File: changelog

package info (click to toggle)
lucene-solr 3.6.2+dfsg-22
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 91,288 kB
  • sloc: java: 465,555; xml: 24,956; ruby: 3,453; jsp: 2,637; sh: 1,660; python: 1,619; perl: 1,407; cpp: 305; makefile: 53
file content (262 lines) | stat: -rw-r--r-- 9,447 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
lucene-solr (3.6.2+dfsg-22) unstable; urgency=medium

  * Add myself to Uploaders and remove Jakub Adam, James Page and Mat Scales
    because they are not active anymore.
  * Declare compliance with Debian Policy 4.4.1.
  * Fix CVE-2019-0193:
    The DataImportHandler, an optional but popular module to pull in data from
    databases and other sources, has a feature in which the whole DIH
    configuration can come from a request's "dataConfig" parameter. The debug
    mode of the DIH admin screen uses this to allow convenient debugging /
    development of a DIH config. Since a DIH config can contain scripts, this
    parameter is a security risk. Starting from now on, use of this parameter
    requires setting the Java System property "enable.dih.dataConfigParam" to
    true. For example this can be achieved with solr-tomcat by adding
    -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9.

 -- Markus Koschany <apo@debian.org>  Thu, 10 Oct 2019 17:39:16 +0200

lucene-solr (3.6.2+dfsg-21) unstable; urgency=high

  * Team upload.
  * Switch to debhelper-compat = 12.
  * Disable obsolete call to ContextHandler in solr-jetty9.xml.
    Install solr-permissions.conf into /etc/systemd/system/jetty9.service.d/ and
    override read-only permissions of Jetty9 which will allow the service to
    start out-of-the-box again.
    Thanks to Stephan Beirer for the report. (Closes: #933854, #933857)
  * Declare compliance with Debian Policy 4.4.0.

 -- Markus Koschany <apo@debian.org>  Mon, 02 Sep 2019 14:07:25 +0200

lucene-solr (3.6.2+dfsg-20) unstable; urgency=medium

  * Team upload.
  * Remove now obsolete solr-permissions.conf in /etc/systemd/system/tomcat9.d/.

 -- Markus Koschany <apo@debian.org>  Thu, 25 Apr 2019 16:39:14 +0200

lucene-solr (3.6.2+dfsg-19) unstable; urgency=medium

  * Team upload.
  * Install solr-permissions.conf into the correct directory.

 -- Markus Koschany <apo@debian.org>  Fri, 19 Apr 2019 00:39:36 +0200

lucene-solr (3.6.2+dfsg-18) unstable; urgency=medium

  * Team upload.
  * Add solr-permissions.conf and override tomcat9 permissions to allow
    solr-tomcat read-write access to /var/lib/solr. (Closes: #919638)

 -- Markus Koschany <apo@debian.org>  Sat, 02 Mar 2019 23:02:16 +0100

lucene-solr (3.6.2+dfsg-17) unstable; urgency=medium

  * Team upload.
  * Do not build the lucene3 javadocs anymore. Very low popcon and build
    failures. (Closes: #917739)
  * Remove TODO.Debian.
  * Add web.xml.patch and use a correct DTD schema otherwise jasper will abort
    the build process.
  * Remove el-api.jar from the classpath to avoid a conflict with jasper-el.
  * Execute postrm commands in solr-jetty and solr-tomcat on purge too.
    (Closes: #914223)

 -- Markus Koschany <apo@debian.org>  Fri, 15 Feb 2019 11:21:49 +0100

lucene-solr (3.6.2+dfsg-16) unstable; urgency=medium

  * Team upload.
  * Transition to Tomcat 9
  * Fixed the compatibility with Jetty 9.4
  * Use salsa.debian.org Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 10 Dec 2018 22:59:36 +0100

lucene-solr (3.6.2+dfsg-15) unstable; urgency=medium

  * Team upload.
  * Switch from libmysql-java to libmariadb-java.

 -- Markus Koschany <apo@debian.org>  Fri, 09 Nov 2018 17:23:59 +0100

lucene-solr (3.6.2+dfsg-14) unstable; urgency=medium

  * Team upload.
  * debian/build-jars: Fix broken links to woodstox-core.jar. The jar files
    were renamed.  (Closes: #906384). This also addresses the runtime error.
    solr-tomcat works as expected again. (Closes: #904063)
  * Disable the tests and work around a FTBFS. Ideally this should been
    investigated and fixed eventually.

 -- Markus Koschany <apo@debian.org>  Sat, 25 Aug 2018 23:23:24 +0200

lucene-solr (3.6.2+dfsg-13) unstable; urgency=medium

  * Team upload.
  * Symlink /etc/solr/solr-jetty.xml to /var/lib/jetty9/webapps/solr.xml
    to make solr-jetty work out-of-the-box.
    Thanks to Larocque for the report. (Closes: #886090)

 -- Markus Koschany <apo@debian.org>  Sun, 06 May 2018 20:51:06 +0200

lucene-solr (3.6.2+dfsg-12) unstable; urgency=high

  * Team upload.
  * Fix FTBFS with Ant 1.10. (Closes: #895797)
  * Fix CVE-2018-1308. (Closes: #896604)
  * Declare compliance with Debian Policy 4.1.4.

