[pkg-java] r18663 - in tags/batik: . 1.7+dfsg-5/debian 1.7+dfsg-5/debian/patches
Tony Mancill
tmancill at moszumanska.debian.org
Sun Mar 22 18:43:36 UTC 2015
Author: tmancill
Date: 2015-03-22 18:41:46 +0000 (Sun, 22 Mar 2015)
New Revision: 18663
Added:
tags/batik/1.7+dfsg-5/
tags/batik/1.7+dfsg-5/debian/changelog
tags/batik/1.7+dfsg-5/debian/patches/cve_2015_0250.patch
tags/batik/1.7+dfsg-5/debian/patches/series
Removed:
tags/batik/1.7+dfsg-5/debian/changelog
tags/batik/1.7+dfsg-5/debian/patches/series
Log:
[svn-buildpackage] Tagging batik 1.7+dfsg-5
Deleted: tags/batik/1.7+dfsg-5/debian/changelog
===================================================================
--- trunk/batik/debian/changelog 2015-03-16 14:27:25 UTC (rev 18660)
+++ tags/batik/1.7+dfsg-5/debian/changelog 2015-03-22 18:41:46 UTC (rev 18663)
@@ -1,308 +0,0 @@
-batik (1.7+dfsg-5) UNRELEASED; urgency=medium
-
- [ tony mancill ]
- * Team upload.
- * Update homepage URL to https://xmlgraphics.apache.org/batik/ in
- debian/control and debian/copyright. (Closes: #771539)
-
- [ Emmanuel Bourg ]
- * Replaced the Build-Id in the manifests with a constant value
- to make the build reproducible.
-
- -- tony mancill <tmancill at debian.org> Sun, 30 Nov 2014 10:04:30 -0800
-
-batik (1.7+dfsg-4) unstable; urgency=low
-
- * Team upload.
- [ Jakub Adam ]
- * Add OSGi metadata to JAR manifests.
-
- [ Markus Koschany ]
- * debian/rules: Set JAVA_HOME_DIRS to /usr/lib/jvm/default-java,
- build-depend on default-jdk and not on openjdk6-jdk |
- openjdk-7-jdk anymore. Fixes FTBFS with pbuilder-satisfydepends-classic.
- (Closes: #725461)
- * Bump Standards-Version to 3.9.4, no changes.
- * Bump compat level to 9 and require debhelper >= 9.
- * Use canonical VCS-URI.
- * Remove Michael Koch from Uploaders. (Closes: #653996)
- * libatik-java: Drop all jre/jdk dependencies. Recommend default-jre instead.
- * Run wrap-and-sort -sa
- * Add DEP-3 header to all patches.
-
- -- Markus Koschany <apo at gambaru.de> Mon, 14 Oct 2013 12:49:09 +0200
-
-batik (1.7+dfsg-3) unstable; urgency=low
-
- * Team upload.
- * Fix too strict Java JRE dependency. (Closes: #678612)
-
- -- Niels Thykier <niels at thykier.net> Sat, 23 Jun 2012 15:04:32 +0200
-
-batik (1.7+dfsg-2) unstable; urgency=low
-
- * Team upload.
- * Allow OpenJDK-7 as alternative to OpenJDK-6.
- * Remove old references to sun-java.
- * Add missing call to mh_clean in the clean rule.
- * Fix typo in manpage.
