File: changelog

package info (click to toggle)
libxml-security-java 2.1.7-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 17,636 kB
  • sloc: java: 79,302; xml: 23,408; sh: 228; makefile: 8
file content (195 lines) | stat: -rw-r--r-- 7,100 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
libxml-security-java (2.1.7-3) unstable; urgency=medium

  * Team upload
  * Raising Standards version to 4.6.2:
    - Setting Rules-Requires-Root: no
  * Depending on liblog4j1.2-java (Closes: #1028796)
  * Removing unneeded versioned build-dependencies
  * Removing trailing slash in d/copyright Files-Excluded entry
  * Use secure URI in Homepage field.
  * Set upstream metadata fields: Bug-Database, Repository, Repository-Browse.
  * Adding a Lintian override for embedded JS in the -doc package

 -- Pierre Gruet <pgt@debian.org>  Sun, 22 Jan 2023 18:31:41 +0100

libxml-security-java (2.1.7-2) unstable; urgency=medium

  * Team upload.
  * Re-enable the test suite again. Ignore test failures because of file not
    found exceptions. Those files have been removed because of DFSG reasons.

 -- Markus Koschany <apo@debian.org>  Sun, 14 Nov 2021 14:08:08 +0100

libxml-security-java (2.1.7-1) unstable; urgency=high

  * Team upload.
  * New upstream version 2.1.7.
    - Fix CVE-2019-12400:
      In version 2.0.3 Apache Santuario XML Security for Java, a caching
      mechanism was introduced to speed up creating new XML documents using a
      static pool of DocumentBuilders. However, if some untrusted code can
      register a malicious implementation with the thread context class loader
      first, then this implementation might be cached and re-used by Apache
      Santuario - XML Security for Java, leading to potential security flaws
      when validating signed documents, etc. The vulnerability affects Apache
      Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x
      releases before 2.1.4.
      (Closes: #935548)
    - Fix CVE-2021-40690:
      All versions of Apache Santuario - XML Security for Java prior to 2.2.3
      and 2.1.7 are vulnerable to an issue where the "secureValidation"
      property is not passed correctly when creating a KeyInfo from a
      KeyInfoReference element. This allows an attacker to abuse an XPath
      Transform to extract any local .xml files in a RetrievalMethod element.
      (Closes: #994569)
  * Switch to debhelper-compat = 13.
  * Declare compliance with Debian Policy 4.6.0.
  * Drop 0001-Recover-old-API-for-libitext5-java.patch. This appears to work
    now.
  * Add no-errorprone.patch and ignore errorprone core artifact.
  * Update debian/watch and detect new releases on github.com.
  * Remove old orig-tar.sh script and use the Files-Excluded mechanism instead.

 -- Markus Koschany <apo@debian.org>  Thu, 23 Sep 2021 23:29:16 +0200

libxml-security-java (2.0.10-2) unstable; urgency=medium

  * Team upload.

  [ Jochen Sprickerhof ]
  * Add patch for old API used by libitext5-java (Closes: #906375)

  [ Emmanuel Bourg ]
  * Standards-Version updated to 4.2.1

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 24 Sep 2018 12:06:50 +0200

libxml-security-java (2.0.10-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - New build dependency on libmaven-jaxb2-plugin-java
    - New dependency on libwoodstox-java
  * Build with Java 8 compatibility
  * Standards-Version updated to 4.1.5
  * Switch to debhelper level 11
  * Use salsa.debian.org Vcs-* URLs
  * Use a secure URL in debian/watch and debian/orig-tar.sh

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 25 Jul 2018 10:46:30 +0200

libxml-security-java (1.5.8-2) unstable; urgency=medium

  * Team upload.
  * maven.properties: Skip the tests to prevent build failure on amd64.
    (Closes: #852930)
  * libxml-security-java: Improve the short description. (Closes: #756642)

