[pkg-java] r18885 - in tags/commons-httpclient: . 3.1-12/debian 3.1-12/debian/patches
Markus Koschany
apo-guest at moszumanska.debian.org
Mon Nov 2 14:51:53 UTC 2015
Author: apo-guest
Date: 2015-11-02 14:51:53 +0000 (Mon, 02 Nov 2015)
New Revision: 18885
Added:
tags/commons-httpclient/3.1-12/
tags/commons-httpclient/3.1-12/debian/changelog
tags/commons-httpclient/3.1-12/debian/control
tags/commons-httpclient/3.1-12/debian/libcommons-httpclient-java-doc.docs
tags/commons-httpclient/3.1-12/debian/patches/CVE-2015-5262.patch
tags/commons-httpclient/3.1-12/debian/patches/series
Removed:
tags/commons-httpclient/3.1-12/debian/changelog
tags/commons-httpclient/3.1-12/debian/control
tags/commons-httpclient/3.1-12/debian/libcommons-httpclient-java-doc.docs
tags/commons-httpclient/3.1-12/debian/patches/series
Log:
[svn-buildpackage] Tagging commons-httpclient 3.1-12
Deleted: tags/commons-httpclient/3.1-12/debian/changelog
===================================================================
--- trunk/commons-httpclient/debian/changelog 2015-11-02 13:46:22 UTC (rev 18883)
+++ tags/commons-httpclient/3.1-12/debian/changelog 2015-11-02 14:51:53 UTC (rev 18885)
@@ -1,235 +0,0 @@
-commons-httpclient (3.1-12) UNRELEASED; urgency=medium
-
- [ Kumar Appaiah ]
- * debian/control:
- + Remove Kumar Appaiah from uploaders
-
- [ Emmanuel Bourg ]
- * Switch to debhelper level 9
- * debian/control:
- - Use canonical URLs for the Vcs-* fields
- - Standards-Version updated to 3.9.5 (no changes)
- - Improved the package description
- - Removed Michael Koch from the uploaders (Closes: #654007)
- * debian/rules: Improved the clean target
-
- [ tony mancill ]
- * Remove trailing spaces from package description of
- libcommons-httpclient-java-doc in debian/control. (Closes: #783931)
-
- -- Kumar Appaiah <akumar at debian.org> Sat, 29 Mar 2014 15:40:00 -0400
-
-commons-httpclient (3.1-11) unstable; urgency=high
-
- * Team upload.
- * Add CVE-2014-3577.patch. (Closes: #758086)
- It was found that the fix for CVE-2012-6153 was incomplete: the code added
- to check that the server hostname matches the domain name in a subject's
- Common Name (CN) field in X.509 certificates was flawed. A
- man-in-the-middle attacker could use this flaw to spoof an SSL server using
- a specially crafted X.509 certificate. The fix for CVE-2012-6153 was
- intended to address the incomplete patch for CVE-2012-5783. The issue is
- now completely resolved by applying this patch and the
- 06_fix_CVE-2012-5783.patch.
- * Change java.source and java.target ant properties to 1.5, otherwise
- commons-httpclient will not compile with this patch.
-
- -- Markus Koschany <apo at gambaru.de> Mon, 23 Mar 2015 22:57:54 +0100
-
-
-commons-httpclient (3.1-10.2) unstable; urgency=low
-
- * Non-maintainer upload.
- * Fix CVE-2012-5783 (Closes: #692442)
- * Fix CN extraction from DN of X500 principal.
- * Fix wildcard validation on ssl connections
-
- -- Alberto Fernández Martínez <infjaf at gmail.com> Thu, 6 Dec 2012 14:28:00 +0100
-
-commons-httpclient (3.1-10.1) unstable; urgency=low
-
- * Non-maintainer upload.
