312: lombok FTBFS with openjdk-9

2018-04-17 Thread Markus Koschany
I've fixed the original errors in Javac.java but there are more later on due to our friend OpenPain 9. I had no choice but to upgrade to a newer lombok version. Now I'm stuck because ecj can't be found. Markus signature.asc Description: OpenPGP digital signature __ This is the maintainer

Bug#910585: openjfx: no glassgtk3 in java.library.path

2018-10-08 Thread Markus Koschany
Package: openjfx Version: 11+26-3 Severity: serious I have made significant progress with packaging a newer version of MediathekView. However when I try to run the application I get a RuntimeException which indicates that some package is missing. I suspect libopenjfx-jni is the culprit.

Bug#911079: [pdfsam] Window blank

2018-10-15 Thread Markus Koschany
Control: tags -1 unreproducible Control: severity -1 important Am 15.10.18 um 14:11 schrieb Marco Righi: > Package: pdfsam > Version: 1.1.4-4 > Severity: grave > > --- Please enter the report below this line. --- > Hi, > After pdfsam execution appears only a little box (see image_1). > After

Bug#911078: triplea: Fails to start with NullPointerException

2018-10-15 Thread Markus Koschany
Package: triplea Version: 1.9.0.0.7062-2 Severity: grave Justification: renders package unusable After the switch to OpenJFX 11, triplea fails to start with a NullPointerException. triplea.engine.version.bin:1.9 java.lang.NullPointerException at

Bug#886394: pdfsam still shows the same error although it does give the banner as gimp does while starting up.

2018-10-15 Thread Markus Koschany
Control: severity -1 grave Control: block -1 by 910764 Am 15.10.18 um 15:55 schrieb shirish शिरीष: > Dear all, > > The issue is still prevalent even though you do get a > 'banner'/animation or whatever its called similar to when gimp starts > even though there are now versions of openjfx and

Bug#911709: tomcat7: Security update broke apps with AccessControlException for org.apache.tomcat.util.http

2018-10-23 Thread Markus Koschany
Hello, Am 23.10.18 um 21:20 schrieb Anthony DeRobertis: > Package: tomcat7 > Version: 7.0.56-3+really7.0.91-1 > Severity: important > > After applying the recent security update, the web app we're running > (which is unfortunately a proprietary product provided by a vendor) no > longer works.

Bug#910764: openjfx: segmentation fault in GtkNativeMainLoopThread

2018-10-24 Thread Markus Koschany
I believe I have found a way to workaround this issue for the moment. If I pass -Djdk.gtk.version=2 to PDFsam version 3.3.7 it no longer crashes. However there is another issue with fontawesomefx, so there is still some work to do. I think I will forward this issue to the OpenJFX developers

Bug#912231: bnd FTBFS with OpenJDK 11

2018-10-29 Thread Markus Koschany
ava:372) /usr/bin/mh_installpom: line 148: debian/.mh/pom.properties: No such file or directory make: *** [debian/rules:9: binary] Error 1 From: Markus Koschany Date: Mon, 29 Oct 2018 20:36:31 +0100 Subject: java11 Fix biz.aQute.remote/src/aQute/remote/agent/RedirectOutput.java:41: error: nullOutputStrea

Bug#910764: Forward 910764 OpenJFX 11 segmentation fault

2018-10-31 Thread Markus Koschany
Control: severity -1 important On Tue, 30 Oct 2018 14:39:11 +0100 Markus Koschany wrote: > Control: forwarded -1 > https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8213149 > thanks > > Look like upstream can't reproduce this issue with their custom JDK image. >

Bug#911187: axis: FTBFS with Java 11 due to javax.rmi and CORBA removal

2018-10-30 Thread Markus Koschany
I was investigating the Java 11 FTBFS of axis and uddi4j. I wonder if we rather should focus on removing these packages instead of patching them. Axis has seen its last release in 2006. AFAIK Apache CXF would be a better alternative because it is actively maintained. Unfortunately it is not

Bug#910764: Forward 910764 OpenJFX 11 segmentation fault

2018-10-30 Thread Markus Koschany
Control: forwarded -1 https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8213149 thanks Look like upstream can't reproduce this issue with their custom JDK image. signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team

