Author: ebourg-guest Date: 2014-03-25 16:18:21 +0000 (Tue, 25 Mar 2014) New Revision: 17949
Added: tags/libxalan2-java/2.7.1-9/ tags/libxalan2-java/2.7.1-9/debian/changelog tags/libxalan2-java/2.7.1-9/debian/compat tags/libxalan2-java/2.7.1-9/debian/control tags/libxalan2-java/2.7.1-9/debian/patches/CVE-2014-0107.patch tags/libxalan2-java/2.7.1-9/debian/patches/series tags/libxalan2-java/2.7.1-9/debian/rules Removed: tags/libxalan2-java/2.7.1-9/debian/changelog tags/libxalan2-java/2.7.1-9/debian/compat tags/libxalan2-java/2.7.1-9/debian/control tags/libxalan2-java/2.7.1-9/debian/patches/series tags/libxalan2-java/2.7.1-9/debian/rules Log: [svn-buildpackage] Tagging libxalan2-java 2.7.1-9 Deleted: tags/libxalan2-java/2.7.1-9/debian/changelog =================================================================== --- trunk/libxalan2-java/debian/changelog 2014-03-25 05:20:06 UTC (rev 17938) +++ tags/libxalan2-java/2.7.1-9/debian/changelog 2014-03-25 16:18:21 UTC (rev 17949) @@ -1,318 +0,0 @@ -libxalan2-java (2.7.1-8) unstable; urgency=low - - [ Miguel Landaeta ] - * Team upload. - * Remove Michael Koch from Uploaders list. - Thanks for the work on this package. (Closes: #654100). - * Ensure backwards compatible bytecode is build (LP: #1049794): - - d/ant.properties: Specify source/target = 1.5 when compiling - Java source code. Thanks to James Page for the patch. (Closes: #688208). - - [ tony mancill ] - * Bump Standards-Version to 3.9.4. No changes were required. - - -- tony mancill <[email protected]> Wed, 29 May 2013 20:57:50 -0700 - -libxalan2-java (2.7.1-7) unstable; urgency=low - - [Jakub Adam] - * Add OSGi metadata to jar manifest - * Add javahelper to Build-Depends - * Add Jakub Adam to Uploaders. - * Require libstylebook-java (>> 1.0~b3~svn20061109-4) in Build-Depends - because of FTBFS with this version. - - [tony mancill] - * Drop recommends on -gcj packages. (Closes: #651047) - - Thanks to Martin Pitt. - * Update Vcs-Svn URL. - * Bump standards version to 3.9.2 (no changes). - - -- Jakub Adam <[email protected]> Sat, 26 Nov 2011 21:10:08 +0100 - -libxalan2-java (2.7.1-6) unstable; urgency=low - - * Team upload - * Do no longer build the *-gcj packages. - * Remove Arnaud from Uploaders list. - * Switch to source format 3.0. - - -- Torsten Werner <[email protected]> Wed, 17 Aug 2011 18:01:33 +0200 - -libxalan2-java (2.7.1-5) unstable; urgency=low - - * Upload to unstable. - - -- Torsten Werner <[email protected]> Sun, 09 Aug 2009 12:44:05 +0200 - -libxalan2-java (2.7.1-4) experimental; urgency=low - - * Bump up Standards-Version to 3.8.2 - * Move api documentation to /usr/share/doc/libxalan2-java/api - * Change section to java for all Java binary packages - * Install serializer.jar in /usr/share/java as it was - done in 2.7.1-2 - * Migrate the patch to quilt and update it - * Remove JLex.jar from the source tarball and use the Debian - version for the build. - * Include the dependent jars (java_cup, JLex, bcel) from the - Debian distribution into xalan.jar - - -- Ludovic Claude <[email protected]> Mon, 13 Jul 2009 23:43:51 +0100 - -libxalan2-java (2.7.1-3) experimental; urgency=low - - * Change section to java, bump up Standards-Version to 3.8.1 - * Remove the link from /usr/share/java/jaxp-1.3.jar to - /usr/share/java/xml-apis.jar as it is better to add it to the - libjaxp-1.3-java package. - * Add the Maven POM to the package, - * Add a Build-Depends dependency on maven-repo-helper - * Use mh_installpom and mh_installjar to install the POM and the jar to the - Maven repository - * Add ${misc:Depends} to Depends to clear Lintian warnings - * Remove full text of Apache 2 license from copyright - - -- Ludovic Claude <[email protected]> Fri, 08 May 2009 13:42:36 +0100 - -libxalan2-java (2.7.1-2) unstable; urgency=low - - * Build-Depends on default-jdk-builddep. Closes: #477893 - * Clarified debian/copyright. - * Don't use '-1' in Build-Depends. - * Updated watch file to match upstream correctly. - - -- Michael Koch <[email protected]> Sun, 27 Apr 2008 10:20:03 -0100 - -libxalan2-java (2.7.1-1) unstable; urgency=low - - * New upstream release. - * Fixed path to xmlParserAPIs.jar in debian/ant.properties. - * Added Homepage field. - * Renamed XS-Vcs-Svn fielt to Vcs-Svn and XS-Vcs-Browse to Vcs-Browser. - * Updated Standards-Version to 3.7.3. - * Added myself to Uploaders. - - -- Michael Koch <[email protected]> Tue, 01 Jan 2008 14:33:39 +0100 - -libxalan2-java (2.7.0-5) unstable; urgency=low - - * debian/control: removed Stefan Gybas, Wolfgang Baer and Jeroen van - Wolffelaar from uploaders. - * generate the doc with stylebook (closes: #402556). - - -- Arnaud Vandyck <[email protected]> Mon, 16 Jul 2007 11:07:20 +0200 - -libxalan2-java (2.7.0-4) unstable; urgency=medium - - * libxalan2-java-gcj: Depend on libjaxp1.3-java. Closes: #408729. - - -- Matthias Klose <[email protected]> Wed, 14 Feb 2007 03:07:11 +0100 - -libxalan2-java (2.7.0-3) unstable; urgency=low - - * Merge from Ubuntu: - - build libxalan2-java-gcj and libxsltc-java-gcj packages. - - -- Matthias Klose <[email protected]> Thu, 