- * Fix CVE-2012-5783 (Closes: #692442)
-
- -- Alberto Fernández Martínez <infjaf at gmail.com> Wed, 5 Dec 2012 17:28:00 +0100
-
-commons-httpclient (3.1-10) unstable; urgency=low
-
- [ Damien Raude-Morvan ]
- * Remove Arnaud Vandyck from Uploaders
- * d/control: Drop Depends on any JRE as a Java library don't need to
- depends on a runtime (Java Policy)
-
- [ Torsten Werner ]
- * Switch to source format 3.0.
- * Update Standards-Version: 3.9.1.
- * Remove Barry from Uploaders list.
-
- -- Torsten Werner <twerner at debian.org> Tue, 30 Aug 2011 11:47:01 +0200
-
-commons-httpclient (3.1-9) unstable; urgency=low
-
- * Add myself to Uploaders
- * Use quilt as patch system
- - Build-Depends on quilt
- - Add debian/README.source
- - Use CDBS patchsys-quilt.mk
- * New debian/patches/05_osgi_metadata.diff to include OSGi metadata
- in JAR (Closes: #558182)
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sun, 29 Nov 2009 01:06:18 +0100
-
-commons-httpclient (3.1-8) unstable; urgency=low
-
- [Damien Raude-Morvan]
- * Fix debian/watch: use http://www.apache.org/dist/
-
- [Onkar Shinde]
- * debian/patches/04_fix_classpath.patch
- - Add appropriate jar files in classpath using manifest attribute.
- (LP: #459251)
- * debian/ant.properties
- - Add properties to set target JVM version 1.4.
-
- -- Onkar Shinde <onkarshinde at ubuntu.com> Thu, 05 Nov 2009 09:50:19 +0530
-
-commons-httpclient (3.1-7) unstable; urgency=low
-
- * Add myself to Uploaders.
- * Revert change from last upload:
- - Don't map version of commons-httpclient explicitly.
- (Closes: #551126, #551214, #551217, #551218, #551221, #551224, #551226,
- #551227, #551231, #551242)
-
- -- Torsten Werner <twerner at debian.org> Sat, 17 Oct 2009 19:44:10 +0200
-
-commons-httpclient (3.1-6) unstable; urgency=low
-
- * Don't map version of commons-httpclient explicitly.
- * Added myself to Uploaders.
- * Updated Standards-Version to 3.8.3.
-
- -- Michael Koch <konqueror at gmx.de> Mon, 05 Oct 2009 12:23:44 +0200
-
-commons-httpclient (3.1-5) unstable; urgency=low
-
- * Upload to unstable.
-
- -- Torsten Werner <twerner at debian.org> Sun, 09 Aug 2009 10:43:36 +0200
-
-commons-httpclient (3.1-4) experimental; urgency=low
-
- * Add the Maven POM to the package
- * Add a Build-Depends-Indep dependency on maven-repo-helper
- * Use mh_installpom and mh_installjar to install the POM and the jar to the
- Maven repository
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Thu, 09 Jul 2009 17:40:18 +0100
-
-commons-httpclient (3.1-3) unstable; urgency=low
-
- * Convert to default-jdk/jre (Closes: #508949)
- * Bump Standards-Version to 3.8.1
-
- -- Varun Hiremath <varun at debian.org> Thu, 07 May 2009 19:27:19 -0400
-
-commons-httpclient (3.1-2) unstable; urgency=low
-
- * debian/watch:
- + Update to reflect new upstream mirror structure.
- (Closes: #459995)
- * debian/control:
- + Update my e-mail address to akumar at debian.org.
- + Standards Version is now 3.7.3.
- + Use Vcs-Svn and Vcs-Browser in place of XS-Vcs-*.
- + Depend on ant 1.6.5 and above, instead of 1.6.5-1.
-
- -- Kumar Appaiah <akumar at debian.org> Fri, 18 Apr 2008 13:25:36 +0530
-
-commons-httpclient (3.1-1) unstable; urgency=low
-
- * New upstream release.