 -- Markus Koschany <apo@debian.org>  Tue, 01 May 2018 23:35:41 +0200

lucene-solr (3.6.2+dfsg-11) unstable; urgency=medium

  * Team upload.
  * Switch to compat level 11.
  * Declare compliance with Debian Policy 4.1.3.
  * Fix CVE-2017-12629: possible remote code execution by exploiting XXE. For
    security reasons the RunExecutableListener class was permanently removed.
  * Fix CVE-2017-3163: path traversal vulnerability. (Closes: #867712)

 -- Markus Koschany <apo@debian.org>  Sun, 14 Jan 2018 14:32:32 +0100

lucene-solr (3.6.2+dfsg-10) unstable; urgency=medium

  * Team upload.
  * Remove obsolete Resources className directive as it does not work with
    Tomcat8. Thanks to Matthias Liertzer for the report. (Closes: #856626)

 -- Markus Koschany <apo@debian.org>  Thu, 30 Mar 2017 20:24:00 +0200

lucene-solr (3.6.2+dfsg-9) unstable; urgency=medium

  * Team upload.

  [ Emmanuel Bourg ]
  * Switched the dependencies to tomcat8, libservlet3.1-java and jetty9
  * Standards-Version updated to 3.9.8
  * Use a secure Vcs-* URL
  * Fixed the watch file

  [ tony mancill ]
  * Add Dutch translation of debconf messages. (Closes: #835136)
    Thank you to Frans Spiesschaert for the translation.

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 24 Oct 2016 17:10:19 +0200

lucene-solr (3.6.2+dfsg-8) unstable; urgency=medium

  * Team upload.
  * Transition to bnd 2.1.0.
  * Fix Lintian warning empty-short-license-in-dep5-copyright.
  * Fix Lintian warnings command-with-path-in-maintainer-script.
  * Vcs-Browser: Use https.

 -- Markus Koschany <apo@debian.org>  Thu, 19 Nov 2015 22:13:50 +0100

lucene-solr (3.6.2+dfsg-7) unstable; urgency=medium

  * Add OSGi metadata to JAR manifests
  * Add Jakub Adam to Uploaders
  * Update file paths in d/copyright

 -- Jakub Adam <jakub.adam@ktknet.cz>  Mon, 03 Aug 2015 15:49:56 +0200

lucene-solr (3.6.2+dfsg-6) unstable; urgency=medium

  * Team upload.

  [ Emmanuel Bourg ]
  * Removed the dependency on libgeronimo-stax-1.2-spec-java
  * Fixed a test failure with commons-codec 1.10
  * Fixed a test failure with Java 8 (Closes: #760927)
  * Use XZ compression for the upstream tarball
  * debian/watch: No longer use the defunct githubredir.debian.net redirector

  [ Victor Seva ]
  * solr-tomcat: allow tomcat7-user as depends (Closes: #606138)

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 13 Jul 2015 14:45:06 +0200

lucene-solr (3.6.2+dfsg-5) unstable; urgency=medium

  * Team upload.
  * Fixed the deployment with Jetty 8 (Closes: #752547, #767525)
  * Enable the symbolic links with Jetty (Closes: #701876)
  * Fixed the path to dpkg-statoverride in solr-jetty.postrm (Closes: #767519)

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 31 Oct 2014 19:28:25 +0100

lucene-solr (3.6.2+dfsg-4) unstable; urgency=medium

  * Team upload.
  * Switched the dependencies to tomcat7, libservlet3.0-java and jetty8
  * Fixed a format issue with CVE-2013-6397.patch
  * Standards-Version updated to 3.9.6 (no changes)

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 06 Oct 2014 15:47:56 +0200

lucene-solr (3.6.2+dfsg-3) unstable; urgency=medium

  * Team upload.
  * Add tomcat-coyote to debian/build-jars to address FTBFS.
    (Closes: #749364)
  * Update Vcs- URLs in debian/control.
  * Use debhelper 9.
  * Bump Standards-Version to 3.9.5.

 -- tony mancill <tmancill@debian.org>  Tue, 10 Jun 2014 22:29:19 -0700

lucene-solr (3.6.2+dfsg-2) unstable; urgency=low

  * Fixes for new security vulnerabilities (Closes: #731113):
    - debian/patches/CVE-2013-6397.patch:
      Fix DocumentAnalysisRequestHandler to correctly use
      EmptyEntityResolver to prevent loading of external entities like
      UpdateRequestHandler does.
      CVE-2013-6397
    - debian/patches/CVE-2013-6407_CVE-2013-6408.patch:
      XML and XSLT UpdateRequestHandler should not try to
      resolve external entities. This improves speed of loading e.g.
      XSL-transformed XHTML documents.
      CVE-2013-6407
      Fix XML parsing in XPathEntityProcessor to correctly
      expand named entities, but ignore external entities.
      CVE-2013-6408

 -- James Page <james.page@ubuntu.com>  Sat, 14 Dec 2013 22:07:54 +0000

lucene-solr (3.6.2+dfsg-1) unstable; urgency=low

  * Upload to unstable.

 -- James Page <james.page@ubuntu.com>  Thu, 16 May 2013 10:45:27 +0100

lucene-solr (3.6.2+dfsg-1~exp1) experimental; urgency=low

  [ tony mancill ]
  * solr-jetty: correct symlink to solr in /var/lib/jetty/webapps/
    (Closes: #696347)

  [ James Page ]
  * New upstream release.
  * d/copyright: Removed surplus GPL-2 paragraph.
  * d/control: Tidied short descriptions.

 -- James Page <james.page@ubuntu.com>  Mon, 07 Jan 2013 14:23:47 +0000

lucene-solr (3.6.1+dfsg-1) experimental; urgency=low

  * New upstream release.
  * Add dependency on JDK for solr-jetty (LP: #1046732):
    - d/control: Add extra Depends on default-jdk | java5-jdk as jetty
      requires a full JDK to support use of JSP's which solr uses.

 -- James Page <james.page@ubuntu.com>  Wed, 21 Nov 2012 09:31:05 +0000

lucene-solr (3.6.0+dfsg-1) unstable; urgency=low

  * Initial release. (Closes: #594027)

 -- James Page <james.page@ubuntu.com>  Tue, 29 May 2012 17:32:24 +0100