reproducible.debian.net status changes for svgsalamander

2016-11-23 Thread Reproducible builds folks
2016-11-23 18:44 https://tests.reproducible-builds.org/debian/unstable/amd64/svgsalamander changed from reproducible -> unreproducible __ This is the maintainer address of Debian's Java team . Please use

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Arne Nordmark
Package: tomcat7 Version: 7.0.56-3+deb8u5 Severity: normal After the security update 7.0.56-3+deb8u5, I get an error message: ALLVARLIG: Servlet.service() for servlet [Faces Servlet] in context with path [/mech] threw exception [Filter execution threw an exception] with root cause

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Arne Nordmark
Den 2016-11-23 kl. 12:36, skrev Emmanuel Bourg: > Hi Arne, > > Thank you for reporting this issue. Could you check if it also occurs > with the tomcat7 package from jessie-backports please? Thanks for the quick reply. No, with version 7.0.73-1~bpo8+1 I do not have this problem. I guess this

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Emmanuel Bourg
Le 23/11/2016 à 12:54, Arne Nordmark a écrit : > Thanks for the quick reply. > > No, with version 7.0.73-1~bpo8+1 I do not have this problem. I guess > this indicates a problem with backporting the patch to 7.0.56. Did you enable the security manager? __ This is the maintainer address of

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Emmanuel Bourg
Hi Arne, Thank you for reporting this issue. Could you check if it also occurs with the tomcat7 package from jessie-backports please? Emmanuel Bourg __ This is the maintainer address of Debian's Java team . Please

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Arne Nordmark
Den 2016-11-23 kl. 14:09, skrev Emmanuel Bourg: > Did you enable the security manager? I have not changed that part of /etc/default/tomcat7, so it still reads #TOMCAT7_SECURITY=no which should imply that the security manager is not enabled. Arne __ This is the maintainer address of Debian's

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Arne Nordmark
Den 2016-11-23 kl. 17:52, skrev Emmanuel Bourg: > > Would you be able to rebuild with this version of the > ResourceLinkFactory class and see if it works better? > > https://raw.githubusercontent.com/apache/tomcat70/TOMCAT_7_0_73/java/org/apache/naming/factory/ResourceLinkFactory.java > I take

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Arne Nordmark
Yet another data point: I rebuilt 7.0.56-3+deb8u5 with CVE-2016-6797.patch deleted, and again the problem goes away. Arne __ This is the maintainer address of Debian's Java team . Please use

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Emmanuel Bourg
Le 23/11/2016 à 17:06, Arne Nordmark a écrit : > Yet another data point: > > I rebuilt 7.0.56-3+deb8u5 with CVE-2016-6797.patch deleted, and again > the problem goes away. Would you be able to rebuild with this version of the ResourceLinkFactory class and see if it works better?

sikuli REMOVED from testing

2016-11-23 Thread Debian testing watch
FYI: The status of the sikuli source package in Debian's testing distribution has changed. Previous version: 1.0~x~rc3.tesseract3-dfsg1-13 Current version: (not in testing) Hint: (no removal hint found) The script that generates this mail tries to extract removal reasons from comments in

sikulix 1.1.0-1 MIGRATED to testing

2016-11-23 Thread Debian testing watch
FYI: The status of the sikulix source package in Debian's testing distribution has changed. Previous version: (not in testing) Current version: 1.1.0-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you

Bug#845425: DataSource no longer accessible since jessie security update

2016-11-23 Thread Arne Nordmark
Den 2016-11-23 kl. 17:52, skrev Emmanuel Bourg: > Would you be able to rebuild with this version of the > ResourceLinkFactory class and see if it works better? > > https://raw.githubusercontent.com/apache/tomcat70/TOMCAT_7_0_73/java/org/apache/naming/factory/ResourceLinkFactory.java > Indeed,

Processing of jabref_2.10+ds-7_sourceonly.changes

2016-11-23 Thread Debian FTP Masters
jabref_2.10+ds-7_sourceonly.changes uploaded successfully to localhost along with the files: jabref_2.10+ds-7.dsc jabref_2.10+ds-7.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) __ This is the maintainer address of Debian's Java team

tomcat-native 1.2.10-1 MIGRATED to testing

2016-11-23 Thread Debian testing watch
FYI: The status of the tomcat-native source package in Debian's testing distribution has changed. Previous version: 1.2.8-1 Current version: 1.2.10-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will

jabref_2.10+ds-7_sourceonly.changes ACCEPTED into unstable

2016-11-23 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 23 Nov 2016 19:00:34 +0100 Source: jabref Binary: jabref jabref-plugin-oo Architecture: source Version: 2.10+ds-7 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers

