libcommons-fileupload-java (1.2.2-1+deb6u2) squeeze-security; urgency=high * Team upload. * Fix CVE-2014-0050: Specially crafted input can trigger an infinite loop if the buffer used by the MultipartStream is not big enough. When constructing MultipartStream enforce the requirements for buffer size by throwing an IllegalArgumentException if the requested buffer size is too small. This prevents the DoS. * Enable the unit tests -- Emmanuel Bourg Fri, 07 Feb 2014 17:12:35 +0100 libcommons-fileupload-java (1.2.2-1+deb6u1) squeeze-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2013-2186.patch patch. CVE-2013-2186: Arbitrary file upload via deserialization. Properly validate repository in org.apache.commons.fileupload.disk.DiskFileItem. Thanks to Marc Deslauriers (Closes: #726601) -- Salvatore Bonaccorso Sat, 21 Dec 2013 11:12:53 +0100 libcommons-fileupload-java (1.2.2-1) unstable; urgency=low * New upstream release. * New libcommons-fileupload-java-doc package for Javadoc. * Bump Standards-Version to 3.9.1: - Add recommended get-orig-source target in d/rules. * d/dirs: Remove, uneeded. * Switch to maven-debian-helper for build: - Drop all patches on old Ant build. - Add maven-debian-helper to B-D. - Drop ant from B-D. * Don't Depends on a JRE (not requested anymore by Java Policy for libraries packages). -- Damien Raude-Morvan Wed, 04 Aug 2010 13:57:04 +0200 libcommons-fileupload-java (1.2.1-5) unstable; urgency=low * (Build-)Depend on libservlet2.5-java instead of libservlet2.4-java -- Thierry Carrez Fri, 11 Jun 2010 15:19:56 +0200 libcommons-fileupload-java (1.2.1-4) unstable; urgency=low [ Thierry Carrez ] * Minimal dependency on default-jre-headless | java2-runtime-headless * debian/ant.properties: Force Java2 code to match dependency [ Damien Raude-Morvan ] * Remove Arnaud from Uploaders. * Add myself to Uploaders. * Bump Standards-Version to 3.8.4: no changes needed * Bump debhelper to >= 7 * Remove version criteria from cdbs B-D (even stable match version) * Enable portlet support: - Remove debian/patches/04_disable-portlet.patch - Add B-D-I on libportlet-api-2.0-spec-java - Remove debian/README.Debian (Closes: #577474) * Convert to source format 3.0 (quilt) - Refresh all patches - Add DEP3 headers to patches * Register in maven repository: - B-D-I on maven-repo-helper - Use mh_installpoms and mh_installjar -- Damien Raude-Morvan Mon, 12 Apr 2010 12:42:16 +0200 libcommons-fileupload-java (1.2.1-3) unstable; urgency=low * (Build-)Depends on default-jdk. * (Build-)Depends on libservlet2.4-java. -- Michael Koch Wed, 16 Sep 2009 22:15:26 +0200 libcommons-fileupload-java (1.2.1-2) unstable; urgency=low [ Emmanuel Bourg ] * Update of the URLs * Rename Jakarta Commons to Apache Commons. * debian/copyright: Switch to Apache License 2.0. Closes: #532889. [ Michael Koch ] * Add '${misc:Depends}' to Depends of libcommons-fileupload-java. * Converted debian/copyright to UTF-8. * Move package to section 'java'. * Update debhelper to >= 5. * Update Standards-Version 3.8.3. -- Michael Koch Sun, 06 Sep 2009 21:39:24 +0200 libcommons-fileupload-java (1.2.1-1) unstable; urgency=low [ Michael Koch ] * New upstream release * Updated Standards-Version to 3.7.3. [ Kumar Appaiah ] * Update watch file. * debian/control: + Add Vcs-{Svn,Browser}. + Add Homepage field. -- Michael Koch Thu, 14 Feb 2008 17:41:57 +0100 libcommons-fileupload-java (1.2-2) unstable; urgency=low * Added Depends on libcommons-io-java. Closes: #439860. -- Michael Koch Sat, 01 Sep 2007 22:19:03 +0200 libcommons-fileupload-java (1.2-1) unstable; urgency=low * New upstream release. Closes: #429638. - added README.Debian with info about disabled portlet support - updated patches/01-build-jar-without-test-fix.patch * Use java-gcj-compat instead of kaffe. * Renamed debian/patches/02_jikes_1.3.patch to debian/patches/02_java13.patch and to make sure to have compatibility with Java 1.3. * Moved cdbs and debhelper from Build-Depends-Indep to Build-Depends. * Fixed usage of Homepage: tag in package description. * Removed Wolfgang and added myself to Uploads * Updated Standards-Version. * Removed ant-launcher.jar from explicit list of jars. * Removed