-
- -- Niels Thykier <niels at thykier.net> Tue, 19 Jun 2012 12:57:28 +0200
-
-batik (1.7+dfsg-1) unstable; urgency=low
-
- * Provide a repackaged tarball stripping all binary jars (closes: #657244)
- - updated debian/new-upstream as a consequence
- * Disable the installation of batik-js.jar, that wasn't built from sources
- (it was a subset of rhino's js.jar)
- * Conforms to standards 3.9.3
- * Modernize a bit debian/copyright
-
- -- Vincent Fourmond <fourmond at debian.org> Mon, 12 Mar 2012 20:53:43 +0100
-
-batik (1.7-8) unstable; urgency=low
-
- * Fix FTBS with recent openjdk (closes: #643508)
- * Bump to newer standards version, no changes required
-
- -- Vincent Fourmond <fourmond at debian.org> Thu, 29 Sep 2011 21:35:31 +0200
-
-batik (1.7-7) unstable; urgency=low
-
- * Re-enable all patches that had mistakenly been disabled by switching to
- source format 3.0 (quilt) (closes: #604871)
- * Already conforms to standards 3.9.1
-
- -- Vincent Fourmond <fourmond at debian.org> Thu, 25 Nov 2010 16:24:33 +0100
-
-batik (1.7-6) unstable; urgency=low
-
- [ Vincent Fourmond ]
- * Really fix the dependency on java runtime to only pull headless
- runtimes
-
- [ Gabriele Giacone ]
- * Added Maven support
- * Standards-Version to 3.8.4
- * Source format 3.0 (quilt)
-
- -- Gabriele Giacone <1o5g4r8o at gmail.com> Sun, 21 Feb 2010 19:02:10 +0100
-
-batik (1.7-5) unstable; urgency=low
-
- * Dropped the dependency on openjdk-6-jre, in profit for
- openjdk-6-jre-headless, so we won't pull the whole Gtk libraries just
- for using fop (closes: #551545).
- * Already conforms to standards 3.8.3
- * Removing Arnaud Vandyck from Uploaders as he did retire. Many thanks
- for your work on batik !
-
- -- Vincent Fourmond <fourmond at debian.org> Mon, 25 Jan 2010 21:58:59 +0100
-
-batik (1.7-4) unstable; urgency=low
-
- * Porting fixes from Ubuntu (1.7.dfsg-0ubuntu3) by Onkar Shinde
- <onkarshinde at ubuntu.com>:
- - add xml-apis-ext and js to classpath for debian/wrappers/squiggle
- - promote rhino to a Recommends, as squiggle depends on it
- - debian/patches/06_fix_paths_in_policy_files.patch to fix the paths
- of the security policy files
- * This finally makes squiggle work for Debian ! (closes: #499852)
- Many thanks again to Onkar...
-
- -- Vincent Fourmond <fourmond at debian.org> Mon, 20 Apr 2009 21:22:26 +0200
-
-batik (1.7-3) unstable; urgency=low
-
- [ Onkar Shinde ]
- * debian/rules
- - Use DEB_UPSTREAM_VERSION at all places.
- - Add symlinks batik-<version>.jar and batik.jar pointing to
- batik-all-<version>.jar. (Closes: #522340)
- * debian/control
- - Add myself to 'Uploaders'.
-
- [ Vincent Fourmond ]
- * Changed section to java, what currently is in the archive
- * Already conforms to standard 3.8.1
- * Bumped debhelper compatibility level to 5, and bumped Build-depends
- accordingly
-
- -- Vincent Fourmond <fourmond at debian.org> Mon, 13 Apr 2009 20:42:00 +0200
-
-batik (1.7-2) unstable; urgency=low
-
- * Adding xmlgraphics-commons-1.2 and xml-apis-ext to the jars for
- the build + corresponding build-deps
- * Added Vcs-* fields
-
- [ Sylvestre Ledru ]
- * Build class version 49 (instead of 50)
-
- [ Vincent Fourmond ]
- * Minor updates to the debian/copyright file
- * It seems time has come for an upload to unstable...
- * Adding ${misc:Depends} for potential debhelper-induced dependencies
- * Tweaking rasterizer.1 to avoid unbreakable lines
-
- -- Vincent Fourmond <fourmond at debian.org> Wed, 18 Feb 2009 22:58:36 +0100
-
-batik (1.7-1) experimental; urgency=low
-
- * New upstream release (Closes: #417888, #490556)
- * Switched to using java-wrappers for executables; dropping the
- /usr/lib/java/wrappers.sh script
- * Switched debian/copyright to a machine-readable format
- * Added ANT_OPTS to fix the compiler out of memory problem
- * Removing 02_fix_jar_target, no longer applicable
- * Removing 01_build_xml, as the created target (pdf-transcoder) cannot
- be built anymore
- * Fixed JAVA_HOME_DIRS so it can build with Sun's java 5
- * Strip the full text of the Apache-2.0 license, as it now is
- in the common licenses
- * Switch to openjdk-6-jdk for building (closes: #397562)
- * Several tweaks in debian/rules to build and install all the jars,
- based on a patch by Sylvestre Ledru <sylvestre.ledru at inria.fr>
- * Now depends also on libxml-commons-external-java for SVG parsing
- * Conforms to standards 3.8.0
- * Updated rasterizer.sh to work with libxml-commons-external-java
- and openjdk (closes: #490621)
- * Move wrapper scripts to debian/wrappers, updating debian/rules
- accordingly
- * Recommend fop for PDF output of rasterizer
- * Removed README.Debian-source: we don't add the fop sources anymore
- as those are already packaged in the fop debian package
- * Uploading to experimental, as there are potentially much too many
- disruptive changes to this package.