4 Jan 2007 08:48:22 +0100 - -libxalan2-java (2.7.0-2) UNRELEASED; urgency=low - - [ Arnaud Vandyck ] - * debian/watch: added - - [ Marcus Better ] - * Remove dangling index.html symlink until we can build proper HTML - documentation. (Closes: #402529) - * debian/control: Add XS-Vcs-* fields and Homepage lines. - - -- Marcus Better <[email protected]> Mon, 11 Dec 2006 10:57:00 +0100 - -libxalan2-java (2.7.0-1) unstable; urgency=low - - * debian/rules: Also install serializer.jar. (Closes: #390148) - * debian/control: Added myself as uploader. - * debian/control: Changed duplicate Build-Depends-Indep to Build-Depends. - * Bumped compatibility level to 5. - - -- Marcus Better <[email protected]> Tue, 17 Oct 2006 14:27:25 +0200 - -libxalan2-java (2.7.0-0) experimental; urgency=low - - * New upstream. - * Standards-Version updated to 3.7.2, moved cdbs and debhelper to - Build-Depends. - - -- Arnaud Vandyck <[email protected]> Mon, 3 Jul 2006 13:33:15 +0200 - -libxalan2-java (2.6.0-6) unstable; urgency=low - - * kaffe compiler transition - + Removed build.compiler jikes setting - + Applied patch (02_BuildXml_Target.patch) to raise target (needed by ecj) - * Workaround a xml entity problem during build until resolved upstream - + Add fixed_characters.ent file into debian directory (we cannot patch) - + Add build.xml patch to copy this file into place when needed - * Removed Takashi from Uploaders - * Fixed dpkg-genchanges warning: missing Section for source files - - -- Wolfgang Baer <[email protected]> Tue, 17 Jan 2006 12:30:34 +0100 - -libxalan2-java (2.6.0-5) unstable; urgency=low - - * libant1.6-java to ant transition - * Registered javadocs with doc-base - - -- Wolfgang Baer <[email protected]> Sat, 24 Sep 2005 09:41:25 +0200 - -libxalan2-java (2.6.0-4) unstable; urgency=low - - * Upload to get .orig.tar.gz back (got lost due to #232730) - (Closes: #323518) - * Reintroduce headless-building patch to get apidocs built again (accidently - lost in -2) - * Update policy compliance to 3.6.2 (no changes needed) - - -- Jeroen van Wolffelaar <[email protected]> Wed, 17 Aug 2005 11:55:49 +0200 - -libxalan2-java (2.6.0-3) unstable; urgency=low - - * uploaded to unstable - * added myself as an uploader - - -- Arnaud Vandyck <[email protected]> Wed, 15 Jun 2005 11:03:03 +0200 - -libxalan2-java (2.6.0-2) experimental; urgency=low - - * Build with kaffe / jikes / gjdoc - * Move to main - together with libbsf-java (depending on each other) - (closes: #306633) as non-free JDKs are no longer needed - * Adjusted build dependencies: - + libant1.6-java to versioned dependency >= 1.6.3-1 - + added libjaxp1.2-java (needed in bootclasspath for compilation) - jaxp1.2.jar is added to the ant.properties for correct bootclasspath - + added kaffe (>= 2:1.1.5-1) needed for build - * Disabled the transformation of the manual until kaffe's cairo - Graphics2D backend will be activated - see README.Debian (added) - * Don't ship built samples.jar in doc package - source is enough - * Changed Build-Depends to Build-Depends-Indep to fix lintian warning - * Patched build.xml file (01_Build_xml.patch) - + Added maxmemory="256m" to javadoc target - + Commented taglet option out - not usable with gjdoc - - -- Wolfgang Baer <[email protected]> Sat, 19 Mar 2005 14:54:04 +0100 - -libxalan2-java (2.6.0-1) unstable; urgency=low - - * New upstream release - * Don't ship xml-apis.jar any longer since its contents are equal to - xmlParserAPIs.jar from libxerces2-java - * Use Xerces 2.0 Ant 1.6 during build - * Don't install versioned JARs in /usr/share/java since this package has - no API itself - - -- Stefan Gybas <[email protected]> Sun, 14 Mar 2004 18:35:28 +0100 - -libxalan2-java (2.5.1-1) unstable; urgency=low - - * New upstream release (closes: #199885) - * Set maintainer to Debian Java Maintainers - * Converted debian/rules to CDBS - * Standards-Version: 3.6.1 - + Changed Build-Depends-Indep to Build-Depends - - -- Stefan Gybas <[email protected]> Fri, 17 Oct 2003 18:32:11 +0200 - -libxalan2-java (2.5.0-1) unstable; urgency=low - - * New upstream release (closes: #192631) - * Built using Blackdown's JDK 1.4 instead of the converted RPM from Sun - * Standards-Version: 3.5.10 (no changes required) - - -- Stefan Gybas <[email protected]> Mon, 19 May 2003 17:36:25 +0200 - -libxalan2-java (2.4.1-1) unstable; urgency=low - - * New upstream release - * Standards-Version: 3.5.8 (no changes required) - - -- Stefan Gybas <[email protected]> Mon, 27 Jan 2003 15:18:18 +0100 - -libxalan2-java (2.4.0-1) unstable; urgency=low - - * New upstream release - * Build with the latest Ant version - * Build with debhelper >= 4.1.0 to get rid of /usr/doc compatibility - symlinks - * Standards-Version: 3.5.7 - - -- Stefan Gybas <[email protected]> Wed, 18 Sep 2002 13:10:14 +0200 - -libxalan2-java (2.3.99D1-2) unstable; urgency=low - - * Build XSLTC and put the JAR in the new libxsltc-java package. Thanks to - Takashi Okamoto for updating his libbcel-java package! - * Drop the libxalan2-java-servlet package, the sources for the servlet - classes