- * Acknowledge NMU. Thanks to Michael Meskes for the upload.
- * debian/ant.properties:
- + Correct Java directory spelling.
- * debian/control:
- + Add Varun Hiremath and Kumar Appaiah to Uploaders.
- + Add XS-Vcs-Browser and XS-Vcs-Browser.
- + Move section of libcommons-httpclient-doc to doc.
- + Add Homepage Field.
- * debian/patches:
- + Remove 00b_build_xml_dont_copy_lib_dir.patch
- + Update patches/01_build_xml_version_jar.patch and
- patches/02_upstream_disable_examples_classes.patch for the new
- upstream version
- * debian/rules:
- + Remove dependence on package version; use DEB_UPSTREAM_VERSION for version
- * debian/libcommons-httpclient-java.install:
- + Not needed, since functionality written in debian.rules.
- * debian/watch
- + Update watch file to new upstream tarball directory.
- * debian/libcommons-httpclient-java.link:
- + Not needed, since functionality written in debian.rules.
- * Upstream has fixed some RFC violations. (Closes: #329245)
- * Remove .cvsignore files.
-
- -- Kumar Appaiah <akumar at ee.iitm.ac.in> Thu, 20 Sep 2007 20:14:02 +0530
-
-commons-httpclient (3.0.1-0.1) unstable; urgency=low
-
- * Non-maintainer upload.
- * Bump debhelper Build-Depends to (>= 4.1.0) as required by cdbs'
- debhelper.mk
- * Put the coppyright holders in debian/copyright
- * Include the jar file in the package. (Closes: #381354)
- * Only include one copy of the docs.
- done by James Westby <jw+debian at jameswestby.net> Mon, 14 Aug 2006 02:29:47 +0100
-
- -- Michael Meskes <meskes at debian.org> Fri, 15 Sep 2006 20:07:43 +0200
-
-commons-httpclient (3.0.1-0) unstable; urgency=low
-
- * New upstream (closes: #340307)
- * Build with cdbs and java-gcj-compat-dev
- * Updated to Standards-Version 3.7.2; split build-dep and
- build-dep-indep.
- * Added libcommons-codec-java to build-dep.
- * Using simple-patchsys and no more dpatch
-
- -- Arnaud Vandyck <avdyk at debian.org> Mon, 31 Jul 2006 17:11:32 +0200
-
-commons-httpclient (2.0.2-2) unstable; urgency=low
-
- * Provide non-version-specific symlink "commons-httpclient.jar" to
- commons-httpclient-2.0.2.jar per Debian Java Policy Section 2.4
- (Closes: 340308)
- * Added additional doc-base entry to point to main section of
- Jakarta Commons HttpClient documentation in addition to the
- API Javadoc
- * Maintainer email address updated for Barry Hawkins
- * Upload sponsored by Petter Reinholdtsen
-
- -- Barry Hawkins <barry at alltc.com> Fri, 25 Nov 2005 13:12:23 -0500
-
-commons-httpclient (2.0.2-1) unstable; urgency=low
-
- * New upstream release and moved to main (Closes: #301789)
- * Removed dependency upon non-free compilers (Closes: 306744)
- * Updated version of Apache License to 2.0
- * Package updated to reflect maintainership under Debian Java
- Maintainers
- * Upload sponsored by Petter Reinholdtsen
-
- -- Barry Hawkins <barry at bytemason.org> Tue, 13 Sep 2005 23:14:01 -0400
-
-commons-httpclient (2.0a1+20020904-1) unstable; urgency=low
-
- * New upstream release, with actual source (closes: #160262)
-
- -- Stephen Peters <portnoy at portnoy.org> Wed, 4 Sep 2002 22:18:18 -0400
-
-commons-httpclient (2.0a1-1) unstable; urgency=low
-
- * Initial Release.