-
- -- Vincent Fourmond <fourmond at debian.org> Wed, 17 Sep 2008 20:14:33 +0200
-
-batik (1.6-4) unstable; urgency=low
-
- [ Mark Howard ]
- * debian/watch: added.
-
- [ Vincent Fourmond ]
- * Created a /usr/lib/java/wrappers.sh for the various programs
- provided by libbatik-java, to make them work in more various
- environments.
- * Manual pages for svgpp, rasterizer, squiggle and ttf2svg
- (Closes: #458021)
- * rasterizer now launches by default with -scriptSecurityOff so it
- works again (Closes: #413103). Added an option to turn security back on.
- * Comply with policy 3.7.3
- * Changed build-deps to sun-j2sdk1.4, to reflect the current make-jpkg
- output.
-
- -- Vincent Fourmond <fourmond at debian.org> Thu, 03 Jan 2008 01:20:15 +0100
-
-batik (1.6-3) unstable; urgency=low
-
- * Add wrapper scripts (rasterizer.sh squiggle.sh svgpp.sh ttf2svg.sh)
- to start batik applications. Install them without the .sh prefix in
- /usr/bin/. (Closes: #152180)
- * Removed build dependency on libgnujaxp-java (Closes: #385293).
- * Build-Depends on debhelper and cdbs (instead of Build-Depends-Indep).
- * Build-Depends-Indep on java-gcj-compat-dev.
- * Updated Standards-Version to 3.7.2.
- * Added myself to Uploaders.
-
- -- Michael Koch <konqueror at gmx.de> Mon, 18 Sep 2006 21:11:49 +0000
-
-batik (1.6-2) unstable; urgency=low
-
- * Re-Introduce lost link batik.jar and add 02_fix_jar_target.patch
- to fix library content (closes: #334878)
- * Thighten depends on avalon-framework (closes: #335883)
- * Corrected README.Debian
-
- -- Wolfgang Baer <WBaer at gmx.de> Thu, 20 Oct 2005 17:17:28 +0200
-
-batik (1.6-1) unstable; urgency=low
-
- * New upstream release
- + Updated copyright to Apache 2.0 License
- * libant1.6-java to ant transition
- * Use JAVA_HOME dirs as generated by java-package (closes: #306639)
- * Include, build and ship the pdf-transcoder from fop CVS (closes: #327354)
- + See README.Debian-source for details about the transcoder source
- + Added build-deps and depends on libavalon-framework-java,
- libcommons-io-java and libcommons-logging-java for the pdf-transcoder
- + Patched build.xml to call the pdf-transcoder build target
- * Removed Ola and Stephan from uploaders
- * Extended description a little bit
- * Standards-Version 3.6.2 (no changes)
-
- -- Wolfgang Baer <WBaer at gmx.de> Mon, 3 Oct 2005 19:29:22 +0200
-
-batik (1.5.1-1) unstable; urgency=low
-
- * New upstream release - security fix [CAN-2005-0508] (closes: #288009)
- * Added rhino as build dependency
- * Added rhino to Suggests
- * Switched to jdk modern compiler because jikes fails
- * Updated README.Debian explaining why built with non-free jdk
- * Updated standards version to 3.6.1 - no changes
- * avdyk: I added Wolfgang to the uploaders
-
- -- Wolfgang Baer <WBaer at gmx.de> Sun, 6 Mar 2005 20:30:08 +0100
-
-batik (1.5final-3) unstable; urgency=low
-
- * expand SVG in description (closes: #173105).
-
- -- Arnaud Vandyck <avdyk at debian.org> Thu, 12 Feb 2004 16:30:26 +0100
-
-batik (1.5final-2) unstable; urgency=low
-
- * added the dependency and the path to j2sdk1.3 to build batik (closes:
- #192539). You got to know that I have not been able to build batik
- with j2sdk1.3. I've been obliged to build it with IBMJDK1.4.1.
