Change log for batik package in Debian
1 → 39 of 39 results | First • Previous • Next • Last |
Published in bullseye-release |
batik (1.12-4+deb11u2) bullseye; urgency=medium * Team upload. * Fixing CVE-2022-44729 and CVE-2022-44730 -- Pierre Gruet <email address hidden> Fri, 25 Aug 2023 11:07:07 +0200
Published in bookworm-release |
batik (1.16+dfsg-1+deb12u1) bookworm; urgency=medium * Fixing CVE-2022-44729 and CVE-2022-44730 -- Pierre Gruet <email address hidden> Thu, 24 Aug 2023 21:28:00 +0200
Published in sid-release |
batik (1.17+dfsg-1) unstable; urgency=medium * New upstream version 1.17+dfsg, fixing security issues: - CVE-2022-44729 - CVE-2022-44730 * Refreshing patches * Raising Standards version to 4.6.2 (no change) * Refreshing copyright years * Ignoring maven-javadoc-plugin * Fixing mismatched Lintian overrides -- Pierre Gruet <email address hidden> Thu, 24 Aug 2023 14:59:39 +0200
Available diffs
- diff from 1.16+dfsg-1 to 1.17+dfsg-1 (134.3 KiB)
Superseded in bullseye-release |
batik (1.12-4+deb11u1) bullseye-security; urgency=high * Team upload. * Fix CVE-2022-41704 and CVE-2022-42890: It was discovered that Apache Batik, an SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. -- Markus Koschany <email address hidden> Sat, 29 Oct 2022 16:22:11 +0200
batik (1.16+dfsg-1) unstable; urgency=medium * New upstream version 1.16+dfsg, fixing security issues: - CVE-2022-41704 - CVE-2022-42890 -- Pierre Gruet <email address hidden> Thu, 27 Oct 2022 18:27:37 +0200
Available diffs
- diff from 1.14-2 to 1.16+dfsg-1 (30.4 KiB)
Superseded in sid-release |
batik (1.15+dfsg-1) unstable; urgency=medium * New upstream version, fixing security issues (Closes: #1020589): - CVE-2022-38398 - CVE-2022-38648 - CVE-2022-40146 * Adding a +dfsg suffix when repacking * Updating years in d/copyright * Adding myself as uploader * Re-export upstream signing key without extra signatures. * Set upstream metadata fields: Repository, Repository-Browse, Bug-Database * Adding Lintian overrides for the codeless jars * Adding DEP-3 headers for the patches -- Pierre Gruet <email address hidden> Sun, 25 Sep 2022 16:00:05 +0200
batik (1.14-2) unstable; urgency=medium * Team upload * Adding classpaths and main classes in the manifests of the built jars (Closes: #1013281) * Reworking debian/watch: - Raising its version to 4 - Using secure URI * Raising Standards version to 4.6.1 (no change) * Refreshing d/copyright * Getting rid of unneeded versioned dependencies in d/control [ Andrius Merkys ] * Remove Onkar Shinde from the uploaders list per request. Thanks for your contributions. -- Pierre Gruet <email address hidden> Mon, 18 Jul 2022 23:48:46 +0200
Available diffs
- diff from 1.14-1 to 1.14-2 (3.2 KiB)
batik (1.14-1) unstable; urgency=medium * Team upload. * New upstream version 1.14 (Closes: #1000561) Addresses CVE-2020-11987 (Closes: #984829) * Set Rules-Requires-Root: no in debian/control * Let java7-runtime-headless satisfy Recommends (Closes: #1000405) * Delete patch for CVE-2109-17566; applied upstream * Update poms; add batik-shared-resources; remove batik-test-util * Add build-dep on libmaven-dependency-plugin-java -- tony mancill <email address hidden> Tue, 23 Nov 2021 21:28:11 -0800
Available diffs
- diff from 1.12-4 to 1.14-1 (42.5 KiB)
batik (1.12-4) unstable; urgency=medium * Team upload. * Add manifest for batik-i18n. * Mark in batik-css manifest it requires batik-i18n. -- Sudip Mukherjee <email address hidden> Wed, 23 Sep 2020 11:46:22 +0100
Available diffs
- diff from 1.12-1.1 to 1.12-4 (1.6 KiB)
batik (1.12-3) unstable; urgency=medium * Team upload. * Update version of Require-Bundle in d/manifest. -- Sudip Mukherjee <email address hidden> Sat, 05 Sep 2020 23:45:45 +0100
batik (1.12-2) unstable; urgency=medium * Team upload. * Use debhelper-compat. - Update compat level to 13. * Update version in d/manifest. * Use java helper to generate MANIFEST.MF from d/manifest. - MANIFEST file in generate jars missed Bundle information. * Update Standards-Version to 4.5.0 -- Sudip Mukherjee <email address hidden> Fri, 04 Sep 2020 19:00:07 +0100