-
- -- Stephen Peters <portnoy at portnoy.org> Wed, 1 May 2002 13:31:44 -0400
Copied: tags/commons-httpclient/3.1-12/debian/changelog (from rev 18884, trunk/commons-httpclient/debian/changelog)
===================================================================
--- tags/commons-httpclient/3.1-12/debian/changelog (rev 0)
+++ tags/commons-httpclient/3.1-12/debian/changelog 2015-11-02 14:51:53 UTC (rev 18885)
@@ -0,0 +1,244 @@
+commons-httpclient (3.1-12) unstable; urgency=high
+
+ * Team upload.
+
+ [ Kumar Appaiah ]
+ * debian/control:
+ + Remove Kumar Appaiah from uploaders
+
+ [ Emmanuel Bourg ]
+ * Add myself to Uploaders.
+ * Switch to debhelper level 9
+ * debian/control:
+ - Use canonical URLs for the Vcs-* fields
+ - Improved the package description
+ - Removed Michael Koch from the uploaders (Closes: #654007)
+ * debian/rules: Improved the clean target
+
+ [ tony mancill ]
+ * Remove trailing spaces from package description of
+ libcommons-httpclient-java-doc in debian/control. (Closes: #783931)
+
+ [ Markus Koschany ]
+ * wrap-and-sort -sa.
+ * Declare compliance with Debian Policy 3.9.6.
+ * Add CVE-2015-5262.patch.
+ Fix CVE-2015-5262 jakarta-commons-httpclient: https calls ignore
+ http.socket.timeout during SSL Handshake. (Closes: #798650)
+
+ -- Markus Koschany <apo at debian.org> Mon, 02 Nov 2015 15:32:33 +0100
+
+commons-httpclient (3.1-11) unstable; urgency=high
+
+ * Team upload.
+ * Add CVE-2014-3577.patch. (Closes: #758086)
+ It was found that the fix for CVE-2012-6153 was incomplete: the code added
+ to check that the server hostname matches the domain name in a subject's
+ Common Name (CN) field in X.509 certificates was flawed. A
+ man-in-the-middle attacker could use this flaw to spoof an SSL server using
+ a specially crafted X.509 certificate. The fix for CVE-2012-6153 was
+ intended to address the incomplete patch for CVE-2012-5783. The issue is
+ now completely resolved by applying this patch and the
+ 06_fix_CVE-2012-5783.patch.
+ * Change java.source and java.target ant properties to 1.5, otherwise
+ commons-httpclient will not compile with this patch.
+
+ -- Markus Koschany <apo at gambaru.de> Mon, 23 Mar 2015 22:57:54 +0100
+
+
+commons-httpclient (3.1-10.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix CVE-2012-5783 (Closes: #692442)
+ * Fix CN extraction from DN of X500 principal.
+ * Fix wildcard validation on ssl connections
+
+ -- Alberto Fernández Martínez <infjaf at gmail.com> Thu, 6 Dec 2012 14:28:00 +0100
+
+commons-httpclient (3.1-10.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix CVE-2012-5783 (Closes: #692442)
+
+ -- Alberto Fernández Martínez <infjaf at gmail.com> Wed, 5 Dec 2012 17:28:00 +0100
+
+commons-httpclient (3.1-10) unstable; urgency=low
+
+ [ Damien Raude-Morvan ]
+ * Remove Arnaud Vandyck from Uploaders
+ * d/control: Drop Depends on any JRE as a Java library don't need to
+ depends on a runtime (Java Policy)
+
+ [ Torsten Werner ]
+ * Switch to source format 3.0.
+ * Update Standards-Version: 3.9.1.
+ * Remove Barry from Uploaders list.
