libxml-security-java (2.1.8-1) unstable; urgency=medium * Removed the -java-doc package * new upstream release - Refreshed the patches - Updated the Maven rules -- Emmanuel Bourg Wed, 03 Jan 2024 15:36:06 +0100 libxml-security-java (2.1.7-3) unstable; urgency=medium * Team upload * Raising Standards version to 4.6.2: - Setting Rules-Requires-Root: no * Depending on liblog4j1.2-java (Closes: #1028796) * Removing unneeded versioned build-dependencies * Removing trailing slash in d/copyright Files-Excluded entry * Use secure URI in Homepage field. * Set upstream metadata fields: Bug-Database, Repository, Repository-Browse. * Adding a Lintian override for embedded JS in the -doc package -- Pierre Gruet Sun, 22 Jan 2023 18:31:41 +0100 libxml-security-java (2.1.7-2) unstable; urgency=medium * Team upload. * Re-enable the test suite again. Ignore test failures because of file not found exceptions. Those files have been removed because of DFSG reasons. -- Markus Koschany Sun, 14 Nov 2021 14:08:08 +0100 libxml-security-java (2.1.7-1) unstable; urgency=high * Team upload. * New upstream version 2.1.7. - Fix CVE-2019-12400: In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. (Closes: #935548) - Fix CVE-2021-40690: All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. (Closes: #994569) * Switch to debhelper-compat = 13. * Declare compliance with Debian Policy 4.6.0. * Drop 0001-Recover-old-API-for-libitext5-java.patch. This appears to work now. * Add no-errorprone.patch and ignore errorprone core artifact. * Update debian/watch and detect new releases on github.com. * Remove old orig-tar.sh script and use the Files-Excluded mechanism instead. -- Markus Koschany Thu, 23 Sep 2021 23:29:16 +0200 libxml-security-java (2.0.10-2) unstable; urgency=medium * Team upload. [ Jochen Sprickerhof ] * Add patch for old API used by libitext5-java (Closes: #906375) [ Emmanuel Bourg ] * Standards-Version updated to 4.2.1 -- Emmanuel Bourg Mon, 24 Sep 2018 12:06:50 +0200 libxml-security-java (2.0.10-1) unstable; urgency=medium * Team upload. * New upstream release - New build dependency on libmaven-jaxb2-plugin-java - New dependency on libwoodstox-java * Build with Java 8 compatibility * Standards-Version updated to 4.1.5 * Switch to debhelper level 11 * Use salsa.debian.org Vcs-* URLs * Use a secure URL in debian/watch and debian/orig-tar.sh -- Emmanuel Bourg Wed, 25 Jul 2018 10:46:30 +0200 libxml-security-java (1.5.8-2) unstable; urgency=medium * Team upload. * maven.properties: Skip the tests to prevent build failure on amd64. (Closes: #852930) * libxml-security-java: Improve the short description. (Closes: #756642) -- Markus Koschany Mon, 06 Feb 2017 12:47:14 +0100 libxml-security-java (1.5.8-1) unstable; urgency=medium * New upstream release * Build with the DH sequencer instead of CDBS * Enabled the OSGi metadata * Moved the package to Git * Removed Niels Thykier from the uploaders (Closes: #770585) * Updated debian/watch to track the latest releases * Removed the non-free RFC3161 from the upstream tarball * Use XZ compression for the upstream tarball * Standards-Version updated to 3.9.8 (no changes) * Switch to debhelper level 10 -- Emmanuel Bourg Wed, 16 Nov 2016 16:39:56 +0100 libxml-security-java (1.5.6-1) unstable; urgency=medium * Team upload. * New upstream release. - Addresses CVE-2013-4517 (Closes: #733938) * Freshen pom.xml patch for new version. -- tony mancill Sun, 02 Feb 2014 10:14:47 -0800 libxml-security-java (1.5.5-2) unstable; urgency=low * Upload to unstable * Release 1.5.5 fixes CVE-2013-2172 (Closes: #720375) * Added the Classpath attribute in the jar manifest -- Emmanuel Bourg Mon, 26 Aug 2013 19:56:57 +0200 libxml-security-java (1.5.5-1) experimental; urgency=low * New upstream release * Refreshed the patch * Use canonical URLs for the Vcs-* fields * Changed the Maven rules to Ignore the parent pom -- Emmanuel Bourg Wed, 03 Jul 2013 15:31:41 +0200 libxml-security-java (1.5.4-1) experimental; urgency=low [ Emmanuel Bourg ] * Team upload. * New upstream release * Refreshed the patch * Updated Standards-Version to 3.9.4 (no changes) * Removed Michael Koch from the Uploaders list (Closes: #654103) * Updated debian/copyright to comply with the Machine readable format 1.0 [ tony mancill ] * Add libbcprov-java to Build-Depends-Indep -- tony mancill Sat, 27 Apr 2013 21:18:13 -0700 libxml-security-java (1.4.5-1) unstable; urgency=low * New upstream release * Update debian/watch to point to new SVN repo. * Update Standards-Version: 3.9.1. * Switch to source format 3.0. * Use Maven to build the package. Ignore test failures. * Update Description. * Add a documentation package. * Update Homepage field. -- Torsten Werner Tue, 30 Aug 2011 14:07:46 +0200 libxml-security-java (1.4.3-2) unstable; urgency=low [ Thierry Carrez ] * debian/build.xml: Build Java2 code to match runtime dependency * debian/build.xml: Fix the jar packaging to include resources (Closes: #557306) [ Niels Thykier ] * Removed ${shlibs:Depends} from Depends; does not make sense for java. -- Niels Thykier Mon, 30 Nov 2009 22:20:10 +0100 libxml-security-java (1.4.3-1) unstable; urgency=low * New upstream release. * (Build-)Depends on default-jdk. * Build-Depends on debhelper >= 7. * Moved package to section 'java'. * Addded myself to Uploaders. * Updated Standards-Version to 3.8.3. -- Michael Koch Mon, 05 Oct 2009 08:05:07 +0200 libxml-security-java (1.4.2-1) unstable; urgency=low * New upstream release * Bump Standards-Version to 3.8.0 * debian/copyright: remove the full text of Apache 2.0 license, as now is included in common licenses -- Varun Hiremath Fri, 11 Jul 2008 19:22:33 +0530 libxml-security-java (1.4.1-1) unstable; urgency=low * Initial release (Closes: #450611) -- Varun Hiremath Fri, 18 Jan 2008 14:56:26 +0530