Re: Security issue in groovy<2.5.0

To: debian-java@lists.debian.org
Cc: Emmanuel Bourg <ebourg@apache.org>, Kai-Chung Yan <seamlikok@gmail.com>, Miguel Landaeta <nomadium@debian.org>
Subject: Re: Security issue in groovy<2.5.0
From: Felix Natter <fnatter@gmx.net>
Date: Thu, 07 Sep 2017 20:40:50 +0200
Message-id: <[🔎] 871sniz70t.fsf@bitburger.home.felix>
In-reply-to: <d6318a67-aeec-5ef8-de12-d20cccc361d1@apache.org> (Emmanuel Bourg's message of "Sat, 26 Aug 2017 17:54:14 +0200")
References: <87valmm50y.fsf@bitburger.home.felix> <d6318a67-aeec-5ef8-de12-d20cccc361d1@apache.org>

hello Debian-java,

Emmanuel Bourg <ebourg@apache.org> writes:
> Le 17/08/2017 à 20:18, Felix Natter a écrit :
>
>> So the question is: Can I package freeplane without the 'securegroovy'
>> library, expecting that groovy 2.5 will be released soon, and will
>> shortly after be packaged for Debian?
>
> Yes ignore securegroovy, we have to directly patch or upgrade our groovy
> package in this case.

I have backported the single GROOVY-8163 [1] [2] commit (plus a missing
import), and pushed the result here:
  https://anonscm.debian.org/cgit/pkg-java/groovy.git

[1] https://issues.apache.org/jira/browse/GROOVY-8163
[2] https://github.com/apache/groovy/commit/0305a38a0cc8f4190a1486c460ebc6f712ad1a07

I have tested this extensively with freeplane.

Could someone please consider sponsoring this?

I assumed a QA upload because lintian complains about missing Uploader:
and because of Paul Wise's advice. Shall I revert to team upload?

Thanks and Best Regards,
-- 
Felix Natter
debian/rules!

Reply to:

Follow-Ups:
- Re: Security issue in groovy<2.5.0
  - From: Emmanuel Bourg <ebourg@apache.org>

Prev by Date: Re: Security issue in groovy<2.5.0
Next by Date: Re: Security issue in groovy<2.5.0
Previous by thread: Re: Security issue in groovy<2.5.0
Next by thread: Re: Security issue in groovy<2.5.0
Index(es):
- Date
- Thread