Bug#955018: shiro: CVE-2020-1957
Chris Lamb
lamby at debian.org
Wed Apr 15 10:49:36 BST 2020
Hi again,
> > > shiro: CVE-2020-1957
> >
> > I'm trying to work on this for Debian LTS, but I am having trouble
> > enabling the test suite
>
> Just wondering if you have any thoughts on how to get the testsuite
> running for shiro?
>
> Naturally, I would not like introduce any regressions when applying
> this security change and running the existing tests would be part of
> that effort. Hopefully it's just something simple that I am missing.
I had another run at this today and (working with the unstable version
for now) I have managed to convince Maven to at least attempt to
compile the tests.
They unfortuantely fail to build due to an inability to locate the
Easymock package:
INFO -------------------------------------------------------------
ERROR COMPILATION ERROR :
INFO^ -------------------------------------------------------------
ERROR «BUILDDIR»/core/src/test/java/org/apache/ >>shiro/authc/AbstractAuthenticatorTest.java:[31,27] package org.easymock does not exist
However, installing libeasymock-java does not fix this, nor does
playing around with adding various entries in debian/maven.rules such
as:
/easymock/org.easymock/ easymock * s/.*/debian/ * *
… but I am likely missing something here, perhaps with version
expectation mismatch on this package between shiro (3.1) and the
Debian package (4.2). Input remains very welcome. :)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org 🍥 chris-lamb.co.uk
`-
More information about the pkg-java-maintainers
mailing list