 -- Markus Koschany <apo@debian.org>  Mon, 06 Feb 2017 12:47:14 +0100

libxml-security-java (1.5.8-1) unstable; urgency=medium

  * New upstream release
  * Build with the DH sequencer instead of CDBS
  * Enabled the OSGi metadata
  * Moved the package to Git
  * Removed Niels Thykier from the uploaders (Closes: #770585)
  * Updated debian/watch to track the latest releases
  * Removed the non-free RFC3161 from the upstream tarball
  * Use XZ compression for the upstream tarball
  * Standards-Version updated to 3.9.8 (no changes)
  * Switch to debhelper level 10

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 16 Nov 2016 16:39:56 +0100

libxml-security-java (1.5.6-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
    - Addresses CVE-2013-4517 (Closes: #733938)
  * Freshen pom.xml patch for new version.

 -- tony mancill <tmancill@debian.org>  Sun, 02 Feb 2014 10:14:47 -0800

libxml-security-java (1.5.5-2) unstable; urgency=low

  * Upload to unstable
  * Release 1.5.5 fixes CVE-2013-2172 (Closes: #720375)
  * Added the Classpath attribute in the jar manifest

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 26 Aug 2013 19:56:57 +0200

libxml-security-java (1.5.5-1) experimental; urgency=low

  * New upstream release
  * Refreshed the patch
  * Use canonical URLs for the Vcs-* fields
  * Changed the Maven rules to Ignore the parent pom

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 03 Jul 2013 15:31:41 +0200

libxml-security-java (1.5.4-1) experimental; urgency=low

  [ Emmanuel Bourg ]
  * Team upload.
  * New upstream release
  * Refreshed the patch
  * Updated Standards-Version to 3.9.4 (no changes)
  * Removed Michael Koch from the Uploaders list (Closes: #654103)
  * Updated debian/copyright to comply with the Machine readable format 1.0

  [ tony mancill ]
  * Add libbcprov-java to Build-Depends-Indep

 -- tony mancill <tmancill@debian.org>  Sat, 27 Apr 2013 21:18:13 -0700

libxml-security-java (1.4.5-1) unstable; urgency=low

  * New upstream release
  * Update debian/watch to point to new SVN repo.
  * Update Standards-Version: 3.9.1.
  * Switch to source format 3.0.
  * Use Maven to build the package. Ignore test failures.
  * Update Description.
  * Add a documentation package.
  * Update Homepage field.

 -- Torsten Werner <twerner@debian.org>  Tue, 30 Aug 2011 14:07:46 +0200

libxml-security-java (1.4.3-2) unstable; urgency=low

  [ Thierry Carrez ]
  * debian/build.xml: Build Java2 code to match runtime dependency
  * debian/build.xml: Fix the jar packaging to include resources
    (Closes: #557306)

  [ Niels Thykier ]
  * Removed ${shlibs:Depends} from Depends; does not make sense for java.

 -- Niels Thykier <niels@thykier.net>  Mon, 30 Nov 2009 22:20:10 +0100

libxml-security-java (1.4.3-1) unstable; urgency=low

  * New upstream release.
  * (Build-)Depends on default-jdk.
  * Build-Depends on debhelper >= 7.
  * Moved package to section 'java'.
  * Addded myself to Uploaders.
  * Updated Standards-Version to 3.8.3.

 -- Michael Koch <konqueror@gmx.de>  Mon, 05 Oct 2009 08:05:07 +0200

libxml-security-java (1.4.2-1) unstable; urgency=low

  * New upstream release
  * Bump Standards-Version to 3.8.0
  * debian/copyright: remove the full text of Apache 2.0 license, as now
    is included in common licenses

 -- Varun Hiremath <varun@debian.org>  Fri, 11 Jul 2008 19:22:33 +0530

libxml-security-java (1.4.1-1) unstable; urgency=low

  * Initial release (Closes: #450611)

 -- Varun Hiremath <varun@debian.org>  Fri, 18 Jan 2008 14:56:26 +0530