commons-httpclient (3.1-10.2+deb7u2) wheezy; urgency=high * Team upload. * Add CVE-2015-5262.patch. Fix CVE-2015-5262 jakarta-commons-httpclient: https calls ignore http.socket.timeout during SSL Handshake. (Closes: #798650) -- Markus Koschany Sat, 02 Jan 2016 04:58:40 +0100 commons-httpclient (3.1-10.2+deb7u1) wheezy; urgency=high * Team upload. * Add CVE-2014-3577.patch. (Closes: #758086) It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The fix for CVE-2012-6153 was intended to address the incomplete patch for CVE-2012-5783. The issue is now completely resolved by applying this patch and the 06_fix_CVE-2012-5783.patch. * Change java.source and java.target ant properties to 1.5, otherwise commons-httpclient will not compile with this patch. -- Markus Koschany Wed, 15 Apr 2015 21:24:48 +0200 commons-httpclient (3.1-10.2) unstable; urgency=low * Non-maintainer upload. * Fix CVE-2012-5783 (Closes: #692442) * Fix CN extraction from DN of X500 principal. * Fix wildcard validation on ssl connections -- Alberto Fernández Martínez Thu, 6 Dec 2012 14:28:00 +0100 commons-httpclient (3.1-10.1) unstable; urgency=low * Non-maintainer upload. * Fix CVE-2012-5783 (Closes: #692442) -- Alberto Fernández Martínez Wed, 5 Dec 2012 17:28:00 +0100 commons-httpclient (3.1-10) unstable; urgency=low [ Damien Raude-Morvan ] * Remove Arnaud Vandyck from Uploaders * d/control: Drop Depends on any JRE as a Java library don't need to depends on a runtime (Java Policy) [ Torsten Werner ] * Switch to source format 3.0. * Update Standards-Version: 3.9.1. * Remove Barry from Uploaders list. -- Torsten Werner Tue, 30 Aug 2011 11:47:01 +0200 commons-httpclient (3.1-9) unstable; urgency=low * Add myself to Uploaders * Use quilt as patch system - Build-Depends on quilt - Add debian/README.source - Use CDBS patchsys-quilt.mk * New debian/patches/05_osgi_metadata.diff to include OSGi metadata in JAR (Closes: #558182) -- Damien Raude-Morvan Sun, 29 Nov 2009 01:06:18 +0100 commons-httpclient (3.1-8) unstable; urgency=low [Damien Raude-Morvan] * Fix debian/watch: use http://www.apache.org/dist/ [Onkar Shinde] * debian/patches/04_fix_classpath.patch - Add appropriate jar files in classpath using manifest attribute. (LP: #459251) * debian/ant.properties - Add properties to set target JVM version 1.4. -- Onkar Shinde Thu, 05 Nov 2009 09:50:19 +0530 commons-httpclient (3.1-7) unstable; urgency=low * Add myself to Uploaders. * Revert change from last upload: - Don't map version of commons-httpclient explicitly. (Closes: #551126, #551214, #551217, #551218, #551221, #551224, #551226, #551227, #551231, #551242) -- Torsten Werner Sat, 17 Oct 2009 19:44:10 +0200 commons-httpclient (3.1-6) unstable; urgency=low * Don't map version of commons-httpclient explicitly. * Added myself to Uploaders. * Updated Standards-Version to 3.8.3. -- Michael Koch Mon, 05 Oct 2009 12:23:44 +0200 commons-httpclient (3.1-5) unstable; urgency=low * Upload to unstable. -- Torsten Werner Sun, 09 Aug 2009 10:43:36 +0200 commons-httpclient (3.1-4) experimental; urgency=low * Add the Maven POM to the package * Add a Build-Depends-Indep dependency on maven-repo-helper * Use mh_installpom and mh_installjar to install the POM and the jar to the Maven repository -- Ludovic Claude Thu, 09 Jul 2009 17:40:18 +0100 commons-httpclient (3.1-3) unstable; urgency=low * Convert to default-jdk/jre (Closes: #508949) * Bump Standards-Version