Bug#912221: jabref: incompatible with openjdk 11

2018-10-30 Thread Markus Koschany
Am 30.10.18 um 01:15 schrieb Emmanuel Bourg: > Le 30/10/2018 à 00:41, gregor herrmann a écrit : > >> I guess we need to make sure that we build with openjdk-8. >> (You know this better than me but I seem to remember that the plan >> was to keep openjdk-8 in buster for building packages?) > > No

Bug#911093: libjetbrains-annotations-java: missing Breaks+Replaces: libintellij-annotations-java (<< 16.0.2-4)

2018-10-25 Thread Markus Koschany
On Mon, 15 Oct 2018 17:48:38 +0200 Andreas Beckmann wrote: > Package: libjetbrains-annotations-java > Version: 16.0.2-4 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts replaces-without-breaks > > Hi, > > during a test with piuparts and DOSE tools I noticed your

Bug#912751: jh_installjavadoc: produces incorrect doc-base file

2018-11-03 Thread Markus Koschany
Package: javahelper Version: 0.70 Severity: important I discovered a regression in jh_installjavadoc. This tool will automatically create a doc-base file. In libjackson-json-java 1.9.2-9 the content looks as follows: Format: HTML Index: //usr/share/doc/libjackson-json-java/api Files:

Bug#911194: libbtm-java: FTBFS with Java 11 due to javax.rmi removal

2018-11-03 Thread Markus Koschany
libbtm-java looks like a removal candidate for me. Last release was in 2012, project looks pretty much stalled. https://github.com/bitronix/btm The only r-dep is ehcache which uses libbtm-java for its tests. signature.asc Description: OpenPGP digital signature __ This is the maintainer

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

2018-11-05 Thread Markus Koschany
Am 05.11.18 um 14:13 schrieb Moritz Mühlenhoff: [...] > The Java connector follows the horrible Oracle policy of not disclosing > vulnerability information. Given that we now have mariadb-connector-java > in the archive (with a transparent upstream), can we migrate existing > reverse deps

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

2018-11-08 Thread Markus Koschany
Am 08.11.18 um 19:34 schrieb Moritz Mühlenhoff: [...] > So upon a closer look this seems to only affect the 8.x releases of the > connector (Oracle only lists those affected release series which are > affected and this only lists 8.x, while 5.1.x is still supported; there's > a 5.1.47 release). >

Bug#913362: netbeans: please switch to libmariadb-java

2018-11-09 Thread Markus Koschany
Package: libnb-ide14-java Version: 8.1+dfsg3-5 Severity: important Hello, we would like to remove libmysql-java from Debian because it is frequently affected by security vulnerabilities which are not fully disclosed. This makes it hard to determine the impact of such a flaw.[1] However we also

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

2018-11-09 Thread Markus Koschany
Control: retitle -1 mysql-connector-java: removal from Debian Control: block -1 by 913323 913354 913360 913343 913362 So here we go. The removal of mysql-connector-java is currently blocked by five bugs. I have submitted patches for four of them and I will take care of netbeans myself. I'm

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

2018-11-04 Thread Markus Koschany
Package: mysql-connector-java X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for mysql-connector-java. CVE-2018-3258[0]: | Vulnerability in the MySQL Connectors component of Oracle MySQL | (subcomponent: Connector/J).

Bug#906383: lombok-patcher: FTBFS in buster/sid

2018-10-02 Thread Markus Koschany
Control: tags -1 pending Control: block -1 by 910112 Fix is ready to upload in Git but blocked by #910112. signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team

Bug#910112: javahelper: jh_linkjars is broken because of fix for multiple dep fields and newlines

2018-10-02 Thread Markus Koschany
Package: javahelper Version: 0.68 Severity: serious The recent javahelper update broke jh_linkjars. This commit introduced the regression https://salsa.debian.org/java-team/javatools/commit/a87bc535da1dcba04e0e5fdca524e00c43de3efe The error manifests for example in lombok-ast and

Bug#905215: CVE-2018-2941

2018-10-07 Thread Markus Koschany
Hi, On Wed, 01 Aug 2018 16:45:30 +0200 Moritz Muehlenhoff wrote: > Source: openjfx > Severity: grave > Tags: security > > http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html > fixed CVE-2018-2941 in JavaFX, which should affect our openjfx package. We have recently

Bug#905215: CVE-2018-2941

2018-10-07 Thread Markus Koschany
Am 07.10.18 um 13:16 schrieb Moritz Muehlenhoff: [...] > No, unfortunately it's the same "we fix, but don't tell" bullshit policy > as with all other Oracle products. > > Given that mediathekview is our only reverse dependency in stretch we > can probably mark it as ignored for stretch anyway?