and the compiled examples are now included in libxalan2-java-doc. - * Update package descriptions - * Reformatted the previous changelog entry to a maximum of 79 characters per - line. - - -- Stefan Gybas <[email protected]> Wed, 10 Jul 2002 15:42:03 +0200 - -libxalan2-java (2.3.99D1-1) unstable; urgency=low - - * New maintainer - * New upstream release: 2.4.D1 - * Include missing classes from jaxax.xml.transform in xml-apis.jar like - upstream does (closes: #145649) - This is only a temporary solution: The classes from xml-apis.jar have been - moved into a separate project at xml.apache.org so they should be built - from a separate Debian package in main. - * Build the package with Xerces-J 2.0 like upstream does - * Use JDK 1.4 to build the package so we can create the HTML documentation - without the need for an X11 display - * Use debhelper V4 - * Standards-Version: 3.5.6 (no changes required) - * Add build dependency on libregexp-java, libbcel-java, jlex and cup for - XSLTC - * Correct dependencies of the binary packages - * Remove emacs settings from changelog - * Include the generated HTML documentation in libxalan2-java-doc and remove - the compiled examples from there - * XSLTC is not yet built because is requires a newer version of - libbcel-java. Its documentation is already included in the - libxalan2-java-doc packages, however. - - -- Stefan Gybas <[email protected]> Wed, 3 Jul 2002 17:05:17 +0200 - -libxalan2-java (2.3.1-1) unstable; urgency=low - - * New upstream release. - * By some strange reason the max kellerman fixes was not uploaded - but now it really should be available, closes: #99413. - - -- Ola Lundqvist <[email protected]> Tue, 19 Mar 2002 21:59:37 +0100 - -libxalan2-java (2.1.0-2) unstable; urgency=low - - * added java2-runtime to Depends line. - * xalanj1compat.jar now goes into package libxalan2-java-compat. - - -- Max Kellermann <[email protected]> Sat, 15 Dec 2001 22:45:22 +0100 - -libxalan2-java (2.1.0-1) unstable; urgency=low - - * New upstream release - * Fixed broken symlink, closes: #99413. - * New binary package lib-xalan-java-servlet - * Calls ant directly instead of build.sh - * Updated dependencies - - -- Max Kellermann <[email protected]> Wed, 7 Nov 2001 19:25:45 +0100 - -libxalan2-java (2.0.1-1) unstable; urgency=low - - * Initial Release, closes: #90452. - - -- Ola Lundqvist <[email protected]> Mon, 16 Apr 2001 10:43:37 +0200 Copied: tags/libxalan2-java/2.7.1-9/debian/changelog (from rev 17944, trunk/libxalan2-java/debian/changelog) =================================================================== --- tags/libxalan2-java/2.7.1-9/debian/changelog (rev 0) +++ tags/libxalan2-java/2.7.1-9/debian/changelog 2014-03-25 16:18:21 UTC (rev 17949) @@ -0,0 +1,335 @@ +libxalan2-java (2.7.1-9) unstable; urgency=high + + * Team upload. + * Fix CVE-2014-0107: Strengthen the secure processing mode by disabling + external general entities, foreign attributes and access to the system + properties. This could be exploited to execute arbitrary code remotely. + (Closes: #742577) + * debian/control: + - Standards-Version updated to 3.9.5 (no changes) + - Use canonical URLs for the Vcs-* fields + - Updated the Homepage field + - Removed the duplicate Section fields + * Switch to debhelper level 9 + * debian/rules: Improved the clean target + + -- Emmanuel Bourg <[email protected]> Tue, 25 Mar 2014 15:22:35 +0100 + +libxalan2-java (2.7.1-8) unstable; urgency=low + + [ Miguel Landaeta ] + * Team upload. + * Remove Michael Koch from Uploaders list. + Thanks for the work on this package. (Closes: #654100). + * Ensure backwards compatible bytecode is build (LP: #1049794): + - d/ant.properties: Specify source/target = 1.5 when compiling + Java source code. Thanks to James Page for the patch. (Closes: #688208). + + [ tony mancill ] + * Bump Standards-Version to 3.9.4. No changes were required. + + -- tony mancill <[email protected]> Wed, 29 May 2013 20:57:50 -0700 + +libxalan2-java (2.7.1-7) unstable; urgency=low + + [Jakub Adam] + * Add OSGi metadata to jar manifest + * Add javahelper to Build-Depends + * Add Jakub Adam to Uploaders. + * Require libstylebook-java (>> 1.0~b3~svn20061109-4) in Build-Depends + because of FTBFS with this version. + + [tony mancill] + * Drop recommends on -gcj packages. (Closes: #651047) + - Thanks to Martin Pitt. + * Update Vcs-Svn URL. + * Bump standards version to 3.9.2 (no changes). + + -- Jakub Adam <[email protected]> Sat, 26 Nov 2011 21:10:08 +0100 + +libxalan2-java (2.7.1-6) unstable; urgency=low + + * Team upload + * Do no longer build the *-gcj packages. + * Remove Arnaud from Uploaders list. + * Switch to source format 3.0. + + -- Torsten Werner <[email protected]> Wed, 17 Aug 2011 18:01:33 +0200 + +libxalan2-java (2.7.1-5) unstable; urgency=low + + * Upload to unstable. + + -- Torsten Werner <[email protected]> Sun, 09 Aug 2009 12:44:05 +0200 + +libxalan2-java (2.7.1-4) experimental; urgency=low + + * Bump up Standards-Version to 3.8.2 + * Move api documentation to /usr/share/doc/libxalan2-java/api + * Change section to java for