Published in buster-release |
batik (1.10-2+deb10u1) buster; urgency=medium * Non-maintainer upload. * CVE-2019-17566: Server-side request forgery via xlink:href attributes. (Closes: #964510) -- Emilio Pozuelo Monfort <email address hidden> Fri, 10 Jul 2020 19:28:13 +0200
Published in stretch-release |
batik (1.8-4+deb9u2) stretch; urgency=medium * Non-maintainer upload. * CVE-2019-17566: Server-side request forgery via xlink:href attributes. (Closes: #964510) -- Emilio Pozuelo Monfort <email address hidden> Fri, 10 Jul 2020 19:30:17 +0200
batik (1.12-1.1) unstable; urgency=medium * Non-maintainer upload. * CVE-2019-17566: Server-side request forgery via xlink:href attributes. -- Emilio Pozuelo Monfort <email address hidden> Fri, 10 Jul 2020 18:23:19 +0200
Available diffs
- diff from 1.12-1 to 1.12-1.1 (1.5 KiB)
batik (1.12-1) unstable; urgency=medium * Team upload. * New upstream 1.12 -- Mathieu Malaterre <email address hidden> Sun, 16 Feb 2020 21:16:51 +0100
Available diffs
- diff from 1.10-2 to 1.12-1 (69.5 KiB)
batik (1.10-2) unstable; urgency=medium * Team upload. * Fixed the build failure with Java 11 (Closes: #913050) * Tightened the version of maven-debian-helper required to build batik (Closes: #902532) * Standards-Version updated to 4.2.1 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg <email address hidden> Thu, 20 Dec 2018 00:28:22 +0100
Available diffs
- diff from 1.10-1 to 1.10-2 (1.1 KiB)
Superseded in stretch-release |
batik (1.8-4+deb9u1) stretch-security; urgency=high * Team upload. * Fix CVE-2017-5662: XXE information disclosure. (Closes: #860566) * Fix CVE-2018-8013: information disclosure when deserializing a subclass of AbstractDocument. (Closes: #899374) -- Markus Koschany <email address hidden> Wed, 30 May 2018 18:59:04 +0200
Published in jessie-release |
batik (1.7+dfsg-5+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2017-5662: XXE information disclosure. (Closes: #860566) * Fix CVE-2018-8013: information disclosure when deserializing a subclass of AbstractDocument. (Closes: #899374) -- Markus Koschany <email address hidden> Wed, 30 May 2018 18:25:57 +0200
batik (1.10-1) unstable; urgency=medium * Team upload. * New upstream version 1.10. - squiggle works as expected again after updating the policy patch. (Closes: #884481) - Fix CVE-2018-8013: information disclosure vulnerability. (Closes: #899374) * Drop 07_optional_rhino_and_jython_dependencies.patch. Applied upstream. * Remove repack scripts and use Files-Excluded mechanism instead. * Update the watch file. Use Files-Excluded. * Ignore jython artifact and add no-Jython-support.patch. Jython as a scripting language for Batik is no longer supported because the dependency complicates transitions. (Closes: #884536) * Ignore batik-test-old module. -- Markus Koschany <email address hidden> Fri, 25 May 2018 13:53:34 +0200
Available diffs
- diff from 1.9-3 to 1.10-1 (314.4 KiB)
batik (1.9-3) unstable; urgency=medium * Team upload. * Made the rhino and jython dependencies optional (Closes: #875322) * Removed the unused dependencies on libbsf-java, libcommons-io-java and libcommons-logging-java * Build with Maven instead of Ant * Build with the DH sequencer instead of CDBS * Standards-Version updated to 4.1.1 * Switch to debhelper level 10 -- Emmanuel Bourg <email address hidden> Mon, 02 Oct 2017 16:55:14 +0200
Available diffs
- diff from 1.9-2 to 1.9-3 (6.7 KiB)
batik (1.9-2) unstable; urgency=medium * Fix "batik-1.9 causes FTBFS for freeplane due to changed artifacts/poms" Upstream poms assume maven build. Ant build bundles contents of batik-i18n.jar and batik-constants.jar into batik-util.jar. Use debian/maven.rules to adjust for this. (Closes: #875322) -- Christopher Hoskin <email address hidden> Wed, 13 Sep 2017 07:57:01 +0100
Available diffs
- diff from 1.9-1 to 1.9-2 (502 bytes)