- * added gnujaxp as a dependency and in the classpath (closes: #192542)
-
- -- Arnaud Vandyck <avdyk at debian.org> Thu, 12 Feb 2004 14:54:05 +0100
-
-batik (1.5final-1) unstable; urgency=low
-
- * New upstream release
- * Build system is now CDBS
- * Added build-dependencies libxalan2-java and libbsf-java
- * Changed Stefan Gybas email
- * j2sdk to build and j2re to run because of swing
- * Debian Java Maintainers is now the new maintainer, added Ola Lundqvist
- <opal at debian.org>, Takashi Okamoto <tora at debian.org>, Stefan Gybas
- <sgybas at debian.org>, Arnaud Vandyck <avdyk at debian.org> as uploaders
-
- -- Arnaud Vandyck <avdyk at debian.org> Sat, 25 Oct 2003 15:14:49 +0200
-
-batik (1.5beta2-4) unstable; urgency=low
-
- * Renamed the batik jar file, closes: #171327.
-
- -- Ola Lundqvist <opal at debian.org> Mon, 2 Dec 2002 08:51:17 +0100
-
-batik (1.5beta2-3) unstable; urgency=low
-
- * Jars in /usr/share/java not in /usr/share/java/lib, closes: #170791.
-
- -- Ola Lundqvist <opal at debian.org> Wed, 27 Nov 2002 09:00:31 +0100
-
-batik (1.5beta2-2) unstable; urgency=low
-
- * New maintainer.
- * Fixed dependencies, closes: #158221.
- * Fixed build problem.
- * Added two other people as co-maintainers.
- * Fixed so that building wont take that long time if -nc option is used.
- * Now can use kaffe instead of j2sdk. Workaround for a bug in kaffe.
- On the other hand it seems not like the classic compiler so I still have
- to set that damn JAVA_HOME to the j2sdk...
-
- -- Ola Lundqvist <opal at debian.org> Thu, 21 Nov 2002 08:24:39 +0100
-
-batik (1.5beta2-1) unstable; urgency=low
-
- * Initial Upload (Closes: #149676)
-
- -- Jeff Bailey <jbailey at nisa.net> Tue, 11 Jun 2002 10:52:34 -0400
-
Copied: tags/batik/1.7+dfsg-5/debian/changelog (from rev 18662, trunk/batik/debian/changelog)
===================================================================
--- tags/batik/1.7+dfsg-5/debian/changelog (rev 0)
+++ tags/batik/1.7+dfsg-5/debian/changelog 2015-03-22 18:41:46 UTC (rev 18663)
@@ -0,0 +1,311 @@
+batik (1.7+dfsg-5) unstable; urgency=medium
+
+ [ tony mancill ]
+ * Team upload.
+ * Update homepage URL to https://xmlgraphics.apache.org/batik/ in
+ debian/control and debian/copyright. (Closes: #771539)
+ * Add debian/patches/cve_2015_0250.patch to disable external XML entity
+ resolution (information disclosure). This addresses CVE-2015-0250.
+ (Closes: #780897)
+
+ [ Emmanuel Bourg ]
+ * Replaced the Build-Id in the manifests with a constant value
+ to make the build reproducible.
+
+ -- tony mancill <tmancill at debian.org> Sat, 21 Mar 2015 15:24:17 -0700
+
+batik (1.7+dfsg-4) unstable; urgency=low
+
+ * Team upload.
+ [ Jakub Adam ]
+ * Add OSGi metadata to JAR manifests.
+
+ [ Markus Koschany ]
+ * debian/rules: Set JAVA_HOME_DIRS to /usr/lib/jvm/default-java,
+ build-depend on default-jdk and not on openjdk6-jdk |
+ openjdk-7-jdk anymore. Fixes FTBFS with pbuilder-satisfydepends-classic.
+ (Closes: #725461)
+ * Bump Standards-Version to 3.9.4, no changes.
+ * Bump compat level to 9 and require debhelper >= 9.
+ * Use canonical VCS-URI.
+ * Remove Michael Koch from Uploaders. (Closes: #653996)
+ * libatik-java: Drop all jre/jdk dependencies. Recommend default-jre instead.