Bug#845291: Pending fixes for bugs in the bouncycastle package

2016-11-23 Thread pkg-java-maintainers
tag 845291 + pending thanks Some bugs in the bouncycastle package are closed in revision e80ec0674db9f8d225894427b348f3f7f2af6839 in branch 'master' by tony mancill The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/bouncycastle.git/commit/?id=e80ec06 Commit message:

Processed: Pending fixes for bugs in the bouncycastle package

2016-11-23 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tag 845291 + pending Bug #845291 [src:bouncycastle] bouncycastle: versioned paths refer to version 1.51 instead of 1.55 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 845291:

Processing of bouncycastle_1.55-2_amd64.changes

2016-11-23 Thread Debian FTP Masters
bouncycastle_1.55-2_amd64.changes uploaded successfully to localhost along with the files: bouncycastle_1.55-2.dsc bouncycastle_1.55-2.debian.tar.xz bouncycastle_1.55-2_amd64.buildinfo libbcmail-java-doc_1.55-2_all.deb libbcmail-java_1.55-2_all.deb libbcpg-java-doc_1.55-2_all.deb

bouncycastle_1.55-2_amd64.changes ACCEPTED into unstable

2016-11-23 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 23 Nov 2016 12:46:41 -0800 Source: bouncycastle Binary: libbcprov-java libbcprov-java-doc libbcmail-java libbcmail-java-doc libbcpkix-java libbcpkix-java-doc libbcpg-java libbcpg-java-doc Architecture: source all

Bug#845291: marked as done (bouncycastle: versioned paths refer to version 1.51 instead of 1.55)

2016-11-23 Thread Debian Bug Tracking System
Your message dated Wed, 23 Nov 2016 21:18:41 + with message-id and subject line Bug#845291: fixed in bouncycastle 1.55-2 has caused the Debian Bug report #845291, regarding bouncycastle: versioned paths refer to version 1.51 instead of 1.55 to be marked as

Bug#842666: marked as done (CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources)

2016-11-23 Thread Debian Bug Tracking System
Your message dated Wed, 23 Nov 2016 19:32:09 + with message-id and subject line Bug#842666: fixed in tomcat7 7.0.56-3+deb8u5 has caused the Debian Bug report #842666, regarding CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources to be

tomcat8_8.0.14-1+deb8u4_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

2016-11-23 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 17 Nov 2016 09:00:15 +0100 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all

tomcat7_7.0.56-3+deb8u5_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

2016-11-23 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 12 Nov 2016 00:06:36 +0100 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all

Bug#842662: marked as done (CVE-2016-0762: Apache Tomcat Realm Timing Attack)

2016-11-23 Thread Debian Bug Tracking System
Your message dated Wed, 23 Nov 2016 19:32:09 + with message-id and subject line Bug#842662: fixed in tomcat7 7.0.56-3+deb8u5 has caused the Debian Bug report #842662, regarding CVE-2016-0762: Apache Tomcat Realm Timing Attack to be marked as done. This

Bug#840685: marked as done (TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory)

2016-11-23 Thread Debian Bug Tracking System
Your message dated Wed, 23 Nov 2016 19:32:10 + with message-id and subject line Bug#840685: fixed in tomcat8 8.0.14-1+deb8u4 has caused the Debian Bug report #840685, regarding TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory

Bug#842665: marked as done (CVE-2016-6796: Apache Tomcat Security Manager Bypass)

2016-11-23 Thread Debian Bug Tracking System
Your message dated Wed, 23 Nov 2016 19:32:09 + with message-id and subject line Bug#842665: fixed in tomcat7 7.0.56-3+deb8u5 has caused the Debian Bug report #842665, regarding CVE-2016-6796: Apache Tomcat Security Manager Bypass to be marked as done.

Bug#842664: marked as done (CVE-2016-6794: Apache Tomcat System Property Disclosure)

2016-11-23 Thread Debian Bug Tracking System
Your message dated Wed, 23 Nov 2016 19:32:09 + with message-id and subject line Bug#842664: fixed in tomcat7 7.0.56-3+deb8u5 has caused the Debian Bug report #842664, regarding CVE-2016-6794: Apache Tomcat System Property Disclosure to be marked as done.

Bug#842663: marked as done (CVE-2016-5018: Apache Tomcat Security Manager Bypass)

2016-11-23 Thread Debian Bug Tracking System
Your message dated Wed, 23 Nov 2016 19:32:09 + with message-id and subject line Bug#842663: fixed in tomcat7 7.0.56-3+deb8u5 has caused the Debian Bug report #842663, regarding CVE-2016-5018: Apache Tomcat Security Manager Bypass to be marked as done.