all Java binary packages + * Install serializer.jar in /usr/share/java as it was + done in 2.7.1-2 + * Migrate the patch to quilt and update it + * Remove JLex.jar from the source tarball and use the Debian + version for the build. + * Include the dependent jars (java_cup, JLex, bcel) from the + Debian distribution into xalan.jar + + -- Ludovic Claude <[email protected]> Mon, 13 Jul 2009 23:43:51 +0100 + +libxalan2-java (2.7.1-3) experimental; urgency=low + + * Change section to java, bump up Standards-Version to 3.8.1 + * Remove the link from /usr/share/java/jaxp-1.3.jar to + /usr/share/java/xml-apis.jar as it is better to add it to the + libjaxp-1.3-java package. + * Add the Maven POM to the package, + * Add a Build-Depends dependency on maven-repo-helper + * Use mh_installpom and mh_installjar to install the POM and the jar to the + Maven repository + * Add ${misc:Depends} to Depends to clear Lintian warnings + * Remove full text of Apache 2 license from copyright + + -- Ludovic Claude <[email protected]> Fri, 08 May 2009 13:42:36 +0100 + +libxalan2-java (2.7.1-2) unstable; urgency=low + + * Build-Depends on default-jdk-builddep. Closes: #477893 + * Clarified debian/copyright. + * Don't use '-1' in Build-Depends. + * Updated watch file to match upstream correctly. + + -- Michael Koch <[email protected]> Sun, 27 Apr 2008 10:20:03 -0100 + +libxalan2-java (2.7.1-1) unstable; urgency=low + + * New upstream release. + * Fixed path to xmlParserAPIs.jar in debian/ant.properties. + * Added Homepage field. + * Renamed XS-Vcs-Svn fielt to Vcs-Svn and XS-Vcs-Browse to Vcs-Browser. + * Updated Standards-Version to 3.7.3. + * Added myself to Uploaders. + + -- Michael Koch <[email protected]> Tue, 01 Jan 2008 14:33:39 +0100 + +libxalan2-java (2.7.0-5) unstable; urgency=low + + * debian/control: removed Stefan Gybas, Wolfgang Baer and Jeroen van + Wolffelaar from uploaders. + * generate the doc with stylebook (closes: #402556). + + -- Arnaud Vandyck <[email protected]> Mon, 16 Jul 2007 11:07:20 +0200 + +libxalan2-java (2.7.0-4) unstable; urgency=medium + + * libxalan2-java-gcj: Depend on libjaxp1.3-java. Closes: #408729. + + -- Matthias Klose <[email protected]> Wed, 14 Feb 2007 03:07:11 +0100 + +libxalan2-java (2.7.0-3) unstable; urgency=low + + * Merge from Ubuntu: + - build libxalan2-java-gcj and libxsltc-java-gcj packages. + + -- Matthias Klose <[email protected]> Thu, 4 Jan 2007 08:48:22 +0100 + +libxalan2-java (2.7.0-2) UNRELEASED; urgency=low + + [ Arnaud Vandyck ] + * debian/watch: added + + [ Marcus Better ] + * Remove dangling index.html symlink until we can build proper HTML + documentation. (Closes: #402529) + * debian/control: Add XS-Vcs-* fields and Homepage lines. + + -- Marcus Better <[email protected]> Mon, 11 Dec 2006 10:57:00 +0100 + +libxalan2-java (2.7.0-1) unstable; urgency=low + + * debian/rules: Also install serializer.jar. (Closes: #390148) + * debian/control: Added myself as uploader. + * debian/control: Changed duplicate Build-Depends-Indep to Build-Depends. + * Bumped compatibility level to 5. + + -- Marcus Better <[email protected]> Tue, 17 Oct 2006 14:27:25 +0200 + +libxalan2-java (2.7.0-0) experimental; urgency=low + + * New upstream. + * Standards-Version updated to 3.7.2, moved cdbs and debhelper to + Build-Depends. + + -- Arnaud Vandyck <[email protected]> Mon, 3 Jul 2006 13:33:15 +0200 + +libxalan2-java (2.6.0-6) unstable; urgency=low + + * kaffe compiler transition + + Removed build.compiler jikes setting + + Applied patch (02_BuildXml_Target.patch) to raise target (needed by ecj) + * Workaround a xml entity problem during build until resolved upstream + + Add fixed_characters.ent file into debian directory (we cannot patch) + + Add build.xml patch to copy this file into place when needed + * Removed Takashi from Uploaders + * Fixed dpkg-genchanges warning: missing Section for source files + + -- Wolfgang Baer <[email protected]> Tue, 17 Jan 2006 12:30:34 +0100 + +libxalan2-java (2.6.0-5) unstable; urgency=low + + * libant1.6-java to ant transition + * Registered javadocs with doc-base + + -- Wolfgang Baer <[email protected]> Sat, 24 Sep 2005 09:41:25 +0200 + +libxalan2-java (2.6.0-4) unstable; urgency=low + + * Upload to get .orig.tar.gz back (got lost due to #232730) + (Closes: #323518) + * Reintroduce headless-building patch to get apidocs built again (accidently + lost in -2) + * Update policy compliance to 3.6.2 (no changes needed) + + -- Jeroen van Wolffelaar <[email protected]> Wed, 17 Aug 2005 11:55:49 +0200 + +libxalan2-java (2.6.0-3) unstable; urgency=low + + * uploaded to unstable + * added myself as an uploader + + -- Arnaud Vandyck <[email protected]> Wed, 15 Jun 2005 11:03:03 +0200 + +libxalan2-java (2.6.0-2) experimental; urgency=low + + * Build with kaffe / jikes / gjdoc + * Move to main - together with libbsf-java (depending on each other) + (closes: #306633) as non-free JDKs are no longer needed + * Adjusted build dependencies: + + libant1.6-java to versioned dependency >= 1.6.3-1 + + added libjaxp1.2-java (needed in bootclasspath for