+ * Run wrap-and-sort -sa
+ * Add DEP-3 header to all patches.
+
+ -- Markus Koschany <apo at gambaru.de> Mon, 14 Oct 2013 12:49:09 +0200
+
+batik (1.7+dfsg-3) unstable; urgency=low
+
+ * Team upload.
+ * Fix too strict Java JRE dependency. (Closes: #678612)
+
+ -- Niels Thykier <niels at thykier.net> Sat, 23 Jun 2012 15:04:32 +0200
+
+batik (1.7+dfsg-2) unstable; urgency=low
+
+ * Team upload.
+ * Allow OpenJDK-7 as alternative to OpenJDK-6.
+ * Remove old references to sun-java.
+ * Add missing call to mh_clean in the clean rule.
+ * Fix typo in manpage.
+
+ -- Niels Thykier <niels at thykier.net> Tue, 19 Jun 2012 12:57:28 +0200
+
+batik (1.7+dfsg-1) unstable; urgency=low
+
+ * Provide a repackaged tarball stripping all binary jars (closes: #657244)
+ - updated debian/new-upstream as a consequence
+ * Disable the installation of batik-js.jar, that wasn't built from sources
+ (it was a subset of rhino's js.jar)
+ * Conforms to standards 3.9.3
+ * Modernize a bit debian/copyright
+
+ -- Vincent Fourmond <fourmond at debian.org> Mon, 12 Mar 2012 20:53:43 +0100
+
+batik (1.7-8) unstable; urgency=low
+
+ * Fix FTBS with recent openjdk (closes: #643508)
+ * Bump to newer standards version, no changes required
+
+ -- Vincent Fourmond <fourmond at debian.org> Thu, 29 Sep 2011 21:35:31 +0200
+
+batik (1.7-7) unstable; urgency=low
+
+ * Re-enable all patches that had mistakenly been disabled by switching to
+ source format 3.0 (quilt) (closes: #604871)
+ * Already conforms to standards 3.9.1
+
+ -- Vincent Fourmond <fourmond at debian.org> Thu, 25 Nov 2010 16:24:33 +0100
+
+batik (1.7-6) unstable; urgency=low
+
+ [ Vincent Fourmond ]
+ * Really fix the dependency on java runtime to only pull headless
+ runtimes
+
+ [ Gabriele Giacone ]
+ * Added Maven support
+ * Standards-Version to 3.8.4
+ * Source format 3.0 (quilt)
+
+ -- Gabriele Giacone <1o5g4r8o at gmail.com> Sun, 21 Feb 2010 19:02:10 +0100
+
+batik (1.7-5) unstable; urgency=low
+
+ * Dropped the dependency on openjdk-6-jre, in profit for
+ openjdk-6-jre-headless, so we won't pull the whole Gtk libraries just
+ for using fop (closes: #551545).
+ * Already conforms to standards 3.8.3
+ * Removing Arnaud Vandyck from Uploaders as he did retire. Many thanks
+ for your work on batik !
+
+ -- Vincent Fourmond <fourmond at debian.org> Mon, 25 Jan 2010 21:58:59 +0100
+
+batik (1.7-4) unstable; urgency=low
+
+ * Porting fixes from Ubuntu (1.7.dfsg-0ubuntu3) by Onkar Shinde
+ <onkarshinde at ubuntu.com>:
+ - add xml-apis-ext and js to classpath for debian/wrappers/squiggle
+ - promote rhino to a Recommends, as squiggle depends on it
+ - debian/patches/06_fix_paths_in_policy_files.patch to fix the paths
+ of the security policy files
+ * This finally makes squiggle work for Debian ! (closes: #499852)
+ Many thanks again to Onkar...
+
+ -- Vincent Fourmond <fourmond at debian.org> Mon, 20 Apr 2009 21:22:26 +0200
+
+batik (1.7-3) unstable; urgency=low
+
+ [ Onkar Shinde ]
+ * debian/rules
+ - Use DEB_UPSTREAM_VERSION at all places.
+ - Add symlinks batik-<version>.jar and batik.jar pointing to
+ batik-all-<version>.jar. (Closes: #522340)
+ * debian/control
+ - Add myself to 'Uploaders'.
