[Debian-med-packaging] Bug#1108463: unblock: beast-mcmc/1.10.4+dfsg-7

Étienne Mollier emollier at debian.org
Sun Jun 29 10:06:20 BST 2025 

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: beast-mcmc at packages.debian.org
Control: affects -1 + src:beast-mcmc
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package beast-mcmc

[ Reason ]
beast-mcmc source is affected by important bug #1103836 raised
by the Security Team: beast-mcmc source up to 1.10.4+dfsg-6
build depends on libitext1-java which is obsolete for a while.
Upon investigation, it seems that the remaining build dependency
on libitext1-java was an oversight, as the build process also
transitively depends on the contemporary libitext5-java, and
seemingly uses this version for the resulting binaries.  I have
removed the build dependency on libitext1-java in the package
version available in sid.  I'm under the impression that it
would be beneficial to have this change brought to trixie, in
order to allow the removal of libitext1-java from the archive
starting with trixie.

[ Impact ]
It has been mentionned that beast-mcmc is the last package to 
make the presence of libitext1-java necessary in the archive.
If the unblock is not granted, it will continue to be necessary
to the trixie release, with the implication of having an
outdated package around with regards to its lack of security
support.

[ Tests ]
The package ships a suite of unit tests which is not enabled.
In order to have some confidence that the build dependency
removal has not caused damages, I have run the test suite on
1.10.4+dfsg-6 and 1.10.4+dfsg-7, and verified that there were no
regressions.  I alse examined differences in binary packages at
the diffoscope, and have witnessed nothing apart from changes in
timestamps, suggesting that the build process has not been
affected by the removal of libitext1-java.  The newer package
version is also available for 11 days already.

[ Risks ]
The change is one line, but may not have trivial consequences;
this is mitigated by verifying there were no regressions and
binary artifacts examination with diffoscope.  I am not an end
user of beast-mcmc and cannot tell whether it is in working
conditions or not, but no user raised any alert to the Debian
Med team about a regression of the package in the past 11 days,
since the change is available in sid.

[ Checklist ]
  [*] all changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in testing

[ Other info ]
debdiff is inline, given how short it is:

-------8<--------------8<--------------8<--------------8<-------
diff -Nru beast-mcmc-1.10.4+dfsg/debian/changelog beast-mcmc-1.10.4+dfsg/debian/changelog
--- beast-mcmc-1.10.4+dfsg/debian/changelog	2024-12-21 17:38:11.000000000 +0100
+++ beast-mcmc-1.10.4+dfsg/debian/changelog	2025-06-17 22:28:38.000000000 +0200
@@ -1,3 +1,10 @@
+beast-mcmc (1.10.4+dfsg-7) unstable; urgency=medium
+
+  * Team upload.
+  * d/control: remove dependency to libitext1-java. (Closes: #1103836)
+
+ -- Étienne Mollier <emollier at debian.org>  Tue, 17 Jun 2025 22:28:38 +0200
+
 beast-mcmc (1.10.4+dfsg-6) unstable; urgency=medium
 
   * Fix clean target
diff -Nru beast-mcmc-1.10.4+dfsg/debian/control beast-mcmc-1.10.4+dfsg/debian/control
--- beast-mcmc-1.10.4+dfsg/debian/control	2024-12-21 17:38:11.000000000 +0100
+++ beast-mcmc-1.10.4+dfsg/debian/control	2025-06-17 22:28:38.000000000 +0200
@@ -21,7 +21,6 @@
                libjdom1-java,
                junit4,
                libmtj-java,
-               libitext1-java,
                libejml-java (>= 0.41),
                libjlapack-java
 Standards-Version: 4.7.0
-------8<--------------8<--------------8<--------------8<-------


unblock beast-mcmc/1.10.4+dfsg-7

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier <emollier at debian.org>
 : :' :  pgp: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/2, please excuse my verbosity
   `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20250629/c1bf420b/attachment-0001.sig>

More information about the Debian-med-packaging mailing list