compilation) + jaxp1.2.jar is added to the ant.properties for correct bootclasspath + + added kaffe (>= 2:1.1.5-1) needed for build + * Disabled the transformation of the manual until kaffe's cairo + Graphics2D backend will be activated - see README.Debian (added) + * Don't ship built samples.jar in doc package - source is enough + * Changed Build-Depends to Build-Depends-Indep to fix lintian warning + * Patched build.xml file (01_Build_xml.patch) + + Added maxmemory="256m" to javadoc target + + Commented taglet option out - not usable with gjdoc + + -- Wolfgang Baer <[email protected]> Sat, 19 Mar 2005 14:54:04 +0100 + +libxalan2-java (2.6.0-1) unstable; urgency=low + + * New upstream release + * Don't ship xml-apis.jar any longer since its contents are equal to + xmlParserAPIs.jar from libxerces2-java + * Use Xerces 2.0 Ant 1.6 during build + * Don't install versioned JARs in /usr/share/java since this package has + no API itself + + -- Stefan Gybas <[email protected]> Sun, 14 Mar 2004 18:35:28 +0100 + +libxalan2-java (2.5.1-1) unstable; urgency=low + + * New upstream release (closes: #199885) + * Set maintainer to Debian Java Maintainers + * Converted debian/rules to CDBS + * Standards-Version: 3.6.1 + + Changed Build-Depends-Indep to Build-Depends + + -- Stefan Gybas <[email protected]> Fri, 17 Oct 2003 18:32:11 +0200 + +libxalan2-java (2.5.0-1) unstable; urgency=low + + * New upstream release (closes: #192631) + * Built using Blackdown's JDK 1.4 instead of the converted RPM from Sun + * Standards-Version: 3.5.10 (no changes required) + + -- Stefan Gybas <[email protected]> Mon, 19 May 2003 17:36:25 +0200 + +libxalan2-java (2.4.1-1) unstable; urgency=low + + * New upstream release + * Standards-Version: 3.5.8 (no changes required) + + -- Stefan Gybas <[email protected]> Mon, 27 Jan 2003 15:18:18 +0100 + +libxalan2-java (2.4.0-1) unstable; urgency=low + + * New upstream release + * Build with the latest Ant version + * Build with debhelper >= 4.1.0 to get rid of /usr/doc compatibility + symlinks + * Standards-Version: 3.5.7 + + -- Stefan Gybas <[email protected]> Wed, 18 Sep 2002 13:10:14 +0200 + +libxalan2-java (2.3.99D1-2) unstable; urgency=low + + * Build XSLTC and put the JAR in the new libxsltc-java package. Thanks to + Takashi Okamoto for updating his libbcel-java package! + * Drop the libxalan2-java-servlet package, the sources for the servlet + classes and the compiled examples are now included in libxalan2-java-doc. + * Update package descriptions + * Reformatted the previous changelog entry to a maximum of 79 characters per + line. + + -- Stefan Gybas <[email protected]> Wed, 10 Jul 2002 15:42:03 +0200 + +libxalan2-java (2.3.99D1-1) unstable; urgency=low + + * New maintainer + * New upstream release: 2.4.D1 + * Include missing classes from jaxax.xml.transform in xml-apis.jar like + upstream does (closes: #145649) + This is only a temporary solution: The classes from xml-apis.jar have been + moved into a separate project at xml.apache.org so they should be built + from a separate Debian package in main. + * Build the package with Xerces-J 2.0 like upstream does + * Use JDK 1.4 to build the package so we can create the HTML documentation + without the need for an X11 display + * Use debhelper V4 + * Standards-Version: 3.5.6 (no changes required) + * Add build dependency on libregexp-java, libbcel-java, jlex and cup for + XSLTC + * Correct dependencies of the binary packages + * Remove emacs settings from changelog + * Include the generated HTML documentation in libxalan2-java-doc and remove + the compiled examples from there + * XSLTC is not yet built because is requires a newer version of + libbcel-java. Its documentation is already included in the + libxalan2-java-doc packages, however. + + -- Stefan Gybas <[email protected]> Wed, 3 Jul 2002 17:05:17 +0200 + +libxalan2-java (2.3.1-1) unstable; urgency=low + + * New upstream release. + * By some strange reason the max kellerman fixes was not uploaded + but now it really should be available, closes: #99413. + + -- Ola Lundqvist <[email protected]> Tue, 19 Mar 2002 21:59:37 +0100 + +libxalan2-java (2.1.0-2) unstable; urgency=low + + * added java2-runtime to Depends line. + * xalanj1compat.jar now goes into package libxalan2-java-compat. + + -- Max Kellermann <[email protected]> Sat, 15 Dec 2001 22:45:22 +0100 + +libxalan2-java (2.1.0-1) unstable; urgency=low + + * New upstream release + * Fixed broken symlink, closes: #99413. + * New binary package lib-xalan-java-servlet + * Calls ant directly instead of build.sh + * Updated dependencies + + -- Max Kellermann <[email protected]> Wed, 7 Nov 2001 19:25:45 +0100 + +libxalan2-java (2.0.1-1) unstable; urgency=low + + * Initial Release, closes: #90452. + + -- Ola Lundqvist <[email protected]> Mon, 16 Apr 2001 10:43:37 +0200 Deleted: tags/libxalan2-java/2.7.1-9/debian/compat =================================================================== --- trunk/libxalan2-java/debian/compat 2014-03-25 05:20:06 UTC (rev 17938) +++ tags/libxalan2-java/2.7.1-9/debian/compat 2014-03-25 16:18:21 UTC (rev 