to 3.8.1 -- Varun Hiremath Thu, 07 May 2009 19:27:19 -0400 commons-httpclient (3.1-2) unstable; urgency=low * debian/watch: + Update to reflect new upstream mirror structure. (Closes: #459995) * debian/control: + Update my e-mail address to akumar@debian.org. + Standards Version is now 3.7.3. + Use Vcs-Svn and Vcs-Browser in place of XS-Vcs-*. + Depend on ant 1.6.5 and above, instead of 1.6.5-1. -- Kumar Appaiah Fri, 18 Apr 2008 13:25:36 +0530 commons-httpclient (3.1-1) unstable; urgency=low * New upstream release. * Acknowledge NMU. Thanks to Michael Meskes for the upload. * debian/ant.properties: + Correct Java directory spelling. * debian/control: + Add Varun Hiremath and Kumar Appaiah to Uploaders. + Add XS-Vcs-Browser and XS-Vcs-Browser. + Move section of libcommons-httpclient-doc to doc. + Add Homepage Field. * debian/patches: + Remove 00b_build_xml_dont_copy_lib_dir.patch + Update patches/01_build_xml_version_jar.patch and patches/02_upstream_disable_examples_classes.patch for the new upstream version * debian/rules: + Remove dependence on package version; use DEB_UPSTREAM_VERSION for version * debian/libcommons-httpclient-java.install: + Not needed, since functionality written in debian.rules. * debian/watch + Update watch file to new upstream tarball directory. * debian/libcommons-httpclient-java.link: + Not needed, since functionality written in debian.rules. * Upstream has fixed some RFC violations. (Closes: #329245) * Remove .cvsignore files. -- Kumar Appaiah Thu, 20 Sep 2007 20:14:02 +0530 commons-httpclient (3.0.1-0.1) unstable; urgency=low * Non-maintainer upload. * Bump debhelper Build-Depends to (>= 4.1.0) as required by cdbs' debhelper.mk * Put the coppyright holders in debian/copyright * Include the jar file in the package. (Closes: #381354) * Only include one copy of the docs. done by James Westby Mon, 14 Aug 2006 02:29:47 +0100 -- Michael Meskes Fri, 15 Sep 2006 20:07:43 +0200 commons-httpclient (3.0.1-0) unstable; urgency=low * New upstream (closes: #340307) * Build with cdbs and java-gcj-compat-dev * Updated to Standards-Version 3.7.2; split build-dep and build-dep-indep. * Added libcommons-codec-java to build-dep. * Using simple-patchsys and no more dpatch -- Arnaud Vandyck Mon, 31 Jul 2006 17:11:32 +0200 commons-httpclient (2.0.2-2) unstable; urgency=low * Provide non-version-specific symlink "commons-httpclient.jar" to commons-httpclient-2.0.2.jar per Debian Java Policy Section 2.4 (Closes: 340308) * Added additional doc-base entry to point to main section of Jakarta Commons HttpClient documentation in addition to the API Javadoc * Maintainer email address updated for Barry Hawkins * Upload sponsored by Petter Reinholdtsen -- Barry Hawkins Fri, 25 Nov 2005 13:12:23 -0500 commons-httpclient (2.0.2-1) unstable; urgency=low * New upstream release and moved to main (Closes: #301789) * Removed dependency upon non-free compilers (Closes: 306744) * Updated version of Apache License to 2.0 * Package updated to reflect maintainership under Debian Java Maintainers * Upload sponsored by Petter Reinholdtsen -- Barry Hawkins Tue, 13 Sep 2005 23:14:01 -0400 commons-httpclient (2.0a1+20020904-1) unstable; urgency=low * New upstream release, with actual source (closes: #160262) -- Stephen Peters Wed, 4 Sep 2002 22:18:18 -0400 commons-httpclient (2.0a1-1) unstable; urgency=low * Initial Release. -- Stephen Peters Wed, 1 May 2002 13:31:44 -0400