+
+ [ Vincent Fourmond ]
+ * Changed section to java, what currently is in the archive
+ * Already conforms to standard 3.8.1
+ * Bumped debhelper compatibility level to 5, and bumped Build-depends
+ accordingly
+
+ -- Vincent Fourmond <fourmond at debian.org> Mon, 13 Apr 2009 20:42:00 +0200
+
+batik (1.7-2) unstable; urgency=low
+
+ * Adding xmlgraphics-commons-1.2 and xml-apis-ext to the jars for
+ the build + corresponding build-deps
+ * Added Vcs-* fields
+
+ [ Sylvestre Ledru ]
+ * Build class version 49 (instead of 50)
+
+ [ Vincent Fourmond ]
+ * Minor updates to the debian/copyright file
+ * It seems time has come for an upload to unstable...
+ * Adding ${misc:Depends} for potential debhelper-induced dependencies
+ * Tweaking rasterizer.1 to avoid unbreakable lines
+
+ -- Vincent Fourmond <fourmond at debian.org> Wed, 18 Feb 2009 22:58:36 +0100
+
+batik (1.7-1) experimental; urgency=low
+
+ * New upstream release (Closes: #417888, #490556)
+ * Switched to using java-wrappers for executables; dropping the
+ /usr/lib/java/wrappers.sh script
+ * Switched debian/copyright to a machine-readable format
+ * Added ANT_OPTS to fix the compiler out of memory problem
+ * Removing 02_fix_jar_target, no longer applicable
+ * Removing 01_build_xml, as the created target (pdf-transcoder) cannot
+ be built anymore
+ * Fixed JAVA_HOME_DIRS so it can build with Sun's java 5
+ * Strip the full text of the Apache-2.0 license, as it now is
+ in the common licenses
+ * Switch to openjdk-6-jdk for building (closes: #397562)
+ * Several tweaks in debian/rules to build and install all the jars,
+ based on a patch by Sylvestre Ledru <sylvestre.ledru at inria.fr>
+ * Now depends also on libxml-commons-external-java for SVG parsing
+ * Conforms to standards 3.8.0
+ * Updated rasterizer.sh to work with libxml-commons-external-java
+ and openjdk (closes: #490621)
+ * Move wrapper scripts to debian/wrappers, updating debian/rules
+ accordingly
+ * Recommend fop for PDF output of rasterizer
+ * Removed README.Debian-source: we don't add the fop sources anymore
+ as those are already packaged in the fop debian package
+ * Uploading to experimental, as there are potentially much too many
+ disruptive changes to this package.
+
+ -- Vincent Fourmond <fourmond at debian.org> Wed, 17 Sep 2008 20:14:33 +0200
+
+batik (1.6-4) unstable; urgency=low
+
+ [ Mark Howard ]
+ * debian/watch: added.
+
+ [ Vincent Fourmond ]
+ * Created a /usr/lib/java/wrappers.sh for the various programs
+ provided by libbatik-java, to make them work in more various
+ environments.
+ * Manual pages for svgpp, rasterizer, squiggle and ttf2svg
+ (Closes: #458021)
+ * rasterizer now launches by default with -scriptSecurityOff so it
+ works again (Closes: #413103). Added an option to turn security back on.
+ * Comply with policy 3.7.3
+ * Changed build-deps to sun-j2sdk1.4, to reflect the current make-jpkg
+ output.
+
+ -- Vincent Fourmond <fourmond at debian.org> Thu, 03 Jan 2008 01:20:15 +0100
+
+batik (1.6-3) unstable; urgency=low
+
+ * Add wrapper scripts (rasterizer.sh squiggle.sh svgpp.sh ttf2svg.sh)
+ to start batik applications. Install them without the .sh prefix in
+ /usr/bin/. (Closes: #152180)
+ * Removed build dependency on libgnujaxp-java (Closes: #385293).
+ * Build-Depends on debhelper and cdbs (instead of Build-Depends-Indep).
+ * Build-Depends-Indep on java-gcj-compat-dev.
+ * Updated Standards-Version to 3.7.2.
+ * Added myself to Uploaders.