17949) @@ -1,2 +0,0 @@ -5 - Copied: tags/libxalan2-java/2.7.1-9/debian/compat (from rev 17939, trunk/libxalan2-java/debian/compat) =================================================================== --- tags/libxalan2-java/2.7.1-9/debian/compat (rev 0) +++ tags/libxalan2-java/2.7.1-9/debian/compat 2014-03-25 16:18:21 UTC (rev 17949) @@ -0,0 +1,2 @@ +9 + Deleted: tags/libxalan2-java/2.7.1-9/debian/control =================================================================== --- trunk/libxalan2-java/debian/control 2014-03-25 05:20:06 UTC (rev 17938) +++ tags/libxalan2-java/2.7.1-9/debian/control 2014-03-25 16:18:21 UTC (rev 17949) @@ -1,51 +0,0 @@ -Source: libxalan2-java -Section: java -Priority: optional -Maintainer: Debian Java Maintainers <[email protected]> -Uploaders: Marcus Better <[email protected]>, Matthias Klose <[email protected]>, - Jakub Adam <[email protected]> -Build-Depends: debhelper (>= 5.0.0), cdbs (>= 0.4.8), default-jdk, - ant (>= 1.6.3), - maven-repo-helper, libxerces2-java (>= 2.8.0), libbsf-java, javahelper, - libregexp-java, libbcel-java (>= 5.0), jlex, cup, libjaxp1.3-java, - libstylebook-java (>> 1.0~b3~svn20061109-4) -Standards-Version: 3.9.4 -Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/libxalan2-java -Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/libxalan2-java/ -Homepage: http://xml.apache.org/xalan-j/ - -Package: libxalan2-java -Architecture: all -Section: java -Depends: ${misc:Depends}, libjaxp1.3-java, libxerces2-java (>= 2.8.0) -Suggests: libxalan2-java-doc, libbsf-java, libxsltc-java -Description: XSL Transformations (XSLT) processor in Java - Xalan-Java is an XSLT processor for transforming XML documents into HTML, - text, or other XML document types. It implements the W3C Recommendations for - XSL Transformations (XSLT) and the XML Path Language (XPath). It can be used - from the command line, in an applet or a servlet, or as a module in other - programs. - -Package: libxsltc-java -Architecture: all -Section: java -Depends: ${misc:Depends}, libxalan2-java, libregexp-java, libbcel-java (>= 5.0), jlex, cup -Description: XSL Transformations (XSLT) compiler from Xalan-Java - XSLTC provides a compiler and a runtime processor. Use the compiler to - compile an XSL stylesheet into a translet (i.e. a set of Java classes). - Use the runtime processor to apply the translet to an XML document and - perform a transformation. XSLTC is part of the Xalan-Java project. - -Package: libxalan2-java-doc -Architecture: all -Depends: ${misc:Depends} -Section: doc -Description: Documentation and examples for the Xalan-Java XSLT processor - Xalan-Java is an XSLT processor for transforming XML documents into HTML, - text, or other XML document types. It implements the W3C Recommendations for - XSL Transformations (XSLT) and the XML Path Language (XPath). It can be used - from the command line, in an applet or a servlet, or as a module in other - programs. - . - This package contains documentation in HTML format and some Java source - code examples. Copied: tags/libxalan2-java/2.7.1-9/debian/control (from rev 17939, trunk/libxalan2-java/debian/control) =================================================================== --- tags/libxalan2-java/2.7.1-9/debian/control (rev 0) +++ tags/libxalan2-java/2.7.1-9/debian/control 2014-03-25 16:18:21 UTC (rev 17949) @@ -0,0 +1,59 @@ +Source: libxalan2-java +Section: java +Priority: optional +Maintainer: Debian Java Maintainers <[email protected]> +Uploaders: Marcus Better <[email protected]>, + Matthias Klose <[email protected]>, + Jakub Adam <[email protected]> +Build-Depends: ant (>= 1.6.3), + cdbs (>= 0.4.8), + cup, + debhelper (>= 9), + default-jdk, + javahelper, + jlex, + libbcel-java (>= 5.0), + libbsf-java, + libjaxp1.3-java, + libregexp-java, + libstylebook-java (>> 1.0~b3~svn20061109-4), + libxerces2-java (>= 2.8.0), + maven-repo-helper +Standards-Version: 3.9.5 +Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/libxalan2-java +Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/libxalan2-java/ +Homepage: http://xalan.apache.org/xalan-j/ + +Package: libxalan2-java +Architecture: all +Depends: ${misc:Depends}, libjaxp1.3-java, libxerces2-java (>= 2.8.0) +Suggests: libxalan2-java-doc, libbsf-java, libxsltc-java +Description: XSL Transformations (XSLT) processor in Java + Xalan-Java is an XSLT processor for transforming XML documents into HTML, + text, or other XML document types. It implements the W3C Recommendations for + XSL Transformations (XSLT) and the XML Path Language (XPath). It can be used + from the command line, in an applet or a servlet, or as a module in other + programs. + +Package: libxsltc-java +Architecture: all +Depends: ${misc:Depends}, libxalan2-java, libregexp-java, libbcel-java (>= 5.0), jlex, cup +Description: XSL Transformations (XSLT) compiler from Xalan-Java + XSLTC provides a compiler and a runtime processor. Use the compiler to + compile an XSL stylesheet into a translet (i.e. a set of Java classes). + Use the runtime processor to apply the translet to an XML document and + perform