+
+ -- Torsten Werner <twerner at debian.org> Tue, 30 Aug 2011 11:47:01 +0200
+
+commons-httpclient (3.1-9) unstable; urgency=low
+
+ * Add myself to Uploaders
+ * Use quilt as patch system
+ - Build-Depends on quilt
+ - Add debian/README.source
+ - Use CDBS patchsys-quilt.mk
+ * New debian/patches/05_osgi_metadata.diff to include OSGi metadata
+ in JAR (Closes: #558182)
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sun, 29 Nov 2009 01:06:18 +0100
+
+commons-httpclient (3.1-8) unstable; urgency=low
+
+ [Damien Raude-Morvan]
+ * Fix debian/watch: use http://www.apache.org/dist/
+
+ [Onkar Shinde]
+ * debian/patches/04_fix_classpath.patch
+ - Add appropriate jar files in classpath using manifest attribute.
+ (LP: #459251)
+ * debian/ant.properties
+ - Add properties to set target JVM version 1.4.
+
+ -- Onkar Shinde <onkarshinde at ubuntu.com> Thu, 05 Nov 2009 09:50:19 +0530
+
+commons-httpclient (3.1-7) unstable; urgency=low
+
+ * Add myself to Uploaders.
+ * Revert change from last upload:
+ - Don't map version of commons-httpclient explicitly.
+ (Closes: #551126, #551214, #551217, #551218, #551221, #551224, #551226,
+ #551227, #551231, #551242)
+
+ -- Torsten Werner <twerner at debian.org> Sat, 17 Oct 2009 19:44:10 +0200
+
+commons-httpclient (3.1-6) unstable; urgency=low
+
+ * Don't map version of commons-httpclient explicitly.
+ * Added myself to Uploaders.
+ * Updated Standards-Version to 3.8.3.
+
+ -- Michael Koch <konqueror at gmx.de> Mon, 05 Oct 2009 12:23:44 +0200
+
+commons-httpclient (3.1-5) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Torsten Werner <twerner at debian.org> Sun, 09 Aug 2009 10:43:36 +0200
+
+commons-httpclient (3.1-4) experimental; urgency=low
+
+ * Add the Maven POM to the package
+ * Add a Build-Depends-Indep dependency on maven-repo-helper
+ * Use mh_installpom and mh_installjar to install the POM and the jar to the
+ Maven repository
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Thu, 09 Jul 2009 17:40:18 +0100
+
+commons-httpclient (3.1-3) unstable; urgency=low
+
+ * Convert to default-jdk/jre (Closes: #508949)
+ * Bump Standards-Version to 3.8.1
+
+ -- Varun Hiremath <varun at debian.org> Thu, 07 May 2009 19:27:19 -0400
+
+commons-httpclient (3.1-2) unstable; urgency=low
+
+ * debian/watch:
+ + Update to reflect new upstream mirror structure.
+ (Closes: #459995)
+ * debian/control:
+ + Update my e-mail address to akumar at debian.org.
+ + Standards Version is now 3.7.3.
+ + Use Vcs-Svn and Vcs-Browser in place of XS-Vcs-*.
+ + Depend on ant 1.6.5 and above, instead of 1.6.5-1.
+
+ -- Kumar Appaiah <akumar at debian.org> Fri, 18 Apr 2008 13:25:36 +0530
+
+commons-httpclient (3.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * Acknowledge NMU. Thanks to Michael Meskes for the upload.
+ * debian/ant.properties:
+ + Correct Java directory spelling.
+ * debian/control:
+ + Add Varun Hiremath and Kumar Appaiah to Uploaders.
+ + Add XS-Vcs-Browser and XS-Vcs-Browser.
+ + Move section of libcommons-httpclient-doc to doc.
+ + Add Homepage Field.
+ * debian/patches:
+ + Remove 00b_build_xml_dont_copy_lib_dir.patch
+ + Update patches/01_build_xml_version_jar.patch and
+ patches/02_upstream_disable_examples_classes.patch for the new
+ upstream version
+ * debian/rules:
+ + Remove dependence on package version; use DEB_UPSTREAM_VERSION for version
+ * debian/libcommons-httpclient-java.install:
+ + Not needed, since functionality written in debian.rules.
