--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package lucene4.10
We would like to remove simple-xml from Buster (#888547) because the
package is unmaintained and affected by CVE-2017-1000190. In order to
achieve that the build-dependency on simple-xml in
carrotsearch-randomizedtesting had to be removed which makes
lucene4.10 FTBFS now.
Since carrotsearch-randomizedtesting is only a test dependency, I
have added a patch to fix this problem.
unblock lucene4.10/4.10.4+dfsg-5
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
diff -Nru lucene4.10-4.10.4+dfsg/debian/changelog lucene4.10-4.10.4+dfsg/debian/changelog
--- lucene4.10-4.10.4+dfsg/debian/changelog 2019-01-19 23:19:03.000000000 +0100
+++ lucene4.10-4.10.4+dfsg/debian/changelog 2019-04-17 00:24:30.000000000 +0200
@@ -1,3 +1,12 @@
+lucene4.10 (4.10.4+dfsg-5) unstable; urgency=medium
+
+ * Team upload.
+ * Add carrotsearch-juni4-ant.patch and do not require
+ libcarrotsearch-randomizedtesting-java as a test dependency anymore.
+ This allows us to remove libsimple-xml-java from Buster.
+
+ -- Markus Koschany <apo@debian.org> Wed, 17 Apr 2019 00:24:30 +0200
+
lucene4.10 (4.10.4+dfsg-4) unstable; urgency=medium
* Team upload.
diff -Nru lucene4.10-4.10.4+dfsg/debian/patches/carrotsearch-juni4-ant.patch lucene4.10-4.10.4+dfsg/debian/patches/carrotsearch-juni4-ant.patch
--- lucene4.10-4.10.4+dfsg/debian/patches/carrotsearch-juni4-ant.patch 1970-01-01 01:00:00.000000000 +0100
+++ lucene4.10-4.10.4+dfsg/debian/patches/carrotsearch-juni4-ant.patch 2019-04-17 00:24:30.000000000 +0200
@@ -0,0 +1,22 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 14 Apr 2019 23:09:21 +0200
+Subject: carrotsearch juni4-ant
+
+Do not use com.carrotsearch.randomizedtesting, so that libsimple-xml-java can
+be removed from Buster.
+---
+ test-framework/ivy.xml | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/test-framework/ivy.xml b/test-framework/ivy.xml
+index 7390a0a..ace6359 100644
+--- a/test-framework/ivy.xml
++++ b/test-framework/ivy.xml
+@@ -33,7 +33,6 @@
+
+ <dependency org="junit" name="junit" rev="${/junit/junit}" conf="compile,junit4-stdalone"/>
+ <dependency org="org.hamcrest" name="hamcrest-core" rev="debian" conf="compile,junit4-stdalone"/>
+- <dependency org="com.carrotsearch.randomizedtesting" name="junit4-ant" rev="${/com.carrotsearch.randomizedtesting/junit4-ant}" conf="compile,junit4-stdalone"/>
+ <dependency org="com.carrotsearch.randomizedtesting" name="randomizedtesting-runner" rev="${/com.carrotsearch.randomizedtesting/randomizedtesting-runner}" conf="compile,junit4-stdalone"/>
+
+ <exclude org="*" ext="*" matcher="regexp" type="${ivy.exclude.types}"/>
diff -Nru lucene4.10-4.10.4+dfsg/debian/patches/series lucene4.10-4.10.4+dfsg/debian/patches/series
--- lucene4.10-4.10.4+dfsg/debian/patches/series 2016-08-03 18:54:38.000000000 +0200
+++ lucene4.10-4.10.4+dfsg/debian/patches/series 2019-04-17 00:24:30.000000000 +0200
@@ -1,3 +1,4 @@
0005-Revert-upstream-removal-of-deprecated-QueryParser-co.patch
0006-use-local-artifacts.patch
0007-missing-hamcrest-dependency.patch
+carrotsearch-juni4-ant.patch
--- End Message ---