Change log for batik package in Debian
| 1 → 39 of 39 results | First • Previous • Next • Last |
| Published in bullseye-release |
batik (1.12-4+deb11u2) bullseye; urgency=medium * Team upload. * Fixing CVE-2022-44729 and CVE-2022-44730 -- Pierre Gruet <email address hidden> Fri, 25 Aug 2023 11:07:07 +0200
| Published in bookworm-release |
batik (1.16+dfsg-1+deb12u1) bookworm; urgency=medium * Fixing CVE-2022-44729 and CVE-2022-44730 -- Pierre Gruet <email address hidden> Thu, 24 Aug 2023 21:28:00 +0200
| Published in sid-release |
batik (1.17+dfsg-1) unstable; urgency=medium
* New upstream version 1.17+dfsg, fixing security issues:
- CVE-2022-44729
- CVE-2022-44730
* Refreshing patches
* Raising Standards version to 4.6.2 (no change)
* Refreshing copyright years
* Ignoring maven-javadoc-plugin
* Fixing mismatched Lintian overrides
-- Pierre Gruet <email address hidden> Thu, 24 Aug 2023 14:59:39 +0200
Available diffs
- diff from 1.16+dfsg-1 to 1.17+dfsg-1 (134.3 KiB)
| Superseded in bullseye-release |
batik (1.12-4+deb11u1) bullseye-security; urgency=high
* Team upload.
* Fix CVE-2022-41704 and CVE-2022-42890:
It was discovered that Apache Batik, an SVG library for Java, allowed
attackers to run arbitrary Java code by processing a malicious SVG file.
-- Markus Koschany <email address hidden> Sat, 29 Oct 2022 16:22:11 +0200
batik (1.16+dfsg-1) unstable; urgency=medium
* New upstream version 1.16+dfsg, fixing security issues:
- CVE-2022-41704
- CVE-2022-42890
-- Pierre Gruet <email address hidden> Thu, 27 Oct 2022 18:27:37 +0200
Available diffs
- diff from 1.14-2 to 1.16+dfsg-1 (30.4 KiB)
| Superseded in sid-release |
batik (1.15+dfsg-1) unstable; urgency=medium
* New upstream version, fixing security issues (Closes: #1020589):
- CVE-2022-38398
- CVE-2022-38648
- CVE-2022-40146
* Adding a +dfsg suffix when repacking
* Updating years in d/copyright
* Adding myself as uploader
* Re-export upstream signing key without extra signatures.
* Set upstream metadata fields: Repository, Repository-Browse, Bug-Database
* Adding Lintian overrides for the codeless jars
* Adding DEP-3 headers for the patches
-- Pierre Gruet <email address hidden> Sun, 25 Sep 2022 16:00:05 +0200
batik (1.14-2) unstable; urgency=medium
* Team upload
* Adding classpaths and main classes in the manifests of the built jars
(Closes: #1013281)
* Reworking debian/watch:
- Raising its version to 4
- Using secure URI
* Raising Standards version to 4.6.1 (no change)
* Refreshing d/copyright
* Getting rid of unneeded versioned dependencies in d/control
[ Andrius Merkys ]
* Remove Onkar Shinde from the uploaders list per request.
Thanks for your contributions.
-- Pierre Gruet <email address hidden> Mon, 18 Jul 2022 23:48:46 +0200
Available diffs
- diff from 1.14-1 to 1.14-2 (3.2 KiB)
batik (1.14-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.14 (Closes: #1000561)
Addresses CVE-2020-11987 (Closes: #984829)
* Set Rules-Requires-Root: no in debian/control
* Let java7-runtime-headless satisfy Recommends (Closes: #1000405)
* Delete patch for CVE-2109-17566; applied upstream
* Update poms; add batik-shared-resources; remove batik-test-util
* Add build-dep on libmaven-dependency-plugin-java
-- tony mancill <email address hidden> Tue, 23 Nov 2021 21:28:11 -0800
Available diffs
- diff from 1.12-4 to 1.14-1 (42.5 KiB)
batik (1.12-4) unstable; urgency=medium * Team upload. * Add manifest for batik-i18n. * Mark in batik-css manifest it requires batik-i18n. -- Sudip Mukherjee <email address hidden> Wed, 23 Sep 2020 11:46:22 +0100
Available diffs
- diff from 1.12-1.1 to 1.12-4 (1.6 KiB)
batik (1.12-3) unstable; urgency=medium * Team upload. * Update version of Require-Bundle in d/manifest. -- Sudip Mukherjee <email address hidden> Sat, 05 Sep 2020 23:45:45 +0100
batik (1.12-2) unstable; urgency=medium
* Team upload.
* Use debhelper-compat.
- Update compat level to 13.
* Update version in d/manifest.
* Use java helper to generate MANIFEST.MF from d/manifest.