+ * debian/watch
+ + Update watch file to new upstream tarball directory.
+ * debian/libcommons-httpclient-java.link:
+ + Not needed, since functionality written in debian.rules.
+ * Upstream has fixed some RFC violations. (Closes: #329245)
+ * Remove .cvsignore files.
+
+ -- Kumar Appaiah <akumar at ee.iitm.ac.in> Thu, 20 Sep 2007 20:14:02 +0530
+
+commons-httpclient (3.0.1-0.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Bump debhelper Build-Depends to (>= 4.1.0) as required by cdbs'
+ debhelper.mk
+ * Put the coppyright holders in debian/copyright
+ * Include the jar file in the package. (Closes: #381354)
+ * Only include one copy of the docs.
+ done by James Westby <jw+debian at jameswestby.net> Mon, 14 Aug 2006 02:29:47 +0100
+
+ -- Michael Meskes <meskes at debian.org> Fri, 15 Sep 2006 20:07:43 +0200
+
+commons-httpclient (3.0.1-0) unstable; urgency=low
+
+ * New upstream (closes: #340307)
+ * Build with cdbs and java-gcj-compat-dev
+ * Updated to Standards-Version 3.7.2; split build-dep and
+ build-dep-indep.
+ * Added libcommons-codec-java to build-dep.
+ * Using simple-patchsys and no more dpatch
+
+ -- Arnaud Vandyck <avdyk at debian.org> Mon, 31 Jul 2006 17:11:32 +0200
+
+commons-httpclient (2.0.2-2) unstable; urgency=low
+
+ * Provide non-version-specific symlink "commons-httpclient.jar" to
+ commons-httpclient-2.0.2.jar per Debian Java Policy Section 2.4
+ (Closes: 340308)
+ * Added additional doc-base entry to point to main section of
+ Jakarta Commons HttpClient documentation in addition to the
+ API Javadoc
+ * Maintainer email address updated for Barry Hawkins
+ * Upload sponsored by Petter Reinholdtsen
+
+ -- Barry Hawkins <barry at alltc.com> Fri, 25 Nov 2005 13:12:23 -0500
+
+commons-httpclient (2.0.2-1) unstable; urgency=low
+
+ * New upstream release and moved to main (Closes: #301789)
+ * Removed dependency upon non-free compilers (Closes: 306744)
+ * Updated version of Apache License to 2.0
+ * Package updated to reflect maintainership under Debian Java
+ Maintainers
+ * Upload sponsored by Petter Reinholdtsen
+
+ -- Barry Hawkins <barry at bytemason.org> Tue, 13 Sep 2005 23:14:01 -0400
+
+commons-httpclient (2.0a1+20020904-1) unstable; urgency=low
+
+ * New upstream release, with actual source (closes: #160262)
+
+ -- Stephen Peters <portnoy at portnoy.org> Wed, 4 Sep 2002 22:18:18 -0400
+
+commons-httpclient (2.0a1-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Stephen Peters <portnoy at portnoy.org> Wed, 1 May 2002 13:31:44 -0400
Deleted: tags/commons-httpclient/3.1-12/debian/control
===================================================================
--- trunk/commons-httpclient/debian/control 2015-11-02 13:46:22 UTC (rev 18883)
+++ tags/commons-httpclient/3.1-12/debian/control 2015-11-02 14:51:53 UTC (rev 18885)
@@ -1,35 +0,0 @@
-Source: commons-httpclient
-Section: java
-Priority: optional
-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
-Uploaders: Emmanuel Bourg <ebourg at apache.org>,
- Varun Hiremath <varun at debian.org>, Torsten Werner <twerner at debian.org>,
- Damien Raude-Morvan <drazzib at debian.org>
-Build-Depends: debhelper (>= 9), cdbs
-Build-Depends-Indep: maven-repo-helper, ant, default-jdk, libcommons-codec-java, libcommons-logging-java, junit
-Standards-Version: 3.9.5
-Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/commons-httpclient
-Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/commons-httpclient
-Homepage: http://hc.apache.org/httpclient-3.x
-
-Package: libcommons-httpclient-java
-Architecture: all
-Suggests: libcommons-httpclient-java-doc
-Depends: libcommons-logging-java, libcommons-codec-java, ${misc:Depends}
-Description: Commons HTTPClient - Java library for creating HTTP clients
- The Jakarta Commons HTTPClient library provides an efficient,
- up-to-date, and feature-rich package implementing the client side of
- the most recent HTTP standards and recommendations.