+
+ -- Michael Koch <konqueror at gmx.de> Mon, 18 Sep 2006 21:11:49 +0000
+
+batik (1.6-2) unstable; urgency=low
+
+ * Re-Introduce lost link batik.jar and add 02_fix_jar_target.patch
+ to fix library content (closes: #334878)
+ * Thighten depends on avalon-framework (closes: #335883)
+ * Corrected README.Debian
+
+ -- Wolfgang Baer <WBaer at gmx.de> Thu, 20 Oct 2005 17:17:28 +0200
+
+batik (1.6-1) unstable; urgency=low
+
+ * New upstream release
+ + Updated copyright to Apache 2.0 License
+ * libant1.6-java to ant transition
+ * Use JAVA_HOME dirs as generated by java-package (closes: #306639)
+ * Include, build and ship the pdf-transcoder from fop CVS (closes: #327354)
+ + See README.Debian-source for details about the transcoder source
+ + Added build-deps and depends on libavalon-framework-java,
+ libcommons-io-java and libcommons-logging-java for the pdf-transcoder
+ + Patched build.xml to call the pdf-transcoder build target
+ * Removed Ola and Stephan from uploaders
+ * Extended description a little bit
+ * Standards-Version 3.6.2 (no changes)
+
+ -- Wolfgang Baer <WBaer at gmx.de> Mon, 3 Oct 2005 19:29:22 +0200
+
+batik (1.5.1-1) unstable; urgency=low
+
+ * New upstream release - security fix [CAN-2005-0508] (closes: #288009)
+ * Added rhino as build dependency
+ * Added rhino to Suggests
+ * Switched to jdk modern compiler because jikes fails
+ * Updated README.Debian explaining why built with non-free jdk
+ * Updated standards version to 3.6.1 - no changes
+ * avdyk: I added Wolfgang to the uploaders
+
+ -- Wolfgang Baer <WBaer at gmx.de> Sun, 6 Mar 2005 20:30:08 +0100
+
+batik (1.5final-3) unstable; urgency=low
+
+ * expand SVG in description (closes: #173105).
+
+ -- Arnaud Vandyck <avdyk at debian.org> Thu, 12 Feb 2004 16:30:26 +0100
+
+batik (1.5final-2) unstable; urgency=low
+
+ * added the dependency and the path to j2sdk1.3 to build batik (closes:
+ #192539). You got to know that I have not been able to build batik
+ with j2sdk1.3. I've been obliged to build it with IBMJDK1.4.1.
+ * added gnujaxp as a dependency and in the classpath (closes: #192542)
+
+ -- Arnaud Vandyck <avdyk at debian.org> Thu, 12 Feb 2004 14:54:05 +0100
+
+batik (1.5final-1) unstable; urgency=low
+
+ * New upstream release
+ * Build system is now CDBS
+ * Added build-dependencies libxalan2-java and libbsf-java
+ * Changed Stefan Gybas email
+ * j2sdk to build and j2re to run because of swing
+ * Debian Java Maintainers is now the new maintainer, added Ola Lundqvist
+ <opal at debian.org>, Takashi Okamoto <tora at debian.org>, Stefan Gybas
+ <sgybas at debian.org>, Arnaud Vandyck <avdyk at debian.org> as uploaders
+
+ -- Arnaud Vandyck <avdyk at debian.org> Sat, 25 Oct 2003 15:14:49 +0200
+
+batik (1.5beta2-4) unstable; urgency=low
+
+ * Renamed the batik jar file, closes: #171327.
+
+ -- Ola Lundqvist <opal at debian.org> Mon, 2 Dec 2002 08:51:17 +0100
+
+batik (1.5beta2-3) unstable; urgency=low
+
+ * Jars in /usr/share/java not in /usr/share/java/lib, closes: #170791.
+
+ -- Ola Lundqvist <opal at debian.org> Wed, 27 Nov 2002 09:00:31 +0100
+
+batik (1.5beta2-2) unstable; urgency=low
+
+ * New maintainer.
+ * Fixed dependencies, closes: #158221.
+ * Fixed build problem.
+ * Added two other people as co-maintainers.
+ * Fixed so that building wont take that long time if -nc option is used.
+ * Now can use kaffe instead of j2sdk. Workaround for a bug in kaffe.
+ On the other hand it seems not like the classic compiler so I still have
+ to set that damn JAVA_HOME to the j2sdk...