- MANIFEST file in generate jars missed Bundle information.
* Update Standards-Version to 4.5.0
-- Sudip Mukherjee <email address hidden> Fri, 04 Sep 2020 19:00:07 +0100
| Published in buster-release |
batik (1.10-2+deb10u1) buster; urgency=medium
* Non-maintainer upload.
* CVE-2019-17566: Server-side request forgery via xlink:href attributes.
(Closes: #964510)
-- Emilio Pozuelo Monfort <email address hidden> Fri, 10 Jul 2020 19:28:13 +0200
| Published in stretch-release |
batik (1.8-4+deb9u2) stretch; urgency=medium
* Non-maintainer upload.
* CVE-2019-17566: Server-side request forgery via xlink:href attributes.
(Closes: #964510)
-- Emilio Pozuelo Monfort <email address hidden> Fri, 10 Jul 2020 19:30:17 +0200
batik (1.12-1.1) unstable; urgency=medium * Non-maintainer upload. * CVE-2019-17566: Server-side request forgery via xlink:href attributes. -- Emilio Pozuelo Monfort <email address hidden> Fri, 10 Jul 2020 18:23:19 +0200
Available diffs
- diff from 1.12-1 to 1.12-1.1 (1.5 KiB)
batik (1.12-1) unstable; urgency=medium * Team upload. * New upstream 1.12 -- Mathieu Malaterre <email address hidden> Sun, 16 Feb 2020 21:16:51 +0100
Available diffs
- diff from 1.10-2 to 1.12-1 (69.5 KiB)
batik (1.10-2) unstable; urgency=medium
* Team upload.
* Fixed the build failure with Java 11 (Closes: #913050)
* Tightened the version of maven-debian-helper required to build batik
(Closes: #902532)
* Standards-Version updated to 4.2.1
* Use salsa.debian.org Vcs-* URLs
-- Emmanuel Bourg <email address hidden> Thu, 20 Dec 2018 00:28:22 +0100
Available diffs
- diff from 1.10-1 to 1.10-2 (1.1 KiB)
| Superseded in stretch-release |
batik (1.8-4+deb9u1) stretch-security; urgency=high
* Team upload.
* Fix CVE-2017-5662: XXE information disclosure. (Closes: #860566)
* Fix CVE-2018-8013: information disclosure when deserializing a subclass of
AbstractDocument. (Closes: #899374)
-- Markus Koschany <email address hidden> Wed, 30 May 2018 18:59:04 +0200
| Published in jessie-release |
batik (1.7+dfsg-5+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-5662: XXE information disclosure. (Closes: #860566)
* Fix CVE-2018-8013: information disclosure when deserializing a subclass of
AbstractDocument. (Closes: #899374)
-- Markus Koschany <email address hidden> Wed, 30 May 2018 18:25:57 +0200
batik (1.10-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.10.
- squiggle works as expected again after updating the policy patch.
(Closes: #884481)
- Fix CVE-2018-8013: information disclosure vulnerability.
(Closes: #899374)
* Drop 07_optional_rhino_and_jython_dependencies.patch. Applied upstream.
* Remove repack scripts and use Files-Excluded mechanism instead.
* Update the watch file. Use Files-Excluded.
* Ignore jython artifact and add no-Jython-support.patch. Jython as a
scripting language for Batik is no longer supported because the dependency
complicates transitions. (Closes: #884536)
* Ignore batik-test-old module.
-- Markus Koschany <email address hidden> Fri, 25 May 2018 13:53:34 +0200
Available diffs
- diff from 1.9-3 to 1.10-1 (314.4 KiB)
batik (1.9-3) unstable; urgency=medium
* Team upload.
* Made the rhino and jython dependencies optional (Closes: #875322)
* Removed the unused dependencies on libbsf-java, libcommons-io-java
and libcommons-logging-java
* Build with Maven instead of Ant
* Build with the DH sequencer instead of CDBS
* Standards-Version updated to 4.1.1
* Switch to debhelper level 10
-- Emmanuel Bourg <email address hidden> Mon, 02 Oct 2017 16:55:14 +0200
Available diffs
- diff from 1.9-2 to 1.9-3 (6.7 KiB)
batik (1.9-2) unstable; urgency=medium
* Fix "batik-1.9 causes FTBFS for freeplane due to changed
artifacts/poms" Upstream poms assume maven build. Ant build bundles contents
of batik-i18n.jar and batik-constants.jar into batik-util.jar. Use
debian/maven.rules to adjust for this. (Closes: #875322)
-- Christopher Hoskin <email address hidden> Wed, 13 Sep 2017 07:57:01 +0100
Available diffs
- diff from 1.9-1 to 1.9-2 (502 bytes)
batik (1.9-1) unstable; urgency=medium
* Team upload.