-
-Package: libcommons-httpclient-java-doc
-Section: doc
-Architecture: all
-Depends: ${misc:Depends}
-Suggests: libcommons-httpclient-java
-Description: Documentation for libcommons-httpclient-java
- The Jakarta Commons HTTPClient library provides an efficient,
- up-to-date, and feature-rich package implementing the client side of
- the most recent HTTP standards and recommendations.
- .
- This package contains the documentation for the Jakarta Commons
- HTTPClient library.
Copied: tags/commons-httpclient/3.1-12/debian/control (from rev 18884, trunk/commons-httpclient/debian/control)
===================================================================
--- tags/commons-httpclient/3.1-12/debian/control (rev 0)
+++ tags/commons-httpclient/3.1-12/debian/control 2015-11-02 14:51:53 UTC (rev 18885)
@@ -0,0 +1,51 @@
+Source: commons-httpclient
+Section: java
+Priority: optional
+Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
+Uploaders:
+ Emmanuel Bourg <ebourg at apache.org>,
+ Varun Hiremath <varun at debian.org>,
+ Torsten Werner <twerner at debian.org>,
+ Damien Raude-Morvan <drazzib at debian.org>
+Build-Depends:
+ cdbs,
+ debhelper (>= 9)
+Build-Depends-Indep:
+ ant,
+ default-jdk,
+ junit,
+ libcommons-codec-java,
+ libcommons-logging-java,
+ maven-repo-helper
+Standards-Version: 3.9.6
+Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/commons-httpclient
+Vcs-Browser: https://anonscm.debian.org/viewvc/pkg-java/trunk/commons-httpclient
+Homepage: http://hc.apache.org/httpclient-3.x
+
+Package: libcommons-httpclient-java
+Architecture: all
+Suggests:
+ libcommons-httpclient-java-doc
+Depends:
+ libcommons-codec-java,
+ libcommons-logging-java,
+ ${misc:Depends}
+Description: Commons HTTPClient - Java library for creating HTTP clients
+ The Jakarta Commons HTTPClient library provides an efficient,
+ up-to-date, and feature-rich package implementing the client side of
+ the most recent HTTP standards and recommendations.
+
+Package: libcommons-httpclient-java-doc
+Section: doc
+Architecture: all
+Depends:
+ ${misc:Depends}
+Suggests:
+ libcommons-httpclient-java
+Description: Documentation for libcommons-httpclient-java
+ The Jakarta Commons HTTPClient library provides an efficient,
+ up-to-date, and feature-rich package implementing the client side of
+ the most recent HTTP standards and recommendations.
+ .
+ This package contains the documentation for the Jakarta Commons
+ HTTPClient library.