Bug#910495: openjfx FTBFS on !x86: offlineasm: No magic values found. Skipping assembly file generation.

2018-10-07 Thread Markus Koschany
Am 07.10.18 um 14:31 schrieb Emmanuel Bourg: > Control; severity -1 important > > Downgrading the severity, upstream doesn't support non x86 architectures > and the packages are only provided as a best effort. I believe this issue is related to the patches that disable JIT compilation. After

Bug#910501: openjfx: Installs javafx.control jar for javafx.web jar

2018-10-07 Thread Markus Koschany
Package: openjfx Version: 11+26-1 Severity: serious OpenJFX installs the javafx.control jar for javafx.web.jar. Most likely a copy error in libopenjfx-java.poms. This means that web related classes are missing which makes e.g. mediathekview FTBFS. Markus __ This is the maintainer address of

Bug#910495: openjfx FTBFS on !x86: offlineasm: No magic values found. Skipping assembly file generation.

2018-10-07 Thread Markus Koschany
The patch contained a mistake but I just tried it on plummer.debian.org (ppc64el porterbox) and it unfortunately doesn't make any difference. signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team

Bug#910495: openjfx FTBFS on !x86: offlineasm: No magic values found. Skipping assembly file generation.

2018-10-07 Thread Markus Koschany
Am 07.10.18 um 18:21 schrieb Markus Koschany: > The patch contained a mistake but I just tried it on plummer.debian.org > (ppc64el porterbox) and it unfortunately doesn't make any difference. I should have added that I still think it has something to do with the disabled JIT. The aforemen

Bug#910611: openjfx: draws mediathekview and pdfsam unusable

2018-10-08 Thread Markus Koschany
Control: forcemerge 910395 910611 Am 08.10.18 um 19:37 schrieb Philip Rinn: > Package: openjfx > Version: 11+26-3 > Severity: normal > > Hi, > > since some days (sadly I don't know it the 8 -> 11 update triggered this) > mediathekview and pdfsam don't start anymore: Hi, we are aware of the

Bug#907863: libeclipse-osgi-java, libequinox-osgi-java: error when trying to install together

2018-09-03 Thread Markus Koschany
Hi, Am 03.09.2018 um 14:04 schrieb Emmanuel Bourg: > Control: reassign -1 libeclipse-osgi-java > Control: affects -1 libequinox-osgi-java > > libeclipse-osgi-java will replace libequinox-osgi-java. I forgot to add > the proper Breaks/Replaces fields. I think this could have been better

Bug#907863: libeclipse-osgi-java, libequinox-osgi-java: error when trying to install together

2018-09-03 Thread Markus Koschany
Am 03.09.2018 um 15:38 schrieb Emmanuel Bourg: > Hi Markus, > > Le 03/09/2018 à 14:48, Markus Koschany a écrit : > >> I think this could have been better communicated. I was the one who >> split libequinox-osgi-java off from Eclipse. Why can't we just use the >&g

Bug#909540: tomcat8: ignores umask, sudden(?) regression

2018-09-24 Thread Markus Koschany
Hi, Am 24.09.18 um 23:54 schrieb Thorsten Glaser: > Package: tomcat8 > Version: 8.5.14-1+deb9u3 > Severity: important [...] > Apparently, umask is not (no longer?) honoured. On a jessie box: [...] I guess it would help to check the previous version of Tomcat 8 in Jessie again. If you think this

Bug#842284: visualvm: performs update check/phones home

2019-01-23 Thread Markus Koschany
Control: reassign -1 libnb-platform18-java On Thu, 27 Oct 2016 12:23:11 -0400 "Roberto C. Sanchez" wrote: > Package: visualvm > Version: 1.3.8-1 > Severity: normal > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > When launched, the visualvm package phones home to perform an update >

Bug#864657: ca-certificates-java: Can we have fix for this in Stretch as well, please.