* Moved the package to Git
* Updated signing keys from https://www.apache.org/dist/xmlgraphics/batik/KEYS
* Exclude jar files from documentation-sources
* Add repack script to remove non-free ICC profiles
* New upstream (1.9)
+ Fix "CVE-2017-5662: information disclosure vulnerability" Upstream claim
BATIK-1139 is fixed in 1.9 (Closes: #860566)
* Disable old patches, pending further investigation
* Get package building again
+ maven-artifacts is no longer a target, explicitly add jars to
DEB_ANT_BUILD_TARGET
+ Add debian/debian/libbatik-java.poms, call mh_install to install jars
and poms, for closer alignment to other pkg-java packages
* Fix spellings in debian/manpages/rasterizer.1
* Remove redundant remove-js.patch
* Fix "batik is crashing (libbatik-java)" by patching build.xml to specify
classpaths as appropriate for Debian (Closes: #605063)
* Update Standards-Version from 3.9.8 to 4.0.0 (no change required)
* Update 06_fix_paths_in_policy_files.patch
* Remove bug805469.patch (fixed upstream
http://svn.apache.org/viewvc?view=revision&revision=1687506)
* Update debian/copyright
* Remove unnecessary greater-than versioned dependencies from debian/control
-- Christopher Hoskin <email address hidden> Mon, 04 Sep 2017 06:57:58 +0100
Available diffs
- diff from 1.8-4 to 1.9-1 (3.8 MiB)
batik (1.8-4) unstable; urgency=medium [ Jakub Adam ] * Team upload. * Fix versioned OSGi dependencies. * Fix repeating Breaks: in d/control. [ Mathieu Malaterre ] * Team upload. * Fix squiggle script crashes with a NoClassDefFoundError. Closes: #824113 * Fix FOUserAgent - SVG graphic could not be built. Closes: #805469 * Bump Std-Vers to 3.9.8, no changes needed -- Mathieu Malaterre <email address hidden> Fri, 07 Oct 2016 09:23:44 +0200
Available diffs
batik (1.8-3) unstable; urgency=medium [ Mathieu Malaterre ] * Team upload. * Fix compatibility issue. Closes: 794214 [ Emmanuel Bourg ] * Removed the unused dependency on libavalon-framework-java -- Mathieu Malaterre <email address hidden> Sat, 12 Sep 2015 22:24:50 +0200
Available diffs
| Published in wheezy-release |
batik (1.7+dfsg-3+deb7u1) wheezy-security; urgency=high
* Team upload.
* Add debian/patches/cve_2015_0250.patch to disable external XML entity
resolution (information disclosure). This addresses CVE-2015-0250.
(Closes: #780897)
-- tony mancill <email address hidden> Tue, 24 Mar 2015 05:17:00 +0000
| Deleted in experimental-release (Reason: None provided.) |
batik (1.8-2) experimental; urgency=medium * Team upload. * Fix truncated patch: d/p/06_fix_paths_in_policy_files.patch * Fix broken symlinks (Thanks to Jérôme Robert/debian-java) -- Mathieu Malaterre <email address hidden> Thu, 16 Jul 2015 21:22:08 +0200
| Superseded in experimental-release |
batik (1.8-1) experimental; urgency=medium * Team upload. * New upstream. Closes: #792175 * Refreshed patches, remove one applied upstream. * Prefer File-Excluded: syntax over new-upstream script -- Mathieu Malaterre <email address hidden> Sun, 12 Jul 2015 15:04:43 +0200
batik (1.7+dfsg-5) unstable; urgency=medium
[ tony mancill ]
* Team upload.
* Update homepage URL to https://xmlgraphics.apache.org/batik/ in
debian/control and debian/copyright. (Closes: #771539)
* Add debian/patches/cve_2015_0250.patch to disable external XML entity
resolution (information disclosure). This addresses CVE-2015-0250.
(Closes: #780897)
[ Emmanuel Bourg ]
* Replaced the Build-Id in the manifests with a constant value
to make the build reproducible.
-- tony mancill <email address hidden> Sat, 21 Mar 2015 15:24:17 -0700
batik (1.7+dfsg-4) unstable; urgency=low
* Team upload.
[ Jakub Adam ]
* Add OSGi metadata to JAR manifests.
[ Markus Koschany ]
* debian/rules: Set JAVA_HOME_DIRS to /usr/lib/jvm/default-java,
build-depend on default-jdk and not on openjdk6-jdk |
openjdk-7-jdk anymore. Fixes FTBFS with pbuilder-satisfydepends-classic.
(Closes: #725461)
* Bump Standards-Version to 3.9.4, no changes.
* Bump compat level to 9 and require debhelper >= 9.
* Use canonical VCS-URI.
* Remove Michael Koch from Uploaders. (Closes: #653996)
* libatik-java: Drop all jre/jdk dependencies. Recommend default-jre instead.