a transformation. XSLTC is part of the Xalan-Java project. + +Package: libxalan2-java-doc +Architecture: all +Depends: ${misc:Depends} +Section: doc +Description: Documentation and examples for the Xalan-Java XSLT processor + Xalan-Java is an XSLT processor for transforming XML documents into HTML, + text, or other XML document types. It implements the W3C Recommendations for + XSL Transformations (XSLT) and the XML Path Language (XPath). It can be used + from the command line, in an applet or a servlet, or as a module in other + programs. + . + This package contains documentation in HTML format and some Java source + code examples. Copied: tags/libxalan2-java/2.7.1-9/debian/patches/CVE-2014-0107.patch (from rev 17941, trunk/libxalan2-java/debian/patches/CVE-2014-0107.patch) =================================================================== --- tags/libxalan2-java/2.7.1-9/debian/patches/CVE-2014-0107.patch (rev 0) +++ tags/libxalan2-java/2.7.1-9/debian/patches/CVE-2014-0107.patch 2014-03-25 16:18:21 UTC (rev 17949) @@ -0,0 +1,124 @@ +Description: Fix for CVE-2014-0107: Strengthen the secure processing mode by + disabling external general entities, foreign attributes and access to the + system properties. This could be exploited to execute arbitrary code remotely. +Origin: https://svn.apache.org/r1581058 +Bug-Debian: https://bugs.debian.org/742577 +--- a/src/org/apache/xalan/transformer/TransformerImpl.java ++++ b/src/org/apache/xalan/transformer/TransformerImpl.java +@@ -438,7 +438,9 @@ + try + { + if (sroot.getExtensions() != null) +- m_extensionsTable = new ExtensionsTable(sroot); ++ //only load extensions if secureProcessing is disabled ++ if(!sroot.isSecureProcessing()) ++ m_extensionsTable = new ExtensionsTable(sroot); + } + catch (javax.xml.transform.TransformerException te) + {te.printStackTrace();} +--- a/src/org/apache/xalan/processor/XSLTElementProcessor.java ++++ b/src/org/apache/xalan/processor/XSLTElementProcessor.java +@@ -338,17 +338,29 @@ + } + else + { +- // Can we switch the order here: +- +- boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName, +- attributes.getQName(i), attributes.getValue(i), +- target); +- +- // Now we only add the element if it passed a validation check +- if (success) +- processedDefs.add(attrDef); ++ //handle secure processing ++ if(attrDef.getName().compareTo("*")==0 && handler.getStylesheetProcessor().isSecureProcessing()) ++ { ++ //foreign attributes are not allowed in secure processing mode ++ // Then barf, because this element does not allow this attribute. ++ handler.error(XSLTErrorResources.ER_ATTR_NOT_ALLOWED, new Object[]{attributes.getQName(i), rawName}, null);//"\""+attributes.getQName(i)+"\"" ++ //+ " attribute is not allowed on the " + rawName ++ // + " element!", null); ++ } + else +- errorDefs.add(attrDef); ++ { ++ ++ ++ boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName, ++ attributes.getQName(i), attributes.getValue(i), ++ target); ++ ++ // Now we only add the element if it passed a validation check ++ if (success) ++ processedDefs.add(attrDef); ++ else ++ errorDefs.add(attrDef); ++ } + } + } + +--- a/src/org/apache/xalan/processor/TransformerFactoryImpl.java ++++ b/src/org/apache/xalan/processor/TransformerFactoryImpl.java +@@ -335,6 +335,10 @@ + reader = XMLReaderFactory.createXMLReader(); + } + ++ if(m_isSecureProcessing) ++ { ++ reader.setFeature("http://xml.org/sax/features/external-general-entities",false); ++ } + // Need to set options! + reader.setContentHandler(handler); + reader.parse(isource); +--- a/src/org/apache/xpath/functions/FuncSystemProperty.java ++++ b/src/org/apache/xpath/functions/FuncSystemProperty.java +@@ -58,7 +58,7 @@ + + String fullName = m_arg0.execute(xctxt).str(); + int indexOfNSSep = fullName.indexOf(':'); +- String result; ++ String result = null; + String propName = ""; + + // List of properties where the name of the +@@ -98,8 +98,17 @@ + + try + { +- result = System.getProperty(propName); +- ++ //if secure procession is enabled only handle required properties do not not map any valid system property ++ if(!xctxt.isSecureProcessing()) ++ { ++ result = System.getProperty(propName); ++ } ++ else ++ { ++ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION, ++ new Object[]{ propName }); //"SecurityException when trying to access XSL system property: "+propName); ++ result = xsltInfo.getProperty(propName); ++ } + if (null == result) + { + +@@ -120,8 +129,17 @@ + { + try + { +- result = System.getProperty(fullName); +- ++ //if secure procession is enabled only handle required properties do not not map any valid system property ++ if(!xctxt.isSecureProcessing()) ++ { ++ result = System.getProperty(fullName); ++ } ++ else ++ { ++ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION, ++ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName); ++ result = xsltInfo.getProperty(fullName); ++ } + if (null == result) + { + Deleted: tags/libxalan2-java/2.7.1-9/debian/patches/series =================================================================== --- trunk/libxalan2-java/debian/patches/series 