+
+ -- Ola Lundqvist <opal at debian.org> Thu, 21 Nov 2002 08:24:39 +0100
+
+batik (1.5beta2-1) unstable; urgency=low
+
+ * Initial Upload (Closes: #149676)
+
+ -- Jeff Bailey <jbailey at nisa.net> Tue, 11 Jun 2002 10:52:34 -0400
+
Copied: tags/batik/1.7+dfsg-5/debian/patches/cve_2015_0250.patch (from rev 18661, trunk/batik/debian/patches/cve_2015_0250.patch)
===================================================================
--- tags/batik/1.7+dfsg-5/debian/patches/cve_2015_0250.patch (rev 0)
+++ tags/batik/1.7+dfsg-5/debian/patches/cve_2015_0250.patch 2015-03-22 18:41:46 UTC (rev 18663)
@@ -0,0 +1,60 @@
+Description: Fix information disclosure by disabling external XML entity processing.
+ The upstream patch was modified slightly to apply cleanly against
+ the source package in Debian.
+Forwarded: not-needed
+Origin: https://svn.apache.org/viewvc/xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java?r1=662304&r2=1664335&view=patch
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780897
+
+--- a/sources/org/apache/batik/dom/util/SAXDocumentFactory.java
++++ b/sources/org/apache/batik/dom/util/SAXDocumentFactory.java
+@@ -30,25 +30,26 @@
+ import javax.xml.parsers.SAXParser;
+ import javax.xml.parsers.SAXParserFactory;
+
+-import org.apache.batik.util.HaltingThread;
+-import org.apache.batik.util.XMLConstants;
+-
++import org.w3c.dom.DOMImplementation;
++import org.w3c.dom.Document;
++import org.w3c.dom.DocumentType;
++import org.w3c.dom.Element;
++import org.w3c.dom.Node;
+ import org.xml.sax.Attributes;
+ import org.xml.sax.ErrorHandler;
+ import org.xml.sax.InputSource;
+ import org.xml.sax.Locator;
+ import org.xml.sax.SAXException;
+ import org.xml.sax.SAXNotRecognizedException;
++import org.xml.sax.SAXNotSupportedException;
+ import org.xml.sax.SAXParseException;
+ import org.xml.sax.XMLReader;
+ import org.xml.sax.ext.LexicalHandler;
+ import org.xml.sax.helpers.DefaultHandler;
+ import org.xml.sax.helpers.XMLReaderFactory;
+
+-import org.w3c.dom.DOMImplementation;
+-import org.w3c.dom.Document;
+-import org.w3c.dom.Element;
+-import org.w3c.dom.Node;
++import org.apache.batik.util.HaltingThread;
++import org.apache.batik.util.XMLConstants;
+
+ /**
+ * This class contains methods for creating Document instances
+@@ -391,6 +392,16 @@
+ static SAXParserFactory saxFactory;
+ static {
+ saxFactory = SAXParserFactory.newInstance();
++ try {
++ saxFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
++ saxFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
++ } catch (SAXNotRecognizedException e) {
++ e.printStackTrace();
++ } catch (SAXNotSupportedException e) {
++ e.printStackTrace();
++ } catch (ParserConfigurationException e) {
++ e.printStackTrace();
++ }
+ }
+
+ /**
Deleted: tags/batik/1.7+dfsg-5/debian/patches/series
===================================================================
--- trunk/batik/debian/patches/series 2015-03-16 14:27:25 UTC (rev 18660)
+++ tags/batik/1.7+dfsg-5/debian/patches/series 2015-03-22 18:41:46 UTC (rev 18663)
@@ -1,3 +0,0 @@
-06_fix_paths_in_policy_files.patch
-source-1.5.patch
-remove-js.patch
Copied: tags/batik/1.7+dfsg-5/debian/patches/series (from rev 18661, trunk/batik/debian/patches/series)
===================================================================
--- tags/batik/1.7+dfsg-5/debian/patches/series (rev 0)
+++ tags/batik/1.7+dfsg-5/debian/patches/series 2015-03-22 18:41:46 UTC (rev 18663)
@@ -0,0 +1,4 @@
+06_fix_paths_in_policy_files.patch
+source-1.5.patch
+remove-js.patch
+cve_2015_0250.patch
More information about the pkg-java-commits
mailing list