I saw the bug has been closed. Great work, Olek!
By the way, I have bumped the version to 4.1.0. Two additional patches
are needed: one to remove "bazel_skylib" dependency introduced by a
"darwin-arm64" workaround and one to use Debian-provided "rxjava". The
later one can be sent to upstream, and the first one is going to stay
until we got the "bazel_skylib" ready.
Please review the changes when you have time. I am still working on the
d/copyright stuff you mentioned, but I am not able to commit much time
near the end of quarter. Hopefully someone else can help me with that.
Yun, can you take a look at the "rxjava" patch? I can open a PR if it is
good.
FYI: As I haven't updated the "pristine-tar" and "upstream" branches of
our main repo yet (I'd like to leave them to Olek), the CI would always
fail with "uscan error: unzip binary not found". Plus, it seems that
Salsa no longer runs CI on personal repos.
Thanks,
Jesse.
On 5/31/2021 8:17 AM, Yun Peng wrote:
> Thanks, Olek!
>
> Looks like the bug is fixed in the latest release of
> google-oauth-client. Does this mean we just need to upgrade its
> version in Debian?
>
> Please let me know if I can help with anything!
>
> On Sun, May 30, 2021 at 6:32 PM Olek Wojnar <olek@debian.org
> <mailto:olek@debian.org>> wrote:
>
> Debian Bazel Team,
>
> It just came to my attention that there is a Release Critical Security
> Bug against the google-oauth-client-java package. [1] If not fixed
> quickly, this will result in the removal of that package as well
> as its
> dependencies (google-api-client-java and bazel-bootstrap). Fixing this
> is now my #1 priority. I'll update this list with progress.
>
>
> -Olek
>
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944
> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944>
>