2014-03-25 05:20:06 UTC (rev 17938) +++ tags/libxalan2-java/2.7.1-9/debian/patches/series 2014-03-25 16:18:21 UTC (rev 17949) @@ -1,2 +0,0 @@ -build.patch - Copied: tags/libxalan2-java/2.7.1-9/debian/patches/series (from rev 17941, trunk/libxalan2-java/debian/patches/series) =================================================================== --- tags/libxalan2-java/2.7.1-9/debian/patches/series (rev 0) +++ tags/libxalan2-java/2.7.1-9/debian/patches/series 2014-03-25 16:18:21 UTC (rev 17949) @@ -0,0 +1,2 @@ +build.patch +CVE-2014-0107.patch Deleted: tags/libxalan2-java/2.7.1-9/debian/rules =================================================================== --- trunk/libxalan2-java/debian/rules 2014-03-25 05:20:06 UTC (rev 17938) +++ tags/libxalan2-java/2.7.1-9/debian/rules 2014-03-25 16:18:21 UTC (rev 17949) @@ -1,49 +0,0 @@ -#!/usr/bin/make -f -# debian/rules file for libxalan2-java (uses cdbs) - -include /usr/share/cdbs/1/rules/debhelper.mk -include /usr/share/cdbs/1/class/javahelper.mk -include /usr/share/cdbs/1/class/ant.mk - -PACKAGE := $(DEB_SOURCE_PACKAGE) -VERSION := $(DEB_UPSTREAM_VERSION) -JAVA_HOME := /usr/lib/jvm/default-java -ANT_HOME := /usr/share/ant - -ANT_OPTS := -Dgnu.java.awt.peer.gtk.Graphics=Graphics2D -DEB_JARS := xml-apis xercesImpl bsf bcel cup regexp stylebook JLex - -DEB_ANT_CLEAN_TARGET := clean xsltc.clean -DEB_ANT_BUILD_TARGET := jar xsltc.unbundledjar javadocs docs - -clean:: - rm -f xdocs/sources/xalan/*DONE XSLTCDONE - rm -f lib/BCEL.jar lib/regexp.jar - -pre-build:: - rm -f lib/BCEL.jar lib/regexp.jar - ln -s /usr/share/java/bcel.jar lib/BCEL.jar - ln -s /usr/share/java/regexp.jar lib/regexp.jar - -install/libxalan2-java:: - mh_installpoms -p$(PACKAGE); - mh_installjar -p$(PACKAGE) -l --usj-name=xalan2 debian/xalan.pom build/xalan.jar - mh_installjar -p$(PACKAGE) -l debian/serializer.pom build/serializer.jar - -install/libxsltc-java:: - install -m 644 build/xsltc.jar debian/libxsltc-java/usr/share/java/xsltc.jar - -install/libxalan2-java-doc:: - # install the javadocs into api directory - install -d $(CURDIR)/debian/libxalan2-java-doc/usr/share/doc/libxalan2-java/api/ - cp -a build/docs/apidocs/* $(CURDIR)/debian/libxalan2-java-doc/usr/share/doc/libxalan2-java/api/ - # make lintian happy and remove zero-byte files - rm -Rf $(CURDIR)/samples/extensions/instantdb/tables - -get-orig-source: - -uscan --download-version $(DEB_UPSTREAM_VERSION) --force-download --rename --repack - -get-orig-pom: - wget -O debian/xalan.pom http://repository.sonatype.org/service/local/repositories/central/content/xalan/xalan/$(VERSION)/xalan-$(VERSION).pom - wget -O debian/serializer.pom http://repository.sonatype.org/service/local/repositories/central/content/xalan/serializer/$(VERSION)/serializer-$(VERSION).pom - Copied: tags/libxalan2-java/2.7.1-9/debian/rules (from rev 17940, trunk/libxalan2-java/debian/rules) =================================================================== --- tags/libxalan2-java/2.7.1-9/debian/rules (rev 0) +++ tags/libxalan2-java/2.7.1-9/debian/rules 2014-03-25 16:18:21 UTC (rev 17949) @@ -0,0 +1,50 @@ +#!/usr/bin/make -f +# debian/rules file for libxalan2-java (uses cdbs) + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/javahelper.mk +include /usr/share/cdbs/1/class/ant.mk + +PACKAGE := $(DEB_SOURCE_PACKAGE) +VERSION := $(DEB_UPSTREAM_VERSION) +JAVA_HOME := /usr/lib/jvm/default-java +ANT_HOME := /usr/share/ant + +ANT_OPTS := -Dgnu.java.awt.peer.gtk.Graphics=Graphics2D +DEB_JARS := xml-apis xercesImpl bsf bcel cup regexp stylebook JLex + +DEB_ANT_CLEAN_TARGET := clean xsltc.clean +DEB_ANT_BUILD_TARGET := jar xsltc.unbundledjar javadocs docs + +clean:: + rm -f xdocs/sources/xalan/*DONE XSLTCDONE + rm -f lib/BCEL.jar lib/regexp.jar + mh_clean + +pre-build:: + rm -f lib/BCEL.jar lib/regexp.jar + ln -s /usr/share/java/bcel.jar lib/BCEL.jar + ln -s /usr/share/java/regexp.jar lib/regexp.jar + +install/libxalan2-java:: + mh_installpoms -p$(PACKAGE); + mh_installjar -p$(PACKAGE) -l --usj-name=xalan2 debian/xalan.pom build/xalan.jar + mh_installjar -p$(PACKAGE) -l debian/serializer.pom build/serializer.jar + +install/libxsltc-java:: + install -m 644 build/xsltc.jar debian/libxsltc-java/usr/share/java/xsltc.jar + +install/libxalan2-java-doc:: + # install the javadocs into api directory + install -d $(CURDIR)/debian/libxalan2-java-doc/usr/share/doc/libxalan2-java/api/ + cp -a build/docs/apidocs/* $(CURDIR)/debian/libxalan2-java-doc/usr/share/doc/libxalan2-java/api/ + # make lintian happy and remove zero-byte files + rm -Rf $(CURDIR)/samples/extensions/instantdb/tables + +get-orig-source: + -uscan --download-version $(DEB_UPSTREAM_VERSION) --force-download --rename --repack + +get-orig-pom: + wget -O debian/xalan.pom http://repository.sonatype.org/service/local/repositories/central/content/xalan/xalan/$(VERSION)/xalan-$(VERSION).pom + wget -O debian/serializer.pom http://repository.sonatype.org/service/local/repositories/central/content/xalan/serializer/$(VERSION)/serializer-$(VERSION).pom + _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