batik (1.9-1) unstable; urgency=medium * Team upload. * Moved the package to Git * Updated signing keys from https://www.apache.org/dist/xmlgraphics/batik/KEYS * Exclude jar files from documentation-sources * Add repack script to remove non-free ICC profiles * New upstream (1.9) + Fix "CVE-2017-5662: information disclosure vulnerability" Upstream claim BATIK-1139 is fixed in 1.9 (Closes: #860566) * Disable old patches, pending further investigation * Get package building again + maven-artifacts is no longer a target, explicitly add jars to DEB_ANT_BUILD_TARGET + Add debian/debian/libbatik-java.poms, call mh_install to install jars and poms, for closer alignment to other pkg-java packages * Fix spellings in debian/manpages/rasterizer.1 * Remove redundant remove-js.patch * Fix "batik is crashing (libbatik-java)" by patching build.xml to specify classpaths as appropriate for Debian (Closes: #605063) * Update Standards-Version from 3.9.8 to 4.0.0 (no change required) * Update 06_fix_paths_in_policy_files.patch * Remove bug805469.patch (fixed upstream http://svn.apache.org/viewvc?view=revision&revision=1687506) * Update debian/copyright * Remove unnecessary greater-than versioned dependencies from debian/control -- Christopher Hoskin <email address hidden> Mon, 04 Sep 2017 06:57:58 +0100
Available diffs
- diff from 1.8-4 to 1.9-1 (3.8 MiB)
batik (1.8-4) unstable; urgency=medium [ Jakub Adam ] * Team upload. * Fix versioned OSGi dependencies. * Fix repeating Breaks: in d/control. [ Mathieu Malaterre ] * Team upload. * Fix squiggle script crashes with a NoClassDefFoundError. Closes: #824113 * Fix FOUserAgent - SVG graphic could not be built. Closes: #805469 * Bump Std-Vers to 3.9.8, no changes needed -- Mathieu Malaterre <email address hidden> Fri, 07 Oct 2016 09:23:44 +0200
Available diffs
batik (1.8-3) unstable; urgency=medium [ Mathieu Malaterre ] * Team upload. * Fix compatibility issue. Closes: 794214 [ Emmanuel Bourg ] * Removed the unused dependency on libavalon-framework-java -- Mathieu Malaterre <email address hidden> Sat, 12 Sep 2015 22:24:50 +0200
Available diffs
Published in wheezy-release |
batik (1.7+dfsg-3+deb7u1) wheezy-security; urgency=high * Team upload. * Add debian/patches/cve_2015_0250.patch to disable external XML entity resolution (information disclosure). This addresses CVE-2015-0250. (Closes: #780897) -- tony mancill <email address hidden> Tue, 24 Mar 2015 05:17:00 +0000
Deleted in experimental-release (Reason: None provided.) |
batik (1.8-2) experimental; urgency=medium * Team upload. * Fix truncated patch: d/p/06_fix_paths_in_policy_files.patch * Fix broken symlinks (Thanks to Jérôme Robert/debian-java) -- Mathieu Malaterre <email address hidden> Thu, 16 Jul 2015 21:22:08 +0200
Superseded in experimental-release |
batik (1.8-1) experimental; urgency=medium * Team upload. * New upstream. Closes: #792175 * Refreshed patches, remove one applied upstream. * Prefer File-Excluded: syntax over new-upstream script -- Mathieu Malaterre <email address hidden> Sun, 12 Jul 2015 15:04:43 +0200
batik (1.7+dfsg-5) unstable; urgency=medium [ tony mancill ] * Team upload. * Update homepage URL to https://xmlgraphics.apache.org/batik/ in debian/control and debian/copyright. (Closes: #771539) * Add debian/patches/cve_2015_0250.patch to disable external XML entity resolution (information disclosure). This addresses CVE-2015-0250. (Closes: #780897) [ Emmanuel Bourg ] * Replaced the Build-Id in the manifests with a constant value to make the build reproducible. -- tony mancill <email address hidden> Sat, 21 Mar 2015 15:24:17 -0700
batik (1.7+dfsg-4) unstable; urgency=low * Team upload. [ Jakub Adam ] * Add OSGi metadata to JAR manifests. [ Markus Koschany ] * debian/rules: Set JAVA_HOME_DIRS to /usr/lib/jvm/default-java, build-depend on default-jdk and not on openjdk6-jdk | openjdk-7-jdk anymore. Fixes FTBFS with pbuilder-satisfydepends-classic. (Closes: #725461) * Bump Standards-Version to 3.9.4, no changes. * Bump compat level to 9 and require debhelper >= 9. * Use canonical VCS-URI. * Remove Michael Koch from Uploaders. (Closes: #653996) * libatik-java: Drop all jre/jdk dependencies. Recommend default-jre instead. * Run wrap-and-sort -sa * Add DEP-3 header to all patches. -- Markus Koschany <email address hidden> Mon, 14 Oct 2013 12:49:09 +0200