Deleted: tags/commons-httpclient/3.1-12/debian/libcommons-httpclient-java-doc.docs
===================================================================
--- trunk/commons-httpclient/debian/libcommons-httpclient-java-doc.docs 2015-11-02 13:46:22 UTC (rev 18883)
+++ tags/commons-httpclient/3.1-12/debian/libcommons-httpclient-java-doc.docs 2015-11-02 14:51:53 UTC (rev 18885)
@@ -1,2 +0,0 @@
-docs
-README
Copied: tags/commons-httpclient/3.1-12/debian/libcommons-httpclient-java-doc.docs (from rev 18884, trunk/commons-httpclient/debian/libcommons-httpclient-java-doc.docs)
===================================================================
--- tags/commons-httpclient/3.1-12/debian/libcommons-httpclient-java-doc.docs (rev 0)
+++ tags/commons-httpclient/3.1-12/debian/libcommons-httpclient-java-doc.docs 2015-11-02 14:51:53 UTC (rev 18885)
@@ -0,0 +1,2 @@
+README
+docs
Copied: tags/commons-httpclient/3.1-12/debian/patches/CVE-2015-5262.patch (from rev 18884, trunk/commons-httpclient/debian/patches/CVE-2015-5262.patch)
===================================================================
--- tags/commons-httpclient/3.1-12/debian/patches/CVE-2015-5262.patch (rev 0)
+++ tags/commons-httpclient/3.1-12/debian/patches/CVE-2015-5262.patch 2015-11-02 14:51:53 UTC (rev 18885)
@@ -0,0 +1,38 @@
+From: Markus Koschany <apo at debian.org>
+Date: Mon, 2 Nov 2015 15:15:37 +0100
+Subject: CVE-2015-5262
+
+Fix CVE-2015-5262 jakarta-commons-httpclient: https calls ignore http.socket.timeout during
+SSL Handshake
+See also https://bugzilla.redhat.com/show_bug.cgi?id=1259892
+Thanks to Mikolaj Izdebski for the patch.
+
+Bug: https://bugs.debian.org/798650
+Forwarded: no
+---
+ .../apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
+index e6ce513..b7550a2 100644
+--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
++++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
+@@ -152,7 +152,9 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
+ }
+ int timeout = params.getConnectionTimeout();
+ if (timeout == 0) {
+- Socket sslSocket = createSocket(host, port, localAddress, localPort);
++ Socket sslSocket = SSLSocketFactory.getDefault().createSocket(
++ host, port, localAddress, localPort);
++ sslSocket.setSoTimeout(params.getSoTimeout());
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
+ } else {
+@@ -163,6 +165,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
+ sslSocket = ControllerThreadSocketFactory.createSocket(
+ this, host, port, localAddress, localPort, timeout);
+ }
++ sslSocket.setSoTimeout(params.getSoTimeout());
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
+ }
Deleted: tags/commons-httpclient/3.1-12/debian/patches/series
===================================================================
--- trunk/commons-httpclient/debian/patches/series 2015-11-02 13:46:22 UTC (rev 18883)
+++ tags/commons-httpclient/3.1-12/debian/patches/series 2015-11-02 14:51:53 UTC (rev 18885)
@@ -1,8 +0,0 @@
-00_build_xml_no_external_links.patch
-01_build_xml_version_jar.patch
-02_upstream_disable_examples_classes.patch
-03_upstream_qualify_ConnectionPool_declaration.patch
-04_fix_classpath.patch
-05_osgi_metadata
-06_fix_CVE-2012-5783.patch
-CVE-2014-3577.patch
Copied: tags/commons-httpclient/3.1-12/debian/patches/series (from rev 18884, trunk/commons-httpclient/debian/patches/series)
===================================================================
--- tags/commons-httpclient/3.1-12/debian/patches/series (rev 0)
+++ tags/commons-httpclient/3.1-12/debian/patches/series 2015-11-02 14:51:53 UTC (rev 18885)
@@ -0,0 +1,9 @@
+00_build_xml_no_external_links.patch
+01_build_xml_version_jar.patch
+02_upstream_disable_examples_classes.patch
+03_upstream_qualify_ConnectionPool_declaration.patch
+04_fix_classpath.patch
+05_osgi_metadata
+06_fix_CVE-2012-5783.patch
+CVE-2014-3577.patch
+CVE-2015-5262.patch
More information about the pkg-java-commits
mailing list