* Run wrap-and-sort -sa
* Add DEP-3 header to all patches.
-- Markus Koschany <email address hidden> Mon, 14 Oct 2013 12:49:09 +0200
batik (1.7+dfsg-3) unstable; urgency=low * Team upload. * Fix too strict Java JRE dependency. (Closes: #678612) -- Niels Thykier <email address hidden> Sat, 23 Jun 2012 15:04:32 +0200
| Superseded in sid-release |
batik (1.7+dfsg-2) unstable; urgency=low * Team upload. * Allow OpenJDK-7 as alternative to OpenJDK-6. * Remove old references to sun-java. * Add missing call to mh_clean in the clean rule. * Fix typo in manpage. -- Niels Thykier <email address hidden> Tue, 19 Jun 2012 12:57:28 +0200
batik (1.7+dfsg-1) unstable; urgency=low
* Provide a repackaged tarball stripping all binary jars (closes: #657244)
- updated debian/new-upstream as a consequence
* Disable the installation of batik-js.jar, that wasn't built from sources
(it was a subset of rhino's js.jar)
* Conforms to standards 3.9.3
* Modernize a bit debian/copyright
-- Vincent Fourmond <email address hidden> Mon, 12 Mar 2012 20:53:43 +0100
batik (1.7-8) unstable; urgency=low * Fix FTBS with recent openjdk (closes: #643508) * Bump to newer standards version, no changes required -- Vincent Fourmond <email address hidden> Thu, 29 Sep 2011 21:35:31 +0200
batik (1.7-7) unstable; urgency=low * Re-enable all patches that had mistakenly been disabled by switching to source format 3.0 (quilt) (closes: #604871) * Already conforms to standards 3.9.1 -- Vincent Fourmond <email address hidden> Thu, 25 Nov 2010 16:24:33 +0100
Available diffs
- diff from 1.7-4 to 1.7-7 (1.9 KiB)
batik (1.7-6) unstable; urgency=low
[ Vincent Fourmond ]
* Really fix the dependency on java runtime to only pull headless
runtimes
[ Gabriele Giacone ]
* Added Maven support
* Standards-Version to 3.8.4
* Source format 3.0 (quilt)
-- Gabriele Giacone <email address hidden> Sun, 21 Feb 2010 19:02:10 +0100
batik (1.7-5) unstable; urgency=low
* Dropped the dependency on openjdk-6-jre, in profit for
openjdk-6-jre-headless, so we won't pull the whole Gtk libraries just
for using fop (closes: #551545).
* Already conforms to standards 3.8.3
* Removing Arnaud Vandyck from Uploaders as he did retire. Many thanks
for your work on batik !
-- Vincent Fourmond <email address hidden> Mon, 25 Jan 2010 21:58:59 +0100
batik (1.7-4) unstable; urgency=low
* Porting fixes from Ubuntu (1.7.dfsg-0ubuntu3) by Onkar Shinde
<email address hidden>:
- add xml-apis-ext and js to classpath for debian/wrappers/squiggle
- promote rhino to a Recommends, as squiggle depends on it
- debian/patches/06_fix_paths_in_policy_files.patch to fix the paths
of the security policy files
* This finally makes squiggle work for Debian ! (closes: #499852)
Many thanks again to Onkar...
-- Vincent Fourmond <email address hidden> Mon, 20 Apr 2009 21:22:26 +0200
batik (1.7-2) unstable; urgency=low
* Adding xmlgraphics-commons-1.2 and xml-apis-ext to the jars for
the build + corresponding build-deps
* Added Vcs-* fields
[ Sylvestre Ledru ]
* Build class version 49 (instead of 50)
[ Vincent Fourmond ]
* Minor updates to the debian/copyright file
* It seems time has come for an upload to unstable...
* Adding ${misc:Depends} for potential debhelper-induced dependencies
* Tweaking rasterizer.1 to avoid unbreakable lines
-- Vincent Fourmond <email address hidden> Wed, 18 Feb 2009 22:58:36 +0100
batik (1.6-4) unstable; urgency=low
[ Mark Howard ]
* debian/watch: added.
[ Vincent Fourmond ]
* Created a /usr/lib/java/wrappers.sh for the various programs
provided by libbatik-java, to make them work in more various
environments.
* Manual pages for svgpp, rasterizer, squiggle and ttf2svg
(Closes: #458021)
* rasterizer now launches by default with -scriptSecurityOff so it
works again (Closes: #413103). Added an option to turn security back on.
* Comply with policy 3.7.3
* Changed build-deps to sun-j2sdk1.4, to reflect the current make-jpkg
output.
-- Vincent Fourmond <email address hidden> Thu, 03 Jan 2008 01:20:15 +0100
| 1 → 39 of 39 results | First • Previous • Next • Last |