debian/libcommons-fileupload-java.links, debian/install and debian/links and do the needed stuff in debian/rules. -- Michael Koch Sat, 21 Jul 2007 13:08:32 +0200 libcommons-fileupload-java (1.0-14) unstable; urgency=low * kaffe compiler transition * Bump debhelper version to fix linda error * Removed version constraints already fulfilled by stable * Formatted description * Removed unused and wrong README.Debian * Standards-Version 3.6.2 (no changes) * Added myself to uploaders -- Wolfgang Baer Wed, 1 Feb 2006 22:44:18 +0100 libcommons-fileupload-java (1.0-13) unstable; urgency=low * libant1.6-java to ant transition -- Arnaud Vandyck Sat, 20 Aug 2005 19:52:56 +0200 libcommons-fileupload-java (1.0-12) unstable; urgency=low * debian/control (Build-Depends-Indep, Depends): changed the kaffe version (closes: #302015) * Standards-Version: 3.6.1, nothing to change -- Arnaud Vandyck Tue, 5 Apr 2005 16:38:16 +0200 libcommons-fileupload-java (1.0-11) unstable; urgency=low * build with kaffe * generate the javadoc -- Arnaud Vandyck Wed, 2 Mar 2005 23:10:46 +0100 libcommons-fileupload-java (1.0-10) unstable; urgency=low * added a build-dep on libgnujaxp-java because sablevm does not embed gnujaxp at the moment! (closes: #272387). -- Arnaud Vandyck Tue, 28 Sep 2004 11:34:15 +0200 libcommons-fileupload-java (1.0-9) unstable; urgency=low * added a patch to force jikes to build against 1.3 (closes: #269254) * sablevm is used to launch ant and jikes. * no javadoc at the moment -- Arnaud Vandyck Tue, 14 Sep 2004 13:25:23 +0200 libcommons-fileupload-java (1.0-8) unstable; urgency=low * debian/watch: added. -- Arnaud Vandyck Sun, 15 Aug 2004 01:54:04 +0200 libcommons-fileupload-java (1.0-7) unstable; urgency=low * Now really move to main! -- Arnaud Vandyck Sun, 25 Jul 2004 18:36:30 +0200 libcommons-fileupload-java (1.0-6) unstable; urgency=low * Move to main! Now that libservlet2.3-java is in main, this lib can move to main -- Arnaud Vandyck Sun, 25 Jul 2004 17:56:26 +0200 libcommons-fileupload-java (1.0-5) unstable; urgency=low * Removed the dependency to dpatch, update kaffe dependency to 1.1.3, removed the junit dependency. I now use the cdbs simple-patchsys. * debian/rules: clean up. -- Arnaud Vandyck Sat, 24 Jan 2004 01:12:16 +0100 libcommons-fileupload-java (1.0-4) unstable; urgency=low * debian/links: changed the symlink. Thanks to Giuseppe Sacco (closes: #226928). -- Arnaud Vandyck Sat, 10 Jan 2004 01:05:23 +0100 libcommons-fileupload-java (1.0-3) unstable; urgency=low * debian/control (Maintainer) (Uploaders): Debian Java Maintainers is now the maintainer and I added my debian email address to the Uploaders field. * debian/README.Debian: Added an explanation why in contrib. -- Arnaud Vandyck Wed, 7 Jan 2004 17:33:53 +0100 libcommons-fileupload-java (1.0-2) unstable; urgency=low * Build system is now cdbs! the junit test is no more perform at the moment, a patch has been applyied to suppress it from the build file * junit is not needed when running (only for test at build time), kaffe maybe used to run the library, libant-1.5-java is used to build * I patched build.xml to remove entities because of a bug in kaffe-1.1.1 (gnujaxp) so now it builds with kaffe... * Waiting for libservlet2.3-java in main to be in main -- Arnaud Vandyck Sun, 5 Oct 2003 01:58:49 +0200 libcommons-fileupload-java (1.0-1) unstable; urgency=low * New upstream release * I do not need to patch build.xml anymore because upstream changed it. I just have to override the libdir property in debian/rules. Thanks to Martin Cooper. * There is no more a libcommons-fileupload-java-doc package because it's to small, so I merged it with the library (dist/doc/*). * The jar is now in dist directory. -- Arnaud Vandyck Mon, 30 Jun 2003 15:10:36 +0200 libcommons-fileupload-java (0.99beta1-2) unstable; urgency=low * Library compiled by jikes. Does not need JAVA_HOME anymore * Typo in description * Correct version dependency (beanutils) * Correct the CLASSPATH (do not use version number of the jars) -- Arnaud Vandyck Fri, 30 May 2003 10:18:57 +0200 libcommons-fileupload-java (0.99beta1-1) unstable; urgency=low * Initial Release. -- Arnaud Vandyck Sun, 13 Apr 2003 18:45:44 +0200