2019-01-23 Thread Markus Koschany
Of course I meant default-jre-headless | java7-runtime-headless. signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org

Bug#864657: ca-certificates-java: Can we have fix for this in Stretch as well, please.

2019-01-23 Thread Markus Koschany
On Wed, 23 Jan 2019 19:08:27 + Marcin Kulisz wrote: > Package: ca-certificates-java > Followup-For: Bug #864657 > > Hi I just want to add that at the moment Stretch current stable has this > broken > to the point that neither openjdk nor ca-certificates-java packages can be > installed

Bug#912231: bnd FTBFS with OpenJDK 11

2018-12-20 Thread Markus Koschany
Hi, Am 19.12.18 um 22:32 schrieb Emmanuel Bourg: > Le 29/10/2018 à 23:32, Markus Koschany a écrit : >> The OpenJDK 11 issue is rather simple to fix, however the build fails >> later on with this error message, a Gradle issue? > > I've figured out what is causing the s

Bug#910764: openjfx: segmentation fault in GtkNativeMainLoopThread

2018-11-30 Thread Markus Koschany
Am 30.11.18 um 18:21 schrieb Hans Georg Colle: > Hello Markus, > could you run your application using xorg instead of the xwayland > server (i. e. choose "Gnome unter Xorg" in the gdm3 greeter settings > before logging in), please, and report the result? > I got the same issue running a JavaFX-UI

Bug#914291: jaxrs-api: copyright file wrong

2018-11-21 Thread Markus Koschany
Am 21.11.18 um 19:57 schrieb Thorsten Glaser: > Hi Emmanuel, > >> 2.1 under the CDDL+GPL and the version 2.1.1 under the EPL+GPL. So it's >> still correct to state that the code is licensed under the CDDL. > > the code, perhaps, but not the source package you received. > > Why don’t you just

Bug#914291: jaxrs-api: copyright file wrong

2018-11-21 Thread Markus Koschany
Am 21.11.18 um 19:30 schrieb Thorsten Glaser: [...] > This is wrong, see the NOTICE file: > > | ## Declared Project Licenses > | > | This program and the accompanying materials are made available under the > terms > | of the Eclipse Public License v. 2.0 which is available at > |

Bug#914417: libjide-oss-java package does not install a jide-oss.jar file when built from source

2018-11-23 Thread Markus Koschany
Control: reassign -1 src:javahelper Am 23.11.18 um 09:48 schrieb Matthias Klose: > Package: src:libjide-oss-java > Version: 3.7.4+dfsg-1 > Severity: serious > Tags: sid buster > > Seen at > https://bugs.launchpad.net/ubuntu/+source/starjava-ttools/+bug/1804773 > > verified that a rebuild in

Bug#914291: jaxrs-api: copyright file wrong

2018-11-21 Thread Markus Koschany
Control: severity -1 normal Am 21.11.18 um 18:15 schrieb Thorsten Glaser: > Source: jaxrs-api > Version: 2.1.2-2 > Severity: serious > Justification: Policy 2.3, 12.5, possibly 2.1 > > In an internal Java™ project of $dayjob I was checking licences > of updated components and found that

Bug#911078: triplea: Fails to start with NullPointerException

2018-11-22 Thread Markus Koschany
Hello, Am 22.11.18 um 23:09 schrieb Dan Van Atta: [...] >> Presumably the latest Substance binaries have fixed this issue. > > I'm eager for confirmation that this looks to be fixed, I'm happy to > help with what I can in that effort. Thank you very much for responding to this bug report. I'm

Bug#914105: dh_install: Cannot find (any matches for) "pdfbox/target/apidocs/*" (tried in ., debian/tmp)

2018-11-19 Thread Markus Koschany
Am 19.11.18 um 15:19 schrieb Mathieu Malaterre: > Source: libpdfbox-java > Version: 1:1.8.16-1 > > For some reason I cannot build libpdfbox-java locally, it fails to build with: > > Offline mode. Give up looking for package containing > /usr/share/doc/libbcprov-java/apidocs/index.html >> dpkg

  1   2   3   >