batik (1.7+dfsg-3) unstable; urgency=low * Team upload. * Fix too strict Java JRE dependency. (Closes: #678612) -- Niels Thykier <email address hidden> Sat, 23 Jun 2012 15:04:32 +0200
Superseded in sid-release |
batik (1.7+dfsg-2) unstable; urgency=low * Team upload. * Allow OpenJDK-7 as alternative to OpenJDK-6. * Remove old references to sun-java. * Add missing call to mh_clean in the clean rule. * Fix typo in manpage. -- Niels Thykier <email address hidden> Tue, 19 Jun 2012 12:57:28 +0200
batik (1.7+dfsg-1) unstable; urgency=low * Provide a repackaged tarball stripping all binary jars (closes: #657244) - updated debian/new-upstream as a consequence * Disable the installation of batik-js.jar, that wasn't built from sources (it was a subset of rhino's js.jar) * Conforms to standards 3.9.3 * Modernize a bit debian/copyright -- Vincent Fourmond <email address hidden> Mon, 12 Mar 2012 20:53:43 +0100
batik (1.7-8) unstable; urgency=low * Fix FTBS with recent openjdk (closes: #643508) * Bump to newer standards version, no changes required -- Vincent Fourmond <email address hidden> Thu, 29 Sep 2011 21:35:31 +0200
batik (1.7-7) unstable; urgency=low * Re-enable all patches that had mistakenly been disabled by switching to source format 3.0 (quilt) (closes: #604871) * Already conforms to standards 3.9.1 -- Vincent Fourmond <email address hidden> Thu, 25 Nov 2010 16:24:33 +0100
Available diffs
- diff from 1.7-4 to 1.7-7 (1.9 KiB)
batik (1.7-6) unstable; urgency=low [ Vincent Fourmond ] * Really fix the dependency on java runtime to only pull headless runtimes [ Gabriele Giacone ] * Added Maven support * Standards-Version to 3.8.4 * Source format 3.0 (quilt) -- Gabriele Giacone <email address hidden> Sun, 21 Feb 2010 19:02:10 +0100
batik (1.7-5) unstable; urgency=low * Dropped the dependency on openjdk-6-jre, in profit for openjdk-6-jre-headless, so we won't pull the whole Gtk libraries just for using fop (closes: #551545). * Already conforms to standards 3.8.3 * Removing Arnaud Vandyck from Uploaders as he did retire. Many thanks for your work on batik ! -- Vincent Fourmond <email address hidden> Mon, 25 Jan 2010 21:58:59 +0100
batik (1.7-4) unstable; urgency=low * Porting fixes from Ubuntu (1.7.dfsg-0ubuntu3) by Onkar Shinde <email address hidden>: - add xml-apis-ext and js to classpath for debian/wrappers/squiggle - promote rhino to a Recommends, as squiggle depends on it - debian/patches/06_fix_paths_in_policy_files.patch to fix the paths of the security policy files * This finally makes squiggle work for Debian ! (closes: #499852) Many thanks again to Onkar... -- Vincent Fourmond <email address hidden> Mon, 20 Apr 2009 21:22:26 +0200
batik (1.7-2) unstable; urgency=low * Adding xmlgraphics-commons-1.2 and xml-apis-ext to the jars for the build + corresponding build-deps * Added Vcs-* fields [ Sylvestre Ledru ] * Build class version 49 (instead of 50) [ Vincent Fourmond ] * Minor updates to the debian/copyright file * It seems time has come for an upload to unstable... * Adding ${misc:Depends} for potential debhelper-induced dependencies * Tweaking rasterizer.1 to avoid unbreakable lines -- Vincent Fourmond <email address hidden> Wed, 18 Feb 2009 22:58:36 +0100
batik (1.6-4) unstable; urgency=low [ Mark Howard ] * debian/watch: added. [ Vincent Fourmond ] * Created a /usr/lib/java/wrappers.sh for the various programs provided by libbatik-java, to make them work in more various environments. * Manual pages for svgpp, rasterizer, squiggle and ttf2svg (Closes: #458021) * rasterizer now launches by default with -scriptSecurityOff so it works again (Closes: #413103). Added an option to turn security back on. * Comply with policy 3.7.3 * Changed build-deps to sun-j2sdk1.4, to reflect the current make-jpkg output. -- Vincent Fourmond <email address hidden> Thu, 03 Jan 2008 01:20:15 +0100
1 → 39 of 39 results | First • Previous • Next • Last |